diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-02-29 01:19:19 (GMT) |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-03-07 16:41:28 (GMT) |
| commit | 24de58f465165298aaa8f286b2592f0163706cfe (patch) | |
| tree | 46cdf87f68eea42037c667cc02d54119791861fb /kernel | |
| parent | dd705072412225a97784fe38feee2ebf8d14814d (diff) | |
| download | linux-fsl-qoriq-24de58f465165298aaa8f286b2592f0163706cfe.tar.xz | |
netfilter: xt_CT: allow to attach timeout policy + glue code
This patch allows you to attach the timeout policy via the
CT target, it adds a new revision of the target to ensure
backward compatibility. Moreover, it also contains the glue
code to stick the timeout object defined via nfnetlink_cttimeout
to the given flow.
Example usage (it requires installing the nfct tool and
libnetfilter_cttimeout):
1) create the timeout policy:
nfct timeout add tcp-policy0 inet tcp \
established 1000 close 10 time_wait 10 last_ack 10
2) attach the timeout policy to the packet:
iptables -I PREROUTING -t raw -p tcp -j CT --timeout tcp-policy0
You have to install the following user-space software:
a) libnetfilter_cttimeout:
git://git.netfilter.org/libnetfilter_cttimeout
b) nfct:
git://git.netfilter.org/nfct
You also have to get iptables with -j CT --timeout support.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'kernel')
0 files changed, 0 insertions, 0 deletions