Re: stable nftables kernel changes for port to 3.12 kernel

Hi I'd just change NF_IP6_PRI_RAW to -450 and use ip6tables rules in raw table. We will try, thanks nft add table ip6 filter nft add chain ... and so on. I have tried this, but no effect .. Regards, Pavel

stable nftables kernel changes for port to 3.12 kernel

Hi We were asked to implement functionality to drop fragmented IPv6 packets, addressed to local interface, on device based 3.12 kernel As I understand it's not possible to do this by ip6tables rule in the case when nf_conntrack is enabled, but it possible if use nftables Could you please