diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2008-03-10 17:55:53 +0100 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-04-13 07:29:27 +0200 |
| commit | 9df688566bd53f489c75b5dda84582361fec1ab7 (patch) | |
| tree | 1ade11c746f5e3c68adea687cc4fa986490994f3 /extensions | |
| parent | 6cf172ed4064df729ca83eb71133741dfbd6c6e7 (diff) | |
manpages: update to reflect fine-grained control
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/libip6t_frag.man | 4 | ||||
| -rw-r--r-- | extensions/libipt_DNAT.man | 2 | ||||
| -rw-r--r-- | extensions/libipt_SAME.man | 2 | ||||
| -rw-r--r-- | extensions/libipt_SNAT.man | 2 | ||||
| -rw-r--r-- | extensions/libxt_connmark.man | 2 | ||||
| -rw-r--r-- | extensions/libxt_helper.man | 2 | ||||
| -rw-r--r-- | extensions/libxt_iprange.man | 4 | ||||
| -rw-r--r-- | extensions/libxt_mark.man | 2 | ||||
| -rw-r--r-- | extensions/libxt_owner.man | 10 | ||||
| -rw-r--r-- | extensions/libxt_tos.man | 4 |
10 files changed, 17 insertions, 17 deletions
diff --git a/extensions/libip6t_frag.man b/extensions/libip6t_frag.man index 8937b558..cc13e791 100644 --- a/extensions/libip6t_frag.man +++ b/extensions/libip6t_frag.man @@ -13,8 +13,8 @@ Matches if the reserved fields are filled with zero. .BR "--fragfirst " Matches on the first fragment. .TP -.BR "[--fragmore]" +\fB--fragmore\fP Matches if there are more fragments. .TP -.BR "[--fraglast]" +\fB--fraglast\fP Matches if this is the last fragment. diff --git a/extensions/libipt_DNAT.man b/extensions/libipt_DNAT.man index f11f4e22..65c152ce 100644 --- a/extensions/libipt_DNAT.man +++ b/extensions/libipt_DNAT.man @@ -10,7 +10,7 @@ should be modified (and all future packets in this connection will also be mangled), and rules should cease being examined. It takes one type of option: .TP -.BR "--to-destination " "[\fIipaddr\fP][-\fIipaddr\fP][:\fIport\fP-\fIport\fP]" +\fB--to-destination\fP [\fIipaddr\fP][\fB-\fP\fIipaddr\fP][\fB:\fP\fIport\fP[\fB-\fP\fIport\fP]] which can specify a single new destination IP address, an inclusive range of IP addresses, and optionally, a port range (which is only valid if the rule also specifies diff --git a/extensions/libipt_SAME.man b/extensions/libipt_SAME.man index d038615a..7e28ca54 100644 --- a/extensions/libipt_SAME.man +++ b/extensions/libipt_SAME.man @@ -2,7 +2,7 @@ Similar to SNAT/DNAT depending on chain: it takes a range of addresses (`--to 1.2.3.4-1.2.3.7') and gives a client the same source-/destination-address for each connection. .TP -.BI "--to " "<ipaddr>-<ipaddr>" +\fB--to\fP \fIipaddr\fP[\fB-\fP\fIipaddr\fP] Addresses to map source to. May be specified more than once for multiple ranges. .TP diff --git a/extensions/libipt_SNAT.man b/extensions/libipt_SNAT.man index 7b34799a..34939afd 100644 --- a/extensions/libipt_SNAT.man +++ b/extensions/libipt_SNAT.man @@ -7,7 +7,7 @@ modified (and all future packets in this connection will also be mangled), and rules should cease being examined. It takes one type of option: .TP -.BR "--to-source " "\fIipaddr\fP[-\fIipaddr\fP][:\fIport\fP-\fIport\fP]" +\fB--to-source\fP \fIipaddr\fP[\fB-\fP\fIipaddr\fP][\fB:\fP\fIport\fP[\fB-\fP\fIport\fP]] which can specify a single new source IP address, an inclusive range of IP addresses, and optionally, a port range (which is only valid if the rule also specifies diff --git a/extensions/libxt_connmark.man b/extensions/libxt_connmark.man index 193a4ca9..a50c5375 100644 --- a/extensions/libxt_connmark.man +++ b/extensions/libxt_connmark.man @@ -1,6 +1,6 @@ This module matches the netfilter mark field associated with a connection (which can be set using the \fBCONNMARK\fR target below). .TP -\fB--mark\fR \fIvalue\fR[\fB/\fR\fImask\fR] +[\fB!\fP] \fB--mark\fR \fIvalue\fR[\fB/\fR\fImask\fR] Matches packets in connections with the given mark value (if a mask is specified, this is logically ANDed with the mark before the comparison). diff --git a/extensions/libxt_helper.man b/extensions/libxt_helper.man index c3221ad8..3df1d05c 100644 --- a/extensions/libxt_helper.man +++ b/extensions/libxt_helper.man @@ -1,6 +1,6 @@ This module matches packets related to a specific conntrack-helper. .TP -.BI "--helper " "string" +[\fB!\fP] \fB--helper\fP \fIstring\fP Matches packets related to the specified conntrack-helper. .RS .PP diff --git a/extensions/libxt_iprange.man b/extensions/libxt_iprange.man index 5acb3b37..1941a3b5 100644 --- a/extensions/libxt_iprange.man +++ b/extensions/libxt_iprange.man @@ -1,7 +1,7 @@ This matches on a given arbitrary range of IP addresses. .TP -[\fB!\fR] \fB--src-range\fR \fIfrom\fR-\fIto\fR +[\fB!\fR] \fB--src-range\fR \fIfrom\fR[\fB-\fP\fIto\fR] Match source IP in the specified range. .TP -[\fB!\fR] \fB--dst-range\fR \fIfrom\fR-\fIto\fR +[\fB!\fR] \fB--dst-range\fR \fIfrom\fR[\fB-\fP\fIto\fR] Match destination IP in the specified range. diff --git a/extensions/libxt_mark.man b/extensions/libxt_mark.man index a2a13957..4b29cd06 100644 --- a/extensions/libxt_mark.man +++ b/extensions/libxt_mark.man @@ -3,7 +3,7 @@ This module matches the netfilter mark field associated with a packet .B MARK target below). .TP -.BR "--mark " "\fIvalue\fP[/\fImask\fP]" +[\fB!\fP] \fB--mark\fP \fIvalue\fP[\fB/\fP\fImask\fP] Matches packets with the given unsigned mark value (if a \fImask\fP is specified, this is logically ANDed with the \fImask\fP before the comparison). diff --git a/extensions/libxt_owner.man b/extensions/libxt_owner.man index 344ce2ea..0bc0c654 100644 --- a/extensions/libxt_owner.man +++ b/extensions/libxt_owner.man @@ -3,17 +3,17 @@ for locally generated packets. This match is only valid in the OUTPUT and POSTROUTING chains. Forwarded packets do not have any socket associated with them. Packets from kernel threads do have a socket, but usually no owner. .TP -\fB--uid-owner\fR \fIusername\fR +[\fB!\fP] \fB--uid-owner\fP \fIusername\fP .TP -\fB--uid-owner\fR \fIuserid\fR[\fB-\fR\fIuserid\fR] +[\fB!\fP] \fB--uid-owner\fP \fIuserid\fP[\fB-\fP\fIuserid\fP] Matches if the packet socket's file structure (if it has one) is owned by the given user. You may also specify a numerical UID, or an UID range. .TP -\fB--gid-owner\fR \fIgroupname\fR +[\fB!\fP] \fB--gid-owner\fP \fIgroupname\fP .TP -\fB--gid-owner\fR \fIgroupid\fR[\fB-\fR\fIgroupid\fR] +[\fB!\fP] \fB--gid-owner\fP \fIgroupid\fP[\fB-\fR\fIgroupid\fP] Matches if the packet socket's file structure is owned by the given group. You may also specify a numerical GID, or a GID range. .TP -\fB--socket-exists\fR +[\fB!\fP] \fB--socket-exists\fP Matches if the packet is associated with a socket. diff --git a/extensions/libxt_tos.man b/extensions/libxt_tos.man index 0420105e..cd72e954 100644 --- a/extensions/libxt_tos.man +++ b/extensions/libxt_tos.man @@ -2,11 +2,11 @@ This module matches the 8-bit Type of Service field in the IPv4 header (i.e. including the "Precedence" bits) or the (also 8-bit) Priority field in the IPv6 header. .TP -\fB--tos\fR \fIvalue\fR[\fB/\fR\fImask\fR] +[\fB!\fP] \fB--tos\fR \fIvalue\fR[\fB/\fR\fImask\fR] Matches packets with the given TOS mark value. If a mask is specified, it is logically ANDed with the TOS mark before the comparison. .TP -\fB--tos\fR \fIsymbol\fR +[\fB!\fP] \fB--tos\fR \fIsymbol\fR You can specify a symbolic name when using the tos match for IPv4. The list of recognized TOS names can be obtained by calling iptables with \fB-m tos -h\fR. Note that this implies a mask of 0x3F, i.e. all but the ECN bits. |