diff options
| -rw-r--r-- | TODO | 5 | ||||
| -rw-r--r-- | iptables.8 | 5 |
2 files changed, 8 insertions, 2 deletions
@@ -4,10 +4,11 @@ Currently maintained by Harald Welte <laforge@gnumonks.org> Please inform me, if you want to work on any of the TODO items, so I can update this list and thus prevent two people doing the same work. -CVS ID: $Id: TODO,v 1.37 2001/05/25 12:24:20 jamesm Exp $ +CVS ID: $Id: TODO,v 1.38 2001/05/26 20:31:59 laforge Exp $ IMPORTANT issues: - solution for nostate / notrack (we don't want to track specific conn's) +- iptables-save/restore problems with log-level - multiple related connections [HW] - ip_conntrack rmmod loop (sometimes, Yan's patch?) - conntrack helper not called for first packet (udp!) @@ -27,8 +28,10 @@ X reject-with on REJECT target doesn't work [HW] - IPv6 REJECT target doesn't have extension plugin ?!? - colon inside prefix doesn't work - pending minor ip_queue updates [JM] +- --mac-source not working in FORWARD (manpage bug?) NICE to have: +- interface names in ipv6 can contain _ and - - multicast connection tracking - sysctl support for ftp-multi, irc-conntrack/nat, ftp-fxp - integrate HOPLIMIT for ipv6 in patch-o-matic [HW] @@ -86,16 +86,19 @@ loading, an attempt will be made to load the appropriate module for that table if it is not already there. The tables are as follows: +.TP .BR "filter" This is the default table. It contains the built-in chains INPUT (for packets coming into the box itself), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets). +.TP .BR "nat" This table is consulted when a packet that creates a new connection is encountered. It consists of three built-ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out). +.TP .BR "mangle" This table is used for specialized packet alteration. It has two built-in chains: PREROUTING (for altering incoming packets before @@ -456,7 +459,7 @@ target below). .TP .BI "--mark " "value[/mask]" Matches packets with the given unsigned mark value (if a mask is -specified, this is logically ANDed with the mark before the +specified, this is logically ANDed with the mask before the comparison). .SS owner This module attempts to match various characteristics of the packet |