Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: libnftables1 | Distribution: openSUSE Step 15 |
Version: 0.9.8 | Vendor: openSUSE |
Release: 3.7.1 | Build date: Mon May 22 12:03:38 2023 |
Group: System/Libraries | Build host: obs-arm-6 |
Size: 665216 | Source RPM: nftables-0.9.8-3.7.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://netfilter.org/projects/nftables/ | |
Summary: nftables firewalling command interface |
libnftables is the nftables command line interface placed into a library.
GPL-2.0-only
* Tue Apr 25 2023 matthias.gerstner@suse.com - add 0001-evaluate-reject-support-ethernet-as-L2-protocol-for-.patch: this fixes a crash in nftables if layer2 reject rules are processed (e.g. Ethernet MAC address based reject rich rule in firewalld, bsc#1210773). * Mon May 02 2022 matthias.gerstner@suse.com - add 0001-cache-check-for-NULL-chain-in-cache_init.patch: this fixes rare crashes that could occur e.g. in firewalld (bsc#1197606). * Fri Jan 15 2021 jengelh@inai.de - Update to release 0.9.8 * Complete support for matching ICMP header content fields. * Added raw tcp option match support. * Added ability to check for the presence of any tcp option. * Support for rejecting traffic from the ingress chain. * Tue Oct 27 2020 jengelh@inai.de - Update to release 0.9.7 * Support for implicit chains * Support for ingress inet chains * Support for reject from prerouting chain * Support for --terse option in json * Support for the reset command with json * Tue Jun 16 2020 jengelh@inai.de - Update to release 0.9.6 * Fix two ASAN runtime errors * Sat Jun 06 2020 jengelh@inai.de - Update to release 0.9.5 * Support for set counters. * Support for restoring set element counters via nft -f. * Counter support for flowtables. * typeof concatenations support for sets. * Support for concatenated ranges in anonymous sets. * Allow to reject packets with 802.1q from the bridge family. * Support for matching on the conntrack ID. - Drop anonset-crashfix.patch (upstream solved differently) * Thu May 07 2020 jengelh@inai.de - Add anonset-crashfix.patch [boo#1171321] * Wed Apr 01 2020 jengelh@inai.de - Update to release 0.9.4 * Add a helper for concat expression handling. * Add "typeof" build/parse/print support. * Mon Dec 09 2019 jengelh@inai.de - Add json, python [boo#1158723] * Tue Dec 03 2019 jengelh@inai.de - Update to release 0.9.3 * meta: Introduce new conditions "time", "day" and "hour". * src: add ability to set/get secmarks to/from connection. * flowtable: add support for named flowtable listing. * flowtable: add support for delete command by handle. * json: add support for element deletion. * Add `-T` as the short option for `--numeric-time`. * meta: add ibrpvid and ibrvproto support * Mon Aug 19 2019 jengelh@inai.de - Update to new upstream release 0.9.2 * Transport header port matching, e.g. "th dport 53" * Support for matching on IPv4 options * Support for synproxy * Sat Jan 19 2019 stefan.bruens@rwth-aachen.de - Remove unused dblatex BuildRequires, only needed for the optional and disabled PDF generation (same contents as shipped manpage). * Sat Jun 09 2018 jengelh@inai.de - Update to new upstream release 0.9.0 * Support to check if packet matches an existing socket. * Support to limit number of active connections by arbitrary criteria, such as ip addresses, networks, conntrack zones or any combination thereof. * Added support for "audit" logging. * Fri May 11 2018 jengelh@inai.de - Update to new upstream release 0.8.5 * support to add/insert a rule at a given index position * meter statement now supports a configureable upper max size * timeouts for sets can now be specified in milliseconds * re-add iptables-like empty skeleton rulesets * Wed May 02 2018 jengelh@inai.de - Update to new upstream release 0.8.4 * Support to match IPv6 segment routing headers. * New "meta ibrname" and "meta obrname" arguments to match the name of the logical bridge a packet is passing through. These new names replace the old (misnamed) "ibriport"/"obriport". * `nft -a` will now show handle identifier for all objects, including tables and chains. * nft can now delete objects by their handle number. * Support to update maps from the ruleset (packet path). * the "--echo" option now prints handle id for tables and object too. * `nft -f -` will now read from standard input * Support for flow tables, cf. man page or https://lwn.net/Articles/738214/ . * Sat Mar 03 2018 jengelh@inai.de - Update to new upstream release 0.8.3 * raw payload support to match headers that do not yet have received a mnemonic. * Sat Feb 03 2018 jengelh@inai.de - Update to new upstream release 0.8.2 * add secpath support * Tue Jan 16 2018 jengelh@inai.de - Update to new upstream release 0.8.1 * This release deprecates the "flow table" syntax in favor of "meter". * Fri Oct 13 2017 jengelh@inai.de - Update to new upstream release 0.8 * This release contains new features available up to the (upcoming) Linux 4.14 kernel release: * Support for stateful objects, these objects are uniquely identified by a user-defined name, you can refer to them from rules, and there is a well established interface to operate with them. * Sort set elements when listing them, from lower to largest. * TCP option matching and mangling support. This includes TCP maximum segment size mangling. * Add new "-s" option for listings without stateful information. * Add new -c/--check option for nft, to tests if your ruleset loads fine, into the kernel, this is a dry run mode. * Connection tracking helper support. * Add --echo option, to print the handle that the kernel allocates to uniquely identify rules. * Conntrack zone support * Symmetric hash support * Add support to include directories from nft natives scripts, files are loaded in alphanumerical order. * Allow to check if IPv6 extension header or TCP option exists or is missing. * Extend quota support to display used bytes. * Add ct average matching, to match average bytes per packet a connection has transferred so far, to map the existing feature available in the iptables connbytes match. * Allow to flush maps and flow tables. * Allow to embed set definition into an existing set. * Conntrack event filtering support via rule. * Tue Dec 20 2016 jengelh@inai.de - Update to new upstream release 0.7 * Add new fib expression, which can be used to obtain the output interface from the route table based on either source or destination address of a packet. * Support hashing of any arbitrary key combination, eg. * Add number generation support. Useful for round-robin packet mark setting. * Add quota support, eg. * Introduce routing expression, for routing related data with support for nexthop * Notrack support, to explicitly skip connection tracking for matching packets. * Support to set non-byte bound packet header fields, including checksum adjustment. * Add 'create set' and 'create element' commands. * Allow to use variable reference for set element definitions. * Allow to use variable definitions from element commands. * Add support to flush set. You can use this new command to remove all existing elements in a set. * Inverted set lookups. * Honor absolute and relative paths via include file, where: * Support log flags, to enable logging TCP sequence and options. * tc classid parser support, eg. * Allow numeric connlabels, so if connlabel still works with undefined labels. * Thu Jun 02 2016 jengelh@inai.de - Update to new upstream release 0.6 * Rules may be replaced now * Flow table support (requires Linux >= 4.3) * Support for tracing * Ratelimiting now supports units like bytes/second. * Matchinv VLAN IDs, DSCP/ECN, ICMP RtAdv & RtSol * Thu Sep 17 2015 jengelh@inai.de - Update to new upstream release 0.5 * Support combinations of two or more selectors to build a tuple * Timeout support for sets * Dormant flag for tables * Default chain policy specifiable on creation * Sat May 23 2015 mrueckert@suse.de - set the url to the project page - pass --disable-silent-rules to configure to allow gcc post build check to work * Tue Dec 16 2014 jengelh@inai.de - Update to new upstream release 0.4 * Since Linux 3.18: support for global ruleset operations * Since 3.17: full logging support for all the families, including nfnetlink_log * 3.16: automatic selection of the optimal set implementation * 3.14: reject support for ip, ip6 and inet * 3.18: reject support for bridge, and reject icmpx abstraction * 3.18: masquerade support * 3.19: redirect support * Extend meta to support pkttype, cpu and devgroup matching.
/usr/lib/libnftables.so.1 /usr/lib/libnftables.so.1.0.0
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 18:42:22 2024