summaryrefslogtreecommitdiffstats
path: root/TODO
blob: 20ab42d50c4d4b3349297891f7161d7e978edfe1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
nftables frontend
-----------------
- Define lexical distinction between keywords, symbolic constants and
  identifiers
- Define syntax for changing data (connmark, meta etc.)
- shorter syntax for specifying rules: entire chains without repeating "rule add ..."
- payload syntax for matching on IP headers of IPIP/GRE tunnels etc.

- netlink monitor for CLI

Kernel
------
- netlink set API
- kernel set implementation selection
- TC hookup - use dummy classifier or hook "natively" ?
- kill mangle table, make rerouting a configurable table/chain property
- kill nat table? harder because of more special handling
- multi-family tables

- IPv6 ext header matching
- IP style options (IP/TCP/DCCP) matching
- IPsec policy matching
- hashlimit
- quota
- recent(?)
- TCPMSS target - generic packet editor?
- include NLM_F_ ... flags in notifications?