Netfilter nf_tables support
modulename: nf_tables.ko
configname: CONFIG_NF_TABLES
Linux Kernel Configuration
└─>Networking support
└─>Networking options
└─>Network packet filtering framework (Netfilter)
└─>Core Netfilter Configuration
└─>Netfilter nf_tables support
In linux kernel since version 3.10 (release Date: 2013-06-30)
nftables is the new packet classification framework that intends to
replace the existing {ip,ip6,arp,eb}_tables infrastructure. It
provides a pseudo-state machine with an extensible instruction-set
(also known as expressions) that the userspace 'nft' utility
(https://www.netfilter.org/projects/nftables) uses to build the
rule-set. It also comes with the generic set infrastructure that
allows you to construct mappings between matchings and actions
for performance lookups.
To compile it as a module, choose M here.
replace the existing {ip,ip6,arp,eb}_tables infrastructure. It
provides a pseudo-state machine with an extensible instruction-set
(also known as expressions) that the userspace 'nft' utility
(https://www.netfilter.org/projects/nftables) uses to build the
rule-set. It also comes with the generic set infrastructure that
allows you to construct mappings between matchings and actions
for performance lookups.
To compile it as a module, choose M here.
source code:
is selected by
CONFIG_NETFILTER_NETLINK_HOOKCONFIG_NF_TABLES_INET
CONFIG_NFT_CONNLIMIT
CONFIG_NFT_MASQ
CONFIG_NFT_REDIR
CONFIG_NFT_NAT
CONFIG_NFT_SOCKET
CONFIG_NFT_OSF
CONFIG_NFT_TPROXY
CONFIG_NFT_SYNPROXY
CONFIG_NFT_DUP_NETDEV
CONFIG_NFT_FWD_NETDEV
CONFIG_NFT_REJECT_IPV4
CONFIG_NFT_DUP_IPV4
CONFIG_NFT_FIB_IPV4
CONFIG_NF_TABLES_ARP
CONFIG_NFT_REJECT_IPV6
CONFIG_NFT_DUP_IPV6
CONFIG_NFT_FIB_IPV6
CONFIG_NF_TABLES_BRIDGE