From: Arturo Borrero Gonzalez <arturo@netfilter.org>
To: Elias Valea Peri <eliasvp@gmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: Doubts about netfilter + nftables and module
Date: Thu, 21 Nov 2019 14:59:19 +0100 [thread overview]
Message-ID: <ed81e7ad-708e-d3f1-0c1d-09329f0c3409@netfilter.org> (raw)
In-Reply-To: <CAPar=unRE+rOGVEnvJfvgLKAz3hBa+azm-gb6kPsP-kUz5MLOw@mail.gmail.com>
On 11/20/19 1:29 PM, Elias Valea Peri wrote:
> Hi to all, we’re migrating our systems from netfilter + iptables to
> netfilter + nftables.
> We’re looking for information about which modules we want/need to load
> for our needs and extensions we want to use.
> Looking for documentation about, we aren't capable to find a
> description of what does each module. For some modules, we see easily,
> just by its filename, what does but for others it isn't easy.
> We've downloaded our kernel sources, look for doc at netfilter.org,
> www.kernel.org/doc, etc... without success.
> Does anybody knows where we can find for each nf_*.ko, nfnetlink_*.ko,
> nft_*.ko ... file the functionality/extension that implements each one
> ????
In general, you have some description of each module at Kconfig files, for example:
https://elixir.bootlin.com/linux/latest/source/net/netfilter/Kconfig
The nf_tables framework is a bit different from x_tables. In x_tables each
target/match provided a very specific functionality that you may or may not find
interesting for your use case (and you could disable if not)
In nf_tables rules are composed of low level expressions each providing some
kind of functionality. Mots likely you won't find a 1:1 correspondence between a
given nft rule statement and a kernel module. Unless you know you are doing, I
would advice to enable all of the nft_ modules, to make sure the ruleset you
configure has the corresponding kernel support.
next prev parent reply other threads:[~2019-11-21 13:59 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-20 12:29 Doubts about netfilter + nftables and module Elias Valea Peri
2019-11-21 13:59 ` Arturo Borrero Gonzalez [this message]
2019-11-21 16:09 ` Elias Valea Peri
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ed81e7ad-708e-d3f1-0c1d-09329f0c3409@netfilter.org \
--to=arturo@netfilter.org \
--cc=eliasvp@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.