similar to: [Bug 1422] New: iptables-nft fails to check / delete rules in raw table

https://bugzilla.netfilter.org/show_bug.cgi?id=1410 Bug ID: 1410 Summary: STATELESS, rules with notrack into a map Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1213 Bug ID: 1213 Summary: Nft stateless NAT (NOTRACK) Product: nftables Version: unspecified Hardware: All OS: Ubuntu Status: NEW Severity: critical Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

https://bugzilla.netfilter.org/show_bug.cgi?id=1310 Bug ID: 1310 Summary: syntax issue with tproxy Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1057 Bug ID: 1057 Summary: Allow for multiple protocols to be specified in a rule Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1463 Bug ID: 1463 Summary: nft --json table list ruleset crashes Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1397 Bug ID: 1397 Summary: What am I doing wrong!? Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

https://bugzilla.netfilter.org/show_bug.cgi?id=1396 Bug ID: 1396 Summary: When rule with 3 concat elements are added, nft list shows only 2 Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1065 Bug ID: 1065 Summary: NOTRACK is not supported in nft Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1434 Bug ID: 1434 Summary: Usability improvements, enabling creation of complex firewalls Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft

I was working on a haproxy transparent proxy setup that we had working on Centos 7 (iptables), but running into issues getting tproxy working with NFTables on Centos 8. >From https://www.kernel.org/doc/Documentation/networking/tproxy.txt, It should be a matter of: # nft add table filter # nft add chain filter divert "{ type filter hook prerouting priority -150; }" # nft add rule

https://bugzilla.netfilter.org/show_bug.cgi?id=1051 Bug ID: 1051 Summary: nftables DNAT not working Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: critical Priority: P5 Component: kernel Assignee: pablo at netfilter.org

On 10/15/19 9:16 PM, Nathan Coulson wrote: > On 2019-10-15 12:12 p.m., Nathan Coulson wrote: >> I was working on a haproxy transparent proxy setup that we had working >> on Centos 7 (iptables), but running into issues getting tproxy working >> with NFTables on Centos 8. >> >> From https://www.kernel.org/doc/Documentation/networking/tproxy.txt, >> >> It

https://bugzilla.netfilter.org/show_bug.cgi?id=1179 Bug ID: 1179 Summary: vmap and sets cause "BUG: invalid range expression type set" Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1371 Bug ID: 1371 Summary: Concatenations Literal sets Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

https://bugzilla.netfilter.org/show_bug.cgi?id=1073 Bug ID: 1073 Summary: inet-service vs icmp conflict Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

https://bugzilla.netfilter.org/show_bug.cgi?id=1269 Bug ID: 1269 Summary: using the internal lookup table vs. the local system's /etc/services (or so) generally prevents nft from working Product: nftables Version: unspecified Hardware: All OS: Gentoo Status: NEW

https://bugzilla.netfilter.org/show_bug.cgi?id=1130 Bug ID: 1130 Summary: Better handling DNS names in nft ruleset Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1414 Bug ID: 1414 Summary: Using ip6 daddr in nat input chain is rejected with an incorrect error Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component:

https://bugzilla.netfilter.org/show_bug.cgi?id=1368 Bug ID: 1368 Summary: The "meta's" Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1402 Bug ID: 1402 Summary: Race errors with nft Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org