diff options
Diffstat (limited to 'extensions/libxt_conntrack.man')
| -rw-r--r-- | extensions/libxt_conntrack.man | 52 |
1 files changed, 26 insertions, 26 deletions
diff --git a/extensions/libxt_conntrack.man b/extensions/libxt_conntrack.man index ec51ef53..d37ed171 100644 --- a/extensions/libxt_conntrack.man +++ b/extensions/libxt_conntrack.man @@ -1,36 +1,36 @@ This module, when combined with connection tracking, allows access to the connection tracking state for this packet/connection. .TP -[\fB!\fR] \fB\-\-ctstate\fP \fIstatelist\fP -\fIstatelist\fR is a comma separated list of the connection states to match. +[\fB!\fP] \fB\-\-ctstate\fP \fIstatelist\fP +\fIstatelist\fP is a comma separated list of the connection states to match. Possible states are listed below. .TP -[\fB!\fR] \fB\-\-ctproto\fP \fIl4proto\fP +[\fB!\fP] \fB\-\-ctproto\fP \fIl4proto\fP Layer-4 protocol to match (by number or name) .TP -[\fB!\fR] \fB\-\-ctorigsrc\fP \fIaddress\fP[\fB/\fP\fImask\fP] +[\fB!\fP] \fB\-\-ctorigsrc\fP \fIaddress\fP[\fB/\fP\fImask\fP] .TP -[\fB!\fR] \fB\-\-ctorigdst\fP \fIaddress\fP[\fB/\fP\fImask\fP] +[\fB!\fP] \fB\-\-ctorigdst\fP \fIaddress\fP[\fB/\fP\fImask\fP] .TP -[\fB!\fR] \fB\-\-ctreplsrc\fP \fIaddress\fP[\fB/\fP\fImask\fP] +[\fB!\fP] \fB\-\-ctreplsrc\fP \fIaddress\fP[\fB/\fP\fImask\fP] .TP -[\fB!\fR] \fB\-\-ctrepldst\fP \fIaddress\fP[\fB/\fP\fImask\fP] +[\fB!\fP] \fB\-\-ctrepldst\fP \fIaddress\fP[\fB/\fP\fImask\fP] Match against original/reply source/destination address .TP -[\fB!\fR] \fB\-\-ctorigsrcport\fP \fIport\fP +[\fB!\fP] \fB\-\-ctorigsrcport\fP \fIport\fP .TP -[\fB!\fR] \fB\-\-ctorigdstport\fP \fIport\fP +[\fB!\fP] \fB\-\-ctorigdstport\fP \fIport\fP .TP -[\fB!\fR] \fB\-\-ctreplsrcport\fP \fIport\fP +[\fB!\fP] \fB\-\-ctreplsrcport\fP \fIport\fP .TP -[\fB!\fR] \fB\-\-ctrepldstport\fP \fIport\fP +[\fB!\fP] \fB\-\-ctrepldstport\fP \fIport\fP Match against original/reply source/destination port (TCP/UDP/etc.) or GRE key. .TP -[\fB!\fR] \fB\-\-ctstatus\fP \fIstatelist\fP -\fIstatuslist\fR is a comma separated list of the connection statuses to match. +[\fB!\fP] \fB\-\-ctstatus\fP \fIstatelist\fP +\fIstatuslist\fP is a comma separated list of the connection statuses to match. Possible statuses are listed below. .TP -[\fB!\fR] \fB\-\-ctexpire\fP \fItime\fP[\fB:\fP\fItime\fP] +[\fB!\fP] \fB\-\-ctexpire\fP \fItime\fP[\fB:\fP\fItime\fP] Match remaining lifetime in seconds against given value or range of values (inclusive) .TP @@ -40,46 +40,46 @@ specified at all, matches packets in both directions. .PP States for \fB\-\-ctstate\fP: .TP -\fBINVALID\fR +\fBINVALID\fP meaning that the packet is associated with no known connection .TP -\fBNEW\fR +\fBNEW\fP meaning that the packet has started a new connection, or otherwise associated with a connection which has not seen packets in both directions, and .TP -\fBESTABLISHED\fR +\fBESTABLISHED\fP meaning that the packet is associated with a connection which has seen packets in both directions, .TP -\fBRELATED\fR +\fBRELATED\fP meaning that the packet is starting a new connection, but is associated with an existing connection, such as an FTP data transfer, or an ICMP error. .TP -\fBUNTRACKED\fR +\fBUNTRACKED\fP meaning that the packet is not tracked at all, which happens if you use the NOTRACK target in raw table. .TP -\fBSNAT\fR +\fBSNAT\fP A virtual state, matching if the original source address differs from the reply destination. .TP -\fBDNAT\fR +\fBDNAT\fP A virtual state, matching if the original destination differs from the reply source. .PP Statuses for \fB\-\-ctstatus\fP: .TP -\fBNONE\fR +\fBNONE\fP None of the below. .TP -\fBEXPECTED\fR +\fBEXPECTED\fP This is an expected connection (i.e. a conntrack helper set it up) .TP -\fBSEEN_REPLY\fR +\fBSEEN_REPLY\fP Conntrack has seen packets in both directions. .TP -\fBASSURED\fR +\fBASSURED\fP Conntrack entry should never be early-expired. .TP -\fBCONFIRMED\fR +\fBCONFIRMED\fP Connection is confirmed: originating packet has left box. |