diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-02-01 00:26:12 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-02-01 00:26:12 +0100 |
| commit | bbcdcc5fc45606081b41191b32891215f7f134e6 (patch) | |
| tree | 83dc29686b7b25c2aae672a95ac999ace9a4af4c /doc/manual | |
| parent | 847971e3dd85ab5d061d6fb2792a8a16383e670b (diff) | |
| download | conntrack-tools-bbcdcc5fc45606081b41191b32891215f7f134e6.tar.gz conntrack-tools-bbcdcc5fc45606081b41191b32891215f7f134e6.zip | |
doc: remove reference to the CT target
Sorry, the iptables CT target is not yet ready for use until some
patches are pushed to the Linux kernel.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/manual')
| -rw-r--r-- | doc/manual/conntrack-tools.tmpl | 23 |
1 files changed, 0 insertions, 23 deletions
diff --git a/doc/manual/conntrack-tools.tmpl b/doc/manual/conntrack-tools.tmpl index 8a4e15d..affeb66 100644 --- a/doc/manual/conntrack-tools.tmpl +++ b/doc/manual/conntrack-tools.tmpl @@ -592,29 +592,6 @@ Sync { </sect3> -<sect3 id="sync-iptables-filtering"> -<title>Filtering Connection tracking events with iptables</title> - - <para>Since Linux kernel >= 2.6.34, iptables provides the - <emphasis>CT</emphasis> iptables target that allows to reduce the - amount of Connection Tracking events that are delivered to user-space. - The following example shows how to only generate the - <emphasis>assured</emphasis> event:</para> - - <programlisting> - # iptables -I PREROUTING -t raw -j CT --ctevents assured - </programlisting> - - <note><title>Assured flows</title> - <para>One flow is assured if the firewall has seen traffic for it in - both directions.</para> - </note> - - <para>Reducing the amount of events generated helps to reduce CPU - consumption in the active firewall.</para> - -</sect3> - </sect2> <sect2 id="sync-trouble"><title>Troubleshooting</title> |