You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 lines
1.1 KiB
34 lines
1.1 KiB
4 months ago
|
Module matches or adds connlabels to a connection.
|
||
|
|
connlabels are similar to connmarks, except labels are bit-based; i.e.
|
||
|
|
all labels may be attached to a flow at the same time.
|
||
|
|
Up to 128 unique labels are currently supported.
|
||
|
|
.TP
|
||
|
|
[\fB!\fP] \fB\-\-label\fP \fBname\fP
|
||
|
|
matches if label \fBname\fP has been set on a connection.
|
||
|
|
Instead of a name (which will be translated to a number, see EXAMPLE below),
|
||
|
|
a number may be used instead. Using a number always overrides connlabel.conf.
|
||
|
|
.TP
|
||
|
|
\fB\-\-set\fP
|
||
|
|
if the label has not been set on the connection, set it.
|
||
|
|
Note that setting a label can fail. This is because the kernel allocates the
|
||
|
|
conntrack label storage area when the connection is created, and it only
|
||
|
|
reserves the amount of memory required by the ruleset that exists at
|
||
|
|
the time the connection is created.
|
||
|
|
In this case, the match will fail (or succeed, in case \fB\-\-label\fP
|
||
|
|
option was negated).
|
||
|
|
.PP
|
||
|
|
This match depends on libnetfilter_conntrack 1.0.4 or later.
|
||
|
|
Label translation is done via the \fB/etc/xtables/connlabel.conf\fP configuration file.
|
||
|
|
.PP
|
||
|
|
Example:
|
||
|
|
.IP
|
||
|
|
.nf
|
||
|
|
0 eth0-in
|
||
|
|
1 eth0-out
|
||
|
|
2 ppp-in
|
||
|
|
3 ppp-out
|
||
|
|
4 bulk-traffic
|
||
|
|
5 interactive
|
||
|
|
.fi
|
||
|
|
.PP
|