summaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* src: add netdev family supportPablo Neira Ayuso2015-06-161-0/+42
| | | | | | | | | | | | | | | | | | | | | This patch adds support for the new 'netdev' table. So far, this table allows you to create filter chains from ingress. The following example shows a very simple base configuration with one table that contains a basechain that is attached to the 'eth0': # nft list table netdev filter table netdev filter { chain eth0-ingress { type filter hook ingress device eth0 priority 0; policy accept; } } You can test that this works by adding a simple rule with counters: # nft add rule netdev filter eth0-ingress counter Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: allow to specify the default policy for base chainsPablo Neira Ayuso2015-03-171-0/+1
| | | | | | | | | | | | | | | | | | The new syntax is: nft add chain filter input { hook input type filter priority 0\; policy accept\; } but the previous syntax is still allowed: nft add chain filter input { hook input type filter priority 0\; } this assumes default policy to accept. If the base chain already exists, you can update the policy via: nft add chain filter input { policy drop\; } Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: add a reference to the wiki page in the man pageArturo Borrero2015-01-071-0/+3
| | | | | | | | Let's add a pointer in the man page to the wiki page. Requested-by: Dan Jacobson <jidanni@jidanni.org> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: add autotools support for the 'doc' subdirGiorgio Dal Molin2014-11-122-20/+19
| | | | | | | | | | | | | | | | | | | | 'nft' documentation is originally contained in the XML file 'doc/nft.xml'. Processing this file with the proper tools we can obtain a PDF document, 'nft.pdf', and a unix man page, 'nft.8'. To produce the PDF we need the tool 'dblatex' (current release pypi.python.org/pypi/dblatex/0.3.5). To produce the man page we use the tool 'docbook2man'; it is part of the package 'docbook2X' (docbook2x.sourceforge.net). On some linux distributions the tool can have slightly different names as 'docbook2x-man' or 'db2x_docbook2man' so we search for all three names and use the first one found and issue the command: # ${DB2MAN} --xinclude $< Signed-off-by: Giorgio Dal Molin <giorgio.nicole@arcor.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nft: don't resolve hostnames by defaultArturo Borrero2014-11-061-3/+12
| | | | | | | | | | | | | | | | | | | | | | | | This patch changes the default behaviour of nft to not translate IP addresses to hostnames when printing rules if no options are passed. The options regarding translations after this patch are: <no -n/-N> show IP addresses numerically (default behaviour) -n show IP addresses numerically -nn show Internet services and uid/gid numerically -nnn show protocols numerically -N (--reversedns) translate IP addresses to names The idea is to avoid breaking existing scripts that most likely rely on '-n' to save the ruleset, so we reduce the impact of this patch and provide a default behaviour that doesn't generate network traffic when listing / saving the ruleset. Joint work with Pablo. Suggested-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: nft: Fix trivial error in man page where flush should be renameKevin Fenzi2014-08-241-1/+1
| | | | | | | | Trivial fix, but someone filed a bug on it, and it should be fixed. ;) https://bugzilla.redhat.com/show_bug.cgi?id=1132917 Signed-off-by: Kevin Fenzi <kevin@scrye.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: update documentation with 'monitor' and 'export'Arturo Borrero2014-08-081-3/+67
| | | | | | | | | | Let's add info about 'monitor' and 'export'. While at it, fix other minors things, like the no-netlink return code and indentations of the document. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: fix make install problemsPatrick McHardy2014-04-143-4/+4
| | | | | | | | | | | | -e INSTALL doc /usr/bin/install: cannot stat 'doc/nftables.8': No such file or directory make[1]: *** [install] Error 1 make: *** [doc] Error 2 Rename everything to nft.* to fix this up. Reported-by: Ana Rey <anarey@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* doc: change documentation license to CC BY-SA 4.0Patrick McHardy2014-04-141-1/+6
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* doc: fix programlisting indentationPatrick McHardy2014-04-141-44/+45
| | | | | | Since programlistings are used literally, the should not be indented. Signed-off-by: Patrick McHardy <kaber@trash.net>
* doc: documentation updatePatrick McHardy2014-04-141-637/+1833
| | | | Signed-off-by: Patrick McHardy
* nftables: drop hard coded install using root user owner and groupKevin Fenzi2014-01-131-2/+2
| | | | | | | | Packaging systems build as a non priv user, so can't install as root. Users installing from source can 'sudo make install' or run 'make install' as root Signed-off-by: Kevin Fenzi <kevin@scrye.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* doc: fix inversion of operator and object.Eric Leblond2013-05-311-4/+4
|
* build: fix installation when docs are not builtPatrick McHardy2009-03-181-5/+11
| | | | | | Don't try to install non-existant files. Signed-off-by: Patrick McHardy <kaber@trash.net>
* Initial commitv0.01-alpha1Patrick McHardy2009-03-183-0/+982