diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-05-26 18:02:12 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-05-26 18:02:12 +0200 |
| commit | 7276986d8a2d539fde3835e00e217f52f6e595ac (patch) | |
| tree | 84c596660bf08828ac1f9d3f41683b6da7faaed5 | |
| parent | 5e4ce59027bf7170c865388d3d703086f187ce59 (diff) | |
| download | conntrack-tools-7276986d8a2d539fde3835e00e217f52f6e595ac.tar.gz conntrack-tools-7276986d8a2d539fde3835e00e217f52f6e595ac.zip | |
add nfct(8) manpage
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | Makefile.am | 2 | ||||
| -rw-r--r-- | nfct.8 | 64 |
2 files changed, 65 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am index afb4595..bd366bf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2,7 +2,7 @@ include Make_global.am ACLOCAL_AMFLAGS = -I m4 -man_MANS = conntrack.8 conntrackd.8 +man_MANS = conntrack.8 conntrackd.8 nfct.8 EXTRA_DIST = $(man_MANS) Make_global.am doc m4 SUBDIRS = extensions src @@ -0,0 +1,64 @@ +.TH NFCT 8 "Feb 29, 2012" "" "" + +.\" Man page written by Pablo Neira Ayuso <pablo@netfilter.org> (Feb 2012) + +.SH NAME +nfct \- command line tool to interact with the connection tracking system +.SH SYNOPSIS +.BR "nfct subsystem command [parameters]" +.SH DESCRIPTION +.B nfct +is the command line tool that allows you Netfilter's manipulate Connection Tracking System. +.SH SUBSYS +By the time this manpage has been written, the supported subsystem are +.B timeout +.TP +.BI "timeout " +The timeout subsystem allows you to define fine-grain timeout policies. +.TP +.BI "version " +Displays the version information. +.TP +.BI "help " +Displays the help message. +.SH TIMEOUT SUBSYSTEM +.TP +.BI "list " +List the existing timeout policies. +.TP +.BI "add " +Add new timeout policy. +.TP +.BI "delete " +Delete timeout policy. +.TP +.BI "get " +Get existing timeout policy. +.SH EXAMPLE +.TP +.B nfct timeout add test-tcp inet tcp established 100 close 10 close_wait 10 +.TP +This creates a timeout policy for tcp using 100 seconds for the ESTABLISHED state, 10 seconds for CLOSE state and 10 seconds for the CLOSE_WAIT state. +.TP +Then, you can attach the timeout policy with the iptables CT target: +.TP +.B iptables -I PREROUTING -t raw -p tcp -j CT --timeout test-tcp +.TP +.B iptables -I OUTPUT -t raw -p tcp -j CT --timeout test-tcp +.TP +You can test that the timeout policy with: +.TP +.B conntrack -E -p tcp +.TP +It should display: +.TP +.B [UPDATE] tcp 6 100 ESTABLISHED src=192.168.39.100 dst=57.126.1.20 sport=56463 dport=80 src=57.126.1.20 dst=192.168.39.100 sport=80 dport=56463 [ASSURED] +.SH SEE ALSO +.BR iptables (8), conntrack (8) +.SH BUGS +Please, report them to netfilter-devel@vger.kernel.org or file a bug in +Netfilter's bugzilla (https://bugzilla.netfilter.org). +.SH AUTHORS +Pablo Neira Ayuso wrote and maintains the nfct tool. +.PP +Man page written by Pablo Neira Ayuso <pablo@netfilter.org>. |