path: root/extensions/
diff options
authorJan Engelhardt <>2008-01-29 13:37:21 +0000
committerPatrick McHardy <>2008-01-29 13:37:21 +0000
commita8ad34cf11540d147b8aded6826a1452841d2aa7 (patch)
tree463c2bf3e811e918d07ba50120700ad8d971ea83 /extensions/
parentff068719055ae2327d94c79048381c09d3b744c4 (diff)
[IPTABLES]: libxt_conntrack revision 1
Add support for xt_conntrack match revision 1. Signed-off-by: Jan Engelhardt <>
Diffstat (limited to 'extensions/')
1 files changed, 14 insertions, 4 deletions
diff --git a/extensions/ b/extensions/
index b852bca9..17c6dd20 100644
--- a/extensions/
+++ b/extensions/
@@ -9,16 +9,22 @@ Possible states are listed below.
Layer-4 protocol to match (by number or name)
[\fB!\fR] \fB--ctorigsrc\fR \fIaddress\fR[\fB/\fR\fImask\fR]
-Match against original source address
[\fB!\fR] \fB--ctorigdst\fR \fIaddress\fR[\fB/\fR\fImask\fR]
-Match against original destination address
[\fB!\fR] \fB--ctreplsrc\fR \fIaddress\fR[\fB/\fR\fImask\fR]
-Match against reply source address
[\fB!\fR] \fB--ctrepldst\fR \fIaddress\fR[\fB/\fR\fImask\fR]
-Match against reply destination address
+Match against original/reply source/destination address
+[\fB!\fR] \fB--ctorigsrcport\fR \fIport\fR
+[\fB!\fR] \fB--ctorigdstport\fR \fIport\fR
+[\fB!\fR] \fB--ctreplsrcport\fR \fIport\fR
+[\fB!\fR] \fB--ctrepldstport\fR \fIport\fR
+Match against original/reply source/destination port (TCP/UDP/etc.) or GRE key.
[\fB!\fR] \fB--ctstatus\fR \fIstatelist\fR
\fIstatuslist\fR is a comma separated list of the connection statuses to match.
@@ -27,6 +33,10 @@ Possible statuses are listed below.
[\fB!\fR] \fB--ctexpire\fR \fItime\fR[\fB:\fR\fItime\fR]
Match remaining lifetime in seconds against given value or range of values
+\fB--ctdir\fR {\fBORIGINAL\fR|\fBREPLY\fR}
+Match packets that are flowing in the specified direction. If this flag is not
+specified at all, matches packets in both directions.
States for \fB--ctstate\fR: