summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--TODO5
-rw-r--r--iptables.85
2 files changed, 8 insertions, 2 deletions
diff --git a/TODO b/TODO
index 8b141f3c..f00173a3 100644
--- a/TODO
+++ b/TODO
@@ -4,10 +4,11 @@ Currently maintained by Harald Welte <laforge@gnumonks.org>
Please inform me, if you want to work on any of the TODO items, so I
can update this list and thus prevent two people doing the same work.
-CVS ID: $Id: TODO,v 1.37 2001/05/25 12:24:20 jamesm Exp $
+CVS ID: $Id: TODO,v 1.38 2001/05/26 20:31:59 laforge Exp $
IMPORTANT issues:
- solution for nostate / notrack (we don't want to track specific conn's)
+- iptables-save/restore problems with log-level
- multiple related connections [HW]
- ip_conntrack rmmod loop (sometimes, Yan's patch?)
- conntrack helper not called for first packet (udp!)
@@ -27,8 +28,10 @@ X reject-with on REJECT target doesn't work [HW]
- IPv6 REJECT target doesn't have extension plugin ?!?
- colon inside prefix doesn't work
- pending minor ip_queue updates [JM]
+- --mac-source not working in FORWARD (manpage bug?)
NICE to have:
+- interface names in ipv6 can contain _ and -
- multicast connection tracking
- sysctl support for ftp-multi, irc-conntrack/nat, ftp-fxp
- integrate HOPLIMIT for ipv6 in patch-o-matic [HW]
diff --git a/iptables.8 b/iptables.8
index 94dbe179..08cb8a7f 100644
--- a/iptables.8
+++ b/iptables.8
@@ -86,16 +86,19 @@ loading, an attempt will be made to load the appropriate module for
that table if it is not already there.
The tables are as follows:
+.TP
.BR "filter"
This is the default table. It contains the built-in chains INPUT (for
packets coming into the box itself), FORWARD (for packets being routed
through the box), and OUTPUT (for locally-generated packets).
+.TP
.BR "nat"
This table is consulted when a packet that creates a new
connection is encountered. It consists of three built-ins: PREROUTING
(for altering packets as soon as they come in), OUTPUT (for altering
locally-generated packets before routing), and POSTROUTING (for
altering packets as they are about to go out).
+.TP
.BR "mangle"
This table is used for specialized packet alteration. It has two
built-in chains: PREROUTING (for altering incoming packets before
@@ -456,7 +459,7 @@ target below).
.TP
.BI "--mark " "value[/mask]"
Matches packets with the given unsigned mark value (if a mask is
-specified, this is logically ANDed with the mark before the
+specified, this is logically ANDed with the mask before the
comparison).
.SS owner
This module attempts to match various characteristics of the packet