path: root/extensions/
diff options
authorFlorian Westphal <>2013-07-15 16:35:08 +0200
committerFlorian Westphal <>2013-07-16 00:54:05 +0200
commit51340f7b6a1103b12d86ef488f7140406d80401e (patch)
tree7409fe790b3c57097a50db28bead4aa87ff37a53 /extensions/
parenta963e217528d2849f32ec6516a1f82450c65f588 (diff)
extensions: libxt_connlabel: use libnetfilter_conntrack
Pablo suggested to make it depend on lnf-conntrack, and get rid of the example config file as well. The problem is that the file must be in a fixed path, /etc/xtables/connlabel.conf, else userspace needs to "guess-the-right-file" when translating names to their bit values (and vice versa). Originally "make install" did put an example file into /etc/xtables/, but distributors complained about iptables ignoring the sysconfdir. So rather remove the example file, the man-page explains the format, and connlabels are inherently system-specific anyway. Signed-off-by: Florian Westphal <>
Diffstat (limited to 'extensions/')
1 files changed, 1 insertions, 0 deletions
diff --git a/extensions/ b/extensions/
index 9fd2043d..bdaa51e8 100644
--- a/extensions/
+++ b/extensions/
@@ -17,6 +17,7 @@ the time the connection is created.
In this case, the match will fail (or succeed, in case \fB\-\-label\fP
option was negated).
+This match depends on libnetfilter_conntrack 1.0.4 or later.
Label translation is done via the \fB/etc/xtables/connlabel.conf\fP configuration file.