The original arptables tool is now the legacy version, let's rename it. A more uptodate client of the arptables tool is provided in the iptables tarball. The new tool was formerly known as arptables-compat. The new -legacy binary should have no problem if called via a symlink. Signed-off-by: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx> --- Makefile | 12 +- arptables-legacy.8 | 352 ++++++++++++++++++++++++++++++++++++++++++++++++++++ arptables.8 | 340 -------------------------------------------------- arptables.c | 2 4 files changed, 359 insertions(+), 347 deletions(-) create mode 100644 arptables-legacy.8 delete mode 100644 arptables.8 diff --git a/Makefile b/Makefile index 139c9ca..5f3f812 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,7 @@ man8dir=$(MANDIR)/man8 SYSCONFIGDIR:=/etc/sysconfig DESTDIR:= -MANS = arptables.8 arptables-save.8 arptables-restore.8 +MANS = arptables-legacy.8 arptables-save.8 arptables-restore.8 COPT_FLAGS:=-O2 CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include/ -Iinclude/ -DARPTABLES_VERSION=\"$(ARPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DARPTC_DEBUG @@ -21,7 +21,7 @@ endif include extensions/Makefile -all: arptables libarptc/libarptc.a +all: arptables-legacy libarptc/libarptc.a arptables.o: arptables.c $(CC) $(CFLAGS) -c -o $@ $< @@ -35,10 +35,10 @@ libarptc/libarptc.o: libarptc/libarptc.c libarptc/libarptc_incl.c libarptc/libarptc.a: libarptc/libarptc.o $(AR) rcs $@ $< -arptables: arptables-standalone.o arptables.o libarptc/libarptc.o $(EXT_OBJS) +arptables-legacy: arptables-standalone.o arptables.o libarptc/libarptc.o $(EXT_OBJS) $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ -$(DESTDIR)$(BINDIR)/arptables: arptables +$(DESTDIR)$(BINDIR)/arptables-legacy: arptables-legacy mkdir -p $(DESTDIR)$(BINDIR) install -m 0755 $< $@ @@ -58,11 +58,11 @@ install-man: $(MANS) install -m 0644 $^ $(DESTDIR)$(man8dir)/ .PHONY: install -install: install-man $(DESTDIR)$(BINDIR)/arptables scripts +install: install-man $(DESTDIR)$(BINDIR)/arptables-legacy scripts .PHONY: clean clean: - rm -f arptables + rm -f arptables-legacy rm -f *.o *~ rm -f extensions/*.o extensions/*~ rm -f libarptc/*.o libarptc/*~ libarptc/*.a diff --git a/arptables-legacy.8 b/arptables-legacy.8 new file mode 100644 index 0000000..3ce99e3 --- /dev/null +++ b/arptables-legacy.8 @@ -0,0 +1,352 @@ +.TH ARPTABLES 8 "June 2018" +.\" +.\" Man page originally written by Jochen Friedrich <jochen@xxxxxxxx>, +.\" maintained by Bart De Schuymer. +.\" It is based on the iptables man page. +.\" +.\" Iptables page by Herve Eychenne March 2000. +.\" +.\" This program is free software; you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation; either version 2 of the License, or +.\" (at your option) any later version. +.\" +.\" This program is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with this program; if not, write to the Free Software +.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +.\" +.\" +.SH NAME +arptables \- ARP table administration (legacy) +.SH SYNOPSIS +.BR "arptables " [ "-t table" ] " -" [ AD ] " chain rule-specification " [ options ] +.br +.BR "arptables " [ "-t table" ] " -" [ RI ] " chain rulenum rule-specification " [ options ] +.br +.BR "arptables " [ "-t table" ] " -D chain rulenum " [ options ] +.br +.BR "arptables " [ "-t table" ] " -" [ "LFZ" ] " " [ chain ] " " [ options ] +.br +.BR "arptables " [ "-t table" ] " -" [ "NX" ] " chain" +.br +.BR "arptables " [ "-t table" ] " -E old-chain-name new-chain-name" +.br +.BR "arptables " [ "-t table" ] " -P chain target " [ options ] + +.SH LEGACY +This tool uses the old xtables/setsockopt framework, and is a legacy version +of arptables. That means that a new, more modern tool exists with the same +functionality using the nf_tables framework and you are encouraged to migrate now. +The new binaries (formerly known as -compat) uses the same syntax and +semantics than this legacy one. + +You can still use this legacy tool. You should probably get some specific +information from your Linux distribution or vendor. +More docs are available at https://wiki.nftables.org + +.SH DESCRIPTION +.B arptables +is a user space tool, it is used to set up and maintain the +tables of ARP rules in the Linux kernel. These rules inspect +the ARP frames which they see. +.B arptables +is analogous to the +.B iptables +user space tool, but +.B arptables +is less complicated. + +.SS CHAINS +The kernel table is used to divide functionality into +different sets of rules. Each set of rules is called a chain. +Each chain is an ordered list of rules that can match ARP frames. If a +rule matches an ARP frame, then a processing specification tells +what to do with that matching frame. The processing specification is +called a 'target'. However, if the frame does not match the current +rule in the chain, then the next rule in the chain is examined and so forth. +The user can create new (user-defined) chains which can be used as the 'target' of a rule. + +.SS TARGETS +A firewall rule specifies criteria for an ARP frame and a frame +processing specification called a target. When a frame matches a rule, +then the next action performed by the kernel is specified by the target. +The target can be one of these values: +.IR ACCEPT , +.IR DROP , +.IR CONTINUE , +.IR RETURN , +an 'extension' (see below) or a user-defined chain. +.PP +.I ACCEPT +means to let the frame through. +.I DROP +means the frame has to be dropped. +.I CONTINUE +means the next rule has to be checked. This can be handy to know how many +frames pass a certain point in the chain or to log those frames. +.I RETURN +means stop traversing this chain and resume at the next rule in the +previous (calling) chain. +For the extension targets please see the +.B "TARGET EXTENSIONS" +section of this man page. +.SS TABLES +There is only one ARP table in the Linux +kernel. The table is +.BR filter. +You can drop the '-t filter' argument to the arptables command. +The -t argument must be the +first argument on the arptables command line, if used. +.TP +.B "-t, --table" +.br +.BR filter , +is the only table and contains two (Linux kernels 2.4.X) or three (Linux kernels 2.6.0 and later) built-in chains: +.B INPUT +(for frames destined for the host), +.B OUTPUT +(for locally-generated frames) and +.B FORWARD +(for frames being forwarded by the bridge code). The +.B FORWARD +chain doesn't exist in Linux 2.4.X kernels. +.br +.br +.SH ARPTABLES COMMAND LINE ARGUMENTS +After the initial arptables command line argument, the remaining +arguments can be divided into several different groups. These groups +are commands, miscellaneous commands, rule-specifications, match-extensions, +and watcher-extensions. +.SS COMMANDS +The arptables command arguments specify the actions to perform on the table +defined with the -t argument. If you do not use the -t argument to name +a table, the commands apply to the default filter table. +With the exception of the +.B "-Z" +command, only one command may be used on the command line at a time. +.TP +.B "-A, --append" +Append a rule to the end of the selected chain. +.TP +.B "-D, --delete" +Delete the specified rule from the selected chain. There are two ways to +use this command. The first is by specifying an interval of rule numbers +to delete, syntax: start_nr[:end_nr]. Using negative numbers is allowed, for more +details about using negative numbers, see the -I command. The second usage is by +specifying the complete rule as it would have been specified when it was added. +.TP +.B "-I, --insert" +Insert the specified rule into the selected chain at the specified rule number. +If the current number of rules equals N, then the specified number can be +between -N and N+1. For a positive number i, it holds that i and i-N-1 specify the +same place in the chain where the rule should be inserted. The number 0 specifies +the place past the last rule in the chain and using this number is therefore +equivalent with using the -A command. +.TP +.B "-R, --replace" +Replaces the specified rule into the selected chain at the specified rule number. +If the current number of rules equals N, then the specified number can be +between 1 and N. i specifies the place in the chain where the rule should be replaced. +.TP +.B "-P, --policy" +Set the policy for the chain to the given target. The policy can be +.BR ACCEPT ", " DROP " or " RETURN . +.TP +.B "-F, --flush" +Flush the selected chain. If no chain is selected, then every chain will be +flushed. Flushing the chain does not change the policy of the +chain, however. +.TP +.B "-Z, --zero" +Set the counters of the selected chain to zero. If no chain is selected, all the counters +are set to zero. The +.B "-Z" +command can be used in conjunction with the +.B "-L" +command. +When both the +.B "-Z" +and +.B "-L" +commands are used together in this way, the rule counters are printed on the screen +before they are set to zero. +.TP +.B "-L, --list" +List all rules in the selected chain. If no chain is selected, all chains +are listed. +.TP +.B "-N, --new-chain" +Create a new user-defined chain with the given name. The number of +user-defined chains is unlimited. A user-defined chain name has maximum +length of 31 characters. +.TP +.B "-X, --delete-chain" +Delete the specified user-defined chain. There must be no remaining references +to the specified chain, otherwise +.B arptables +will refuse to delete it. If no chain is specified, all user-defined +chains that aren't referenced will be removed. +.TP +.B "-E, --rename-chain" +Rename the specified chain to a new name. Besides renaming a user-defined +chain, you may rename a standard chain name to a name that suits your +taste. For example, if you like PREBRIDGING more than PREROUTING, +then you can use the -E command to rename the PREROUTING chain. If you do +rename one of the standard +.B arptables +chain names, please be sure to mention +this fact should you post a question on the +.B arptables +mailing lists. +It would be wise to use the standard name in your post. Renaming a standard +.B arptables +chain in this fashion has no effect on the structure or function +of the +.B arptables +kernel table. + +.SS MISCELLANOUS COMMANDS +.TP +.B "-V, --version" +Show the version of the arptables userspace program. +.TP +.B "-h, --help" +Give a brief description of the command syntax. +.TP +.BR "-j, --jump " "\fItarget\fP" +The target of the rule. This is one of the following values: +.BR ACCEPT , +.BR DROP , +.BR CONTINUE , +.BR RETURN , +a target extension (see +.BR "TARGET EXTENSIONS" ")" +or a user-defined chain name. +.TP +.BI "-c, --set-counters " "PKTS BYTES" +This enables the administrator to initialize the packet and byte +counters of a rule (during +.B INSERT, +.B APPEND, +.B REPLACE +operations). + +.SS RULE-SPECIFICATIONS +The following command line arguments make up a rule specification (as used +in the add and delete commands). A "!" option before the specification +inverts the test for that specification. Apart from these standard rule +specifications there are some other command line arguments of interest. +.TP +.BR "-s, --source-ip " "[!] \fIaddress\fP[/\fImask]\fP" +The Source IP specification. +.TP +.BR "-d, --destination-ip " "[!] \fIaddress\fP[/\fImask]\fP" +The Destination IP specification. +.TP +.BR "--source-mac " "[!] \fIaddress\fP[/\fImask\fP]" +The source mac address. Both mask and address are written as 6 hexadecimal +numbers separated by colons. +.TP +.BR "--destination-mac " "[!] \fIaddress\fP[/\fImask\fP]" +The destination mac address. Both mask and address are written as 6 hexadecimal +numbers separated by colons. +.TP +.BR "-i, --in-interface " "[!] \fIname\fP" +The interface via which a frame is received (for the +.BR INPUT " and " FORWARD +chains). The flag +.B --in-if +is an alias for this option. +.TP +.BR "-o, --out-interface " "[!] \fIname\fP" +The interface via which a frame is going to be sent (for the +.BR OUTPUT " and " FORWARD +chains). The flag +.B --out-if +is an alias for this option. +.TP +.BR "-l, --h-length " "\fIlength\fP[/\fImask\fP]" +The hardware length (nr of bytes) +.TP +.BR "--opcode " "\fIcode\fP[/\fImask\fP] +The operation code (2 bytes). Available values are: +.BR 1 = Request +.BR 2 = Reply +.BR 3 = Request_Reverse +.BR 4 = Reply_Reverse +.BR 5 = DRARP_Request +.BR 6 = DRARP_Reply +.BR 7 = DRARP_Error +.BR 8 = InARP_Request +.BR 9 = ARP_NAK . +.TP +.BR "--h-type " "\fItype\fP[/\fImask\fP]" +The hardware type (2 bytes, hexadecimal). Available values are: +.BR 1 = Ethernet . +.TP +.BR "--proto-type " "\fItype\fP[/\fImask\fP]" +The protocol type (2 bytes). Available values are: +.BR 0x800 = IPv4 . + +.SS TARGET-EXTENSIONS +.B arptables +extensions are precompiled into the userspace tool. So there is no need +to explicitly load them with a -m option like in +.BR iptables . +However, these +extensions deal with functionality supported by supplemental kernel modules. +.SS mangle +.TP +.BR "--mangle-ip-s IP address" +Mangles Source IP Address to given value. +.TP +.BR "--mangle-ip-d IP address" +Mangles Destination IP Address to given value. +.TP +.BR "--mangle-mac-s MAC address" +Mangles Source MAC Address to given value. +.TP +.BR "--mangle-mac-d MAC address" +Mangles Destination MAC Address to given value. +.TP +.BR "--mangle-target target " +Target of ARP mangle operation +.BR "" ( DROP ", " CONTINUE " or " ACCEPT " -- default is " ACCEPT ). +.SS CLASSIFY +This module allows you to set the skb->priority value (and thus clas- +sify the packet into a specific CBQ class). + +.TP +.BR "--set-class major:minor" + +Set the major and minor class value. The values are always +interpreted as hexadecimal even if no 0x prefix is given. + +.SS MARK +This module allows you to set the skb->mark value (and thus classify +the packet by the mark in u32) + +.TP +.BR "--set-mark mark" +Set the mark value. The values are always +interpreted as hexadecimal even if no 0x prefix is given + +.TP +.BR "--and-mark mark" +Binary AND the mark with bits. + +.TP +.BR "--or-mark mark" +Binary OR the mark with bits. + +.SH MAILINGLISTS +.BR "" "See " http://netfilter.org/mailinglists.html +.SH SEE ALSO +.BR iptables "(8), " ebtables "(8), " arp "(8), " rarp "(8), " ifconfig "(8), " route (8) +.PP +.BR "" "See " http://ebtables.sf.net diff --git a/arptables.8 b/arptables.8 deleted file mode 100644 index 676b884..0000000 --- a/arptables.8 +++ /dev/null @@ -1,340 +0,0 @@ -.TH ARPTABLES 8 "November 2011" -.\" -.\" Man page originally written by Jochen Friedrich <jochen@xxxxxxxx>, -.\" maintained by Bart De Schuymer. -.\" It is based on the iptables man page. -.\" -.\" Iptables page by Herve Eychenne March 2000. -.\" -.\" This program is free software; you can redistribute it and/or modify -.\" it under the terms of the GNU General Public License as published by -.\" the Free Software Foundation; either version 2 of the License, or -.\" (at your option) any later version. -.\" -.\" This program is distributed in the hope that it will be useful, -.\" but WITHOUT ANY WARRANTY; without even the implied warranty of -.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -.\" GNU General Public License for more details. -.\" -.\" You should have received a copy of the GNU General Public License -.\" along with this program; if not, write to the Free Software -.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -.\" -.\" -.SH NAME -arptables \- ARP table administration -.SH SYNOPSIS -.BR "arptables " [ "-t table" ] " -" [ AD ] " chain rule-specification " [ options ] -.br -.BR "arptables " [ "-t table" ] " -" [ RI ] " chain rulenum rule-specification " [ options ] -.br -.BR "arptables " [ "-t table" ] " -D chain rulenum " [ options ] -.br -.BR "arptables " [ "-t table" ] " -" [ "LFZ" ] " " [ chain ] " " [ options ] -.br -.BR "arptables " [ "-t table" ] " -" [ "NX" ] " chain" -.br -.BR "arptables " [ "-t table" ] " -E old-chain-name new-chain-name" -.br -.BR "arptables " [ "-t table" ] " -P chain target " [ options ] -.SH DESCRIPTION -.B arptables -is a user space tool, it is used to set up and maintain the -tables of ARP rules in the Linux kernel. These rules inspect -the ARP frames which they see. -.B arptables -is analogous to the -.B iptables -user space tool, but -.B arptables -is less complicated. - -.SS CHAINS -The kernel table is used to divide functionality into -different sets of rules. Each set of rules is called a chain. -Each chain is an ordered list of rules that can match ARP frames. If a -rule matches an ARP frame, then a processing specification tells -what to do with that matching frame. The processing specification is -called a 'target'. However, if the frame does not match the current -rule in the chain, then the next rule in the chain is examined and so forth. -The user can create new (user-defined) chains which can be used as the 'target' of a rule. - -.SS TARGETS -A firewall rule specifies criteria for an ARP frame and a frame -processing specification called a target. When a frame matches a rule, -then the next action performed by the kernel is specified by the target. -The target can be one of these values: -.IR ACCEPT , -.IR DROP , -.IR CONTINUE , -.IR RETURN , -an 'extension' (see below) or a user-defined chain. -.PP -.I ACCEPT -means to let the frame through. -.I DROP -means the frame has to be dropped. -.I CONTINUE -means the next rule has to be checked. This can be handy to know how many -frames pass a certain point in the chain or to log those frames. -.I RETURN -means stop traversing this chain and resume at the next rule in the -previous (calling) chain. -For the extension targets please see the -.B "TARGET EXTENSIONS" -section of this man page. -.SS TABLES -There is only one ARP table in the Linux -kernel. The table is -.BR filter. -You can drop the '-t filter' argument to the arptables command. -The -t argument must be the -first argument on the arptables command line, if used. -.TP -.B "-t, --table" -.br -.BR filter , -is the only table and contains two (Linux kernels 2.4.X) or three (Linux kernels 2.6.0 and later) built-in chains: -.B INPUT -(for frames destined for the host), -.B OUTPUT -(for locally-generated frames) and -.B FORWARD -(for frames being forwarded by the bridge code). The -.B FORWARD -chain doesn't exist in Linux 2.4.X kernels. -.br -.br -.SH ARPTABLES COMMAND LINE ARGUMENTS -After the initial arptables command line argument, the remaining -arguments can be divided into several different groups. These groups -are commands, miscellaneous commands, rule-specifications, match-extensions, -and watcher-extensions. -.SS COMMANDS -The arptables command arguments specify the actions to perform on the table -defined with the -t argument. If you do not use the -t argument to name -a table, the commands apply to the default filter table. -With the exception of the -.B "-Z" -command, only one command may be used on the command line at a time. -.TP -.B "-A, --append" -Append a rule to the end of the selected chain. -.TP -.B "-D, --delete" -Delete the specified rule from the selected chain. There are two ways to -use this command. The first is by specifying an interval of rule numbers -to delete, syntax: start_nr[:end_nr]. Using negative numbers is allowed, for more -details about using negative numbers, see the -I command. The second usage is by -specifying the complete rule as it would have been specified when it was added. -.TP -.B "-I, --insert" -Insert the specified rule into the selected chain at the specified rule number. -If the current number of rules equals N, then the specified number can be -between -N and N+1. For a positive number i, it holds that i and i-N-1 specify the -same place in the chain where the rule should be inserted. The number 0 specifies -the place past the last rule in the chain and using this number is therefore -equivalent with using the -A command. -.TP -.B "-R, --replace" -Replaces the specified rule into the selected chain at the specified rule number. -If the current number of rules equals N, then the specified number can be -between 1 and N. i specifies the place in the chain where the rule should be replaced. -.TP -.B "-P, --policy" -Set the policy for the chain to the given target. The policy can be -.BR ACCEPT ", " DROP " or " RETURN . -.TP -.B "-F, --flush" -Flush the selected chain. If no chain is selected, then every chain will be -flushed. Flushing the chain does not change the policy of the -chain, however. -.TP -.B "-Z, --zero" -Set the counters of the selected chain to zero. If no chain is selected, all the counters -are set to zero. The -.B "-Z" -command can be used in conjunction with the -.B "-L" -command. -When both the -.B "-Z" -and -.B "-L" -commands are used together in this way, the rule counters are printed on the screen -before they are set to zero. -.TP -.B "-L, --list" -List all rules in the selected chain. If no chain is selected, all chains -are listed. -.TP -.B "-N, --new-chain" -Create a new user-defined chain with the given name. The number of -user-defined chains is unlimited. A user-defined chain name has maximum -length of 31 characters. -.TP -.B "-X, --delete-chain" -Delete the specified user-defined chain. There must be no remaining references -to the specified chain, otherwise -.B arptables -will refuse to delete it. If no chain is specified, all user-defined -chains that aren't referenced will be removed. -.TP -.B "-E, --rename-chain" -Rename the specified chain to a new name. Besides renaming a user-defined -chain, you may rename a standard chain name to a name that suits your -taste. For example, if you like PREBRIDGING more than PREROUTING, -then you can use the -E command to rename the PREROUTING chain. If you do -rename one of the standard -.B arptables -chain names, please be sure to mention -this fact should you post a question on the -.B arptables -mailing lists. -It would be wise to use the standard name in your post. Renaming a standard -.B arptables -chain in this fashion has no effect on the structure or function -of the -.B arptables -kernel table. - -.SS MISCELLANOUS COMMANDS -.TP -.B "-V, --version" -Show the version of the arptables userspace program. -.TP -.B "-h, --help" -Give a brief description of the command syntax. -.TP -.BR "-j, --jump " "\fItarget\fP" -The target of the rule. This is one of the following values: -.BR ACCEPT , -.BR DROP , -.BR CONTINUE , -.BR RETURN , -a target extension (see -.BR "TARGET EXTENSIONS" ")" -or a user-defined chain name. -.TP -.BI "-c, --set-counters " "PKTS BYTES" -This enables the administrator to initialize the packet and byte -counters of a rule (during -.B INSERT, -.B APPEND, -.B REPLACE -operations). - -.SS RULE-SPECIFICATIONS -The following command line arguments make up a rule specification (as used -in the add and delete commands). A "!" option before the specification -inverts the test for that specification. Apart from these standard rule -specifications there are some other command line arguments of interest. -.TP -.BR "-s, --source-ip " "[!] \fIaddress\fP[/\fImask]\fP" -The Source IP specification. -.TP -.BR "-d, --destination-ip " "[!] \fIaddress\fP[/\fImask]\fP" -The Destination IP specification. -.TP -.BR "--source-mac " "[!] \fIaddress\fP[/\fImask\fP]" -The source mac address. Both mask and address are written as 6 hexadecimal -numbers separated by colons. -.TP -.BR "--destination-mac " "[!] \fIaddress\fP[/\fImask\fP]" -The destination mac address. Both mask and address are written as 6 hexadecimal -numbers separated by colons. -.TP -.BR "-i, --in-interface " "[!] \fIname\fP" -The interface via which a frame is received (for the -.BR INPUT " and " FORWARD -chains). The flag -.B --in-if -is an alias for this option. -.TP -.BR "-o, --out-interface " "[!] \fIname\fP" -The interface via which a frame is going to be sent (for the -.BR OUTPUT " and " FORWARD -chains). The flag -.B --out-if -is an alias for this option. -.TP -.BR "-l, --h-length " "\fIlength\fP[/\fImask\fP]" -The hardware length (nr of bytes) -.TP -.BR "--opcode " "\fIcode\fP[/\fImask\fP] -The operation code (2 bytes). Available values are: -.BR 1 = Request -.BR 2 = Reply -.BR 3 = Request_Reverse -.BR 4 = Reply_Reverse -.BR 5 = DRARP_Request -.BR 6 = DRARP_Reply -.BR 7 = DRARP_Error -.BR 8 = InARP_Request -.BR 9 = ARP_NAK . -.TP -.BR "--h-type " "\fItype\fP[/\fImask\fP]" -The hardware type (2 bytes, hexadecimal). Available values are: -.BR 1 = Ethernet . -.TP -.BR "--proto-type " "\fItype\fP[/\fImask\fP]" -The protocol type (2 bytes). Available values are: -.BR 0x800 = IPv4 . - -.SS TARGET-EXTENSIONS -.B arptables -extensions are precompiled into the userspace tool. So there is no need -to explicitly load them with a -m option like in -.BR iptables . -However, these -extensions deal with functionality supported by supplemental kernel modules. -.SS mangle -.TP -.BR "--mangle-ip-s IP address" -Mangles Source IP Address to given value. -.TP -.BR "--mangle-ip-d IP address" -Mangles Destination IP Address to given value. -.TP -.BR "--mangle-mac-s MAC address" -Mangles Source MAC Address to given value. -.TP -.BR "--mangle-mac-d MAC address" -Mangles Destination MAC Address to given value. -.TP -.BR "--mangle-target target " -Target of ARP mangle operation -.BR "" ( DROP ", " CONTINUE " or " ACCEPT " -- default is " ACCEPT ). -.SS CLASSIFY -This module allows you to set the skb->priority value (and thus clas- -sify the packet into a specific CBQ class). - -.TP -.BR "--set-class major:minor" - -Set the major and minor class value. The values are always -interpreted as hexadecimal even if no 0x prefix is given. - -.SS MARK -This module allows you to set the skb->mark value (and thus classify -the packet by the mark in u32) - -.TP -.BR "--set-mark mark" -Set the mark value. The values are always -interpreted as hexadecimal even if no 0x prefix is given - -.TP -.BR "--and-mark mark" -Binary AND the mark with bits. - -.TP -.BR "--or-mark mark" -Binary OR the mark with bits. - -.SH MAILINGLISTS -.BR "" "See " http://netfilter.org/mailinglists.html -.SH SEE ALSO -.BR iptables "(8), " ebtables "(8), " arp "(8), " rarp "(8), " ifconfig "(8), " route (8) -.PP -.BR "" "See " http://ebtables.sf.net diff --git a/arptables.c b/arptables.c index 4e9af67..09c9ca2 100644 --- a/arptables.c +++ b/arptables.c @@ -468,7 +468,7 @@ exit_printhelp(void) struct arptables_target *t = NULL; int i; - printf("%s v%s\n\n" + printf("%s v%s (legacy)\n\n" "Usage: %s -[AD] chain rule-specification [options]\n" " %s -[RI] chain rulenum rule-specification [options]\n" " %s -D chain rulenum [options]\n" -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html