Shivani Bhardwaj wrote:
> Add translation for connlabel to nftables.
> Full translation for this match awaits the support for --set option.
Hmm, I sent patches for that a while ago, don't know why they were
not applied... Pablo?
> Examples:
>
> $ sudo iptables-translate -A INPUT -m connlabel --
Add translation for connlabel to nftables.
Full translation for this match awaits the support for --set option.
Examples:
$ sudo iptables-translate -A INPUT -m connlabel --label eth0-in
nft add rule ip filter INPUT ct label eth0-in counter
$ sudo iptables-translate -A INPUT -m connlabel ! --labe
Add translation for icmp to nftables.
Examples:
$ sudo iptables-translate -t filter -A INPUT -m icmp --icmp-type any -j LOG
nft add rule ip filter INPUT icmp type any counter log level warn
$ sudo iptables-translate -t filter -A INPUT -m icmp --icmp-type 3/1 -j LOG
nft add rule ip filter INPUT i
Add translation for icmpv6 to nftables.
Examples:
$ ip6tables-translate -t filter -A INPUT -m icmp6 --icmpv6-type 1 -j LOG
nft add rule ip6 filter INPUT icmpv6 type destination-unreachable counter log
level warn
$ ip6tables-translate -t filter -A INPUT -m icmp6 --icmpv6-type 1/3 -j LOG
nft add
>
> Stephane, I'm very looking forward to having this update pushed
> mainstream.
>
> However, this I think it would be good if you can translate this to
> use nested attributes.
>
> See nla_nest_start() and nla_nest_end(). Then, add a new vlan
> attributes for this:
>
> enum nfqnl_vla
Currently in nftables , reading rules from files ( '-f/--file
filename' ) works only with a single file.
If a directory contains multiple rule files , it cant be done by :
$ nft -f /usr/local/etc/nftables/*
:1:1-1: Error: syntax error, unexpected /
/usr/local/etc/nftables/inet-filter /usr/local/e
Hello,
On Thu, 18 Feb 2016, Sergei Shtylyov wrote:
> On 2/18/2016 3:41 AM, Simon Horman wrote:
>
> > From: Julian Anastasov
> >
> > "RFC 5961, 4.2. Mitigation" describes a mechanism to request
> > client to confirm with RST the restart of TCP connection
> > before resending its SYN. As
On Thu, Mar 03, 2016 at 06:02:41PM +, Piyush Pangtey wrote:
> Added multiport translations for ipv4 only .
> It's for review pupose only , it definitely needs changes .
>
> example :
> iptables-translate -A INPUT -p tcp -m multiport --dports 22,http,ssh -j ACCEPT
> nft add rule ip filter INPUT
Hi Shivani,
On Fri, Mar 04, 2016 at 04:05:24AM +0530, Shivani Bhardwaj wrote:
> Hi Pablo,
>
> connlabel match never loads. It shows
> iptables v1.6.0: Couldn't load match `connlabel':No such file or directory
>
> I see this conversation here:
> https://patchwork.ozlabs.org/patch/386215/ and the
Hi Jozsef,
On Mon, Feb 29, 2016 at 01:47:59PM +0100, Jozsef Kadlecsik wrote:
> On Mon, 29 Feb 2016, Pablo Neira Ayuso wrote:
>
> > On Wed, Feb 24, 2016 at 09:19:26PM +0100, Jozsef Kadlecsik wrote:
> > > Flushing/listing entries was not RCU safe, so parallel flush/dump
> > > could lead to kernel c
Hello,
I'm trying to implement support for CT HELPERs in linux kernel for
nftables and need some help/guidance.
The rule beeing 'udp dport tftp ct helper set "tftp"', I get
nft_ct_set_init() called when I add the rule in the table output filter
table.
I believe I have to call nf_ct_helper_
11 matches
Mail list logo
