From 87d4be4a567e1d7a6c8827513f431df036334cc8 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Thu, 5 Jul 2001 06:26:37 +0000 Subject: todo update, manpage spelling fix --- TODO | 5 ++++- iptables.8 | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/TODO b/TODO index 8b141f3c..f00173a3 100644 --- a/TODO +++ b/TODO @@ -4,10 +4,11 @@ Currently maintained by Harald Welte Please inform me, if you want to work on any of the TODO items, so I can update this list and thus prevent two people doing the same work. -CVS ID: $Id: TODO,v 1.37 2001/05/25 12:24:20 jamesm Exp $ +CVS ID: $Id: TODO,v 1.38 2001/05/26 20:31:59 laforge Exp $ IMPORTANT issues: - solution for nostate / notrack (we don't want to track specific conn's) +- iptables-save/restore problems with log-level - multiple related connections [HW] - ip_conntrack rmmod loop (sometimes, Yan's patch?) - conntrack helper not called for first packet (udp!) @@ -27,8 +28,10 @@ X reject-with on REJECT target doesn't work [HW] - IPv6 REJECT target doesn't have extension plugin ?!? - colon inside prefix doesn't work - pending minor ip_queue updates [JM] +- --mac-source not working in FORWARD (manpage bug?) NICE to have: +- interface names in ipv6 can contain _ and - - multicast connection tracking - sysctl support for ftp-multi, irc-conntrack/nat, ftp-fxp - integrate HOPLIMIT for ipv6 in patch-o-matic [HW] diff --git a/iptables.8 b/iptables.8 index 94dbe179..08cb8a7f 100644 --- a/iptables.8 +++ b/iptables.8 @@ -86,16 +86,19 @@ loading, an attempt will be made to load the appropriate module for that table if it is not already there. The tables are as follows: +.TP .BR "filter" This is the default table. It contains the built-in chains INPUT (for packets coming into the box itself), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets). +.TP .BR "nat" This table is consulted when a packet that creates a new connection is encountered. It consists of three built-ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out). +.TP .BR "mangle" This table is used for specialized packet alteration. It has two built-in chains: PREROUTING (for altering incoming packets before @@ -456,7 +459,7 @@ target below). .TP .BI "--mark " "value[/mask]" Matches packets with the given unsigned mark value (if a mask is -specified, this is logically ANDed with the mark before the +specified, this is logically ANDed with the mask before the comparison). .SS owner This module attempts to match various characteristics of the packet -- cgit v1.2.3