diff options
| author | Jan Engelhardt <jengelh@inai.de> | 2012-09-28 10:52:32 +0200 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@inai.de> | 2012-09-30 11:32:49 +0200 |
| commit | faeaf11536f605ebb733d4d5f5ec2ca074d3f247 (patch) | |
| tree | 3e72fb71ffdd92b5141baeaf6d10502d248b3a1d | |
| parent | 4496801821c01e3934996b40e0012ddcb969a8df (diff) | |
doc: trim "state" manpage and reference conntrack instead
The module is practically obsolete, so just pinpoint to the replacement
in short order.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
| -rw-r--r-- | extensions/libxt_HMARK.man | 2 | ||||
| -rw-r--r-- | extensions/libxt_state.man | 28 |
2 files changed, 7 insertions, 23 deletions
diff --git a/extensions/libxt_HMARK.man b/extensions/libxt_HMARK.man index 0b418842..e7b5426d 100644 --- a/extensions/libxt_HMARK.man +++ b/extensions/libxt_HMARK.man @@ -52,7 +52,7 @@ A 32 bit random custom value to feed hash calculation. .PP \fIExamples:\fP .PP -iptables \-t mangle \-A PREROUTING \-m state \-\-state NEW +iptables \-t mangle \-A PREROUTING \-m conntrack \-\-ctstate NEW \-j HMARK \-\-hmark-tuple ct,src,dst,proto \-\-hmark-offset 10000 \-\-hmark\-mod 10 \-\-hmark\-rnd 0xfeedcafe .PP diff --git a/extensions/libxt_state.man b/extensions/libxt_state.man index 37d095bc..bd60468f 100644 --- a/extensions/libxt_state.man +++ b/extensions/libxt_state.man @@ -1,24 +1,8 @@ -This module, when combined with connection tracking, allows access to -the connection tracking state for this packet. +The "state" module is an obsolete version of "conntrack". +"state" allows access to the connection tracking state for this packet. .TP [\fB!\fP] \fB\-\-state\fP \fIstate\fP -Where state is a comma separated list of the connection states to -match. Possible states are -.B INVALID -meaning that the packet could not be identified for some reason which -includes running out of memory and ICMP errors which don't correspond to any -known connection, -.B ESTABLISHED -meaning that the packet is associated with a connection which has seen -packets in both directions, -.B NEW -meaning that the packet has started a new connection, or otherwise -associated with a connection which has not seen packets in both -directions, and -.B RELATED -meaning that the packet is starting a new connection, but is -associated with an existing connection, such as an FTP data transfer, -or an ICMP error. -.B UNTRACKED -meaning that the packet is not tracked at all, which happens if you use -the NOTRACK target in raw table. +Where state is a comma separated list of the connection states to match. Only a +subset of the states unterstood by "conntrack" are recognized: \fBINVALID\fP, +\fBESTABLISHED\fP, \fBNEW\fP, \fBRELATED\fP or \fBUNTRACKED\fP. For their +description, see the "conntrack" heading in this manpage. |