summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_CONNSECMARK.man
blob: 2616ab99f741074dab3afa6a583fd0a55420e0f2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
This module copies security markings from packets to connections
(if unlabeled), and from connections back to packets (also only
if unlabeled).  Typically used in conjunction with SECMARK, it is
valid in the
.B security
table (for backwards compatibility with older kernels, it is also
valid in the
.B mangle
table).
.TP
\fB\-\-save\fP
If the packet has a security marking, copy it to the connection
if the connection is not marked.
.TP
\fB\-\-restore\fP
If the packet does not have a security marking, and the connection
does, copy the security marking from the connection to the packet.