summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_recent.man
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2009-01-12 04:53:18 +0100
committerPatrick McHardy <kaber@trash.net>2009-01-12 04:53:18 +0100
commitfea74bf74ff524431ce65145f1523584edf99dc9 (patch)
treee0ddfbeca93e159dcb0cc7c77df34206fbea26f9 /extensions/libxt_recent.man
parent0c2b5a4aff8ee61529aca8541f7fdae18500470f (diff)
doc: escape minus sign in manpages
groff formats '-' as a hyphen, and '\-' is needed for a minus. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'extensions/libxt_recent.man')
-rw-r--r--extensions/libxt_recent.man44
1 files changed, 22 insertions, 22 deletions
diff --git a/extensions/libxt_recent.man b/extensions/libxt_recent.man
index e30bb568..e03d8ece 100644
--- a/extensions/libxt_recent.man
+++ b/extensions/libxt_recent.man
@@ -5,60 +5,60 @@ For example, you can create a "badguy" list out of people attempting to connect
to port 139 on your firewall and then DROP all future packets from them without
considering them.
.TP
-\fB--name\fR \fIname\fR
+\fB\-\-name\fP \fIname\fP
Specify the list to use for the commands. If no name is given then
\fBDEFAULT\fR will be used.
.TP
-[\fB!\fR] \fB--set\fR
+[\fB!\fR] \fB\-\-set\fP
This will add the source address of the packet to the list. If the source
address is already in the list, this will update the existing entry. This will
always return success (or failure if \fB!\fR is passed in).
.TP
-\fB--rsource\fP
+\fB\-\-rsource\fP
Match/save the source address of each packet in the recent list table. This
is the default.
.TP
-\fB--rdest\fP
+\fB\-\-rdest\fP
Match/save the destination address of each packet in the recent list table.
.TP
-[\fB!\fR] \fB--rcheck\fR
+[\fB!\fR] \fB\-\-rcheck\fP
Check if the source address of the packet is currently in the list.
.TP
-[\fB!\fR] \fB--update\fR
-Like \fB--rcheck\fR, except it will update the "last seen" timestamp if it
+[\fB!\fR] \fB\-\-update\fP
+Like \fB\-\-rcheck\fP, except it will update the "last seen" timestamp if it
matches.
.TP
-[\fB!\fR] \fB--remove\fR
+[\fB!\fR] \fB\-\-remove\fP
Check if the source address of the packet is currently in the list and if so
that address will be removed from the list and the rule will return true. If
the address is not found, false is returned.
.TP
-[\fB!\fR] \fB--seconds \fIseconds\fR
-This option must be used in conjunction with one of \fB--rcheck\fR or
-\fB--update\fR. When used, this will narrow the match to only happen when the
+[\fB!\fR] \fB\-\-seconds \fIseconds\fP
+This option must be used in conjunction with one of \fB\-\-rcheck\fP or
+\fB\-\-update\fP. When used, this will narrow the match to only happen when the
address is in the list and was seen within the last given number of seconds.
.TP
-[\fB!\fR] \fB--hitcount \fIhits\fR
-This option must be used in conjunction with one of \fB--rcheck\fR or
-\fB--update\fR. When used, this will narrow the match to only happen when the
+[\fB!\fR] \fB\-\-hitcount \fIhits\fP
+This option must be used in conjunction with one of \fB\-\-rcheck\fP or
+\fB\-\-update\fP. When used, this will narrow the match to only happen when the
address is in the list and packets had been received greater than or equal to
-the given value. This option may be used along with \fB--seconds\fR to create
+the given value. This option may be used along with \fB\-\-seconds\fP to create
an even narrower match requiring a certain number of hits within a specific
time frame.
.TP
-\fB--rttl\fR
-This option may only be used in conjunction with one of \fB--rcheck\fR or
-\fB--update\fR. When used, this will narrow the match to only happen when the
+\fB\-\-rttl\fP
+This option may only be used in conjunction with one of \fB\-\-rcheck\fP or
+\fB\-\-update\fP. When used, this will narrow the match to only happen when the
address is in the list and the TTL of the current packet matches that of the
-packet which hit the \fB--set\fR rule. This may be useful if you have problems
+packet which hit the \fB\-\-set\fP rule. This may be useful if you have problems
with people faking their source address in order to DoS you via this module by
disallowing others access to your site by sending bogus packets to you.
.PP
Examples:
.IP
-iptables -A FORWARD -m recent --name badguy --rcheck --seconds 60 -j DROP
+iptables \-A FORWARD \-m recent \-\-name badguy \-\-rcheck \-\-seconds 60 \-j DROP
.IP
-iptables -A FORWARD -p tcp -i eth0 --dport 139 -m recent --name badguy --set -j DROP
+iptables \-A FORWARD \-p tcp \-i eth0 \-\-dport 139 \-m recent \-\-name badguy \-\-set \-j DROP
.PP
Steve's ipt_recent website (http://snowman.net/projects/ipt_recent/) also has
some examples of usage.
@@ -72,7 +72,7 @@ list or written two using the following commands to modify the list:
\fBecho +\fR\fIaddr\fR\fB >/proc/net/xt_recent/DEFAULT\fR
to add \fIaddr\fR to the DEFAULT list
.TP
-\fBecho -\fR\fIaddr\fR\fB >/proc/net/xt_recent/DEFAULT\fR
+\fBecho \-\fP\fIaddr\fP\fB >/proc/net/xt_recent/DEFAULT\fP
to remove \fIaddr\fR from the DEFAULT list
.TP
\fBecho / >/proc/net/xt_recent/DEFAULT\fR