Google Git
Sign in
googlers / maze / iptables / e8f32983048d6aa4a908b6a92da55fa71c859623
commite8f32983048d6aa4a908b6a92da55fa71c859623[log] [tgz]
authorPablo Neira Ayuso <pablo@netfilter.org>Wed Feb 29 13:48:36 2012 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>Mon Apr 02 13:37:49 2012 +0200
tree7e3240694e7a06115f68fb04e61efd6038c0e62b
parentc4a6b0d437b02458fb3cb827b694fd94b3fbe044 [diff]
libxt_CT: add --timeout option

This patch adds the --timeout option to allow to attach timeout
policy objects to flows, eg.

 iptables -I PREROUTING -t raw -s 1.1.1.1 -p tcp \
	  -j CT --timeout custom-tcp-policy

You need the nfct(8) tool which is available at:
http://git.netfilter.org/cgi-bin/gitweb.cgi?p=nfct.git
To define the cttimeout policies.

Example of usage:
 nfct timeout add custom-tcp-policy inet tcp established 1000

The new nfct tool also requires libnetfilter_cttimeout:
http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_cttimeout.git

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
3 files changed
tree: 7e3240694e7a06115f68fb04e61efd6038c0e62b
  1. extensions/
  2. include/
  3. iptables/
  4. libipq/
  5. libiptc/
  6. libxtables/
  7. m4/
  8. tests/
  9. utils/
  10. .gitignore
  11. autogen.sh
  12. COMMIT_NOTES
  13. configure.ac
  14. COPYING
  15. INCOMPATIBILITIES
  16. INSTALL
  17. Makefile.am
  18. release.sh