From 1de3034f8c4f597cbe4be35b2f84e2848e46e64e Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 5 Mar 2012 23:13:12 +0100
Subject: doc: fix example on how to filter events via iptables CT target

You have to use this:

iptables -I PREROUTING -t raw -j CT --ctevents assured,destroy

instead of:

iptables -I PREROUTING -t raw -j CT --ctevents assured

Otherwise, conntrackd cache gets full since no destroy events
are delivered.

Reported-by: Kerin Millar <kerframil@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/manual/conntrack-tools.tmpl | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/doc/manual/conntrack-tools.tmpl b/doc/manual/conntrack-tools.tmpl
index 4936a76..dbf836d 100644
--- a/doc/manual/conntrack-tools.tmpl
+++ b/doc/manual/conntrack-tools.tmpl
@@ -641,10 +641,11 @@ Sync {
  broken.</para>
 
  <para>The following example shows how to only generate the
- <emphasis>assured</emphasis> event:</para>
+ <emphasis>assured</emphasis> and <emphasis>destroy</emphasis>
+ events:</para>
 
  <programlisting>
- # iptables -I PREROUTING -t raw -j CT --ctevents assured
+ # iptables -I PREROUTING -t raw -j CT --ctevents assured,destroy
  </programlisting>
 
  <note><title>Assured flows</title>
-- 
cgit v1.2.3