lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20180116130159.m3dzom4zgitglfhh@salvia>
Date:   Tue, 16 Jan 2018 14:01:59 +0100
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     netfilter-devel@...r.kernel.org
Cc:     netdev@...r.kernel.org, netfilter@...r.kernel.org,
        netfilter-announce@...ts.netfilter.org, lwn@....net
Subject: [ANNOUNCE] nftables 0.8.1 release

Hi!

The Netfilter project proudly presents:

        nftables 0.8.1

This release contains mostly incremental fixes and documentation
updates, such as fixing up ./configure --with-mini-gmp for embedded
setups that don't have libgmp.

Deprecated syntax
=================

This release deprecates the "flow table" syntax in favor of "meter" to
address Netfilter's bugzilla issues:

https://bugzilla.netfilter.org/show_bug.cgi?id=1137
https://bugzilla.netfilter.org/show_bug.cgi?id=1185

This is an example of how to use it:

# nft add table filter
# nft add chain filter input { type filter hook input priority 0\; }
# nft add rule filter input meter local-traffic { ip saddr counter }

# nft list ruleset
table ip filter {
        chain input {
                type filter hook input priority 0; policy accept;
                meter local-traffic { ip saddr counter} 
        }
}
# nft list ruleset
table ip filter {
        chain input {
                type filter hook input priority 0; policy accept;
                meter local-traffic { ip saddr counter} 
        }
}
# nft list meter filter local-traffic 
table ip filter {
        meter local-traffic {
                type ipv4_addr
                elements = { 8.8.8.8 : counter packets 1 bytes 84, 84.11.121.21 : counter packets 1 bytes 76, 150.159.126.108 : counter packets 1 bytes 76, 123.102.2.4 : counter packets 1 bytes 76, 21.241.12.143 : counter packets 1 bytes 76 }
        }
}

Former 'flow table' syntax will be still around for a while, but listing
uses the new 'meter' syntax, so please revisit your scripts if you are
using this feature.

Resources
=========

The nftables code can be obtained from:

* http://netfilter.org/projects/nftables/downloads.html
* ftp://ftp.netfilter.org/pub/nftables
* git://git.netfilter.org/nftables

To build the code, libnftnl 1.0.9 and libmnl >= 1.0.2 are required:

* http://netfilter.org/projects/libnftnl/index.html
* http://netfilter.org/projects/libmnl/index.html

Visit our wikipage for user documentation at:

* http://wiki.nftables.org

For the manpage reference, check man(8) nft.

In case of bugs and feature request, file them via:

* https://bugzilla.netfilter.org

Make sure you create no duplicates already, thanks!

Happy firewalling!

View attachment "changes-nftables-0.8.1.txt" of type "text/plain" (3495 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ