Difference between revisions of "List of updates since Linux kernel 3.13"

From nftables wiki
Jump to: navigation, search
(Created page with "A listing of the development progress. == 3.13 == * nf_tables merged mainstream. == 3.14 == * set packet mark support. * nfqueue support (only for ip and ip6 families). *...")
 
(add 4.10 with notrack support)
Line 59: Line 59:
 
* Dup expression (equivalent to the ''TEE'' target in iptables) for IPv4 and IPv6.
 
* Dup expression (equivalent to the ''TEE'' target in iptables) for IPv4 and IPv6.
 
* VLAN header matching support when NIC support offloads.
 
* VLAN header matching support when NIC support offloads.
 +
 +
== 4.10 ==
 +
 +
* notrack support

Revision as of 15:22, 23 December 2016

A listing of the development progress.

3.13

  • nf_tables merged mainstream.

3.14

  • set packet mark support.
  • nfqueue support (only for ip and ip6 families).
  • rule tracing support.
  • IPv6 and inet reject support.

3.15

  • Comments per rule support.
  • IPv4 reject support.

3.16

  • connlabel support.

3.17

  • log and nflog support for ip, ip6, arp and bridge families.

3.18

  • masquerading support.
  • meta cpu, devgroup matching.
  • reject bridge support.
  • destroy table and its content, ie. nft flush ruleset.

3.19

  • redirect support.

4.0

  • Mostly fixes.

4.1

Major updates in the generic set infrastructure:

  • Concatenations.
  • Timeout per set elements.
  • Comments per set elements.
  • Dynamic set instantiation.

4.2

  • New 'netdev' family for filtering from ingress.
  • Context to x_tables extensions to know if they run from nft_compat.

4.3

  • Enhancements for the limit expression, support for ratelimit bytes/time unit.
  • Dup expression (equivalent to the TEE target in iptables) for IPv4 and IPv6.
  • VLAN header matching support when NIC support offloads.

4.10

  • notrack support