authorFlorian Westphal <>2013-07-15 16:35:08 +0200
committerFlorian Westphal <>2013-07-16 00:54:05 +0200
commit51340f7b6a1103b12d86ef488f7140406d80401e (patch)
extensions: libxt_connlabel: use libnetfilter_conntrack
Pablo suggested to make it depend on lnf-conntrack, and get rid of the example config file as well. The problem is that the file must be in a fixed path, /etc/xtables/connlabel.conf, else userspace needs to "guess-the-right-file" when translating names to their bit values (and vice versa). Originally "make install" did put an example file into /etc/xtables/, but distributors complained about iptables ignoring the sysconfdir. So rather remove the example file, the man-page explains the format, and connlabels are inherently system-specific anyway. Signed-off-by: Florian Westphal <>
@@ -17,6 +17,7 @@ the time the connection is created.
In this case, the match will fail (or succeed, in case \fB\-\-label\fP
option was negated).
+This match depends on libnetfilter_conntrack 1.0.4 or later.
Label translation is done via the \fB/etc/xtables/connlabel.conf\fP configuration file.