extensions: AUDIT: Document ineffective --type option

author Phil Sutter <phil@nwl.cc>

Thu, 21 Feb 2019 14:38:47 +0000 (15:38 +0100)

committer Florian Westphal <fw@strlen.de>

Fri, 22 Feb 2019 16:00:44 +0000 (17:00 +0100)
author Phil Sutter <phil@nwl.cc>
Thu, 21 Feb 2019 14:38:47 +0000 (15:38 +0100)
committer Florian Westphal <fw@strlen.de>
Fri, 22 Feb 2019 16:00:44 +0000 (17:00 +0100)
diff --git a/extensions/libxt_AUDIT.man b/extensions/libxt_AUDIT.man

index cd796967c431abeb23e7050d95eea1f0fa55dd40..4f5562e8ca425cd1c7946d1c319092af3c3fafff 100644 (file)
--- a/extensions/libxt_AUDIT.man
+++ b/extensions/libxt_AUDIT.man
@@ -3,12 +3,14 @@ It can be used to record accepted, dropped, and rejected packets. See
  auditd(8) for additional details.
  .TP
  \fB\-\-type\fP {\fBaccept\fP|\fBdrop\fP|\fBreject\fP}
-Set type of audit record.
+Set type of audit record. Starting with linux-4.12, this option has no effect
+on generated audit messages anymore. It is still accepted by iptables for
+compatibility reasons, but ignored.
  .PP
  Example:
  .IP
  iptables \-N AUDIT_DROP
  .IP
-iptables \-A AUDIT_DROP \-j AUDIT \-\-type drop
+iptables \-A AUDIT_DROP \-j AUDIT
  .IP
  iptables \-A AUDIT_DROP \-j DROP
author	Phil Sutter <phil@nwl.cc>
	Thu, 21 Feb 2019 14:38:47 +0000 (15:38 +0100)
committer	Florian Westphal <fw@strlen.de>
	Fri, 22 Feb 2019 16:00:44 +0000 (17:00 +0100)