File: libxt_CT.man

package info (click to toggle)
iptables 1.4.21-2
  • links: PTS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 4,508 kB
  • ctags: 5,169
  • sloc: ansic: 33,734; sh: 11,790; makefile: 146
file content (30 lines) | stat: -rw-r--r-- 1,391 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
The CT target sets parameters for a packet or its associated
connection. The target attaches a "template" connection tracking entry to
the packet, which is then used by the conntrack core when initializing
a new ct entry. This target is thus only valid in the "raw" table.
.TP
\fB\-\-notrack\fP
Disables connection tracking for this packet.
.TP
\fB\-\-helper\fP \fIname\fP
Use the helper identified by \fIname\fP for the connection. This is more
flexible than loading the conntrack helper modules with preset ports.
.TP
\fB\-\-ctevents\fP \fIevent\fP[\fB,\fP...]
Only generate the specified conntrack events for this connection. Possible
event types are: \fBnew\fP, \fBrelated\fP, \fBdestroy\fP, \fBreply\fP,
\fBassured\fP, \fBprotoinfo\fP, \fBhelper\fP, \fBmark\fP (this refers to
the ctmark, not nfmark), \fBnatseqinfo\fP, \fBsecmark\fP (ctsecmark).
.TP
\fB\-\-expevents\fP \fIevent\fP[\fB,\fP...]
Only generate the specified expectation events for this connection.
Possible event types are: \fBnew\fP.
.TP
\fB\-\-zone\fP \fIid\fP
Assign this packet to zone \fIid\fP and only have lookups done in that zone.
By default, packets have zone 0.
.TP
\fB\-\-timeout\fP \fIname\fP
Use the timeout policy identified by \fIname\fP for the connection. This is
provides more flexible timeout policy definition than global timeout values
available at /proc/sys/net/netfilter/nf_conntrack_*_timeout_*.