conntrackd.conf.8: fix state filter example

Missing 'for TCP' induces errors.

This was reported in Debian bug #916138 https://bugs.debian.org/916138

Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 5 insertions, 5 deletions

diff --git a/conntrackd.conf.5 b/conntrackd.conf.5
index 79a5bba..2634a7f 100644
--- a/conntrackd.conf.5
+++ b/conntrackd.conf.5
@@ -22,7 +22,7 @@
 .\" <http://www.gnu.org/licenses/>.
 .\" %%%LICENSE_END
 .\"
-.TH CONNTRACKD.CONF 5 "Apr 16, 2018"
+.TH CONNTRACKD.CONF 5 "Jan 27, 2019"
 
 .SH NAME
 conntrackd.conf \- configuration file for conntrackd daemon
@@ -651,7 +651,7 @@ Example:
 			IPv6_address ::1
 		}
 		State Accept {
-			ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT
+			ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP
 		}
 	}
 .fi
@@ -705,7 +705,7 @@ Example:
 .fi
 
 .TP
-.BI "State <policy> { <states list> }"
+.BI "State <policy> { <states list> for TCP }"
 Filter by flow state.  This option introduces a trade-off in the replication:
 it reduces CPU consumption at the cost of having lazy backup firewall replicas.
 
@@ -720,7 +720,7 @@ Policy is one of \fBAccept\fP or \fBIgnore\fP.
 Example:
 .nf
 	State Accept {
-		ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT
+		ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP
 	}
 .fi
 
@@ -1051,7 +1051,7 @@ General {
 			IPv6_address ::1
 		}
 		State Accept {
-			ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT
+			ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP
 		}
 	}
 }