path: root/
diff options
Diffstat (limited to '')
1 files changed, 21 insertions, 4 deletions
diff --git a/ b/
index 246c7915..bf24d551 100644
--- a/
+++ b/
@@ -1,4 +1,4 @@
-.TH IP6TABLES 8 "Mar 09, 2002" "" ""
+.TH IP6TABLES 8 "Jan 22, 2006" "" ""
.\" Man page written by Andras Kis-Szabo <>
.\" It is based on iptables man page.
@@ -131,6 +131,16 @@ Since kernel 2.4.18, three other built-in chains are also supported:
(for altering packets being routed through the box), and
(for altering packets as they are about to go out).
+.BR "raw" :
+This table is used mainly for configuring exemptions from connection
+tracking in combination with the NOTRACK target. It registers at the netfilter
+hooks with higher priority and is thus called before nf_conntrack, or any other
+IP6 tables. It provides the following built-in chains:
+(for packets arriving via any network interface)
+(for packets generated by local processes)
The options that are recognized by
@@ -231,11 +241,18 @@ The protocol of the rule or of the packet to check.
The specified protocol can be one of
.IR tcp ,
.IR udp ,
-.IR ipv6-icmp|icmpv6 ,
+.IR icmpv6 ,
+.IR esp ,
.IR all ,
or it can be a numeric value, representing one of these protocols or a
-different one. A protocol name from /etc/protocols is also allowed.
+different one. A protocol name from /etc/protocols is also allowed.
+But IPv6 extension headers except
+.IR esp
+are not allowed.
+.IR esp ,
+.IR ipv6-nonext
+can be used with Kernel version 2.6.11 or later.
A "!" argument before the protocol inverts the
test. The number zero is equivalent to
.IR all .