similar to: [Bug 1222] New: nft list ruleset – infinite memory use

https://bugzilla.netfilter.org/show_bug.cgi?id=1406 Bug ID: 1406 Summary: nft dies with an assertion of consumed > 0 Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1195 Bug ID: 1195 Summary: 'list ruleset' of 'nft -f' outputs garbage while 'nft list ruleset' seems to work. Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement

https://bugzilla.netfilter.org/show_bug.cgi?id=1118 Bug ID: 1118 Summary: nft: nft -f and nft list ruleset use different sets of service -> port mappings Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1349 Bug ID: 1349 Summary: "nft list ruleset" shows rules twice Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: minor Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1450 Bug ID: 1450 Summary: Using certain simple set combinations with TCP flags causes error in mergesort.c from nft list ruleset Product: nftables Version: unspecified Hardware: arm OS: Ubuntu Status: NEW Severity: normal

https://bugzilla.netfilter.org/show_bug.cgi?id=1706 Bug ID: 1706 Summary: Nft is slow when loading ruleset with lots of add element calls of different interval maps Product: nftables Version: 1.0.x Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority:

https://bugzilla.netfilter.org/show_bug.cgi?id=1424 Bug ID: 1424 Summary: v0.9.0: segfault when using nft -f <file> and issuing "ruleset flush" twice Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: normal

https://bugzilla.netfilter.org/show_bug.cgi?id=1130 Bug ID: 1130 Summary: Better handling DNS names in nft ruleset Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1463 Bug ID: 1463 Summary: nft --json table list ruleset crashes Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=935 Summary: Frag: problem with frag-off Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft AssignedTo: pablo at netfilter.org ReportedBy: anarey at

https://bugzilla.netfilter.org/show_bug.cgi?id=936 Summary: frag: "more-fragments" and "reserved" are not identified by nftables Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component:

https://bugzilla.netfilter.org/show_bug.cgi?id=1330 Bug ID: 1330 Summary: Parse error for importing set with netmask Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1429 Bug ID: 1429 Summary: Empty file in source directory - 'netlink_delinearize.' Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: nft

Hi! The Netfilter project proudly presents: nftables 0.5 This release contains bug fixes and new features contained up to the 4.2 kernel release. New features ============ * Concatenations: You can combine two or more selectors to build a tuple, then use it to look up for a matching in sets, eg. % nft add rule ip filter input ip saddr . tcp dport { \ 1.1.1.1 . 22 , \

Hello all, As I have promised I am sending my QoS rules. This now works fine with u32 classifier (and parent 1:0 that I could not understand why it did not worked well before). Att, Nataniel Klug ------------------------ #!/bin/sh #------ # Script de QoS Cyber Nett #------ # Nataniel Klug # suporte@cnett.com.br #------ TC="/sbin/tc" IPT="/usr/local/sbin/iptables"

Hello list, I installed a box recently and updated it to 8.3-PRERELEASE on 2012/04/11 I'm experiencing this extremely weird behavior where PF refuses to load standard and const table definitions from the main ruleset. - persist tables load just fine - normal and const tables inside anchors load just fine Does anyone else have the same problem ? I'll try to update the kernel again,

http://bugzilla.netfilter.org/show_bug.cgi?id=580 Summary: iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P1

https://bugzilla.netfilter.org/show_bug.cgi?id=580 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |netfilter at linuxace.com Resolution|

https://bugzilla.netfilter.org/show_bug.cgi?id=580 Jan Engelhardt <jengelh at medozas.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX | --- Comment #4 from Jan Engelhardt <jengelh at

https://bugzilla.netfilter.org/show_bug.cgi?id=580 --- Comment #5 from Phil Oester <netfilter at linuxace.com> 2013-06-24 20:07:02 CEST --- Unclear how you can say with certainty that this is impossible, but let's ignore that point for the moment. Is there some reason that iptables-save should do the sorting for userspace scripts? Another alternative would be to always load the