Home | History | Annotate | Download | only in extensions 
      1 The CT target allows to set parameters for a packet or its associated
      2 connection. The target attaches a "template" connection tracking entry to
      3 the packet, which is then used by the conntrack core when initializing
      4 a new ct entry. This target is thus only valid in the "raw" table.
      5 .TP
      6 \fB\-\-notrack\fP
      7 Disables connection tracking for this packet.
      8 .TP
      9 \fB\-\-helper\fP \fIname\fP
     10 Use the helper identified by \fIname\fP for the connection. This is more
     11 flexible than loading the conntrack helper modules with preset ports.
     12 .TP
     13 \fB\-\-ctevents\fP \fIevent\fP[\fB,\fP...]
     14 Only generate the specified conntrack events for this connection. Possible
     15 event types are: \fBnew\fP, \fBrelated\fP, \fBdestroy\fP, \fBreply\fP,
     16 \fBassured\fP, \fBprotoinfo\fP, \fBhelper\fP, \fBmark\fP (this refers to
     17 the ctmark, not nfmark), \fBnatseqinfo\fP, \fBsecmark\fP (ctsecmark).
     18 .TP
     19 \fB\-\-expevents\fP \fIevent\fP[\fB,\fP...]
     20 Only generate the specified expectation events for this connection.
     21 Possible event types are: \fBnew\fP.
     22 .TP
     23 \fB\-\-zone-orig\fP {\fIid\fP|\fBmark\fP}
     24 For traffic coming from ORIGINAL direction, assign this packet to zone
     25 \fIid\fP and only have lookups done in that zone. If \fBmark\fP is used
     26 instead of \fIid\fP, the zone is derived from the packet nfmark.
     27 .TP
     28 \fB\-\-zone-reply\fP {\fIid\fP|\fBmark\fP}
     29 For traffic coming from REPLY direction, assign this packet to zone
     30 \fIid\fP and only have lookups done in that zone. If \fBmark\fP is used
     31 instead of \fIid\fP, the zone is derived from the packet nfmark.
     32 .TP
     33 \fB\-\-zone\fP {\fIid\fP|\fBmark\fP}
     34 Assign this packet to zone \fIid\fP and only have lookups done in that zone.
     35 If \fBmark\fP is used instead of \fIid\fP, the zone is derived from the
     36 packet nfmark. By default, packets have zone 0. This option applies to both
     37 directions.
     38 .TP
     39 \fB\-\-timeout\fP \fIname\fP
     40 Use the timeout policy identified by \fIname\fP for the connection. This is
     41 provides more flexible timeout policy definition than global timeout values
     42 available at /proc/sys/net/netfilter/nf_conntrack_*_timeout_*.
     43