Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: nftables | Distribution: openSUSE Tumbleweed |
Version: 1.1.1 | Vendor: openSUSE |
Release: 1.1 | Build date: Thu Oct 3 09:00:54 2024 |
Group: Productivity/Networking/Security | Build host: reproducible |
Size: 125107 | Source RPM: nftables-1.1.1-1.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://netfilter.org/projects/nftables/ | |
Summary: Userspace utility to access the nf_tables packet filter |
nf_tables is a firewalling mechanism in the Linux kernel, running independently of and parallel to ip_tables, ip6_tables, arp_tables and ebtables. nftables is the corresponsing userspace frontend. The nftables frontend features support for sets and dictionaries of arbitrary types, meta data types, atomic incremental and full ruleset updates, and, similar to iptables, support for different protocols, access to connection tracking and NAT and logging.
GPL-2.0-only
* Thu Oct 03 2024 Jan Engelhardt <jengelh@inai.de> - Update to release 1.1.1 * Reduce netlink cache dependencies to speed up incremental updates. * Allow zero burst in byte ratelimiter expression. * Fix double-free when users call nft_ctx_clear_vars() followed by nft_ctx_free(). * Document that the tproxy statement is non-terminal (unlike in iptables). This allows for tproxy+log and tproxy+mark combos, see man nft(8) for details. * Add egress support for the `list hooks` subcommand. * Wed Jul 17 2024 Jan Engelhardt <jengelh@inai.de> - Update to release 1.1.0 * Restore compatibility set element dump with <= 0.9.8 * Disallow empty interface names * Restore rule replace command * Search for group, rt_mark, rt_realms at /etc/iproute2, /usr/share/iproute2 * Resolve some timezone issues * Support for variables in map expressions * VLAN support * Thu Jan 04 2024 Dirk Müller <dmueller@suse.com> - buildrequire setuptools explicitly as pip drops the dependency * Wed Jan 03 2024 Ben Greiner <code@bnavigator.de> - Fix the python bindings subpackages * The PEP517 python build requires setuptools * Actually use the rpm subpackage definition * The version is actually python3dist(nftables) = 0.1 * is noarch and requires libnftables1 through dlopen, tell rpmlint * remove unused shebang * Thu Oct 19 2023 Jan Engelhardt <jengelh@inai.de> - Update to release 1.0.9 * Custom conntrack timeouts can use time specification with units other than seconds. * Allow combination of dnat with numgen. * Allow for using constants as key in dynamic sets. * Support for matching on the target address of a IPv6 neighbour solicitation/advertisement. * Restore bitwise operations in combination with maps, e.g. jump to chain depending on bitwise operation on packet mark. * Fix crash with log prefix longer that 127 bytes. - Drop merged 0001-Revert-py-replace-distutils-with-setuptools.patch * Fri Jul 14 2023 Jan Engelhardt <jengelh@inai.de> - Update to release 1.0.8 * Support for setting meta and ct mark from other fields in rules, e.g. set meta mark to ip dscp header field. * Enhacements for -o/--optimize to deal with NAT statements, to compact masquerade statements. * Support for stateful statements in anonymous maps, such as counters. * Support for resetting stateful expressions in sets, maps and elements, e.g. counters. * broute support to short-circuit bridge logic from the bridge prerouting hook and pass up packets to the local IP stack. * JSON support for table and chain comments. - Added 0001-Revert-py-replace-distutils-with-setuptools.patch * Mon Mar 13 2023 Jan Engelhardt <jengelh@inai.de> - Update to release 1.0.7 * Support for vxlan/geneve/gre/gretap matching * auto-merge support for partial set element deletion * Allow for NAT mapping with concatenation and ranges * Support for quota in sets * Wed Dec 21 2022 Jan Engelhardt <jengelh@inai.de> - Update to release 1.0.6 * Fix bytecode generation for concatenation of intervals where selectors use different byteorder datatypes, e.g. IPv4 (network byte order). * Fix match of uncommon protocol matches with raw expressions * Unbreak insertion of rules with intervals ("sport { 3478-3497, 16384-16387 }") * Wed Aug 17 2022 Dirk Müller <dmueller@suse.com> - update to 1.0.5: * Fixes for the -o/--optimize, run this --optimize option to automagically compact your ruleset using sets, maps and concatenations * Fix ethernet and vlan concatenations, eg. define a dynamic set which is populated from the packet path * Fix ruleset listing with interface wildcard map * Fix several regressions in the input lexer which broke valid rulesets. * Fix slowdown with large lists of singleton interval elements. * Fix set automerge feature for large lists of singleton interval elements. * Fix bogus error reporting for exact overlaps. * Fix segfault when adding elements to invalid set. * fix device parsing in netdev family in json. * Tue Jun 07 2022 Jan Engelhardt <jengelh@inai.de> - Update to release 1.0.4 * Fixed a segfault in -o/--optimize with unsupported statements. * Bogus datatype mismatch error report in sets was fixed. * Tue May 31 2022 Jan Engelhardt <jengelh@inai.de> - Update to release 1.0.3 * Support for wildcard interface name matching with sets * Support for runtime auto-merge of set elements. * Enhancements for the ruleset optimization -o/--optimize option which allows to coalesce several NAT rules into map. * Support for raw expressions in concatenations. * Support for integer type protocol header fields in concatenations. * Allow to reset TCP options (requires Linux kernel >= 5.18) - Drop 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch * Tue Feb 22 2022 Jan Engelhardt <jengelh@inai.de> - Update to release 1.0.2 * New ruleset optimization -o/--optimize option. * Support for IP and TCP options and SCTP chunks in sets. * Support for tcp fastopen, md5sig and mptcp options. * MP-TCP subtype matching support. * JSON support for flowtables. - Add 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch * Thu Nov 18 2021 Jan Engelhardt <jengelh@inai.de> - Update to release 1.0.1 * Reduce memory footprint when loading large sets/maps. * Speed up reload of large sets/maps. * Speed up listing of specific tables in large ruleset, e.g. large ruleset with ~100k lines. * Speed up --terse option when listing a ruleset large sets/maps. * Print raw payload expression in hexadecimal, e.g. "@ll,0,8 & 0x80 == 0x80" * egress hook support (available since 5.16-rc1). * Allow matching and update bytes at inner header/payload offset (available since 5.16-rc1). * Thu Aug 19 2021 Jan Engelhardt <jengelh@inai.de> - Update to release 1.0.0 * Catch-all set element support. * The command-line option --define is now recognized. * Stateful expressions in maps. * Allow combination of jhash, symhash and numgen expressions with the queue statement. * Allow combination of verdict maps with interval concatenations. * Tue May 25 2021 Jan Engelhardt <jengelh@inai.de> - Update to release 0.9.9 * Flowtable hardware offload support * Support for the table owner flag. * 802.1ad (QinQ) support * cgroupsv2 support. * match on SCTP packet chunks (dependent on Linux 5.14) * Allow to use verdict in set/map typeof definitions * Fri Jan 15 2021 Jan Engelhardt <jengelh@inai.de> - Update to release 0.9.8 * Complete support for matching ICMP header content fields. * Added raw tcp option match support. * Added ability to check for the presence of any tcp option. * Support for rejecting traffic from the ingress chain.
/etc/nftables /etc/nftables/osf /etc/nftables/osf/pf.os /usr/sbin/nft /usr/share/doc/packages/nftables /usr/share/doc/packages/nftables/examples /usr/share/doc/packages/nftables/examples/all-in-one.nft /usr/share/doc/packages/nftables/examples/arp-filter.nft /usr/share/doc/packages/nftables/examples/bridge-filter.nft /usr/share/doc/packages/nftables/examples/ct_helpers.nft /usr/share/doc/packages/nftables/examples/inet-filter.nft /usr/share/doc/packages/nftables/examples/inet-nat.nft /usr/share/doc/packages/nftables/examples/ipv4-filter.nft /usr/share/doc/packages/nftables/examples/ipv4-mangle.nft /usr/share/doc/packages/nftables/examples/ipv4-nat.nft /usr/share/doc/packages/nftables/examples/ipv4-raw.nft /usr/share/doc/packages/nftables/examples/ipv6-filter.nft /usr/share/doc/packages/nftables/examples/ipv6-mangle.nft /usr/share/doc/packages/nftables/examples/ipv6-nat.nft /usr/share/doc/packages/nftables/examples/ipv6-raw.nft /usr/share/doc/packages/nftables/examples/load_balancing.nft /usr/share/doc/packages/nftables/examples/netdev-ingress.nft /usr/share/doc/packages/nftables/examples/secmark.nft /usr/share/doc/packages/nftables/examples/sets_and_maps.nft /usr/share/licenses/nftables /usr/share/licenses/nftables/COPYING /usr/share/man/man5/libnftables-json.5.gz /usr/share/man/man8/nft.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Nov 19 00:56:05 2024