summaryrefslogtreecommitdiffstats
path: root/doc/manual
Commit message (Collapse)AuthorAgeFilesLines
* doc/manual: include some bits about init systemsArturo Borrero2016-09-051-0/+51
| | | | | | | | | | | | Update the conntrack-tools manual to include some bits regarding init systems and the integration with systemd. More on this topic here: http://ral-arturo.blogspot.com.es/2016/08/why-conntrackd-in-debian-is-better-with.html Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nfct: update syntax in documentationPablo Neira Ayuso2015-09-081-2/+2
| | | | | | | Since dd73ceecdbe8 ("nfct: Update syntax to specify command before subsystem") the command comes before the object type. Update documentation accordingly. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: userspace SSDP helperAsh Hughes2014-03-121-0/+1
| | | | | | | | | | | | | Here is a patch which adds a userspace conntrack helper for the SSDP protocol. This is based on the code found at: http://marc.info/?t=132945775100001&r=1&w=2 I'm not sure how to get my laptop to play at IPv6, so I've not tested this part, but I've tested the IPv4 section and it works. Signed-off-by: Ash Hughes <ashley.hughes@blueyonder.co.uk> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: detail user-space helper supportPablo Neira Ayuso2012-10-081-5/+150
| | | | | | This patch adds documentation on how to enable user-space helper support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: fix crash if ExpectationSync is enabled on old Linux kernelsPablo Neira Ayuso2012-10-041-0/+7
| | | | | | | | | | ExpectationSync requires Linux kernel >= 3.5 to work sanely, document this. Still, we don't want to crash if someone enables expectation sync with old Linux kernels (like 2.6.32). Reported-by: James Gutholm <gutholmj@evergreen.edu> Tested-by: James Gutholm <gutholmj@evergreen.edu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: fix documentation on ExpectationSync and H.323 helperPablo Neira Ayuso2012-06-161-1/+3
| | | | | | | | | | | | | The H.323 helper is actually composed of three helpers: ras q.931 h.245 We have to specify those in the configuration file since h.323 is not any known helper itself. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: fix example on how to filter events via iptables CT targetPablo Neira Ayuso2012-03-051-2/+3
| | | | | | | | | | | | | | | | You have to use this: iptables -I PREROUTING -t raw -j CT --ctevents assured,destroy instead of: iptables -I PREROUTING -t raw -j CT --ctevents assured Otherwise, conntrackd cache gets full since no destroy events are delivered. Reported-by: Kerin Millar <kerframil@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: update conntrack-tools manual to detail expectation supportPablo Neira Ayuso2012-01-101-2/+159
| | | | | | | This patch updates the user manual on how to enable the expectation support for conntrackd. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: prepare 1.0.0 release in conntrack-tools manualPablo Neira Ayuso2011-02-271-2/+1
| | | | | | | Remove reference which states that this is still under development and refer to version 1.0.0. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: add missing conntrackd -s invocation with optionsPablo Neira Ayuso2011-02-221-1/+5
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: add reference to the CT target againPablo Neira Ayuso2011-02-221-0/+27
| | | | | | | Now that we have fixed several aspects of the event filtering in 2.6.38, I reintroduce the documentation for this feature. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: document redundant link support for conntrackdPablo Neira Ayuso2011-02-181-0/+39
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: document -s option of conntrackd in the manualPablo Neira Ayuso2011-02-181-0/+115
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: remove reference to the CT targetPablo Neira Ayuso2011-02-011-23/+0
| | | | | | | Sorry, the iptables CT target is not yet ready for use until some patches are pushed to the Linux kernel. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: update conntrack-tools manualPablo Neira Ayuso2011-01-161-6/+112
| | | | | | | | | | | | | This update adds to the documentation the following information: * add reference to "Demystifying cluster-based fault-tolerant firewalls" * add how-to disable the external cache * add how-to disable the internal cache * add how-to set the synchronization transport protocol * document iptables CT target * ask for sponsors to finish H323 and SIP support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrackd: minor documentation update (two new questions in the FAQ)Pablo Neira Ayuso2010-08-041-1/+27
| | | | | | | This patch includes a minor documentation update with two new questions in the FAQ. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: description on how to block traffic with conntrack was incompletePablo Neira Ayuso2010-05-101-2/+7
| | | | | | | | | This patch completes the documentation with the following discussion that took place in the mailing list. http://marc.info/?l=netfilter&m=127335152521674&w=2 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* conntrack: fix English typo in documentationPablo Neira Ayuso2009-07-171-2/+2
| | | | | | | This is an update to commit 575fc906a302599cb9afeb136096dfd96bb57b17. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: fix broken link to ulogd2 in the manualPablo Neira Ayuso2009-02-231-1/+1
| | | | | Reported-by: Ralf <rm@amitrader.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* manual: add initial user manualPablo Neira Ayuso2008-10-134-0/+634
This patch adds the manual in docbook format to the conntrack-tools. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>