[netfilter-cvslog] r7474 - trunk/iptables/extensions

kaber at trash.net kaber at trash.net
Sun Apr 13 07:29:27 CEST 2008 

Author: kaber at trash.net
Date: 2008-04-13 07:29:27 +0200 (Sun, 13 Apr 2008)
New Revision: 7474

Modified:
   trunk/iptables/extensions/libip6t_frag.man
   trunk/iptables/extensions/libipt_DNAT.man
   trunk/iptables/extensions/libipt_SAME.man
   trunk/iptables/extensions/libipt_SNAT.man
   trunk/iptables/extensions/libxt_connmark.man
   trunk/iptables/extensions/libxt_helper.man
   trunk/iptables/extensions/libxt_iprange.man
   trunk/iptables/extensions/libxt_mark.man
   trunk/iptables/extensions/libxt_owner.man
   trunk/iptables/extensions/libxt_tos.man
Log:
[PATCH 11/13] manpages: update to reflect fine-grained control


Modified: trunk/iptables/extensions/libip6t_frag.man
===================================================================
--- trunk/iptables/extensions/libip6t_frag.man	2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libip6t_frag.man	2008-04-13 05:29:27 UTC (rev 7474)
@@ -13,8 +13,8 @@
 .BR "--fragfirst "
 Matches on the first fragment.
 .TP
-.BR "[--fragmore]"
+\fB--fragmore\fP
 Matches if there are more fragments.
 .TP
-.BR "[--fraglast]"
+\fB--fraglast\fP
 Matches if this is the last fragment.

Modified: trunk/iptables/extensions/libipt_DNAT.man
===================================================================
--- trunk/iptables/extensions/libipt_DNAT.man	2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libipt_DNAT.man	2008-04-13 05:29:27 UTC (rev 7474)
@@ -10,7 +10,7 @@
 also be mangled), and rules should cease being examined.  It takes one
 type of option:
 .TP
-.BR "--to-destination " "[\fIipaddr\fP][-\fIipaddr\fP][:\fIport\fP-\fIport\fP]"
+\fB--to-destination\fP [\fIipaddr\fP][\fB-\fP\fIipaddr\fP][\fB:\fP\fIport\fP[\fB-\fP\fIport\fP]]
 which can specify a single new destination IP address, an inclusive
 range of IP addresses, and optionally, a port range (which is only
 valid if the rule also specifies

Modified: trunk/iptables/extensions/libipt_SAME.man
===================================================================
--- trunk/iptables/extensions/libipt_SAME.man	2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libipt_SAME.man	2008-04-13 05:29:27 UTC (rev 7474)
@@ -2,7 +2,7 @@
 (`--to 1.2.3.4-1.2.3.7') and gives a client the same
 source-/destination-address for each connection.
 .TP
-.BI "--to " "<ipaddr>-<ipaddr>"
+\fB--to\fP \fIipaddr\fP[\fB-\fP\fIipaddr\fP]
 Addresses to map source to. May be specified more than once for
 multiple ranges.
 .TP

Modified: trunk/iptables/extensions/libipt_SNAT.man
===================================================================
--- trunk/iptables/extensions/libipt_SNAT.man	2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libipt_SNAT.man	2008-04-13 05:29:27 UTC (rev 7474)
@@ -7,7 +7,7 @@
 mangled), and rules should cease being examined.  It takes one type
 of option:
 .TP
-.BR "--to-source  " "\fIipaddr\fP[-\fIipaddr\fP][:\fIport\fP-\fIport\fP]"
+\fB--to-source\fP \fIipaddr\fP[\fB-\fP\fIipaddr\fP][\fB:\fP\fIport\fP[\fB-\fP\fIport\fP]]
 which can specify a single new source IP address, an inclusive range
 of IP addresses, and optionally, a port range (which is only valid if
 the rule also specifies

Modified: trunk/iptables/extensions/libxt_connmark.man
===================================================================
--- trunk/iptables/extensions/libxt_connmark.man	2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libxt_connmark.man	2008-04-13 05:29:27 UTC (rev 7474)
@@ -1,6 +1,6 @@
 This module matches the netfilter mark field associated with a connection
 (which can be set using the \fBCONNMARK\fR target below).
 .TP
-\fB--mark\fR \fIvalue\fR[\fB/\fR\fImask\fR]
+[\fB!\fP] \fB--mark\fR \fIvalue\fR[\fB/\fR\fImask\fR]
 Matches packets in connections with the given mark value (if a mask is
 specified, this is logically ANDed with the mark before the comparison).

Modified: trunk/iptables/extensions/libxt_helper.man
===================================================================
--- trunk/iptables/extensions/libxt_helper.man	2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libxt_helper.man	2008-04-13 05:29:27 UTC (rev 7474)
@@ -1,6 +1,6 @@
 This module matches packets related to a specific conntrack-helper.
 .TP
-.BI "--helper " "string"
+[\fB!\fP] \fB--helper\fP \fIstring\fP
 Matches packets related to the specified conntrack-helper.
 .RS
 .PP

Modified: trunk/iptables/extensions/libxt_iprange.man
===================================================================
--- trunk/iptables/extensions/libxt_iprange.man	2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libxt_iprange.man	2008-04-13 05:29:27 UTC (rev 7474)
@@ -1,7 +1,7 @@
 This matches on a given arbitrary range of IP addresses.
 .TP
-[\fB!\fR] \fB--src-range\fR \fIfrom\fR-\fIto\fR
+[\fB!\fR] \fB--src-range\fR \fIfrom\fR[\fB-\fP\fIto\fR]
 Match source IP in the specified range.
 .TP
-[\fB!\fR] \fB--dst-range\fR \fIfrom\fR-\fIto\fR
+[\fB!\fR] \fB--dst-range\fR \fIfrom\fR[\fB-\fP\fIto\fR]
 Match destination IP in the specified range.

Modified: trunk/iptables/extensions/libxt_mark.man
===================================================================
--- trunk/iptables/extensions/libxt_mark.man	2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libxt_mark.man	2008-04-13 05:29:27 UTC (rev 7474)
@@ -3,7 +3,7 @@
 .B MARK
 target below).
 .TP
-.BR "--mark " "\fIvalue\fP[/\fImask\fP]"
+[\fB!\fP] \fB--mark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
 Matches packets with the given unsigned mark value (if a \fImask\fP is
 specified, this is logically ANDed with the \fImask\fP before the
 comparison).

Modified: trunk/iptables/extensions/libxt_owner.man
===================================================================
--- trunk/iptables/extensions/libxt_owner.man	2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libxt_owner.man	2008-04-13 05:29:27 UTC (rev 7474)
@@ -3,17 +3,17 @@
 POSTROUTING chains. Forwarded packets do not have any socket associated with
 them. Packets from kernel threads do have a socket, but usually no owner.
 .TP
-\fB--uid-owner\fR \fIusername\fR
+[\fB!\fP] \fB--uid-owner\fP \fIusername\fP
 .TP
-\fB--uid-owner\fR \fIuserid\fR[\fB-\fR\fIuserid\fR]
+[\fB!\fP] \fB--uid-owner\fP \fIuserid\fP[\fB-\fP\fIuserid\fP]
 Matches if the packet socket's file structure (if it has one) is owned by the
 given user. You may also specify a numerical UID, or an UID range.
 .TP
-\fB--gid-owner\fR \fIgroupname\fR
+[\fB!\fP] \fB--gid-owner\fP \fIgroupname\fP
 .TP
-\fB--gid-owner\fR \fIgroupid\fR[\fB-\fR\fIgroupid\fR]
+[\fB!\fP] \fB--gid-owner\fP \fIgroupid\fP[\fB-\fR\fIgroupid\fP]
 Matches if the packet socket's file structure is owned by the given group.
 You may also specify a numerical GID, or a GID range.
 .TP
-\fB--socket-exists\fR
+[\fB!\fP] \fB--socket-exists\fP
 Matches if the packet is associated with a socket.

Modified: trunk/iptables/extensions/libxt_tos.man
===================================================================
--- trunk/iptables/extensions/libxt_tos.man	2008-04-13 05:28:31 UTC (rev 7473)
+++ trunk/iptables/extensions/libxt_tos.man	2008-04-13 05:29:27 UTC (rev 7474)
@@ -2,11 +2,11 @@
 including the "Precedence" bits) or the (also 8-bit) Priority field in the IPv6
 header.
 .TP
-\fB--tos\fR \fIvalue\fR[\fB/\fR\fImask\fR]
+[\fB!\fP] \fB--tos\fR \fIvalue\fR[\fB/\fR\fImask\fR]
 Matches packets with the given TOS mark value. If a mask is specified, it is
 logically ANDed with the TOS mark before the comparison.
 .TP
-\fB--tos\fR \fIsymbol\fR
+[\fB!\fP] \fB--tos\fR \fIsymbol\fR
 You can specify a symbolic name when using the tos match for IPv4. The list of
 recognized TOS names can be obtained by calling iptables with \fB-m tos -h\fR.
 Note that this implies a mask of 0x3F, i.e. all but the ECN bits.

More information about the netfilter-cvslog mailing list