Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Tony Vroon (chainsaw)" <chainsaw@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-firewall/nftables/files: nftables.8 nftables-0.099-94300c7.patch
Date: Fri, 24 Jan 2014 16:11:25
Message-Id: 20140124161119.D74BC2004E@flycatcher.gentoo.org
1 chainsaw 14/01/24 16:11:19
2
3 Added: nftables.8 nftables-0.099-94300c7.patch
4 Log:
5 Initial commit. Patches & ebuilds by dwfreed, with some minor tweaks by me.
6
7 (Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0xB5058F9A)
8
9 Revision Changes Path
10 1.1 net-firewall/nftables/files/nftables.8
11
12 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/nftables/files/nftables.8?rev=1.1&view=markup
13 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/nftables/files/nftables.8?rev=1.1&content-type=text/plain
14
15 Index: nftables.8
16 ===================================================================
17 '\" t -*- coding: us-ascii -*-
18 .if \n(.g .ds T< \\FC
19 .if \n(.g .ds T> \\F[\n[.fam]]
20 .de URL
21 \\$2 \(la\\$1\(ra\\$3
22 ..
23 .if \n(.g .mso www.tmac
24 .TH nftables 8 "22 January 2014" "" ""
25 .SH NAME
26 nftables \- Administration tool for packet filtering and classification
27 .SH SYNOPSIS
28 'nh
29 .fi
30 .ad l
31 \fBnftables\fR \kx
32 .if (\nx>(\n(.l/2)) .nr x (\n(.l/5)
33 'in \n(.iu+\nxu
34 [
35 \fB-n/--numeric\fR
36 ] [
37 \fB-I/--includepath\fR
38 \fIdirectory\fR
39 ] [
40 \fB-f/--file\fR
41 \fIfilename\fR
42 |
43 \fB-i/--interactive\fR
44 |
45 \fIcmd\fR
46 \&...]
47 'in \n(.iu-\nxu
48 .ad b
49 'hy
50 'nh
51 .fi
52 .ad l
53 \fBnftables\fR \kx
54 .if (\nx>(\n(.l/2)) .nr x (\n(.l/5)
55 'in \n(.iu+\nxu
56 [
57 \fB-h/--help\fR
58 ] [
59 \fB-v/--version\fR
60 ]
61 'in \n(.iu-\nxu
62 .ad b
63 'hy
64 .SH DESCRIPTION
65 nftables is used to set up, maintain and inspect packet
66 filtering and classification rules in the Linux kernel.
67 .SH OPTIONS
68 For a full summary of options, run \fBnftables --help\fR.
69 .TP
70 \*(T<\fB\-h/\-\-help\fR\*(T>
71 Show help message and all options.
72 .TP
73 \*(T<\fB\-v/\-\-version\fR\*(T>
74 Show version.
75 .TP
76 \*(T<\fB\-n/\-\-numeric\fR\*(T>
77 Numeric output: IP addresses and other information
78 that might need network traffic to resolve to symbolic names
79 are shown numerically.
80 .TP
81 \*(T<\fB\-I/\-\-includepath \fR\*(T>\fIdirectory\fR
82 Add the directory \fIdirectory\fR to the list of directories to by searched for included files.
83 .TP
84 \*(T<\fB\-f/\-\-file \fR\*(T>\fIfilename\fR
85 Read input from \fIfilename\fR.
86 .TP
87 \*(T<\fB\-i/\-\-interactive\fR\*(T>
88 Read input from an interactive readline CLI.
89 .SH "INPUT FILE FORMAT"
90 Input is parsed line-wise. When the last character of a line just before
91 the newline character is a non-quoted backslash (\*(T<\e\*(T>),
92 the newline is treated as a line continuation.
93 .PP
94 A \*(T<#\*(T> begins a comment. All following characters on
95 the same line are ignored.
96 .PP
97 Other files can be included by using
98 \fBinclude "\fIfilename\fB"\fR.
99 .SH TABLES
100 'nh
101 .fi
102 .ad l
103 {add | delete | list | flush} \fBtable\fR [\fIfamily\fR] {\fItable\fR}
104 .ad b
105 'hy
106 .PP
107 Tables are containers for chains. They are identified by their family
108 and their name. The family must be one of
109 \*(T<ip\*(T>, \*(T<ip6\*(T>, \*(T<arp\*(T>, \*(T<bridge\*(T>.
110 When no family is specified, \*(T<ip\*(T> is used by default.
111 .TP
112 \*(T<\fBadd\fR\*(T>
113 Add a new table for the given family with the given name.
114 .TP
115 \*(T<\fBdelete\fR\*(T>
116 Delete the specified table.
117 .TP
118 \*(T<\fBlist\fR\*(T>
119 List all chains and rules of the specified table.
120 .TP
121 \*(T<\fBflush\fR\*(T>
122 Flush all chains and rules of the specified table.
123 .SH CHAINS
124 'nh
125 .fi
126 .ad l
127 {add} \fBchain\fR [\fIfamily\fR] {\fItable\fR} {\fIchain\fR} {\fIhook\fR} {\fIpriority\fR}
128 .ad b
129 'hy
130 'nh
131 .fi
132 .ad l
133 {add | delete | list | flush} \fBchain\fR [\fIfamily\fR] {\fItable\fR} {\fIchain\fR}
134 .ad b
135 'hy
136 .PP
137 Chains are containers for rules. They exist in two kinds,
138 basechains and regular chains. A basecase is an entry point for
139 packets from the networking stack, a regular chain may be used
140 as jump target and is used for better rule organization.
141 .TP
142 \*(T<\fBadd\fR\*(T>
143 Add a new chain in the specified table. When a hook and priority
144 value are specified, the chain is created as a base chain and hooked
145 up to the networking stack.
146 .TP
147 \*(T<\fBdelete\fR\*(T>
148 Delete the specified chain.
149 .TP
150 \*(T<\fBlist\fR\*(T>
151 List all rules of the specified chain.
152 .TP
153 \*(T<\fBflush\fR\*(T>
154 Flush all rules of the specified chain.
155 .SH RULES
156 'nh
157 .fi
158 .ad l
159 {add | delete} \fBrule\fR [\fIfamily\fR] {\fItable\fR} {\fIchain\fR} [handle \fIhandle\fR] {\fIstatement\fR}\&...
160 .ad b
161 'hy
162 .PP
163 Rules are constructed from two kinds of components according to a set
164 of rules: expressions and statements. The lowest order expression is a
165 primary expression, representing either a constant or a single datum
166 from a packets payload, meta data or a stateful module. Primary expressions
167 can be used as arguments to relational expressions (equality,
168 set membership, ...) to construct match expressions.
169 .SH "PRIMARY EXPRESSIONS"
170 .SS "META EXPRESSIONS"
171 A meta expression refers to meta data associated with a packet.
172 .PP
173 \fBMeta expressions\fR
174 .TS
175 allbox ;
176 l | l | l.
177 T{
178 Keyword
179 T} T{
180 Description
181 T} T{
182 Type
183 T}
184 .T&
185 l | l | l.
186 T{
187 length
188 T} T{
189 Length of the packet in bytes
190 T} T{
191 Numeric (32 bit)
192 T}
193 T{
194 protocol
195 T} T{
196 Ethertype protocol value
197 T} T{
198 ethertype
199 T}
200 T{
201 priority
202 T} T{
203 TC packet priority
204 T} T{
205 Numeric (32 bit)
206 T}
207 T{
208 mark
209 T} T{
210 Packet mark
211 T} T{
212 packetmark
213 T}
214 T{
215 iif
216 T} T{
217 Input interface index
218 T} T{
219 ifindex
220 T}
221 T{
222 iifname
223 T} T{
224 Input interface name
225 T} T{
226 ifname
227 T}
228 T{
229 iiftype
230 T} T{
231 Input interface hardware type
232 T} T{
233 hwtype
234 T}
235 T{
236 oif
237 T} T{
238 Output interface index
239 T} T{
240 ifindex
241 T}
242 T{
243 oifname
244 T} T{
245 Output interface name
246 T} T{
247 ifname
248 T}
249 T{
250 oiftype
251 T} T{
252 Output interface hardware type
253 T} T{
254 hwtype
255 T}
256 T{
257 skuid
258 T} T{
259 UID associated with originating socket
260 T} T{
261 uid
262 T}
263 T{
264 skgid
265 T} T{
266 GID associated with originating socket
267 T} T{
268 gid
269 T}
270 T{
271 rtclassid
272 T} T{
273 Routing realm
274 T} T{
275 realm
276 T}
277 .TE
278 .PP
279 \fBMeta expression specific types\fR
280 .TS
281 allbox ;
282 l | l.
283 T{
284 Type
285 T} T{
286 Description
287 T}
288 .T&
289 l | l.
290 T{
291 ifindex
292 T} T{
293 Interface index (32 bit number). Can be specified numerically
294 or as name of an existing interface.
295 T}
296 T{
297 ifname
298 T} T{
299 Interface name (16 byte string). Does not have to exist.
300 T}
301 T{
302 uid
303 T} T{
304 User ID (32 bit number). Can be specified numerically or as
305 user name.
306 T}
307 T{
308 gid
309 T} T{
310 Group ID (32 bit number). Can be specified numerically or as
311 group name.
312 T}
313 T{
314 realm
315 T} T{
316 Routing Realm (32 bit number). Can be specified numerically
317 or as symbolic name defined in /etc/iproute2/rt_realms.
318 T}
319 .TE
320 .SS "PAYLOAD EXPRESSIONS"
321 \fBEthernet header expression\fR
322 .TS
323 allbox ;
324 l | l.
325 T{
326 Keyword
327 T} T{
328 Description
329 T}
330 .T&
331 l | l
332 l | l
333 l | l.
334 T{
335 daddr
336 T} T{
337 Destination address
338 T}
339 T{
340 saddr
341 T} T{
342 Source address
343 T}
344 T{
345 type
346 T} T{
347 EtherType
348 T}
349 .TE
350 .PP
351 \fBVLAN header expression\fR
352 .TS
353 allbox ;
354 l | l.
355 T{
356 Keyword
357 T} T{
358 Description
359 T}
360 .T&
361 l | l.
362 T{
363 id
364 T} T{
365 VLAN ID (VID)
366 T}
367 T{
368 cfi
369 T} T{
370 Canonical Format Indicator
371 T}
372 T{
373 pcp
374 T} T{
375 Priority code point
376 T}
377 T{
378 type
379 T} T{
380 EtherType
381 T}
382 .TE
383 .PP
384 \fBARP header expression\fR
385 .TS
386 allbox ;
387 l | l.
388 T{
389 Keyword
390 T} T{
391 Description
392 T}
393 .T&
394 l | l.
395 T{
396 htype
397 T} T{
398 ARP hardware type
399 T}
400 T{
401 ptype
402 T} T{
403 EtherType
404 T}
405 T{
406 hlen
407 T} T{
408 Hardware address len
409 T}
410 T{
411 plen
412 T} T{
413 Protocol address len
414 T}
415 T{
416 op
417 T} T{
418 Operation
419 T}
420 .TE
421 .PP
422 \fBIPv4 header expression\fR
423 .TS
424 allbox ;
425 l | l.
426 T{
427 Keyword
428 T} T{
429 Description
430 T}
431 .T&
432 l | l.
433 T{
434 version
435 T} T{
436 IP header version (4)
437 T}
438 T{
439 hdrlength
440 T} T{
441 IP header length including options
442 T}
443 T{
444 tos
445 T} T{
446 Type Of Service
447 T}
448 T{
449 length
450 T} T{
451 Total packet length
452 T}
453 T{
454 id
455 T} T{
456 IP ID
457 T}
458 T{
459 frag-off
460 T} T{
461 Fragment offset
462 T}
463 T{
464 ttl
465 T} T{
466 Time to live
467 T}
468 T{
469 protocol
470 T} T{
471 Upper layer protocol
472 T}
473 T{
474 checksum
475 T} T{
476 IP header checksum
477 T}
478 T{
479 saddr
480 T} T{
481 Source address
482 T}
483 T{
484 daddr
485 T} T{
486 Destination address
487 T}
488 .TE
489 .PP
490 \fBIPv6 header expression\fR
491 .TS
492 allbox ;
493 l | l.
494 T{
495 Keyword
496 T} T{
497 Description
498 T}
499 .T&
500 l | l.
501 T{
502 version
503 T} T{
504 IP header version (6)
505 T}
506 T{
507 priority
508 T} T{
509 T}
510 T{
511 flowlabel
512 T} T{
513 T}
514 T{
515 length
516 T} T{
517 T}
518 T{
519 nexthdr
520 T} T{
521 Nexthdr protocol
522 T}
523 T{
524 hoplimit
525 T} T{
526 T}
527 T{
528 saddr
529 T} T{
530 Source address
531 T}
532 T{
533 daddr
534 T} T{
535 Destination address
536 T}
537 .TE
538 .PP
539 \fBSCTP header expression\fR
540 .TS
541 allbox ;
542 l | l.
543 T{
544 Keyword
545 T} T{
546 Description
547 T}
548 .T&
549 l | l.
550 T{
551 sport
552 T} T{
553 Source port
554 T}
555 T{
556 dport
557 T} T{
558 Destination port
559 T}
560 T{
561 vtag
562 T} T{
563 Verfication Tag
564 T}
565 T{
566 checksum
567 T} T{
568 Checksum
569 T}
570 .TE
571 .PP
572 \fBDCCP header expression\fR
573 .TS
574 allbox ;
575 l | l.
576 T{
577 Keyword
578 T} T{
579 Description
580 T}
581 .T&
582 l | l
583 l | l.
584 T{
585 sport
586 T} T{
587 Source port
588 T}
589 T{
590 dport
591 T} T{
592 Destination port
593 T}
594 .TE
595 .PP
596 \fBTCP header expression\fR
597 .TS
598 allbox ;
599 l | l.
600 T{
601 Keyword
602 T} T{
603 Description
604 T}
605 .T&
606 l | l.
607 T{
608 sport
609 T} T{
610 Source port
611 T}
612 T{
613 dport
614 T} T{
615 Destination port
616 T}
617 T{
618 sequence
619 T} T{
620 Sequence number
621 T}
622 T{
623 ackseq
624 T} T{
625 Acknowledgement number
626 T}
627 T{
628 doff
629 T} T{
630 Data offset
631 T}
632 T{
633 reserved
634 T} T{
635 Reserved area
636 T}
637 T{
638 flags
639 T} T{
640 TCP flags
641 T}
642 T{
643 window
644 T} T{
645 Window
646 T}
647 T{
648 checksum
649 T} T{
650 Checksum
651 T}
652 T{
653 urgptr
654 T} T{
655 Urgent pointer
656 T}
657 .TE
658 .PP
659 \fBUDP header expression\fR
660 .TS
661 allbox ;
662 l | l.
663 T{
664 Keyword
665 T} T{
666 Description
667 T}
668 .T&
669 l | l.
670 T{
671 sport
672 T} T{
673 Source port
674 T}
675 T{
676 dport
677 T} T{
678 Destination port
679 T}
680 T{
681 length
682 T} T{
683 Total packet length
684 T}
685 T{
686 checksum
687 T} T{
688 Checksum
689 T}
690 .TE
691 .PP
692 \fBUDP-Lite header expression\fR
693 .TS
694 allbox ;
695 l | l.
696 T{
697 Keyword
698 T} T{
699 Description
700 T}
701 .T&
702 l | l.
703 T{
704 sport
705 T} T{
706 Source port
707 T}
708 T{
709 dport
710 T} T{
711 Destination port
712 T}
713 T{
714 cscov
715 T} T{
716 Checksum coverage
717 T}
718 T{
719 checksum
720 T} T{
721 Checksum
722 T}
723 .TE
724 .PP
725 \fBAH header expression\fR
726 .TS
727 allbox ;
728 l | l.
729 T{
730 Keyword
731 T} T{
732 Description
733 T}
734 .T&
735 l | l.
736 T{
737 nexthdr
738 T} T{
739 Next header protocol
740 T}
741 T{
742 hdrlength
743 T} T{
744 AH Header length
745 T}
746 T{
747 reserved
748 T} T{
749 Reserved area
750 T}
751 T{
752 spi
753 T} T{
754 Security Parameter Index
755 T}
756 T{
757 sequence
758 T} T{
759 Sequence number
760 T}
761 .TE
762 .PP
763 \fBESP header expression\fR
764 .TS
765 allbox ;
766 l | l.
767 T{
768 Keyword
769 T} T{
770 Description
771 T}
772 .T&
773 l | l
774 l | l.
775 T{
776 spi
777 T} T{
778 Security Parameter Index
779 T}
780 T{
781 sequence
782 T} T{
783 Sequence number
784 T}
785 .TE
786 .PP
787 \fBIPComp header expression\fR
788 .TS
789 allbox ;
790 l | l.
791 T{
792 Keyword
793 T} T{
794 Description
795 T}
796 .T&
797 l | l
798 l | l
799 l | l.
800 T{
801 nexthdr
802 T} T{
803 Next header protocol
804 T}
805 T{
806 flags
807 T} T{
808 Flags
809 T}
810 T{
811 cfi
812 T} T{
813 Compression Parameter Index
814 T}
815 .TE
816 .SH "EXIT STATUS"
817 On success, nftables exits with a status of 0. Unspecified
818 errors cause it to exit with a status of 1, memory allocation
819 errors with a status of 2.
820 .SH "SEE ALSO"
821 iptables(8), ip6tables(8), arptables(8), ebtables(8), ip(8), tc(8)
822 .SH AUTHORS
823 nftables was written by Patrick McHardy.
824 .SH COPYRIGHT
825 Copyright \(co 2008 Patrick McHardy <\*(T<kaber@×××××.net\*(T>>
826 .PP
827 This program is free software; you can redistribute it and/or modify
828 it under the terms of the GNU General Public License version 2 as
829 published by the Free Software Foundation.
830
831
832
833 1.1 net-firewall/nftables/files/nftables-0.099-94300c7.patch
834
835 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/nftables/files/nftables-0.099-94300c7.patch?rev=1.1&view=markup
836 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/nftables/files/nftables-0.099-94300c7.patch?rev=1.1&content-type=text/plain
837
838 Index: nftables-0.099-94300c7.patch
839 ===================================================================
840 From 94300c75fc3e113009e68e2ab9db91c31e99e9f4 Mon Sep 17 00:00:00 2001
841 From: Pablo Neira Ayuso <pablo@×××××××××.org>
842 Date: Mon, 20 Jan 2014 14:02:50 +0000
843 Subject: build: use libnftnl instead of libnftables in configure.in
844
845 Signed-off-by: Pablo Neira Ayuso <pablo@×××××××××.org>
846 ---
847 diff --git a/configure.ac b/configure.ac
848 index b38295f..9f0d894 100644
849 --- a/configure.ac
850 +++ b/configure.ac
851 @@ -53,7 +53,7 @@ fi
852 AC_CHECK_LIB([mnl], [mnl_socket_open], ,
853 AC_MSG_ERROR([No suitable version of libmnl found]))
854
855 -AC_CHECK_LIB([nftables], [nft_rule_alloc], ,
856 +AC_CHECK_LIB([nftnl], [nft_rule_alloc], ,
857 AC_MSG_ERROR([No suitable version of libnftnl found]))
858
859 AC_CHECK_LIB([gmp], [__gmpz_init], ,
860 --
861 cgit v0.9.2
Report Message
Find on MARC Find on Google Groups