diff options
Diffstat (limited to 'conntrack.8')
-rw-r--r-- | conntrack.8 | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/conntrack.8 b/conntrack.8 index 0db427b..3b6a15b 100644 --- a/conntrack.8 +++ b/conntrack.8 @@ -14,6 +14,8 @@ conntrack \- command line interface for netfilter connection tracking .br .BR "conntrack -I [table] parameters" .br +.BR "conntrack -A [table] parameters" +.br .BR "conntrack -U [table] parameters" .br .BR "conntrack -E [table] [options]" @@ -88,7 +90,10 @@ Search for and show a particular (matching) entry in the given table. Delete an entry from the given table. .TP .BI "-I, --create " -Create a new entry from the given table. +Create a new entry from the given table, it fails if it already exists. +.TP +.BI "-A, --add " +Add a new entry from the given table. .TP .BI "-U, --update " Update an entry from the given table. @@ -175,7 +180,7 @@ Specify the conntrack mark. Optionally, a mask value can be specified. In "\-\-update" mode, this mask specifies the bits that should be zeroed before XORing the MARK value into the ctmark. Otherwise, the mask is logically ANDed with the existing mark before the -comparision. In "\-\-create" mode, the mask is ignored. +comparison. In "\-\-create" mode, the mask is ignored. .TP .BI "-l, --label " "LABEL" Specify a conntrack label. @@ -186,8 +191,12 @@ Use multiple \-l options to specify multiple labels that need to be set. .TP .BI "--label-add " "LABEL" Specify the conntrack label to add to the selected conntracks. -This option is only available in conjunction with "\-I, \-\-create" or -"\-U, \-\-update". +This option is only available in conjunction with "\-I, \-\-create", +"\-A, \-\-add" or "\-U, \-\-update". +As a rule of thumb, you must use either the 'connlabel' match in your iptables +ruleset or the 'ct label' statement in your nftables ruleset, this turns on the +ct label support in the kernel and it allows you to update labels via +"\-U, \-\-update", otherwise label updates are ignored. .TP .BI "--label-del " "[LABEL]" Specify the conntrack label to delete from the selected conntracks. |