diff options
author | Arturo Borrero Gonzalez <arturo@netfilter.org> | 2019-01-27 12:12:44 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-01-28 10:39:11 +0100 |
commit | 0aae87b43d98864ac48560f16e74bd6d71463291 (patch) | |
tree | dbf0d13b7210604d67588fcba6bb5c70d369c55c | |
parent | 7cf632b264f991c3571ef5a055493aed4b759887 (diff) |
conntrackd.conf.8: fix state filter example
Missing 'for TCP' induces errors.
This was reported in Debian bug #916138 https://bugs.debian.org/916138
Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | conntrackd.conf.5 | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/conntrackd.conf.5 b/conntrackd.conf.5 index 79a5bba..2634a7f 100644 --- a/conntrackd.conf.5 +++ b/conntrackd.conf.5 @@ -22,7 +22,7 @@ .\" <http://www.gnu.org/licenses/>. .\" %%%LICENSE_END .\" -.TH CONNTRACKD.CONF 5 "Apr 16, 2018" +.TH CONNTRACKD.CONF 5 "Jan 27, 2019" .SH NAME conntrackd.conf \- configuration file for conntrackd daemon @@ -651,7 +651,7 @@ Example: IPv6_address ::1 } State Accept { - ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT + ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP } } .fi @@ -705,7 +705,7 @@ Example: .fi .TP -.BI "State <policy> { <states list> }" +.BI "State <policy> { <states list> for TCP }" Filter by flow state. This option introduces a trade-off in the replication: it reduces CPU consumption at the cost of having lazy backup firewall replicas. @@ -720,7 +720,7 @@ Policy is one of \fBAccept\fP or \fBIgnore\fP. Example: .nf State Accept { - ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT + ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP } .fi @@ -1051,7 +1051,7 @@ General { IPv6_address ::1 } State Accept { - ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT + ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP } } } |