• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1The CT target sets parameters for a packet or its associated
2connection. The target attaches a "template" connection tracking entry to
3the packet, which is then used by the conntrack core when initializing
4a new ct entry. This target is thus only valid in the "raw" table.
5.TP
6\fB\-\-notrack\fP
7Disables connection tracking for this packet.
8.TP
9\fB\-\-helper\fP \fIname\fP
10Use the helper identified by \fIname\fP for the connection. This is more
11flexible than loading the conntrack helper modules with preset ports.
12.TP
13\fB\-\-ctevents\fP \fIevent\fP[\fB,\fP...]
14Only generate the specified conntrack events for this connection. Possible
15event types are: \fBnew\fP, \fBrelated\fP, \fBdestroy\fP, \fBreply\fP,
16\fBassured\fP, \fBprotoinfo\fP, \fBhelper\fP, \fBmark\fP (this refers to
17the ctmark, not nfmark), \fBnatseqinfo\fP, \fBsecmark\fP (ctsecmark).
18.TP
19\fB\-\-expevents\fP \fIevent\fP[\fB,\fP...]
20Only generate the specified expectation events for this connection.
21Possible event types are: \fBnew\fP.
22.TP
23\fB\-\-zone-orig\fP {\fIid\fP|\fBmark\fP}
24For traffic coming from ORIGINAL direction, assign this packet to zone
25\fIid\fP and only have lookups done in that zone. If \fBmark\fP is used
26instead of \fIid\fP, the zone is derived from the packet nfmark.
27.TP
28\fB\-\-zone-reply\fP {\fIid\fP|\fBmark\fP}
29For traffic coming from REPLY direction, assign this packet to zone
30\fIid\fP and only have lookups done in that zone. If \fBmark\fP is used
31instead of \fIid\fP, the zone is derived from the packet nfmark.
32.TP
33\fB\-\-zone\fP {\fIid\fP|\fBmark\fP}
34Assign this packet to zone \fIid\fP and only have lookups done in that zone.
35If \fBmark\fP is used instead of \fIid\fP, the zone is derived from the
36packet nfmark. By default, packets have zone 0. This option applies to both
37directions.
38.TP
39\fB\-\-timeout\fP \fIname\fP
40Use the timeout policy identified by \fIname\fP for the connection. This is
41provides more flexible timeout policy definition than global timeout values
42available at /proc/sys/net/netfilter/nf_conntrack_*_timeout_*.
43