Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx> --- extensions/libxt_CT.c | 2 +- extensions/libxt_CT.man | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletions(-) create mode 100644 extensions/libxt_CT.man diff --git a/extensions/libxt_CT.c b/extensions/libxt_CT.c index 79fa8d0..0b40fc6 100644 --- a/extensions/libxt_CT.c +++ b/extensions/libxt_CT.c @@ -13,7 +13,7 @@ static void ct_help(void) "CT target options:\n" " --notrack Don't track connection\n" " --helper name Use conntrack helper 'name' for connection\n" -" --ctevents event[,event...] Generate specified conntrack vents for connection\n" +" --ctevents event[,event...] Generate specified conntrack events for connection\n" " --expevents event[,event...] Generate specified expectation events for connection\n" " --zone ID Assign/Lookup connection in zone ID\n" ); diff --git a/extensions/libxt_CT.man b/extensions/libxt_CT.man new file mode 100644 index 0000000..ff258b7 --- /dev/null +++ b/extensions/libxt_CT.man @@ -0,0 +1,25 @@ +The CT target allows to set parameters for a packet or its associated +connection. The target attaches a "template" connection tracking entry to +the packet, which is then used by the conntrack core when initializing +a new ct entry. This target is thus only valid in the "raw" table. +.TP +\fB\-\-notrack\fP +Disables connection tracking for this packet. +.TP +\fB\-\-helper\fP \fIname\fP +Use the helper identified by \fIname\fP for the connection. This is more +flexible than loading the conntrack helper modules with preset ports. +.TP +\fB\-\-ctevents\fP \fIevent\fP[\fB,\fP...] +Only generate the specified conntrack events for this connection. Possible +event types are: \fBnew\fP, \fBrelated\fP, \fBdestroy\fP, \fBreply\fP, +\fBassured\fP, \fBprotoinfo\fP, \fBhelper\fP, \fBmark\fP (this refers to +the ctmark, not nfmark), \fBnatseqinfo\fP, \fBsecmark\fP (ctsecmark). +.TP +\fB\-\-expevents\fP \fIevent\fP[\fB,\fP...] +Only generate the specified expectation events for this connection. +Possible event types are: \fBnew\fP. +.TP +\fB\-\-zone\fP \fIid\fP +Assign this packet to zone \fIid\fP and only have lookups done in that zone. +By default, packets have zone 0. -- 1.7.0.2 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html