User contributions for Fmyhr

15 February 2021

• 13:1613:16, 15 February 2021 diff hist +46‎ m Configuring chains ‎ →‎Base chain priority: improved description of NF_IP_PRI_CONNTRACK_HELPER
• 13:0913:09, 15 February 2021 diff hist +90‎ Configuring chains ‎ →‎Base chain priority: Added hook for NF_IP_PRI_CONNTRACK, link to conntrack refs
• 13:0013:00, 15 February 2021 diff hist +274‎ Configuring chains ‎ →‎Base chain priority: Added NF_IP_PRI_CONNTRACK_CONFIRM
• 12:1412:14, 15 February 2021 diff hist +32‎ m Setting packet connection tracking metainformation ‎ link Connection Tracking System; grammar
• 01:2801:28, 15 February 2021 diff hist +29‎ m Matching connection tracking stateful metainformation ‎ link Connection Tracking System
• 01:2501:25, 15 February 2021 diff hist +1,263‎ N Connection Tracking System ‎ Brief summary of using nftables and conntrack together, and short list of conntrack refs.

14 February 2021

• 23:5823:58, 14 February 2021 diff hist +798‎ Matching packet headers ‎ →‎Matching ICMP traffic: Added icmp code matching
• 23:4123:41, 14 February 2021 diff hist +972‎ Matching packet headers ‎ →‎Matching ICMP traffic: Use nft describe to list available nft type keywords

13 February 2021

• 19:2019:20, 13 February 2021 diff hist +172‎ Configuring chains ‎ →‎Adding non-base chains: Add note about using vmaps to construct efficient branched rulesets
• 19:1219:12, 13 February 2021 diff hist +100‎ Configuring chains ‎ →‎Adding non-base chains: Clarify non-base chain, compare with iptables user chain
• 18:5818:58, 13 February 2021 diff hist +173‎ Configuring chains ‎ Rewrite intro section
• 17:4617:46, 13 February 2021 diff hist +3‎ m Atomic rule replacement ‎ →‎Atomic Rule Replacement: rule-set -> ruleset current
• 17:4117:41, 13 February 2021 diff hist −41‎ Simple rule management ‎ →‎Replacing rules: clarity, touched up nft list ruleset comparison
• 17:2117:21, 13 February 2021 diff hist −21‎ Configuring tables ‎ →‎Deleting tables: clarity
• 17:0317:03, 13 February 2021 diff hist +129‎ Configuring chains ‎ →‎Base chain priority: Noted ability to specify integral offset of priority keywords
• 15:2115:21, 13 February 2021 diff hist −59‎ Configuring chains ‎ →‎Flushing chain: clarity
• 15:1815:18, 13 February 2021 diff hist −21‎ m Configuring chains ‎ →‎Deleting chains: grammar
• 15:1415:14, 13 February 2021 diff hist +235‎ Configuring chains ‎ →‎Adding non-base chains: Expanded a bit on using trees of chains; added goto action.
• 15:0315:03, 13 February 2021 diff hist −23‎ Configuring chains ‎ →‎Base chain hooks: Clarity
• 14:5014:50, 13 February 2021 diff hist +6‎ m Configuring chains ‎ →‎Base chain types: Grammar, clarity
• 14:4314:43, 13 February 2021 diff hist −22‎ m Configuring chains ‎ →‎Adding base chains: Grammar
• 14:3214:32, 13 February 2021 diff hist +158‎ m Configuring chains ‎ →‎Base chain priority: Added link to Pablo's connection tracking paper.
• 14:1714:17, 13 February 2021 diff hist +42‎ Configuring chains ‎ →‎Base chain priority: Added hook locations for defrag, a few others (some still missing).
• 13:5213:52, 13 February 2021 diff hist +2,752‎ Configuring chains ‎ →‎Base chain priority: Moved base chain priorities to table, emphasized that relative numerical order within a hook is what matters.

12 February 2021

• 13:4013:40, 12 February 2021 diff hist −3‎ What is nftables? ‎ clarify that xtables is legacy; some minor grammar changes
• 13:3313:33, 12 February 2021 diff hist +1‎ m Legacy xtables tools ‎ →‎In Linux distributions: grammar current
• 12:5612:56, 12 February 2021 diff hist +62‎ Moving from ipset to nftables ‎ dictionaries -> verdict maps
• 12:5312:53, 12 February 2021 diff hist +32‎ Moving from iptables to nftables ‎ dictionaries -> verdict maps current
• 12:5212:52, 12 February 2021 diff hist +28‎ Sets ‎ dictionaries -> verdict maps
• 12:5012:50, 12 February 2021 diff hist +28‎ Intervals ‎ dictionaries -> verdict maps
• 12:4912:49, 12 February 2021 diff hist +23‎ Main differences with iptables ‎ another dictionary -> vmap
• 12:4712:47, 12 February 2021 diff hist +28‎ Main differences with iptables ‎ dictionaries -> verdict maps
• 12:4512:45, 12 February 2021 diff hist +23‎ Main Page ‎ →‎Advanced data structures for performance packet classification: dictionaries -> verdict maps
• 12:4312:43, 12 February 2021 diff hist −6‎ Portal:DeveloperDocs/nftables internals ‎ →‎expressions: dictionary -> vmap
• 12:4212:42, 12 February 2021 diff hist −3‎ Setting packet connection tracking metainformation ‎ →‎helpers: dictionary -> map
• 12:3712:37, 12 February 2021 diff hist −55‎ Concatenations ‎ dictionary -> verdict map
• 12:0812:08, 12 February 2021 diff hist +38‎ m Verdict Maps (vmaps) ‎ →‎Valid vmap Verdicts: Link nft man page current
• 12:0612:06, 12 February 2021 diff hist +306‎ Verdict Maps (vmaps) ‎ Added section to clarify that each vmap element must map to a simple verdict statement.
• 11:5711:57, 12 February 2021 diff hist −157‎ Verdict Maps (vmaps) ‎ Changed refs dictionary -> vmap (while still noting synonym). Renamed sections anonymous & named vmaps. Modified nft describe example to correspond to immediately preceding example.
• 11:2211:22, 12 February 2021 diff hist +34‎ N Dictionaries ‎ Fmyhr moved page Dictionaries to Verdict Maps (vmaps): clarity / preventing confusion: nft man page refers to these exclusively as vmaps; verdict statements are only valid action current
• 11:2211:22, 12 February 2021 diff hist 0‎ m Verdict Maps (vmaps) ‎ Fmyhr moved page Dictionaries to Verdict Maps (vmaps): clarity / preventing confusion: nft man page refers to these exclusively as vmaps; verdict statements are only valid action
• 00:3200:32, 12 February 2021 diff hist +311‎ Netfilter hooks ‎ Added reminder that nftables does not predefine any base chains.
• 00:1900:19, 12 February 2021 diff hist +22‎ m Configuring chains ‎ →‎Base chain hooks: link Netfilter hooks page

11 February 2021

• 01:3401:34, 11 February 2021 diff hist −376‎ Netfilter hooks ‎ Tightened up description of network flow diagram, added some comments about using ingress hook.

10 February 2021

• 21:4821:48, 10 February 2021 diff hist +201‎ Data types ‎ →‎Data types used in Netfilter: Added note about endianness.
• 21:2521:25, 10 February 2021 diff hist +984‎ Data types ‎ Added section on nft describe.

7 February 2021

• 19:2119:21, 7 February 2021 diff hist −47‎ Matching packet metainformation ‎ →‎Matching by time: specify data types more precisely
• 19:1419:14, 7 February 2021 diff hist −290‎ Matching packet metainformation ‎ Combined mark & routing sections
• 19:0919:09, 7 February 2021 diff hist 0‎ m Matching packet metainformation ‎ →‎Matching by interface: Fix types of iifkind, oifkind
• 18:5618:56, 7 February 2021 diff hist +277‎ Matching packet metainformation ‎ →‎Matching by time: Add details of specifying time values, from man page.