User contributions for Fmyhr

15 February 2021

• 12:1612:16, 15 February 2021 diff hist +46‎ m Configuring chains ‎ →‎Base chain priority: improved description of NF_IP_PRI_CONNTRACK_HELPER
• 12:0912:09, 15 February 2021 diff hist +90‎ Configuring chains ‎ →‎Base chain priority: Added hook for NF_IP_PRI_CONNTRACK, link to conntrack refs
• 12:0012:00, 15 February 2021 diff hist +274‎ Configuring chains ‎ →‎Base chain priority: Added NF_IP_PRI_CONNTRACK_CONFIRM
• 11:1411:14, 15 February 2021 diff hist +32‎ m Setting packet connection tracking metainformation ‎ link Connection Tracking System; grammar
• 00:2800:28, 15 February 2021 diff hist +29‎ m Matching connection tracking stateful metainformation ‎ link Connection Tracking System
• 00:2500:25, 15 February 2021 diff hist +1,263‎ N Connection Tracking System ‎ Brief summary of using nftables and conntrack together, and short list of conntrack refs.

14 February 2021

• 22:5822:58, 14 February 2021 diff hist +798‎ Matching packet headers ‎ →‎Matching ICMP traffic: Added icmp code matching
• 22:4122:41, 14 February 2021 diff hist +972‎ Matching packet headers ‎ →‎Matching ICMP traffic: Use nft describe to list available nft type keywords

13 February 2021

• 18:2018:20, 13 February 2021 diff hist +172‎ Configuring chains ‎ →‎Adding non-base chains: Add note about using vmaps to construct efficient branched rulesets
• 18:1218:12, 13 February 2021 diff hist +100‎ Configuring chains ‎ →‎Adding non-base chains: Clarify non-base chain, compare with iptables user chain
• 17:5817:58, 13 February 2021 diff hist +173‎ Configuring chains ‎ Rewrite intro section
• 16:4616:46, 13 February 2021 diff hist +3‎ m Atomic rule replacement ‎ →‎Atomic Rule Replacement: rule-set -> ruleset current
• 16:4116:41, 13 February 2021 diff hist −41‎ Simple rule management ‎ →‎Replacing rules: clarity, touched up nft list ruleset comparison
• 16:2116:21, 13 February 2021 diff hist −21‎ Configuring tables ‎ →‎Deleting tables: clarity
• 16:0316:03, 13 February 2021 diff hist +129‎ Configuring chains ‎ →‎Base chain priority: Noted ability to specify integral offset of priority keywords
• 14:2114:21, 13 February 2021 diff hist −59‎ Configuring chains ‎ →‎Flushing chain: clarity
• 14:1814:18, 13 February 2021 diff hist −21‎ m Configuring chains ‎ →‎Deleting chains: grammar
• 14:1414:14, 13 February 2021 diff hist +235‎ Configuring chains ‎ →‎Adding non-base chains: Expanded a bit on using trees of chains; added goto action.
• 14:0314:03, 13 February 2021 diff hist −23‎ Configuring chains ‎ →‎Base chain hooks: Clarity
• 13:5013:50, 13 February 2021 diff hist +6‎ m Configuring chains ‎ →‎Base chain types: Grammar, clarity
• 13:4313:43, 13 February 2021 diff hist −22‎ m Configuring chains ‎ →‎Adding base chains: Grammar
• 13:3213:32, 13 February 2021 diff hist +158‎ m Configuring chains ‎ →‎Base chain priority: Added link to Pablo's connection tracking paper.
• 13:1713:17, 13 February 2021 diff hist +42‎ Configuring chains ‎ →‎Base chain priority: Added hook locations for defrag, a few others (some still missing).
• 12:5212:52, 13 February 2021 diff hist +2,752‎ Configuring chains ‎ →‎Base chain priority: Moved base chain priorities to table, emphasized that relative numerical order within a hook is what matters.

12 February 2021

• 12:4012:40, 12 February 2021 diff hist −3‎ What is nftables? ‎ clarify that xtables is legacy; some minor grammar changes
• 12:3312:33, 12 February 2021 diff hist +1‎ m Legacy xtables tools ‎ →‎In Linux distributions: grammar current
• 11:5611:56, 12 February 2021 diff hist +62‎ Moving from ipset to nftables ‎ dictionaries -> verdict maps
• 11:5311:53, 12 February 2021 diff hist +32‎ Moving from iptables to nftables ‎ dictionaries -> verdict maps current
• 11:5211:52, 12 February 2021 diff hist +28‎ Sets ‎ dictionaries -> verdict maps
• 11:5011:50, 12 February 2021 diff hist +28‎ Intervals ‎ dictionaries -> verdict maps
• 11:4911:49, 12 February 2021 diff hist +23‎ Main differences with iptables ‎ another dictionary -> vmap
• 11:4711:47, 12 February 2021 diff hist +28‎ Main differences with iptables ‎ dictionaries -> verdict maps
• 11:4511:45, 12 February 2021 diff hist +23‎ Main Page ‎ →‎Advanced data structures for performance packet classification: dictionaries -> verdict maps
• 11:4311:43, 12 February 2021 diff hist −6‎ Portal:DeveloperDocs/nftables internals ‎ →‎expressions: dictionary -> vmap
• 11:4211:42, 12 February 2021 diff hist −3‎ Setting packet connection tracking metainformation ‎ →‎helpers: dictionary -> map
• 11:3711:37, 12 February 2021 diff hist −55‎ Concatenations ‎ dictionary -> verdict map
• 11:0811:08, 12 February 2021 diff hist +38‎ m Verdict Maps (vmaps) ‎ →‎Valid vmap Verdicts: Link nft man page current
• 11:0611:06, 12 February 2021 diff hist +306‎ Verdict Maps (vmaps) ‎ Added section to clarify that each vmap element must map to a simple verdict statement.
• 10:5710:57, 12 February 2021 diff hist −157‎ Verdict Maps (vmaps) ‎ Changed refs dictionary -> vmap (while still noting synonym). Renamed sections anonymous & named vmaps. Modified nft describe example to correspond to immediately preceding example.
• 10:2210:22, 12 February 2021 diff hist +34‎ N Dictionaries ‎ Fmyhr moved page Dictionaries to Verdict Maps (vmaps): clarity / preventing confusion: nft man page refers to these exclusively as vmaps; verdict statements are only valid action current
• 10:2210:22, 12 February 2021 diff hist 0‎ m Verdict Maps (vmaps) ‎ Fmyhr moved page Dictionaries to Verdict Maps (vmaps): clarity / preventing confusion: nft man page refers to these exclusively as vmaps; verdict statements are only valid action

11 February 2021

• 23:3223:32, 11 February 2021 diff hist +311‎ Netfilter hooks ‎ Added reminder that nftables does not predefine any base chains.
• 23:1923:19, 11 February 2021 diff hist +22‎ m Configuring chains ‎ →‎Base chain hooks: link Netfilter hooks page
• 00:3400:34, 11 February 2021 diff hist −376‎ Netfilter hooks ‎ Tightened up description of network flow diagram, added some comments about using ingress hook.

10 February 2021

• 20:4820:48, 10 February 2021 diff hist +201‎ Data types ‎ →‎Data types used in Netfilter: Added note about endianness.
• 20:2520:25, 10 February 2021 diff hist +984‎ Data types ‎ Added section on nft describe.

7 February 2021

• 18:2118:21, 7 February 2021 diff hist −47‎ Matching packet metainformation ‎ →‎Matching by time: specify data types more precisely
• 18:1418:14, 7 February 2021 diff hist −290‎ Matching packet metainformation ‎ Combined mark & routing sections
• 18:0918:09, 7 February 2021 diff hist 0‎ m Matching packet metainformation ‎ →‎Matching by interface: Fix types of iifkind, oifkind
• 17:5617:56, 7 February 2021 diff hist +277‎ Matching packet metainformation ‎ →‎Matching by time: Add details of specifying time values, from man page.