[Swan-commit] Changes to ref refs/heads/main
Antony Antony
antony at vault.libreswan.fi
Sun Feb 12 17:22:45 EET 2023
New commits:
commit 4cf1bc716d0ec6d1f495a6b74d1d776a437348cc
Merge: e73fda7e9d 5865942115
Author: Antony Antony <antony at phenome.org>
Date: Sun Feb 12 15:17:12 2023 +0000
Merge branch 'nftables-20230212'
more nftable support for Linux.
- add per connection nflog support
- add CAT support
Pluto adds xtra "in" policies for nftable stateless NAT.
TODO more clean up of nft tables when pluto stop.
commit 5865942115e6e62393cb995b2c638948c4373046
Author: Antony Antony <antony at phenome.org>
Date: Sat Feb 11 12:25:36 2023 +0000
testing: a generic nic nat script using nftables
prepare to move away from iptbables. use nftables for snat on nic
commit 5f2ee6e73485e65f09e686ccbb6018946f94a280
Author: Antony Antony <antony at phenome.org>
Date: Sun Feb 12 15:15:54 2023 +0000
testging: nftable related tests
commit 50befe8fff5b67b03d86e7d8cae34d7ac9ae445b
Author: Antony Antony <antony at phenome.org>
Date: Sun Feb 12 15:15:01 2023 +0000
pluto: linux nftables specific in policy
add extra in policy for nftable stateless nat.
nft stateless NAT is a bit different from iptables and it need an extra
"in" xfrm policy.
commit bddc2be2a9f3d2d20880defea501adfdc3891747
Author: Antony Antony <antony at phenome.org>
Date: Sat Feb 4 15:26:50 2023 +0100
ipsec: startup script allow no firewall, no nftables and no iptables
ipsec start fails when the following command errors out.
root at west:~# /usr/local/sbin/ipsec --checknflog
unknown firewall comaand expect ipables or nft
Don't exit when there is no known firewall configured. Just continue.
Pluto can mostly work without eiether of them. The sepecic features
cat or nflog will fail to load. That will be a runtime error.
commit 5f4b51a14e5f2a9317d62f6cc90b81133dafe4fd
Author: Antony Antony <antony at phenome.org>
Date: Sat Aug 20 13:31:51 2022 +0000
linux: enable nftables for cat and nflog per connection
commit e64bacac360d180fe581be63304ee24a823a7bd9
Author: Antony Antony <antony at phenome.org>
Date: Fri Aug 19 15:43:11 2022 +0000
linux: nft add cat support
commit 50949bff1f1949942374912c036060d6e719d79a
Author: Antony Antony <antony at phenome.org>
Date: Fri Aug 19 15:26:57 2022 +0000
linux: nftables global nflog add delete and refactor
commit 76dd61aa71c6a16604daee150f6bb9f2fcf5fccd
Author: Antony Antony <antony at phenome.org>
Date: Fri Aug 19 14:51:41 2022 +0000
linux: nftable for per connection nflog
More information about the Swan-commit
mailing list