doc: fix example on how to filter events via iptables CT target

You have to use this: iptables -I PREROUTING -t raw -j CT --ctevents assured,destroy instead of: iptables -I PREROUTING -t raw -j CT --ctevents assured Otherwise, conntrackd cache gets full since no destroy events are delivered. Reported-by: Kerin Millar <kerframil@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2012-03-05 23:13:12 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2012-03-05 23:14:32 +0100
commit: 1de3034f8c4f597cbe4be35b2f84e2848e46e64e (patch)
tree: 517278c56035fa41de7fe74ae505e6218372d066
parent: bb2534c7aaf0bdb6521371b8a31af6333d3a6a2d (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/doc/manual/conntrack-tools.tmpl b/doc/manual/conntrack-tools.tmpl
index 4936a76..dbf836d 100644
--- a/doc/manual/conntrack-tools.tmpl
+++ b/doc/manual/conntrack-tools.tmpl
@@ -641,10 +641,11 @@ Sync {
  broken.</para>
 
  <para>The following example shows how to only generate the
- <emphasis>assured</emphasis> event:</para>
+ <emphasis>assured</emphasis> and <emphasis>destroy</emphasis>
+ events:</para>
 
  <programlisting>
- # iptables -I PREROUTING -t raw -j CT --ctevents assured
+ # iptables -I PREROUTING -t raw -j CT --ctevents assured,destroy
  </programlisting>
 
  <note><title>Assured flows</title>
author	Pablo Neira Ayuso <pablo@netfilter.org>	2012-03-05 23:13:12 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2012-03-05 23:14:32 +0100
commit	1de3034f8c4f597cbe4be35b2f84e2848e46e64e (patch)
tree	517278c56035fa41de7fe74ae505e6218372d066
parent	bb2534c7aaf0bdb6521371b8a31af6333d3a6a2d (diff)