From: Elias Valea Peri <eliasvp@gmail.com>
To: Arturo Borrero Gonzalez <arturo@netfilter.org>
Cc: netfilter@vger.kernel.org
Subject: Re: Doubts about netfilter + nftables and module
Date: Thu, 21 Nov 2019 17:09:17 +0100 [thread overview]
Message-ID: <CAPar=umKhb57QNxSeC7285A1okF2OXKMwtqdTBVX5eNsXCWKhQ@mail.gmail.com> (raw)
In-Reply-To: <ed81e7ad-708e-d3f1-0c1d-09329f0c3409@netfilter.org>
Thanks a lot Arturo, I will follow your advice.
¡Muchas gracias!
El jue., 21 nov. 2019 a las 14:59, Arturo Borrero Gonzalez
(<arturo@netfilter.org>) escribió:
>
> On 11/20/19 1:29 PM, Elias Valea Peri wrote:
> > Hi to all, we’re migrating our systems from netfilter + iptables to
> > netfilter + nftables.
> > We’re looking for information about which modules we want/need to load
> > for our needs and extensions we want to use.
> > Looking for documentation about, we aren't capable to find a
> > description of what does each module. For some modules, we see easily,
> > just by its filename, what does but for others it isn't easy.
> > We've downloaded our kernel sources, look for doc at netfilter.org,
> > www.kernel.org/doc, etc... without success.
> > Does anybody knows where we can find for each nf_*.ko, nfnetlink_*.ko,
> > nft_*.ko ... file the functionality/extension that implements each one
> > ????
>
> In general, you have some description of each module at Kconfig files, for example:
>
> https://elixir.bootlin.com/linux/latest/source/net/netfilter/Kconfig
>
> The nf_tables framework is a bit different from x_tables. In x_tables each
> target/match provided a very specific functionality that you may or may not find
> interesting for your use case (and you could disable if not)
>
> In nf_tables rules are composed of low level expressions each providing some
> kind of functionality. Mots likely you won't find a 1:1 correspondence between a
> given nft rule statement and a kernel module. Unless you know you are doing, I
> would advice to enable all of the nft_ modules, to make sure the ruleset you
> configure has the corresponding kernel support.
prev parent reply other threads:[~2019-11-21 16:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-20 12:29 Doubts about netfilter + nftables and module Elias Valea Peri
2019-11-21 13:59 ` Arturo Borrero Gonzalez
2019-11-21 16:09 ` Elias Valea Peri [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPar=umKhb57QNxSeC7285A1okF2OXKMwtqdTBVX5eNsXCWKhQ@mail.gmail.com' \
--to=eliasvp@gmail.com \
--cc=arturo@netfilter.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.