similar to: [Bug 1255] New: nftables SNAT is not working

https://bugzilla.netfilter.org/show_bug.cgi?id=1358 Bug ID: 1358 Summary: Error when atomically replacing rules with symbolic variables Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: blocker Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1371 Bug ID: 1371 Summary: Concatenations Literal sets Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

https://bugzilla.netfilter.org/show_bug.cgi?id=1254 Bug ID: 1254 Summary: nft commandline tool can't parse negative priority values. Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1368 Bug ID: 1368 Summary: The "meta's" Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org

Hi list, I'm studying nftables. I'm using CentOS 8.1 (Gnome) and I disabled firewalld. I noticed that a default policy is created with tables and chains probably for firewalld. So I created a .nft script where I stored my rules with a flush for previous ruleset, then saved on /etc/sysconfig/nftables.conf and the enabled nftables service. Running the script with nft -f script.nft all

Despite that the migration of our applications comes with a significant workload. It seems that also every aspect of common services had changed with EL8. In EL8 firewalld uses nftables as backend. I wonder why iptables does not list any rules while also configured to use nftables as backend. # iptables -V iptables v1.8.2 (nf_tables) # firewall-cmd --list-all |egrep -o '22|ssh' ssh

https://bugzilla.netfilter.org/show_bug.cgi?id=1051 Bug ID: 1051 Summary: nftables DNAT not working Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: critical Priority: P5 Component: kernel Assignee: pablo at netfilter.org

Once upon a time, Jonathan Billings <billings at negate.org> said: > 'iptables' and 'nftables' are competing technologies. In CentOS 8, > firewalld's backend was switched from iptables to nftables. So it > would be expected that the iptables command wouldn't have any rules > defined, it isn't being used by firewalld. That is partially incorrect.

I had the same problem. If you are not using virtual machines then # systemctl disable libvirtd works and is easily reversible. Alan On 18/04/2020 23:03, Alessandro Baggi wrote: > Il 17/04/20 11:01, Alessandro Baggi ha scritto: >> Hi list, >> >> I'm studying nftables. I'm using CentOS 8.1 (Gnome) and I disabled >> firewalld. I noticed that a default

https://bugzilla.netfilter.org/show_bug.cgi?id=1290 Bug ID: 1290 Summary: ptables: nftables layer breaks ipsec/policy keyword Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: iptables over nftable

https://bugzilla.netfilter.org/show_bug.cgi?id=1397 Bug ID: 1397 Summary: What am I doing wrong!? Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

https://bugzilla.netfilter.org/show_bug.cgi?id=1382 Bug ID: 1382 Summary: nftables.py cmd leaking memory when ruleset contain mapping ip length to range with high limit 65535 Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: major

https://bugzilla.netfilter.org/show_bug.cgi?id=1206 Bug ID: 1206 Summary: segfault when snat map rule has been added Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1370 Bug ID: 1370 Summary: iptables-restore-translate Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

https://bugzilla.netfilter.org/show_bug.cgi?id=1735 Bug ID: 1735 Summary: Adding nftables interval sets progressively gets slower and makes the nft CLI less responsive with each added set Product: nftables Version: 1.0.x Hardware: All OS: All Status: NEW Severity:

https://bugzilla.netfilter.org/show_bug.cgi?id=1210 Bug ID: 1210 Summary: nftables gets confused by user namespaces when meta skuid is used Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1135 Bug ID: 1135 Summary: When used as a script interpreter, nft fails if extra arguments are passed Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1216 Bug ID: 1216 Summary: Error messaging for "interval overlaps with previous one" misidentifies location Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: major Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1425 Bug ID: 1425 Summary: th not accepted in snat with multiple ip protocols Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1439 Bug ID: 1439 Summary: Atomically updating/reloading a large set with nft -f is excessively slow Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5