From 28e5b79eee634792b81bae754a321543cb29539e Mon Sep 17 00:00:00 2001 From: Yasuyuki KOZAKAI Date: Mon, 30 Jan 2006 08:50:09 +0000 Subject: major manpage update (Yasuyuki Kozakai) --- ip6tables.8.in | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) (limited to 'ip6tables.8.in') diff --git a/ip6tables.8.in b/ip6tables.8.in index 246c7915..bf24d551 100644 --- a/ip6tables.8.in +++ b/ip6tables.8.in @@ -1,4 +1,4 @@ -.TH IP6TABLES 8 "Mar 09, 2002" "" "" +.TH IP6TABLES 8 "Jan 22, 2006" "" "" .\" .\" Man page written by Andras Kis-Szabo .\" It is based on iptables man page. @@ -131,6 +131,16 @@ Since kernel 2.4.18, three other built-in chains are also supported: (for altering packets being routed through the box), and .B POSTROUTING (for altering packets as they are about to go out). +.TP +.BR "raw" : +This table is used mainly for configuring exemptions from connection +tracking in combination with the NOTRACK target. It registers at the netfilter +hooks with higher priority and is thus called before nf_conntrack, or any other +IP6 tables. It provides the following built-in chains: +.B PREROUTING +(for packets arriving via any network interface) +.B OUTPUT +(for packets generated by local processes) .RE .SH OPTIONS The options that are recognized by @@ -231,11 +241,18 @@ The protocol of the rule or of the packet to check. The specified protocol can be one of .IR tcp , .IR udp , -.IR ipv6-icmp|icmpv6 , -or +.IR icmpv6 , +.IR esp , .IR all , or it can be a numeric value, representing one of these protocols or a -different one. A protocol name from /etc/protocols is also allowed. +different one. A protocol name from /etc/protocols is also allowed. +But IPv6 extension headers except +.IR esp +are not allowed. +.IR esp , +and +.IR ipv6-nonext +can be used with Kernel version 2.6.11 or later. A "!" argument before the protocol inverts the test. The number zero is equivalent to .IR all . -- cgit v1.2.3