[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 3 Mar 2018 16:59:47 +0100
From: Florian Westphal <fw@...len.de>
To: netfilter-devel@...r.kernel.org
Cc: netdev@...r.kernel.org, netfilter@...r.kernel.org,
netfilter-announce@...ts.netfilter.org, lwn@....net
Subject: [ANNOUNCE] nftables 0.8.3 release
Hi!
The Netfilter project proudly presents:
nftables 0.8.3
This release includes a few fixes since last release plus following
enhancements:
- ifname_type, so its possible to match interface names via sets:
table inet t {
set s {
type ifname
elements = { "eth0",
"eth1" }
}
chain c {
iifname @s accept
oifname @s accept
}
}
- raw payload support to match headers that do not yet have
a more human-readable mnemonic. This also allows to match
udp and tcp port numbers in a single rule, because the raw
payload expression doesn't enforce a protocol dependency on
the network header. Example:
input meta l4proto {tcp, udp} @th,16,16 { dns, http }
matches both udp and tcp dport 53 and 80 in single rule.
See ChangeLog that comes attached to this email for more details.
You can download it from:
http://www.netfilter.org/projects/nftables/downloads.html#nftables-0.8.3
ftp://ftp.netfilter.org/pub/nftables/
To build the code, libnftnl 1.0.9 and libmnl >= 1.0.2 are required:
* http://netfilter.org/projects/libnftnl/index.html
* http://netfilter.org/projects/libmnl/index.html
Visit our wikipage for user documentation at:
* http://wiki.nftables.org
For the manpage reference, check man(8) nft.
In case of bugs and feature request, file them via:
* https://bugzilla.netfilter.org
Happy firewalling!
View attachment "changelog-0.8.3.txt" of type "text/plain" (2651 bytes)
Powered by blists - more mailing lists