[NFT PATCH 1/3] nftables: rearrange files and examples

Concatenate all family/hook examples into a single one. Put all example files under examples/. Use the '.nft' prefix and mark them as executable files. Use a static shebang declaration, since these are examples meant for final systems and users. While at it, refresh also the sets_and_maps.nft exa

[NFT PATCH 3/3] files: add load balance example

Include this example file in the tarball on how to do load balancing with nftables, inspired from https://wiki.nftables.org Signed-off-by: Arturo Borrero Gonzalez --- files/examples/load_balancing.nft | 54 + 1 file changed, 54 insertions(+) create mode 100

[NFT PATCH 2/3] examples: add ct helper examples

Include some examples in the nftables tarball on using the ct helper infraestructure, inspired from wiki.nftables.org. Signed-off-by: Arturo Borrero Gonzalez --- files/examples/ct_helpers.nft | 43 + 1 file changed, 43 insertions(+) create mode 100755 f

Re: [NFT PATCH 1/3] nftables: rearrange files and examples

Arturo Borrero Gonzalez wrote: > Concatenate all family/hook examples into a single one. Oh? I actually liked the 'atomic' versions, because i could run nft -f /etc/nftables/ipv4-filter to get empty 'iptables' filter. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel"

[PATCH nft] segtree: check for overlapping elements at insertion

This speeds up element overlap checks quite a bit. Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=1228 Signed-off-by: Pablo Neira Ayuso --- src/segtree.c | 60 --- 1 file changed, 16 insertions(+), 44 deletions(-) diff --git a/src/s

Re: [NFT PATCH 1/3] nftables: rearrange files and examples

On Sat, Feb 24, 2018 at 03:42:01PM +0100, Florian Westphal wrote: > Arturo Borrero Gonzalez wrote: > > Concatenate all family/hook examples into a single one. > > Oh? I actually liked the 'atomic' versions, because i could > run nft -f /etc/nftables/ipv4-filter to get empty 'iptables' filter. P

[PATCH nf] netfilter: ipvs: flag ct as needing s/dnat in original direction

FTP passive mode got broken by this change: - if (.. && nfct_nat(ct)) { + if (.. (ct->status & IPS_NAT_MASK)) { The PASV reply sent by real server need to be translated to contain the load balancers address, but they are passed unchanged. IPS_NAT_MASK should be true for connections where reverse

[nft PATCH v2 2/3] examples: add ct helper examples

Include some examples in the nftables tarball on using the ct helper infraestructure, inspired from wiki.nftables.org. Signed-off-by: Arturo Borrero Gonzalez --- v2: fix some typos files/examples/ct_helpers.nft | 43 + 1 file changed, 43 insertions(+)

[nft PATCH v2 1/3] nftables: rearrange files and examples

Concatenate all family/hook examples into a single one by means of includes. Put all example files under examples/. Use the '.nft' prefix and mark them as executable files. Use a static shebang declaration, since these are examples meant for final systems and users. While at it, refresh also the

[nft PATCH v2 3/3] files: add load balance example

Include this example file in the tarball on how to do load balancing with nftables, inspired from https://wiki.nftables.org Signed-off-by: Arturo Borrero Gonzalez --- v2: fix some typos files/examples/load_balancing.nft | 54 + 1 file changed, 54 insertions

Re: [nft PATCH v2 1/3] nftables: rearrange files and examples

Arturo Borrero Gonzalez wrote: > Concatenate all family/hook examples into a single one by means of includes. > > Put all example files under examples/. Use the '.nft' prefix and mark > them as executable files. Use a static shebang declaration, since these > are examples meant for final systems

Re: [nft PATCH v2 2/3] examples: add ct helper examples

Arturo Borrero Gonzalez wrote: > Include some examples in the nftables tarball on using the ct helper > infraestructure, inspired from wiki.nftables.org. > > Signed-off-by: Arturo Borrero Gonzalez > --- > v2: fix some typos > > files/examples/ct_helpers.nft | 43 > ++

Re: [nft PATCH v2 1/3] nftables: rearrange files and examples

On 24 February 2018 at 23:07, Florian Westphal wrote: > Arturo Borrero Gonzalez wrote: >> Concatenate all family/hook examples into a single one by means of includes. >> >> Put all example files under examples/. Use the '.nft' prefix and mark >> them as executable files. Use a static shebang decl

Re: [nft PATCH v2 1/3] nftables: rearrange files and examples

Arturo Borrero Gonzalez wrote: > On 24 February 2018 at 23:07, Florian Westphal wrote: > > Any reason why this doesn't use > > #! @sbindir@nft -f ? > I didn't expect we were using these files for development activities. ok, fair enough, was just curious. Please push this, thanks! -- To unsubs

[PATCH] xtables-compat-multi.c: Allow symlink of ebtables

This patch allows one to force a subsystem that one does not wish to modify (e.g. libvirt) to use the ebtables compatibility layer. ebtables-compat was already a symlink to xtables-compat-multi but ebtables was a stand-alone program. So one could move it out of the way before making the symlink as