commit | e8f32983048d6aa4a908b6a92da55fa71c859623 | [log] [tgz] |
---|---|---|
author | Pablo Neira Ayuso <pablo@netfilter.org> | Wed Feb 29 13:48:36 2012 +0100 |
committer | Pablo Neira Ayuso <pablo@netfilter.org> | Mon Apr 02 13:37:49 2012 +0200 |
tree | 7e3240694e7a06115f68fb04e61efd6038c0e62b | |
parent | c4a6b0d437b02458fb3cb827b694fd94b3fbe044 [diff] |
libxt_CT: add --timeout option This patch adds the --timeout option to allow to attach timeout policy objects to flows, eg. iptables -I PREROUTING -t raw -s 1.1.1.1 -p tcp \ -j CT --timeout custom-tcp-policy You need the nfct(8) tool which is available at: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=nfct.git To define the cttimeout policies. Example of usage: nfct timeout add custom-tcp-policy inet tcp established 1000 The new nfct tool also requires libnetfilter_cttimeout: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_cttimeout.git Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>