path: root/extensions/
diff options
authorPatrick McHardy <>2011-01-20 11:45:12 +0100
committerPatrick McHardy <>2011-01-20 11:45:12 +0100
commitc8f28cc8b84133f20421470e9a61a5a0c78b9c4a (patch)
tree33dad1ba8b9f99520a772c85406024b6843fd215 /extensions/
parent6924b4987d88fbe383bec4da4cf331cc466c245e (diff)
extensions: libxt_conntrack: add support for specifying port ranges
Add support for revision 3 of the conntrack match, which allows to specify port ranges for origsrc/origdst/replsrc/repldst. Signed-off-by: Patrick McHardy <>
Diffstat (limited to 'extensions/')
1 files changed, 5 insertions, 4 deletions
diff --git a/extensions/ b/extensions/
index d37ed171..c397f742 100644
--- a/extensions/
+++ b/extensions/
@@ -17,14 +17,15 @@ Layer-4 protocol to match (by number or name)
[\fB!\fP] \fB\-\-ctrepldst\fP \fIaddress\fP[\fB/\fP\fImask\fP]
Match against original/reply source/destination address
-[\fB!\fP] \fB\-\-ctorigsrcport\fP \fIport\fP
+[\fB!\fP] \fB\-\-ctorigsrcport\fP \fIport\fP[\fB:\fP\fIport\fP]
-[\fB!\fP] \fB\-\-ctorigdstport\fP \fIport\fP
+[\fB!\fP] \fB\-\-ctorigdstport\fP \fIport\fP[\fB:\fP\fIport\fP]
-[\fB!\fP] \fB\-\-ctreplsrcport\fP \fIport\fP
+[\fB!\fP] \fB\-\-ctreplsrcport\fP \fIport\fP[\fB:\fP\fIport\fP]
-[\fB!\fP] \fB\-\-ctrepldstport\fP \fIport\fP
+[\fB!\fP] \fB\-\-ctrepldstport\fP \fIport\fP[\fB:\fP\fIport\fP]
Match against original/reply source/destination port (TCP/UDP/etc.) or GRE key.
+Matching against port ranges is only supported in kernel versions above 2.6.38.
[\fB!\fP] \fB\-\-ctstatus\fP \fIstatelist\fP
\fIstatuslist\fP is a comma separated list of the connection statuses to match.