The Netfilter team has officially released nftables version 1.1.0, marking an important update to this firewalling and networking toolset, which is widely used in the Linux ecosystem.
This release, finalized after eight months of development, incorporates numerous fixes and improvements to enhance stability, compatibility, and usability. Here are the most important ones.
Key Enhancements and Fixes
nftables 1.1.0 restores compatibility for setting element dumps for versions up to 0.9.8, ensuring smoother transitions and backward compatibility for users reliant on older versions.
This update also addresses many bugs, including preventing crashes related to empty interface names and improving input sanitization to avoid out-of-bounds (OOB) errors and memory leaks.
In response to community feedback, several user-centric adjustments have been made. Notably, the update introduces error handling improvements, turning what would previously trigger assertions into properly managed errors.
Additionally, improvements in the handling of TCP options and byte order conversions in set concatenations and ranges have been included, refining the toolโs networking capabilities and data handling precision.
On the features side, nftables 1.1.0 refines support for JSON in chain multidevice management, simplifying configuration and management processes for users with complex firewall setups.
In addition, the update also enhances the listing and fetching speeds for tables, utilizing the -t or --terse option, which will aid administrators in managing large-scale rule sets more efficiently.
Additionally, nftables 1.1.0 also tackles the integration of new network devices into flow tables without manual intervention, streamlining network management tasks.
For those dealing with time-sensitive rules, the update brings corrections to meta-hour listings with negative time offsets, ensuring that time-based rules behave as expected regardless of timezone differences.
Developers will appreciate the expanded capabilities in expression handling, particularly the addition of support for variables in map expressions and the improved handling of large concatenations and payloads that exceed the previous size limits.
nftables 1.1.0 can be downloaded from the Netfilter website. Comprehensive user documentation is also accessible through their official wiki page. For detailed information on all novelties in the new version, visit the changelog.
