diff options
author | /C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net </C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net> | 2008-04-14 07:09:49 +0000 |
---|---|---|
committer | /C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net </C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net> | 2008-04-14 07:09:49 +0000 |
commit | 727e8f40cd9196c9a617d37a96bc1deba610caac (patch) | |
tree | 74521e49f0274dd0ff7831d9b71d25ef020820b5 /extensions/libxt_policy.man | |
parent | 5bc09b8e9db045c7136d76405c1733ea531be0f7 (diff) |
[PATCH 5/8] Combine ipt and ip6t manpages
Combine ipt and ip6t manpages
Diffstat (limited to 'extensions/libxt_policy.man')
-rw-r--r-- | extensions/libxt_policy.man | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/extensions/libxt_policy.man b/extensions/libxt_policy.man new file mode 100644 index 0000000..eed163e --- /dev/null +++ b/extensions/libxt_policy.man @@ -0,0 +1,48 @@ +This modules matches the policy used by IPsec for handling a packet. +.TP +.BI "--dir " "in|out" +Used to select whether to match the policy used for decapsulation or the +policy that will be used for encapsulation. +.B in +is valid in the +.B PREROUTING, INPUT and FORWARD +chains, +.B out +is valid in the +.B POSTROUTING, OUTPUT and FORWARD +chains. +.TP +.BI "--pol " "none|ipsec" +Matches if the packet is subject to IPsec processing. +.TP +.BI "--strict" +Selects whether to match the exact policy or match if any rule of +the policy matches the given policy. +.TP +.BI "--reqid " "id" +Matches the reqid of the policy rule. The reqid can be specified with +.B setkey(8) +using +.B unique:id +as level. +.TP +.BI "--spi " "spi" +Matches the SPI of the SA. +.TP +.BI "--proto " "ah|esp|ipcomp" +Matches the encapsulation protocol. +.TP +.BI "--mode " "tunnel|transport" +Matches the encapsulation mode. +.TP +.BI "--tunnel-src " "addr[/mask]" +Matches the source end-point address of a tunnel mode SA. +Only valid with --mode tunnel. +.TP +.BI "--tunnel-dst " "addr[/mask]" +Matches the destination end-point address of a tunnel mode SA. +Only valid with --mode tunnel. +.TP +.BI "--next" +Start the next element in the policy specification. Can only be used with +--strict |