User contributions
Jump to navigation
Jump to search
- 00:51, 4 September 2021 diff hist +271 Sets add query for element s in a set
- 13:41, 31 August 2021 diff hist +104 Matching packet headers →Matching transport protocol: a bit more detailed explanation on how meta l4proto works current
- 13:39, 31 August 2021 diff hist +4 Matching packet headers →Matching IPv6 headers: another typo
- 13:38, 31 August 2021 diff hist +51 Matching packet headers →Matching IPv6 headers: fix typos and style
- 13:37, 31 August 2021 diff hist +1,331 Matching packet headers →Matching IPv6 headers: refer to the ICMPv6 case
- 10:33, 12 August 2021 diff hist −28 Simple ruleset for a workstation remove echo request in IPv6 examples
- 01:07, 28 July 2021 diff hist +60 Simple ruleset for a server →nftables.conf: add a note on PMTUD
- 00:56, 28 July 2021 diff hist +56 Simple ruleset for a server add comment regarding ICMPv6 (per Thomas Landauer)
- 18:19, 23 July 2021 diff hist +172 Nftables families →inet: refer to meta l4proto current
- 18:13, 23 July 2021 diff hist +243 Matching packet headers →Matching transport protocol: document inet
- 17:00, 23 July 2021 diff hist +274 Quick reference-nftables in 10 minutes →Ct: add ct count
- 22:36, 5 July 2021 diff hist +518 Meters →Doing connlimit with nft: document caveats
- 22:35, 5 July 2021 diff hist −1,070 Connlimits →Using connlimits in dynamic sets and maps: remove this example, the header is a hyperlink current
- 22:34, 5 July 2021 diff hist −20 Connlimits →Using connlimits in dynamic sets and maps: add example and caveats
- 22:29, 5 July 2021 diff hist +1,090 Connlimits →Using connlimits in dynamic sets and maps: add example and caveats
- 13:01, 28 June 2021 diff hist +152 Moving from ipset to nftables current
- 13:00, 28 June 2021 diff hist −9 Moving from ipset to nftables incorrect ipset-translate syntax in example
- 12:58, 28 June 2021 diff hist +581 Moving from ipset to nftables update article to document the new ipset-translate utility
- 14:56, 21 June 2021 diff hist +20 Multiple NATs using nftables maps →Multiple NAT mapping with address and port current
- 14:56, 21 June 2021 diff hist +31 Multiple NATs using nftables maps →Multiple NAT mapping with address and port: missing source tag
- 14:55, 21 June 2021 diff hist +259 Multiple NATs using nftables maps →Multiple NAT mapping with address and port: add example for anonymous map
- 14:43, 21 June 2021 diff hist −8 Multiple NATs using nftables maps →multiple NAT mapping with address and port: minor comestic
- 14:42, 21 June 2021 diff hist +465 Multiple NATs using nftables maps multiple NAT mapping with address and port
- 22:07, 12 June 2021 diff hist +33 Main Page →Examples
- 20:39, 27 May 2021 diff hist −1 Flowtables
- 23:27, 3 May 2021 diff hist −13 Mangling packet headers →Mangling TCP options: remove oifname pppoe0, see note regarding mangling TCP MSS option current
- 23:26, 3 May 2021 diff hist +366 Mangling packet headers →Mangling TCP options: fix example rule regarding TCP MSS mangling
- 04:09, 8 February 2021 diff hist −638 Netfilter hooks add schematic to represent hooks (contributed by Francisco Javier Rodríguez López)
- 00:29, 16 January 2021 diff hist +3 Quick reference-nftables in 10 minutes →Ct: still use ip prefix for ct [original | reply] ip daddr
- 00:25, 16 January 2021 diff hist +26 Quick reference-nftables in 10 minutes →Ct: update ct original ip {s,d}addr syntax
- 20:05, 18 December 2020 diff hist +57 Mangling packet headers
- 19:59, 18 December 2020 diff hist +26 Main Page →Possible actions on packets
- 19:57, 18 December 2020 diff hist −10 Matching routing information →nexthop: Use meter
- 19:51, 18 December 2020 diff hist +16 Conntrack helpers →Supported conntrack helpers
- 19:50, 18 December 2020 diff hist +6 Conntrack helpers →Supported conntrack helpers
- 19:50, 18 December 2020 diff hist +10 Conntrack helpers →Supported helpers
- 19:50, 18 December 2020 diff hist +359 Conntrack helpers
- 19:43, 18 December 2020 diff hist +677 N Conntrack helpers Created page with "You can enable conntrack helpers explicitly through your ruleset. You have to attach your conntrack helper from the prerouting chain. <source lang="bash"> table inet myhelpe..."
- 19:38, 18 December 2020 diff hist +38 Main Page →Possible actions on packets
- 19:38, 18 December 2020 diff hist +200 Matching connection tracking stateful metainformation →Matching the conntrack mark
- 19:36, 18 December 2020 diff hist −177 Matching packet metainformation →The meta selectors
- 19:34, 18 December 2020 diff hist +31 Matching packet headers →Matching Ethernet header fields: missing source tag
- 22:43, 9 December 2020 diff hist +47 Bridge filtering →Example: Stateful bridge firewall
- 00:00, 6 December 2020 diff hist −1 m Bridge filtering →Stateful filtering: typo
- 23:59, 5 December 2020 diff hist +139 Bridge filtering →Stateful filtering: conntrack bridge provides a replacement for br_netfilter and physdev
- 23:48, 5 December 2020 diff hist +141 Bridge filtering →Bridge chain types
- 23:45, 5 December 2020 diff hist +53 Bridge filtering →Example: Stateful bridge firewall
- 23:30, 5 December 2020 diff hist 0 Bridge filtering →Example: Stateful bridge firewall: incorrect interface to reach the web server
- 23:28, 5 December 2020 diff hist +4 Bridge filtering →Example: Stateful bridge firewall
- 23:28, 5 December 2020 diff hist +1 Bridge filtering →Example: Stateful bridge firewall
- 23:28, 5 December 2020 diff hist +101 Bridge filtering →Example: Stateful bridge firewall
- 23:27, 5 December 2020 diff hist +186 Bridge filtering →Stateful filtering
- 23:16, 5 December 2020 diff hist +33 m Bridge filtering →Bridge chain types: minor nit
- 23:12, 5 December 2020 diff hist +2,107 Bridge filtering add simple example describing connection tracking support for bridge
- 11:59, 5 February 2019 diff hist +2 Meters →Doing connlimit with nft
- 11:59, 5 February 2019 diff hist +1 Meters →Doing connlimit with nft
- 11:59, 5 February 2019 diff hist +306 Meters →Using meters
- 11:55, 5 February 2019 diff hist +1,174 Meters →Doing iptables hashlimit with nft
- 11:46, 5 February 2019 diff hist −41 Main Page →Possible actions on packets
- 11:45, 5 February 2019 diff hist +41 Main Page →Possible actions on packets
- 00:57, 20 June 2017 diff hist +113 Load balancing →Using Direct Server Return (DSR)
- 20:01, 19 June 2017 diff hist −33 Load balancing fix broken example
- 19:02, 14 June 2017 diff hist +110 Load balancing →Using stateless NAT
- 19:00, 14 June 2017 diff hist +9 Load balancing →Using stateless NAT
- 19:00, 14 June 2017 diff hist +10 Load balancing →Using stateless NAT
- 18:57, 14 June 2017 diff hist −1 Load balancing →Consistent Hash-based Distribution
- 18:57, 14 June 2017 diff hist +35 Load balancing →Consistent Hash-based Distribution
- 18:55, 14 June 2017 diff hist +50 Load balancing
- 18:53, 14 June 2017 diff hist +33 Main Page
- 18:52, 14 June 2017 diff hist −99 Main Page A wiki is always work in progress anyway... And documentation got a bit better now, remove this comment.
- 05:05, 8 April 2017 diff hist 0 What is nftables?
- 05:04, 8 April 2017 diff hist +8 What is nftables?
- 16:44, 30 March 2017 diff hist −158 m Building and installing nftables from sources Reverted edits by Arushi (talk) to last revision by AlexanderAlemayhu
- 11:00, 8 February 2017 diff hist −24 Netfilter hooks
- 22:05, 13 July 2016 diff hist −3 Netfilter hooks
- 22:05, 13 July 2016 diff hist −3 Netfilter hooks
- 22:04, 13 July 2016 diff hist −22 Netfilter hooks
- 22:03, 13 July 2016 diff hist +7 Configuring chains
- 20:18, 13 July 2016 diff hist +41 Main Page →Advanced data structures for performance packet classification
- 20:16, 13 July 2016 diff hist +15 Main Page →Videos
- 20:14, 13 July 2016 diff hist +2,439 N List of available translations via iptables-translate tool Created page with "The following '''matches and targets''' (in alphabetic order) can be fully translated via iptables-translate tool: == Translatable extensions == === Matches === ====xt==== *..."
- 20:00, 13 July 2016 diff hist +201 N Ipset Created page with "[http://ipset.netfilter.org/ IPSet] is an extension to allow packet classification based on sets. It is currently maintained and actively developed by the Netfilter coreteam d..."
- 19:59, 13 July 2016 diff hist +2,942 N Jumping to chain Created page with "Like in ''iptables'', you can structure your rule-set in using a tree of chains. To do so, you first need to create the custom chain via: <source lang=..."
- 19:58, 13 July 2016 diff hist +2,253 N Rejecting traffic Created page with "'''Note''': Full reject support is available since Linux kernel 3.18. The following rule shows how to reject any traffic from the network: <source lang="bash"> % nft add rul..."
- 19:58, 13 July 2016 diff hist +1,673 N Logging traffic Created page with "'''Note''': Full logging support is available starting Linux kernel 3.17. If you run an older kernel, you have to modprobe ipt_LOG to enable logging. You can log packets usin..."
- 19:58, 13 July 2016 diff hist +3,726 N Performing Network Address Translation (NAT) Created page with "The ''nat'' chain type allows you to perform NAT. This chain type comes with special semantics: * The first packet of a flow is used to look up for a matching rule which sets..."
- 19:58, 13 July 2016 diff hist +1,702 N Setting packet metainformation Created page with "You can set some metainformation in a packet: one of mark, priority or nftrace. Please note that you require a Linux kernel >= 3.14 to use these features. == mark == The fol..."
- 19:57, 13 July 2016 diff hist +2,799 N Queueing to userspace Created page with "= Basic operation = '''Important note''': You require a Linux kernel 3.14 to enqueue packets to userspace using nftables. Like in ''iptables'', you can use the nfqueue infra..." current
- 19:57, 13 July 2016 diff hist +1,024 N Duplicating packets Created page with "Since Linux kernel 4.3, you can duplicate packets to another destination from the ''ip'' and ''ip6'' families. You may want to use this feature to address this traffic to anot..."
- 19:57, 13 July 2016 diff hist +644 N Counters Created page with "Counters are optional in ''nftables'', thus, you need to explicitly specify them in the rule if you want them. The following example allows you to account all tcp traffic tha..."
- 19:56, 13 July 2016 diff hist +2,893 N Sets Created page with "''nftables'' comes with a built-in generic set infrastructure that allows you to use '''any''' supported selector to build sets. This infrastructure makes possible the represe..."
- 19:56, 13 July 2016 diff hist +2,632 N Verdict Maps (vmaps) Created page with "The ''dictionaries'', also known as ''verdict maps'', are one of the most interesting features available in ''nftables''. Basically, they allow you to attach an action to an e..."
- 19:56, 13 July 2016 diff hist +865 N Intervals Created page with "Intervals are expressed as value-value. The following example show how to drop the traffic coming the range 192.168.0.1 to 192.168.0.250: <source lang="bash"> % nft add rule..."
- 19:55, 13 July 2016 diff hist +1,564 N Maps Created page with "Maps are yet another interesting feature that has been in ''nftables'' since the very beginning. You can use a map to look up for data based on some specific key that is used..."
- 19:54, 13 July 2016 diff hist +1,727 N Concatenations Created page with "Since Linux kernel 4.1, nftables supports concatenations. This new feature allows you to put two or more selectors together to perform very fast lookups by combining them wit..."
- 19:54, 13 July 2016 diff hist +1,845 N Simple ruleset for a workstation Created page with "= fw.basic = <source lang="bash"> table ip filter { chain input { type filter hook input priority 0; # accept traffic originated from us c..."
- 19:53, 13 July 2016 diff hist +350 N Bridge filtering Created page with "== Limitation == There is currently no connection tracking available for bridge filtering. == Examples == Filter on TCP destination port: <source lang="bash"> nft add rule..."
- 19:53, 13 July 2016 diff hist +1,166 N Multiple NATs using nftables maps Created page with "Thanks to nftables Maps, if you have a previous iptables NAT (destination NAT) ruleset like this: <source lang="bash"> % iptables -t nat -A PREROUTING -p tcp --dport 1000..."
- 19:52, 13 July 2016 diff hist +1,147 N List of updates since Linux kernel 3.13 Created page with "A listing of the development progress. == 3.13 == * nf_tables merged mainstream. == 3.14 == * set packet mark support. * nfqueue support (only for ip and ip6 families). *..."
- 19:52, 13 July 2016 diff hist +18,428 N Supported features compared to xtables Created page with "Last update: 2016/Jan/11 This page tr..."