nftables-0.9.8-150400.6.3.1<>,Ae:|p9|h/Lj;Ǚ 9/g!*jϡݪ!nS%E\/0> Ŭҍ w-7Jq}SRGwa1wfWToiϏ? 凙ѡ5S*ۋ(u[DN+5jSvDdM6a=}ZP"6륐ߖJ*U>11(QŽ.sQ@AL@q-mѥs`GaUzM\+jl>_CD>>6?6d   V $04Mn{ T   ,    $     0 L  x  ( 8 9$:F-G-H.I.tX.Y.\.]/,^0 b1c26d2e2f2l2u2v3Dw5@x5y6z646D6H6N6Cnftables0.9.8150400.6.3.1Userspace utility to access the nf_tables packet filternf_tables is a firewalling mechanism in the Linux kernel, running independently of and parallel to ip_tables, ip6_tables, arp_tables and ebtables. nftables is the corresponsing userspace frontend. The nftables frontend features support for sets and dictionaries of arbitrary types, meta data types, atomic incremental and full ruleset updates, and, similar to iptables, support for different protocols, access to connection tracking and NAT and logging.e:|h03-ch2d8SUSE Linux Enterprise 15SUSE LLC GPL-2.0-onlyhttps://www.suse.com/Productivity/Networking/Securityhttps://netfilter.org/projects/nftables/linuxx86_64JJNBp mGT%AA큤큤큤A큤A큤e:{e:ze:{e:ze:ze:ze:ze:ze:ze:ze:ze:ze:ze:ze:ze:ze:ze:ze:ze:ze:ze:ze:ze:{` ee:ze:zbb74794a8d269d39a0bc86986e723fb02e83cef9c4074a3b8d350da108ee401feb105921e31b243108213f7652f2d091b563c65ea7495e09bb9afca00830431d4d82d9c74a5ac107c033e4968d2b9f20f2ba6b41d64529461c72b202a989750a14bd376e596c97061b6df3151a6d14cc3daa4ceb58c8dc26d9fa0f5d21d9c0a5ff2b25d6d381264f440e53a77e487e3bcb3bd680b3f2f85e2003e45f6bfb899df4575e3068ef3abd609f0bb186c74ddde4ef5a8ac3fa53c6d95d19d97e4b868819955c98d62a5a940b3ec465503be5833eef60b08f733d412fa4fc9b57ebf876b6b8d8b79c14f7c2e0829a821519915fd3c05a27b32dc46a67b20cdd1d940d0676bf18648ed2a2ef41474b77c27abd59f8168c2421b9eefbb6a8a8f83b0b4467396692829e5d67c532fd2bf832ce414eec029ea20646ea54bfa3de4c1d92470fa6661eb0325ab5222b668ae05f7f8ba974610a8546c304951ef0cf5e6c449b32f78c4431557fc9dd816e2139f203de5b5a7f7689c636f88e350500fbfe0930c6c1ab0dd636b4ddd6da059d8e556296166e9a77b8fb5c598ac21da09b23961a373a3c631909d8fa3d8a52b025598413b8531023c54278630231a90de518e868f9217960409ccbd62af466aca6fcdac68d262df410db78b439aa475e2de8f73de7336d0fd8232098fca619f6423059560911c3c1064bc91a8949939b46f81e5b3bfb7759c80e557525898ff8fc8353839c90e59f7d0dbaa56c5407efde770617b22e49e6bd24a07b7691937c5683cfdb15dbb1b7ce7c5a37865ad28d71ea2b6ed5ef749604fd6ccd044c1f0093574869efe85deb2ca1145a6bbd3ebcd602ef326feb5f02fe1ad203273f34ecfcef1b1389b0dc07f055c1969794c4f4ae2169ffc0c17bc4fa5b2434c6f283ffcb2312e5bf3c7cdf5787b79505f094d8de734ac53e9b43e42488fbd3e263c4a53a60c63d7edde703003778fa4c28c7486a4ae2527bb2f71ca473c867c5a8a5f6e1d145f7981301e01889e73c48f167b41425e574c6rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootnftables-0.9.8-150400.6.3.1.src.rpmnftablesnftables(x86-64)@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libnftables.so.1()(64bit)libreadline.so.7()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3edGbo`_ ^@^ۅ@^@^@]7@]N@]Z@\C@[@ZZ@Z@Zu@Z]@YXY@WPU@U`kTmatthias.gerstner@suse.commatthias.gerstner@suse.commatthias.gerstner@suse.comjengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.destefan.bruens@rwth-aachen.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.demrueckert@suse.dejengelh@inai.de- port python-single-spec logic from Factory package to allow shipment of python311 modules as well (bsc#1219253).- add 0001-evaluate-reject-support-ethernet-as-L2-protocol-for-.patch: this fixes a crash in nftables if layer2 reject rules are processed (e.g. Ethernet MAC address based reject rich rule in firewalld, bsc#1210773).- add 0001-cache-check-for-NULL-chain-in-cache_init.patch: this fixes rare crashes that could occur e.g. in firewalld (bsc#1197606).- Update to release 0.9.8 * Complete support for matching ICMP header content fields. * Added raw tcp option match support. * Added ability to check for the presence of any tcp option. * Support for rejecting traffic from the ingress chain.- Update to release 0.9.7 * Support for implicit chains * Support for ingress inet chains * Support for reject from prerouting chain * Support for --terse option in json * Support for the reset command with json- Update to release 0.9.6 * Fix two ASAN runtime errors- Update to release 0.9.5 * Support for set counters. * Support for restoring set element counters via nft -f. * Counter support for flowtables. * typeof concatenations support for sets. * Support for concatenated ranges in anonymous sets. * Allow to reject packets with 802.1q from the bridge family. * Support for matching on the conntrack ID. - Drop anonset-crashfix.patch (upstream solved differently)- Add anonset-crashfix.patch [boo#1171321]- Update to release 0.9.4 * Add a helper for concat expression handling. * Add "typeof" build/parse/print support.- Add json, python [boo#1158723]- Update to release 0.9.3 * meta: Introduce new conditions "time", "day" and "hour". * src: add ability to set/get secmarks to/from connection. * flowtable: add support for named flowtable listing. * flowtable: add support for delete command by handle. * json: add support for element deletion. * Add `-T` as the short option for `--numeric-time`. * meta: add ibrpvid and ibrvproto support- Update to new upstream release 0.9.2 * Transport header port matching, e.g. "th dport 53" * Support for matching on IPv4 options * Support for synproxy- Remove unused dblatex BuildRequires, only needed for the optional and disabled PDF generation (same contents as shipped manpage).- Update to new upstream release 0.9.0 * Support to check if packet matches an existing socket. * Support to limit number of active connections by arbitrary criteria, such as ip addresses, networks, conntrack zones or any combination thereof. * Added support for "audit" logging.- Update to new upstream release 0.8.5 * support to add/insert a rule at a given index position * meter statement now supports a configureable upper max size * timeouts for sets can now be specified in milliseconds * re-add iptables-like empty skeleton rulesets- Update to new upstream release 0.8.4 * Support to match IPv6 segment routing headers. * New "meta ibrname" and "meta obrname" arguments to match the name of the logical bridge a packet is passing through. These new names replace the old (misnamed) "ibriport"/"obriport". * `nft -a` will now show handle identifier for all objects, including tables and chains. * nft can now delete objects by their handle number. * Support to update maps from the ruleset (packet path). * the "--echo" option now prints handle id for tables and object too. * `nft -f -` will now read from standard input * Support for flow tables, cf. man page or https://lwn.net/Articles/738214/ .- Update to new upstream release 0.8.3 * raw payload support to match headers that do not yet have received a mnemonic.- Update to new upstream release 0.8.2 * add secpath support- Update to new upstream release 0.8.1 * This release deprecates the "flow table" syntax in favor of "meter".- Update to new upstream release 0.8 * This release contains new features available up to the (upcoming) Linux 4.14 kernel release: * Support for stateful objects, these objects are uniquely identified by a user-defined name, you can refer to them from rules, and there is a well established interface to operate with them. * Sort set elements when listing them, from lower to largest. * TCP option matching and mangling support. This includes TCP maximum segment size mangling. * Add new "-s" option for listings without stateful information. * Add new -c/--check option for nft, to tests if your ruleset loads fine, into the kernel, this is a dry run mode. * Connection tracking helper support. * Add --echo option, to print the handle that the kernel allocates to uniquely identify rules. * Conntrack zone support * Symmetric hash support * Add support to include directories from nft natives scripts, files are loaded in alphanumerical order. * Allow to check if IPv6 extension header or TCP option exists or is missing. * Extend quota support to display used bytes. * Add ct average matching, to match average bytes per packet a connection has transferred so far, to map the existing feature available in the iptables connbytes match. * Allow to flush maps and flow tables. * Allow to embed set definition into an existing set. * Conntrack event filtering support via rule.- Update to new upstream release 0.7 * Add new fib expression, which can be used to obtain the output interface from the route table based on either source or destination address of a packet. * Support hashing of any arbitrary key combination, eg. * Add number generation support. Useful for round-robin packet mark setting. * Add quota support, eg. * Introduce routing expression, for routing related data with support for nexthop * Notrack support, to explicitly skip connection tracking for matching packets. * Support to set non-byte bound packet header fields, including checksum adjustment. * Add 'create set' and 'create element' commands. * Allow to use variable reference for set element definitions. * Allow to use variable definitions from element commands. * Add support to flush set. You can use this new command to remove all existing elements in a set. * Inverted set lookups. * Honor absolute and relative paths via include file, where: * Support log flags, to enable logging TCP sequence and options. * tc classid parser support, eg. * Allow numeric connlabels, so if connlabel still works with undefined labels.- Update to new upstream release 0.6 * Rules may be replaced now * Flow table support (requires Linux >= 4.3) * Support for tracing * Ratelimiting now supports units like bytes/second. * Matchinv VLAN IDs, DSCP/ECN, ICMP RtAdv & RtSol- Update to new upstream release 0.5 * Support combinations of two or more selectors to build a tuple * Timeout support for sets * Dormant flag for tables * Default chain policy specifiable on creation- set the url to the project page - pass --disable-silent-rules to configure to allow gcc post build check to work- Update to new upstream release 0.4 * Since Linux 3.18: support for global ruleset operations * Since 3.17: full logging support for all the families, including nfnetlink_log * 3.16: automatic selection of the optimal set implementation * 3.14: reject support for ip, ip6 and inet * 3.18: reject support for bridge, and reject icmpx abstraction * 3.18: masquerade support * 3.19: redirect support * Extend meta to support pkttype, cpu and devgroup matching.h03-ch2d 1706703484 0.9.8-150400.6.3.10.9.8-150400.6.3.1nftnftablesexamplesall-in-one.nftarp-filter.nftbridge-filter.nftct_helpers.nftinet-filter.nftinet-nat.nftipv4-filter.nftipv4-mangle.nftipv4-nat.nftipv4-raw.nftipv6-filter.nftipv6-mangle.nftipv6-nat.nftipv6-raw.nftload_balancing.nftnetdev-ingress.nftosfpf.ossecmark.nftsets_and_maps.nftnftablesCOPYINGlibnftables-json.5.gznft.8.gz/usr/sbin//usr/share/doc/packages//usr/share/doc/packages/nftables//usr/share/doc/packages/nftables/examples//usr/share/doc/packages/nftables/examples/osf//usr/share/licenses//usr/share/licenses/nftables//usr/share/man/man5//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:32329/SUSE_SLE-15-SP4_Update/46eb6c5f49d922385645e75c4a0a7247-nftables.SUSE_SLE-15-SP4_Updatedrpmxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=8baedf621bda8b36f34e5c5fe5b8c72c31e5e5cd, for GNU/Linux 3.2.0, strippeddirectoryASCII texta /usr/sbin/nft -f script, ASCII text executabletroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, max compression, from Unix)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)RRRRRRRA i@xʙ}c,utf-88245918c55866d871d2280ae579f6cd893d3e774ac79fd4ec994d4fc9f072096? 7zXZ !t/]"k%{Y՛-\yT;q<Ӈm]֮zW mq8Ki^Q„Wr޴x#J[7fe=;4c hgV{\D?a>ݫK}ِ؇hxt vf7[ܖ׫W,<z;EI~c5-W*MM1SW P+b(D __~_!hfj3Ua VޮN#VUl6M`dG}46iheqkT,\ Xe |u\f!WdB/aWW4oteq1dlh 8oS  !("x8gDNלgW;[`Mga*7YÜKMf#, irb j7>CM5t$O<@˟u&pP͛ރLoc!lkج gOAOh)aРb8C ;R [ulFY->3l?#0 }I;Άm#o˟Y/T볞9#fcz[Qɥ:aDR1dZqxM]t_UC$^l&&`>jǻAPjե;jI1D솩&b2}\e+2[m@@ƄƺF(56)lbPcXϴG<1|n/KN Fr7|kˉ4<' TiY.w8Bwm".#)ym&2&ȁݽȅ@HmBZX^g<xH/Gw_oZ f:?7?6A2 0ә$fz f.)_7&qF^Ř: }j U{HE,2lxf MtQ9LXGjyhƤl&A0:pz6z5_Ki]@X&pmUchqvb ( k},: EpP;+Mv=^X9w/ba b2ѐ!)?G9oD7dt=+z4wlC7k }J=)."t}$G E4 #Z|(aT ̒0PuE7 5Tk)Ne]I"BSY:tK('xOZ׬P@$M7S3N 8٨xfOu=ݧ|Wn嶛q´lO/iLB`9 S!|i8)tEwJ}⍦Т/kjm10LuOPqk*v&skveO_+%1r\3Z;rgZ6lb*[dXc.o "9Bm?y7@{T N\mNsBS#\49 ) LƩ\KktAJS^ +5sҢU0-ͮͺ t=99җvU micQ&ћҀYmG`Vañ!8jL 7cj70پܖyc ^0d ,dr b g 2c/v$RfMq}&'UGq}M*LTHx)Ĕ0 /R YZ