diff options
author | Henrik Nordstrom <hno@marasystems.com> | 2004-01-22 15:04:24 +0000 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2004-01-22 15:04:24 +0000 |
commit | c2794131b445ebccba184066af6d3fb2f38d1f38 (patch) | |
tree | a24f57a9be5a8364b53dfa102705d270f36b440a /extensions/libip6t_tcp.man | |
parent | 0113fe75ff05e09e6f3d251534d9ae32e9aa717c (diff) |
split manpages into per-extension manpage snippet (Henrik Nordstrom)
add lots of missing manpage snippets (Harald Welte)
Diffstat (limited to 'extensions/libip6t_tcp.man')
-rw-r--r-- | extensions/libip6t_tcp.man | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/extensions/libip6t_tcp.man b/extensions/libip6t_tcp.man new file mode 100644 index 00000000..75d172e1 --- /dev/null +++ b/extensions/libip6t_tcp.man @@ -0,0 +1,45 @@ +These extensions are loaded if `--protocol tcp' is specified. It +provides the following options: +.TP +.BR "--source-port " "[!] \fIport\fP[:\fIport\fP]" +Source port or port range specification. This can either be a service +name or a port number. An inclusive range can also be specified, +using the format +.IR port : port . +If the first port is omitted, "0" is assumed; if the last is omitted, +"65535" is assumed. +If the second port greater then the first they will be swapped. +The flag +.B --sport +is a convenient alias for this option. +.TP +.BR "--destination-port " "[!] \fIport\fP[:\fIport\fP]" +Destination port or port range specification. The flag +.B --dport +is a convenient alias for this option. +.TP +.BR "--tcp-flags " "[!] \fImask\fP \fIcomp\fP" +Match when the TCP flags are as specified. The first argument is the +flags which we should examine, written as a comma-separated list, and +the second argument is a comma-separated list of flags which must be +set. Flags are: +.BR "SYN ACK FIN RST URG PSH ALL NONE" . +Hence the command +.nf + ip6tables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN +.fi +will only match packets with the SYN flag set, and the ACK, FIN and +RST flags unset. +.TP +.B "[!] --syn" +Only match TCP packets with the SYN bit set and the ACK and RST bits +cleared. Such packets are used to request TCP connection initiation; +for example, blocking such packets coming in an interface will prevent +incoming TCP connections, but outgoing TCP connections will be +unaffected. +It is equivalent to \fB--tcp-flags SYN,RST,ACK SYN\fP. +If the "!" flag precedes the "--syn", the sense of the +option is inverted. +.TP +.BR "--tcp-option " "[!] \fInumber\fP" +Match if TCP option set. |