Difference between revisions of "List of updates since Linux kernel 3.13"

From nftables wiki
Jump to navigation Jump to search
(add 4.16 reference)
(add 5.6 reference)
(One intermediate revision by the same user not shown)
Line 1: Line 1:
A listing of the development progress.
A listing of the development progress.


== 3.13 ==
== 5.6 ==
 
* Support for ranges (intervals) in concatenations


* nf_tables merged mainstream.
== 4.16 ==


== 3.14 ==
* flowtable support


* set packet mark support.
== 4.15 ==
* nfqueue support (only for ip and ip6 families).
* rule tracing support.
* IPv6 and inet reject support.


== 3.15 ==
* Fetch single elements of a set (i.e, nft get element)


* Comments per rule support.
== 4.10 ==
* IPv4 reject support.


== 3.16 ==
* notrack support


* connlabel support.
== 4.3 ==


== 3.17 ==
* Enhancements for the limit expression, support for ratelimit bytes/time unit.
* Dup expression (equivalent to the ''TEE'' target in iptables) for IPv4 and IPv6.
* VLAN header matching support when NIC support offloads.


* log and nflog support for ip, ip6, arp and bridge families.
== 4.2 ==


== 3.18 ==
* New 'netdev' family for filtering from ingress.
* Context to x_tables extensions to know if they run from nft_compat.


* masquerading support.
== 4.1 ==
* meta cpu, devgroup matching.
* reject bridge support.
* destroy table and its content, ie. ''nft flush ruleset''.


== 3.19 ==
Major updates in the generic set infrastructure:


* redirect support.
* Concatenations.
* Timeout per set elements.
* Comments per set elements.
* Dynamic set instantiation.


== 4.0 ==
== 4.0 ==
Line 40: Line 41:
* Mostly fixes.
* Mostly fixes.


== 4.1 ==
== 3.19 ==
 
* redirect support.


Major updates in the generic set infrastructure:
== 3.18 ==


* Concatenations.
* masquerading support.
* Timeout per set elements.
* meta cpu, devgroup matching.
* Comments per set elements.
* reject bridge support.
* Dynamic set instantiation.
* destroy table and its content, ie. ''nft flush ruleset''.


== 4.2 ==
== 3.17 ==


* New 'netdev' family for filtering from ingress.
* log and nflog support for ip, ip6, arp and bridge families.
* Context to x_tables extensions to know if they run from nft_compat.


== 4.3 ==
== 3.16 ==


* Enhancements for the limit expression, support for ratelimit bytes/time unit.
* connlabel support.
* Dup expression (equivalent to the ''TEE'' target in iptables) for IPv4 and IPv6.
* VLAN header matching support when NIC support offloads.


== 4.10 ==
== 3.15 ==


* notrack support
* Comments per rule support.
* IPv4 reject support.


== 4.15 ==
== 3.14 ==


* Fetch single elements of a set (i.e, nft get element)
* set packet mark support.
* nfqueue support (only for ip and ip6 families).
* rule tracing support.
* IPv6 and inet reject support.


== 4.16 ==
== 3.13 ==


* flowtable support
* nf_tables merged mainstream.

Revision as of 10:06, 3 September 2020

A listing of the development progress.

5.6

  • Support for ranges (intervals) in concatenations

4.16

  • flowtable support

4.15

  • Fetch single elements of a set (i.e, nft get element)

4.10

  • notrack support

4.3

  • Enhancements for the limit expression, support for ratelimit bytes/time unit.
  • Dup expression (equivalent to the TEE target in iptables) for IPv4 and IPv6.
  • VLAN header matching support when NIC support offloads.

4.2

  • New 'netdev' family for filtering from ingress.
  • Context to x_tables extensions to know if they run from nft_compat.

4.1

Major updates in the generic set infrastructure:

  • Concatenations.
  • Timeout per set elements.
  • Comments per set elements.
  • Dynamic set instantiation.

4.0

  • Mostly fixes.

3.19

  • redirect support.

3.18

  • masquerading support.
  • meta cpu, devgroup matching.
  • reject bridge support.
  • destroy table and its content, ie. nft flush ruleset.

3.17

  • log and nflog support for ip, ip6, arp and bridge families.

3.16

  • connlabel support.

3.15

  • Comments per rule support.
  • IPv4 reject support.

3.14

  • set packet mark support.
  • nfqueue support (only for ip and ip6 families).
  • rule tracing support.
  • IPv6 and inet reject support.

3.13

  • nf_tables merged mainstream.