similar to: [Bug 1758] New: Design flaw in chain traversal

https://bugzilla.netfilter.org/show_bug.cgi?id=1360 Bug ID: 1360 Summary: BUG: invalid expression type concat on invalid input "iifname . oifname p . q" Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal

https://bugzilla.netfilter.org/show_bug.cgi?id=1195 Bug ID: 1195 Summary: 'list ruleset' of 'nft -f' outputs garbage while 'nft list ruleset' seems to work. Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement

https://bugzilla.netfilter.org/show_bug.cgi?id=1413 Bug ID: 1413 Summary: Inconsistent EBUSY errors when adding a duplicate element to a map Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1358 Bug ID: 1358 Summary: Error when atomically replacing rules with symbolic variables Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: blocker Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1302 Bug ID: 1302 Summary: iptables v1.8.0 (nf_tables) has a problem inverting in-interface and maybe out Product: iptables Version: CVS (please indicate timestamp) Hardware: x86_64 OS: All Status: NEW Severity: major Priority:

https://bugzilla.netfilter.org/show_bug.cgi?id=1355 Bug ID: 1355 Summary: Error parsing JSON config via a pipe to subprocess's stdin Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1402 Bug ID: 1402 Summary: Race errors with nft Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1187 Bug ID: 1187 Summary: SIGABRT: "BUG: unknown expression type prefix" Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: minor Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1166 Bug ID: 1166 Summary: negated rule and rule with mistyped interface name looks identical in non-verbose iptables output Product: iptables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement

https://bugzilla.netfilter.org/show_bug.cgi?id=1671 Bug ID: 1671 Summary: Implicit chains and nesting result in parser_bison.y aborting Product: nftables Version: 0.9.x Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1406 Bug ID: 1406 Summary: nft dies with an assertion of consumed > 0 Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

The netfilter project presents: nftables 0.2 This release contains a rather large number of bug fixes, syntax cleanups, new features, support for all new features contained in the recent 3.14 kernel release as well as *drumroll* documentation. Syntax changes ============== * More consistency in data type names Data type names are used in set declarations. All address related types now

Hi! The Netfilter project proudly presents: nftables 0.6 This release contains many accumulated bug fixes and new features availale up to the Linux 4.7-rc1 kernel release. New features ============ * Rule replacement: You can replace any rule from the unique 64-bits handle. You have to retrieve the handle from the ruleset listing. # nft list ruleset -a table ip filter { chain

https://bugzilla.netfilter.org/show_bug.cgi?id=1201 Bug ID: 1201 Summary: Some filters randomly do not work since version 0.8 Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at

Hi! The Netfilter project proudly presents: nftables 1.1.0 ... after a release cycles of 8 months. This release contains mostly fixes, listed in no particular order: - Restore compatibility set element dump with <= 0.9.8 add element t s { 23 counter packets 10 bytes 20 timeout 10s } add element t s { 42 timeout 10s counter packets 10 bytes 20 } - Disallow ifname less than

Hi Patrick, thanks for the pointers. I tried today, and while it was easy to start my first container, I am not really happy with LXD, exactly for the reason St?phane gives in https://stgraber.org/2016/03/11/lxd-2-0-introduction-to-lxd-112/ "How does LXD relate to Docker/Rkt?"... what I really like about docker and docker-compose is, that it encourages to separate code from data and

https://bugzilla.netfilter.org/show_bug.cgi?id=1418 Bug ID: 1418 Summary: segfaults when running nft --file foo.nft --echo Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=872 Summary: extra symbols in console output Product: nftables Version: unspecified Platform: x86_64 OS/Version: All Status: NEW Severity: normal Priority: P5 Component: nft AssignedTo: pablo at netfilter.org ReportedBy: loki at lokis-chaos.de

Hello Patrick, >On 7/3/19 8:21 AM, Sven Schwedas via samba wrote: >> Though I'm not sure if docker is the right tool for the job; samba as a >> fat daemon running a bazillion subprocesses orchestrated by a >> persistent database that's very sensitive to instances leaving and >> joining the domain seems the antithesis to docker's philosophy. >>

https://bugzilla.netfilter.org/show_bug.cgi?id=1253 Bug ID: 1253 Summary: interface wildcard in variables causes Error: Byteorder mismatch: expected big endian, got host endian Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: