| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
useful for the 'ct zone set' statement, it has to be done before
the conntrack lookup but preferrably after the defragmention hook.
In iptables, the functionality resides in the CT target which is
restricted to the raw table. This provides the skeleton for nft.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
| |
Added support to install some 'nft' scripts under
'${sysconfdir}/nftables', typically '/etc/nftables'.
Signed-off-by: Giorgio Dal Molin <giorgio.nicole@arcor.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
|
|
| |
type keyword is now mandatory when creating a new chain. This
patc halso implement the change required following the usage of human
notation in hook.
It also suppressed non currently supported mangle chains.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|