|
|
3e48d9 |
From f7a31d5c3277b29f104fd8ff48df24c8bc790f19 Mon Sep 17 00:00:00 2001
|
|
|
3e48d9 |
From: Phil Sutter <psutter@redhat.com>
|
|
|
3e48d9 |
Date: Wed, 24 Jun 2020 18:46:39 +0200
|
|
|
3e48d9 |
Subject: [PATCH] doc: Document notrack statement
|
|
|
3e48d9 |
|
|
|
3e48d9 |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1841292
|
|
|
3e48d9 |
Upstream Status: nftables commit f16fbe76f62dc
|
|
|
3e48d9 |
|
|
|
3e48d9 |
commit f16fbe76f62dcb9f7395d1837ad2d056463ba55f
|
|
|
3e48d9 |
Author: Phil Sutter <phil@nwl.cc>
|
|
|
3e48d9 |
Date: Mon Jun 22 15:07:40 2020 +0200
|
|
|
3e48d9 |
|
|
|
3e48d9 |
doc: Document notrack statement
|
|
|
3e48d9 |
|
|
|
3e48d9 |
Merely a stub, but better to mention it explicitly instead of having it
|
|
|
3e48d9 |
appear in synproxy examples and letting users guess as to what it does.
|
|
|
3e48d9 |
|
|
|
3e48d9 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
3e48d9 |
Reviewed-by: Florian Westphal <fw@strlen.de>
|
|
|
3e48d9 |
---
|
|
|
3e48d9 |
doc/statements.txt | 14 ++++++++++++++
|
|
|
3e48d9 |
1 file changed, 14 insertions(+)
|
|
|
3e48d9 |
|
|
|
3e48d9 |
diff --git a/doc/statements.txt b/doc/statements.txt
|
|
|
3e48d9 |
index 3b82436..749533a 100644
|
|
|
3e48d9 |
--- a/doc/statements.txt
|
|
|
3e48d9 |
+++ b/doc/statements.txt
|
|
|
3e48d9 |
@@ -262,6 +262,20 @@ table inet raw {
|
|
|
3e48d9 |
ct event set new,related,destroy
|
|
|
3e48d9 |
--------------------------------------
|
|
|
3e48d9 |
|
|
|
3e48d9 |
+NOTRACK STATEMENT
|
|
|
3e48d9 |
+~~~~~~~~~~~~~~~~~
|
|
|
3e48d9 |
+The notrack statement allows to disable connection tracking for certain
|
|
|
3e48d9 |
+packets.
|
|
|
3e48d9 |
+
|
|
|
3e48d9 |
+[verse]
|
|
|
3e48d9 |
+*notrack*
|
|
|
3e48d9 |
+
|
|
|
3e48d9 |
+Note that for this statement to be effective, it has to be applied to packets
|
|
|
3e48d9 |
+before a conntrack lookup happens. Therefore, it needs to sit in a chain with
|
|
|
3e48d9 |
+either prerouting or output hook and a hook priority of -300 or less.
|
|
|
3e48d9 |
+
|
|
|
3e48d9 |
+See SYNPROXY STATEMENT for an example usage.
|
|
|
3e48d9 |
+
|
|
|
3e48d9 |
META STATEMENT
|
|
|
3e48d9 |
~~~~~~~~~~~~~~
|
|
|
3e48d9 |
A meta statement sets the value of a meta expression. The existing meta fields
|
|
|
3e48d9 |
--
|
|
|
252916 |
2.31.1
|
|
|
3e48d9 |
|