From 3f6a2e90936bbaac3a66e9bfb2a21e22c3504045 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= Date: Mon, 1 Feb 2016 13:30:06 +0000 Subject: conntrack: add support for CIDR notation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add support for using CIDR notation in --{orig,tuple}-{src,dst} arguments, instead of free-form formatting netmask in --mask-{src,dst}. Example: conntrack -L -s 2001:db8::/56 Instead of: conntrack -L -s 2001:db8:: --mask-src ffff:ffff:ffff:ff00:: Signed-off-by: Asbjørn Sloth Tønnesen Signed-off-by: Pablo Neira Ayuso --- conntrack.8 | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'conntrack.8') diff --git a/conntrack.8 b/conntrack.8 index 5bba1b1..f2c1ca5 100644 --- a/conntrack.8 +++ b/conntrack.8 @@ -117,9 +117,11 @@ This option can only be used in conjunction with "\-E, \-\-event". .TP .BI "-s, --orig-src " IP_ADDRESS Match only entries whose source address in the original direction equals the one specified as argument. +Implies "--mask-src" when CIDR notation is used. .TP .BI "-d, --orig-dst " IP_ADDRESS Match only entries whose destination address in the original direction equals the one specified as argument. +Implies "--mask-dst" when CIDR notation is used. .TP .BI "-r, --reply-src " IP_ADDRESS Match only entries whose source address in the reply direction equals the one specified as argument. @@ -186,9 +188,11 @@ See iptables CT target for more information. .TP .BI "--tuple-src " IP_ADDRESS Specify the tuple source address of an expectation. +Implies "--mask-src" when CIDR notation is used. .TP .BI "--tuple-dst " IP_ADDRESS Specify the tuple destination address of an expectation. +Implies "--mask-dst" when CIDR notation is used. .TP .BI "--mask-src " IP_ADDRESS Specify the source address mask. -- cgit v1.2.3