aiden
/
freshtomato-arm
mirror of https://bitbucket.org/pedro311/freshtomato-arm
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
arm-master
arm-sdk714
arm-sdk7
arm-ng
2025.2
2024.5
2024.4
2024.3
2024.2
2024.1
2023.5
2023.4
2023.3
2023.2
2023.1
2022.7
2022.6
2022.5
2022.4
2022.3
2022.2
2022.1
2021.8
2021.7
2021.6
2021.5
2021.4
2021.3
2021.2
2021.1
2021.1.082
2021.1.070
2021.1.044
2020.8
2020.8.164
2020.8.144
2020.8.130
2020.8.113
2020.8.083
2020.8.060
2020.8.048
2020.8.042
2020.8.029
2020.8.022
2020.8.021
2020.6
2020.6.084
2020.6.080
2020.6.076
2020.6.065
2020.6.064
2020.6.060
2020.6.055
2020.5
2020.4
2020.4.140
2020.4.100
2020.4.078
2020.3
2020.3.039
2020.3.031
2020.3.028
2020.3.027
2020.2
2020.1
2020.1.037
2020.1.001
2019.4
2019.4.095
2019.4.090
2019.4.056
2019.3
2019.3.274
2025.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'arm-master'
${ noResults }
freshtomato-arm/release/src-rt-6.x.4708/router/conntrack-tools/nfct.8

83 lines
2.3 KiB
Groff
Raw Permalink Blame History

.TH NFCT 8 "Feb 29, 2012" "" ""
.\" Man page written by Pablo Neira Ayuso <pablo@netfilter.org> (Feb 2012)
.SH NAME
nfct \- command line tool to configure with the connection tracking system
.SH SYNOPSIS
.BR "nfct command subsystem [parameters]"
.SH DESCRIPTION
.B nfct
is the command line tool that allows you to configure the Connection Tracking
System.
.SH COMMANDS
.TP
.BI "list "
List the existing objects.
.TP
.BI "add "
Add new object.
.TP
.BI "delete "
Delete an object.
.TP
.BI "get "
Get an existing object.
.TP
.BI "flush "
Flush the accounting object table.
.TP
.BI "disable "
This command is for the helper subsystem. It allows you to disable enqueueing packets to userspace for helper inspection.
.TP
.BI "default-set "
This command is for the timeout subsystem. It allows you to set default protocol timeouts.
.TP
.BI "default-get "
This command is for the timeout subsystem. It allows you to get the default protocol timeouts.
.SH SUBSYS
By the time this manpage has been written, the supported subsystems are
.B timeout
and
.B helper.
.TP
.BI "timeout "
The timeout subsystem allows you to define fine-grain timeout policies.
.TP
.BI "helper "
The helper subsystem allows you to configure userspace helpers.
.TP
.BI "version "
Displays the version information.
.TP
.BI "help "
Displays the help message.
.SH EXAMPLE
.TP
.B nfct add timeout test-tcp inet tcp established 100 close 10 close_wait 10
.TP
This creates a timeout policy for tcp using 100 seconds for the ESTABLISHED state, 10 seconds for CLOSE state and 10 seconds for the CLOSE_WAIT state.
.TP
Then, you can attach the timeout policy with the iptables CT target:
.TP
.B iptables -I PREROUTING -t raw -p tcp -j CT --timeout test-tcp
.TP
.B iptables -I OUTPUT -t raw -p tcp -j CT --timeout test-tcp
.TP
You can test that the timeout policy with:
.TP
.B conntrack -E -p tcp
.TP
It should display:
.TP
.B [UPDATE] tcp 6 100 ESTABLISHED src=192.168.39.100 dst=57.126.1.20 sport=56463 dport=80 src=57.126.1.20 dst=192.168.39.100 sport=80 dport=56463 [ASSURED]
.SH SEE ALSO
.BR iptables (8), conntrack (8)
.SH BUGS
Please, report them to netfilter-devel@vger.kernel.org or file a bug in
Netfilter's bugzilla (https://bugzilla.netfilter.org).
.SH AUTHORS
Pablo Neira Ayuso wrote and maintains the nfct tool.
.PP
Man page written by Pablo Neira Ayuso <pablo@netfilter.org>.
Reference in New Issue View Git Blame Copy Permalink