[arptables PATCH] arptables: legacy renaming

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The original arptables tool is now the legacy version, let's rename it.

A more uptodate client of the arptables tool is provided in the iptables
tarball. The new tool was formerly known as arptables-compat.

The new -legacy binary should have no problem if called via a symlink.

Signed-off-by: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
---
 Makefile           |   12 +-
 arptables-legacy.8 |  352 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 arptables.8        |  340 --------------------------------------------------
 arptables.c        |    2 
 4 files changed, 359 insertions(+), 347 deletions(-)
 create mode 100644 arptables-legacy.8
 delete mode 100644 arptables.8

diff --git a/Makefile b/Makefile
index 139c9ca..5f3f812 100644
--- a/Makefile
+++ b/Makefile
@@ -10,7 +10,7 @@ man8dir=$(MANDIR)/man8
 SYSCONFIGDIR:=/etc/sysconfig
 DESTDIR:=
 
-MANS = arptables.8 arptables-save.8 arptables-restore.8
+MANS = arptables-legacy.8 arptables-save.8 arptables-restore.8
 
 COPT_FLAGS:=-O2
 CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include/ -Iinclude/ -DARPTABLES_VERSION=\"$(ARPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DARPTC_DEBUG
@@ -21,7 +21,7 @@ endif
 
 include extensions/Makefile
 
-all: arptables libarptc/libarptc.a
+all: arptables-legacy libarptc/libarptc.a
 
 arptables.o: arptables.c
 	$(CC) $(CFLAGS) -c -o $@ $<
@@ -35,10 +35,10 @@ libarptc/libarptc.o: libarptc/libarptc.c libarptc/libarptc_incl.c
 libarptc/libarptc.a: libarptc/libarptc.o
 	$(AR) rcs $@ $<
 
-arptables: arptables-standalone.o arptables.o libarptc/libarptc.o $(EXT_OBJS)
+arptables-legacy: arptables-standalone.o arptables.o libarptc/libarptc.o $(EXT_OBJS)
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
 
-$(DESTDIR)$(BINDIR)/arptables: arptables
+$(DESTDIR)$(BINDIR)/arptables-legacy: arptables-legacy
 	mkdir -p $(DESTDIR)$(BINDIR)
 	install -m 0755 $< $@
 
@@ -58,11 +58,11 @@ install-man: $(MANS)
 	install -m 0644 $^ $(DESTDIR)$(man8dir)/
 
 .PHONY: install
-install: install-man $(DESTDIR)$(BINDIR)/arptables scripts
+install: install-man $(DESTDIR)$(BINDIR)/arptables-legacy scripts
 
 .PHONY: clean
 clean:
-	rm -f arptables
+	rm -f arptables-legacy
 	rm -f *.o *~
 	rm -f extensions/*.o extensions/*~
 	rm -f libarptc/*.o libarptc/*~ libarptc/*.a
diff --git a/arptables-legacy.8 b/arptables-legacy.8
new file mode 100644
index 0000000..3ce99e3
--- /dev/null
+++ b/arptables-legacy.8
@@ -0,0 +1,352 @@
+.TH ARPTABLES 8  "June 2018"
+.\"
+.\" Man page originally written by Jochen Friedrich <jochen@xxxxxxxx>,
+.\" maintained by Bart De Schuymer.
+.\" It is based on the iptables man page.
+.\"
+.\" Iptables page by Herve Eychenne March 2000.
+.\"
+.\"     This program is free software; you can redistribute it and/or modify
+.\"     it under the terms of the GNU General Public License as published by
+.\"     the Free Software Foundation; either version 2 of the License, or
+.\"     (at your option) any later version.
+.\"
+.\"     This program is distributed in the hope that it will be useful,
+.\"     but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\"     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+.\"     GNU General Public License for more details.
+.\"
+.\"     You should have received a copy of the GNU General Public License
+.\"     along with this program; if not, write to the Free Software
+.\"     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\"
+.\"
+.SH NAME
+arptables \- ARP table administration (legacy)
+.SH SYNOPSIS
+.BR "arptables " [ "-t table" ] " -" [ AD ] " chain rule-specification " [ options ]
+.br
+.BR "arptables " [ "-t table" ] " -" [ RI ] " chain rulenum rule-specification " [ options ]
+.br
+.BR "arptables " [ "-t table" ] " -D chain rulenum " [ options ]
+.br
+.BR "arptables " [ "-t table" ] " -" [ "LFZ" ] " " [ chain ] " " [ options ]
+.br
+.BR "arptables " [ "-t table" ] " -" [ "NX" ] " chain"
+.br
+.BR "arptables " [ "-t table" ] " -E old-chain-name new-chain-name"
+.br
+.BR "arptables " [ "-t table" ] " -P chain target " [ options ]
+
+.SH LEGACY
+This tool uses the old xtables/setsockopt framework, and is a legacy version
+of arptables. That means that a new, more modern tool exists with the same
+functionality using the nf_tables framework and you are encouraged to migrate now.
+The new binaries (formerly known as -compat) uses the same syntax and
+semantics than this legacy one.
+
+You can still use this legacy tool. You should probably get some specific
+information from your Linux distribution or vendor.
+More docs are available at https://wiki.nftables.org
+
+.SH DESCRIPTION
+.B arptables
+is a user space tool, it is used to set up and maintain the
+tables of ARP rules in the Linux kernel. These rules inspect
+the ARP frames which they see.
+.B arptables
+is analogous to the
+.B iptables
+user space tool, but
+.B arptables
+is less complicated.
+
+.SS CHAINS
+The kernel table is used to divide functionality into
+different sets of rules. Each set of rules is called a chain.
+Each chain is an ordered list of rules that can match ARP frames. If a
+rule matches an ARP frame, then a processing specification tells
+what to do with that matching frame. The processing specification is
+called a 'target'. However, if the frame does not match the current
+rule in the chain, then the next rule in the chain is examined and so forth.
+The user can create new (user-defined) chains which can be used as the 'target' of a rule.
+
+.SS TARGETS
+A firewall rule specifies criteria for an ARP frame and a frame
+processing specification called a target.  When a frame matches a rule,
+then the next action performed by the kernel is specified by the target.
+The target can be one of these values:
+.IR ACCEPT ,
+.IR DROP ,
+.IR CONTINUE ,
+.IR RETURN ,
+an 'extension' (see below) or a user-defined chain.
+.PP
+.I ACCEPT
+means to let the frame through.
+.I DROP
+means the frame has to be dropped.
+.I CONTINUE
+means the next rule has to be checked. This can be handy to know how many
+frames pass a certain point in the chain or to log those frames.
+.I RETURN
+means stop traversing this chain and resume at the next rule in the
+previous (calling) chain.
+For the extension targets please see the
+.B "TARGET EXTENSIONS"
+section of this man page.
+.SS TABLES
+There is only one ARP table in the Linux
+kernel.  The table is
+.BR filter.
+You can drop the '-t filter' argument to the arptables command.
+The -t argument must be the
+first argument on the arptables command line, if used.
+.TP
+.B "-t, --table"
+.br
+.BR filter ,
+is the only table and contains two (Linux kernels 2.4.X) or three (Linux kernels 2.6.0 and later) built-in chains:
+.B INPUT 
+(for frames destined for the host), 
+.B OUTPUT 
+(for locally-generated frames) and
+.B FORWARD
+(for frames being forwarded by the bridge code). The
+.B FORWARD
+chain doesn't exist in Linux 2.4.X kernels.
+.br
+.br
+.SH ARPTABLES COMMAND LINE ARGUMENTS
+After the initial arptables command line argument, the remaining
+arguments can be divided into several different groups.  These groups
+are commands, miscellaneous commands, rule-specifications, match-extensions,
+and watcher-extensions.
+.SS COMMANDS
+The arptables command arguments specify the actions to perform on the table
+defined with the -t argument.  If you do not use the -t argument to name
+a table, the commands apply to the default filter table.
+With the exception of the
+.B "-Z"
+command, only one command may be used on the command line at a time.
+.TP
+.B "-A, --append"
+Append a rule to the end of the selected chain.
+.TP
+.B "-D, --delete"
+Delete the specified rule from the selected chain. There are two ways to
+use this command. The first is by specifying an interval of rule numbers
+to delete, syntax: start_nr[:end_nr]. Using negative numbers is allowed, for more
+details about using negative numbers, see the -I command. The second usage is by
+specifying the complete rule as it would have been specified when it was added.
+.TP
+.B "-I, --insert"
+Insert the specified rule into the selected chain at the specified rule number.
+If the current number of rules equals N, then the specified number can be
+between -N and N+1. For a positive number i, it holds that i and i-N-1 specify the
+same place in the chain where the rule should be inserted. The number 0 specifies
+the place past the last rule in the chain and using this number is therefore
+equivalent with using the -A command.
+.TP
+.B "-R, --replace"
+Replaces the specified rule into the selected chain at the specified rule number.
+If the current number of rules equals N, then the specified number can be
+between 1 and N. i specifies the place in the chain where the rule should be replaced.
+.TP
+.B "-P, --policy"
+Set the policy for the chain to the given target. The policy can be
+.BR ACCEPT ", " DROP " or " RETURN .
+.TP
+.B "-F, --flush"
+Flush the selected chain. If no chain is selected, then every chain will be
+flushed. Flushing the chain does not change the policy of the
+chain, however.
+.TP
+.B "-Z, --zero"
+Set the counters of the selected chain to zero. If no chain is selected, all the counters
+are set to zero. The
+.B "-Z"
+command can be used in conjunction with the 
+.B "-L"
+command.
+When both the
+.B "-Z"
+and
+.B "-L"
+commands are used together in this way, the rule counters are printed on the screen
+before they are set to zero.
+.TP
+.B "-L, --list"
+List all rules in the selected chain. If no chain is selected, all chains
+are listed.
+.TP
+.B "-N, --new-chain"
+Create a new user-defined chain with the given name. The number of
+user-defined chains is unlimited. A user-defined chain name has maximum
+length of 31 characters.
+.TP
+.B "-X, --delete-chain"
+Delete the specified user-defined chain. There must be no remaining references
+to the specified chain, otherwise
+.B arptables
+will refuse to delete it. If no chain is specified, all user-defined
+chains that aren't referenced will be removed.
+.TP
+.B "-E, --rename-chain"
+Rename the specified chain to a new name.  Besides renaming a user-defined
+chain, you may rename a standard chain name to a name that suits your
+taste. For example, if you like PREBRIDGING more than PREROUTING,
+then you can use the -E command to rename the PREROUTING chain. If you do
+rename one of the standard
+.B arptables
+chain names, please be sure to mention
+this fact should you post a question on the
+.B arptables
+mailing lists.
+It would be wise to use the standard name in your post. Renaming a standard
+.B arptables
+chain in this fashion has no effect on the structure or function
+of the
+.B arptables
+kernel table.
+
+.SS MISCELLANOUS COMMANDS
+.TP
+.B "-V, --version"
+Show the version of the arptables userspace program.
+.TP
+.B "-h, --help"
+Give a brief description of the command syntax.
+.TP
+.BR "-j, --jump " "\fItarget\fP"
+The target of the rule. This is one of the following values:
+.BR ACCEPT ,
+.BR DROP ,
+.BR CONTINUE ,
+.BR RETURN ,
+a target extension (see
+.BR "TARGET EXTENSIONS" ")"
+or a user-defined chain name.
+.TP
+.BI "-c, --set-counters " "PKTS BYTES"
+This enables the administrator to initialize the packet and byte
+counters of a rule (during
+.B INSERT,
+.B APPEND,
+.B REPLACE
+operations).
+
+.SS RULE-SPECIFICATIONS
+The following command line arguments make up a rule specification (as used 
+in the add and delete commands). A "!" option before the specification 
+inverts the test for that specification. Apart from these standard rule 
+specifications there are some other command line arguments of interest.
+.TP
+.BR "-s, --source-ip " "[!] \fIaddress\fP[/\fImask]\fP"
+The Source IP specification.
+.TP 
+.BR "-d, --destination-ip " "[!] \fIaddress\fP[/\fImask]\fP"
+The Destination IP specification.
+.TP 
+.BR "--source-mac " "[!] \fIaddress\fP[/\fImask\fP]"
+The source mac address. Both mask and address are written as 6 hexadecimal
+numbers separated by colons.
+.TP
+.BR "--destination-mac " "[!] \fIaddress\fP[/\fImask\fP]"
+The destination mac address. Both mask and address are written as 6 hexadecimal
+numbers separated by colons.
+.TP 
+.BR "-i, --in-interface " "[!] \fIname\fP"
+The interface via which a frame is received (for the
+.BR INPUT " and " FORWARD
+chains). The flag
+.B --in-if
+is an alias for this option.
+.TP
+.BR "-o, --out-interface " "[!] \fIname\fP"
+The interface via which a frame is going to be sent (for the
+.BR OUTPUT " and " FORWARD
+chains). The flag
+.B --out-if
+is an alias for this option.
+.TP
+.BR "-l, --h-length " "\fIlength\fP[/\fImask\fP]"
+The hardware length (nr of bytes)
+.TP
+.BR "--opcode " "\fIcode\fP[/\fImask\fP]
+The operation code (2 bytes). Available values are:
+.BR 1 = Request
+.BR 2 = Reply
+.BR 3 = Request_Reverse
+.BR 4 = Reply_Reverse
+.BR 5 = DRARP_Request
+.BR 6 = DRARP_Reply
+.BR 7 = DRARP_Error
+.BR 8 = InARP_Request
+.BR 9 = ARP_NAK .
+.TP
+.BR "--h-type " "\fItype\fP[/\fImask\fP]"
+The hardware type (2 bytes, hexadecimal). Available values are:
+.BR 1 = Ethernet .
+.TP
+.BR "--proto-type " "\fItype\fP[/\fImask\fP]"
+The protocol type (2 bytes). Available values are:
+.BR 0x800 = IPv4 .
+
+.SS TARGET-EXTENSIONS
+.B arptables
+extensions are precompiled into the userspace tool. So there is no need
+to explicitly load them with a -m option like in
+.BR iptables .
+However, these
+extensions deal with functionality supported by supplemental kernel modules.
+.SS mangle
+.TP
+.BR "--mangle-ip-s IP address"
+Mangles Source IP Address to given value.
+.TP
+.BR "--mangle-ip-d IP address"
+Mangles Destination IP Address to given value.
+.TP
+.BR "--mangle-mac-s MAC address"
+Mangles Source MAC Address to given value.
+.TP
+.BR "--mangle-mac-d MAC address"
+Mangles Destination MAC Address to given value.
+.TP
+.BR "--mangle-target target "
+Target of ARP mangle operation
+.BR "" ( DROP ", " CONTINUE " or " ACCEPT " -- default is " ACCEPT ).
+.SS CLASSIFY
+This  module  allows you to set the skb->priority value (and thus clas-
+sify the packet into a specific CBQ class).
+
+.TP
+.BR "--set-class major:minor"
+
+Set the major and minor  class  value.  The  values  are  always
+interpreted as hexadecimal even if no 0x prefix is given.
+
+.SS MARK
+This  module  allows you to set the skb->mark value (and thus classify
+the packet by the mark in u32)
+
+.TP
+.BR "--set-mark mark"
+Set the mark value. The  values  are  always
+interpreted as hexadecimal even if no 0x prefix is given
+
+.TP
+.BR "--and-mark mark"
+Binary AND the mark with bits.
+
+.TP
+.BR "--or-mark mark"
+Binary OR the mark with bits.
+
+.SH MAILINGLISTS
+.BR "" "See " http://netfilter.org/mailinglists.html
+.SH SEE ALSO
+.BR iptables "(8), " ebtables "(8), " arp "(8), " rarp "(8), " ifconfig "(8), " route (8)
+.PP
+.BR "" "See " http://ebtables.sf.net
diff --git a/arptables.8 b/arptables.8
deleted file mode 100644
index 676b884..0000000
--- a/arptables.8
+++ /dev/null
@@ -1,340 +0,0 @@
-.TH ARPTABLES 8  "November 2011"
-.\"
-.\" Man page originally written by Jochen Friedrich <jochen@xxxxxxxx>,
-.\" maintained by Bart De Schuymer.
-.\" It is based on the iptables man page.
-.\"
-.\" Iptables page by Herve Eychenne March 2000.
-.\"
-.\"     This program is free software; you can redistribute it and/or modify
-.\"     it under the terms of the GNU General Public License as published by
-.\"     the Free Software Foundation; either version 2 of the License, or
-.\"     (at your option) any later version.
-.\"
-.\"     This program is distributed in the hope that it will be useful,
-.\"     but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\"     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-.\"     GNU General Public License for more details.
-.\"
-.\"     You should have received a copy of the GNU General Public License
-.\"     along with this program; if not, write to the Free Software
-.\"     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-.\"
-.\"
-.SH NAME
-arptables \- ARP table administration
-.SH SYNOPSIS
-.BR "arptables " [ "-t table" ] " -" [ AD ] " chain rule-specification " [ options ]
-.br
-.BR "arptables " [ "-t table" ] " -" [ RI ] " chain rulenum rule-specification " [ options ]
-.br
-.BR "arptables " [ "-t table" ] " -D chain rulenum " [ options ]
-.br
-.BR "arptables " [ "-t table" ] " -" [ "LFZ" ] " " [ chain ] " " [ options ]
-.br
-.BR "arptables " [ "-t table" ] " -" [ "NX" ] " chain"
-.br
-.BR "arptables " [ "-t table" ] " -E old-chain-name new-chain-name"
-.br
-.BR "arptables " [ "-t table" ] " -P chain target " [ options ]
-.SH DESCRIPTION
-.B arptables
-is a user space tool, it is used to set up and maintain the
-tables of ARP rules in the Linux kernel. These rules inspect
-the ARP frames which they see.
-.B arptables
-is analogous to the
-.B iptables
-user space tool, but
-.B arptables
-is less complicated.
-
-.SS CHAINS
-The kernel table is used to divide functionality into
-different sets of rules. Each set of rules is called a chain.
-Each chain is an ordered list of rules that can match ARP frames. If a
-rule matches an ARP frame, then a processing specification tells
-what to do with that matching frame. The processing specification is
-called a 'target'. However, if the frame does not match the current
-rule in the chain, then the next rule in the chain is examined and so forth.
-The user can create new (user-defined) chains which can be used as the 'target' of a rule.
-
-.SS TARGETS
-A firewall rule specifies criteria for an ARP frame and a frame
-processing specification called a target.  When a frame matches a rule,
-then the next action performed by the kernel is specified by the target.
-The target can be one of these values:
-.IR ACCEPT ,
-.IR DROP ,
-.IR CONTINUE ,
-.IR RETURN ,
-an 'extension' (see below) or a user-defined chain.
-.PP
-.I ACCEPT
-means to let the frame through.
-.I DROP
-means the frame has to be dropped.
-.I CONTINUE
-means the next rule has to be checked. This can be handy to know how many
-frames pass a certain point in the chain or to log those frames.
-.I RETURN
-means stop traversing this chain and resume at the next rule in the
-previous (calling) chain.
-For the extension targets please see the
-.B "TARGET EXTENSIONS"
-section of this man page.
-.SS TABLES
-There is only one ARP table in the Linux
-kernel.  The table is
-.BR filter.
-You can drop the '-t filter' argument to the arptables command.
-The -t argument must be the
-first argument on the arptables command line, if used.
-.TP
-.B "-t, --table"
-.br
-.BR filter ,
-is the only table and contains two (Linux kernels 2.4.X) or three (Linux kernels 2.6.0 and later) built-in chains:
-.B INPUT 
-(for frames destined for the host), 
-.B OUTPUT 
-(for locally-generated frames) and
-.B FORWARD
-(for frames being forwarded by the bridge code). The
-.B FORWARD
-chain doesn't exist in Linux 2.4.X kernels.
-.br
-.br
-.SH ARPTABLES COMMAND LINE ARGUMENTS
-After the initial arptables command line argument, the remaining
-arguments can be divided into several different groups.  These groups
-are commands, miscellaneous commands, rule-specifications, match-extensions,
-and watcher-extensions.
-.SS COMMANDS
-The arptables command arguments specify the actions to perform on the table
-defined with the -t argument.  If you do not use the -t argument to name
-a table, the commands apply to the default filter table.
-With the exception of the
-.B "-Z"
-command, only one command may be used on the command line at a time.
-.TP
-.B "-A, --append"
-Append a rule to the end of the selected chain.
-.TP
-.B "-D, --delete"
-Delete the specified rule from the selected chain. There are two ways to
-use this command. The first is by specifying an interval of rule numbers
-to delete, syntax: start_nr[:end_nr]. Using negative numbers is allowed, for more
-details about using negative numbers, see the -I command. The second usage is by
-specifying the complete rule as it would have been specified when it was added.
-.TP
-.B "-I, --insert"
-Insert the specified rule into the selected chain at the specified rule number.
-If the current number of rules equals N, then the specified number can be
-between -N and N+1. For a positive number i, it holds that i and i-N-1 specify the
-same place in the chain where the rule should be inserted. The number 0 specifies
-the place past the last rule in the chain and using this number is therefore
-equivalent with using the -A command.
-.TP
-.B "-R, --replace"
-Replaces the specified rule into the selected chain at the specified rule number.
-If the current number of rules equals N, then the specified number can be
-between 1 and N. i specifies the place in the chain where the rule should be replaced.
-.TP
-.B "-P, --policy"
-Set the policy for the chain to the given target. The policy can be
-.BR ACCEPT ", " DROP " or " RETURN .
-.TP
-.B "-F, --flush"
-Flush the selected chain. If no chain is selected, then every chain will be
-flushed. Flushing the chain does not change the policy of the
-chain, however.
-.TP
-.B "-Z, --zero"
-Set the counters of the selected chain to zero. If no chain is selected, all the counters
-are set to zero. The
-.B "-Z"
-command can be used in conjunction with the 
-.B "-L"
-command.
-When both the
-.B "-Z"
-and
-.B "-L"
-commands are used together in this way, the rule counters are printed on the screen
-before they are set to zero.
-.TP
-.B "-L, --list"
-List all rules in the selected chain. If no chain is selected, all chains
-are listed.
-.TP
-.B "-N, --new-chain"
-Create a new user-defined chain with the given name. The number of
-user-defined chains is unlimited. A user-defined chain name has maximum
-length of 31 characters.
-.TP
-.B "-X, --delete-chain"
-Delete the specified user-defined chain. There must be no remaining references
-to the specified chain, otherwise
-.B arptables
-will refuse to delete it. If no chain is specified, all user-defined
-chains that aren't referenced will be removed.
-.TP
-.B "-E, --rename-chain"
-Rename the specified chain to a new name.  Besides renaming a user-defined
-chain, you may rename a standard chain name to a name that suits your
-taste. For example, if you like PREBRIDGING more than PREROUTING,
-then you can use the -E command to rename the PREROUTING chain. If you do
-rename one of the standard
-.B arptables
-chain names, please be sure to mention
-this fact should you post a question on the
-.B arptables
-mailing lists.
-It would be wise to use the standard name in your post. Renaming a standard
-.B arptables
-chain in this fashion has no effect on the structure or function
-of the
-.B arptables
-kernel table.
-
-.SS MISCELLANOUS COMMANDS
-.TP
-.B "-V, --version"
-Show the version of the arptables userspace program.
-.TP
-.B "-h, --help"
-Give a brief description of the command syntax.
-.TP
-.BR "-j, --jump " "\fItarget\fP"
-The target of the rule. This is one of the following values:
-.BR ACCEPT ,
-.BR DROP ,
-.BR CONTINUE ,
-.BR RETURN ,
-a target extension (see
-.BR "TARGET EXTENSIONS" ")"
-or a user-defined chain name.
-.TP
-.BI "-c, --set-counters " "PKTS BYTES"
-This enables the administrator to initialize the packet and byte
-counters of a rule (during
-.B INSERT,
-.B APPEND,
-.B REPLACE
-operations).
-
-.SS RULE-SPECIFICATIONS
-The following command line arguments make up a rule specification (as used 
-in the add and delete commands). A "!" option before the specification 
-inverts the test for that specification. Apart from these standard rule 
-specifications there are some other command line arguments of interest.
-.TP
-.BR "-s, --source-ip " "[!] \fIaddress\fP[/\fImask]\fP"
-The Source IP specification.
-.TP 
-.BR "-d, --destination-ip " "[!] \fIaddress\fP[/\fImask]\fP"
-The Destination IP specification.
-.TP 
-.BR "--source-mac " "[!] \fIaddress\fP[/\fImask\fP]"
-The source mac address. Both mask and address are written as 6 hexadecimal
-numbers separated by colons.
-.TP
-.BR "--destination-mac " "[!] \fIaddress\fP[/\fImask\fP]"
-The destination mac address. Both mask and address are written as 6 hexadecimal
-numbers separated by colons.
-.TP 
-.BR "-i, --in-interface " "[!] \fIname\fP"
-The interface via which a frame is received (for the
-.BR INPUT " and " FORWARD
-chains). The flag
-.B --in-if
-is an alias for this option.
-.TP
-.BR "-o, --out-interface " "[!] \fIname\fP"
-The interface via which a frame is going to be sent (for the
-.BR OUTPUT " and " FORWARD
-chains). The flag
-.B --out-if
-is an alias for this option.
-.TP
-.BR "-l, --h-length " "\fIlength\fP[/\fImask\fP]"
-The hardware length (nr of bytes)
-.TP
-.BR "--opcode " "\fIcode\fP[/\fImask\fP]
-The operation code (2 bytes). Available values are:
-.BR 1 = Request
-.BR 2 = Reply
-.BR 3 = Request_Reverse
-.BR 4 = Reply_Reverse
-.BR 5 = DRARP_Request
-.BR 6 = DRARP_Reply
-.BR 7 = DRARP_Error
-.BR 8 = InARP_Request
-.BR 9 = ARP_NAK .
-.TP
-.BR "--h-type " "\fItype\fP[/\fImask\fP]"
-The hardware type (2 bytes, hexadecimal). Available values are:
-.BR 1 = Ethernet .
-.TP
-.BR "--proto-type " "\fItype\fP[/\fImask\fP]"
-The protocol type (2 bytes). Available values are:
-.BR 0x800 = IPv4 .
-
-.SS TARGET-EXTENSIONS
-.B arptables
-extensions are precompiled into the userspace tool. So there is no need
-to explicitly load them with a -m option like in
-.BR iptables .
-However, these
-extensions deal with functionality supported by supplemental kernel modules.
-.SS mangle
-.TP
-.BR "--mangle-ip-s IP address"
-Mangles Source IP Address to given value.
-.TP
-.BR "--mangle-ip-d IP address"
-Mangles Destination IP Address to given value.
-.TP
-.BR "--mangle-mac-s MAC address"
-Mangles Source MAC Address to given value.
-.TP
-.BR "--mangle-mac-d MAC address"
-Mangles Destination MAC Address to given value.
-.TP
-.BR "--mangle-target target "
-Target of ARP mangle operation
-.BR "" ( DROP ", " CONTINUE " or " ACCEPT " -- default is " ACCEPT ).
-.SS CLASSIFY
-This  module  allows you to set the skb->priority value (and thus clas-
-sify the packet into a specific CBQ class).
-
-.TP
-.BR "--set-class major:minor"
-
-Set the major and minor  class  value.  The  values  are  always
-interpreted as hexadecimal even if no 0x prefix is given.
-
-.SS MARK
-This  module  allows you to set the skb->mark value (and thus classify
-the packet by the mark in u32)
-
-.TP
-.BR "--set-mark mark"
-Set the mark value. The  values  are  always
-interpreted as hexadecimal even if no 0x prefix is given
-
-.TP
-.BR "--and-mark mark"
-Binary AND the mark with bits.
-
-.TP
-.BR "--or-mark mark"
-Binary OR the mark with bits.
-
-.SH MAILINGLISTS
-.BR "" "See " http://netfilter.org/mailinglists.html
-.SH SEE ALSO
-.BR iptables "(8), " ebtables "(8), " arp "(8), " rarp "(8), " ifconfig "(8), " route (8)
-.PP
-.BR "" "See " http://ebtables.sf.net
diff --git a/arptables.c b/arptables.c
index 4e9af67..09c9ca2 100644
--- a/arptables.c
+++ b/arptables.c
@@ -468,7 +468,7 @@ exit_printhelp(void)
 	struct arptables_target *t = NULL;
 	int i;
 
-	printf("%s v%s\n\n"
+	printf("%s v%s (legacy)\n\n"
 "Usage: %s -[AD] chain rule-specification [options]\n"
 "       %s -[RI] chain rulenum rule-specification [options]\n"
 "       %s -D chain rulenum [options]\n"

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux