summaryrefslogtreecommitdiff
path: root/net/ipv4
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-02-29 02:19:19 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2012-03-07 17:41:28 +0100
commit24de58f465165298aaa8f286b2592f0163706cfe (patch)
tree46cdf87f68eea42037c667cc02d54119791861fb /net/ipv4
parentdd705072412225a97784fe38feee2ebf8d14814d (diff)
netfilter: xt_CT: allow to attach timeout policy + glue code
This patch allows you to attach the timeout policy via the CT target, it adds a new revision of the target to ensure backward compatibility. Moreover, it also contains the glue code to stick the timeout object defined via nfnetlink_cttimeout to the given flow. Example usage (it requires installing the nfct tool and libnetfilter_cttimeout): 1) create the timeout policy: nfct timeout add tcp-policy0 inet tcp \ established 1000 close 10 time_wait 10 last_ack 10 2) attach the timeout policy to the packet: iptables -I PREROUTING -t raw -p tcp -j CT --timeout tcp-policy0 You have to install the following user-space software: a) libnetfilter_cttimeout: git://git.netfilter.org/libnetfilter_cttimeout b) nfct: git://git.netfilter.org/nfct You also have to get iptables with -j CT --timeout support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4')
0 files changed, 0 insertions, 0 deletions