[netfilter-cvslog] r7474 - trunk/iptables/extensions
kaber at trash.net
kaber at trash.net
Sun Apr 13 07:29:27 CEST 2008
Author: kaber at trash.net
Date: 2008-04-13 07:29:27 +0200 (Sun, 13 Apr 2008)
New Revision: 7474
Modified:
trunk/iptables/extensions/libip6t_frag.man
trunk/iptables/extensions/libipt_DNAT.man
trunk/iptables/extensions/libipt_SAME.man
trunk/iptables/extensions/libipt_SNAT.man
trunk/iptables/extensions/libxt_connmark.man
trunk/iptables/extensions/libxt_helper.man
trunk/iptables/extensions/libxt_iprange.man
trunk/iptables/extensions/libxt_mark.man
trunk/iptables/extensions/libxt_owner.man
trunk/iptables/extensions/libxt_tos.man
Log:
[PATCH 11/13] manpages: update to reflect fine-grained control
Modified: trunk/iptables/extensions/libip6t_frag.man
===================================================================
--- trunk/iptables/extensions/libip6t_frag.man 2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libip6t_frag.man 2008-04-13 05:29:27 UTC (rev 7474)
@@ -13,8 +13,8 @@
.BR "--fragfirst "
Matches on the first fragment.
.TP
-.BR "[--fragmore]"
+\fB--fragmore\fP
Matches if there are more fragments.
.TP
-.BR "[--fraglast]"
+\fB--fraglast\fP
Matches if this is the last fragment.
Modified: trunk/iptables/extensions/libipt_DNAT.man
===================================================================
--- trunk/iptables/extensions/libipt_DNAT.man 2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libipt_DNAT.man 2008-04-13 05:29:27 UTC (rev 7474)
@@ -10,7 +10,7 @@
also be mangled), and rules should cease being examined. It takes one
type of option:
.TP
-.BR "--to-destination " "[\fIipaddr\fP][-\fIipaddr\fP][:\fIport\fP-\fIport\fP]"
+\fB--to-destination\fP [\fIipaddr\fP][\fB-\fP\fIipaddr\fP][\fB:\fP\fIport\fP[\fB-\fP\fIport\fP]]
which can specify a single new destination IP address, an inclusive
range of IP addresses, and optionally, a port range (which is only
valid if the rule also specifies
Modified: trunk/iptables/extensions/libipt_SAME.man
===================================================================
--- trunk/iptables/extensions/libipt_SAME.man 2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libipt_SAME.man 2008-04-13 05:29:27 UTC (rev 7474)
@@ -2,7 +2,7 @@
(`--to 1.2.3.4-1.2.3.7') and gives a client the same
source-/destination-address for each connection.
.TP
-.BI "--to " "<ipaddr>-<ipaddr>"
+\fB--to\fP \fIipaddr\fP[\fB-\fP\fIipaddr\fP]
Addresses to map source to. May be specified more than once for
multiple ranges.
.TP
Modified: trunk/iptables/extensions/libipt_SNAT.man
===================================================================
--- trunk/iptables/extensions/libipt_SNAT.man 2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libipt_SNAT.man 2008-04-13 05:29:27 UTC (rev 7474)
@@ -7,7 +7,7 @@
mangled), and rules should cease being examined. It takes one type
of option:
.TP
-.BR "--to-source " "\fIipaddr\fP[-\fIipaddr\fP][:\fIport\fP-\fIport\fP]"
+\fB--to-source\fP \fIipaddr\fP[\fB-\fP\fIipaddr\fP][\fB:\fP\fIport\fP[\fB-\fP\fIport\fP]]
which can specify a single new source IP address, an inclusive range
of IP addresses, and optionally, a port range (which is only valid if
the rule also specifies
Modified: trunk/iptables/extensions/libxt_connmark.man
===================================================================
--- trunk/iptables/extensions/libxt_connmark.man 2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libxt_connmark.man 2008-04-13 05:29:27 UTC (rev 7474)
@@ -1,6 +1,6 @@
This module matches the netfilter mark field associated with a connection
(which can be set using the \fBCONNMARK\fR target below).
.TP
-\fB--mark\fR \fIvalue\fR[\fB/\fR\fImask\fR]
+[\fB!\fP] \fB--mark\fR \fIvalue\fR[\fB/\fR\fImask\fR]
Matches packets in connections with the given mark value (if a mask is
specified, this is logically ANDed with the mark before the comparison).
Modified: trunk/iptables/extensions/libxt_helper.man
===================================================================
--- trunk/iptables/extensions/libxt_helper.man 2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libxt_helper.man 2008-04-13 05:29:27 UTC (rev 7474)
@@ -1,6 +1,6 @@
This module matches packets related to a specific conntrack-helper.
.TP
-.BI "--helper " "string"
+[\fB!\fP] \fB--helper\fP \fIstring\fP
Matches packets related to the specified conntrack-helper.
.RS
.PP
Modified: trunk/iptables/extensions/libxt_iprange.man
===================================================================
--- trunk/iptables/extensions/libxt_iprange.man 2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libxt_iprange.man 2008-04-13 05:29:27 UTC (rev 7474)
@@ -1,7 +1,7 @@
This matches on a given arbitrary range of IP addresses.
.TP
-[\fB!\fR] \fB--src-range\fR \fIfrom\fR-\fIto\fR
+[\fB!\fR] \fB--src-range\fR \fIfrom\fR[\fB-\fP\fIto\fR]
Match source IP in the specified range.
.TP
-[\fB!\fR] \fB--dst-range\fR \fIfrom\fR-\fIto\fR
+[\fB!\fR] \fB--dst-range\fR \fIfrom\fR[\fB-\fP\fIto\fR]
Match destination IP in the specified range.
Modified: trunk/iptables/extensions/libxt_mark.man
===================================================================
--- trunk/iptables/extensions/libxt_mark.man 2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libxt_mark.man 2008-04-13 05:29:27 UTC (rev 7474)
@@ -3,7 +3,7 @@
.B MARK
target below).
.TP
-.BR "--mark " "\fIvalue\fP[/\fImask\fP]"
+[\fB!\fP] \fB--mark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
Matches packets with the given unsigned mark value (if a \fImask\fP is
specified, this is logically ANDed with the \fImask\fP before the
comparison).
Modified: trunk/iptables/extensions/libxt_owner.man
===================================================================
--- trunk/iptables/extensions/libxt_owner.man 2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libxt_owner.man 2008-04-13 05:29:27 UTC (rev 7474)
@@ -3,17 +3,17 @@
POSTROUTING chains. Forwarded packets do not have any socket associated with
them. Packets from kernel threads do have a socket, but usually no owner.
.TP
-\fB--uid-owner\fR \fIusername\fR
+[\fB!\fP] \fB--uid-owner\fP \fIusername\fP
.TP
-\fB--uid-owner\fR \fIuserid\fR[\fB-\fR\fIuserid\fR]
+[\fB!\fP] \fB--uid-owner\fP \fIuserid\fP[\fB-\fP\fIuserid\fP]
Matches if the packet socket's file structure (if it has one) is owned by the
given user. You may also specify a numerical UID, or an UID range.
.TP
-\fB--gid-owner\fR \fIgroupname\fR
+[\fB!\fP] \fB--gid-owner\fP \fIgroupname\fP
.TP
-\fB--gid-owner\fR \fIgroupid\fR[\fB-\fR\fIgroupid\fR]
+[\fB!\fP] \fB--gid-owner\fP \fIgroupid\fP[\fB-\fR\fIgroupid\fP]
Matches if the packet socket's file structure is owned by the given group.
You may also specify a numerical GID, or a GID range.
.TP
-\fB--socket-exists\fR
+[\fB!\fP] \fB--socket-exists\fP
Matches if the packet is associated with a socket.
Modified: trunk/iptables/extensions/libxt_tos.man
===================================================================
--- trunk/iptables/extensions/libxt_tos.man 2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libxt_tos.man 2008-04-13 05:29:27 UTC (rev 7474)
@@ -2,11 +2,11 @@
including the "Precedence" bits) or the (also 8-bit) Priority field in the IPv6
header.
.TP
-\fB--tos\fR \fIvalue\fR[\fB/\fR\fImask\fR]
+[\fB!\fP] \fB--tos\fR \fIvalue\fR[\fB/\fR\fImask\fR]
Matches packets with the given TOS mark value. If a mask is specified, it is
logically ANDed with the TOS mark before the comparison.
.TP
-\fB--tos\fR \fIsymbol\fR
+[\fB!\fP] \fB--tos\fR \fIsymbol\fR
You can specify a symbolic name when using the tos match for IPv4. The list of
recognized TOS names can be obtained by calling iptables with \fB-m tos -h\fR.
Note that this implies a mask of 0x3F, i.e. all but the ECN bits.
More information about the netfilter-cvslog
mailing list