From 727e8f40cd9196c9a617d37a96bc1deba610caac Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net" Date: Mon, 14 Apr 2008 07:09:49 +0000 Subject: [PATCH 5/8] Combine ipt and ip6t manpages Combine ipt and ip6t manpages --- extensions/libipt_tcp.man | 45 --------------------------------------------- 1 file changed, 45 deletions(-) delete mode 100644 extensions/libipt_tcp.man (limited to 'extensions/libipt_tcp.man') diff --git a/extensions/libipt_tcp.man b/extensions/libipt_tcp.man deleted file mode 100644 index cfafc9e..0000000 --- a/extensions/libipt_tcp.man +++ /dev/null @@ -1,45 +0,0 @@ -These extensions can be used if `--protocol tcp' is specified. It -provides the following options: -.TP -.BR "--source-port " "[!] \fIport\fP[:\fIport\fP]" -Source port or port range specification. This can either be a service -name or a port number. An inclusive range can also be specified, -using the format -.IR port : port . -If the first port is omitted, "0" is assumed; if the last is omitted, -"65535" is assumed. -If the second port greater then the first they will be swapped. -The flag -.B --sport -is a convenient alias for this option. -.TP -.BR "--destination-port " "[!] \fIport\fP[:\fIport\fP]" -Destination port or port range specification. The flag -.B --dport -is a convenient alias for this option. -.TP -.BR "--tcp-flags " "[!] \fImask\fP \fIcomp\fP" -Match when the TCP flags are as specified. The first argument is the -flags which we should examine, written as a comma-separated list, and -the second argument is a comma-separated list of flags which must be -set. Flags are: -.BR "SYN ACK FIN RST URG PSH ALL NONE" . -Hence the command -.nf - iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN -.fi -will only match packets with the SYN flag set, and the ACK, FIN and -RST flags unset. -.TP -.B "[!] --syn" -Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits -cleared. Such packets are used to request TCP connection initiation; -for example, blocking such packets coming in an interface will prevent -incoming TCP connections, but outgoing TCP connections will be -unaffected. -It is equivalent to \fB--tcp-flags SYN,RST,ACK,FIN SYN\fP. -If the "!" flag precedes the "--syn", the sense of the -option is inverted. -.TP -.BR "--tcp-option " "[!] \fInumber\fP" -Match if TCP option set. -- cgit v1.2.3