Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: libnftables1 | Distribution: SUSE Linux Framework One |
Version: 1.0.8 | Vendor: SUSE LLC <https://www.suse.com/> |
Release: slfo.1.1.27 | Build date: Fri Jul 14 13:56:43 2023 |
Group: System/Libraries | Build host: reproducible |
Size: 959556 | Source RPM: nftables-1.0.8-slfo.1.1.27.src.rpm |
Packager: https://www.suse.com/ | |
Url: https://netfilter.org/projects/nftables/ | |
Summary: nftables firewalling command interface |
libnftables is the nftables command line interface placed into a library.
GPL-2.0-only
* Fri Jul 14 2023 jengelh@inai.de - Update to release 1.0.8 * Support for setting meta and ct mark from other fields in rules, e.g. set meta mark to ip dscp header field. * Enhacements for -o/--optimize to deal with NAT statements, to compact masquerade statements. * Support for stateful statements in anonymous maps, such as counters. * Support for resetting stateful expressions in sets, maps and elements, e.g. counters. * broute support to short-circuit bridge logic from the bridge prerouting hook and pass up packets to the local IP stack. * JSON support for table and chain comments. - Added 0001-Revert-py-replace-distutils-with-setuptools.patch * Mon Mar 13 2023 jengelh@inai.de - Update to release 1.0.7 * Support for vxlan/geneve/gre/gretap matching * auto-merge support for partial set element deletion * Allow for NAT mapping with concatenation and ranges * Support for quota in sets * Wed Dec 21 2022 jengelh@inai.de - Update to release 1.0.6 * Fix bytecode generation for concatenation of intervals where selectors use different byteorder datatypes, e.g. IPv4 (network byte order). * Fix match of uncommon protocol matches with raw expressions * Unbreak insertion of rules with intervals ("sport { 3478-3497, 16384-16387 }") * Wed Aug 17 2022 dmueller@suse.com - update to 1.0.5: * Fixes for the -o/--optimize, run this --optimize option to automagically compact your ruleset using sets, maps and concatenations * Fix ethernet and vlan concatenations, eg. define a dynamic set which is populated from the packet path * Fix ruleset listing with interface wildcard map * Fix several regressions in the input lexer which broke valid rulesets. * Fix slowdown with large lists of singleton interval elements. * Fix set automerge feature for large lists of singleton interval elements. * Fix bogus error reporting for exact overlaps. * Fix segfault when adding elements to invalid set. * fix device parsing in netdev family in json. * Tue Jun 07 2022 jengelh@inai.de - Update to release 1.0.4 * Fixed a segfault in -o/--optimize with unsupported statements. * Bogus datatype mismatch error report in sets was fixed. * Tue May 31 2022 jengelh@inai.de - Update to release 1.0.3 * Support for wildcard interface name matching with sets * Support for runtime auto-merge of set elements. * Enhancements for the ruleset optimization -o/--optimize option which allows to coalesce several NAT rules into map. * Support for raw expressions in concatenations. * Support for integer type protocol header fields in concatenations. * Allow to reset TCP options (requires Linux kernel >= 5.18) - Drop 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch * Tue Feb 22 2022 jengelh@inai.de - Update to release 1.0.2 * New ruleset optimization -o/--optimize option. * Support for IP and TCP options and SCTP chunks in sets. * Support for tcp fastopen, md5sig and mptcp options. * MP-TCP subtype matching support. * JSON support for flowtables. - Add 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch * Thu Nov 18 2021 jengelh@inai.de - Update to release 1.0.1 * Reduce memory footprint when loading large sets/maps. * Speed up reload of large sets/maps. * Speed up listing of specific tables in large ruleset, e.g. large ruleset with ~100k lines. * Speed up --terse option when listing a ruleset large sets/maps. * Print raw payload expression in hexadecimal, e.g. "@ll,0,8 & 0x80 == 0x80" * egress hook support (available since 5.16-rc1). * Allow matching and update bytes at inner header/payload offset (available since 5.16-rc1). * Thu Aug 19 2021 jengelh@inai.de - Update to release 1.0.0 * Catch-all set element support. * The command-line option --define is now recognized. * Stateful expressions in maps. * Allow combination of jhash, symhash and numgen expressions with the queue statement. * Allow combination of verdict maps with interval concatenations. * Tue May 25 2021 jengelh@inai.de - Update to release 0.9.9 * Flowtable hardware offload support * Support for the table owner flag. * 802.1ad (QinQ) support * cgroupsv2 support. * match on SCTP packet chunks (dependent on Linux 5.14) * Allow to use verdict in set/map typeof definitions * Fri Jan 15 2021 jengelh@inai.de - Update to release 0.9.8 * Complete support for matching ICMP header content fields. * Added raw tcp option match support. * Added ability to check for the presence of any tcp option. * Support for rejecting traffic from the ingress chain. * Tue Oct 27 2020 jengelh@inai.de - Update to release 0.9.7 * Support for implicit chains * Support for ingress inet chains * Support for reject from prerouting chain * Support for --terse option in json * Support for the reset command with json * Tue Jun 16 2020 jengelh@inai.de - Update to release 0.9.6 * Fix two ASAN runtime errors * Sat Jun 06 2020 jengelh@inai.de - Update to release 0.9.5 * Support for set counters. * Support for restoring set element counters via nft -f. * Counter support for flowtables. * typeof concatenations support for sets. * Support for concatenated ranges in anonymous sets. * Allow to reject packets with 802.1q from the bridge family. * Support for matching on the conntrack ID. - Drop anonset-crashfix.patch (upstream solved differently) * Thu May 07 2020 jengelh@inai.de - Add anonset-crashfix.patch [boo#1171321] * Wed Apr 01 2020 jengelh@inai.de - Update to release 0.9.4 * Add a helper for concat expression handling. * Add "typeof" build/parse/print support. * Mon Dec 09 2019 jengelh@inai.de - Add json, python [boo#1158723] * Tue Dec 03 2019 jengelh@inai.de - Update to release 0.9.3 * meta: Introduce new conditions "time", "day" and "hour". * src: add ability to set/get secmarks to/from connection. * flowtable: add support for named flowtable listing. * flowtable: add support for delete command by handle. * json: add support for element deletion. * Add `-T` as the short option for `--numeric-time`. * meta: add ibrpvid and ibrvproto support * Mon Aug 19 2019 jengelh@inai.de - Update to new upstream release 0.9.2 * Transport header port matching, e.g. "th dport 53" * Support for matching on IPv4 options * Support for synproxy * Sat Jan 19 2019 stefan.bruens@rwth-aachen.de - Remove unused dblatex BuildRequires, only needed for the optional and disabled PDF generation (same contents as shipped manpage). * Sat Jun 09 2018 jengelh@inai.de - Update to new upstream release 0.9.0 * Support to check if packet matches an existing socket. * Support to limit number of active connections by arbitrary criteria, such as ip addresses, networks, conntrack zones or any combination thereof. * Added support for "audit" logging. * Fri May 11 2018 jengelh@inai.de - Update to new upstream release 0.8.5 * support to add/insert a rule at a given index position * meter statement now supports a configureable upper max size * timeouts for sets can now be specified in milliseconds * re-add iptables-like empty skeleton rulesets * Wed May 02 2018 jengelh@inai.de - Update to new upstream release 0.8.4 * Support to match IPv6 segment routing headers. * New "meta ibrname" and "meta obrname" arguments to match the name of the logical bridge a packet is passing through. These new names replace the old (misnamed) "ibriport"/"obriport". * `nft -a` will now show handle identifier for all objects, including tables and chains. * nft can now delete objects by their handle number. * Support to update maps from the ruleset (packet path). * the "--echo" option now prints handle id for tables and object too. * `nft -f -` will now read from standard input * Support for flow tables, cf. man page or https://lwn.net/Articles/738214/ . * Sat Mar 03 2018 jengelh@inai.de - Update to new upstream release 0.8.3 * raw payload support to match headers that do not yet have received a mnemonic. * Sat Feb 03 2018 jengelh@inai.de - Update to new upstream release 0.8.2 * add secpath support * Tue Jan 16 2018 jengelh@inai.de - Update to new upstream release 0.8.1 * This release deprecates the "flow table" syntax in favor of "meter". * Fri Oct 13 2017 jengelh@inai.de - Update to new upstream release 0.8 * This release contains new features available up to the (upcoming) Linux 4.14 kernel release: * Support for stateful objects, these objects are uniquely identified by a user-defined name, you can refer to them from rules, and there is a well established interface to operate with them. * Sort set elements when listing them, from lower to largest. * TCP option matching and mangling support. This includes TCP maximum segment size mangling. * Add new "-s" option for listings without stateful information. * Add new -c/--check option for nft, to tests if your ruleset loads fine, into the kernel, this is a dry run mode. * Connection tracking helper support. * Add --echo option, to print the handle that the kernel allocates to uniquely identify rules. * Conntrack zone support * Symmetric hash support * Add support to include directories from nft natives scripts, files are loaded in alphanumerical order. * Allow to check if IPv6 extension header or TCP option exists or is missing. * Extend quota support to display used bytes. * Add ct average matching, to match average bytes per packet a connection has transferred so far, to map the existing feature available in the iptables connbytes match. * Allow to flush maps and flow tables. * Allow to embed set definition into an existing set. * Conntrack event filtering support via rule. * Tue Dec 20 2016 jengelh@inai.de - Update to new upstream release 0.7 * Add new fib expression, which can be used to obtain the output interface from the route table based on either source or destination address of a packet. * Support hashing of any arbitrary key combination, eg. * Add number generation support. Useful for round-robin packet mark setting. * Add quota support, eg. * Introduce routing expression, for routing related data with support for nexthop * Notrack support, to explicitly skip connection tracking for matching packets. * Support to set non-byte bound packet header fields, including checksum adjustment. * Add 'create set' and 'create element' commands. * Allow to use variable reference for set element definitions. * Allow to use variable definitions from element commands. * Add support to flush set. You can use this new command to remove all existing elements in a set. * Inverted set lookups. * Honor absolute and relative paths via include file, where: * Support log flags, to enable logging TCP sequence and options. * tc classid parser support, eg. * Allow numeric connlabels, so if connlabel still works with undefined labels. * Thu Jun 02 2016 jengelh@inai.de - Update to new upstream release 0.6 * Rules may be replaced now * Flow table support (requires Linux >= 4.3) * Support for tracing * Ratelimiting now supports units like bytes/second. * Matchinv VLAN IDs, DSCP/ECN, ICMP RtAdv & RtSol * Thu Sep 17 2015 jengelh@inai.de - Update to new upstream release 0.5 * Support combinations of two or more selectors to build a tuple * Timeout support for sets * Dormant flag for tables * Default chain policy specifiable on creation * Sat May 23 2015 mrueckert@suse.de - set the url to the project page - pass --disable-silent-rules to configure to allow gcc post build check to work * Tue Dec 16 2014 jengelh@inai.de - Update to new upstream release 0.4 * Since Linux 3.18: support for global ruleset operations * Since 3.17: full logging support for all the families, including nfnetlink_log * 3.16: automatic selection of the optimal set implementation * 3.14: reject support for ip, ip6 and inet * 3.18: reject support for bridge, and reject icmpx abstraction * 3.18: masquerade support * 3.19: redirect support * Extend meta to support pkttype, cpu and devgroup matching. * Fri Jun 27 2014 jengelh@inai.de - Update to new upstream release 0.3 * More compact syntax for the queue action * Match input and output bridge interface name through "meta ibriport" and "meta obriport" * netlink event monitor, to monitor ruleset events, set changes, etc. * New transaction infrastructure - fully atomic updates for all object available in the upcoming 3.16. * Mon Jan 13 2014 jengelh@inai.de - Initial package for build.opensuse.org
/usr/lib64/libnftables.so.1 /usr/lib64/libnftables.so.1.1.0
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Nov 12 00:02:43 2024