similar to: [Bug 1471] New: consider quick accept verdict and delayed drop policy

https://bugzilla.netfilter.org/show_bug.cgi?id=1305 Bug ID: 1305 Summary: Rules in second chain same hook ignored if first chain has policy drop Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1736 Bug ID: 1736 Summary: nftables - dynamic update for verdict map from the packet path Product: nftables Version: 1.0.x Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1455 Bug ID: 1455 Summary: Queue verdict cannot be used in vmap Product: nftables Version: unspecified Hardware: arm OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1261 Bug ID: 1261 Summary: nft trace crash with msg "BUG: invalid verdict value 2" Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1474 Bug ID: 1474 Summary: [sets] improve context checks (against already primed sets) Product: nftables Version: unspecified Hardware: arm OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1469 Bug ID: 1469 Summary: Bison reported unused tokens in `nft` Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1465 Bug ID: 1465 Summary: [vmap] ct state concatenation not working Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: minor Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1758 Bug ID: 1758 Summary: Design flaw in chain traversal Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: major Priority: P5 Component: kernel Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1467 Bug ID: 1467 Summary: [sets] support adaptive (escalating) rule(s) Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org

Hi! The Netfilter project proudly presents: nftables 0.4 This release contains a lot of bug fixes and new features contained up to the recent 3.18 kernel release (and some features coming up in the yet unreleased 3.19-rc). New features ============ * Add support for global ruleset operations (available since 3.18). Get rid of all tables, chains, and rules in one go: # nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1673 Bug ID: 1673 Summary: bug egress hook virtio interface with VLAN Product: nftables Version: 1.0.x Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: kernel Assignee: pablo at netfilter.org

The netfilter project presents: nftables 0.2 This release contains a rather large number of bug fixes, syntax cleanups, new features, support for all new features contained in the recent 3.14 kernel release as well as *drumroll* documentation. Syntax changes ============== * More consistency in data type names Data type names are used in set declarations. All address related types now

Hi! The Netfilter project proudly presents: nftables 0.5 This release contains bug fixes and new features contained up to the 4.2 kernel release. New features ============ * Concatenations: You can combine two or more selectors to build a tuple, then use it to look up for a matching in sets, eg. % nft add rule ip filter input ip saddr . tcp dport { \ 1.1.1.1 . 22 , \

Hi! The Netfilter project proudly presents: nftables 0.8.1 This release contains mostly incremental fixes and documentation updates, such as fixing up ./configure --with-mini-gmp for embedded setups that don't have libgmp. Deprecated syntax ================= This release deprecates the "flow table" syntax in favor of "meter" to address Netfilter's bugzilla

https://bugzilla.netfilter.org/show_bug.cgi?id=1356 Bug ID: 1356 Summary: adding element to map inverts byte order Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1117 Bug ID: 1117 Summary: Table ipv4-nat prerouting dnat doesn't accept dest IP:PORT Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1171 Bug ID: 1171 Summary: define statement does not accept negative numbers Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1672 Bug ID: 1672 Summary: bug egress hook virtio interface with VLAN Product: nftables Version: 1.0.x Hardware: All OS: other Status: NEW Severity: normal Priority: P5 Component: kernel Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=908 Summary: "not" keyword not implemented in nft Product: nftables Version: unspecified Platform: x86_64 OS/Version: Gentoo Status: NEW Severity: enhancement Priority: P5 Component: nft AssignedTo: pablo at netfilter.org ReportedBy:

Hi! The Netfilter project proudly presents: nftables 0.6 This release contains many accumulated bug fixes and new features availale up to the Linux 4.7-rc1 kernel release. New features ============ * Rule replacement: You can replace any rule from the unique 64-bits handle. You have to retrieve the handle from the ruleset listing. # nft list ruleset -a table ip filter { chain