Missing 'for TCP' induces errors. This was reported in Debian bug #916138 https://bugs.debian.org/916138 Signed-off-by: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx> --- conntrackd.conf.5 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/conntrackd.conf.5 b/conntrackd.conf.5 index 79a5bba..2634a7f 100644 --- a/conntrackd.conf.5 +++ b/conntrackd.conf.5 @@ -22,7 +22,7 @@ .\" <http://www.gnu.org/licenses/>. .\" %%%LICENSE_END .\" -.TH CONNTRACKD.CONF 5 "Apr 16, 2018" +.TH CONNTRACKD.CONF 5 "Jan 27, 2019" .SH NAME conntrackd.conf \- configuration file for conntrackd daemon @@ -651,7 +651,7 @@ Example: IPv6_address ::1 } State Accept { - ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT + ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP } } .fi @@ -705,7 +705,7 @@ Example: .fi .TP -.BI "State <policy> { <states list> }" +.BI "State <policy> { <states list> for TCP }" Filter by flow state. This option introduces a trade-off in the replication: it reduces CPU consumption at the cost of having lazy backup firewall replicas. @@ -720,7 +720,7 @@ Policy is one of \fBAccept\fP or \fBIgnore\fP. Example: .nf State Accept { - ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT + ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP } .fi @@ -1051,7 +1051,7 @@ General { IPv6_address ::1 } State Accept { - ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT + ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP } } }
