| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libnftables1 | Distribution: SUSE Linux 16 |
| Version: 1.1.3 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 160000.2.2 | Build date: Tue Apr 22 13:48:56 2025 |
| Group: System/Libraries | Build host: reproducible |
| Size: 1020876 | Source RPM: nftables-1.1.3-160000.2.2.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: https://netfilter.org/projects/nftables/ | |
| Summary: nftables firewalling command interface | |
libnftables is the nftables command line interface placed into a library.
GPL-2.0-only
* Tue Apr 22 2025 jengelh@inai.de
- Update to release 1.1.3
* Fix incorrect bytecode for vlan pcp mangling from netdev family
chains such as ingress/egress: `... vlan pcp set 6 counter`
* Fix bogus element in large concatenated set ranges, leading to:
``16777216 . 00:11:22:33:44:55 . 10.1.2.3 comment "123"``
instead of:
``"lo" . 00:11:22:33:44:55 . 10.1.2.3 comment "123"``
* Restore set auto-merge feature with timeouts, disabled in the
previous v1.1.2 release.
* Mon Apr 14 2025 jengelh@inai.de
- Update to release 1.1.2
* Allow for expressing protocol dependency on sets.
* Support for more advanced bitwise operations with statements.
* Set element auto-merge now skips elements with
timeout/expiration.
* Memory footprint reduction for set elements.
* Updated `nft monitor` to report flowtable events.
* Support for merging bitmask matching in set/map with
- o/--optimize.
* Improved MPTCP support with symbol table for subtypes.
* Sat Mar 08 2025 jengelh@inai.de
- Update 0001-tools-add-a-systemd-unit-for-static-rulesets.patch
from new submission.
* Tue Mar 04 2025 jengelh@inai.de
- Add 0001-tools-add-a-systemd-unit-for-static-rulesets.patch
[boo#1237277]
* Thu Oct 03 2024 jengelh@inai.de
- Update to release 1.1.1
* Reduce netlink cache dependencies to speed up incremental
updates.
* Allow zero burst in byte ratelimiter expression.
* Fix double-free when users call nft_ctx_clear_vars() followed
by nft_ctx_free().
* Document that the tproxy statement is non-terminal (unlike in
iptables). This allows for tproxy+log and tproxy+mark combos,
see man nft(8) for details.
* Add egress support for the `list hooks` subcommand.
* Wed Jul 17 2024 jengelh@inai.de
- Update to release 1.1.0
* Restore compatibility set element dump with <= 0.9.8
* Disallow empty interface names
* Restore rule replace command
* Search for group, rt_mark, rt_realms at
/etc/iproute2, /usr/share/iproute2
* Resolve some timezone issues
* Support for variables in map expressions
* VLAN support
* Thu Jan 04 2024 dmueller@suse.com
- buildrequire setuptools explicitly as pip drops the dependency
* Wed Jan 03 2024 code@bnavigator.de
- Fix the python bindings subpackages
* The PEP517 python build requires setuptools
* Actually use the rpm subpackage definition
* The version is actually python3dist(nftables) = 0.1
* is noarch and requires libnftables1 through dlopen, tell
rpmlint
* remove unused shebang
* Thu Oct 19 2023 jengelh@inai.de
- Update to release 1.0.9
* Custom conntrack timeouts can use time specification with
units other than seconds.
* Allow combination of dnat with numgen.
* Allow for using constants as key in dynamic sets.
* Support for matching on the target address of a IPv6 neighbour
solicitation/advertisement.
* Restore bitwise operations in combination with maps, e.g. jump
to chain depending on bitwise operation on packet mark.
* Fix crash with log prefix longer that 127 bytes.
- Drop merged 0001-Revert-py-replace-distutils-with-setuptools.patch
* Fri Jul 14 2023 jengelh@inai.de
- Update to release 1.0.8
* Support for setting meta and ct mark from other fields in
rules, e.g. set meta mark to ip dscp header field.
* Enhacements for -o/--optimize to deal with NAT statements, to
compact masquerade statements.
* Support for stateful statements in anonymous maps, such as
counters.
* Support for resetting stateful expressions in sets, maps and
elements, e.g. counters.
* broute support to short-circuit bridge logic from the bridge
prerouting hook and pass up packets to the local IP stack.
* JSON support for table and chain comments.
- Added 0001-Revert-py-replace-distutils-with-setuptools.patch
* Mon Mar 13 2023 jengelh@inai.de
- Update to release 1.0.7
* Support for vxlan/geneve/gre/gretap matching
* auto-merge support for partial set element deletion
* Allow for NAT mapping with concatenation and ranges
* Support for quota in sets
* Wed Dec 21 2022 jengelh@inai.de
- Update to release 1.0.6
* Fix bytecode generation for concatenation of intervals where
selectors use different byteorder datatypes, e.g. IPv4
(network byte order).
* Fix match of uncommon protocol matches with raw expressions
* Unbreak insertion of rules with intervals ("sport {
3478-3497, 16384-16387 }")
* Wed Aug 17 2022 dmueller@suse.com
- update to 1.0.5:
* Fixes for the -o/--optimize, run this --optimize option to automagically
compact your ruleset using sets, maps and concatenations
* Fix ethernet and vlan concatenations, eg. define a dynamic set which
is populated from the packet path
* Fix ruleset listing with interface wildcard map
* Fix several regressions in the input lexer which broke valid rulesets.
* Fix slowdown with large lists of singleton interval elements.
* Fix set automerge feature for large lists of singleton interval elements.
* Fix bogus error reporting for exact overlaps.
* Fix segfault when adding elements to invalid set.
* fix device parsing in netdev family in json.
* Tue Jun 07 2022 jengelh@inai.de
- Update to release 1.0.4
* Fixed a segfault in -o/--optimize with unsupported statements.
* Bogus datatype mismatch error report in sets was fixed.
* Tue May 31 2022 jengelh@inai.de
- Update to release 1.0.3
* Support for wildcard interface name matching with sets
* Support for runtime auto-merge of set elements.
* Enhancements for the ruleset optimization -o/--optimize
option which allows to coalesce several NAT rules into map.
* Support for raw expressions in concatenations.
* Support for integer type protocol header fields in concatenations.
* Allow to reset TCP options (requires Linux kernel >= 5.18)
- Drop 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch
* Tue Feb 22 2022 jengelh@inai.de
- Update to release 1.0.2
* New ruleset optimization -o/--optimize option.
* Support for IP and TCP options and SCTP chunks in sets.
* Support for tcp fastopen, md5sig and mptcp options.
* MP-TCP subtype matching support.
* JSON support for flowtables.
- Add 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch
* Thu Nov 18 2021 jengelh@inai.de
- Update to release 1.0.1
* Reduce memory footprint when loading large sets/maps.
* Speed up reload of large sets/maps.
* Speed up listing of specific tables in large ruleset, e.g.
large ruleset with ~100k lines.
* Speed up --terse option when listing a ruleset large sets/maps.
* Print raw payload expression in hexadecimal, e.g.
"@ll,0,8 & 0x80 == 0x80"
* egress hook support (available since 5.16-rc1).
* Allow matching and update bytes at inner header/payload
offset (available since 5.16-rc1).
* Thu Aug 19 2021 jengelh@inai.de
- Update to release 1.0.0
* Catch-all set element support.
* The command-line option --define is now recognized.
* Stateful expressions in maps.
* Allow combination of jhash, symhash and numgen expressions with
the queue statement.
* Allow combination of verdict maps with interval concatenations.
* Tue May 25 2021 jengelh@inai.de
- Update to release 0.9.9
* Flowtable hardware offload support
* Support for the table owner flag.
* 802.1ad (QinQ) support
* cgroupsv2 support.
* match on SCTP packet chunks (dependent on Linux 5.14)
* Allow to use verdict in set/map typeof definitions
* Fri Jan 15 2021 jengelh@inai.de
- Update to release 0.9.8
* Complete support for matching ICMP header content fields.
* Added raw tcp option match support.
* Added ability to check for the presence of any tcp option.
* Support for rejecting traffic from the ingress chain.
* Tue Oct 27 2020 jengelh@inai.de
- Update to release 0.9.7
* Support for implicit chains
* Support for ingress inet chains
* Support for reject from prerouting chain
* Support for --terse option in json
* Support for the reset command with json
* Tue Jun 16 2020 jengelh@inai.de
- Update to release 0.9.6
* Fix two ASAN runtime errors
* Sat Jun 06 2020 jengelh@inai.de
- Update to release 0.9.5
* Support for set counters.
* Support for restoring set element counters via nft -f.
* Counter support for flowtables.
* typeof concatenations support for sets.
* Support for concatenated ranges in anonymous sets.
* Allow to reject packets with 802.1q from the bridge family.
* Support for matching on the conntrack ID.
- Drop anonset-crashfix.patch (upstream solved differently)
* Thu May 07 2020 jengelh@inai.de
- Add anonset-crashfix.patch [boo#1171321]
* Wed Apr 01 2020 jengelh@inai.de
- Update to release 0.9.4
* Add a helper for concat expression handling.
* Add "typeof" build/parse/print support.
* Mon Dec 09 2019 jengelh@inai.de
- Add json, python [boo#1158723]
* Tue Dec 03 2019 jengelh@inai.de
- Update to release 0.9.3
* meta: Introduce new conditions "time", "day" and "hour".
* src: add ability to set/get secmarks to/from connection.
* flowtable: add support for named flowtable listing.
* flowtable: add support for delete command by handle.
* json: add support for element deletion.
* Add `-T` as the short option for `--numeric-time`.
* meta: add ibrpvid and ibrvproto support
* Mon Aug 19 2019 jengelh@inai.de
- Update to new upstream release 0.9.2
* Transport header port matching, e.g. "th dport 53"
* Support for matching on IPv4 options
* Support for synproxy
* Sat Jan 19 2019 stefan.bruens@rwth-aachen.de
- Remove unused dblatex BuildRequires, only needed for the optional
and disabled PDF generation (same contents as shipped manpage).
* Sat Jun 09 2018 jengelh@inai.de
- Update to new upstream release 0.9.0
* Support to check if packet matches an existing socket.
* Support to limit number of active connections by arbitrary
criteria, such as ip addresses, networks, conntrack zones or
any combination thereof.
* Added support for "audit" logging.
* Fri May 11 2018 jengelh@inai.de
- Update to new upstream release 0.8.5
* support to add/insert a rule at a given index position
* meter statement now supports a configureable upper max size
* timeouts for sets can now be specified in milliseconds
* re-add iptables-like empty skeleton rulesets
* Wed May 02 2018 jengelh@inai.de
- Update to new upstream release 0.8.4
* Support to match IPv6 segment routing headers.
* New "meta ibrname" and "meta obrname" arguments to match the
name of the logical bridge a packet is passing through.
These new names replace the old (misnamed) "ibriport"/"obriport".
* `nft -a` will now show handle identifier for all objects,
including tables and chains.
* nft can now delete objects by their handle number.
* Support to update maps from the ruleset (packet path).
* the "--echo" option now prints handle id for tables and
object too.
* `nft -f -` will now read from standard input
* Support for flow tables, cf. man page or
https://lwn.net/Articles/738214/ .
* Sat Mar 03 2018 jengelh@inai.de
- Update to new upstream release 0.8.3
* raw payload support to match headers that do not yet have
received a mnemonic.
* Sat Feb 03 2018 jengelh@inai.de
- Update to new upstream release 0.8.2
* add secpath support
* Tue Jan 16 2018 jengelh@inai.de
- Update to new upstream release 0.8.1
* This release deprecates the "flow table" syntax in favor
of "meter".
* Fri Oct 13 2017 jengelh@inai.de
- Update to new upstream release 0.8
* This release contains new features available up to the
(upcoming) Linux 4.14 kernel release:
* Support for stateful objects, these objects are uniquely
identified by a user-defined name, you can refer to them from
rules, and there is a well established interface to operate
with them.
* Sort set elements when listing them, from lower to largest.
* TCP option matching and mangling support. This includes TCP
maximum segment size mangling.
* Add new "-s" option for listings without stateful information.
* Add new -c/--check option for nft, to tests if your ruleset
loads fine, into the kernel, this is a dry run mode.
* Connection tracking helper support.
* Add --echo option, to print the handle that the kernel
allocates to uniquely identify rules.
* Conntrack zone support
* Symmetric hash support
* Add support to include directories from nft natives scripts,
files are loaded in alphanumerical order.
* Allow to check if IPv6 extension header or TCP option exists
or is missing.
* Extend quota support to display used bytes.
* Add ct average matching, to match average bytes per packet a
connection has transferred so far, to map the existing
feature available in the iptables connbytes match.
* Allow to flush maps and flow tables.
* Allow to embed set definition into an existing set.
* Conntrack event filtering support via rule.
* Tue Dec 20 2016 jengelh@inai.de
- Update to new upstream release 0.7
* Add new fib expression, which can be used to obtain the
output interface from the route table based on either source
or destination address of a packet.
* Support hashing of any arbitrary key combination, eg.
* Add number generation support. Useful for round-robin packet
mark setting.
* Add quota support, eg.
* Introduce routing expression, for routing related data with
support for nexthop
* Notrack support, to explicitly skip connection tracking for
matching packets.
* Support to set non-byte bound packet header fields, including
checksum adjustment.
* Add 'create set' and 'create element' commands.
* Allow to use variable reference for set element definitions.
* Allow to use variable definitions from element commands.
* Add support to flush set. You can use this new command to
remove all existing elements in a set.
* Inverted set lookups.
* Honor absolute and relative paths via include file, where:
* Support log flags, to enable logging TCP sequence and options.
* tc classid parser support, eg.
* Allow numeric connlabels, so if connlabel still works with
undefined labels.
* Thu Jun 02 2016 jengelh@inai.de
- Update to new upstream release 0.6
* Rules may be replaced now
* Flow table support (requires Linux >= 4.3)
* Support for tracing
* Ratelimiting now supports units like bytes/second.
* Matchinv VLAN IDs, DSCP/ECN, ICMP RtAdv & RtSol
* Thu Sep 17 2015 jengelh@inai.de
- Update to new upstream release 0.5
* Support combinations of two or more selectors to build a tuple
* Timeout support for sets
* Dormant flag for tables
* Default chain policy specifiable on creation
* Sat May 23 2015 mrueckert@suse.de
- set the url to the project page
- pass --disable-silent-rules to configure to allow gcc post build
check to work
* Tue Dec 16 2014 jengelh@inai.de
- Update to new upstream release 0.4
* Since Linux 3.18: support for global ruleset operations
* Since 3.17: full logging support for all the families,
including nfnetlink_log
* 3.16: automatic selection of the optimal set implementation
* 3.14: reject support for ip, ip6 and inet
* 3.18: reject support for bridge, and reject icmpx abstraction
* 3.18: masquerade support
* 3.19: redirect support
* Extend meta to support pkttype, cpu and devgroup matching.
* Fri Jun 27 2014 jengelh@inai.de
- Update to new upstream release 0.3
* More compact syntax for the queue action
* Match input and output bridge interface name through "meta
ibriport" and "meta obriport"
* netlink event monitor, to monitor ruleset events, set changes, etc.
* New transaction infrastructure - fully atomic updates for all
object available in the upcoming 3.16.
* Mon Jan 13 2014 jengelh@inai.de
- Initial package for build.opensuse.org
/usr/lib64/libnftables.so.1 /usr/lib64/libnftables.so.1.1.0
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Sep 30 22:45:42 2025