| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: nftables | Distribution: openSUSE Leap 15.2 |
| Version: 0.8.2 | Vendor: openSUSE |
| Release: lp152.3.6 | Build date: Sun May 17 02:36:16 2020 |
| Group: Productivity/Networking/Security | Build host: lamb13 |
| Size: 548340 | Source RPM: nftables-0.8.2-lp152.3.6.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: http://netfilter.org/projects/nftables/ | |
| Summary: Userspace utility to access the nf_tables packet filter | |
nf_tables is the new firewalling infrastructure in the Linux kernel, intended to replace ip_tables, ip6_tables, arp_tables and ebtables in the long term. nftables is the corresponsing userspace frontend, replacing their respective userspace utilities. nftables features native support for sets and dictionaries of arbitrary types, support for many different protocols, meta data types, connection tracking, NAT, logging, atomic incremental and full ruleset updates.
GPL-2.0
* Sat Feb 03 2018 jengelh@inai.de
- Update to new upstream release 0.8.2
* add secpath support
* Tue Jan 16 2018 jengelh@inai.de
- Update to new upstream release 0.8.1
* This release deprecates the "flow table" syntax in favor
of "meter".
* Fri Oct 13 2017 jengelh@inai.de
- Update to new upstream release 0.8
* This release contains new features available up to the
(upcoming) Linux 4.14 kernel release:
* Support for stateful objects, these objects are uniquely
identified by a user-defined name, you can refer to them from
rules, and there is a well established interface to operate
with them.
* Sort set elements when listing them, from lower to largest.
* TCP option matching and mangling support. This includes TCP
maximum segment size mangling.
* Add new "-s" option for listings without stateful information.
* Add new -c/--check option for nft, to tests if your ruleset
loads fine, into the kernel, this is a dry run mode.
* Connection tracking helper support.
* Add --echo option, to print the handle that the kernel
allocates to uniquely identify rules.
* Conntrack zone support
* Symmetric hash support
* Add support to include directories from nft natives scripts,
files are loaded in alphanumerical order.
* Allow to check if IPv6 extension header or TCP option exists
or is missing.
* Extend quota support to display used bytes.
* Add ct average matching, to match average bytes per packet a
connection has transferred so far, to map the existing
feature available in the iptables connbytes match.
* Allow to flush maps and flow tables.
* Allow to embed set definition into an existing set.
* Conntrack event filtering support via rule.
* Tue Dec 20 2016 jengelh@inai.de
- Update to new upstream release 0.7
* Add new fib expression, which can be used to obtain the
output interface from the route table based on either source
or destination address of a packet.
* Support hashing of any arbitrary key combination, eg.
* Add number generation support. Useful for round-robin packet
mark setting.
* Add quota support, eg.
* Introduce routing expression, for routing related data with
support for nexthop
* Notrack support, to explicitly skip connection tracking for
matching packets.
* Support to set non-byte bound packet header fields, including
checksum adjustment.
* Add 'create set' and 'create element' commands.
* Allow to use variable reference for set element definitions.
* Allow to use variable definitions from element commands.
* Add support to flush set. You can use this new command to
remove all existing elements in a set.
* Inverted set lookups.
* Honor absolute and relative paths via include file, where:
* Support log flags, to enable logging TCP sequence and options.
* tc classid parser support, eg.
* Allow numeric connlabels, so if connlabel still works with
undefined labels.
* Thu Jun 02 2016 jengelh@inai.de
- Update to new upstream release 0.6
* Rules may be replaced now
* Flow table support (requires Linux >= 4.3)
* Support for tracing
* Ratelimiting now supports units like bytes/second.
* Matchinv VLAN IDs, DSCP/ECN, ICMP RtAdv & RtSol
* Thu Sep 17 2015 jengelh@inai.de
- Update to new upstream release 0.5
* Support combinations of two or more selectors to build a tuple
* Timeout support for sets
* Dormant flag for tables
* Default chain policy specifiable on creation
* Sat May 23 2015 mrueckert@suse.de
- set the url to the project page
- pass --disable-silent-rules to configure to allow gcc post build
check to work
* Tue Dec 16 2014 jengelh@inai.de
- Update to new upstream release 0.4
* Since Linux 3.18: support for global ruleset operations
* Since 3.17: full logging support for all the families,
including nfnetlink_log
* 3.16: automatic selection of the optimal set implementation
* 3.14: reject support for ip, ip6 and inet
* 3.18: reject support for bridge, and reject icmpx abstraction
* 3.18: masquerade support
* 3.19: redirect support
* Extend meta to support pkttype, cpu and devgroup matching.
* Fri Jun 27 2014 jengelh@inai.de
- Update to new upstream release 0.3
* More compact syntax for the queue action
* Match input and output bridge interface name through "meta
ibriport" and "meta obriport"
* netlink event monitor, to monitor ruleset events, set changes, etc.
* New transaction infrastructure - fully atomic updates for all
object available in the upcoming 3.16.
* Mon Jan 13 2014 jengelh@inai.de
- Initial package for build.opensuse.org
/etc/nftables /etc/nftables/arp-filter /etc/nftables/bridge-filter /etc/nftables/inet-filter /etc/nftables/ipv4-filter /etc/nftables/ipv4-mangle /etc/nftables/ipv4-nat /etc/nftables/ipv4-raw /etc/nftables/ipv6-filter /etc/nftables/ipv6-mangle /etc/nftables/ipv6-nat /etc/nftables/ipv6-raw /usr/sbin/nft /usr/share/doc/packages/nftables /usr/share/doc/packages/nftables/COPYING /usr/share/man/man8/nft.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Apr 9 11:54:57 2024