2 files changed, 8 insertions, 2 deletions
@@ -4,10 +4,11 @@ Currently maintained by Harald Welte <firstname.lastname@example.org>
Please inform me, if you want to work on any of the TODO items, so I
can update this list and thus prevent two people doing the same work.
-CVS ID: $Id: TODO,v 1.37 2001/05/25 12:24:20 jamesm Exp $
+CVS ID: $Id: TODO,v 1.38 2001/05/26 20:31:59 laforge Exp $
- solution for nostate / notrack (we don't want to track specific conn's)
+- iptables-save/restore problems with log-level
- multiple related connections [HW]
- ip_conntrack rmmod loop (sometimes, Yan's patch?)
- conntrack helper not called for first packet (udp!)
@@ -27,8 +28,10 @@ X reject-with on REJECT target doesn't work [HW]
- IPv6 REJECT target doesn't have extension plugin ?!?
- colon inside prefix doesn't work
- pending minor ip_queue updates [JM]
+- --mac-source not working in FORWARD (manpage bug?)
NICE to have:
+- interface names in ipv6 can contain _ and -
- multicast connection tracking
- sysctl support for ftp-multi, irc-conntrack/nat, ftp-fxp
- integrate HOPLIMIT for ipv6 in patch-o-matic [HW]
@@ -86,16 +86,19 @@ loading, an attempt will be made to load the appropriate module for
that table if it is not already there.
The tables are as follows:
This is the default table. It contains the built-in chains INPUT (for
packets coming into the box itself), FORWARD (for packets being routed
through the box), and OUTPUT (for locally-generated packets).
This table is consulted when a packet that creates a new
connection is encountered. It consists of three built-ins: PREROUTING
(for altering packets as soon as they come in), OUTPUT (for altering
locally-generated packets before routing), and POSTROUTING (for
altering packets as they are about to go out).
This table is used for specialized packet alteration. It has two
built-in chains: PREROUTING (for altering incoming packets before
@@ -456,7 +459,7 @@ target below).
.BI "--mark " "value[/mask]"
Matches packets with the given unsigned mark value (if a mask is
-specified, this is logically ANDed with the mark before the
+specified, this is logically ANDed with the mask before the
This module attempts to match various characteristics of the packet