[netfilter-cvslog] r3817 - in trunk/patch-o-matic-ng: ACCOUNT ACCOUNT/iptables ACCOUNT/iptables/extensions comment/iptables/extensions geoip/iptables/extensions owner-socketlookup ownercmd policy/iptables/extensions tproxy/iptables/extensions

laforge at netfilter.org laforge at netfilter.org
Fri Apr 1 08:56:30 CEST 2005 

Author: laforge at netfilter.org
Date: 2005-04-01 08:56:30 +0200 (Fri, 01 Apr 2005)
New Revision: 3817

Added:
   trunk/patch-o-matic-ng/ACCOUNT/iptables/
   trunk/patch-o-matic-ng/ACCOUNT/iptables/extensions/
   trunk/patch-o-matic-ng/ACCOUNT/iptables/extensions/libipt_ACCOUNT.man
   trunk/patch-o-matic-ng/comment/iptables/extensions/libipt_comment.man
   trunk/patch-o-matic-ng/geoip/iptables/extensions/libipt_geoip.man
   trunk/patch-o-matic-ng/owner-socketlookup/iptables.patch
   trunk/patch-o-matic-ng/ownercmd/iptables.patch
   trunk/patch-o-matic-ng/policy/iptables/extensions/libip6t_policy.man
   trunk/patch-o-matic-ng/tproxy/iptables/extensions/libipt_TPROXY.man
   trunk/patch-o-matic-ng/tproxy/iptables/extensions/libipt_tproxy.man
Log:
lots of manpage snippets by Jonas Berlin


Added: trunk/patch-o-matic-ng/ACCOUNT/iptables/extensions/libipt_ACCOUNT.man
===================================================================
--- trunk/patch-o-matic-ng/ACCOUNT/iptables/extensions/libipt_ACCOUNT.man	2005-04-01 06:54:23 UTC (rev 3816)
+++ trunk/patch-o-matic-ng/ACCOUNT/iptables/extensions/libipt_ACCOUNT.man	2005-04-01 06:56:30 UTC (rev 3817)
@@ -0,0 +1,16 @@
+A high performance accounting system for local networks.
+.TP
+.BI "--addr " "network/mask"
+the subnet which is accounted for
+.TP
+.BI "--tname " "name"
+is the table name where the information is stored
+.P
+The data can be queried later using the libipt_ACCOUNT userspace library
+or by the "iptaccount" tool which is part of the libipt_ACCOUNT package.
+
+A special subnet is "0.0.0.0/0": All data is stored in the src_bytes
+and src_packets structure of slot "0". This is useful if you want
+to account the overall traffic to/from your internet provider.
+
+For more information go to http://www.intra2net.com/opensource/ipt_account

Added: trunk/patch-o-matic-ng/comment/iptables/extensions/libipt_comment.man
===================================================================
--- trunk/patch-o-matic-ng/comment/iptables/extensions/libipt_comment.man	2005-04-01 06:54:23 UTC (rev 3816)
+++ trunk/patch-o-matic-ng/comment/iptables/extensions/libipt_comment.man	2005-04-01 06:56:30 UTC (rev 3817)
@@ -0,0 +1,6 @@
+Allows you to add comments (up to 256 characters) to any rule.
+.TP
+.BI "--comment " "comment"
+.TP
+Example:
+iptables -A INPUT -s 192.168.0.0/16 -m comment --comment "A privatized IP block"

Added: trunk/patch-o-matic-ng/geoip/iptables/extensions/libipt_geoip.man
===================================================================
--- trunk/patch-o-matic-ng/geoip/iptables/extensions/libipt_geoip.man	2005-04-01 06:54:23 UTC (rev 3816)
+++ trunk/patch-o-matic-ng/geoip/iptables/extensions/libipt_geoip.man	2005-04-01 06:56:30 UTC (rev 3817)
@@ -0,0 +1,15 @@
+Match a packet by its source or destination country.
+.TP
+[\fB!\fR] \fB--src-cc\fR, \fB--source-country \fIcountry\fR[\fB,\fIcountry\fB,\fIcountry\fB,\fI...\fR]
+Match packet coming from (one of) the specified country(ies)
+.TP
+[\fB!\fR] \fB--dst-cc\fR, \fB--destination-country \fIcountry\fR[\fB,\fIcountry\fB,\fIcountry\fB,\fI...\fR]
+Match packet going to (one of) the specified country(ies)
+.TP
+NOTE:
+The country is inputed by its ISO3166 code.
+.P
+The only extra files you need is a binary db (geoipdb.bin) & its index file (geoipdb.idx).
+Both files are generated from a countries & subnets database with the csv2bin tool,
+available at www.cookinglinux.org/geoip/. Both files MUST also be moved in /var/geoip/
+as the shared library is statically looking for that pathname (ex.: /var/geoip/geoipdb.bin).

Added: trunk/patch-o-matic-ng/owner-socketlookup/iptables.patch
===================================================================
--- trunk/patch-o-matic-ng/owner-socketlookup/iptables.patch	2005-04-01 06:54:23 UTC (rev 3816)
+++ trunk/patch-o-matic-ng/owner-socketlookup/iptables.patch	2005-04-01 06:56:30 UTC (rev 3817)
@@ -0,0 +1,16 @@
+--- orig-iptables/extensions/libipt_owner.man	2004-10-10 12:56:26.000000000 +0300
++++ iptables/extensions/libipt_owner.man	2005-03-26 12:45:15.000000000 +0200
+@@ -1,8 +1,9 @@
+ This module attempts to match various characteristics of the packet
+-creator, for locally-generated packets.  It is only valid in the
+-.B OUTPUT
+-chain, and even this some packets (such as ICMP ping responses) may
+-have no owner, and hence never match.
++creator, for locally-generated packets. It is valid in the
++\fBINPUT\fR, \fBOUTPUT\fR and \fBPOSTROUTING\fR chains, however in the
++\fBINPUT\fR chain only TCP and UDP packets can be matched. Also note
++that some packets (such as ICMP ping responses) may have no owner, and
++hence never match.
+ .TP
+ .BI "--uid-owner " "userid"
+ Matches if the packet was created by a process with the given

Added: trunk/patch-o-matic-ng/ownercmd/iptables.patch
===================================================================
--- trunk/patch-o-matic-ng/ownercmd/iptables.patch	2005-04-01 06:54:23 UTC (rev 3816)
+++ trunk/patch-o-matic-ng/ownercmd/iptables.patch	2005-04-01 06:56:30 UTC (rev 3817)
@@ -0,0 +1,12 @@
+--- orig-iptables/extensions/libip6t_owner.man	2004-10-10 12:56:24.000000000 +0300
++++ iptables/extensions/libip6t_owner.man	2005-03-26 12:53:03.000000000 +0200
+@@ -20,4 +20,9 @@
+ Matches if the packet was created by a process in the given session
+ group.
+ .TP
++.BI "--cmd-owner " "name"
++Matches if the packet was created by a process with the given command name.
++(this option is present only if iptables was compiled under a kernel
++supporting this feature)
++.TP
+ .B NOTE: pid, sid and command matching are broken on SMP

Added: trunk/patch-o-matic-ng/policy/iptables/extensions/libip6t_policy.man
===================================================================
--- trunk/patch-o-matic-ng/policy/iptables/extensions/libip6t_policy.man	2005-04-01 06:54:23 UTC (rev 3816)
+++ trunk/patch-o-matic-ng/policy/iptables/extensions/libip6t_policy.man	2005-04-01 06:56:30 UTC (rev 3817)
@@ -0,0 +1,46 @@
+This modules matches the policy used by IPsec for handling a packet.
+.TP
+.BI "--dir " "in|out"
+Used to select whether to match the policy used for decapsulation or the
+policy that will be used for encapsulation.
+.B in
+is valid in the
+.B PREROUTING, INPUT and FORWARD
+chains,
+.B out
+is valid in the
+.B POSTROUTING, OUTPUT and FORWARD
+chains.
+.TP
+.BI "--pol " "none|ipsec"
+Matches if the packet is subject to IPsec processing.
+.TP
+.BI "--strict"
+Selects whether to match the exact policy or match if any rule of
+the policy matches the given policy.
+.TP
+.BI "--reqid " "id"
+Matches the reqid of the policy rule. The reqid can be specified with
+.B setkey(8)
+using
+.B unique:id
+as level.
+.TP
+.BI "--spi " "spi"
+Matches the SPI of the SA.
+.TP
+.BI "--proto " "ah|esp|ipcomp"
+Matches the encapsulation protocol.
+.TP
+.BI "--mode " "tunnel|transport"
+Matches the encapsulation mode.
+.TP
+.BI "--tunnel-src " "addr[/masklen]"
+Matches the source address of a tunnel. Only valid with --mode tunnel.
+.TP
+.BI "--tunnel-dst " "addr[/masklen]"
+Matches the destination address of a tunnel. Only valid with --mode tunnel.
+.TP
+.BI "--next"
+Start the next element in the policy specification. Can only be used with
+--strict

Added: trunk/patch-o-matic-ng/tproxy/iptables/extensions/libipt_TPROXY.man
===================================================================
--- trunk/patch-o-matic-ng/tproxy/iptables/extensions/libipt_TPROXY.man	2005-04-01 06:54:23 UTC (rev 3816)
+++ trunk/patch-o-matic-ng/tproxy/iptables/extensions/libipt_TPROXY.man	2005-04-01 06:56:30 UTC (rev 3817)
@@ -0,0 +1,7 @@
+Used to redirect new connections to the transparent proxy.
+.TP
+.BI "--on-port " "port"
+Redirect connection to port, or the original port if 0
+.TP
+.BI "--on-ip " "ip"
+Optionally redirect to the given IP

Added: trunk/patch-o-matic-ng/tproxy/iptables/extensions/libipt_tproxy.man
===================================================================
--- trunk/patch-o-matic-ng/tproxy/iptables/extensions/libipt_tproxy.man	2005-04-01 06:54:23 UTC (rev 3816)
+++ trunk/patch-o-matic-ng/tproxy/iptables/extensions/libipt_tproxy.man	2005-04-01 06:56:30 UTC (rev 3817)
@@ -0,0 +1 @@
+Matches all packets related to transparent-proxied connections.

More information about the netfilter-cvslog mailing list