From c8f28cc8b84133f20421470e9a61a5a0c78b9c4a Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 20 Jan 2011 11:45:12 +0100 Subject: extensions: libxt_conntrack: add support for specifying port ranges Add support for revision 3 of the conntrack match, which allows to specify port ranges for origsrc/origdst/replsrc/repldst. Signed-off-by: Patrick McHardy --- extensions/libxt_conntrack.man | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'extensions/libxt_conntrack.man') diff --git a/extensions/libxt_conntrack.man b/extensions/libxt_conntrack.man index d37ed171..c397f742 100644 --- a/extensions/libxt_conntrack.man +++ b/extensions/libxt_conntrack.man @@ -17,14 +17,15 @@ Layer-4 protocol to match (by number or name) [\fB!\fP] \fB\-\-ctrepldst\fP \fIaddress\fP[\fB/\fP\fImask\fP] Match against original/reply source/destination address .TP -[\fB!\fP] \fB\-\-ctorigsrcport\fP \fIport\fP +[\fB!\fP] \fB\-\-ctorigsrcport\fP \fIport\fP[\fB:\fP\fIport\fP] .TP -[\fB!\fP] \fB\-\-ctorigdstport\fP \fIport\fP +[\fB!\fP] \fB\-\-ctorigdstport\fP \fIport\fP[\fB:\fP\fIport\fP] .TP -[\fB!\fP] \fB\-\-ctreplsrcport\fP \fIport\fP +[\fB!\fP] \fB\-\-ctreplsrcport\fP \fIport\fP[\fB:\fP\fIport\fP] .TP -[\fB!\fP] \fB\-\-ctrepldstport\fP \fIport\fP +[\fB!\fP] \fB\-\-ctrepldstport\fP \fIport\fP[\fB:\fP\fIport\fP] Match against original/reply source/destination port (TCP/UDP/etc.) or GRE key. +Matching against port ranges is only supported in kernel versions above 2.6.38. .TP [\fB!\fP] \fB\-\-ctstatus\fP \fIstatelist\fP \fIstatuslist\fP is a comma separated list of the connection statuses to match. -- cgit v1.2.3