www.archive-org-2013.com » ORG » N » NETFILTER

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".

    Archived pages: 709 . Archive date: 2013-08.

  • Title:
    Descriptive info: .. www.. |.. ftp.. git.. lists.. bugzilla.. people.. About.. Coreteam.. Contributors.. History.. License.. Thanks.. PGP key.. Projects.. iptables.. nftables.. libnfnetlink.. libnetfilter_acct.. libnetfilter_log.. libnetfilter_queue.. libnetfilter_conntrack.. libnetfilter_cttimeout.. libnetfilter_cthelper.. conntrack-tools.. libmnl.. nfacct.. ipset.. nf-hipac.. patch-o-matic-ng.. ulogd.. xtables-addons.. Downloads.. git Repository.. ftp Server.. rsync Server.. News.. conntrack-tools 1.. 4.. 2 released.. iptables 1.. 20 released.. libnetfilter_conntrack 1.. 0.. 4 released.. 19.. 1 released.. 19 released.. 3 released.. 18 released.. ulogd 2.. nfacct 1.. libnetfilter_acct 1.. 17 released.. New ulogd2 maintainer.. Netfilter core team updates.. 16.. libnetfilter_cthelper 1.. 0 released.. libnetfilter_queue 1.. libnfnetlink 1.. 16 released.. 2.. 15 released.. libmnl 1.. 14 released.. libnetfilter_cttimeout 1.. security notice on conntrack helpers.. 13 released.. libnetfilter_log 1.. 12.. new PGP keys.. 12 released.. 11.. 11 released.. libnetfilter_conntrack 0.. 9.. Documentation.. FAQ.. HOWTOs.. Events.. Tutorials.. Various other docs.. Security Information.. Mailing Lists.. List Rules.. netfilter-announce list.. netfilter list.. netfilter-devel list.. netfilter-failover list.. Contact.. coreteam.. webmaster.. imprint / postal address.. Supporting netfilter.. Licensing.. Links.. Mirrors.. About website.. The netfilter.. org project.. What is netfilter.. org?.. netfilter.. org is home to the software of the packet filtering framework inside the.. Linux.. 2.. x and later kernel series.. Software commonly associated  ...   function is then called back for every packet that traverses the respective hook within the network stack.. iptables is a generic table structure for the definition of rulesets.. Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target).. netfilter, ip_tables, connection tracking (ip_conntrack, nf_conntrack) and the NAT subsystem together build the major parts of the framework.. Main Features.. stateless packet filtering (IPv4 and IPv6).. stateful packet filtering (IPv4 and IPv6).. all kinds of network address and port translation, e.. g.. NAT/NAPT (IPv4 and IPv6).. flexible and extensible infrastructure.. multiple layers of API's for 3rd party extensions.. What can I do with netfilter/iptables?.. build internet firewalls based on stateless and stateful packet filtering.. deploy highly available stateless and stateful firewall clusters.. use NAT and masquerading for sharing internet access if you don't have enough public IP addresses.. use NAT to implement transparent proxies.. aid the tc and iproute2 systems used to build sophisticated QoS and policy routers.. do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header.. Copyright © 1999-2010 The Netfilter webmaster.. Pablo Neira Ayuso..

    Original link path: /
    Open archive

  • Title:
    Descriptive info: Mailinglists of he netfilter/iptables project.. Please remember, netfilter/iptables is a volunteer-based community effort, available for free.. Our mailinglists are a forum where fellow users can meet and share their experience.. If you are a corporate user (or vendor) interested in professional support, training or consulting related to netfilter/iptables software, please contact the coreteam.. This page is a list of our mailinglists.. Please read carefully and choose the address whose description matches most closely what you want.. By using the right contact address, you will minimize the burden on the project members, and thus minimize the potential delay until you will receive a reply to your inquiry.. Netfilter list rules.. You are strongly advised to go through these set of rules before posting to any of the netfilter lists.. Subject Line.. Make sure that your post contains a valid subject line containing a gist of your post rather than things like 'Help!!!', 'HELP ME PLEEEEEASE', 'Urgent Request' or 'Proposal'.. Top-posts.. Do not "top-post/full-quote" (reply to a message by adding text to the top of the message and quoting the full original message), as it loses the reader and the flow of the message and can annoy other readers.. Overquoting.. If you are replying to another message, quote only the portions of that message that you are specifically responding to, and insert your comments after those quotes.. Do not simply quote back the entire message! Trim off everything apart from the most relevant lines of the original message.. In general, your reply should contain at least as much text as the amount of text you are quoting, if not more.. Never quote back dozens of lines of text and simply add a single line of text to the bottom - people will *hate* you for that!.. HTML Messages.. HTML is not email, and email doesn't contain HTML, so please turn HTML formatting OFF in your email client.. We have filters in place that will reject your message if your posting contains HTML.. Do not use italics, colors, bold, fonts, pictures, sounds, or other HTML elements.. Please use only 7-bit characters when  ...   to the list topic.. Do not ask usage questions in the devel list, or vice versa.. Message time and date.. Please make sure the date and time on your computer is always current.. When your date is set to something such as the year 2006, messages posted by you will get sorted based on that date, which may put them outside of the related month or year they belong in.. The netfilter-announce mailinglist.. This mailinglist is not really a means of contacting the netfilter/iptables project, but rather a way of the netfilter people contacting and informing their users about new releases, bugfixes, potential security issues.. We strongly advise all netfilter/iptables users to subscribe this list.. It is very low volume, usually only one message every couple of months.. Subscribe/Unsubscribe.. to/from the netfilter announcement mailinglist.. Browse the list archive.. The netfilter user mailinglist.. This mailinglist is recommended for netfilter/iptables users who have questions on the usage, setup or configuration of netfilter/iptables, or of course those who want to help other users by sharing their experience and knowledge.. When to contact the netfilter user mailinglist?.. If you have questions about your firewall configuration.. If you don't understand something in the documentation.. If you need help debugging your firewall.. General discussion about netfilter/iptables.. to/from the netfilter user mailinglist.. Browse the historical list archive.. Browse the current list archive.. Send mail.. to the netfilter user mailinglist.. The netfilter developer mailinglist.. This mailinglist is used for discussion among netfilter/iptables developers.. All of the.. netfilter core team.. is present on this mailinglist, as well as lots of the.. netfilter contributors.. When to contact the netfilter developer mailinglist?.. If you want to help netfilter/iptables development.. If you have problems developing a new extension for netfilter/iptables.. If you have written a new extension and want to contribute it.. If you have questions/suggestions on netfilter/iptables development.. to/from the netfilter developer mailinglist.. to the netfilter developer mailinglist.. The netfilter failover mailinglist.. This mailinglist is now closed, please refer to.. netfilter users mailinglist.. or.. netfilter developers mailinglist.. depending on your question.. For more information about the failover setup, please check the..

    Original link path: /mailinglists.html
    Open archive

  • Title:
    Descriptive info: About the netfilter/iptables project.. Who's behind netfilter?.. The initial author of and head behind.. netfilter/iptables.. was Paul "Rusty" Russell.. Later he was joined by other people, who together build the.. Netfilter core team.. and maintain the.. project as a joint effort.. Harald Welte was the former leader until 2007, and so was Patrick McHardy until 2013.. The current.. head of the netfilter core team.. is Pablo Neira Ayuso.. But netfilter/iptables wouldn't be what it is today if it wasn't for the numerous contributions by independent software developers, whom we call.. contributors.. We used to keep a.. scoreboard.. as a reward for people who helped us a lot - but lately it became too much effort to maintain this scoreboard.. It has thus been deactivated until further notice.. If you are interested in more information, there is also a small page about the.. history of the netfilter project.. The netfilter core team.. What Is the Core Team?.. The Netfilter Core Team are the people who make the decisions, have commit access to the master Source Control Management (SCM) tree, and do Official Sounding Stuff.. To be on the core team implies excellent judgement and some dedication; after all, anyone in the core can do releases.. The core team elects one of it's members to be the.. “.. Head of the netfilter core team.. ”.. Members of the core team who are no longer actively developing code are called.. emeritus.. members of the core team.. Members of the Core Team.. Active Members.. (head).. Patrick McHardy.. Jozsef Kadlecsik.. Eric Leblond.. Florian Westphal.. Emeritus Members.. James Morris.. Marc Boucher.. Rusty Russell.. Harald Welte.. Martin Josefsson.. Yasuyuki Kozakai.. How Do I Get on the Core Team?.. To get on the core team is fairly simple.. Impress us so someone proposes you and no one vetoes.. Suggested methods include:.. Submit enough great patches over a long time.. Read the three HOWTOs, and submit extensions or corrections.. Keep your Emails short and to the point.. Don't flame; inform.. Look at what's happening in.. GIT.. , the.. netfilter-devel.. and the netdev list (at vger.. kernel.. org).. Implement what's on the projects.. TODO.. list.. Show an ongoing interest in supporting netfilter/iptables, not only in one specific area of interest, but as a whole.. What Are the Perks of the Core Team?.. So far, there are two:.. If you're ever in Australia, you get a free beer (or alternative beverage) on Rusty.. Harald now also offers this for Germany.. So it does Pablo in Sevilla, Spain ;).. You may get to meet some very cool people in associated projects (most of all other Linux kernel hackers).. Of course, you may not.. There are numerous people contributing to the project.. In the early development period we used to keep a scoreboard and list the contributions of every single developer.. However, the scoreboard is closed now.. Webmaster.. Web site layout and logo design by.. Daniel García.. is.. , the former webmaster, made the XML/XSLT Docbook-website conversion of the page.. Listmaster.. The listmaster takes care of the moderation and administration of our.. mailinglists.. FAQ-Master.. The faqmaster takes care of the FAQ collection.. The current faqmaster is Tarek W.. Said.. Project history.. Early in the development, a few people contributed some code, but none of them had become long term contributors.. After considering the problem, Rusty decided to try keeping a.. of people who contributed patches and bug reports.. It was this process of quantizing the contributions which brought to attention the quantity and quality of work coming out of the passionate French Canadian.. , and Rusty decided that it was time to start a Core Team, of which Marc would become the second member.. The core team was actually started shortly after Rusty, while on a trip to SF in November 1999, made a detour to Montreal (despite the lack of warm clothing) to meet and discuss some big design issues.. Rusty and Marc spent a whole night in Marc's office conceiving the multiple tables framework which lead to the death of.. ipnatctl.. (a separate tool used to control nat in early versions of netfilter), generalization of iptables and birth of the.. iptable_{filter,nat,mangle}.. modules.. After all this was mightily implemented (and ip_conntrack rewritten) by Rusty, we started getting some nice contributions from a certain.. (a netlink and userspace queuing freak, living down under like Rusty).. In the spring of 2000 Marc traveled to Australia to attend a few conferences and spend some time in  ...   contributions are: REJECT target, TCP window tracking code, continued development of the newnat API and the raw table.. At the.. second netfilter development workshop.. in August 2003,.. was invited to join the coreteam.. Martin did a lot of useful work, especially with regard to optimizations on the connection tracking code.. At this time, the coreteam also decided to formally elect a.. Chairman.. who get's the final call on all decisions.. It was further decided that members of the team who do no longer actively contribute code can became.. emeritus members.. In January 2004,.. was asked to join the coreteam because of his continuing important contributions to the codebase of the netfilter project.. In October 2005,.. was asked to join the coreteam, especially in regard to his long-standing work on nf_conntrack and his ip6_tables caretaking.. In February 2007,.. was asked to join the coreteam, especially in regard to ctnetlink and conntrackd.. In October 2012,.. and.. joined the coreteam for their longstanding contributions and fellow hackers.. ,.. entered Emeritus officially.. During the Netfilter Workshop 2013 in Copenhagen, Denmark.. took over the head of the coreteam from.. License terms of the netfilter/iptables software.. Netfilter/Iptables is - like all of the Linux kernel -.. free software.. (sometimes referred to as Open Source), distributed under either the terms of.. GNU GPLv2.. only or any later version.. For further information, please see the.. section of this homepage.. Netfilter project PGP key.. The Netfilter Core Team has a PGP key that we use to sign all software released by the project.. Current PGP key id is 0xBB5F58CC, this key was generated on October 21th, 2010 and will be valid until October 20th, 2015.. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.. 10 (GNU/Linux) mQINBEzAS5EBEADVlGm+KwODJcVmP33HTCbn/eP8obZbgu+3Z1CYRklF8V43vC6D 8Jfk7fjD4/gWbAKZxriOESXVAN7mp0Fho4+Ga+pxWeLIET9tVM5xbNFK1p9R3XCK p5SrugG+tGhizTR9b/1YCMVRz/yX3aDtC7lwObas4hkr5BqhphjvlkjFE7us32by 43LPpFj2yUpp1VdOf6gxl03kAgJg08h9J7a+n9KHQeAhIpXSRFq3tXiTdXQlovsv ckwBjO0m8P2d1Z8/UYwXQgXzuO8W8EqaUSR95nDwl7UnilnKJm2fGvNg3A6PfCSk 3KdeEBZ45SRfMTPsuC5C4T0Az75h3HFR6YSae46ymg7d4ZA/Bd5K4hvp4PdYrfCi GXen7iK9q5XDpopWb0yCrEVJzKjBjDurvpLtAD0IFWcpB6zwM38AnxVH05J8QOx/ VCZ4vZJxTKWbpHbdcISSMmVt00VfKorF9DsjiAcBRMBcIvDpJTP4yjvr32W09wLc d5CIYGrLKhLNysUIJ44AQoTL9yV5aQvCb2EFnoPqCEKQm8onTAGX19PpTDjDPJFt WyMMUDtiMp2yODuFo1qHjxvqzSVX+Ti2sGpiT1hEz97GAIlbAvmXs/bTb+U+rBnd 6027ooes3cWmBSV5kpz/sMp+nFynrLZ5NDnehPScz3W31oGgSdrGsnnhaQARAQAB tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC PgQTAQIAKAUCTMBLkQIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA CgkQpBEfibtfWMzULxAAtGgYeuEqk0F9y4sz6hFJf+fXKSPPrwWTIUXs/sCxlBtS lgf9oTvk3aT48zsMIfsDsS8yfIUjaK+eedIZW3oJ0lBtwRncZKjks8Od5J7DvEhR Kpo3cajT1KXJh584IvXN0/BbCdPUI6EQE8n0fEUrSWANfzhuD3qYtX9UUGBq/7i8 Cf3pGFDeYRjcwWeNZ1T+xbaCKPS5BGlOVhMtauaTBZvTJniB828bOZXd3KrXUeul AicbzZzqU7XcNX2YKw19MTQzuGNZQ3npJUPQiHgyELTh3+YUmRkPaZaZiDNZeQvu /j8cgSoa26Q48apjghREo0Ues4MwQwEGBbdVkEQQMuC9ASti3OyZBTOqyApc2rpE VsW2CkqvoQ8jaP51Ua4mjerYkqEqXaVtbPelNFMJXGNXrKdf0xg5Nl/onWnT9S/s jtR3LtjOQ0apbBiGPROtYKWSQtA55TgYNLLS1+947TvU134Px1FA8Dqi72SBl7Xc ET4nwISO222wMJBxbY4MYB2TppMysIKXUazIyekbRkpK1woH4AR6NsuJOiVdhjEi 46MkN7tmHI9S9blA98Ih6C9hMz2YgmQEwOQ0qYgVruPdYZSP+M5o+pra9ch+STBk FbB03L9kqcAAE8wpGSBRYU+KuyVRipnPeqoeR8niO71AiKbsfbL1skTGRafC2Q+I RgQQEQIABgUCTMBMKAAKCRBdpcZVMPSL/9JZAKCAfvIWVNimXJT07aVS6gYpiX7I nwCgov7DU5Xo84ReYfaphrwDALsEwfWIRgQQEQIABgUCTMBNyAAKCRBbjaaHD6d0 2asaAJkBVsUSeihHASzntD0+T5PnW1SKlQCgkPYE6YduynCil6lIBmZEk0iaDMaI RgQQEQIABgUCTMBN8gAKCRBBh/hlLQmH5pxNAKCNGomg6w+J+OkF08UgweQnxq4f AgCfS/hNLDmcpCflT1cU2imBiFoGzLu5Ag0ETMBLkQEQANNv2Ymm/BVxwqb1vrLq 1scoWK5kmeaRD3ndMBv9F3xwqGnE/JTnHnVoZIzGb8MD+MCe9jfm8Y+NLU0D71Np DDqRzFZCCjcTmRMYV6QXlsg/ndnSaU1bhG0gSq4N+qZFZ+35yiY5pYv1qZkIqWr4 /vg9mk53CU620bNgNJ1+F19s/eTw1231pJ6K6BsDi7pj4LXGD5wHZPKAmLabFweC kGbGQo6VwWw1ieNJ0igvzkZtVXuvoeHUmAitCaZT9AIYDl4PHryckIzjgTdhK0PP 92fyHV64Yr3B7G6hWlEwq4wKk9irdgqD20Fuqw8Cvv6k1YucWfdpNbZkUI3siQE+ 1HUUuRTcT8yrPcEA5ZM1/U+e8jBT3EArhk69G6LCfwyX2Xd/JGlBmc0Qv0t2YKqj 9Io1G5lBN1q57+vK7ttiIUomwvfD2ltY0bdcEr5LjXOk3Sb+OPIVm7+vr6hDMKdU pdm5ABZRSUb0RJ37hBT+DKYbnp0t/e3aMXxV9m3jUq8hNdwc8vU1khr9kf+MWPon E0Vw2kqHIIb4I5W9HkMJf4Vzj9/hVPMIucV+2de/7zqxwa0Jh5VSD7SeKj7LznsA y9gi/AioYq4AKVTsigfyJlWpjOLeOvv7z4uUfLRQ5OWWfX8BBw8SoPwnWQD4cXHk rHXVwYR2yy7pEc1CstUN+uqXABEBAAGJAiUEGAECAA8FAkzAS5ECGwwFCQlmAYAA CgkQpBEfibtfWMyLqw/6A12S4bnLYaikToKc13ywTUsHplbmlLOy2E/5ZMksdfuW jh9XTMR0nbXWnFULxGKTP00kA0yVpv/jbeDY/qLzY2Yb0rROCQJjuWSLYuNW40+H mh9TGsDWt7iK3XsONVpV0sRsMOBCwV3k2EsFXu73Fj+1JvQ+WSGluj+N7HFAqPi5 OFk3IFFnIGhScUz22V6meSaOEqiXLySgqh3lv7+XuGzoBjdy7dDm+SnbmK9lO1Iq PsIm4iDwmTNJBiu1Wrz319kLYA0/Vx+ofmxyViOX1GZShb1mGH0Aeo4jeYmDNLXa pkoymC3HCIMctYDmuIw6QlgG8i1LRcFhVKMngLjZ17dl/w8gYOdkCsGIUBzvbFBh xuJnXMnFVyDxft/lorMAimH2kbjDn6qaH0uV8ILfFVe6gnKzanugmaSQjWzby/AR Phs6OYAXoIUv5MUVDgvTzVmTckWjVa1RkMm3eGmDSqoMxsPmarb80nkoFQMOPhJW lyaUCt6HHRYuSkIcxY4H4Ni3Oq1s1R9/EqUuIfxNv7Kp0mcsE2KvANc3JfB9wXwL WqDYRCifLkCD6pbpt9L/+xQ49VzcFxNO9DqTyk4N7cz7OZrAi+ouVrdFuiwnZyn5 YSQoof6Pos58b3bkFn14m9gofwTqGzPhR4Vot9rRu5zrWdoCM4cRThpJyrjqBMs= =nwmO -----END PGP PUBLIC KEY BLOCK-----.. You can also get a plain text file with the.. key.. In accordance with good key management practices, we have also generated a revocation certificates for our old PGP keys.. The revocation certificate for PGP key id 0xCA9A8D5B and 0x2D0987E6 have also been sent to the public PGP key servers.. 10 (GNU/Linux) Comment: A revocation certificate should follow iFQEIBECABQFAk48EUUNHQBrZXkgZXhwaXJlZAAKCRBBh/hlLQmH5veHAJ49osHB RWWTfrzfvJrcGCxp7T9dSgCeO4NKGCGSl05vFU+I5PAU2xOR538= =17+S -----END PGP PUBLIC KEY BLOCK-----.. revocation certificate.. We want to thank all our vivid contributors.. Without their general help, suggestions, bug reports, comments and actual code contributions, Netfilter wouldn't be what it is.. We thank.. Linus Torvalds.. for starting the development of the Linux kernel.. We thank the Linux networking gods (.. Alexey Kuznetsov.. David Miller.. Andi Kleen.. , et al.. ) for providing Linux with its great network stack.. We thank the founding fathers of the Internet.. Who would need firewalls if there was no Internet ;-).. We also thank the companies and individuals who contributed funding or equipment for netfilter/iptables development:.. Watchguard Inc.. for sponsoring Rusty initially.. Linuxcare Inc.. for sponsoring Rusty later on.. Conectiva Inc.. for sponsoring Harald from March to September 2001.. for sponsoring Harald starting with February 2002.. for sponsoring the netfilter developer workshop 2003, 2004, 2005 and 2007.. for sponsoring work on netfilter failover.. for providing the project with a dual Opteron test system.. for sponsoring Patrick starting with January 2006.. for sponsoring Pablo starting with April 2011.. and generally providing support to the project where possible.. Marion Bates.. Chris Brenton.. , and.. William Stearns.. for donating two gigabit NICs to the netfilter coreteam.. for hosting the netfilter project SCM/www/ftp/mailinglist server and sponsoring the traffic (currently about 110GB per month).. Theo Zourzouvillys.. for sponsoring the iptables.. org domain registration fee.. Gert Hansen.. for sponsoring vishnu.. netfilter.. org, the main netfilter.. org server (Dual G5 XServe).. The USAGI Project.. for working on nf_conntrack, despite we turned down their initial ip6_conntrack.. Pablo Neira.. for organizing the.. Netfilter Workshop 2005.. Jesper D.. Brouer.. Netfilter Workshop 2013.. Balabit.. for sponsoring the netfilter workshops 2005, 2008 and 2010.. INL.. for sponsoring the netfilter workshops 2005, 2008 and 2010 and organzing the 2008 workshop.. ComX.. for sponsoring the netfilter workshops 2007, 2008 and 2010.. Cyberoam.. for sponsoring the netfilter workshops 2007, 2008 and 2011.. Intra2net.. for sponsoring the netfilter workshops 2010, 2011 and 2012.. All the other workshop sponsors, which are mentioned on the individual.. Workshop Pages..

    Original link path: /about.html
    Open archive
  •  

  • Title:
    Descriptive info: org projects.. org has a number of sub-projects:..

    Original link path: /projects/index.html
    Open archive

  • Title:
    Descriptive info: org "iptables" project.. What is.. ?.. is the userspace command line program used to configure the Linux 2.. x and later packet filtering ruleset.. It is targeted towards system administrators.. Since Network Address Translation is also configured from the packet filter ruleset,.. is used for this, too.. The.. package also includes.. ip6tables.. is used for configuring the IPv6 packet filter.. Dependencies.. requires a kernel that features the ip_tables packet filter.. This includes all 2.. x and later kernel releases.. listing  ...   counters of the packet filter ruleset.. Git Tree.. The current development version of.. can be accessed at.. https://git.. org/iptables/.. Development Snapshots.. We now also provide daily Development snapshots.. They are available from the following location:.. ftp://ftp.. org/pub/iptables/snapshot.. (or one of our.. mirrors.. ).. Authors.. was mostly written by the.. , but has received numerous contributions from lots of individuals over the last five years.. We do not provide an exhaustive list here.. All contributors are named in the.. commit messages, though..

    Original link path: /projects/iptables/index.html
    Open archive

  • Title:
    Descriptive info: org "nftables" project.. What is nftables?.. is the project that aims to replace the existing.. {ip,ip6,arp,eb}tables.. framework.. Basically, this project provides a new packet filtering framework, a new userspace utility and also a compatibility layer for {ip,ip6}tables.. is built upon the building blocks of the Netfilter infrastructure such as the existing hooks, the connection tracking system, the userspace queueing component and the logging subsystem.. What is the status of nftables?.. It is currently under development.. Running nftables.. You require the following software in order to run the new.. nft.. userspace utility:.. nftables's Linux kernel tree.. libmnl: the minimalistic Netlink library.. libnftables: the user-space library for low-level interaction with nftables Netlink's API over libmnl.. nftables userspace utility.. This new utility uses a new syntax that is different from {ip,ip6,eb,arp}tables.. Running {ip,ip6}tables compatibility.. The nftables project provides a backward compatibility layer that allows you run iptables/ip6tables (using the same syntax) over the nftables infrastructure:.. iptables-nftables: the user-space utility that provides the.. xtables.. command line utility to add rule using {ip,ip6}tables syntax.. Pseudo-state machine in kernel-space: the userspace utility.. interprets the rule-set provided by the user (using a new syntax), it compiles it into the pseudo-state  ...   in the set, issue the action specified by the user.. Reduce the amount of code in kernel-space.. You can express the packet selectors for all existing protocols using the instruction-set provided by the nftables pseudo-state machine.. That means that we do not need a specific extension in kernel-space for each protocol that you want to support.. As a side effect, you are likely not need to upgrade your kernel to obtain new features as it has been designed to keep most of the logic in user-space.. Unified interface to replace iptables/ip6tables/arptables/ebtables utilities.. Thus, we will be able to fully get rid of all the existing code replication in kernel and user-space.. Git trees.. nftables Linux kernel tree can be accessed at:.. http://git.. org/cgit/linux/kernel/git/pablo/nftables.. git.. libmnl userspace library at:.. org/libmnl/.. libnftables userspace library at:.. org/libnftables/.. nftables user-space utility at:.. org/nftables/.. backward compatibility iptables/ip6tables user-space utility at:.. org/iptables-nftables/.. There is a quick howto available at.. Eric Leblond's website.. nftables kernel infrastructure has been written by Patrick McHardy and Pablo Neira Ayuso.. nftables userspace utility has been written by Patrick McHardy and Pablo Neira Ayuso.. iptables/ip6tables compatibility userspace utilities have been written by Pablo Neira Ayuso..

    Original link path: /projects/nftables/index.html
    Open archive

  • Title:
    Descriptive info: org "libnfnetlink" project.. is the low-level library for netfilter related kernel/userspace communication.. It provides a generic messaging infrastructure for in-kernel netfilter subsystems (such as.. nfnetlink_log.. nfnetlink_queue.. nfnetlink_conntrack.. ) and their respective users and/or management tools in userspace.. This library is not meant as a public API for application developers.. It is only used by other netfilter.. org projects, such as.. requires a kernel that features the nfnetlink subsystem.. This includes all kernels = 2.. 6.. 14.. low-level nfnetlink message processing functions.. org/libnfnetlink/.. , with some contributions from Pablo Neira Ayuso..

    Original link path: /projects/libnfnetlink/index.html
    Open archive

  • Title:
    Descriptive info: org "libnetfilter_acct" project.. is the userspace library providing interface to extended accounting infrastructure.. is used by.. requires.. and a kernel that includes the.. nfnetlink_acct.. subsystem (i.. e.. 3.. 3 or later).. creating accounting objects.. retrieving accounting objects (and atomically set to zero).. deleting accounting objects.. For the.. subsystem.. You can check the library documentation generated in.. doxygen.. format.. org/libnetfilter_acct/.. libnfnetlink_acct.. has been written by Pablo Neira Ayuso..

    Original link path: /projects/libnetfilter_acct/index.html
    Open archive

  • Title:
    Descriptive info: org "libnetfilter_log" project.. is a userspace library providing interface to packets that have been logged by the kernel packet filter.. It is is part of a system that deprecates the old syslog/dmesg based packet logging.. This library has been previously known as.. libnfnetlink_log.. ulogd2.. subsyste (i.. 14 or later).. receiving to-be-logged packets from the kernel.. org/libnetfilter_log/.. has been written by Harald Welte..

    Original link path: /projects/libnetfilter_log/index.html
    Open archive

  • Title:
    Descriptive info: org "libnetfilter_queue" project.. is a userspace library providing an API to packets that have been queued by the kernel packet filter.. It is is part of a system that deprecates the old.. ip_queue.. /.. libipq.. mechanism.. has been previously known as.. libnfnetlink_queue.. receiving queued packets from the kernel.. issuing verdicts and/or reinjecting altered packets to the kernel.. org/libnetfilter_queue/..

    Original link path: /projects/libnetfilter_queue/index.html
    Open archive

  • Title:
    Descriptive info: org "libnetfilter_conntrack" project.. is a userspace library providing a programming interface (API) to the in-kernel connection tracking state table.. The library.. libnfnetlink_conntrack.. libctnetlink.. This library is currently used by.. among many other applications.. subsystem (initial support = 2.. 14, recommended = 2.. 18).. listing/retrieving entries from the kernel connection tracking table.. inserting/modifying/deleting entries from the  ...   entries from the kernel expect table.. Since 0.. 1, this library is released under GPLv2+.. Previous versions were released under GPLv2.. org/libnetfilter_conntrack/.. has been written by Pablo Neira and Harald Welte.. Python Binding.. pynetfilter_conntrack is a Python binding of.. written by Victor Stinner.. You can visit his official web site at.. http://software.. inl.. fr/trac/trac.. cgi/wiki/pynetfilter_conntrack..

    Original link path: /projects/libnetfilter_conntrack/index.html
    Open archive



  •  


    Archived pages: 709