Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nftables support #816

Closed
kabakaev opened this issue Sep 26, 2023 · 7 comments · Fixed by #883
Closed

Nftables support #816

kabakaev opened this issue Sep 26, 2023 · 7 comments · Fixed by #883
Assignees
@mheon

Comments

@kabakaev
Copy link

As of now, the nftables backend is not implemented.

Hence, it is not possible to run netavark on a Linux kernel with nftables modules and without iptables.

Altough the CONFIG_NFT_MASQ kernel config is enabled, the /usr/sbin/iptables-nft alternative iptables CLI cannot emulate the masquerade action and complains:

Error: netavark: unable to append rule '! -d 224.0.0.0/4 -j MASQUERADE' to table 'nat': code: 4, msg: Warning: Extension MASQUERADE revision 0 not supported, missing kernel module?
iptables v1.8.9 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain NETAVARK-1700E948C4CCE

Supposedly, native nftables driver should fix the issue.
@Luap99
Copy link
Member

Luap99 commented Sep 26, 2023

iptables-nft should work, to my understanding distros like RHEL do not even ship the legacy iptables command and I know netavark works on RHEL. So I suggest you take a look at their kernel config.

I also tested iptables-nft on fedora before and it seems to work there as well.

But yes a proper nftables driver is on our TODO list, it just hasn't gotten enough prioritization so far.

@kabakaev
Copy link
Author

kabakaev commented Sep 27, 2023
edited
Loading

Indeed, it works fine on a normal kernel in any distro. I'm referring to my case of an embedded system with pure nftables compiled in kernel, without CONFIG_NFT_COMPAT module for iptables/xt_tables compatibility.

@Luap99
Copy link
Member

Luap99 commented Sep 27, 2023

Yes I guess it is not possible at the moment then. Would you be interested in contributing this feature?

@edsantiago edsantiago changed the title Nftables‎ support Nftables support Sep 27, 2023
@imp1sh
Copy link

imp1sh commented Jan 3, 2024

I would love this feature as well. As a DevOps engineer it becomes a bit annoying when you have a standard deployed e.g. with Ansible and then again you get pulled back into reality when you get reminded that it won't work with podman hosts...

mheon added a commit to mheon/netavark that referenced this issue Jan 4, 2024
@mheon
Initial draft of nftables support
d1f2cb0 
This implementation lacks isolation support at present (that'll
be a followon PR) and has only very minimal testing at the moment
(including absolutely 0 testing for IPv6), but does handle all
core tasks including forwarding and all types of port forwarding.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
@mheon mheon mentioned this issue Jan 4, 2024
Merged
mheon added a commit to mheon/netavark that referenced this issue Jan 4, 2024
@mheon
Initial draft of nftables support
12b2c96 
This implementation lacks isolation support at present (that'll
be a followon PR) and has only very minimal testing at the moment
(including absolutely 0 testing for IPv6), but does handle all
core tasks including forwarding and all types of port forwarding.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 4, 2024
@mheon
Initial draft of nftables support
70de160 
This implementation lacks isolation support at present (that'll
be a followon PR) and has only very minimal testing at the moment
(including absolutely 0 testing for IPv6), but does handle all
core tasks including forwarding and all types of port forwarding.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 4, 2024
@mheon
Initial draft of nftables support
521b5b3 
This implementation lacks isolation support at present (that'll
be a followon PR) and has only very minimal testing at the moment
(including absolutely 0 testing for IPv6), but does handle all
core tasks including forwarding and all types of port forwarding.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 4, 2024
@mheon
Initial draft of nftables support
102cdb5 
This implementation lacks isolation support at present (that'll
be a followon PR) and has only very minimal testing at the moment
(including absolutely 0 testing for IPv6), but does handle all
core tasks including forwarding and all types of port forwarding.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 5, 2024
@mheon
Initial draft of nftables support
4f3bd79 
This implementation lacks isolation support at present (that'll
be a followon PR) and has only very minimal testing at the moment
(including absolutely 0 testing for IPv6), but does handle all
core tasks including forwarding and all types of port forwarding.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 5, 2024
@mheon
Initial draft of nftables support
cd511cd 
This implementation lacks isolation support at present (that'll
be a followon PR) and has only very minimal testing at the moment
(including absolutely 0 testing for IPv6), but does handle all
core tasks including forwarding and all types of port forwarding.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 5, 2024
@mheon
Initial draft of nftables support
5170d13 
This implementation lacks isolation support at present (that'll
be a followon PR) and has only very minimal testing at the moment
(including absolutely 0 testing for IPv6), but does handle all
core tasks including forwarding and all types of port forwarding.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 8, 2024
@mheon
Initial draft of nftables support
601c63a 
This implementation lacks isolation support at present (that'll
be a followon PR) and has only very minimal testing at the moment
(including absolutely 0 testing for IPv6), but does handle all
core tasks including forwarding and all types of port forwarding.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 8, 2024
@mheon
Netavark: nftables support
a9ff1ce 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 8, 2024
@mheon
Netavark: nftables support
b6d9c7d 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 8, 2024
@mheon
Netavark: nftables support
c19a317 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 8, 2024
@mheon
Netavark: nftables support
414e48a 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 8, 2024
@mheon
Netavark: nftables support
11e4f4c 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 8, 2024
@mheon
Netavark: nftables support
e9ae31c 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 9, 2024
@mheon
Netavark: nftables support
d7a9fd2 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 9, 2024
@mheon
Netavark: nftables support
ec2b639 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 9, 2024
@mheon
Netavark: nftables support
0e4ba18 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 9, 2024
@mheon
Netavark: nftables support
5753bdf 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 9, 2024
@mheon
Netavark: nftables support
77f8df8 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 10, 2024
@mheon
Netavark: nftables support
dac8186 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 10, 2024
@mheon
Netavark: nftables support
d7802d0 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 10, 2024
@mheon
Netavark: nftables support
be3f504 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 10, 2024
@mheon
Netavark: nftables support
3a067df 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 10, 2024
@mheon
Netavark: nftables support
c8c548a 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 10, 2024
@mheon
Netavark: nftables support
2a722d4 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
mheon added a commit to mheon/netavark that referenced this issue Jan 10, 2024
@mheon
Netavark: nftables support
db43e53 
Adds an nftables firewall backend and tests for said backend.
Implements basic forwarding, port forwarding, and teardown for
all relevant rules. Heavily based on our existing iptables driver
but with a number of improvements (we live in a dedicated table,
so this should play much more nicely with other tools using the
firewall; IPv4 and IPv6 share a table and almost all code; and
rule structure is a bit simpler because we do have our own table
and don't have to worry about cluttering up the FORWARD chain,
we'll the the only ones using it.

This implementation presently does not support isolation; that
will be added in a followon.

Fixes containers#816

Signed-off-by: Matthew Heon <[email protected]>
@g00g1
Copy link

g00g1 commented Jan 27, 2024
edited
Loading

Hello,

I am having the same issue, however it should not happen to me as I have the latest podman and netavark versions. Please help me with troubleshooting, thanks!

Details 

Error: netavark: unable to append rule '! -d 224.0.0.0/4 -j MASQUERADE' to table 'nat': code: 4, msg: Warning: Extension MASQUERADE revision 0 not supported, missing kernel module?
iptables v1.8.9 (nf_tables):  RULE_APPEND failed (No such file or directory): rule in chain NETAVARK-1D8721804F16F

admin@fedora:~$ sudo podman info --debug
host:
  arch: amd64
  buildahVersion: 1.33.2-dev
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.8-2.fc39.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.8, commit: '
  cpuUtilization:
    idlePercent: 94.38
    systemPercent: 3.17
    userPercent: 2.45
  cpus: 1
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    version: "39"
  eventLogger: journald
  freeLocks: 2045
  hostname: fedora
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.6.13-200.fc39.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 970092544
  memTotal: 1493110784
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.9.0-1.20240124201435179069.main.26.g2fddbdf.fc39.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.11.0-dev
    package: netavark-1.10.1-1.20240126120738774699.main.4.gca3cf7a.fc39.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.11.0-dev
  ociRuntime:
    name: crun
    package: crun-1.14-1.20240124163144650285.main.1.g6507628.fc39.x86_64
    path: /usr/bin/crun
    version: |-
      crun version UNKNOWN
      commit: ef91050a09bb69cfaea8084e92969b18e84db0a8
      rundir: /run/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20231230.gf091893-1.fc39.x86_64
    version: |
      pasta 0^20231230.gf091893-1.fc39.x86_64
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.2-1.fc39.x86_64
    version: |-
      slirp4netns version 1.2.2
      commit: 0ee2d87523e906518d34a6b423271e4826f71faf
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.3
  swapFree: 1492119552
  swapTotal: 1492119552
  uptime: 0h 3m 29.00s
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 3
    paused: 0
    running: 0
    stopped: 3
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 41872785408
  graphRootUsed: 1915011072
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "true"
    Supports volatile: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 1
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 5.0.0-dev-4bef65240
  Built: 1706293970
  BuiltTime: Fri Jan 26 18:32:50 2024
  GitCommit: ""
  GoVersion: go1.21.6
  Os: linux
  OsArch: linux/amd64
  Version: 5.0.0-dev-4bef65240

UPD: adding NETAVARK_FW=nftables to the /etc/environment solves this issue.

@mheon
Copy link
Member

mheon commented Jan 27, 2024

You can set firewall driver from containers.conf via the firewall_driver option; see https://github.com/containers/common/blob/main/pkg/config/containers.conf#L355

@g00g1
Copy link

g00g1 commented Jan 28, 2024

@mheon, thanks for this tip! Although, this option was not present in mine configuration for some reason, considering that I have done clean installation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mheon mheon

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Initial draft of nftables support mheon/netavark
5 participants
@imp1sh @kabakaev @mheon @Luap99 @g00g1