Matches if there are more fragments.
.TP
.BR "[--fraglast]"
-Matches if this is the last fragement.
+Matches if this is the last fragment.
new source-ip
.TP
.B "--random"
-Port mapping will be forcely randomized to avoid attacks based on
+Port mapping will be forcibly randomized to avoid attacks based on
port prediction (kernel >= 2.6.21).
number.
.TP
\fB--queue-num\fP \fIvalue\fP
-This specifies the QUEUE number to use. Valud queue numbers are 0 to 65535. The default value is 0.
+This specifies the QUEUE number to use. Valid queue numbers are 0 to 65535. The default value is 0.
.TP
It can only be used with Kernel versions 2.6.14 or later, since it requires
the
Match by how many bytes or packets a connection (or one of the two
-flows constituting the connection) have tranferred so far, or by
+flows constituting the connection) has transferred so far, or by
average bytes per packet.
The counters are 64bit and are thus not expected to overflow ;)
The primary use is to detect long-lived downloads and mark them to be
scheduled using a lower priority band in traffic control.
-The transfered bytes per connection can also be viewed through
+The transferred bytes per connection can also be viewed through
/proc/net/ip_conntrack and accessed via ctnetlink
.TP
[\fB!\fP] \fB--connbytes\fP \fIfrom\fP[\fB:\fR\fIto\fP]
.BI "--dscp-class " "\fIDiffServ Class\fP"
Match the DiffServ class. This value may be any of the
BE, EF, AFxx or CSx classes. It will then be converted
-into it's according numeric value.
+into its according numeric value.
Maximum entries in the hash.
.TP
\fB--hashlimit-htable-expire\fR \fImsec\fR
-After how many miliseconds do hash entries expire.
+After how many milliseconds do hash entries expire.
.TP
\fB--hashlimit-htable-gcinterval\fR \fImsec\fR
-How many miliseconds between garbage collection intervals.
+How many milliseconds between garbage collection intervals.
.PP
Jozsef Kadlecsik wrote the REJECT target.
.PP
-Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, aswell as TTL match+target and libipulog.
+Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as TTL match+target and libipulog.
.PP
The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Yasuyuki Kozakai,
Jozsef Kadlecsik, Patrick McHardy, James Morris, Pablo Neira Ayuso,
return 0;
}
-/* e is called `fw' here for hysterical raisins */
+/* e is called `fw' here for historical reasons */
static void
print_firewall(const struct ip6t_entry *fw,
const char *targname,
table.
.SH TARGETS
-A firewall rule specifies criteria for a packet, and a target. If the
+A firewall rule specifies criteria for a packet and a target. If the
packet does not match, the next rule in the chain is the examined; if
it does match, then the next rule is specified by the value of the
target, which can be the name of a user-defined chain or one of the
.B iptables
can be divided into several different groups.
.SS COMMANDS
-These options specify the specific action to perform. Only one of them
-can be specified on the command line unless otherwise specified
-below. For all the long versions of the command and option names, you
+These options specify the desired action to perform. Only one of them
+can be specified on the command line unless otherwise stated
+below. For long versions of the command and option names, you
need to use only enough letters to ensure that
.B iptables
can differentiate it from all other options.
.TP
.BR "-L, --list " "[\fIchain\fP]"
List all rules in the selected chain. If no chain is selected, all
-chains are listed. As every other iptables command, it applies to the
+chains are listed. Like every other iptables command, it applies to the
specified table (filter is the default), so NAT rules get listed by
.nf
iptables -t nat -n -L
return 0;
}
-/* e is called `fw' here for hysterical raisins */
+/* e is called `fw' here for historical reasons */
static void
print_firewall(const struct ipt_entry *fw,
const char *targname,
projects / thirdparty / iptables.git / commitdiff
