extensions: AUDIT: Document ineffective --type option

Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
author: Phil Sutter <phil@nwl.cc> 2019-02-21 15:38:47 +0100
committer: Florian Westphal <fw@strlen.de> 2019-02-22 17:00:44 +0100
commit: dffb5ec2a8c7f91351e2a1029a757cb1f41f2d02 (patch)
tree: 216c12d7cff580f4e94a7974ca6cf93826be22c2 /extensions
parent: b738ca36777851e8f08c20a1e6c5c6492e934b38 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/extensions/libxt_AUDIT.man b/extensions/libxt_AUDIT.man
index cd796967..4f5562e8 100644
--- a/extensions/libxt_AUDIT.man
+++ b/extensions/libxt_AUDIT.man
@@ -3,12 +3,14 @@ It can be used to record accepted, dropped, and rejected packets. See
 auditd(8) for additional details.
 .TP
 \fB\-\-type\fP {\fBaccept\fP|\fBdrop\fP|\fBreject\fP}
-Set type of audit record.
+Set type of audit record. Starting with linux-4.12, this option has no effect
+on generated audit messages anymore. It is still accepted by iptables for
+compatibility reasons, but ignored.
 .PP
 Example:
 .IP
 iptables \-N AUDIT_DROP
 .IP
-iptables \-A AUDIT_DROP \-j AUDIT \-\-type drop
+iptables \-A AUDIT_DROP \-j AUDIT
 .IP
 iptables \-A AUDIT_DROP \-j DROP
author	Phil Sutter <phil@nwl.cc>	2019-02-21 15:38:47 +0100
committer	Florian Westphal <fw@strlen.de>	2019-02-22 17:00:44 +0100
commit	dffb5ec2a8c7f91351e2a1029a757cb1f41f2d02 (patch)
tree	216c12d7cff580f4e94a7974ca6cf93826be22c2 /extensions
parent	b738ca36777851e8f08c20a1e6c5c6492e934b38 (diff)