summaryrefslogtreecommitdiff
path: root/nfct.8
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-05-26 18:02:12 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2012-05-26 18:02:12 +0200
commit7276986d8a2d539fde3835e00e217f52f6e595ac (patch)
tree84c596660bf08828ac1f9d3f41683b6da7faaed5 /nfct.8
parent5e4ce59027bf7170c865388d3d703086f187ce59 (diff)
downloadconntrack-tools-7276986d8a2d539fde3835e00e217f52f6e595ac.tar.gz
conntrack-tools-7276986d8a2d539fde3835e00e217f52f6e595ac.zip
add nfct(8) manpage
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'nfct.8')
-rw-r--r--nfct.864
1 files changed, 64 insertions, 0 deletions
diff --git a/nfct.8 b/nfct.8
new file mode 100644
index 0000000..6f5190a
--- /dev/null
+++ b/nfct.8
@@ -0,0 +1,64 @@
+.TH NFCT 8 "Feb 29, 2012" "" ""
+
+.\" Man page written by Pablo Neira Ayuso <pablo@netfilter.org> (Feb 2012)
+
+.SH NAME
+nfct \- command line tool to interact with the connection tracking system
+.SH SYNOPSIS
+.BR "nfct subsystem command [parameters]"
+.SH DESCRIPTION
+.B nfct
+is the command line tool that allows you Netfilter's manipulate Connection Tracking System.
+.SH SUBSYS
+By the time this manpage has been written, the supported subsystem are
+.B timeout
+.TP
+.BI "timeout "
+The timeout subsystem allows you to define fine-grain timeout policies.
+.TP
+.BI "version "
+Displays the version information.
+.TP
+.BI "help "
+Displays the help message.
+.SH TIMEOUT SUBSYSTEM
+.TP
+.BI "list "
+List the existing timeout policies.
+.TP
+.BI "add "
+Add new timeout policy.
+.TP
+.BI "delete "
+Delete timeout policy.
+.TP
+.BI "get "
+Get existing timeout policy.
+.SH EXAMPLE
+.TP
+.B nfct timeout add test-tcp inet tcp established 100 close 10 close_wait 10
+.TP
+This creates a timeout policy for tcp using 100 seconds for the ESTABLISHED state, 10 seconds for CLOSE state and 10 seconds for the CLOSE_WAIT state.
+.TP
+Then, you can attach the timeout policy with the iptables CT target:
+.TP
+.B iptables -I PREROUTING -t raw -p tcp -j CT --timeout test-tcp
+.TP
+.B iptables -I OUTPUT -t raw -p tcp -j CT --timeout test-tcp
+.TP
+You can test that the timeout policy with:
+.TP
+.B conntrack -E -p tcp
+.TP
+It should display:
+.TP
+.B [UPDATE] tcp 6 100 ESTABLISHED src=192.168.39.100 dst=57.126.1.20 sport=56463 dport=80 src=57.126.1.20 dst=192.168.39.100 sport=80 dport=56463 [ASSURED]
+.SH SEE ALSO
+.BR iptables (8), conntrack (8)
+.SH BUGS
+Please, report them to netfilter-devel@vger.kernel.org or file a bug in
+Netfilter's bugzilla (https://bugzilla.netfilter.org).
+.SH AUTHORS
+Pablo Neira Ayuso wrote and maintains the nfct tool.
+.PP
+Man page written by Pablo Neira Ayuso <pablo@netfilter.org>.