* Doubts about netfilter + nftables and module
@ 2019-11-20 12:29 Elias Valea Peri
2019-11-21 13:59 ` Arturo Borrero Gonzalez
0 siblings, 1 reply; 3+ messages in thread
From: Elias Valea Peri @ 2019-11-20 12:29 UTC (permalink / raw)
To: netfilter
Hi to all, we’re migrating our systems from netfilter + iptables to
netfilter + nftables.
We’re looking for information about which modules we want/need to load
for our needs and extensions we want to use.
Looking for documentation about, we aren't capable to find a
description of what does each module. For some modules, we see easily,
just by its filename, what does but for others it isn't easy.
We've downloaded our kernel sources, look for doc at netfilter.org,
www.kernel.org/doc, etc... without success.
Does anybody knows where we can find for each nf_*.ko, nfnetlink_*.ko,
nft_*.ko ... file the functionality/extension that implements each one
????
Thanks a lot for your help
Elias
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Doubts about netfilter + nftables and module
2019-11-20 12:29 Doubts about netfilter + nftables and module Elias Valea Peri
@ 2019-11-21 13:59 ` Arturo Borrero Gonzalez
2019-11-21 16:09 ` Elias Valea Peri
0 siblings, 1 reply; 3+ messages in thread
From: Arturo Borrero Gonzalez @ 2019-11-21 13:59 UTC (permalink / raw)
To: Elias Valea Peri; +Cc: netfilter
On 11/20/19 1:29 PM, Elias Valea Peri wrote:
> Hi to all, we’re migrating our systems from netfilter + iptables to
> netfilter + nftables.
> We’re looking for information about which modules we want/need to load
> for our needs and extensions we want to use.
> Looking for documentation about, we aren't capable to find a
> description of what does each module. For some modules, we see easily,
> just by its filename, what does but for others it isn't easy.
> We've downloaded our kernel sources, look for doc at netfilter.org,
> www.kernel.org/doc, etc... without success.
> Does anybody knows where we can find for each nf_*.ko, nfnetlink_*.ko,
> nft_*.ko ... file the functionality/extension that implements each one
> ????
In general, you have some description of each module at Kconfig files, for example:
https://elixir.bootlin.com/linux/latest/source/net/netfilter/Kconfig
The nf_tables framework is a bit different from x_tables. In x_tables each
target/match provided a very specific functionality that you may or may not find
interesting for your use case (and you could disable if not)
In nf_tables rules are composed of low level expressions each providing some
kind of functionality. Mots likely you won't find a 1:1 correspondence between a
given nft rule statement and a kernel module. Unless you know you are doing, I
would advice to enable all of the nft_ modules, to make sure the ruleset you
configure has the corresponding kernel support.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Doubts about netfilter + nftables and module
2019-11-21 13:59 ` Arturo Borrero Gonzalez
@ 2019-11-21 16:09 ` Elias Valea Peri
0 siblings, 0 replies; 3+ messages in thread
From: Elias Valea Peri @ 2019-11-21 16:09 UTC (permalink / raw)
To: Arturo Borrero Gonzalez; +Cc: netfilter
Thanks a lot Arturo, I will follow your advice.
¡Muchas gracias!
El jue., 21 nov. 2019 a las 14:59, Arturo Borrero Gonzalez
(<arturo@netfilter.org>) escribió:
>
> On 11/20/19 1:29 PM, Elias Valea Peri wrote:
> > Hi to all, we’re migrating our systems from netfilter + iptables to
> > netfilter + nftables.
> > We’re looking for information about which modules we want/need to load
> > for our needs and extensions we want to use.
> > Looking for documentation about, we aren't capable to find a
> > description of what does each module. For some modules, we see easily,
> > just by its filename, what does but for others it isn't easy.
> > We've downloaded our kernel sources, look for doc at netfilter.org,
> > www.kernel.org/doc, etc... without success.
> > Does anybody knows where we can find for each nf_*.ko, nfnetlink_*.ko,
> > nft_*.ko ... file the functionality/extension that implements each one
> > ????
>
> In general, you have some description of each module at Kconfig files, for example:
>
> https://elixir.bootlin.com/linux/latest/source/net/netfilter/Kconfig
>
> The nf_tables framework is a bit different from x_tables. In x_tables each
> target/match provided a very specific functionality that you may or may not find
> interesting for your use case (and you could disable if not)
>
> In nf_tables rules are composed of low level expressions each providing some
> kind of functionality. Mots likely you won't find a 1:1 correspondence between a
> given nft rule statement and a kernel module. Unless you know you are doing, I
> would advice to enable all of the nft_ modules, to make sure the ruleset you
> configure has the corresponding kernel support.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-21 16:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-20 12:29 Doubts about netfilter + nftables and module Elias Valea Peri
2019-11-21 13:59 ` Arturo Borrero Gonzalez
2019-11-21 16:09 ` Elias Valea Peri
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.