similar to: [Bug 1455] New: Queue verdict cannot be used in vmap

https://bugzilla.netfilter.org/show_bug.cgi?id=1736 Bug ID: 1736 Summary: nftables - dynamic update for verdict map from the packet path Product: nftables Version: 1.0.x Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft

Hi! The Netfilter project proudly presents: nftables 0.4 This release contains a lot of bug fixes and new features contained up to the recent 3.18 kernel release (and some features coming up in the yet unreleased 3.19-rc). New features ============ * Add support for global ruleset operations (available since 3.18). Get rid of all tables, chains, and rules in one go: # nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1096 Bug ID: 1096 Summary: Kernel oops when inserting an element into a map Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: critical Priority: P5 Component: kernel Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1450 Bug ID: 1450 Summary: Using certain simple set combinations with TCP flags causes error in mergesort.c from nft list ruleset Product: nftables Version: unspecified Hardware: arm OS: Ubuntu Status: NEW Severity: normal

https://bugzilla.netfilter.org/show_bug.cgi?id=1261 Bug ID: 1261 Summary: nft trace crash with msg "BUG: invalid verdict value 2" Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: nft

Hi! The Netfilter project proudly presents: nftables 0.6 This release contains many accumulated bug fixes and new features availale up to the Linux 4.7-rc1 kernel release. New features ============ * Rule replacement: You can replace any rule from the unique 64-bits handle. You have to retrieve the handle from the ruleset listing. # nft list ruleset -a table ip filter { chain

https://bugzilla.netfilter.org/show_bug.cgi?id=1764 Bug ID: 1764 Summary: mapping IPv4 interval to IPv4 interval works for anonymous maps, but not for named maps Product: nftables Version: git (please specify your HEAD) Hardware: x86_64 OS: All Status: NEW Severity: enhancement

Hi! The Netfilter project proudly presents: nftables 0.5 This release contains bug fixes and new features contained up to the 4.2 kernel release. New features ============ * Concatenations: You can combine two or more selectors to build a tuple, then use it to look up for a matching in sets, eg. % nft add rule ip filter input ip saddr . tcp dport { \ 1.1.1.1 . 22 , \

Hi! The Netfilter project proudly presents: nftables 0.7 This release contains many accumulated bug fixes and new features available up to the (upcoming) Linux 4.10-rc1 kernel release. * Facilitate migration from iptables to nftables: At compilation time, you have to pass this option. # ./configure --with-xtables And libxtables needs to be installed in your system. This allows

https://bugzilla.netfilter.org/show_bug.cgi?id=1132 Bug ID: 1132 Summary: Maps and Dictionaries need catch-all ('default:' 'else') case for when no entry matches. Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement

https://bugzilla.netfilter.org/show_bug.cgi?id=1413 Bug ID: 1413 Summary: Inconsistent EBUSY errors when adding a duplicate element to a map Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5

Hi! The Netfilter project proudly presents: nftables 0.9.4 This release contains fixes and new features available up to the Linux kernel 5.6 release. * Support for ranges in concatenations (requires Linux kernel >= 5.6), e.g. table ip foo { set whitelist { type ipv4_addr . ipv4_addr . inet_service flags interval

https://bugzilla.netfilter.org/show_bug.cgi?id=1471 Bug ID: 1471 Summary: consider quick accept verdict and delayed drop policy Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1396 Bug ID: 1396 Summary: When rule with 3 concat elements are added, nft list shows only 2 Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1395 Bug ID: 1395 Summary: Add element fails with Error: Could not process rule: Invalid argument Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1179 Bug ID: 1179 Summary: vmap and sets cause "BUG: invalid range expression type set" Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1120 Bug ID: 1120 Summary: nf_tables_check_loops error on adding element to vmap Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: trivial Priority: P5 Component: kernel Assignee: pablo at

Hi! The Netfilter project proudly presents: nftables 0.8.1 This release contains mostly incremental fixes and documentation updates, such as fixing up ./configure --with-mini-gmp for embedded setups that don't have libgmp. Deprecated syntax ================= This release deprecates the "flow table" syntax in favor of "meter" to address Netfilter's bugzilla

Hi! The Netfilter project proudly presents: nftables 1.1.0 ... after a release cycles of 8 months. This release contains mostly fixes, listed in no particular order: - Restore compatibility set element dump with <= 0.9.8 add element t s { 23 counter packets 10 bytes 20 timeout 10s } add element t s { 42 timeout 10s counter packets 10 bytes 20 } - Disallow ifname less than

https://bugzilla.netfilter.org/show_bug.cgi?id=1144 Bug ID: 1144 Summary: set add always returns false or otherwise ends evaluation Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: kernel