Lines Matching refs:to
24 and is also scheduled to replace the old syslog-based ipt_LOG
32 through your machine, in order to figure out how they are related
35 This is required to do Masquerading or other kinds of Network
36 Address Translation. It can also be used to enhance packet
69 `CONNMARK' target and `connmark' match. Similar to the mark value
78 This option enables security markings to be applied to
79 connections. Typically they are copied to connections from
81 connections to packets with the same target, with the packets
92 to get notified about changes in the connection tracking state.
103 tracking code will be able to do state tracking on DCCP connections.
117 tracking code will be able to do state tracking on SCTP connections.
119 If you want to compile it as a module, say M here and read
127 tracking code will be able to do state tracking on UDP-Lite
140 machine, then you may want to enable this feature. This allows the
141 connection tracking and natting code to allow the sub-channels that
157 which generalize ip_conntrack to support other layer 3 protocols.
185 There is a commonly-used extension to IRC called
186 Direct Client-to-Client Protocol (DCC). This enables users to send
187 files to each other, and also chat to each other without the need
190 using NAT, this extension will enable you to send files and initiate
191 chats. Note that you do NOT need this extension to get files or
201 unprivileged port and responded to with unicast messages to the
202 same port. This make them hard to firewall properly because connection
207 of "ip address show" should look similar to this:
220 This module adds support for PPTP (Point to Point Tunnelling
224 box, you may want to enable this feature.
239 SANE is a protocol for remote access to scanners as implemented
287 For it to work you will have to configure certain iptables rules
288 and use policy routing. For more information on how to set it up
299 This is required if you intend to use any of ip_tables,
310 This option adds a `CLASSIFY' target, which enables the user to set
324 This option adds a `CONNMARK' target, which allows one to manipulate
325 the connection mark value. Similar to the MARK target, but
328 If you want to compile it as a module, say M here and read
338 to connections, and restores security markings from connections
339 to packets (if the packets are not already marked). This would
349 This option adds a `DSCP' target, which allows you to manipulate
354 It also adds the "TOS" target, which allows you to create rules in
356 or the Priority field of an IPv6 packet, prior to routing.
364 This option adds a `MARK' target, which allows you to create rules
366 associated with the packet prior to routing. This can change
368 key') and can also be used by other subsystems to change their
378 This option enables the NFLOG target, which allows to LOG
389 As opposed to QUEUE, it supports 65535 different queues,
400 The NOTRACK target allows a select rule to specify
401 which packets *not* to enter the conntrack/NAT
405 If you want to compile it as a module, say M here and read
412 This option adds a `RATEEST' target, which allows to measure
413 rates similar to TC estimators. The `rateest' match can be
414 used to match on the measured rates.
426 This option adds a `TPROXY' target, which is somewhat similar to
428 to redirect traffic to a transparent proxy. It does _not_ depend
438 The TRACE target allows you to mark packets so that the kernel
442 If you want to compile it as a module, say M here and read
460 This option adds a `TCPMSS' target, which allows you to alter the
461 MSS value of TCP SYN packets, to control the maximum size for that
462 connection (usually limiting it to your outgoing interface's MTU
465 This is used to overcome criminally braindead ISPs or servers which
474 Workaround: activate this option and add a rule to your firewall
478 -j TCPMSS --clamp-mss-to-pmtu
488 This option adds a "TCPOPTSTRIP" target, which allows you to strip
495 This option adds a `comment' dummy-match, which allows you to put
498 If you want to compile it as a module, say M here and read
507 This option adds a `connbytes' match, which allows you to match the
510 If you want to compile it as a module, say M here and read
518 This match allows you to match against the number of parallel
519 connections to a server per client IP address (or address block).
527 This option adds a `connmark' match, which allows you to match the
530 If you want to compile it as a module, say M here and read
552 With this option enabled, you will be able to use the iptables
553 `dccp' match in order to match on DCCP source/destination ports
556 If you want to compile it as a module, say M here and read
563 This option adds a `DSCP' match, which allows you to match against
568 It will also add a "tos" match, which allows you to match packets
578 This match extension allows you to match a range of SPIs
590 As opposed to `limit', this match dynamically creates a hash table
594 It enables you to express policies like `10kpps for any given
603 Helper matching allows you to match packets in dynamic connections
612 This option adds a "iprange" match, which allows you to match based on
622 This option allows you to match the length of a packet against a
631 limit matching allows you to control the rate at which a rule can be
633 target support", below) and to avoid some Denial of Service attacks.
641 MAC matching allows you to match packets based on the source
650 Netfilter mark matching allows you to match packets based on the
660 Multiport matching allows you to match TCP or UDP packets based on
670 Socket owner matching allows you to match locally-generated packets
672 possible to check whether a socket actually exists.
679 Policy matching allows you to match packets based on the
699 Packet type matching allows you to match a packet by
711 This option adds a `quota' match, which allows to match on a
714 If you want to compile it as a module, say M here and read
722 This option adds a `rateest' match, which allows to match on the
732 This option adds a `realm' match, which allows you to use the realm
738 If you want to compile it as a module, say M here and read
764 With this option enabled, you will be able to use the
765 `sctp' match in order to match on SCTP source/destination ports
768 If you want to compile it as a module, say M here and read
779 This option adds a `socket' match, which can be used to match
782 routing to implement full featured non-locally bound sockets.
791 Connection state matching allows you to match packets based on their
792 relationship to a tracked connection (ie. previous packets). This
801 This option adds a `statistic' match, which allows you to match
814 This option adds a `string' match, which allows you to look for
823 This option adds a `tcpmss' match, which allows you to examine the
833 This option adds a "time" match, which allows you to match based on
840 If you want to compile it as a module, say M here.
847 u32 allows you to extract quantities of up to 4 bytes from a packet,
850 The specification of what to extract is general enough to skip over