monnier pushed a change to branch externals/nftables-mode.
at 05600129ee Minor changes to follow more conventions
This branch includes the following new commits:
new 6fbf0a5557 Update iptab imports from twb's personal git repo.
new 1817c43fb9 Initial example nftables ruleset
new 35e908d774 just a backup copy in case I lose the original somewhere
new 78a1a48898 cannot reject as default policy
new b2991ce112 Notes from RFC4890 (separate vmaps initially)
new bf11cb5fec merge the RFC4890 input and forward vmaps into a single
common vmap
new 103844fb41 move the ICMPv6 policy to a separate named map, so it's
out of the way
new 8fcd04379c bugfix and tweak
new 9058451303 correct for Towards a Perfect Ruleset number
new 794a6e6774 limit ICMP by type, tweak notes, expand on iif vs
iifname, document "flush table" gotcha
new 242fae1e71 limit ICMP by type, tweak notes, expand on iif vs
iifname, document "flush table" gotcha
new 7350707c88 forked from nftables-host.nft
new f354d71598 break prologue (nee PRELUDE) out of input
new b466c545f5 Example NAT rules (load OK, but haven't actually tested
packets going through them)
new f00cf640fb nftables - glob gotcha; HOW to rename ifaces; gateway
(-i/-o) policy; mail reputation protection
new e47799589c add remaining allow/deny rules from alpha as an example
new 6e908b1d67 Got the IPS working at last (inc IPv6), mua ha ha!
new 8b6ccea869 fixup! Got the IPS working at last (inc IPv6), mua ha ha!
new 34ffd618ac fixup! Got the IPS working at last (inc IPv6), mua ha ha!
new 14856f12c1 more notes
new 16adfabcec add reminder re IPv6 ranges for SSH IPS
new 166b789260 old comments
new 3e71d87a8c Chuck out the stateless vmap example from the "simple
version" firewall
new fb87ee1e07 Use stateful ICMP/ICMPv6 filtering by default (but leave
the vmaps as documentation)
new 9bc4a6f589 Don't do "flush ruleset" (i.e. expect auxiliary tables
w/ race conditions)
new 3fd8b3f79e comment tweaks
new 760486c219 update note from sshguard
new 94f54f52ec reference nftables ruleset
new d04e123fc3 fixup! reference nftables ruleset
new 4974259919 typo fixes (thanks mattcen)
new 70b0e577a6 Debian doesn't have "pptp" in /etc/services
new 3e9c8cf907 fixup! typo fixes (thanks mattcen)
new 109dfa382a Remove "list ruleset" due to
https://bugs.debian.org/982576
new 869f14abf4 Initial import.
new 70910dbc2a Merge remote-tracking branch 'KB/master'
new 7b031a2014 Merge remote-tracking branch 'ansible/master'
new 7f924acbac basic README for github
new 20fa3d3a55 Oops, this was never under version control before.
new 3a03651cda Old changes that I forgot to commit
new a207b02bd6 Lightly edited, adding some of the normal conventions
for .el files
new 05600129ee Minor changes to follow more conventions
