diff options
| author | Alex Harpin <development@landsofshadow.co.uk> | 2015-10-02 07:43:42 +0100 |
|---|---|---|
| committer | Alex Harpin <development@landsofshadow.co.uk> | 2015-10-02 07:43:42 +0100 |
| commit | ef5ae91676c8ada2a12ea72f889a54452dd94981 (patch) | |
| tree | 0a962905ab9d0c2322f627928521a10c4cb5e20f /nfct.8 | |
| parent | 9f9a63cecdc6ac4f449d3eacda6c591f0de9fbf3 (diff) | |
| parent | 8845f3db20c951fcf1db3229a818cfd185f17f2e (diff) | |
| download | conntrack-tools-upstream.tar.gz conntrack-tools-upstream.zip | |
Merge remote-tracking branch 'source/master' into upstreamupstream
Diffstat (limited to 'nfct.8')
| -rw-r--r-- | nfct.8 | 68 |
1 files changed, 68 insertions, 0 deletions
@@ -0,0 +1,68 @@ +.TH NFCT 8 "Feb 29, 2012" "" "" + +.\" Man page written by Pablo Neira Ayuso <pablo@netfilter.org> (Feb 2012) + +.SH NAME +nfct \- command line tool to configure with the connection tracking system +.SH SYNOPSIS +.BR "nfct command subsystem [parameters]" +.SH DESCRIPTION +.B nfct +is the command line tool that allows to configure the Connection Tracking +System. +.SH COMMANDS +.TP +.BI "list " +List the existing objects. +.TP +.BI "add " +Add new object. +.TP +.BI "delete " +Delete an object. +.TP +.BI "get " +Get an existing object. +.SH SUBSYS +By the time this manpage has been written, the supported subsystem are +.B timeout +.TP +.BI "timeout " +The timeout subsystem allows you to define fine-grain timeout policies. +.TP +.BI "helper " +The helper subsystem allows you to configure userspace helpers. +.TP +.BI "version " +Displays the version information. +.TP +.BI "help " +Displays the help message. +.SH EXAMPLE +.TP +.B nfct add timeout test-tcp inet tcp established 100 close 10 close_wait 10 +.TP +This creates a timeout policy for tcp using 100 seconds for the ESTABLISHED state, 10 seconds for CLOSE state and 10 seconds for the CLOSE_WAIT state. +.TP +Then, you can attach the timeout policy with the iptables CT target: +.TP +.B iptables -I PREROUTING -t raw -p tcp -j CT --timeout test-tcp +.TP +.B iptables -I OUTPUT -t raw -p tcp -j CT --timeout test-tcp +.TP +You can test that the timeout policy with: +.TP +.B conntrack -E -p tcp +.TP +It should display: +.TP +.B [UPDATE] tcp 6 100 ESTABLISHED src=192.168.39.100 dst=57.126.1.20 sport=56463 dport=80 src=57.126.1.20 dst=192.168.39.100 sport=80 dport=56463 [ASSURED] +.SH SEE ALSO +.BR iptables (8), conntrack (8) +.SH BUGS +Please, report them to netfilter-devel@vger.kernel.org or file a bug in +Netfilter's bugzilla (https://bugzilla.netfilter.org). +.SH AUTHORS +Pablo Neira Ayuso wrote and maintains the nfct tool. +.PP +Man page written by Pablo Neira Ayuso <pablo@netfilter.org>. |