|
|
1dc35b |
From 31695c75575f3998ac0c5d466d0b85276289a730 Mon Sep 17 00:00:00 2001
|
|
|
1dc35b |
From: Phil Sutter <phil@nwl.cc>
|
|
|
1dc35b |
Date: Thu, 21 Feb 2019 15:38:47 +0100
|
|
|
1dc35b |
Subject: [PATCH] extensions: AUDIT: Document ineffective --type option
|
|
|
1dc35b |
|
|
|
1dc35b |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
1dc35b |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
1dc35b |
(cherry picked from commit dffb5ec2a8c7f91351e2a1029a757cb1f41f2d02)
|
|
|
1dc35b |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
1dc35b |
---
|
|
|
1dc35b |
extensions/libxt_AUDIT.man | 6 ++++--
|
|
|
1dc35b |
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
|
1dc35b |
|
|
|
1dc35b |
diff --git a/extensions/libxt_AUDIT.man b/extensions/libxt_AUDIT.man
|
|
|
1dc35b |
index cd796967c431a..4f5562e8ca425 100644
|
|
|
1dc35b |
--- a/extensions/libxt_AUDIT.man
|
|
|
1dc35b |
+++ b/extensions/libxt_AUDIT.man
|
|
|
1dc35b |
@@ -3,12 +3,14 @@ It can be used to record accepted, dropped, and rejected packets. See
|
|
|
1dc35b |
auditd(8) for additional details.
|
|
|
1dc35b |
.TP
|
|
|
1dc35b |
\fB\-\-type\fP {\fBaccept\fP|\fBdrop\fP|\fBreject\fP}
|
|
|
1dc35b |
-Set type of audit record.
|
|
|
1dc35b |
+Set type of audit record. Starting with linux-4.12, this option has no effect
|
|
|
1dc35b |
+on generated audit messages anymore. It is still accepted by iptables for
|
|
|
1dc35b |
+compatibility reasons, but ignored.
|
|
|
1dc35b |
.PP
|
|
|
1dc35b |
Example:
|
|
|
1dc35b |
.IP
|
|
|
1dc35b |
iptables \-N AUDIT_DROP
|
|
|
1dc35b |
.IP
|
|
|
1dc35b |
-iptables \-A AUDIT_DROP \-j AUDIT \-\-type drop
|
|
|
1dc35b |
+iptables \-A AUDIT_DROP \-j AUDIT
|
|
|
1dc35b |
.IP
|
|
|
1dc35b |
iptables \-A AUDIT_DROP \-j DROP
|
|
|
1dc35b |
--
|
|
|
1dc35b |
2.21.0
|
|
|
1dc35b |
|