interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
253 Commits 1 Branch 3 Tags 3.7 MiB
Go 100%
Go to file
Jan Schär 8095c51678
Deprecate Rule.Flags field (#304) 
The functionality added in a46119e5 never worked: If you set
NFTA_RULE_POSITION to 0, the kernel will just complain that a rule with
this handle does not exist. This removes the broken functionality,
leaving the field deprecated.

The right way to insert a rule at the beginning of a chain is to use
InsertRule and leave Position unset.

https://github.com/google/nftables/issues/126 mentions that the nft
command allows referring to rules by index. But here is a quote from the
nft manpage:

> The add and insert commands support an optional location specifier,
> which is either a handle or the index (starting at zero) of an
> existing rule. Internally, rule locations are always identified by
> handle and the translation from index happens in userspace.

In other words, identifiying rules by index is a feature of nft and is
not part of the kernel interface.
 		2025-03-26 09:57:20 +01:00
.github/workflows Add integration tests for nftables package 2025-01-15 12:42:22 +01:00
alignedbuff alignedbuff: fix alignment test issue on 32-bit machines (#211) 2022-12-12 08:51:36 +01:00
binaryutil add int32 and string types to alignedbuff (#195) 2022-10-15 21:04:45 +02:00
expr Add missing ct keys (#310) 2025-03-26 09:54:08 +01:00
integration Add integration tests for nftables package 2025-01-15 12:42:22 +01:00
internal Set rule handle during flush (#299) 2025-03-26 09:24:33 +01:00
userdata add support for comments in set elements (#293) 2025-01-15 09:36:42 +01:00
xt feat: add xt.Comment (#260) 2024-04-22 08:53:34 +02:00
CONTRIBUTING.md Initial commit 2018-05-24 22:09:26 -07:00
LICENSE Initial commit 2018-05-24 22:09:26 -07:00
README.md README: switch to GitHub actions badge 2021-05-14 17:48:51 +02:00
chain.go Set rule handle during flush (#299) 2025-03-26 09:24:33 +01:00
compat_policy.go Fix: add NFTA_RULE_COMPAT attribute (#207) 2022-12-08 09:05:15 +01:00
compat_policy_test.go Fix: add NFTA_RULE_COMPAT attribute (#207) 2022-12-08 09:05:15 +01:00
conn.go Set rule handle during flush (#299) 2025-03-26 09:24:33 +01:00
counter.go refactor nftable Object handling (NamedObj type) (#259) 2024-07-29 08:43:58 +02:00
doc.go Restructure code base into smaller files (#15) 2019-05-03 23:54:09 +02:00
flowtable.go Set rule handle during flush (#299) 2025-03-26 09:24:33 +01:00
gen.go Use const instead of var where possible 2025-02-26 15:11:55 +01:00
go.mod go.{mod,sum}: update to latest x/ packages 2025-03-13 09:42:41 +01:00
go.sum go.{mod,sum}: update to latest x/ packages 2025-03-13 09:42:41 +01:00
monitor.go Implement AddGenerationalMonitor to deliver monitor events in batches (#283) 2024-11-09 12:07:36 +01:00
monitor_test.go Fix incorrect size check in NFGenMsg (#287) 2024-12-13 07:30:25 +01:00
nftables_test.go Set rule handle during flush (#299) 2025-03-26 09:24:33 +01:00
obj.go Set rule handle during flush (#299) 2025-03-26 09:24:33 +01:00
quota.go Fix Fib parsing (#296) 2025-01-16 09:15:33 +01:00
rule.go Deprecate Rule.Flags field (#304) 2025-03-26 09:57:20 +01:00
set.go Set rule handle during flush (#299) 2025-03-26 09:24:33 +01:00
set_test.go Set rule handle during flush (#299) 2025-03-26 09:24:33 +01:00
table.go Set rule handle during flush (#299) 2025-03-26 09:24:33 +01:00
util.go Fix incorrect size check in NFGenMsg (#287) 2024-12-13 07:30:25 +01:00
util_test.go NAT: prefix test 2024-01-12 21:30:04 +01:00

README.md

Build Status GoDoc

This is not the correct repository for issues with the Linux nftables project! This repository contains a third-party Go package to programmatically interact with nftables. Find the official nftables website at https://wiki.nftables.org/

This package manipulates Linux nftables (the iptables successor). It is implemented in pure Go, i.e. does not wrap libnftnl.

This is not an official Google product.

Breaking changes

This package is in very early stages, and only contains enough data types and functions to install very basic nftables rules. It is likely that mistakes with the data types/API will be identified as more functionality is added.

Contributions

Contributions are very welcome!