diff options
author | Daniel Borkmann <daniel@iogearbox.net> | 2015-08-24 17:38:15 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-09-29 20:37:25 +0200 |
commit | c1b62f09259cdfa618cf63032de67689c991bd3e (patch) | |
tree | 7b0e952175af953d1c80ac2bc92b525e86ad8d4b /extensions/libxt_CT.man | |
parent | 16e46548499d336899ee051e805ae4e5c92cc403 (diff) |
libxt_CT: add support for recently introduced zone options
This adds the user space front-end and man-page bits for the additional
zone features (direction, mark) of the CT target.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libxt_CT.man')
-rw-r--r-- | extensions/libxt_CT.man | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/extensions/libxt_CT.man b/extensions/libxt_CT.man index a93eb149..e992120a 100644 --- a/extensions/libxt_CT.man +++ b/extensions/libxt_CT.man @@ -20,9 +20,21 @@ the ctmark, not nfmark), \fBnatseqinfo\fP, \fBsecmark\fP (ctsecmark). Only generate the specified expectation events for this connection. Possible event types are: \fBnew\fP. .TP -\fB\-\-zone\fP \fIid\fP +\fB\-\-zone-orig\fP {\fIid\fP|\fBmark\fP} +For traffic coming from ORIGINAL direction, assign this packet to zone +\fIid\fP and only have lookups done in that zone. If \fBmark\fP is used +instead of \fIid\fP, the zone is derived from the packet nfmark. +.TP +\fB\-\-zone-reply\fP {\fIid\fP|\fBmark\fP} +For traffic coming from REPLY direction, assign this packet to zone +\fIid\fP and only have lookups done in that zone. If \fBmark\fP is used +instead of \fIid\fP, the zone is derived from the packet nfmark. +.TP +\fB\-\-zone\fP {\fIid\fP|\fBmark\fP} Assign this packet to zone \fIid\fP and only have lookups done in that zone. -By default, packets have zone 0. +If \fBmark\fP is used instead of \fIid\fP, the zone is derived from the +packet nfmark. By default, packets have zone 0. This option applies to both +directions. .TP \fB\-\-timeout\fP \fIname\fP Use the timeout policy identified by \fIname\fP for the connection. This is |