| Age | Commit message (Collapse) | Author |
|---|
|
Since dd73ceecdbe8 ("nfct: Update syntax to specify command before subsystem")
the command comes before the object type. Update documentation accordingly.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Here is a patch which adds a userspace conntrack helper for the SSDP
protocol. This is based on the code found at:
http://marc.info/?t=132945775100001&r=1&w=2
I'm not sure how to get my laptop to play at IPv6, so I've not tested
this part, but I've tested the IPv4 section and it works.
Signed-off-by: Ash Hughes <ashley.hughes@blueyonder.co.uk>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch adds documentation on how to enable user-space helper support.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
ExpectationSync requires Linux kernel >= 3.5 to work sanely, document this.
Still, we don't want to crash if someone enables expectation sync with
old Linux kernels (like 2.6.32).
Reported-by: James Gutholm <gutholmj@evergreen.edu>
Tested-by: James Gutholm <gutholmj@evergreen.edu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
The H.323 helper is actually composed of three helpers:
ras
q.931
h.245
We have to specify those in the configuration file since h.323 is
not any known helper itself.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
You have to use this:
iptables -I PREROUTING -t raw -j CT --ctevents assured,destroy
instead of:
iptables -I PREROUTING -t raw -j CT --ctevents assured
Otherwise, conntrackd cache gets full since no destroy events
are delivered.
Reported-by: Kerin Millar <kerframil@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch updates the user manual on how to enable the expectation
support for conntrackd.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Remove reference which states that this is still under development
and refer to version 1.0.0.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Now that we have fixed several aspects of the event filtering in
2.6.38, I reintroduce the documentation for this feature.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Sorry, the iptables CT target is not yet ready for use until some
patches are pushed to the Linux kernel.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This update adds to the documentation the following information:
* add reference to "Demystifying cluster-based fault-tolerant firewalls"
* add how-to disable the external cache
* add how-to disable the internal cache
* add how-to set the synchronization transport protocol
* document iptables CT target
* ask for sponsors to finish H323 and SIP support.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch includes a minor documentation update with two new
questions in the FAQ.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch completes the documentation with the following discussion
that took place in the mailing list.
http://marc.info/?l=netfilter&m=127335152521674&w=2
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This is an update to commit 575fc906a302599cb9afeb136096dfd96bb57b17.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Reported-by: Ralf <rm@amitrader.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
This patch adds the manual in docbook format to the conntrack-tools.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
