2660:
830:
115:
55:
2672:
2646:
844:
397:(inbound interface, for example), and manage connection-tracking data. Arithmetic, bitwise and comparison operators can be used for making decisions based on that data. The virtual machine is also capable of manipulating sets of data (typically, IP addresses), allowing multiple comparison operations to be replaced with a single set lookup.
396:
to the Linux kernel which is able to execute bytecode to inspect a network packet and make decisions on how that packet should be handled. The operations implemented by this virtual machine are intentionally made basic. It can get data from the packet itself, have a look at the associated metadata
487:
transaction. This speeds up firewall configuration changes for setups having large rulesets; it can also help in avoiding race conditions while the rule changes are being executed. nftables also includes compatibility features to ease transition from previous firewalls, command-line utilities to
372:
The project stayed in alpha stage, and the official website was removed in 2009. In March 2010, emails from the author on the project mailing lists showed the project was still active and approaching a beta release, but the latter was never shipped officially. In
October 2012, Pablo Neira Ayuso
360:
The project was first publicly presented at
Netfilter Workshop 2008 by Patrick McHardy from the Netfilter Core Team. The first preview release of kernel and userspace implementation was given in March 2009. Although the tool has been called "the biggest change to Linux firewalling since the
332:
such as dictionaries, maps and concatenations that do not exist with iptables. Making use of these can significantly reduce the number of chains and rules needed to express a given packet filtering design.
400:
The above-described organization is contrary to the iptables firewalling code, which has protocol awareness built-in so deeply into the logic that the code has had to be replicated four times—for
2222:
1511:
1287:
329:
253:. Among the advantages of nftables over iptables is less code duplication and easier extension to new protocols. Among the disadvantages of nftables is that
2311:
973:
2306:
299:
infrastructure, such as the existing hooks into the networking stack, connection tracking system, userspace queueing component, and logging subsystem.
940:
1403:
1436:
582:
2664:
835:
916:
2043:
1811:
2703:
1541:
966:
2708:
2153:
1481:
2587:
1317:
1282:
647:
774:
488:
convert rules in the iptables format, and syntax-compatible versions of iptables commands that use the nftables backend.
2468:
1516:
1312:
998:
421:
92:
1870:
1277:
410:
373:
proposed a compatibility layer for iptables and announced a possible inclusion of the project into mainstream kernel.
74:
46:
568:
529:
2698:
2569:
2383:
1501:
1429:
959:
176:
2574:
2216:
1552:
554:
384:
tree. It was merged into the kernel mainline on 19 January 2014, with the release of Linux kernel version 3.13.
2137:
2122:
2038:
1826:
1631:
1355:
1302:
1297:
473:
322:
Note that the new syntax differs significantly from that of iptables, in which the same rule would be written:
128:
2480:
2279:
1915:
1803:
1758:
1708:
1692:
1669:
1398:
1491:
2625:
2602:
2597:
2432:
2398:
2388:
2260:
2205:
2082:
1621:
1090:
1043:
341:
258:
254:
2676:
2579:
1422:
1272:
414:
381:
432:, and more efficient execution, storage and incremental changes of filtering rules. Traditionally used
2609:
2211:
1773:
1471:
1327:
1307:
993:
982:
724:
164:
2405:
1884:
1743:
1677:
159:
54:
2559:
2393:
1979:
1879:
1816:
1738:
1733:
1521:
1100:
345:
147:
328:
The new syntax can appear more verbose, but it is also far more flexible. nftables incorporates
504:
2530:
2178:
2148:
2143:
1994:
1649:
1611:
1257:
1008:
1003:
871:
703:
682:
661:
242:/datagrams/frames. It has been available since Linux kernel 3.13 released on 19 January 2014.
205:
881:
876:
2284:
1846:
1567:
1557:
1466:
1322:
1085:
1013:
886:
610:
480:
362:
171:
135:
464:(for IPv4, IPv6, ARP and Ethernet bridging, respectively) are intended to be replaced with
2520:
2188:
1969:
1108:
926:
630:
393:
361:
introduction of iptables in 2001", it has received little press attention. Notable hacker
420:
The main advantages of nftables over iptables are the simplification of the Linux kernel
417:—as the firewall engines are too protocol-specific to be used in a generic manner.
340:
tool can be used to translate many existing iptables rules to equivalent nftables rules.
114:
365:(Gordon Lyon) said that he is "looking forward to its general release in the mainstream
2550:
2455:
2366:
2243:
2238:
2233:
2228:
2011:
1836:
1831:
1476:
1177:
425:
239:
2692:
2485:
2301:
2107:
2097:
1856:
1728:
1606:
1237:
1232:
1182:
429:
704:"Linux Netfilter Devel – [RFC] back on nf_tables (plus compatibility layer)"
2650:
2371:
2289:
2183:
2127:
1486:
1445:
1381:
1242:
931:
849:
472:
as a single unified implementation, providing firewall configuration on top of the
377:
366:
235:
800:
2376:
2269:
1851:
1748:
892:
2463:
2438:
2425:
2330:
2318:
2248:
2158:
1644:
1547:
1506:
1292:
1172:
1128:
825:
265:
32:
22:
882:
Pablo Neira Ayuso: [RFC] back on nf_tables (plus compatibility layer)
2325:
2294:
2163:
1999:
1788:
1659:
1616:
1376:
1360:
1138:
1080:
1053:
1048:
583:"List of available translations via iptables-translate tool - nftables wiki"
296:
284:
250:
152:
859:
555:"How We Used eBPF to Build Programmable Packet Filtering in Magic Firewall"
190:
2443:
2264:
2253:
2117:
2112:
2058:
2006:
1895:
1821:
1347:
1337:
1205:
1167:
1058:
274:
246:
2525:
2510:
2420:
2410:
2350:
2274:
2168:
2092:
2033:
1947:
1910:
1841:
1783:
1778:
1682:
1639:
1332:
1210:
1123:
1075:
1070:
1038:
907:
753:
484:
101:
2515:
2500:
2490:
2345:
2340:
2102:
2053:
2026:
1989:
1959:
1926:
1905:
1654:
1601:
1496:
1247:
1187:
1113:
918:
nftables – a successor to iptables, ip6tables, ebtables and arptables
951:
451:
443:
903:
896:
749:
596:
459:
435:
2645:
2335:
2198:
2132:
2087:
2048:
2016:
1984:
1942:
1937:
1900:
1768:
1763:
1723:
1718:
1224:
1023:
922:
843:
140:
725:"[PATCH 00/17] netfilter updates: nf_tables pull request"
2415:
2193:
2021:
1952:
1596:
1133:
1118:
946:
467:
406:
402:
376:
On 16 October 2013, Pablo Neira Ayuso submitted a nftables core
1418:
1414:
955:
2495:
2473:
1152:
866:
80:
483:
replacements of one or more firewall rules within a single
479:
nftables also offers an improved userspace API that allows
947:
Extended and enhanced manual for the nft command line tool
312:
A command to drop any packets with destination IP address
683:"Linux Netfilter Devel – Re: Current state of nftables"
662:"Linux Netfilter Devel – Re: Current state of nftables"
272:, while legacy tools are configured via the utilities
319:
nft add rule ip filter output ip daddr 1.2.3.4 drop
2618:
2558:
2549:
2454:
2359:
2075:
1968:
1878:
1869:
1802:
1707:
1700:
1691:
1668:
1630:
1589:
1582:
1530:
1459:
1452:
1369:
1346:
1265:
1256:
1223:
1198:
1160:
1151:
1099:
1031:
1022:
182:
170:
158:
146:
134:
124:
91:
73:
45:
31:
21:
941:nft_compat extended to support ebtables extensions
569:"Moving from iptables to nftables - nftables wiki"
257:that was provided by "iptables string match" like
743:
741:
1430:
1288:Microsoft Forefront Threat Management Gateway
967:
524:
522:
295:nftables utilizes the building blocks of the
8:
16:Userspace utility for Linux packet filtering
641:
639:
505:"[ANNOUNCE] nftables 1.1.0 release"
2555:
2451:
1875:
1704:
1697:
1586:
1456:
1437:
1423:
1415:
1262:
1157:
1028:
974:
960:
952:
238:providing filtering and classification of
113:
53:
18:
904:"nftables: a new packet filtering engine"
392:The nftables kernel engine adds a simple
352:as the default packet filtering backend.
2665:Free and open-source software portal
2223:Earliest eligible virtual deadline first
1404:List of router or firewall distributions
801:"Netfilter Workshop 2018 Berlin summary"
496:
877:First release of nftables (2009-03-18)
325:iptables -A OUTPUT -d 1.2.3.4 -j DROP
530:"nftables, the successor of iptables"
7:
836:Free and open-source software portal
613:. workshop.netfilter.org. 2008-10-03
867:nftables Git source code repository
775:"nftables – nft command line tool"
14:
2671:
2670:
2658:
2644:
1512:Supported computer architectures
842:
828:
646:Gray, Patrick (March 26, 2009).
1542:The Linux Programming Interface
915:McHardy, Patrick (2008-09-30).
902:Corbet, Jonathan (2009-03-24).
648:"NEWS: Linux Gets New Firewall"
536:. kernelnewbies.org. 2014-01-19
264:nftables is configured via the
748:Jonathan Corbet (2013-08-20).
1:
1318:Trend Micro Internet Security
1283:McAfee Personal Firewall Plus
611:"User day program – NFWS2008"
245:nftables replaces the legacy
1313:Symantec Endpoint Protection
999:Context-based access control
943:(merged in Linux kernel 4.0)
872:nftables HOWTO documentation
631:initial release announcement
261:filtering is not supported.
1278:Kaspersky Internet Security
348:, uses nftables along with
2725:
2384:High-performance computing
2206:Process and I/O schedulers
2638:
2217:Completely Fair Scheduler
1482:Tanenbaum–Torvalds debate
1394:
989:
474:in-kernel virtual machine
87:
41:
2138:Kernel same-page merging
1356:Comodo Internet Security
1303:Norton Personal Firewall
1298:Norton Internet Security
750:"The return of nftables"
597:"Nftables - Debian Wiki"
330:advanced data structures
2704:Linux security software
2481:OS-level virtualization
1399:Comparison of firewalls
923:Netfilter Workshop 2008
2626:List of Linux adopters
1568:Linux User Group (LUG)
1091:Uncomplicated Firewall
234:is a subsystem of the
2709:Linux kernel features
1273:Check Point Integrity
891:nftables sections in
382:Linux kernel mainline
60:; 58 days ago
37:The Netfilter Project
27:The Netfilter Project
2212:Brain Fuck Scheduler
1472:Linux Mark Institute
1328:Windows Live OneCare
1308:Outpost Firewall Pro
994:Application firewall
887:nftables quick HOWTO
773:Neira Ayuso, Pablo.
2406:Real-time computing
1678:Linux Standard Base
346:Linux distributions
308:Command-line syntax
2394:Compute Node Linux
1980:C standard library
350:iptables-translate
342:Debian 10 (Buster)
338:iptables-translate
23:Original author(s)
2699:Firewall software
2686:
2685:
2634:
2633:
2545:
2544:
2541:
2540:
2179:Network scheduler
2071:
2070:
2067:
2066:
1865:
1864:
1612:Linux kernel oops
1578:
1577:
1558:Linux conferences
1412:
1411:
1390:
1389:
1219:
1218:
1147:
1146:
1009:Stateful firewall
1004:Personal firewall
983:Firewall software
779:git.netfilter.org
229:
228:
2716:
2674:
2673:
2663:
2662:
2661:
2651:Linux portal
2649:
2648:
2556:
2452:
2261:Security Modules
1876:
1705:
1698:
1587:
1467:Linux Foundation
1457:
1439:
1432:
1425:
1416:
1323:Windows Firewall
1263:
1158:
1029:
1014:Virtual firewall
976:
969:
962:
953:
937:
935:
925:. Archived from
911:
863:
862:
860:Official website
852:
847:
846:
838:
833:
832:
831:
816:
815:
813:
811:
796:
790:
789:
787:
785:
770:
764:
763:
761:
760:
745:
736:
735:
733:
732:
721:
715:
714:
712:
711:
700:
694:
693:
691:
690:
679:
673:
672:
670:
669:
658:
652:
651:
643:
634:
628:
622:
621:
619:
618:
607:
601:
600:
593:
587:
586:
579:
573:
572:
565:
559:
558:
551:
545:
544:
542:
541:
526:
517:
516:
514:
512:
501:
471:
470:
463:
462:
455:
454:
447:
446:
439:
438:
426:code duplication
363:Fyodor Vaskovich
351:
339:
315:
222:
219:
217:
215:
213:
211:
209:
207:
201:
198:
196:
194:
192:
165:packet filtering
136:Operating system
117:
112:
109:
107:
105:
103:
68:
66:
61:
57:
19:
2724:
2723:
2719:
2718:
2717:
2715:
2714:
2713:
2689:
2688:
2687:
2682:
2659:
2657:
2643:
2630:
2614:
2561:
2537:
2521:User-mode Linux
2450:
2355:
2063:
1971:
1964:
1883:
1861:
1798:
1710:
1687:
1664:
1626:
1574:
1526:
1517:Version history
1448:
1443:
1413:
1408:
1386:
1365:
1342:
1252:
1248:VirusBarrier X6
1215:
1194:
1143:
1109:Endian Firewall
1095:
1018:
985:
980:
929:
914:
901:
858:
857:
848:
841:
834:
829:
827:
824:
819:
809:
807:
798:
797:
793:
783:
781:
772:
771:
767:
758:
756:
747:
746:
739:
730:
728:
723:
722:
718:
709:
707:
702:
701:
697:
688:
686:
681:
680:
676:
667:
665:
660:
659:
655:
645:
644:
637:
629:
625:
616:
614:
609:
608:
604:
595:
594:
590:
581:
580:
576:
567:
566:
562:
553:
552:
548:
539:
537:
528:
527:
520:
510:
508:
503:
502:
498:
494:
466:
465:
458:
457:
450:
449:
442:
441:
434:
433:
430:error reporting
424:, reduction of
413:, and Ethernet
394:virtual machine
390:
358:
349:
337:
326:
320:
313:
310:
305:
240:network packets
225:
204:
189:
120:
100:
83:
75:Preview release
69:
64:
62:
59:
17:
12:
11:
5:
2722:
2720:
2712:
2711:
2706:
2701:
2691:
2690:
2684:
2683:
2681:
2680:
2668:
2654:
2639:
2636:
2635:
2632:
2631:
2629:
2628:
2622:
2620:
2616:
2615:
2613:
2612:
2607:
2606:
2605:
2600:
2592:
2591:
2590:
2582:
2577:
2572:
2566:
2564:
2553:
2547:
2546:
2543:
2542:
2539:
2538:
2536:
2535:
2534:
2533:
2528:
2523:
2518:
2513:
2505:
2504:
2503:
2498:
2493:
2488:
2478:
2477:
2476:
2471:
2460:
2458:
2456:Virtualization
2449:
2448:
2447:
2446:
2441:
2430:
2429:
2428:
2423:
2418:
2413:
2403:
2402:
2401:
2396:
2391:
2381:
2380:
2379:
2374:
2363:
2361:
2357:
2356:
2354:
2353:
2348:
2343:
2338:
2333:
2328:
2322:
2321:
2316:
2315:
2314:
2309:
2302:Device drivers
2298:
2297:
2292:
2287:
2282:
2277:
2272:
2267:
2257:
2256:
2251:
2246:
2244:SCHED_DEADLINE
2241:
2239:O(1) scheduler
2236:
2234:O(n) scheduler
2231:
2229:Noop scheduler
2226:
2220:
2214:
2209:
2202:
2201:
2196:
2191:
2186:
2181:
2176:
2171:
2166:
2161:
2156:
2151:
2146:
2141:
2135:
2130:
2125:
2120:
2115:
2110:
2105:
2100:
2095:
2090:
2085:
2083:Kernel modules
2079:
2077:
2073:
2072:
2069:
2068:
2065:
2064:
2062:
2061:
2056:
2051:
2046:
2041:
2036:
2031:
2030:
2029:
2024:
2019:
2014:
2009:
2004:
2003:
2002:
1992:
1987:
1976:
1974:
1966:
1965:
1963:
1962:
1957:
1956:
1955:
1945:
1940:
1935:
1932:
1929:
1924:
1921:
1918:
1913:
1908:
1903:
1898:
1893:
1889:
1887:
1873:
1867:
1866:
1863:
1862:
1860:
1859:
1854:
1849:
1844:
1839:
1837:Memory barrier
1834:
1829:
1824:
1819:
1814:
1808:
1806:
1800:
1799:
1797:
1796:
1795:
1794:
1791:
1786:
1781:
1776:
1771:
1766:
1756:
1755:
1754:
1751:
1746:
1741:
1736:
1731:
1726:
1715:
1713:
1702:
1695:
1689:
1688:
1686:
1685:
1680:
1674:
1672:
1666:
1665:
1663:
1662:
1657:
1652:
1647:
1642:
1636:
1634:
1628:
1627:
1625:
1624:
1619:
1614:
1609:
1604:
1599:
1593:
1591:
1584:
1580:
1579:
1576:
1575:
1573:
1572:
1571:
1570:
1562:
1561:
1560:
1555:
1550:
1545:
1534:
1532:
1528:
1527:
1525:
1524:
1519:
1514:
1509:
1504:
1499:
1494:
1489:
1484:
1479:
1474:
1469:
1463:
1461:
1454:
1450:
1449:
1444:
1442:
1441:
1434:
1427:
1419:
1410:
1409:
1407:
1406:
1401:
1395:
1392:
1391:
1388:
1387:
1385:
1384:
1379:
1373:
1371:
1367:
1366:
1364:
1363:
1358:
1352:
1350:
1344:
1343:
1341:
1340:
1335:
1330:
1325:
1320:
1315:
1310:
1305:
1300:
1295:
1290:
1285:
1280:
1275:
1269:
1267:
1260:
1254:
1253:
1251:
1250:
1245:
1240:
1235:
1229:
1227:
1221:
1220:
1217:
1216:
1214:
1213:
1208:
1202:
1200:
1196:
1195:
1193:
1192:
1191:
1190:
1180:
1175:
1170:
1164:
1162:
1155:
1149:
1148:
1145:
1144:
1142:
1141:
1136:
1131:
1126:
1121:
1116:
1111:
1105:
1103:
1097:
1096:
1094:
1093:
1088:
1083:
1078:
1073:
1068:
1067:
1066:
1061:
1051:
1046:
1041:
1035:
1033:
1026:
1020:
1019:
1017:
1016:
1011:
1006:
1001:
996:
990:
987:
986:
981:
979:
978:
971:
964:
956:
950:
949:
944:
938:
936:on 2009-03-22.
912:
899:
889:
884:
879:
874:
869:
864:
854:
853:
839:
823:
822:External links
820:
818:
817:
805:ral-arturo.org
791:
765:
737:
716:
695:
674:
653:
635:
623:
602:
588:
574:
560:
546:
518:
507:. 16 July 2024
495:
493:
490:
389:
386:
357:
354:
344:, among other
324:
318:
309:
306:
304:
301:
227:
226:
224:
223:
212:/wiki-nftables
202:
186:
184:
180:
179:
174:
168:
167:
162:
156:
155:
150:
144:
143:
138:
132:
131:
126:
122:
121:
119:
118:
97:
95:
89:
88:
85:
84:
79:
77:
71:
70:
58:/ 16 July 2024
51:
49:
47:Stable release
43:
42:
39:
38:
35:
29:
28:
25:
15:
13:
10:
9:
6:
4:
3:
2:
2721:
2710:
2707:
2705:
2702:
2700:
2697:
2696:
2694:
2679:
2678:
2669:
2667:
2666:
2655:
2653:
2652:
2647:
2641:
2640:
2637:
2627:
2624:
2623:
2621:
2617:
2611:
2608:
2604:
2601:
2599:
2596:
2595:
2593:
2589:
2586:
2585:
2584:Thin client:
2583:
2581:
2578:
2576:
2573:
2571:
2568:
2567:
2565:
2563:
2557:
2554:
2552:
2548:
2532:
2529:
2527:
2524:
2522:
2519:
2517:
2514:
2512:
2509:
2508:
2506:
2502:
2499:
2497:
2494:
2492:
2489:
2487:
2486:Linux-VServer
2484:
2483:
2482:
2479:
2475:
2472:
2470:
2467:
2466:
2465:
2462:
2461:
2459:
2457:
2453:
2445:
2442:
2440:
2437:
2436:
2434:
2431:
2427:
2424:
2422:
2419:
2417:
2414:
2412:
2409:
2408:
2407:
2404:
2400:
2397:
2395:
2392:
2390:
2387:
2386:
2385:
2382:
2378:
2375:
2373:
2370:
2369:
2368:
2365:
2364:
2362:
2358:
2352:
2349:
2347:
2344:
2342:
2339:
2337:
2334:
2332:
2329:
2327:
2324:
2323:
2320:
2317:
2313:
2310:
2308:
2305:
2304:
2303:
2300:
2299:
2296:
2293:
2291:
2288:
2286:
2283:
2281:
2278:
2276:
2273:
2271:
2268:
2266:
2262:
2259:
2258:
2255:
2252:
2250:
2247:
2245:
2242:
2240:
2237:
2235:
2232:
2230:
2227:
2224:
2221:
2218:
2215:
2213:
2210:
2207:
2204:
2203:
2200:
2197:
2195:
2192:
2190:
2187:
2185:
2182:
2180:
2177:
2175:
2172:
2170:
2167:
2165:
2162:
2160:
2157:
2155:
2152:
2150:
2147:
2145:
2142:
2139:
2136:
2134:
2131:
2129:
2126:
2124:
2121:
2119:
2116:
2114:
2111:
2109:
2108:Device mapper
2106:
2104:
2101:
2099:
2096:
2094:
2091:
2089:
2086:
2084:
2081:
2080:
2078:
2074:
2060:
2057:
2055:
2052:
2050:
2047:
2045:
2042:
2040:
2037:
2035:
2032:
2028:
2025:
2023:
2020:
2018:
2015:
2013:
2010:
2008:
2005:
2001:
1998:
1997:
1996:
1993:
1991:
1988:
1986:
1983:
1982:
1981:
1978:
1977:
1975:
1973:
1967:
1961:
1958:
1954:
1951:
1950:
1949:
1946:
1944:
1941:
1939:
1936:
1933:
1930:
1928:
1925:
1922:
1919:
1917:
1914:
1912:
1909:
1907:
1904:
1902:
1899:
1897:
1894:
1891:
1890:
1888:
1886:
1881:
1877:
1874:
1872:
1868:
1858:
1855:
1853:
1850:
1848:
1845:
1843:
1840:
1838:
1835:
1833:
1830:
1828:
1825:
1823:
1820:
1818:
1815:
1813:
1810:
1809:
1807:
1805:
1801:
1792:
1790:
1787:
1785:
1782:
1780:
1777:
1775:
1772:
1770:
1767:
1765:
1762:
1761:
1760:
1757:
1752:
1750:
1747:
1745:
1742:
1740:
1737:
1735:
1732:
1730:
1727:
1725:
1722:
1721:
1720:
1717:
1716:
1714:
1712:
1706:
1703:
1699:
1696:
1694:
1690:
1684:
1681:
1679:
1676:
1675:
1673:
1671:
1667:
1661:
1658:
1656:
1653:
1651:
1648:
1646:
1643:
1641:
1638:
1637:
1635:
1633:
1629:
1623:
1620:
1618:
1615:
1613:
1610:
1608:
1605:
1603:
1600:
1598:
1595:
1594:
1592:
1588:
1585:
1581:
1569:
1566:
1565:
1563:
1559:
1556:
1554:
1551:
1549:
1546:
1544:
1543:
1539:
1538:
1536:
1535:
1533:
1529:
1523:
1520:
1518:
1515:
1513:
1510:
1508:
1505:
1503:
1500:
1498:
1495:
1493:
1490:
1488:
1485:
1483:
1480:
1478:
1475:
1473:
1470:
1468:
1465:
1464:
1462:
1458:
1455:
1451:
1447:
1440:
1435:
1433:
1428:
1426:
1421:
1420:
1417:
1405:
1402:
1400:
1397:
1396:
1393:
1383:
1380:
1378:
1375:
1374:
1372:
1368:
1362:
1359:
1357:
1354:
1353:
1351:
1349:
1345:
1339:
1336:
1334:
1331:
1329:
1326:
1324:
1321:
1319:
1316:
1314:
1311:
1309:
1306:
1304:
1301:
1299:
1296:
1294:
1291:
1289:
1286:
1284:
1281:
1279:
1276:
1274:
1271:
1270:
1268:
1264:
1261:
1259:
1255:
1249:
1246:
1244:
1241:
1239:
1238:NetBarrier X4
1236:
1234:
1233:Little Snitch
1231:
1230:
1228:
1226:
1222:
1212:
1209:
1207:
1204:
1203:
1201:
1197:
1189:
1186:
1185:
1184:
1181:
1179:
1176:
1174:
1171:
1169:
1166:
1165:
1163:
1159:
1156:
1154:
1150:
1140:
1137:
1135:
1132:
1130:
1127:
1125:
1122:
1120:
1117:
1115:
1112:
1110:
1107:
1106:
1104:
1102:
1098:
1092:
1089:
1087:
1084:
1082:
1079:
1077:
1074:
1072:
1069:
1065:
1062:
1060:
1057:
1056:
1055:
1052:
1050:
1047:
1045:
1042:
1040:
1037:
1036:
1034:
1030:
1027:
1025:
1021:
1015:
1012:
1010:
1007:
1005:
1002:
1000:
997:
995:
992:
991:
988:
984:
977:
972:
970:
965:
963:
958:
957:
954:
948:
945:
942:
939:
933:
928:
924:
920:
919:
913:
909:
905:
900:
898:
894:
890:
888:
885:
883:
880:
878:
875:
873:
870:
868:
865:
861:
856:
855:
851:
845:
840:
837:
826:
821:
806:
802:
799:Arturo, Ral.
795:
792:
780:
776:
769:
766:
755:
751:
744:
742:
738:
726:
720:
717:
706:. Spinics.net
705:
699:
696:
685:. Spinics.net
684:
678:
675:
664:. Spinics.net
663:
657:
654:
649:
642:
640:
636:
632:
627:
624:
612:
606:
603:
598:
592:
589:
584:
578:
575:
570:
564:
561:
556:
550:
547:
535:
531:
525:
523:
519:
506:
500:
497:
491:
489:
486:
482:
477:
475:
469:
461:
453:
445:
437:
431:
427:
423:
418:
416:
412:
408:
404:
398:
395:
387:
385:
383:
379:
374:
370:
368:
364:
355:
353:
347:
343:
334:
331:
323:
317:
307:
302:
300:
298:
293:
291:
287:
286:
281:
277:
276:
271:
267:
262:
260:
256:
252:
249:component of
248:
243:
241:
237:
233:
221:
203:
200:
188:
187:
185:
181:
178:
175:
173:
169:
166:
163:
161:
157:
154:
151:
149:
145:
142:
139:
137:
133:
130:
127:
123:
116:
111:
99:
98:
96:
94:
90:
86:
82:
78:
76:
72:
56:
50:
48:
44:
40:
36:
34:
30:
26:
24:
20:
2675:
2656:
2642:
2372:Linux kernel
2290:Tomoyo Linux
2173:
1885:File systems
1540:
1492:SCO disputes
1453:Organization
1446:Linux kernel
1382:PeerGuardian
1243:PeerGuardian
1063:
927:the original
917:
850:Linux portal
808:. Retrieved
804:
794:
782:. Retrieved
778:
768:
757:. Retrieved
729:. Retrieved
719:
708:. Retrieved
698:
687:. Retrieved
677:
666:. Retrieved
656:
650:. Risky.biz.
626:
615:. Retrieved
605:
591:
577:
563:
549:
538:. Retrieved
533:
509:. Retrieved
499:
478:
452:arptables(8)
444:ip6tables(8)
419:
399:
391:
378:pull request
375:
371:
367:Linux kernel
359:
335:
327:
321:
311:
294:
292:frameworks.
289:
283:
279:
273:
269:
263:
244:
236:Linux kernel
231:
230:
65:16 July 2024
33:Developer(s)
2377:Linux-libre
2270:Exec Shield
2149:Framebuffer
1852:Video4Linux
1709:System Call
1537:Developers
1477:Linus's law
1370:Open-source
1044:Firestarter
897:Gentoo Wiki
727:. Marc.info
460:ebtables(8)
436:iptables(8)
428:, improved
52:1.1.0
2693:Categories
2464:Hypervisor
2426:PREEMPT_RT
2331:KernelCare
2319:Raw device
2249:SCHED_FIFO
2159:KMS driver
2076:Components
1931:securityfs
1817:Crypto API
1759:Linux-only
1645:System.map
1548:kernel.org
1507:menuconfig
1502:GNU GPL v2
1293:Norton 360
1266:Commercial
1173:ipfirewall
1129:SmoothWall
810:24 January
784:24 January
759:2013-10-22
731:2014-01-20
710:2014-01-20
689:2014-01-20
668:2014-01-20
617:2014-02-22
540:2016-03-04
534:Linux 3.13
492:References
266:user-space
125:Written in
104:.netfilter
93:Repository
2603:LYME-LYCE
2326:initramfs
2295:Linux PAM
2164:Netfilter
2034:libcgroup
2000:libhybris
1972:libraries
1920:hugetlbfs
1871:Userspace
1804:In-kernel
1789:readahead
1711:Interface
1660:initramfs
1617:SystemTap
1590:Debugging
1583:Technical
1522:Criticism
1377:PeerBlock
1361:ZoneAlarm
1139:Zeroshell
1081:Shorewall
1054:Netfilter
1049:firewalld
297:Netfilter
285:arptables
280:ip6tables
251:Netfilter
208:.nftables
197:/nftables
195:/projects
191:netfilter
153:Netfilter
108:/nftables
2677:Category
2619:Adopters
2594:Server:
2575:Embedded
2551:Adoption
2444:PSXLinux
2367:Mainline
2360:Variants
2312:graphics
2265:AppArmor
2254:SCHED_RR
2174:nftables
2118:dm-crypt
2113:dm-cache
2059:liburing
2049:libevdev
2007:dietlibc
1896:configfs
1822:io uring
1348:Freemium
1338:WinRoute
1206:OPNsense
1168:IPFilter
1064:nftables
1059:iptables
893:ArchWiki
415:bridging
388:Overview
290:ebtables
275:iptables
268:utility
247:iptables
232:nftables
148:Platform
81:Git repo
2610:Devices
2570:Desktop
2531:coLinux
2526:MkLinux
2511:L4Linux
2439:ÎĽClinux
2421:Xenomai
2411:RTLinux
2351:Ksplice
2280:SELinux
2275:seccomp
2225:(EEVDF)
2169:Netlink
2098:Console
2093:cgroups
2044:libalsa
1970:Wrapper
1948:systemd
1911:debugfs
1880:Daemons
1842:New API
1784:inotify
1779:dnotify
1683:x32 ABI
1640:vmlinux
1632:Startup
1531:Support
1333:WinGate
1258:Windows
1211:pfSense
1199:Distros
1124:OpenWrt
1101:Distros
1076:Privoxy
1071:MoBlock
1039:FireHOL
908:LWN.net
754:LWN.net
511:17 July
485:Netlink
380:to the
356:History
314:1.2.3.4
183:Website
172:License
63: (
2580:Gaming
2562:of use
2516:ELinOS
2507:Other
2501:OpenVZ
2491:Lguest
2435:-less
2346:kpatch
2341:kGraft
2307:802.11
2103:bcache
2054:libusb
2039:libdrm
2027:Newlib
2012:EGLIBC
1995:Bionic
1990:uClibc
1960:Kmscon
1934:sockfs
1927:procfs
1923:pipefs
1906:devpts
1832:kernfs
1774:splice
1729:select
1701:Kernel
1655:initrd
1650:dracut
1602:ftrace
1564:Users
1497:Linaro
1460:Kernel
1188:pfsync
1114:IPFire
481:atomic
468:nft(8)
214:/index
2560:Range
2399:SLURM
2336:kexec
2285:Smack
2219:(CFS)
2199:zswap
2140:(KSM)
2133:evdev
2088:BlueZ
2017:klibc
1985:glibc
1943:tmpfs
1938:sysfs
1901:devfs
1892:bpffs
1769:epoll
1764:futex
1744:close
1724:ioctl
1719:POSIX
1607:kdump
1225:macOS
1086:Squid
1024:Linux
220:_Page
218:/Main
177:GPLv2
141:Linux
2598:LAMP
2588:LTSP
2416:RTAI
2194:zram
2189:SLUB
2184:perf
2128:EDAC
2022:musl
1953:udev
1916:FUSE
1812:ALSA
1749:sync
1739:read
1734:open
1693:APIs
1670:ABIs
1597:CRIU
1553:LKML
1161:Apps
1134:VyOS
1119:LEDE
1032:Apps
895:and
812:2019
786:2019
513:2024
456:and
407:IPv6
403:IPv4
336:The
288:and
216:.php
210:.org
206:wiki
193:.org
160:Type
106:.org
2496:LXC
2474:Xen
2469:KVM
2433:MMU
2389:INK
2154:LVM
2144:LIO
2123:DRM
1857:IIO
1847:RCU
1827:DRM
1622:BPF
1487:Tux
1178:NPF
1153:BSD
932:ODP
422:ABI
411:ARP
369:".
303:nft
270:nft
259:SNI
255:DPI
102:git
2695::
2263::
1183:PF
921:.
906:.
803:.
777:.
752:.
740:^
638:^
532:.
521:^
476:.
448:,
440:,
409:,
405:,
316::
282:,
278:,
2208::
1882:,
1793:…
1753:…
1438:e
1431:t
1424:v
975:e
968:t
961:v
934:)
930:(
910:.
814:.
788:.
762:.
734:.
713:.
692:.
671:.
633:.
620:.
599:.
585:.
571:.
557:.
543:.
515:.
199:/
129:C
110:/
67:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.