Is there anything more you need from me?
I have tested this with old Kernel releases, as well as Net-next and the FTP
alg does not seem to respect the masquerade --to-ports option.
e.g
echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper
iptables -t nat -I POSTROUTING -o enp0 -j MASQUERADE -p
Baruch Siach wrote:
> Pablo Neira Ayuso writes:
> >> > This is updating a cached copy of the kernel headers, we basically
> >> > copy kernel headers and place in the userspace tree to make sure that
> >> > iptables compiles standalone, without the need for kernel-headers to
> >> > be installed in
Hi Pablo,
Pablo Neira Ayuso writes:
> On Sat, Nov 17, 2018 at 10:28:56PM +0200, Baruch Siach wrote:
>> Pablo Neira Ayuso writes:
>> > On Fri, Nov 16, 2018 at 09:30:33AM +0200, Baruch Siach wrote:
>> >> Commit 672accf1530 (include: update kernel netfilter header files)
>> >> updated
Hi,
In order to improve performance in 'nft -f' as well as xtables-restore
with very large rulesets, we need to store rules by chain they belong
to. In order to avoid pointless code duplication, this should be
supported by libnftnl.
Looking into the topic, it seems like extending struct
