User contributions

Jump to navigation Jump to search
Search for contributionsExpandCollapse
⧼contribs-top⧽
⧼contribs-date⧽

(newest | oldest) View ( | older 100) (20 | 50 | 100 | 250 | 500)

  • 18:51, 13 July 2016 diff hist +747 N Configuring tablesCreated page with "You can also delete tables with the following command: <source lang="bash"> % nft delete table ip foo </source> '''Troubleshooting''': Since Linux kernel 3.18, you can delet..."
  • 18:51, 13 July 2016 diff hist +7,032 N Configuring chainsCreated page with "As in ''iptables'', you attach your rules to chains. However, contrary to the ''iptables'' modus operandi, the ''nftables'' infrastructure comes with no pr..."
  • 18:50, 13 July 2016 diff hist +6,657 N Simple rule managementCreated page with "= Appending new rules = To add new rules, you have to specify the corresponding table and the chain that you want to use, eg. <source lang="bash"> % nft add rule filter outp..."
  • 18:50, 13 July 2016 diff hist +1,077 N Atomic rule replacementCreated page with "You can use the ''-f'' option to atomically update your rule-set: <source lang="bash"> % nft -f file </source> Where ''file'' contains your rule-set. You can save your rule..."
  • 18:49, 13 July 2016 diff hist +713 N Error reporting from the command lineCreated page with "The ''nft'' command line utility tries to help you when you use a wrong datatype. The following examples shows the error output if you pass an IPv4 address as a TCP port. <s..." current
  • 18:49, 13 July 2016 diff hist +970 N Building rules through expressionsCreated page with "''nftables'' provides the following built-in operations: * '''ne''' which stands for non equal. Alternatively you can use '''!='''. * '''lt''' means ''less than''. Alternativ..."
  • 18:48, 13 July 2016 diff hist +1,531 N Operations at ruleset levelCreated page with "== Using native nft syntax == Linux Kernel 3.18 includes some improvements regarding the available operations to manage your ruleset as a whole. === listing === Listing the..."
  • 18:48, 13 July 2016 diff hist +1,307 N Monitoring ruleset updatesCreated page with "nft can display notifications of ruleset updates through: <source lang="bash"> % nft monitor </source> This subscribes ''nft'' to any kind of ruleset update. You can filte..." current
  • 18:48, 13 July 2016 diff hist +2,452 N ScriptingCreated page with "Many people like to maintain their ruleset in shell scripts, this allows them to add comments and arrange rules in more human-friendly way. This is problematic though since sh..."
  • 18:47, 13 July 2016 diff hist +3,479 N Ruleset debug/tracingCreated page with "Since nftables v0.6 and linux kernel 4.6, ruleset debug/tracing is supported. This is an equivalent of the old iptables method -J TRACE, but with some great improvements. Th..."
  • 18:47, 13 July 2016 diff hist +2,992 N Matching packet headersCreated page with "The ''nft'' command line utility supports the following layer 4 protocols: AH, ESP, UDP, UDPlite, TCP, DCCP, SCTP and IPComp. = Matching transport protocol = The following r..."
  • 18:46, 13 July 2016 diff hist +2,504 N Matching packet metainformationCreated page with "''nftables'' comes with the packet metainformation selectors that you can use to match information that is stored in the network packet. = The meta selectors = The current..."
  • 18:46, 13 July 2016 diff hist +1,601 N Matching connection tracking stateful metainformationCreated page with "As in ''iptables'', you can match the state tracking information (sometimes refered as ''conntrack'' or ''ct'' information) that Netfilter collects through the ''Connection Tr..."
  • 18:45, 13 July 2016 diff hist +818 N Accepting and dropping packetsCreated page with "= Dropping packets = You can use the ''drop'' option to drop packets. Note that drop is a '''terminating''' action, so you cannot add any other action after it. <source lang..." current
  • 18:44, 13 July 2016 diff hist +1,118 N Rate limiting matchingsCreated page with "You can ratelimit traffic through ''limit''. The following example shows how to accept a maximum of 10 ICMP echo-request packets per second: <source lang="bash"> % nft add r..."
  • 18:38, 13 July 2016 diff hist +3,631 N Main differences with iptablesCreated page with "The main differences between ''nftables'' and ''iptables'' from the user point of view are: * The '''syntax'''. The ''iptables'' command line tool uses a getopt_long()-based..."
  • 18:38, 13 July 2016 diff hist +3,021 N Netfilter hooksCreated page with "If you are familiar with Netfilter, don't worry, most of the infrastructure remains the same. ''nftables'' reuses the existing hook infrastructure, [http://people.netfilter.or..."
  • 18:37, 13 July 2016 diff hist +7,049 N Building and installing nftables from sourcesCreated page with "nftables requires several userspace libraries, the 'nft' userspace command line utility and the kernel modules. If you are using a major linux distribution, you may consider..."
  • 18:37, 13 July 2016 diff hist +1,609 N Nftables from distributionsCreated page with "Most major Linux distributions have support for nftables: * they include a kernel with nf_tables support * they include userspace support Normally, you can get nftables worki..."
  • 18:36, 13 July 2016 diff hist +2,148 N TroubleshootingCreated page with "In this section, you can find frequently asked questions that has been posted on the [http://www.netfilter.org/mailinglists.html Netfilter mailing list]. == Question 1: Addre..."
  • 18:36, 13 July 2016 diff hist +33,565 N Quick reference-nftables in 10 minutesCreated page with "Find below some basic concepts to know before using nftables. '''table''' refers to a container of chains with no specific semantics. '''chain''' with..."
  • 18:34, 13 July 2016 diff hist −12 Why nftables?
  • 18:33, 13 July 2016 diff hist +1,453 N Why nftables?Created page with "We like iptables after all, this tool has been serving us (and will likely keep serving still for a while in many deployments) to filter out traffic on both per-packet and per..."
  • 18:31, 13 July 2016 diff hist +707 N What is nftables?initial page
  • 18:27, 13 July 2016 diff hist +2,278 Main Pageinitial page

(newest | oldest) View ( | older 100) (20 | 50 | 100 | 250 | 500)