User contributions
Jump to navigation
Jump to search
- 22:03, 13 July 2016 diff hist +7 Configuring chains
- 20:18, 13 July 2016 diff hist +41 Main Page →Advanced data structures for performance packet classification
- 20:16, 13 July 2016 diff hist +15 Main Page →Videos
- 20:14, 13 July 2016 diff hist +2,439 N List of available translations via iptables-translate tool Created page with "The following '''matches and targets''' (in alphabetic order) can be fully translated via iptables-translate tool: == Translatable extensions == === Matches === ====xt==== *..."
- 20:00, 13 July 2016 diff hist +201 N Ipset Created page with "[http://ipset.netfilter.org/ IPSet] is an extension to allow packet classification based on sets. It is currently maintained and actively developed by the Netfilter coreteam d..."
- 19:59, 13 July 2016 diff hist +2,942 N Jumping to chain Created page with "Like in ''iptables'', you can structure your rule-set in using a tree of chains. To do so, you first need to create the custom chain via: <source lang=..."
- 19:58, 13 July 2016 diff hist +2,253 N Rejecting traffic Created page with "'''Note''': Full reject support is available since Linux kernel 3.18. The following rule shows how to reject any traffic from the network: <source lang="bash"> % nft add rul..."
- 19:58, 13 July 2016 diff hist +1,673 N Logging traffic Created page with "'''Note''': Full logging support is available starting Linux kernel 3.17. If you run an older kernel, you have to modprobe ipt_LOG to enable logging. You can log packets usin..."
- 19:58, 13 July 2016 diff hist +3,726 N Performing Network Address Translation (NAT) Created page with "The ''nat'' chain type allows you to perform NAT. This chain type comes with special semantics: * The first packet of a flow is used to look up for a matching rule which sets..."
- 19:58, 13 July 2016 diff hist +1,702 N Setting packet metainformation Created page with "You can set some metainformation in a packet: one of mark, priority or nftrace. Please note that you require a Linux kernel >= 3.14 to use these features. == mark == The fol..."
- 19:57, 13 July 2016 diff hist +2,799 N Queueing to userspace Created page with "= Basic operation = '''Important note''': You require a Linux kernel 3.14 to enqueue packets to userspace using nftables. Like in ''iptables'', you can use the nfqueue infra..." current
- 19:57, 13 July 2016 diff hist +1,024 N Duplicating packets Created page with "Since Linux kernel 4.3, you can duplicate packets to another destination from the ''ip'' and ''ip6'' families. You may want to use this feature to address this traffic to anot..."
- 19:57, 13 July 2016 diff hist +644 N Counters Created page with "Counters are optional in ''nftables'', thus, you need to explicitly specify them in the rule if you want them. The following example allows you to account all tcp traffic tha..."
- 19:56, 13 July 2016 diff hist +2,893 N Sets Created page with "''nftables'' comes with a built-in generic set infrastructure that allows you to use '''any''' supported selector to build sets. This infrastructure makes possible the represe..."
- 19:56, 13 July 2016 diff hist +2,632 N Verdict Maps (vmaps) Created page with "The ''dictionaries'', also known as ''verdict maps'', are one of the most interesting features available in ''nftables''. Basically, they allow you to attach an action to an e..."
- 19:56, 13 July 2016 diff hist +865 N Intervals Created page with "Intervals are expressed as value-value. The following example show how to drop the traffic coming the range 192.168.0.1 to 192.168.0.250: <source lang="bash"> % nft add rule..."
- 19:55, 13 July 2016 diff hist +1,564 N Maps Created page with "Maps are yet another interesting feature that has been in ''nftables'' since the very beginning. You can use a map to look up for data based on some specific key that is used..."
- 19:54, 13 July 2016 diff hist +1,727 N Concatenations Created page with "Since Linux kernel 4.1, nftables supports concatenations. This new feature allows you to put two or more selectors together to perform very fast lookups by combining them wit..."
- 19:54, 13 July 2016 diff hist +1,845 N Simple ruleset for a workstation Created page with "= fw.basic = <source lang="bash"> table ip filter { chain input { type filter hook input priority 0; # accept traffic originated from us c..."
- 19:53, 13 July 2016 diff hist +350 N Bridge filtering Created page with "== Limitation == There is currently no connection tracking available for bridge filtering. == Examples == Filter on TCP destination port: <source lang="bash"> nft add rule..."