List of updates since Linux kernel 3.13

From nftables wiki
Revision as of 14:22, 23 December 2016 by Arturo (talk | contribs) (add 4.10 with notrack support)
Jump to navigation Jump to search

A listing of the development progress.

3.13

  • nf_tables merged mainstream.

3.14

  • set packet mark support.
  • nfqueue support (only for ip and ip6 families).
  • rule tracing support.
  • IPv6 and inet reject support.

3.15

  • Comments per rule support.
  • IPv4 reject support.

3.16

  • connlabel support.

3.17

  • log and nflog support for ip, ip6, arp and bridge families.

3.18

  • masquerading support.
  • meta cpu, devgroup matching.
  • reject bridge support.
  • destroy table and its content, ie. nft flush ruleset.

3.19

  • redirect support.

4.0

  • Mostly fixes.

4.1

Major updates in the generic set infrastructure:

  • Concatenations.
  • Timeout per set elements.
  • Comments per set elements.
  • Dynamic set instantiation.

4.2

  • New 'netdev' family for filtering from ingress.
  • Context to x_tables extensions to know if they run from nft_compat.

4.3

  • Enhancements for the limit expression, support for ratelimit bytes/time unit.
  • Dup expression (equivalent to the TEE target in iptables) for IPv4 and IPv6.
  • VLAN header matching support when NIC support offloads.

4.10

  • notrack support