blog:linux:nftables_packet_flow_netfilter_hooks_detail
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
blog:linux:nftables_packet_flow_netfilter_hooks_detail [2021-07-16] – referring to "callbacks" now as "hook functions" Andrej Stender | blog:linux:nftables_packet_flow_netfilter_hooks_detail [2022-08-07] (current) – activated TOC Andrej Stender | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | {{tag> | + | {{tag> |
====== Nftables - Packet flow and Netfilter hooks in detail ====== | ====== Nftables - Packet flow and Netfilter hooks in detail ====== | ||
~~META: | ~~META: | ||
date created = 2020-05-17 | date created = 2020-05-17 | ||
~~ | ~~ | ||
- | |||
- | ~~NOTOC~~ | ||
If you are using // | If you are using // | ||
Line 12: | Line 10: | ||
provide example configurations. | provide example configurations. | ||
However, if you are working on a little bit more complex stuff like writing | However, if you are working on a little bit more complex stuff like writing | ||
- | // | + | // |
and doing NAT, or other of the "more interesting" | and doing NAT, or other of the "more interesting" | ||
to get a little more tricky. | to get a little more tricky. | ||
Line 49: | Line 47: | ||
</ | </ | ||
- | However, what this image shows you is the packet flow though the //Netfilter hooks// and thereby the packet flow through the //tables// and //chains// like they existed in old // | + | However, what this image shows you is the packet flow though the //Netfilter hooks// and thereby the packet flow through the //tables// and //chains// like they existed in old // |
===== Netfilter ===== | ===== Netfilter ===== | ||
Line 181: | Line 179: | ||
===== Connection tracking ===== | ===== Connection tracking ===== | ||
- | As you can see in Figure {{ref> | + | As you can see in Figure {{ref> |
===== Nftables ===== | ===== Nftables ===== | ||
Line 305: | Line 303: | ||
+ | ==== List hook functions (coming soon) ==== | ||
+ | Nftables developers in July 2021 announced a new feature, which will | ||
+ | likely be included in the next version of Nftables to be released; | ||
+ | see [[http:// | ||
+ | registered with a specified Netfilter hook together with their assigned | ||
+ | priorities. If you e.g. like to list all hook functions currently registered with the Netfilter | ||
+ | IPv4 Prerouting hook, the syntax to do that will probably be something like | ||
+ | '' | ||
===== Context ===== | ===== Context ===== | ||
The described behavior and implementation has been observed on a | The described behavior and implementation has been observed on a | ||
Line 318: | Line 324: | ||
- | //published 2020-05-17//, | + | //published 2020-05-17//, |
blog/linux/nftables_packet_flow_netfilter_hooks_detail.1626452031.txt.gz · Last modified: 2021-07-16 by Andrej Stender