summaryrefslogtreecommitdiffstats
path: root/iptables.8
diff options
context:
space:
mode:
authorRusty Russell <rusty@linuxcare.com.au>2000-10-11 06:01:13 +0000
committerRusty Russell <rusty@rustcorp.com.au>2000-10-11 06:01:13 +0000
commit86573e54a7288edebfc28af89af6897ff90743e1 (patch)
treec0b9cced03857bb897a9845681bbd0534670d5c2 /iptables.8
parent31563359c92dc44b1e55ee86b8fcc182e6c8a3a2 (diff)
Reorganized: added EXTRA EXTENSIONS section.
Added Harald's doc on ttl and TTL
Diffstat (limited to 'iptables.8')
-rw-r--r--iptables.847
1 files changed, 35 insertions, 12 deletions
diff --git a/iptables.8 b/iptables.8
index 44e1086c..c2b451f5 100644
--- a/iptables.8
+++ b/iptables.8
@@ -166,7 +166,7 @@ will attempt to delete every non-builtin chain in the table.
.B "-P, --policy"
Set the policy for the chain to the given target. See the section
.B TARGETS
-for the legal targets. Only non-userdefined chains can have policies,
+for the legal targets. Only non-user-defined chains can have policies,
and neither built-in nor user-defined chains can be policy targets.
.TP
.B "-E, --rename-chain"
@@ -676,17 +676,34 @@ if the rule also specifies
.B "-p tcp"
or
.BR "-p udp" ).
-.SH DIAGNOSTICS
-Various error messages are printed to standard error. The exit code
-is 0 for correct functioning. Errors which appear to be caused by
-invalid or abused command line parameters cause an exit code of 2, and
-other errors cause an exit code of 1.
+.SH EXTRA EXTENSIONS
+The following extensions are not included by default in the standard
+distribution.
+.SS ttl
+This module matches the time to live field in the IP header.
+.TP
+.BI "--ttl " "ttl"
+Matches the given TTL value.
+.SS TTL
+This target is used to modify the time to live field in the IP header.
+It is only valid in the
+.B mangle
+table.
+.TP
+.BI "--ttl-set " "ttl"
+Set the TTL to the given value.
+.TP
+.BI "--ttl-dec " "ttl"
+Decrement the TTL by the given value.
+.TP
+.BI "--ttl-inc " "ttl"
+Increment the TTL by the given value.
.SS ULOG
-Turn on userspace logging of matching packets. When this
-option is set for a rule, the Linux kernel will multicast this
-packet through a
+This target provides userspace logging of matching packets. When this
+target is set for a rule, the Linux kernel will multicast this packet
+through a
.IR netlink
-socket. One or more userspace processes may then subscribe to variuos
+socket. One or more userspace processes may then subscribe to various
multicast groups and receive the packets.
.TP
.BI "--ulog-nlgroup" "<nlgroup>"
@@ -697,8 +714,13 @@ Prefix log messages with the specified prefix; up to 32 characters
long, and useful fro distinguishing messages in the logs.
.TP
.BI "--ulog-cprange" "<size>"
-Number of bytes to be copied to userspace. A value of 0 does always copy
+Number of bytes to be copied to userspace. A value of 0 always copies
the entire packet, regardless of its size.
+.SH DIAGNOSTICS
+Various error messages are printed to standard error. The exit code
+is 0 for correct functioning. Errors which appear to be caused by
+invalid or abused command line parameters cause an exit code of 2, and
+other errors cause an exit code of 1.
.SH BUGS
Check is not implemented (yet).
.SH COMPATIBILITY WITH IPCHAINS
@@ -752,8 +774,9 @@ James Morris wrote the TOS target, and tos match.
.PP
Jozsef Kadlecsik wrote the REJECT target.
.PP
-Harald Welte wrote the ULOG target and libulog.
+Harald Welte wrote the ULOG target, TTL match+target and libipulog.
.PP
The Netfilter Core Team is: Marc Boucher, James Morris and Rusty Russell.
.\" .. and did I mention that we are incredibly cool people?
.\" .. sexy, too ..
+.\" .. witty, charming, powerful ..