Fetch rule handle and then delete rule via that rule handle.
Signed-off-by: Harsha Sharma
---
Changes in v2:
- No need to use grep
tests/shell/testcases/cache/0001_cache_handling_0 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git
Add extra bits for table, chain, sets and object handle.
Signed-off-by: Harsha Sharma
---
net/netfilter/nf_tables_trace.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_tables_trace.c b/net/netfilter/nf_tables_trace.c
index
On Wed, Jan 24, 2018 at 04:47:39AM +0530, Harsha Sharma wrote:
> Fetch rule handle and then delete rule via that rule handle.
>
> Signed-off-by: Harsha Sharma
> ---
> tests/shell/testcases/cache/0001_cache_handling_0 | 3 ++-
> 1 file changed, 2 insertions(+), 1
Fetch rule handle and then delete rule via that rule handle.
Signed-off-by: Harsha Sharma
---
tests/shell/testcases/cache/0001_cache_handling_0 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tests/shell/testcases/cache/0001_cache_handling_0
Add documentation for deletion of tables, chains, sets and objects
via unique handles.
Signed-off-by: Harsha Sharma
---
doc/nft.xml | 37 -
1 file changed, 36 insertions(+), 1 deletion(-)
diff --git a/doc/nft.xml b/doc/nft.xml
Hi Jan,
On Mon, 22 Jan 2018, Jan Engelhardt wrote:
> libipset/types.h includes args.h, therefore args.h must be installed
> too.
>
> Signed-off-by: Jan Engelhardt
> ---
> include/libipset/Makefile.am | 1 +
> 1 file changed, 1 insertion(+)
Yes, it's required. Thanks, patch
Hello Pablo,
Dne úterý 23. ledna 2018 12:07:28 CET, Pablo Neira Ayuso napsal(a):
> I'm asking here because I would need to understand better how you've
> structured your scripts, if you could explain a bit more, we would
> appreciate.
I have packed an excerpt of a playground FW with two VLANs 3
This patch allows you to delete an existing flowtable:
# nft delete flowtable x m
Signed-off-by: Pablo Neira Ayuso
---
include/mnl.h | 3 +++
include/netlink.h | 3 +++
src/evaluate.c | 1 +
src/mnl.c | 16
src/netlink.c | 18
This patch allows us to refer to existing flowtables:
# nft add rule x x flow offload @m
Packets matching this rule create an entry in the flow table 'm', hence,
follow up packets that get to the flowtable at ingress bypass the
classic forwarding path.
Signed-off-by: Pablo Neira Ayuso
Document the new flowtable objects available since Linux kernel 4.16-rc.
Signed-off-by: Pablo Neira Ayuso
---
doc/nft.xml | 103
1 file changed, 103 insertions(+)
diff --git a/doc/nft.xml b/doc/nft.xml
index
This patch allows you to dump existing flowtable.
# nft list ruleset
table ip x {
flowtable x {
hook ingress priority 10
devices = { eth0, tap0 }
}
}
You can also list existing flowtables via:
# nft list flowtables
table ip x {
Add basic flowtable tests.
Signed-off-by: Pablo Neira Ayuso
---
tests/shell/run-tests.sh | 4 ++-
tests/shell/testcases/flowtable/0001flowtable_0| 33 ++
.../testcases/flowtable/0002create_flowtable_0 | 12
This patch allows you to create flowtable:
# nft add table x
# nft add flowtable x m { hook ingress priority 10\; devices = { eth0, wlan0
}\; }
You have to specify hook and priority. So far, only the ingress hook is
supported. The priority represents where this flowtable is placed in the
Package: iptables
Dear Maintainers,
Please find attached a suggest patch to add functionality in iptables-save.
---
1) Adding -z or --zero option: Reset to zero counters of the chains.
Example without:
iptables-save
This patch allows you to add, delete and list flowtable through the
existing netlink interface.
Signed-off-by: Pablo Neira Ayuso
---
examples/Makefile.am| 12 +
examples/nft-flowtable-add.c| 136 +++
examples/nft-flowtable-del.c| 122
This patch adds the new "flow_offload" expression to select what flows
are offloaded to an existing flowtable.
Signed-off-by: Pablo Neira Ayuso
---
include/libnftnl/expr.h | 4 +
include/linux/netfilter/nf_tables.h | 11 +++
src/Makefile.am
Hi David,
On Mon, Jan 22, 2018 at 02:53:09PM +0100, David Fabian wrote:
> Hello,
>
> we have a firewall written in bash (using iptables) that is organized by
> customer VLANs. Each VLAN has its own set of bash variables holding things
> like uplink iface names, gateway IPs, etc. We want to
17 matches
Mail list logo