netfilter · Maintained

Maintainers

• M Pablo Neira Ayuso <pablo@netfilter.org>
• M Florian Westphal <fw@strlen.de>
• R Phil Sutter <phil@nwl.cc>

Paths

• F include/linux/netfilter*
• F include/linux/netfilter/
• F include/net/netfilter/
• F include/uapi/linux/netfilter*
• F include/uapi/linux/netfilter/
• F net/*/netfilter.c
• F net/*/netfilter/
• F net/bridge/br_netfilter*.c
• F net/netfilter/
• F tools/testing/selftests/net/netfilter/

Last 30 days

Most active threads (last 7 days)

• [PATCH 0/6] netfilter: ipset fixes, second batch
  2026-05-23 13:24 · 6 replies in 7d · Jozsef Kadlecsik <hidden>
• [PATCH 0/3 nf-next] netfilter: synproxy: timestamp adjustment fixes
  2026-05-23 19:48 · 3 replies in 7d · Fernando Fernandez Mancera <hidden>
• [PATCH net 00/10] netfilter: updates for net
  2026-05-22 10:43 · 7 replies in 7d · Florian Westphal <fw@strlen.de>
• [PATCH nf-next 0/5] netfilter: conntrack: remove some code
  2026-05-22 05:02 · 5 replies in 7d · Florian Westphal <fw@strlen.de>
• [PATCH v2 nf-next] ipvs: add conn_max sysctl to limit connections
  2026-05-23 17:34 · 0 replies in 7d · Julian Anastasov <ja@ssi.bg>
• [PATCH nf] netfilter: flowtable: avoid num_encaps underflow on bridge VLAN untag
  2026-05-23 15:26 · 0 replies in 7d · David Carlier <hidden>
• [PATCH nf 1/7] netfilter: nfnetlink_cthelper: use {READ,WRITE}_ONCE for accessing helper flags
  2026-05-19 21:38 · 6 replies in 7d · Pablo Neira Ayuso <pablo@netfilter.org>
• [PATCH nf] netfilter: xt_cpu: prefer raw_smp_processor_id
  2026-05-22 10:20 · 1 reply in 7d · Florian Westphal <fw@strlen.de>
• [PATCH nf-next] ipvs: add conn_max sysctl to limit connections
  2026-05-22 10:56 · 0 replies in 7d · Julian Anastasov <ja@ssi.bg>
• [PATCH nf] netfilter: xt_NFQUEUE: prefer raw_smp_processor_id
  2026-05-22 10:47 · 0 replies in 7d · Fernando Fernandez Mancera <hidden>

Active reviewers (last 30 days)

• Yuan Tan <hidden>
  15 attestations (15 Reported-by) · last on 2026-05-23
• Yifan Wu <hidden>
  15 attestations (15 Reported-by) · last on 2026-05-23
• Juefei Pu <hidden>
  15 attestations (15 Reported-by) · last on 2026-05-23
• Xin Liu <hidden>
  15 attestations (15 Reported-by) · last on 2026-05-23
• Florian Westphal <fw@strlen.de>
  11 attestations (2 Acked-by, 7 Reported-by, 2 Suggested-by) · last on 2026-05-22
• Xiang Mei <hidden>
  10 attestations (10 Reported-by) · last on 2026-05-01
• Ilya Maximets <i.maximets@ovn.org>
  7 attestations (4 Reported-by, 3 Tested-by) · last on 2026-05-07
• Tristan Madani <hidden>
  6 attestations (2 Reported-by, 4 Reviewed-by) · last on 2026-05-07
• <hidden>
  5 attestations (5 Reported-by) · last on 2026-05-16
• <hidden>
  5 attestations (5 Reported-by) · last on 2026-05-16

Recent patches

Most-recent 30 patches in this subsystem on netfilter-devel (capped at 30), ordered by date desc.

• [PATCH 2/3 nf-next] netfilter: synproxy: drop packets with duplicated timestamp options
  2026-05-23 · Fernando Fernandez Mancera <hidden>
• [PATCH 3/3 nf-next] netfilter: synproxy: fix unaligned memory access in timestamp adjustment
  2026-05-23 · Fernando Fernandez Mancera <hidden>
• [PATCH 1/3 nf-next] netfilter: synproxy: drop packets if timestamp adjustment fails
  2026-05-23 · Fernando Fernandez Mancera <hidden>
• [PATCH v2 nf-next] ipvs: add conn_max sysctl to limit connections
  2026-05-23 · Julian Anastasov <ja@ssi.bg>
• [PATCH nf] netfilter: flowtable: avoid num_encaps underflow on bridge VLAN untag
  2026-05-23 · David Carlier <hidden>
• [PATCH 2/6] netfilter: ipset: Don't use test_bit() in lockless RCU readers in bitmap types
  2026-05-23 · Jozsef Kadlecsik <hidden>
• [PATCH 5/6] netfilter: ipset: fix potential torn read in reuse/forceadd cases
  2026-05-23 · Jozsef Kadlecsik <hidden>
• [PATCH 4/6] netfilter: ipset: skip gc when resize is in progress
  2026-05-23 · Jozsef Kadlecsik <hidden>
• [PATCH 6/6] netfilter: ipset: add comment how cidr bookkeeping is working
  2026-05-23 · Jozsef Kadlecsik <hidden>
• [PATCH 3/6] netfilter: ipset: fix order of kfree_rcu() and rcu_assign_pointer()
  2026-05-23 · Jozsef Kadlecsik <hidden>
• [PATCH 1/6] netfilter: ipset: Don't use test_bit() in lockless RCU readers in hash types
  2026-05-23 · Jozsef Kadlecsik <hidden>
• [PATCH nf-next] ipvs: add conn_max sysctl to limit connections
  2026-05-22 · Julian Anastasov <ja@ssi.bg>
• [PATCH nf] netfilter: xt_NFQUEUE: prefer raw_smp_processor_id
  2026-05-22 · Fernando Fernandez Mancera <hidden>
• [PATCH net 10/10] netfilter: nf_tables: fix dst corruption in same register operation
  2026-05-22 · Florian Westphal <fw@strlen.de>
• [PATCH net 09/10] selftests: netfilter: add nft_fib_nexthop test
  2026-05-22 · Florian Westphal <fw@strlen.de>
• [PATCH net 05/10] netfilter: disable payload mangling in userns
  2026-05-22 · Florian Westphal <fw@strlen.de>
• [PATCH net 04/10] netfilter: xt_cpu: prefer raw_smp_processor_id
  2026-05-22 · Florian Westphal <fw@strlen.de>
• [PATCH net 03/10] netfilter: nf_conntrack_gre: fix gre keymap list corruption
  2026-05-22 · Florian Westphal <fw@strlen.de>
• [PATCH net 02/10] netfilter: synproxy: refresh tcphdr after skb_ensure_writable
  2026-05-22 · Florian Westphal <fw@strlen.de>
• [PATCH net 01/10] netfilter: conntrack: tcp: do not force CLOSE on invalid-seq RST without direction check
  2026-05-22 · Florian Westphal <fw@strlen.de>
• Re: [PATCH nf] netfilter: xt_cpu: prefer raw_smp_processor_id
  2026-05-22 · Fernando Fernandez Mancera <hidden>
• [PATCH nf-next 5/5] netfilter: conntrack: add deprecation warnings for irc and pptp trackers
  2026-05-22 · Florian Westphal <fw@strlen.de>
• [PATCH nf-next 4/5] netfilter: remove obsolete nf_ct_helper_init api
  2026-05-22 · Florian Westphal <fw@strlen.de>
• [PATCH nf-next 3/5] netfilter: nf_conntrack: switch to static registration
  2026-05-22 · Florian Westphal <fw@strlen.de>
• [PATCH nf-next 2/5] netfilter: conntrack: get rid of tuple in helper definitions
  2026-05-22 · Florian Westphal <fw@strlen.de>
• [PATCH nf-next 1/5] netfilter: nf_conntrack_helper: do not hash by tuple
  2026-05-22 · Florian Westphal <fw@strlen.de>
• [PATCH nf-next v3] netfilter: add option for GCOV profiling
  2026-05-21 · Florian Westphal <fw@strlen.de>
• [PATCH nf v2 3/3] selftests: netfilter: add nft_fib_nexthop test
  2026-05-20 · Jiayuan Chen <hidden>
• [PATCH nf 7/7] netfilter: xt_CT: fix race with rule removal and nfnetlink_queue
  2026-05-19 · Pablo Neira Ayuso <pablo@netfilter.org>
• [PATCH nf 6/7] netfilter: nf_conntrack_timeout: use nf_ct_iterate_destroy() to cleanup timeout going away
  2026-05-19 · Pablo Neira Ayuso <pablo@netfilter.org>

Needs attention (review trailers in, no pickup)

Patches with review trailers that haven't landed in mainline and haven't been Acked by a maintainer. Oldest first.

• [PATCH v4] netfilter: nfnetlink_queue: optimize verdict lookup with hash table
  2025-11-13 · Scott Mitchell <hidden> · 1 Tested-by
• [PATCH v5] netfilter: nfnetlink_queue: optimize verdict lookup with hash table
  2025-11-22 · Scott Mitchell <hidden> · 1 Tested-by
• [PATCH nf-next v2] selftests: netfilter: nft_flowtable.sh: Add the capability to send IPv6 TCP traffic
  2025-11-27 · Lorenzo Bianconi <lorenzo@kernel.org> · 1 Reviewed-by
• [PATCH 5.10] netfilter: nf_set_pipapo: fix initial map fill
  2025-11-28 · Nazar Kalashnikov <hidden> · 1 Reviewed-by
• [PATCH nf v3] netfilter: nf_tables: avoid chain re-validation if possible
  2025-12-11 · Florian Westphal <fw@strlen.de> · 1 Tested-by
• [PATCH AUTOSEL 6.18-6.6] netfilter: nf_tables: avoid chain re-validation if possible
  2025-12-23 · Sasha Levin <sashal@kernel.org> · 1 Tested-by
• [PATCH v5.10-v6.6 ] netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
  2026-02-05 · Keerthana K <hidden> · 1 Reviewed-by
• [PATCH net] net: flow_offload: protect driver_block_list in flow_block_cb_setup_simple()
  2026-02-08 · Shigeru Yoshida <hidden> · 1 Tested-by
• [PATCH v2 nf-next] netfilter: nf_log_syslog: no longer acquire sk_callback_lock in nf_log_dump_sk_uid_gid()
  2026-02-25 · Eric Dumazet <edumazet@google.com> · 1 Reviewed-by
• [PATCH v2 nf-next] netfilter: xt_owner: no longer acquire sk_callback_lock in mt_owner()
  2026-02-25 · Eric Dumazet <edumazet@google.com> · 1 Reviewed-by

Quiet for 30+ days

Patches with no review trailers and no replies. Either the author is heads-down elsewhere or these slipped through. Oldest first.

• [PATCH nf 2/2] selftests: netfilter: add test for nf_tables_jumps_max_netns sysctl
  2025-10-27 · Pablo Neira Ayuso <pablo@netfilter.org>
• [PATCH net 2/3] netfilter: nft_connlimit: fix possible data race on connection count
  2025-10-29 · Florian Westphal <fw@strlen.de>
• [PATCH net 3/3] netfilter: nft_ct: add seqadj extension for natted connections
  2025-10-29 · Florian Westphal <fw@strlen.de>
• [PATCH net-next 2/3] netfilter: conntrack: disable 0 value for conntrack_max setting
  2025-10-30 · Florian Westphal <fw@strlen.de>
• [PATCH net-next 3/3] netfilter: fix typo in nf_conntrack_l4proto.h comment
  2025-10-30 · Florian Westphal <fw@strlen.de>
• [PATCH libnftnl v2] expr: add support to math expression
  2025-11-03 · Fernando Fernandez Mancera <hidden>
• [PATCH nf-next,v1 2/2] selftests: netfilter: add test for nf_tables_jumps_max_netns sysctl
  2025-11-03 · Pablo Neira Ayuso <pablo@netfilter.org>
• [PATCH v16 nf-next 1/3] netfilter: utils: nf_checksum(_partial) correct data!=networkheader
  2025-11-04 · Eric Woudstra <hidden>
• [PATCH v4 nf-next] selftests: netfilter: Add bridge_fastpath.sh
  2025-11-04 · Eric Woudstra <hidden>
• [PATCH nf-next] netfilter: nft_connlimit: add support to object update operation
  2025-11-04 · Fernando Fernandez Mancera <hidden>