summaryrefslogtreecommitdiffstats
path: root/iptables/arptables-nft.8
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2019-03-13 20:46:13 +0100
committerFlorian Westphal <fw@strlen.de>2019-03-14 00:01:34 +0100
commit1a0cd997d601794c7031346063b8b77f4af2a13e (patch)
treea26e92792056cb08fb640804e70a060425817026 /iptables/arptables-nft.8
parent4dbb6b9118e32a9b748ead893106de59579424f5 (diff)
doc: Adjust arptables man pages
Change content to suit the shipped nft-based variant. Most relevant changes: * FORWARD chain is not supported * arptables-nft-save supports a few parameters Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/arptables-nft.8')
-rw-r--r--iptables/arptables-nft.848
1 files changed, 22 insertions, 26 deletions
diff --git a/iptables/arptables-nft.8 b/iptables/arptables-nft.8
index 3ce99e37..ea31e084 100644
--- a/iptables/arptables-nft.8
+++ b/iptables/arptables-nft.8
@@ -1,4 +1,4 @@
-.TH ARPTABLES 8 "June 2018"
+.TH ARPTABLES 8 "March 2019"
.\"
.\" Man page originally written by Jochen Friedrich <jochen@scram.de>,
.\" maintained by Bart De Schuymer.
@@ -22,7 +22,7 @@
.\"
.\"
.SH NAME
-arptables \- ARP table administration (legacy)
+arptables \- ARP table administration (nft-based)
.SH SYNOPSIS
.BR "arptables " [ "-t table" ] " -" [ AD ] " chain rule-specification " [ options ]
.br
@@ -38,17 +38,6 @@ arptables \- ARP table administration (legacy)
.br
.BR "arptables " [ "-t table" ] " -P chain target " [ options ]
-.SH LEGACY
-This tool uses the old xtables/setsockopt framework, and is a legacy version
-of arptables. That means that a new, more modern tool exists with the same
-functionality using the nf_tables framework and you are encouraged to migrate now.
-The new binaries (formerly known as -compat) uses the same syntax and
-semantics than this legacy one.
-
-You can still use this legacy tool. You should probably get some specific
-information from your Linux distribution or vendor.
-More docs are available at https://wiki.nftables.org
-
.SH DESCRIPTION
.B arptables
is a user space tool, it is used to set up and maintain the
@@ -106,15 +95,11 @@ first argument on the arptables command line, if used.
.B "-t, --table"
.br
.BR filter ,
-is the only table and contains two (Linux kernels 2.4.X) or three (Linux kernels 2.6.0 and later) built-in chains:
+is the only table and contains two built-in chains:
.B INPUT
-(for frames destined for the host),
+(for frames destined for the host) and
.B OUTPUT
-(for locally-generated frames) and
-.B FORWARD
-(for frames being forwarded by the bridge code). The
-.B FORWARD
-chain doesn't exist in Linux 2.4.X kernels.
+(for locally-generated frames).
.br
.br
.SH ARPTABLES COMMAND LINE ARGUMENTS
@@ -258,15 +243,15 @@ numbers separated by colons.
.TP
.BR "-i, --in-interface " "[!] \fIname\fP"
The interface via which a frame is received (for the
-.BR INPUT " and " FORWARD
-chains). The flag
+.B INPUT
+chain). The flag
.B --in-if
is an alias for this option.
.TP
.BR "-o, --out-interface " "[!] \fIname\fP"
The interface via which a frame is going to be sent (for the
-.BR OUTPUT " and " FORWARD
-chains). The flag
+.B OUTPUT
+chain). The flag
.B --out-if
is an alias for this option.
.TP
@@ -344,9 +329,20 @@ Binary AND the mark with bits.
.BR "--or-mark mark"
Binary OR the mark with bits.
+.SH NOTES
+In this nft-based version of
+.BR arptables ,
+support for
+.B FORWARD
+chain has not been implemented. Since ARP packets are "forwarded" only by Linux
+bridges, the same may be achieved using
+.B FORWARD
+chain in
+.BR ebtables .
+
.SH MAILINGLISTS
.BR "" "See " http://netfilter.org/mailinglists.html
.SH SEE ALSO
-.BR iptables "(8), " ebtables "(8), " arp "(8), " rarp "(8), " ifconfig "(8), " route (8)
+.BR xtables-nft "(8), " iptables "(8), " ebtables "(8), " ip (8)
.PP
-.BR "" "See " http://ebtables.sf.net
+.BR "" "See " https://wiki.nftables.org