From faeaf11536f605ebb733d4d5f5ec2ca074d3f247 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 28 Sep 2012 10:52:32 +0200 Subject: doc: trim "state" manpage and reference conntrack instead The module is practically obsolete, so just pinpoint to the replacement in short order. Signed-off-by: Jan Engelhardt --- extensions/libxt_HMARK.man | 2 +- extensions/libxt_state.man | 28 ++++++---------------------- 2 files changed, 7 insertions(+), 23 deletions(-) (limited to 'extensions') diff --git a/extensions/libxt_HMARK.man b/extensions/libxt_HMARK.man index 0b418842..e7b5426d 100644 --- a/extensions/libxt_HMARK.man +++ b/extensions/libxt_HMARK.man @@ -52,7 +52,7 @@ A 32 bit random custom value to feed hash calculation. .PP \fIExamples:\fP .PP -iptables \-t mangle \-A PREROUTING \-m state \-\-state NEW +iptables \-t mangle \-A PREROUTING \-m conntrack \-\-ctstate NEW \-j HMARK \-\-hmark-tuple ct,src,dst,proto \-\-hmark-offset 10000 \-\-hmark\-mod 10 \-\-hmark\-rnd 0xfeedcafe .PP diff --git a/extensions/libxt_state.man b/extensions/libxt_state.man index 37d095bc..bd60468f 100644 --- a/extensions/libxt_state.man +++ b/extensions/libxt_state.man @@ -1,24 +1,8 @@ -This module, when combined with connection tracking, allows access to -the connection tracking state for this packet. +The "state" module is an obsolete version of "conntrack". +"state" allows access to the connection tracking state for this packet. .TP [\fB!\fP] \fB\-\-state\fP \fIstate\fP -Where state is a comma separated list of the connection states to -match. Possible states are -.B INVALID -meaning that the packet could not be identified for some reason which -includes running out of memory and ICMP errors which don't correspond to any -known connection, -.B ESTABLISHED -meaning that the packet is associated with a connection which has seen -packets in both directions, -.B NEW -meaning that the packet has started a new connection, or otherwise -associated with a connection which has not seen packets in both -directions, and -.B RELATED -meaning that the packet is starting a new connection, but is -associated with an existing connection, such as an FTP data transfer, -or an ICMP error. -.B UNTRACKED -meaning that the packet is not tracked at all, which happens if you use -the NOTRACK target in raw table. +Where state is a comma separated list of the connection states to match. Only a +subset of the states unterstood by "conntrack" are recognized: \fBINVALID\fP, +\fBESTABLISHED\fP, \fBNEW\fP, \fBRELATED\fP or \fBUNTRACKED\fP. For their +description, see the "conntrack" heading in this manpage. -- cgit v1.2.3