티스토리 뷰
iptables CT extension
CT
The CT target allows to set parameters for a packet or its associated connection. The target attaches a "template" connection tracking entry to the packet, which is then used by the conntrack core when initializing a new ct entry. This target is thus only valid in the "raw" table.
- --notrack
- Disables connection tracking for this packet.
- --helper name
- Use the helper identified by name for the connection. This is more flexible than loading the conntrack helper modules with preset ports.
- --ctevents event[,...]
- Only generate the specified conntrack events for this connection. Possible event types are: new, related, destroy, reply, assured, protoinfo, helper, mark (this refers to the ctmark, not nfmark), natseqinfo, secmark (ctsecmark).
- --expevents event[,...]
- Only generate the specified expectation events for this connection. Possible event types are: new.
- --zone id
- Assign this packet to zone id and only have lookups done in that zone. By default, packets have zone 0.
- --timeout name
- Use the timeout policy identified by name for the connection. This is provides more flexible timeout policy definition than global timeout values available at /proc/sys/net/netfilter/nf_conntrack_*_timeout_*.
|
'Linux' 카테고리의 다른 글
| mod-auth-token (OTP URL) (0) | 2018.04.24 |
|---|---|
| iptables-extensions (0) | 2018.04.02 |
| curl 명령어 (0) | 2018.03.16 |
| mrtg-ping-probe (0) | 2018.02.22 |
| error - received an unknown control message (0) | 2018.02.19 |
댓글
공지사항
최근에 올라온 글
최근에 달린 댓글
- Total
- Today
- Yesterday
링크
TAG
- L2TP
- softether
- 베이어다이나믹
- centOS7
- OpenVPN
- NGINX
- IPSEC
- php
- ntp
- galera
- yum
- SSL
- WAF
- mod_security
- Apache
- GeoIP
- 리눅스
- gitlab
- kvm
- glusterfs
- centos8
- ssh
- iptables
- mariadb
- cURL
- 인증서
- MySQL
- pptp
- HAProxy
- virtualbox
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
글 보관함