king
/
v811_spc009
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b394c2d4e7'
${ noResults }
v811_spc009/external/iptables/extensions/libxt_CT.man

43 lines
2.0 KiB
Raw Blame History

The CT target sets parameters for a packet or its associated
connection. The target attaches a "template" connection tracking entry to
the packet, which is then used by the conntrack core when initializing
a new ct entry. This target is thus only valid in the "raw" table.
.TP
\fB\-\-notrack\fP
Disables connection tracking for this packet.
.TP
\fB\-\-helper\fP \fIname\fP
Use the helper identified by \fIname\fP for the connection. This is more
flexible than loading the conntrack helper modules with preset ports.
.TP
\fB\-\-ctevents\fP \fIevent\fP[\fB,\fP...]
Only generate the specified conntrack events for this connection. Possible
event types are: \fBnew\fP, \fBrelated\fP, \fBdestroy\fP, \fBreply\fP,
\fBassured\fP, \fBprotoinfo\fP, \fBhelper\fP, \fBmark\fP (this refers to
the ctmark, not nfmark), \fBnatseqinfo\fP, \fBsecmark\fP (ctsecmark).
.TP
\fB\-\-expevents\fP \fIevent\fP[\fB,\fP...]
Only generate the specified expectation events for this connection.
Possible event types are: \fBnew\fP.
.TP
\fB\-\-zone-orig\fP {\fIid\fP|\fBmark\fP}
For traffic coming from ORIGINAL direction, assign this packet to zone
\fIid\fP and only have lookups done in that zone. If \fBmark\fP is used
instead of \fIid\fP, the zone is derived from the packet nfmark.
.TP
\fB\-\-zone-reply\fP {\fIid\fP|\fBmark\fP}
For traffic coming from REPLY direction, assign this packet to zone
\fIid\fP and only have lookups done in that zone. If \fBmark\fP is used
instead of \fIid\fP, the zone is derived from the packet nfmark.
.TP
\fB\-\-zone\fP {\fIid\fP|\fBmark\fP}
Assign this packet to zone \fIid\fP and only have lookups done in that zone.
If \fBmark\fP is used instead of \fIid\fP, the zone is derived from the
packet nfmark. By default, packets have zone 0. This option applies to both
directions.
.TP
\fB\-\-timeout\fP \fIname\fP
Use the timeout policy identified by \fIname\fP for the connection. This is
provides more flexible timeout policy definition than global timeout values
available at /proc/sys/net/netfilter/nf_conntrack_*_timeout_*.
Reference in new issue View Git Blame Copy Permalink