Revision | a74e727c7fd6c02bf886dbccb61bfca1259754af (tree) |
---|---|
Time | 2013-04-08 15:23:30 |
Author | Akihiro MOTOKI <amotoki@gmai...> |
Commiter | Akihiro MOTOKI |
iptables: Convert PO files to PO files per roff page
@@ -1,28 +0,0 @@ | ||
1 | -[po_directory] po4a/cmd | |
2 | - | |
3 | -[type: man] original/man8/ip6tables-restore.8 $lang:draft/man8/ip6tables-restore.8 \ | |
4 | - add_$lang:?po4a/add_$lang/copyright/ip6tables-restore.8.txt | |
5 | - | |
6 | -[type: man] original/man8/ip6tables-save.8 $lang:draft/man8/ip6tables-save.8 \ | |
7 | - add_$lang:?po4a/add_$lang/copyright/ip6tables-save.8.txt | |
8 | - | |
9 | -[type: man] original/man8/ip6tables.8 $lang:draft/man8/ip6tables.8 \ | |
10 | - add_$lang:?po4a/add_$lang/copyright/ip6tables.8.txt | |
11 | - | |
12 | -[type: man] original/man8/iptables-restore.8 $lang:draft/man8/iptables-restore.8 \ | |
13 | - add_$lang:?po4a/add_$lang/copyright/iptables-restore.8.txt | |
14 | - | |
15 | -[type: man] original/man8/iptables-save.8 $lang:draft/man8/iptables-save.8 \ | |
16 | - add_$lang:?po4a/add_$lang/copyright/iptables-save.8.txt | |
17 | - | |
18 | -[type: man] original/man8/iptables.8 $lang:draft/man8/iptables.8 \ | |
19 | - add_$lang:?po4a/add_$lang/copyright/iptables.8.txt | |
20 | - | |
21 | -[type: man] original/man8/iptables-extensions.8 $lang:draft/man8/iptables-extensions.8 \ | |
22 | - add_$lang:?po4a/add_$lang/copyright/iptables-extensions.8.txt | |
23 | - | |
24 | -[type: man] original/man8/iptables-apply.8 $lang:draft/man8/iptables-apply.8 \ | |
25 | - add_$lang:?po4a/add_$lang/copyright/iptables-apply.8.txt | |
26 | - | |
27 | -[type: man] original/man1/iptables-xml.1 $lang:draft/man1/iptables-xml.1 \ | |
28 | - add_$lang:?po4a/add_$lang/copyright/iptables-xml.1.txt |
@@ -1,8698 +0,0 @@ | ||
1 | -# SOME DESCRIPTIVE TITLE | |
2 | -# Copyright (C) YEAR Free Software Foundation, Inc. | |
3 | -# This file is distributed under the same license as the PACKAGE package. | |
4 | -# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. | |
5 | -# | |
6 | -#, fuzzy | |
7 | -msgid "" | |
8 | -msgstr "" | |
9 | -"Project-Id-Version: PACKAGE VERSION\n" | |
10 | -"POT-Creation-Date: 2013-04-03 12:30+0900\n" | |
11 | -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" | |
12 | -"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" | |
13 | -"Language-Team: LANGUAGE <LL@li.org>\n" | |
14 | -"Language: \n" | |
15 | -"MIME-Version: 1.0\n" | |
16 | -"Content-Type: text/plain; charset=CHARSET\n" | |
17 | -"Content-Transfer-Encoding: 8bit\n" | |
18 | - | |
19 | -#. type: TH | |
20 | -#: original/man8/ip6tables-restore.8:1 | |
21 | -#, no-wrap | |
22 | -msgid "IP6TABLES-RESTORE" | |
23 | -msgstr "" | |
24 | - | |
25 | -#. type: TH | |
26 | -#: original/man8/ip6tables-restore.8:1 original/man8/ip6tables-save.8:1 | |
27 | -#, no-wrap | |
28 | -msgid "Jan 30, 2002" | |
29 | -msgstr "" | |
30 | - | |
31 | -# | |
32 | -#. Man page written by Sam Liddicott <azez@ufomechanic.net> | |
33 | -#. It is based on the iptables-save man page. | |
34 | -# | |
35 | -#. This program is free software; you can redistribute it and/or modify | |
36 | -#. it under the terms of the GNU General Public License as published by | |
37 | -#. the Free Software Foundation; either version 2 of the License, or | |
38 | -#. (at your option) any later version. | |
39 | -# | |
40 | -#. This program is distributed in the hope that it will be useful, | |
41 | -#. but WITHOUT ANY WARRANTY; without even the implied warranty of | |
42 | -#. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
43 | -#. GNU General Public License for more details. | |
44 | -# | |
45 | -#. You should have received a copy of the GNU General Public License | |
46 | -#. along with this program; if not, write to the Free Software | |
47 | -#. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | |
48 | -#. type: SH | |
49 | -#: original/man8/ip6tables-restore.8:21 original/man8/ip6tables-save.8:21 original/man8/ip6tables.8:27 original/man8/iptables-restore.8:21 original/man8/iptables-save.8:21 original/man8/iptables.8:25 original/man8/iptables-extensions.8:2 original/man8/iptables-apply.8:8 original/man1/iptables-xml.1:21 | |
50 | -#, no-wrap | |
51 | -msgid "NAME" | |
52 | -msgstr "" | |
53 | - | |
54 | -#. type: Plain text | |
55 | -#: original/man8/ip6tables-restore.8:23 | |
56 | -msgid "ip6tables-restore \\(em Restore IPv6 Tables" | |
57 | -msgstr "" | |
58 | - | |
59 | -#. type: SH | |
60 | -#: original/man8/ip6tables-restore.8:23 original/man8/ip6tables-save.8:23 original/man8/ip6tables.8:29 original/man8/iptables-restore.8:23 original/man8/iptables-save.8:23 original/man8/iptables.8:27 original/man8/iptables-extensions.8:4 original/man8/iptables-apply.8:10 original/man1/iptables-xml.1:23 | |
61 | -#, no-wrap | |
62 | -msgid "SYNOPSIS" | |
63 | -msgstr "" | |
64 | - | |
65 | -#. type: Plain text | |
66 | -#: original/man8/ip6tables-restore.8:26 | |
67 | -msgid "B<ip6tables-restore> [B<-chntv>] [B<-M> I<modprobe>] [B<-T> I<name>]" | |
68 | -msgstr "" | |
69 | - | |
70 | -#. type: SH | |
71 | -#: original/man8/ip6tables-restore.8:26 original/man8/ip6tables-save.8:26 original/man8/ip6tables.8:55 original/man8/iptables-restore.8:26 original/man8/iptables-save.8:26 original/man8/iptables.8:54 original/man8/iptables-apply.8:12 original/man1/iptables-xml.1:25 | |
72 | -#, no-wrap | |
73 | -msgid "DESCRIPTION" | |
74 | -msgstr "" | |
75 | - | |
76 | -#. type: Plain text | |
77 | -#: original/man8/ip6tables-restore.8:31 | |
78 | -msgid "" | |
79 | -"B<ip6tables-restore> is used to restore IPv6 Tables from data specified on " | |
80 | -"STDIN. Use I/O redirection provided by your shell to read from a file" | |
81 | -msgstr "" | |
82 | - | |
83 | -#. type: TP | |
84 | -#: original/man8/ip6tables-restore.8:31 original/man8/ip6tables-save.8:35 original/man8/iptables-restore.8:31 original/man8/iptables-save.8:35 | |
85 | -#, no-wrap | |
86 | -msgid "B<-c>, B<--counters>" | |
87 | -msgstr "" | |
88 | - | |
89 | -#. type: Plain text | |
90 | -#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34 | |
91 | -msgid "restore the values of all packet and byte counters" | |
92 | -msgstr "" | |
93 | - | |
94 | -#. type: TP | |
95 | -#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34 original/man8/iptables-apply.8:28 | |
96 | -#, no-wrap | |
97 | -msgid "B<-h>, B<--help>" | |
98 | -msgstr "" | |
99 | - | |
100 | -#. type: Plain text | |
101 | -#: original/man8/ip6tables-restore.8:37 original/man8/iptables-restore.8:37 | |
102 | -msgid "Print a short option summary." | |
103 | -msgstr "" | |
104 | - | |
105 | -#. type: TP | |
106 | -#: original/man8/ip6tables-restore.8:37 original/man8/iptables-restore.8:37 | |
107 | -#, no-wrap | |
108 | -msgid "B<-n>, B<--noflush> " | |
109 | -msgstr "" | |
110 | - | |
111 | -#. type: Plain text | |
112 | -#: original/man8/ip6tables-restore.8:42 | |
113 | -msgid "" | |
114 | -"don't flush the previous contents of the table. If not specified, " | |
115 | -"B<ip6tables-restore> flushes (deletes) all previous contents of the " | |
116 | -"respective table." | |
117 | -msgstr "" | |
118 | - | |
119 | -#. type: TP | |
120 | -#: original/man8/ip6tables-restore.8:42 original/man8/iptables-restore.8:42 | |
121 | -#, no-wrap | |
122 | -msgid "B<-t>, B<--test>" | |
123 | -msgstr "" | |
124 | - | |
125 | -#. type: Plain text | |
126 | -#: original/man8/ip6tables-restore.8:45 original/man8/iptables-restore.8:45 | |
127 | -msgid "Only parse and construct the ruleset, but do not commit it." | |
128 | -msgstr "" | |
129 | - | |
130 | -#. type: TP | |
131 | -#: original/man8/ip6tables-restore.8:45 original/man8/ip6tables.8:355 original/man8/iptables-restore.8:45 original/man8/iptables.8:343 original/man1/iptables-xml.1:38 | |
132 | -#, no-wrap | |
133 | -msgid "B<-v>, B<--verbose>" | |
134 | -msgstr "" | |
135 | - | |
136 | -#. type: Plain text | |
137 | -#: original/man8/ip6tables-restore.8:48 original/man8/iptables-restore.8:48 | |
138 | -msgid "Print additional debug info during ruleset processing." | |
139 | -msgstr "" | |
140 | - | |
141 | -#. type: TP | |
142 | -#: original/man8/ip6tables-restore.8:48 original/man8/iptables-restore.8:48 | |
143 | -#, no-wrap | |
144 | -msgid "B<-M>, B<--modprobe> I<modprobe_program>" | |
145 | -msgstr "" | |
146 | - | |
147 | -#. type: Plain text | |
148 | -#: original/man8/ip6tables-restore.8:52 | |
149 | -msgid "" | |
150 | -"Specify the path to the modprobe program. By default, ip6tables-restore will " | |
151 | -"inspect /proc/sys/kernel/modprobe to determine the executable's path." | |
152 | -msgstr "" | |
153 | - | |
154 | -#. type: TP | |
155 | -#: original/man8/ip6tables-restore.8:52 original/man8/iptables-restore.8:52 | |
156 | -#, no-wrap | |
157 | -msgid "B<-T>, B<--table> I<name>" | |
158 | -msgstr "" | |
159 | - | |
160 | -#. type: Plain text | |
161 | -#: original/man8/ip6tables-restore.8:57 | |
162 | -msgid "" | |
163 | -"Restore only the named table even if the input stream contains other ones. " | |
164 | -"B<ip6tables-restore> flushes (deletes) all previous contents of the " | |
165 | -"respective IPv6 Table." | |
166 | -msgstr "" | |
167 | - | |
168 | -#. type: SH | |
169 | -#: original/man8/ip6tables-restore.8:57 original/man8/ip6tables-save.8:42 original/man8/ip6tables.8:395 original/man8/iptables-restore.8:55 original/man8/iptables-save.8:42 original/man8/iptables.8:383 original/man1/iptables-xml.1:82 | |
170 | -#, no-wrap | |
171 | -msgid "BUGS" | |
172 | -msgstr "" | |
173 | - | |
174 | -#. type: Plain text | |
175 | -#: original/man8/ip6tables-restore.8:59 original/man8/ip6tables-save.8:44 original/man8/iptables-restore.8:57 original/man8/iptables-save.8:44 | |
176 | -msgid "None known as of iptables-1.2.1 release" | |
177 | -msgstr "" | |
178 | - | |
179 | -#. type: SH | |
180 | -#: original/man8/ip6tables-restore.8:59 original/man8/ip6tables-save.8:44 original/man8/ip6tables.8:430 original/man8/iptables.8:429 | |
181 | -#, no-wrap | |
182 | -msgid "AUTHORS" | |
183 | -msgstr "" | |
184 | - | |
185 | -#. type: Plain text | |
186 | -#: original/man8/ip6tables-restore.8:61 original/man8/ip6tables-save.8:46 original/man8/iptables-restore.8:59 original/man8/iptables-save.8:46 | |
187 | -msgid "Harald Welte E<lt>laforge@gnumonks.orgE<gt>" | |
188 | -msgstr "" | |
189 | - | |
190 | -#. type: Plain text | |
191 | -#: original/man8/ip6tables-restore.8:63 original/man8/ip6tables-save.8:48 | |
192 | -msgid "Andras Kis-Szabo E<lt>kisza@sch.bme.huE<gt>" | |
193 | -msgstr "" | |
194 | - | |
195 | -#. type: SH | |
196 | -#: original/man8/ip6tables-restore.8:63 original/man8/ip6tables-save.8:48 original/man8/ip6tables.8:412 original/man8/iptables-restore.8:59 original/man8/iptables-save.8:46 original/man8/iptables.8:411 original/man8/iptables-apply.8:34 original/man1/iptables-xml.1:86 | |
197 | -#, no-wrap | |
198 | -msgid "SEE ALSO" | |
199 | -msgstr "" | |
200 | - | |
201 | -#. type: Plain text | |
202 | -#: original/man8/ip6tables-restore.8:65 | |
203 | -msgid "B<ip6tables-save>(8), B<ip6tables>(8)" | |
204 | -msgstr "" | |
205 | - | |
206 | -#. type: Plain text | |
207 | -#: original/man8/ip6tables-restore.8:68 original/man8/ip6tables-save.8:53 original/man8/iptables-restore.8:64 original/man8/iptables-save.8:51 | |
208 | -msgid "" | |
209 | -"The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which " | |
210 | -"details NAT, and the netfilter-hacking-HOWTO which details the internals." | |
211 | -msgstr "" | |
212 | - | |
213 | -#. type: TH | |
214 | -#: original/man8/ip6tables-save.8:1 | |
215 | -#, no-wrap | |
216 | -msgid "IP6TABLES-SAVE" | |
217 | -msgstr "" | |
218 | - | |
219 | -#. type: Plain text | |
220 | -#: original/man8/ip6tables-save.8:23 | |
221 | -msgid "ip6tables-save \\(em dump iptables rules to stdout" | |
222 | -msgstr "" | |
223 | - | |
224 | -#. type: Plain text | |
225 | -#: original/man8/ip6tables-save.8:26 | |
226 | -msgid "B<ip6tables-save> [B<-M> I<modprobe>] [B<-c>] [B<-t> I<table>" | |
227 | -msgstr "" | |
228 | - | |
229 | -#. type: Plain text | |
230 | -#: original/man8/ip6tables-save.8:31 | |
231 | -msgid "" | |
232 | -"B<ip6tables-save> is used to dump the contents of an IPv6 Table in easily " | |
233 | -"parseable format to STDOUT. Use I/O-redirection provided by your shell to " | |
234 | -"write to a file." | |
235 | -msgstr "" | |
236 | - | |
237 | -#. type: TP | |
238 | -#: original/man8/ip6tables-save.8:31 original/man8/iptables-save.8:31 | |
239 | -#, no-wrap | |
240 | -msgid "B<-M> I<modprobe_program>" | |
241 | -msgstr "" | |
242 | - | |
243 | -#. type: Plain text | |
244 | -#: original/man8/ip6tables-save.8:35 original/man8/iptables-save.8:35 | |
245 | -msgid "" | |
246 | -"Specify the path to the modprobe program. By default, iptables-save will " | |
247 | -"inspect /proc/sys/kernel/modprobe to determine the executable's path." | |
248 | -msgstr "" | |
249 | - | |
250 | -#. type: Plain text | |
251 | -#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38 | |
252 | -msgid "include the current values of all packet and byte counters in the output" | |
253 | -msgstr "" | |
254 | - | |
255 | -#. type: TP | |
256 | -#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38 | |
257 | -#, no-wrap | |
258 | -msgid "B<-t>, B<--table> I<tablename>" | |
259 | -msgstr "" | |
260 | - | |
261 | -#. type: Plain text | |
262 | -#: original/man8/ip6tables-save.8:42 original/man8/iptables-save.8:42 | |
263 | -msgid "" | |
264 | -"restrict output to only one table. If not specified, output includes all " | |
265 | -"available tables." | |
266 | -msgstr "" | |
267 | - | |
268 | -#. type: Plain text | |
269 | -#: original/man8/ip6tables-save.8:50 | |
270 | -msgid "B<ip6tables-restore>(8), B<ip6tables>(8)" | |
271 | -msgstr "" | |
272 | - | |
273 | -#. type: TH | |
274 | -#: original/man8/ip6tables.8:1 | |
275 | -#, no-wrap | |
276 | -msgid "IP6TABLES" | |
277 | -msgstr "" | |
278 | - | |
279 | -#. type: TH | |
280 | -#: original/man8/ip6tables.8:1 original/man8/ip6tables.8:1 original/man8/iptables.8:1 original/man8/iptables.8:1 original/man8/iptables-extensions.8:1 original/man8/iptables-extensions.8:1 | |
281 | -#, no-wrap | |
282 | -msgid "iptables 1.4.18" | |
283 | -msgstr "" | |
284 | - | |
285 | -#. type: Plain text | |
286 | -#: original/man8/ip6tables.8:29 | |
287 | -msgid "ip6tables \\(em IPv6 packet filter administration" | |
288 | -msgstr "" | |
289 | - | |
290 | -#. type: Plain text | |
291 | -#: original/man8/ip6tables.8:32 | |
292 | -msgid "" | |
293 | -"B<ip6tables> [B<-t> I<table>] {B<-A>|B<-C>|B<-D>} I<chain " | |
294 | -"rule-specification> [I<options...>]" | |
295 | -msgstr "" | |
296 | - | |
297 | -#. type: Plain text | |
298 | -#: original/man8/ip6tables.8:35 | |
299 | -msgid "" | |
300 | -"B<ip6tables> [B<-t> I<table>] B<-I> I<chain> [I<rulenum>] " | |
301 | -"I<rule-specification> [I<options...>]" | |
302 | -msgstr "" | |
303 | - | |
304 | -#. type: Plain text | |
305 | -#: original/man8/ip6tables.8:38 | |
306 | -msgid "" | |
307 | -"B<ip6tables> [B<-t> I<table>] B<-R> I<chain rulenum rule-specification> " | |
308 | -"[I<options...>]" | |
309 | -msgstr "" | |
310 | - | |
311 | -#. type: Plain text | |
312 | -#: original/man8/ip6tables.8:41 | |
313 | -msgid "B<ip6tables> [B<-t> I<table>] B<-D> I<chain rulenum> [I<options...>]" | |
314 | -msgstr "" | |
315 | - | |
316 | -#. type: Plain text | |
317 | -#: original/man8/ip6tables.8:43 | |
318 | -msgid "B<ip6tables> [B<-t> I<table>] B<-S> [I<chain> [I<rulenum>]]" | |
319 | -msgstr "" | |
320 | - | |
321 | -#. type: Plain text | |
322 | -#: original/man8/ip6tables.8:46 | |
323 | -msgid "" | |
324 | -"B<ip6tables> [B<-t> I<table>] {B<-F>|B<-L>|B<-Z>} [I<chain> [I<rulenum>]] " | |
325 | -"[I<options...>]" | |
326 | -msgstr "" | |
327 | - | |
328 | -#. type: Plain text | |
329 | -#: original/man8/ip6tables.8:48 | |
330 | -msgid "B<ip6tables> [B<-t> I<table>] B<-N> I<chain>" | |
331 | -msgstr "" | |
332 | - | |
333 | -#. type: Plain text | |
334 | -#: original/man8/ip6tables.8:50 | |
335 | -msgid "B<ip6tables> [B<-t> I<table>] B<-X> [I<chain>]" | |
336 | -msgstr "" | |
337 | - | |
338 | -#. type: Plain text | |
339 | -#: original/man8/ip6tables.8:53 | |
340 | -msgid "B<ip6tables> [B<-t> I<table>] B<-P> I<chain target> [I<options...>]" | |
341 | -msgstr "" | |
342 | - | |
343 | -#. type: Plain text | |
344 | -#: original/man8/ip6tables.8:55 | |
345 | -msgid "B<ip6tables> [B<-t> I<table>] B<-E> I<old-chain-name new-chain-name>" | |
346 | -msgstr "" | |
347 | - | |
348 | -#. type: Plain text | |
349 | -#: original/man8/ip6tables.8:61 | |
350 | -msgid "" | |
351 | -"B<Ip6tables> is used to set up, maintain, and inspect the tables of IPv6 " | |
352 | -"packet filter rules in the Linux kernel. Several different tables may be " | |
353 | -"defined. Each table contains a number of built-in chains and may also " | |
354 | -"contain user-defined chains." | |
355 | -msgstr "" | |
356 | - | |
357 | -#. type: Plain text | |
358 | -#: original/man8/ip6tables.8:66 original/man8/iptables.8:65 | |
359 | -msgid "" | |
360 | -"Each chain is a list of rules which can match a set of packets. Each rule " | |
361 | -"specifies what to do with a packet that matches. This is called a `target', " | |
362 | -"which may be a jump to a user-defined chain in the same table." | |
363 | -msgstr "" | |
364 | - | |
365 | -#. type: SH | |
366 | -#: original/man8/ip6tables.8:66 original/man8/iptables.8:65 | |
367 | -#, no-wrap | |
368 | -msgid "TARGETS" | |
369 | -msgstr "" | |
370 | - | |
371 | -#. type: Plain text | |
372 | -#: original/man8/ip6tables.8:72 original/man8/iptables.8:71 | |
373 | -msgid "" | |
374 | -"A firewall rule specifies criteria for a packet and a target. If the packet " | |
375 | -"does not match, the next rule in the chain is the examined; if it does " | |
376 | -"match, then the next rule is specified by the value of the target, which can " | |
377 | -"be the name of a user-defined chain or one of the special values B<ACCEPT>, " | |
378 | -"B<DROP>, B<QUEUE> or B<RETURN>." | |
379 | -msgstr "" | |
380 | - | |
381 | -#. type: Plain text | |
382 | -#: original/man8/ip6tables.8:89 original/man8/iptables.8:88 | |
383 | -msgid "" | |
384 | -"B<ACCEPT> means to let the packet through. B<DROP> means to drop the packet " | |
385 | -"on the floor. B<QUEUE> means to pass the packet to userspace. (How the " | |
386 | -"packet can be received by a userspace process differs by the particular " | |
387 | -"queue handler. 2.4.x and 2.6.x kernels up to 2.6.13 include the B<ip_queue> " | |
388 | -"queue handler. Kernels 2.6.14 and later additionally include the " | |
389 | -"B<nfnetlink_queue> queue handler. Packets with a target of QUEUE will be " | |
390 | -"sent to queue number '0' in this case. Please also see the B<NFQUEUE> target " | |
391 | -"as described later in this man page.) B<RETURN> means stop traversing this " | |
392 | -"chain and resume at the next rule in the previous (calling) chain. If the " | |
393 | -"end of a built-in chain is reached or a rule in a built-in chain with target " | |
394 | -"B<RETURN> is matched, the target specified by the chain policy determines " | |
395 | -"the fate of the packet." | |
396 | -msgstr "" | |
397 | - | |
398 | -#. type: SH | |
399 | -#: original/man8/ip6tables.8:89 original/man8/iptables.8:88 | |
400 | -#, no-wrap | |
401 | -msgid "TABLES" | |
402 | -msgstr "" | |
403 | - | |
404 | -#. type: Plain text | |
405 | -#: original/man8/ip6tables.8:93 original/man8/iptables.8:92 | |
406 | -msgid "" | |
407 | -"There are currently five independent tables (which tables are present at any " | |
408 | -"time depends on the kernel configuration options and which modules are " | |
409 | -"present)." | |
410 | -msgstr "" | |
411 | - | |
412 | -#. type: TP | |
413 | -#: original/man8/ip6tables.8:93 original/man8/iptables.8:92 | |
414 | -#, no-wrap | |
415 | -msgid "B<-t>, B<--table> I<table>" | |
416 | -msgstr "" | |
417 | - | |
418 | -#. type: Plain text | |
419 | -#: original/man8/ip6tables.8:99 original/man8/iptables.8:98 | |
420 | -msgid "" | |
421 | -"This option specifies the packet matching table which the command should " | |
422 | -"operate on. If the kernel is configured with automatic module loading, an " | |
423 | -"attempt will be made to load the appropriate module for that table if it is " | |
424 | -"not already there." | |
425 | -msgstr "" | |
426 | - | |
427 | -#. type: Plain text | |
428 | -#: original/man8/ip6tables.8:101 original/man8/iptables.8:100 | |
429 | -msgid "The tables are as follows:" | |
430 | -msgstr "" | |
431 | - | |
432 | -#. type: TP | |
433 | -#: original/man8/ip6tables.8:102 original/man8/iptables.8:101 | |
434 | -#, no-wrap | |
435 | -msgid "B<filter>:" | |
436 | -msgstr "" | |
437 | - | |
438 | -#. type: Plain text | |
439 | -#: original/man8/ip6tables.8:108 original/man8/iptables.8:107 | |
440 | -msgid "" | |
441 | -"This is the default table (if no -t option is passed). It contains the " | |
442 | -"built-in chains B<INPUT> (for packets destined to local sockets), B<FORWARD> " | |
443 | -"(for packets being routed through the box), and B<OUTPUT> (for " | |
444 | -"locally-generated packets)." | |
445 | -msgstr "" | |
446 | - | |
447 | -#. type: TP | |
448 | -#: original/man8/ip6tables.8:108 original/man8/iptables.8:107 | |
449 | -#, no-wrap | |
450 | -msgid "B<nat>:" | |
451 | -msgstr "" | |
452 | - | |
453 | -#. type: Plain text | |
454 | -#: original/man8/ip6tables.8:115 | |
455 | -msgid "" | |
456 | -"This table is consulted when a packet that creates a new connection is " | |
457 | -"encountered. It consists of three built-ins: B<PREROUTING> (for altering " | |
458 | -"packets as soon as they come in), B<OUTPUT> (for altering locally-generated " | |
459 | -"packets before routing), and B<POSTROUTING> (for altering packets as they " | |
460 | -"are about to go out). Available since kernel 3.7." | |
461 | -msgstr "" | |
462 | - | |
463 | -#. type: TP | |
464 | -#: original/man8/ip6tables.8:115 original/man8/iptables.8:114 | |
465 | -#, no-wrap | |
466 | -msgid "B<mangle>:" | |
467 | -msgstr "" | |
468 | - | |
469 | -#. type: Plain text | |
470 | -#: original/man8/ip6tables.8:125 original/man8/iptables.8:124 | |
471 | -msgid "" | |
472 | -"This table is used for specialized packet alteration. Until kernel 2.4.17 " | |
473 | -"it had two built-in chains: B<PREROUTING> (for altering incoming packets " | |
474 | -"before routing) and B<OUTPUT> (for altering locally-generated packets before " | |
475 | -"routing). Since kernel 2.4.18, three other built-in chains are also " | |
476 | -"supported: B<INPUT> (for packets coming into the box itself), B<FORWARD> " | |
477 | -"(for altering packets being routed through the box), and B<POSTROUTING> (for " | |
478 | -"altering packets as they are about to go out)." | |
479 | -msgstr "" | |
480 | - | |
481 | -#. type: TP | |
482 | -#: original/man8/ip6tables.8:125 original/man8/iptables.8:124 | |
483 | -#, no-wrap | |
484 | -msgid "B<raw>:" | |
485 | -msgstr "" | |
486 | - | |
487 | -#. type: Plain text | |
488 | -#: original/man8/ip6tables.8:133 original/man8/iptables.8:132 | |
489 | -msgid "" | |
490 | -"This table is used mainly for configuring exemptions from connection " | |
491 | -"tracking in combination with the NOTRACK target. It registers at the " | |
492 | -"netfilter hooks with higher priority and is thus called before ip_conntrack, " | |
493 | -"or any other IP tables. It provides the following built-in chains: " | |
494 | -"B<PREROUTING> (for packets arriving via any network interface) B<OUTPUT> " | |
495 | -"(for packets generated by local processes)" | |
496 | -msgstr "" | |
497 | - | |
498 | -#. type: TP | |
499 | -#: original/man8/ip6tables.8:133 original/man8/iptables.8:132 | |
500 | -#, no-wrap | |
501 | -msgid "B<security>:" | |
502 | -msgstr "" | |
503 | - | |
504 | -#. type: Plain text | |
505 | -#: original/man8/ip6tables.8:144 original/man8/iptables.8:143 | |
506 | -msgid "" | |
507 | -"This table is used for Mandatory Access Control (MAC) networking rules, such " | |
508 | -"as those enabled by the B<SECMARK> and B<CONNSECMARK> targets. Mandatory " | |
509 | -"Access Control is implemented by Linux Security Modules such as SELinux. " | |
510 | -"The security table is called after the filter table, allowing any " | |
511 | -"Discretionary Access Control (DAC) rules in the filter table to take effect " | |
512 | -"before MAC rules. This table provides the following built-in chains: " | |
513 | -"B<INPUT> (for packets coming into the box itself), B<OUTPUT> (for altering " | |
514 | -"locally-generated packets before routing), and B<FORWARD> (for altering " | |
515 | -"packets being routed through the box)." | |
516 | -msgstr "" | |
517 | - | |
518 | -#. type: SH | |
519 | -#: original/man8/ip6tables.8:145 original/man8/iptables.8:144 original/man8/iptables-apply.8:23 | |
520 | -#, no-wrap | |
521 | -msgid "OPTIONS" | |
522 | -msgstr "" | |
523 | - | |
524 | -#. type: Plain text | |
525 | -#: original/man8/ip6tables.8:148 | |
526 | -msgid "" | |
527 | -"The options that are recognized by B<ip6tables> can be divided into several " | |
528 | -"different groups." | |
529 | -msgstr "" | |
530 | - | |
531 | -#. type: SS | |
532 | -#: original/man8/ip6tables.8:148 original/man8/iptables.8:147 | |
533 | -#, no-wrap | |
534 | -msgid "COMMANDS" | |
535 | -msgstr "" | |
536 | - | |
537 | -#. type: Plain text | |
538 | -#: original/man8/ip6tables.8:154 | |
539 | -msgid "" | |
540 | -"These options specify the specific action to perform. Only one of them can " | |
541 | -"be specified on the command line unless otherwise specified below. For all " | |
542 | -"the long versions of the command and option names, you need to use only " | |
543 | -"enough letters to ensure that B<ip6tables> can differentiate it from all " | |
544 | -"other options." | |
545 | -msgstr "" | |
546 | - | |
547 | -#. type: TP | |
548 | -#: original/man8/ip6tables.8:154 original/man8/ip6tables.8:237 original/man8/iptables.8:153 | |
549 | -#, no-wrap | |
550 | -msgid "B<-A>, B<--append> I<chain rule-specification>" | |
551 | -msgstr "" | |
552 | - | |
553 | -#. type: Plain text | |
554 | -#: original/man8/ip6tables.8:159 original/man8/ip6tables.8:242 original/man8/iptables.8:158 | |
555 | -msgid "" | |
556 | -"Append one or more rules to the end of the selected chain. When the source " | |
557 | -"and/or destination names resolve to more than one address, a rule will be " | |
558 | -"added for each possible address combination." | |
559 | -msgstr "" | |
560 | - | |
561 | -#. type: TP | |
562 | -#: original/man8/ip6tables.8:159 original/man8/iptables.8:158 | |
563 | -#, no-wrap | |
564 | -msgid "B<-C>, B<--check> I<chain rule-specification>" | |
565 | -msgstr "" | |
566 | - | |
567 | -#. type: Plain text | |
568 | -#: original/man8/ip6tables.8:165 original/man8/iptables.8:164 | |
569 | -msgid "" | |
570 | -"Check whether a rule matching the specification does exist in the selected " | |
571 | -"chain. This command uses the same logic as B<-D> to find a matching entry, " | |
572 | -"but does not alter the existing iptables configuration and uses its exit " | |
573 | -"code to indicate success or failure." | |
574 | -msgstr "" | |
575 | - | |
576 | -#. type: TP | |
577 | -#: original/man8/ip6tables.8:165 original/man8/iptables.8:164 | |
578 | -#, no-wrap | |
579 | -msgid "B<-D>, B<--delete> I<chain rule-specification>" | |
580 | -msgstr "" | |
581 | - | |
582 | -#. type: TP | |
583 | -#: original/man8/ip6tables.8:168 original/man8/iptables.8:167 | |
584 | -#, no-wrap | |
585 | -msgid "B<-D>, B<--delete> I<chain rulenum>" | |
586 | -msgstr "" | |
587 | - | |
588 | -#. type: Plain text | |
589 | -#: original/man8/ip6tables.8:173 original/man8/iptables.8:172 | |
590 | -msgid "" | |
591 | -"Delete one or more rules from the selected chain. There are two versions of " | |
592 | -"this command: the rule can be specified as a number in the chain (starting " | |
593 | -"at 1 for the first rule) or a rule to match." | |
594 | -msgstr "" | |
595 | - | |
596 | -#. type: TP | |
597 | -#: original/man8/ip6tables.8:173 original/man8/iptables.8:172 | |
598 | -#, no-wrap | |
599 | -msgid "B<-I>, B<--insert> I<chain> [I<rulenum>] I<rule-specification>" | |
600 | -msgstr "" | |
601 | - | |
602 | -#. type: Plain text | |
603 | -#: original/man8/ip6tables.8:179 original/man8/iptables.8:178 | |
604 | -msgid "" | |
605 | -"Insert one or more rules in the selected chain as the given rule number. " | |
606 | -"So, if the rule number is 1, the rule or rules are inserted at the head of " | |
607 | -"the chain. This is also the default if no rule number is specified." | |
608 | -msgstr "" | |
609 | - | |
610 | -#. type: TP | |
611 | -#: original/man8/ip6tables.8:179 original/man8/iptables.8:178 | |
612 | -#, no-wrap | |
613 | -msgid "B<-R>, B<--replace> I<chain rulenum rule-specification>" | |
614 | -msgstr "" | |
615 | - | |
616 | -#. type: Plain text | |
617 | -#: original/man8/ip6tables.8:184 original/man8/iptables.8:183 | |
618 | -msgid "" | |
619 | -"Replace a rule in the selected chain. If the source and/or destination " | |
620 | -"names resolve to multiple addresses, the command will fail. Rules are " | |
621 | -"numbered starting at 1." | |
622 | -msgstr "" | |
623 | - | |
624 | -#. type: TP | |
625 | -#: original/man8/ip6tables.8:184 original/man8/iptables.8:183 | |
626 | -#, no-wrap | |
627 | -msgid "B<-L>, B<--list> [I<chain>]" | |
628 | -msgstr "" | |
629 | - | |
630 | -#. type: Plain text | |
631 | -#: original/man8/ip6tables.8:189 | |
632 | -msgid "" | |
633 | -"List all rules in the selected chain. If no chain is selected, all chains " | |
634 | -"are listed. Like every other ip6tables command, it applies to the specified " | |
635 | -"table (filter is the default)." | |
636 | -msgstr "" | |
637 | - | |
638 | -#. type: Plain text | |
639 | -#: original/man8/ip6tables.8:196 original/man8/iptables.8:197 | |
640 | -msgid "" | |
641 | -"Please note that it is often used with the B<-n> option, in order to avoid " | |
642 | -"long reverse DNS lookups. It is legal to specify the B<-Z> (zero) option as " | |
643 | -"well, in which case the chain(s) will be atomically listed and zeroed. The " | |
644 | -"exact output is affected by the other arguments given. The exact rules are " | |
645 | -"suppressed until you use" | |
646 | -msgstr "" | |
647 | - | |
648 | -#. type: Plain text | |
649 | -#: original/man8/ip6tables.8:198 | |
650 | -#, no-wrap | |
651 | -msgid " ip6tables -L -v\n" | |
652 | -msgstr "" | |
653 | - | |
654 | -#. type: TP | |
655 | -#: original/man8/ip6tables.8:199 original/man8/iptables.8:200 | |
656 | -#, no-wrap | |
657 | -msgid "B<-S>, B<--list-rules> [I<chain>]" | |
658 | -msgstr "" | |
659 | - | |
660 | -#. type: Plain text | |
661 | -#: original/man8/ip6tables.8:204 | |
662 | -msgid "" | |
663 | -"Print all rules in the selected chain. If no chain is selected, all chains " | |
664 | -"are printed like ip6tables-save. Like every other ip6tables command, it " | |
665 | -"applies to the specified table (filter is the default)." | |
666 | -msgstr "" | |
667 | - | |
668 | -#. type: TP | |
669 | -#: original/man8/ip6tables.8:204 original/man8/iptables.8:205 | |
670 | -#, no-wrap | |
671 | -msgid "B<-F>, B<--flush> [I<chain>]" | |
672 | -msgstr "" | |
673 | - | |
674 | -#. type: Plain text | |
675 | -#: original/man8/ip6tables.8:208 original/man8/iptables.8:209 | |
676 | -msgid "" | |
677 | -"Flush the selected chain (all the chains in the table if none is given). " | |
678 | -"This is equivalent to deleting all the rules one by one." | |
679 | -msgstr "" | |
680 | - | |
681 | -#. type: TP | |
682 | -#: original/man8/ip6tables.8:208 original/man8/iptables.8:209 | |
683 | -#, no-wrap | |
684 | -msgid "B<-Z>, B<--zero> [I<chain> [I<rulenum>]]" | |
685 | -msgstr "" | |
686 | - | |
687 | -#. type: Plain text | |
688 | -#: original/man8/ip6tables.8:216 original/man8/iptables.8:217 | |
689 | -msgid "" | |
690 | -"Zero the packet and byte counters in all chains, or only the given chain, or " | |
691 | -"only the given rule in a chain. It is legal to specify the B<-L>, B<--list> " | |
692 | -"(list) option as well, to see the counters immediately before they are " | |
693 | -"cleared. (See above.)" | |
694 | -msgstr "" | |
695 | - | |
696 | -#. type: TP | |
697 | -#: original/man8/ip6tables.8:216 original/man8/iptables.8:217 | |
698 | -#, no-wrap | |
699 | -msgid "B<-N>, B<--new-chain> I<chain>" | |
700 | -msgstr "" | |
701 | - | |
702 | -#. type: Plain text | |
703 | -#: original/man8/ip6tables.8:220 original/man8/iptables.8:221 | |
704 | -msgid "" | |
705 | -"Create a new user-defined chain by the given name. There must be no target " | |
706 | -"of that name already." | |
707 | -msgstr "" | |
708 | - | |
709 | -#. type: TP | |
710 | -#: original/man8/ip6tables.8:220 original/man8/iptables.8:221 | |
711 | -#, no-wrap | |
712 | -msgid "B<-X>, B<--delete-chain> [I<chain>]" | |
713 | -msgstr "" | |
714 | - | |
715 | -#. type: Plain text | |
716 | -#: original/man8/ip6tables.8:227 original/man8/iptables.8:228 | |
717 | -msgid "" | |
718 | -"Delete the optional user-defined chain specified. There must be no " | |
719 | -"references to the chain. If there are, you must delete or replace the " | |
720 | -"referring rules before the chain can be deleted. The chain must be empty, " | |
721 | -"i.e. not contain any rules. If no argument is given, it will attempt to " | |
722 | -"delete every non-builtin chain in the table." | |
723 | -msgstr "" | |
724 | - | |
725 | -#. type: TP | |
726 | -#: original/man8/ip6tables.8:227 original/man8/iptables.8:228 | |
727 | -#, no-wrap | |
728 | -msgid "B<-P>, B<--policy> I<chain target>" | |
729 | -msgstr "" | |
730 | - | |
731 | -#. type: Plain text | |
732 | -#: original/man8/ip6tables.8:233 original/man8/iptables.8:234 | |
733 | -msgid "" | |
734 | -"Set the policy for the chain to the given target. See the section " | |
735 | -"B<TARGETS> for the legal targets. Only built-in (non-user-defined) chains " | |
736 | -"can have policies, and neither built-in nor user-defined chains can be " | |
737 | -"policy targets." | |
738 | -msgstr "" | |
739 | - | |
740 | -#. type: TP | |
741 | -#: original/man8/ip6tables.8:233 original/man8/iptables.8:234 | |
742 | -#, no-wrap | |
743 | -msgid "B<-E>, B<--rename-chain> I<old-chain new-chain>" | |
744 | -msgstr "" | |
745 | - | |
746 | -#. type: Plain text | |
747 | -#: original/man8/ip6tables.8:237 original/man8/iptables.8:238 | |
748 | -msgid "" | |
749 | -"Rename the user specified chain to the user supplied name. This is " | |
750 | -"cosmetic, and has no effect on the structure of the table." | |
751 | -msgstr "" | |
752 | - | |
753 | -#. type: TP | |
754 | -#: original/man8/ip6tables.8:242 original/man8/iptables.8:238 | |
755 | -#, no-wrap | |
756 | -msgid "B<-h>" | |
757 | -msgstr "" | |
758 | - | |
759 | -#. type: Plain text | |
760 | -#: original/man8/ip6tables.8:246 original/man8/iptables.8:242 | |
761 | -msgid "Help. Give a (currently very brief) description of the command syntax." | |
762 | -msgstr "" | |
763 | - | |
764 | -#. type: SS | |
765 | -#: original/man8/ip6tables.8:246 original/man8/iptables.8:242 | |
766 | -#, no-wrap | |
767 | -msgid "PARAMETERS" | |
768 | -msgstr "" | |
769 | - | |
770 | -#. type: Plain text | |
771 | -#: original/man8/ip6tables.8:249 original/man8/iptables.8:245 | |
772 | -msgid "" | |
773 | -"The following parameters make up a rule specification (as used in the add, " | |
774 | -"delete, insert, replace and append commands)." | |
775 | -msgstr "" | |
776 | - | |
777 | -#. type: TP | |
778 | -#: original/man8/ip6tables.8:249 original/man8/iptables.8:245 | |
779 | -#, no-wrap | |
780 | -msgid "B<-4>, B<--ipv4>" | |
781 | -msgstr "" | |
782 | - | |
783 | -#. type: Plain text | |
784 | -#: original/man8/ip6tables.8:255 | |
785 | -msgid "" | |
786 | -"If a rule using the B<-4> option is inserted with (and only with) " | |
787 | -"ip6tables-restore, it will be silently ignored. Any other uses will throw an " | |
788 | -"error. This option allows to put both IPv4 and IPv6 rules in a single rule " | |
789 | -"file for use with both iptables-restore and ip6tables-restore." | |
790 | -msgstr "" | |
791 | - | |
792 | -#. type: TP | |
793 | -#: original/man8/ip6tables.8:255 original/man8/iptables.8:248 | |
794 | -#, no-wrap | |
795 | -msgid "B<-6>, B<--ipv6>" | |
796 | -msgstr "" | |
797 | - | |
798 | -#. type: Plain text | |
799 | -#: original/man8/ip6tables.8:258 | |
800 | -msgid "This option has no effect in ip6tables and ip6tables-restore." | |
801 | -msgstr "" | |
802 | - | |
803 | -#. type: TP | |
804 | -#: original/man8/ip6tables.8:258 original/man8/iptables.8:254 | |
805 | -#, no-wrap | |
806 | -msgid "[B<!>] B<-p>, B<--protocol> I<protocol>" | |
807 | -msgstr "" | |
808 | - | |
809 | -#. type: Plain text | |
810 | -#: original/man8/ip6tables.8:276 | |
811 | -msgid "" | |
812 | -"The protocol of the rule or of the packet to check. The specified protocol " | |
813 | -"can be one of B<tcp>, B<udp>, B<udplite>, B<icmpv6>, B<esp>, B<mh> or the " | |
814 | -"special keyword \"B<all>\", or it can be a numeric value, representing one " | |
815 | -"of these protocols or a different one. A protocol name from /etc/protocols " | |
816 | -"is also allowed. But IPv6 extension headers except B<esp> are not allowed. " | |
817 | -"B<esp> and B<ipv6-nonext> can be used with Kernel version 2.6.11 or later. " | |
818 | -"A \"!\" argument before the protocol inverts the test. The number zero is " | |
819 | -"equivalent to B<all>, which means that you cannot test the protocol field " | |
820 | -"for the value 0 directly. To match on a HBH header, even if it were the " | |
821 | -"last, you cannot use B<-p 0>, but always need B<-m hbh>. \"B<all>\" will " | |
822 | -"match with all protocols and is taken as default when this option is " | |
823 | -"omitted." | |
824 | -msgstr "" | |
825 | - | |
826 | -#. type: TP | |
827 | -#: original/man8/ip6tables.8:276 | |
828 | -#, no-wrap | |
829 | -msgid "[B<!>] B<-s>, B<--source> I<address>[B</>I<mask>]" | |
830 | -msgstr "" | |
831 | - | |
832 | -#. type: Plain text | |
833 | -#: original/man8/ip6tables.8:293 | |
834 | -msgid "" | |
835 | -"Source specification. I<Address> can be either be a hostname, a network IP " | |
836 | -"address (with B</>I<mask>), or a plain IP address. Names will be resolved " | |
837 | -"once only, before the rule is submitted to the kernel. Please note that " | |
838 | -"specifying any name to be resolved with a remote query such as DNS is a " | |
839 | -"really bad idea. (Resolving network names is not supported at this time.) " | |
840 | -"The I<mask> is a plain number, specifying the number of 1's at the left side " | |
841 | -"of the network mask. A \"!\" argument before the address specification " | |
842 | -"inverts the sense of the address. The flag B<--src> is an alias for this " | |
843 | -"option. Multiple addresses can be specified, but this will B<expand to " | |
844 | -"multiple rules> (when adding with -A), or will cause multiple rules to be " | |
845 | -"deleted (with -D)." | |
846 | -msgstr "" | |
847 | - | |
848 | -#. type: TP | |
849 | -#: original/man8/ip6tables.8:293 | |
850 | -#, no-wrap | |
851 | -msgid "[B<!>] B<-d>, B<--destination> I<address>[B</>I<mask>]" | |
852 | -msgstr "" | |
853 | - | |
854 | -#. type: Plain text | |
855 | -#: original/man8/ip6tables.8:299 original/man8/iptables.8:288 | |
856 | -msgid "" | |
857 | -"Destination specification. See the description of the B<-s> (source) flag " | |
858 | -"for a detailed description of the syntax. The flag B<--dst> is an alias for " | |
859 | -"this option." | |
860 | -msgstr "" | |
861 | - | |
862 | -#. type: TP | |
863 | -#: original/man8/ip6tables.8:299 original/man8/iptables.8:288 | |
864 | -#, no-wrap | |
865 | -msgid "B<-m>, B<--match> I<match>" | |
866 | -msgstr "" | |
867 | - | |
868 | -#. type: Plain text | |
869 | -#: original/man8/ip6tables.8:306 original/man8/iptables.8:295 | |
870 | -msgid "" | |
871 | -"Specifies a match to use, that is, an extension module that tests for a " | |
872 | -"specific property. The set of matches make up the condition under which a " | |
873 | -"target is invoked. Matches are evaluated first to last as specified on the " | |
874 | -"command line and work in short-circuit fashion, i.e. if one extension yields " | |
875 | -"false, evaluation will stop." | |
876 | -msgstr "" | |
877 | - | |
878 | -#. type: TP | |
879 | -#: original/man8/ip6tables.8:306 original/man8/iptables.8:295 | |
880 | -#, no-wrap | |
881 | -msgid "B<-j>, B<--jump> I<target>" | |
882 | -msgstr "" | |
883 | - | |
884 | -#. type: Plain text | |
885 | -#: original/man8/ip6tables.8:317 original/man8/iptables.8:306 | |
886 | -msgid "" | |
887 | -"This specifies the target of the rule; i.e., what to do if the packet " | |
888 | -"matches it. The target can be a user-defined chain (other than the one this " | |
889 | -"rule is in), one of the special builtin targets which decide the fate of the " | |
890 | -"packet immediately, or an extension (see B<EXTENSIONS> below). If this " | |
891 | -"option is omitted in a rule (and B<-g> is not used), then matching the rule " | |
892 | -"will have no effect on the packet's fate, but the counters on the rule will " | |
893 | -"be incremented." | |
894 | -msgstr "" | |
895 | - | |
896 | -#. type: TP | |
897 | -#: original/man8/ip6tables.8:317 original/man8/iptables.8:306 | |
898 | -#, no-wrap | |
899 | -msgid "B<-g>, B<--goto> I<chain>" | |
900 | -msgstr "" | |
901 | - | |
902 | -#. type: Plain text | |
903 | -#: original/man8/ip6tables.8:323 original/man8/iptables.8:312 | |
904 | -msgid "" | |
905 | -"This specifies that the processing should continue in a user specified " | |
906 | -"chain. Unlike the --jump option return will not continue processing in this " | |
907 | -"chain but instead in the chain that called us via --jump." | |
908 | -msgstr "" | |
909 | - | |
910 | -#. type: TP | |
911 | -#: original/man8/ip6tables.8:323 original/man8/iptables.8:312 | |
912 | -#, no-wrap | |
913 | -msgid "[B<!>] B<-i>, B<--in-interface> I<name>" | |
914 | -msgstr "" | |
915 | - | |
916 | -#. type: Plain text | |
917 | -#: original/man8/ip6tables.8:331 original/man8/iptables.8:320 | |
918 | -msgid "" | |
919 | -"Name of an interface via which a packet was received (only for packets " | |
920 | -"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). When the \"!\" " | |
921 | -"argument is used before the interface name, the sense is inverted. If the " | |
922 | -"interface name ends in a \"+\", then any interface which begins with this " | |
923 | -"name will match. If this option is omitted, any interface name will match." | |
924 | -msgstr "" | |
925 | - | |
926 | -#. type: TP | |
927 | -#: original/man8/ip6tables.8:331 original/man8/iptables.8:320 | |
928 | -#, no-wrap | |
929 | -msgid "[B<!>] B<-o>, B<--out-interface> I<name>" | |
930 | -msgstr "" | |
931 | - | |
932 | -#. type: Plain text | |
933 | -#: original/man8/ip6tables.8:348 original/man8/iptables.8:328 | |
934 | -msgid "" | |
935 | -"Name of an interface via which a packet is going to be sent (for packets " | |
936 | -"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). When the " | |
937 | -"\"!\" argument is used before the interface name, the sense is inverted. If " | |
938 | -"the interface name ends in a \"+\", then any interface which begins with " | |
939 | -"this name will match. If this option is omitted, any interface name will " | |
940 | -"match." | |
941 | -msgstr "" | |
942 | - | |
943 | -#. type: TP | |
944 | -#: original/man8/ip6tables.8:348 original/man8/iptables.8:336 | |
945 | -#, no-wrap | |
946 | -msgid "B<-c>, B<--set-counters> I<packets bytes>" | |
947 | -msgstr "" | |
948 | - | |
949 | -#. type: Plain text | |
950 | -#: original/man8/ip6tables.8:353 original/man8/iptables.8:341 | |
951 | -msgid "" | |
952 | -"This enables the administrator to initialize the packet and byte counters of " | |
953 | -"a rule (during B<INSERT>, B<APPEND>, B<REPLACE> operations)." | |
954 | -msgstr "" | |
955 | - | |
956 | -#. type: SS | |
957 | -#: original/man8/ip6tables.8:353 original/man8/iptables.8:341 | |
958 | -#, no-wrap | |
959 | -msgid "OTHER OPTIONS" | |
960 | -msgstr "" | |
961 | - | |
962 | -#. type: Plain text | |
963 | -#: original/man8/ip6tables.8:355 original/man8/iptables.8:343 | |
964 | -msgid "The following additional options can be specified:" | |
965 | -msgstr "" | |
966 | - | |
967 | -#. type: Plain text | |
968 | -#: original/man8/ip6tables.8:365 original/man8/iptables.8:353 | |
969 | -msgid "" | |
970 | -"Verbose output. This option makes the list command show the interface name, " | |
971 | -"the rule options (if any), and the TOS masks. The packet and byte counters " | |
972 | -"are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and " | |
973 | -"1,000,000,000 multipliers respectively (but see the B<-x> flag to change " | |
974 | -"this). For appending, insertion, deletion and replacement, this causes " | |
975 | -"detailed information on the rule or rules to be printed. B<-v> may be " | |
976 | -"specified multiple times to possibly emit more detailed debug statements." | |
977 | -msgstr "" | |
978 | - | |
979 | -#. type: TP | |
980 | -#: original/man8/ip6tables.8:365 original/man8/iptables.8:353 | |
981 | -#, no-wrap | |
982 | -msgid "B<-n>, B<--numeric>" | |
983 | -msgstr "" | |
984 | - | |
985 | -#. type: Plain text | |
986 | -#: original/man8/ip6tables.8:371 original/man8/iptables.8:359 | |
987 | -msgid "" | |
988 | -"Numeric output. IP addresses and port numbers will be printed in numeric " | |
989 | -"format. By default, the program will try to display them as host names, " | |
990 | -"network names, or services (whenever applicable)." | |
991 | -msgstr "" | |
992 | - | |
993 | -#. type: TP | |
994 | -#: original/man8/ip6tables.8:371 original/man8/iptables.8:359 | |
995 | -#, no-wrap | |
996 | -msgid "B<-x>, B<--exact>" | |
997 | -msgstr "" | |
998 | - | |
999 | -#. type: Plain text | |
1000 | -#: original/man8/ip6tables.8:378 original/man8/iptables.8:366 | |
1001 | -msgid "" | |
1002 | -"Expand numbers. Display the exact value of the packet and byte counters, " | |
1003 | -"instead of only the rounded number in K's (multiples of 1000) M's " | |
1004 | -"(multiples of 1000K) or G's (multiples of 1000M). This option is only " | |
1005 | -"relevant for the B<-L> command." | |
1006 | -msgstr "" | |
1007 | - | |
1008 | -#. type: TP | |
1009 | -#: original/man8/ip6tables.8:378 original/man8/iptables.8:366 | |
1010 | -#, no-wrap | |
1011 | -msgid "B<--line-numbers>" | |
1012 | -msgstr "" | |
1013 | - | |
1014 | -#. type: Plain text | |
1015 | -#: original/man8/ip6tables.8:382 original/man8/iptables.8:370 | |
1016 | -msgid "" | |
1017 | -"When listing rules, add line numbers to the beginning of each rule, " | |
1018 | -"corresponding to that rule's position in the chain." | |
1019 | -msgstr "" | |
1020 | - | |
1021 | -#. type: TP | |
1022 | -#: original/man8/ip6tables.8:382 original/man8/iptables.8:370 | |
1023 | -#, no-wrap | |
1024 | -msgid "B<--modprobe=>I<command>" | |
1025 | -msgstr "" | |
1026 | - | |
1027 | -#. type: Plain text | |
1028 | -#: original/man8/ip6tables.8:386 original/man8/iptables.8:374 | |
1029 | -msgid "" | |
1030 | -"When adding or inserting rules into a chain, use I<command> to load any " | |
1031 | -"necessary modules (targets, match extensions, etc)." | |
1032 | -msgstr "" | |
1033 | - | |
1034 | -#. type: SH | |
1035 | -#: original/man8/ip6tables.8:386 original/man8/iptables-extensions.8:10 | |
1036 | -#, no-wrap | |
1037 | -msgid "MATCH EXTENSIONS" | |
1038 | -msgstr "" | |
1039 | - | |
1040 | -#. type: Plain text | |
1041 | -#: original/man8/ip6tables.8:390 original/man8/iptables.8:378 | |
1042 | -msgid "" | |
1043 | -"iptables can use extended packet matching and target modules. A list of " | |
1044 | -"these is available in the B<iptables-extensions>(8) manpage." | |
1045 | -msgstr "" | |
1046 | - | |
1047 | -#. type: SH | |
1048 | -#: original/man8/ip6tables.8:390 original/man8/iptables.8:378 | |
1049 | -#, no-wrap | |
1050 | -msgid "DIAGNOSTICS" | |
1051 | -msgstr "" | |
1052 | - | |
1053 | -#. type: Plain text | |
1054 | -#: original/man8/ip6tables.8:395 original/man8/iptables.8:383 | |
1055 | -msgid "" | |
1056 | -"Various error messages are printed to standard error. The exit code is 0 " | |
1057 | -"for correct functioning. Errors which appear to be caused by invalid or " | |
1058 | -"abused command line parameters cause an exit code of 2, and other errors " | |
1059 | -"cause an exit code of 1." | |
1060 | -msgstr "" | |
1061 | - | |
1062 | -#. type: Plain text | |
1063 | -#: original/man8/ip6tables.8:398 | |
1064 | -msgid "Bugs? What's this? ;-) Well... the counters are not reliable on sparc64." | |
1065 | -msgstr "" | |
1066 | - | |
1067 | -#. type: SH | |
1068 | -#: original/man8/ip6tables.8:398 original/man8/iptables.8:386 | |
1069 | -#, no-wrap | |
1070 | -msgid "COMPATIBILITY WITH IPCHAINS" | |
1071 | -msgstr "" | |
1072 | - | |
1073 | -#. type: Plain text | |
1074 | -#: original/man8/ip6tables.8:407 | |
1075 | -msgid "" | |
1076 | -"This B<ip6tables> is very similar to ipchains by Rusty Russell. The main " | |
1077 | -"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for " | |
1078 | -"packets coming into the local host and originating from the local host " | |
1079 | -"respectively. Hence every packet only passes through one of the three " | |
1080 | -"chains (except loopback traffic, which involves both INPUT and OUTPUT " | |
1081 | -"chains); previously a forwarded packet would pass through all three." | |
1082 | -msgstr "" | |
1083 | - | |
1084 | -#. type: Plain text | |
1085 | -#: original/man8/ip6tables.8:412 | |
1086 | -msgid "" | |
1087 | -"The other main difference is that B<-i> refers to the input interface; B<-o> " | |
1088 | -"refers to the output interface, and both are available for packets entering " | |
1089 | -"the B<FORWARD> chain. There are several other changes in ip6tables." | |
1090 | -msgstr "" | |
1091 | - | |
1092 | -#. type: Plain text | |
1093 | -#: original/man8/ip6tables.8:421 | |
1094 | -msgid "" | |
1095 | -"B<ip6tables-save>(8), B<ip6tables-restore>(8), B<iptables>(8), " | |
1096 | -"B<iptables-apply>(8), B<iptables-extensions>(8), B<iptables-save>(8), " | |
1097 | -"B<iptables-restore>(8), B<libipq>(3)." | |
1098 | -msgstr "" | |
1099 | - | |
1100 | -#. type: Plain text | |
1101 | -#: original/man8/ip6tables.8:427 | |
1102 | -msgid "" | |
1103 | -"The packet-filtering-HOWTO details iptables usage for packet filtering, the " | |
1104 | -"netfilter-extensions-HOWTO details the extensions that are not in the " | |
1105 | -"standard distribution, and the netfilter-hacking-HOWTO details the netfilter " | |
1106 | -"internals." | |
1107 | -msgstr "" | |
1108 | - | |
1109 | -#. type: Plain text | |
1110 | -#: original/man8/ip6tables.8:430 original/man8/iptables.8:429 | |
1111 | -msgid "See B<http://www.netfilter.org/>." | |
1112 | -msgstr "" | |
1113 | - | |
1114 | -#. type: Plain text | |
1115 | -#: original/man8/ip6tables.8:433 | |
1116 | -msgid "Rusty Russell wrote iptables, in early consultation with Michael Neuling." | |
1117 | -msgstr "" | |
1118 | - | |
1119 | -#. type: Plain text | |
1120 | -#: original/man8/ip6tables.8:437 original/man8/iptables.8:436 | |
1121 | -msgid "" | |
1122 | -"Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet " | |
1123 | -"selection framework in iptables, then wrote the mangle table, the owner " | |
1124 | -"match, the mark stuff, and ran around doing cool stuff everywhere." | |
1125 | -msgstr "" | |
1126 | - | |
1127 | -#. type: Plain text | |
1128 | -#: original/man8/ip6tables.8:439 original/man8/iptables.8:438 | |
1129 | -msgid "James Morris wrote the TOS target, and tos match." | |
1130 | -msgstr "" | |
1131 | - | |
1132 | -#. type: Plain text | |
1133 | -#: original/man8/ip6tables.8:441 original/man8/iptables.8:440 | |
1134 | -msgid "Jozsef Kadlecsik wrote the REJECT target." | |
1135 | -msgstr "" | |
1136 | - | |
1137 | -#. type: Plain text | |
1138 | -#: original/man8/ip6tables.8:443 | |
1139 | -msgid "" | |
1140 | -"Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as " | |
1141 | -"TTL match+target and libipulog." | |
1142 | -msgstr "" | |
1143 | - | |
1144 | -#. type: Plain text | |
1145 | -#: original/man8/ip6tables.8:447 original/man8/iptables.8:446 | |
1146 | -msgid "" | |
1147 | -"The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Yasuyuki " | |
1148 | -"Kozakai, Jozsef Kadlecsik, Patrick McHardy, James Morris, Pablo Neira Ayuso, " | |
1149 | -"Harald Welte and Rusty Russell." | |
1150 | -msgstr "" | |
1151 | - | |
1152 | -#. .. and did I mention that we are incredibly cool people? | |
1153 | -#. .. sexy, too .. | |
1154 | -#. .. witty, charming, powerful .. | |
1155 | -#. .. and most of all, modest .. | |
1156 | -#. type: Plain text | |
1157 | -#: original/man8/ip6tables.8:454 | |
1158 | -msgid "" | |
1159 | -"ip6tables man page created by Andras Kis-Szabo, based on iptables man page " | |
1160 | -"written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>." | |
1161 | -msgstr "" | |
1162 | - | |
1163 | -#. type: SH | |
1164 | -#: original/man8/ip6tables.8:454 original/man8/iptables.8:452 | |
1165 | -#, no-wrap | |
1166 | -msgid "VERSION" | |
1167 | -msgstr "" | |
1168 | - | |
1169 | -#. type: Plain text | |
1170 | -#: original/man8/ip6tables.8:456 | |
1171 | -msgid "This manual page applies to ip6tables 1.4.18." | |
1172 | -msgstr "" | |
1173 | - | |
1174 | -#. type: TH | |
1175 | -#: original/man8/iptables-restore.8:1 | |
1176 | -#, no-wrap | |
1177 | -msgid "IPTABLES-RESTORE" | |
1178 | -msgstr "" | |
1179 | - | |
1180 | -#. type: TH | |
1181 | -#: original/man8/iptables-restore.8:1 original/man8/iptables-save.8:1 | |
1182 | -#, no-wrap | |
1183 | -msgid "Jan 04, 2001" | |
1184 | -msgstr "" | |
1185 | - | |
1186 | -#. type: Plain text | |
1187 | -#: original/man8/iptables-restore.8:23 | |
1188 | -msgid "iptables-restore \\(em Restore IP Tables" | |
1189 | -msgstr "" | |
1190 | - | |
1191 | -#. type: Plain text | |
1192 | -#: original/man8/iptables-restore.8:26 | |
1193 | -msgid "B<iptables-restore> [B<-chntv>] [B<-M> I<modprobe>] [B<-T> I<name>]" | |
1194 | -msgstr "" | |
1195 | - | |
1196 | -#. type: Plain text | |
1197 | -#: original/man8/iptables-restore.8:31 | |
1198 | -msgid "" | |
1199 | -"B<iptables-restore> is used to restore IP Tables from data specified on " | |
1200 | -"STDIN. Use I/O redirection provided by your shell to read from a file" | |
1201 | -msgstr "" | |
1202 | - | |
1203 | -#. type: Plain text | |
1204 | -#: original/man8/iptables-restore.8:42 | |
1205 | -msgid "" | |
1206 | -"don't flush the previous contents of the table. If not specified, " | |
1207 | -"B<iptables-restore> flushes (deletes) all previous contents of the " | |
1208 | -"respective table." | |
1209 | -msgstr "" | |
1210 | - | |
1211 | -#. type: Plain text | |
1212 | -#: original/man8/iptables-restore.8:52 | |
1213 | -msgid "" | |
1214 | -"Specify the path to the modprobe program. By default, iptables-restore will " | |
1215 | -"inspect /proc/sys/kernel/modprobe to determine the executable's path." | |
1216 | -msgstr "" | |
1217 | - | |
1218 | -#. type: Plain text | |
1219 | -#: original/man8/iptables-restore.8:55 | |
1220 | -msgid "Restore only the named table even if the input stream contains other ones." | |
1221 | -msgstr "" | |
1222 | - | |
1223 | -#. type: SH | |
1224 | -#: original/man8/iptables-restore.8:57 original/man8/iptables-save.8:44 original/man1/iptables-xml.1:84 | |
1225 | -#, no-wrap | |
1226 | -msgid "AUTHOR" | |
1227 | -msgstr "" | |
1228 | - | |
1229 | -#. type: Plain text | |
1230 | -#: original/man8/iptables-restore.8:61 | |
1231 | -msgid "B<iptables-save>(8), B<iptables>(8)" | |
1232 | -msgstr "" | |
1233 | - | |
1234 | -#. type: TH | |
1235 | -#: original/man8/iptables-save.8:1 | |
1236 | -#, no-wrap | |
1237 | -msgid "IPTABLES-SAVE" | |
1238 | -msgstr "" | |
1239 | - | |
1240 | -#. type: Plain text | |
1241 | -#: original/man8/iptables-save.8:23 | |
1242 | -msgid "iptables-save \\(em dump iptables rules to stdout" | |
1243 | -msgstr "" | |
1244 | - | |
1245 | -#. type: Plain text | |
1246 | -#: original/man8/iptables-save.8:26 | |
1247 | -msgid "B<iptables-save> [B<-M> I<modprobe>] [B<-c>] [B<-t> I<table>]" | |
1248 | -msgstr "" | |
1249 | - | |
1250 | -#. type: Plain text | |
1251 | -#: original/man8/iptables-save.8:31 | |
1252 | -msgid "" | |
1253 | -"B<iptables-save> is used to dump the contents of an IP Table in easily " | |
1254 | -"parseable format to STDOUT. Use I/O-redirection provided by your shell to " | |
1255 | -"write to a file." | |
1256 | -msgstr "" | |
1257 | - | |
1258 | -#. type: Plain text | |
1259 | -#: original/man8/iptables-save.8:48 | |
1260 | -msgid "B<iptables-restore>(8), B<iptables>(8)" | |
1261 | -msgstr "" | |
1262 | - | |
1263 | -#. type: TH | |
1264 | -#: original/man8/iptables.8:1 | |
1265 | -#, no-wrap | |
1266 | -msgid "IPTABLES" | |
1267 | -msgstr "" | |
1268 | - | |
1269 | -#. type: Plain text | |
1270 | -#: original/man8/iptables.8:27 | |
1271 | -msgid "iptables \\(em administration tool for IPv4 packet filtering and NAT" | |
1272 | -msgstr "" | |
1273 | - | |
1274 | -#. type: Plain text | |
1275 | -#: original/man8/iptables.8:30 | |
1276 | -msgid "" | |
1277 | -"B<iptables> [B<-t> I<table>] {B<-A>|B<-C>|B<-D>} I<chain> " | |
1278 | -"I<rule-specification>" | |
1279 | -msgstr "" | |
1280 | - | |
1281 | -#. type: Plain text | |
1282 | -#: original/man8/iptables.8:32 | |
1283 | -msgid "" | |
1284 | -"B<iptables> [B<-t> I<table>] B<-I> I<chain> [I<rulenum>] " | |
1285 | -"I<rule-specification>" | |
1286 | -msgstr "" | |
1287 | - | |
1288 | -#. type: Plain text | |
1289 | -#: original/man8/iptables.8:34 | |
1290 | -msgid "B<iptables> [B<-t> I<table>] B<-R> I<chain rulenum rule-specification>" | |
1291 | -msgstr "" | |
1292 | - | |
1293 | -#. type: Plain text | |
1294 | -#: original/man8/iptables.8:36 | |
1295 | -msgid "B<iptables> [B<-t> I<table>] B<-D> I<chain rulenum>" | |
1296 | -msgstr "" | |
1297 | - | |
1298 | -#. type: Plain text | |
1299 | -#: original/man8/iptables.8:38 | |
1300 | -msgid "B<iptables> [B<-t> I<table>] B<-S> [I<chain> [I<rulenum>]]" | |
1301 | -msgstr "" | |
1302 | - | |
1303 | -#. type: Plain text | |
1304 | -#: original/man8/iptables.8:40 | |
1305 | -msgid "" | |
1306 | -"B<iptables> [B<-t> I<table>] {B<-F>|B<-L>|B<-Z>} [I<chain> [I<rulenum>]] " | |
1307 | -"[I<options...>]" | |
1308 | -msgstr "" | |
1309 | - | |
1310 | -#. type: Plain text | |
1311 | -#: original/man8/iptables.8:42 | |
1312 | -msgid "B<iptables> [B<-t> I<table>] B<-N> I<chain>" | |
1313 | -msgstr "" | |
1314 | - | |
1315 | -#. type: Plain text | |
1316 | -#: original/man8/iptables.8:44 | |
1317 | -msgid "B<iptables> [B<-t> I<table>] B<-X> [I<chain>]" | |
1318 | -msgstr "" | |
1319 | - | |
1320 | -#. type: Plain text | |
1321 | -#: original/man8/iptables.8:46 | |
1322 | -msgid "B<iptables> [B<-t> I<table>] B<-P> I<chain target>" | |
1323 | -msgstr "" | |
1324 | - | |
1325 | -#. type: Plain text | |
1326 | -#: original/man8/iptables.8:48 | |
1327 | -msgid "B<iptables> [B<-t> I<table>] B<-E> I<old-chain-name new-chain-name>" | |
1328 | -msgstr "" | |
1329 | - | |
1330 | -#. type: Plain text | |
1331 | -#: original/man8/iptables.8:50 | |
1332 | -msgid "rule-specification = [I<matches...>] [I<target>]" | |
1333 | -msgstr "" | |
1334 | - | |
1335 | -#. type: Plain text | |
1336 | -#: original/man8/iptables.8:52 | |
1337 | -msgid "match = B<-m> I<matchname> [I<per-match-options>]" | |
1338 | -msgstr "" | |
1339 | - | |
1340 | -#. type: Plain text | |
1341 | -#: original/man8/iptables.8:54 | |
1342 | -msgid "target = B<-j> I<targetname> [I<per-target-options>]" | |
1343 | -msgstr "" | |
1344 | - | |
1345 | -#. type: Plain text | |
1346 | -#: original/man8/iptables.8:60 | |
1347 | -msgid "" | |
1348 | -"B<Iptables> is used to set up, maintain, and inspect the tables of IPv4 " | |
1349 | -"packet filter rules in the Linux kernel. Several different tables may be " | |
1350 | -"defined. Each table contains a number of built-in chains and may also " | |
1351 | -"contain user-defined chains." | |
1352 | -msgstr "" | |
1353 | - | |
1354 | -#. type: Plain text | |
1355 | -#: original/man8/iptables.8:114 | |
1356 | -msgid "" | |
1357 | -"This table is consulted when a packet that creates a new connection is " | |
1358 | -"encountered. It consists of three built-ins: B<PREROUTING> (for altering " | |
1359 | -"packets as soon as they come in), B<OUTPUT> (for altering locally-generated " | |
1360 | -"packets before routing), and B<POSTROUTING> (for altering packets as they " | |
1361 | -"are about to go out)." | |
1362 | -msgstr "" | |
1363 | - | |
1364 | -#. type: Plain text | |
1365 | -#: original/man8/iptables.8:147 | |
1366 | -msgid "" | |
1367 | -"The options that are recognized by B<iptables> can be divided into several " | |
1368 | -"different groups." | |
1369 | -msgstr "" | |
1370 | - | |
1371 | -#. type: Plain text | |
1372 | -#: original/man8/iptables.8:153 | |
1373 | -msgid "" | |
1374 | -"These options specify the desired action to perform. Only one of them can be " | |
1375 | -"specified on the command line unless otherwise stated below. For long " | |
1376 | -"versions of the command and option names, you need to use only enough " | |
1377 | -"letters to ensure that B<iptables> can differentiate it from all other " | |
1378 | -"options." | |
1379 | -msgstr "" | |
1380 | - | |
1381 | -#. type: Plain text | |
1382 | -#: original/man8/iptables.8:188 | |
1383 | -msgid "" | |
1384 | -"List all rules in the selected chain. If no chain is selected, all chains " | |
1385 | -"are listed. Like every other iptables command, it applies to the specified " | |
1386 | -"table (filter is the default), so NAT rules get listed by" | |
1387 | -msgstr "" | |
1388 | - | |
1389 | -#. type: Plain text | |
1390 | -#: original/man8/iptables.8:190 | |
1391 | -#, no-wrap | |
1392 | -msgid " iptables -t nat -n -L\n" | |
1393 | -msgstr "" | |
1394 | - | |
1395 | -#. type: Plain text | |
1396 | -#: original/man8/iptables.8:199 | |
1397 | -#, no-wrap | |
1398 | -msgid " iptables -L -v\n" | |
1399 | -msgstr "" | |
1400 | - | |
1401 | -#. type: Plain text | |
1402 | -#: original/man8/iptables.8:205 | |
1403 | -msgid "" | |
1404 | -"Print all rules in the selected chain. If no chain is selected, all chains " | |
1405 | -"are printed like iptables-save. Like every other iptables command, it " | |
1406 | -"applies to the specified table (filter is the default)." | |
1407 | -msgstr "" | |
1408 | - | |
1409 | -#. type: Plain text | |
1410 | -#: original/man8/iptables.8:248 | |
1411 | -msgid "This option has no effect in iptables and iptables-restore." | |
1412 | -msgstr "" | |
1413 | - | |
1414 | -#. type: Plain text | |
1415 | -#: original/man8/iptables.8:254 | |
1416 | -msgid "" | |
1417 | -"If a rule using the B<-6> option is inserted with (and only with) " | |
1418 | -"iptables-restore, it will be silently ignored. Any other uses will throw an " | |
1419 | -"error. This option allows to put both IPv4 and IPv6 rules in a single rule " | |
1420 | -"file for use with both iptables-restore and ip6tables-restore." | |
1421 | -msgstr "" | |
1422 | - | |
1423 | -#. type: Plain text | |
1424 | -#: original/man8/iptables.8:265 | |
1425 | -msgid "" | |
1426 | -"The protocol of the rule or of the packet to check. The specified protocol " | |
1427 | -"can be one of B<tcp>, B<udp>, B<udplite>, B<icmp>, B<esp>, B<ah>, B<sctp> or " | |
1428 | -"the special keyword \"B<all>\", or it can be a numeric value, representing " | |
1429 | -"one of these protocols or a different one. A protocol name from " | |
1430 | -"/etc/protocols is also allowed. A \"!\" argument before the protocol " | |
1431 | -"inverts the test. The number zero is equivalent to B<all>. \"B<all>\" will " | |
1432 | -"match with all protocols and is taken as default when this option is " | |
1433 | -"omitted." | |
1434 | -msgstr "" | |
1435 | - | |
1436 | -#. type: TP | |
1437 | -#: original/man8/iptables.8:265 | |
1438 | -#, no-wrap | |
1439 | -msgid "[B<!>] B<-s>, B<--source> I<address>[B</>I<mask>][B<,>I<...>]" | |
1440 | -msgstr "" | |
1441 | - | |
1442 | -#. type: Plain text | |
1443 | -#: original/man8/iptables.8:282 | |
1444 | -msgid "" | |
1445 | -"Source specification. I<Address> can be either a network name, a hostname, a " | |
1446 | -"network IP address (with B</>I<mask>), or a plain IP address. Hostnames will " | |
1447 | -"be resolved once only, before the rule is submitted to the kernel. Please " | |
1448 | -"note that specifying any name to be resolved with a remote query such as DNS " | |
1449 | -"is a really bad idea. The I<mask> can be either a network mask or a plain " | |
1450 | -"number, specifying the number of 1's at the left side of the network mask. " | |
1451 | -"Thus, a mask of I<24> is equivalent to I<255.255.255.0>. A \"!\" argument " | |
1452 | -"before the address specification inverts the sense of the address. The flag " | |
1453 | -"B<--src> is an alias for this option. Multiple addresses can be specified, " | |
1454 | -"but this will B<expand to multiple rules> (when adding with -A), or will " | |
1455 | -"cause multiple rules to be deleted (with -D)." | |
1456 | -msgstr "" | |
1457 | - | |
1458 | -#. type: TP | |
1459 | -#: original/man8/iptables.8:282 | |
1460 | -#, no-wrap | |
1461 | -msgid "[B<!>] B<-d>, B<--destination> I<address>[B</>I<mask>][B<,>I<...>]" | |
1462 | -msgstr "" | |
1463 | - | |
1464 | -#. type: TP | |
1465 | -#: original/man8/iptables.8:328 | |
1466 | -#, no-wrap | |
1467 | -msgid "[B<!>] B<-f>, B<--fragment>" | |
1468 | -msgstr "" | |
1469 | - | |
1470 | -#. type: Plain text | |
1471 | -#: original/man8/iptables.8:336 | |
1472 | -msgid "" | |
1473 | -"This means that the rule only refers to second and further fragments of " | |
1474 | -"fragmented packets. Since there is no way to tell the source or destination " | |
1475 | -"ports of such a packet (or ICMP type), such a packet will not match any " | |
1476 | -"rules which specify them. When the \"!\" argument precedes the \"-f\" flag, " | |
1477 | -"the rule will only match head fragments, or unfragmented packets." | |
1478 | -msgstr "" | |
1479 | - | |
1480 | -#. type: SH | |
1481 | -#: original/man8/iptables.8:374 | |
1482 | -#, no-wrap | |
1483 | -msgid "MATCH AND TARGET EXTENSIONS" | |
1484 | -msgstr "" | |
1485 | - | |
1486 | -#. type: Plain text | |
1487 | -#: original/man8/iptables.8:386 | |
1488 | -msgid "" | |
1489 | -"Bugs? What's this? ;-) Well, you might want to have a look at " | |
1490 | -"http://bugzilla.netfilter.org/" | |
1491 | -msgstr "" | |
1492 | - | |
1493 | -#. type: Plain text | |
1494 | -#: original/man8/iptables.8:395 | |
1495 | -msgid "" | |
1496 | -"This B<iptables> is very similar to ipchains by Rusty Russell. The main " | |
1497 | -"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for " | |
1498 | -"packets coming into the local host and originating from the local host " | |
1499 | -"respectively. Hence every packet only passes through one of the three " | |
1500 | -"chains (except loopback traffic, which involves both INPUT and OUTPUT " | |
1501 | -"chains); previously a forwarded packet would pass through all three." | |
1502 | -msgstr "" | |
1503 | - | |
1504 | -#. type: Plain text | |
1505 | -#: original/man8/iptables.8:399 | |
1506 | -msgid "" | |
1507 | -"The other main difference is that B<-i> refers to the input interface; B<-o> " | |
1508 | -"refers to the output interface, and both are available for packets entering " | |
1509 | -"the B<FORWARD> chain." | |
1510 | -msgstr "" | |
1511 | - | |
1512 | -#. type: Plain text | |
1513 | -#: original/man8/iptables.8:405 | |
1514 | -msgid "" | |
1515 | -"The various forms of NAT have been separated out; B<iptables> is a pure " | |
1516 | -"packet filter when using the default `filter' table, with optional extension " | |
1517 | -"modules. This should simplify much of the previous confusion over the " | |
1518 | -"combination of IP masquerading and packet filtering seen previously. So the " | |
1519 | -"following options are handled differently:" | |
1520 | -msgstr "" | |
1521 | - | |
1522 | -#. type: Plain text | |
1523 | -#: original/man8/iptables.8:409 | |
1524 | -#, no-wrap | |
1525 | -msgid "" | |
1526 | -" -j MASQ\n" | |
1527 | -" -M -S\n" | |
1528 | -" -M -L\n" | |
1529 | -msgstr "" | |
1530 | - | |
1531 | -#. type: Plain text | |
1532 | -#: original/man8/iptables.8:411 | |
1533 | -msgid "There are several other changes in iptables." | |
1534 | -msgstr "" | |
1535 | - | |
1536 | -#. type: Plain text | |
1537 | -#: original/man8/iptables.8:420 | |
1538 | -msgid "" | |
1539 | -"B<iptables-apply>(8), B<iptables-save>(8), B<iptables-restore>(8), " | |
1540 | -"B<iptables-extensions>(8), B<ip6tables>(8), B<ip6tables-save>(8), " | |
1541 | -"B<ip6tables-restore>(8), B<libipq>(3)." | |
1542 | -msgstr "" | |
1543 | - | |
1544 | -#. type: Plain text | |
1545 | -#: original/man8/iptables.8:426 | |
1546 | -msgid "" | |
1547 | -"The packet-filtering-HOWTO details iptables usage for packet filtering, the " | |
1548 | -"NAT-HOWTO details NAT, the netfilter-extensions-HOWTO details the extensions " | |
1549 | -"that are not in the standard distribution, and the netfilter-hacking-HOWTO " | |
1550 | -"details the netfilter internals." | |
1551 | -msgstr "" | |
1552 | - | |
1553 | -#. type: Plain text | |
1554 | -#: original/man8/iptables.8:432 | |
1555 | -msgid "" | |
1556 | -"Rusty Russell originally wrote iptables, in early consultation with Michael " | |
1557 | -"Neuling." | |
1558 | -msgstr "" | |
1559 | - | |
1560 | -#. type: Plain text | |
1561 | -#: original/man8/iptables.8:442 | |
1562 | -msgid "" | |
1563 | -"Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as " | |
1564 | -"the TTL, DSCP, ECN matches and targets." | |
1565 | -msgstr "" | |
1566 | - | |
1567 | -#. .. and did I mention that we are incredibly cool people? | |
1568 | -#. .. sexy, too .. | |
1569 | -#. .. witty, charming, powerful .. | |
1570 | -#. .. and most of all, modest .. | |
1571 | -#. type: Plain text | |
1572 | -#: original/man8/iptables.8:452 | |
1573 | -msgid "Man page originally written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>." | |
1574 | -msgstr "" | |
1575 | - | |
1576 | -#. type: Plain text | |
1577 | -#: original/man8/iptables.8:454 | |
1578 | -msgid "This manual page applies to iptables 1.4.18." | |
1579 | -msgstr "" | |
1580 | - | |
1581 | -#. type: TH | |
1582 | -#: original/man8/iptables-extensions.8:1 | |
1583 | -#, no-wrap | |
1584 | -msgid "iptables-extensions" | |
1585 | -msgstr "" | |
1586 | - | |
1587 | -#. type: Plain text | |
1588 | -#: original/man8/iptables-extensions.8:4 | |
1589 | -msgid "" | |
1590 | -"iptables-extensions \\(em list of extensions in the standard iptables " | |
1591 | -"distribution" | |
1592 | -msgstr "" | |
1593 | - | |
1594 | -#. type: Plain text | |
1595 | -#: original/man8/iptables-extensions.8:7 | |
1596 | -msgid "" | |
1597 | -"B<ip6tables> [B<-m> I<name> [I<module-options>...]] [B<-j> I<target-name> " | |
1598 | -"[I<target-options>...]" | |
1599 | -msgstr "" | |
1600 | - | |
1601 | -#. type: Plain text | |
1602 | -#: original/man8/iptables-extensions.8:10 | |
1603 | -msgid "" | |
1604 | -"B<iptables> [B<-m> I<name> [I<module-options>...]] [B<-j> I<target-name> " | |
1605 | -"[I<target-options>...]" | |
1606 | -msgstr "" | |
1607 | - | |
1608 | -#. type: Plain text | |
1609 | -#: original/man8/iptables-extensions.8:20 | |
1610 | -msgid "" | |
1611 | -"iptables can use extended packet matching modules with the B<-m> or " | |
1612 | -"B<--match> options, followed by the matching module name; after these, " | |
1613 | -"various extra command line options become available, depending on the " | |
1614 | -"specific module. You can specify multiple extended match modules in one " | |
1615 | -"line, and you can use the B<-h> or B<--help> options after the module has " | |
1616 | -"been specified to receive help specific to that module. The extended match " | |
1617 | -"modules are evaluated in the order they are specified in the rule." | |
1618 | -msgstr "" | |
1619 | - | |
1620 | -#. @MATCH@ | |
1621 | -#. type: Plain text | |
1622 | -#: original/man8/iptables-extensions.8:25 | |
1623 | -msgid "" | |
1624 | -"If the B<-p> or B<--protocol> was specified and if and only if an unknown " | |
1625 | -"option is encountered, iptables will try load a match module of the same " | |
1626 | -"name as the protocol, to try making the option available." | |
1627 | -msgstr "" | |
1628 | - | |
1629 | -#. type: SS | |
1630 | -#: original/man8/iptables-extensions.8:25 | |
1631 | -#, no-wrap | |
1632 | -msgid "addrtype" | |
1633 | -msgstr "" | |
1634 | - | |
1635 | -#. type: Plain text | |
1636 | -#: original/man8/iptables-extensions.8:30 | |
1637 | -msgid "" | |
1638 | -"This module matches packets based on their B<address type.> Address types " | |
1639 | -"are used within the kernel networking stack and categorize addresses into " | |
1640 | -"various groups. The exact definition of that group depends on the specific " | |
1641 | -"layer three protocol." | |
1642 | -msgstr "" | |
1643 | - | |
1644 | -#. type: Plain text | |
1645 | -#: original/man8/iptables-extensions.8:32 | |
1646 | -msgid "The following address types are possible:" | |
1647 | -msgstr "" | |
1648 | - | |
1649 | -#. type: TP | |
1650 | -#: original/man8/iptables-extensions.8:32 | |
1651 | -#, no-wrap | |
1652 | -msgid "B<UNSPEC>" | |
1653 | -msgstr "" | |
1654 | - | |
1655 | -#. type: Plain text | |
1656 | -#: original/man8/iptables-extensions.8:35 | |
1657 | -msgid "an unspecified address (i.e. 0.0.0.0)" | |
1658 | -msgstr "" | |
1659 | - | |
1660 | -#. type: TP | |
1661 | -#: original/man8/iptables-extensions.8:35 | |
1662 | -#, no-wrap | |
1663 | -msgid "B<UNICAST>" | |
1664 | -msgstr "" | |
1665 | - | |
1666 | -#. type: Plain text | |
1667 | -#: original/man8/iptables-extensions.8:38 | |
1668 | -msgid "an unicast address" | |
1669 | -msgstr "" | |
1670 | - | |
1671 | -#. type: TP | |
1672 | -#: original/man8/iptables-extensions.8:38 | |
1673 | -#, no-wrap | |
1674 | -msgid "B<LOCAL>" | |
1675 | -msgstr "" | |
1676 | - | |
1677 | -#. type: Plain text | |
1678 | -#: original/man8/iptables-extensions.8:41 | |
1679 | -msgid "a local address" | |
1680 | -msgstr "" | |
1681 | - | |
1682 | -#. type: TP | |
1683 | -#: original/man8/iptables-extensions.8:41 | |
1684 | -#, no-wrap | |
1685 | -msgid "B<BROADCAST>" | |
1686 | -msgstr "" | |
1687 | - | |
1688 | -#. type: Plain text | |
1689 | -#: original/man8/iptables-extensions.8:44 | |
1690 | -msgid "a broadcast address" | |
1691 | -msgstr "" | |
1692 | - | |
1693 | -#. type: TP | |
1694 | -#: original/man8/iptables-extensions.8:44 | |
1695 | -#, no-wrap | |
1696 | -msgid "B<ANYCAST>" | |
1697 | -msgstr "" | |
1698 | - | |
1699 | -#. type: Plain text | |
1700 | -#: original/man8/iptables-extensions.8:47 | |
1701 | -msgid "an anycast packet" | |
1702 | -msgstr "" | |
1703 | - | |
1704 | -#. type: TP | |
1705 | -#: original/man8/iptables-extensions.8:47 | |
1706 | -#, no-wrap | |
1707 | -msgid "B<MULTICAST>" | |
1708 | -msgstr "" | |
1709 | - | |
1710 | -#. type: Plain text | |
1711 | -#: original/man8/iptables-extensions.8:50 | |
1712 | -msgid "a multicast address" | |
1713 | -msgstr "" | |
1714 | - | |
1715 | -#. type: TP | |
1716 | -#: original/man8/iptables-extensions.8:50 | |
1717 | -#, no-wrap | |
1718 | -msgid "B<BLACKHOLE>" | |
1719 | -msgstr "" | |
1720 | - | |
1721 | -#. type: Plain text | |
1722 | -#: original/man8/iptables-extensions.8:53 | |
1723 | -msgid "a blackhole address" | |
1724 | -msgstr "" | |
1725 | - | |
1726 | -#. type: TP | |
1727 | -#: original/man8/iptables-extensions.8:53 | |
1728 | -#, no-wrap | |
1729 | -msgid "B<UNREACHABLE>" | |
1730 | -msgstr "" | |
1731 | - | |
1732 | -#. type: Plain text | |
1733 | -#: original/man8/iptables-extensions.8:56 | |
1734 | -msgid "an unreachable address" | |
1735 | -msgstr "" | |
1736 | - | |
1737 | -#. type: TP | |
1738 | -#: original/man8/iptables-extensions.8:56 | |
1739 | -#, no-wrap | |
1740 | -msgid "B<PROHIBIT>" | |
1741 | -msgstr "" | |
1742 | - | |
1743 | -#. type: Plain text | |
1744 | -#: original/man8/iptables-extensions.8:59 | |
1745 | -msgid "a prohibited address" | |
1746 | -msgstr "" | |
1747 | - | |
1748 | -#. type: TP | |
1749 | -#: original/man8/iptables-extensions.8:59 | |
1750 | -#, no-wrap | |
1751 | -msgid "B<THROW>" | |
1752 | -msgstr "" | |
1753 | - | |
1754 | -#. type: Plain text | |
1755 | -#: original/man8/iptables-extensions.8:62 original/man8/iptables-extensions.8:65 | |
1756 | -msgid "FIXME" | |
1757 | -msgstr "" | |
1758 | - | |
1759 | -#. type: TP | |
1760 | -#: original/man8/iptables-extensions.8:62 | |
1761 | -#, no-wrap | |
1762 | -msgid "B<NAT>" | |
1763 | -msgstr "" | |
1764 | - | |
1765 | -#. type: TP | |
1766 | -#: original/man8/iptables-extensions.8:65 | |
1767 | -#, no-wrap | |
1768 | -msgid "B<XRESOLVE>" | |
1769 | -msgstr "" | |
1770 | - | |
1771 | -#. type: TP | |
1772 | -#: original/man8/iptables-extensions.8:67 | |
1773 | -#, no-wrap | |
1774 | -msgid "[B<!>] B<--src-type> I<type>" | |
1775 | -msgstr "" | |
1776 | - | |
1777 | -#. type: Plain text | |
1778 | -#: original/man8/iptables-extensions.8:70 | |
1779 | -msgid "Matches if the source address is of given type" | |
1780 | -msgstr "" | |
1781 | - | |
1782 | -#. type: TP | |
1783 | -#: original/man8/iptables-extensions.8:70 | |
1784 | -#, no-wrap | |
1785 | -msgid "[B<!>] B<--dst-type> I<type>" | |
1786 | -msgstr "" | |
1787 | - | |
1788 | -#. type: Plain text | |
1789 | -#: original/man8/iptables-extensions.8:73 | |
1790 | -msgid "Matches if the destination address is of given type" | |
1791 | -msgstr "" | |
1792 | - | |
1793 | -#. type: TP | |
1794 | -#: original/man8/iptables-extensions.8:73 | |
1795 | -#, no-wrap | |
1796 | -msgid "B<--limit-iface-in>" | |
1797 | -msgstr "" | |
1798 | - | |
1799 | -#. type: Plain text | |
1800 | -#: original/man8/iptables-extensions.8:84 | |
1801 | -msgid "" | |
1802 | -"The address type checking can be limited to the interface the packet is " | |
1803 | -"coming in. This option is only valid in the B<PREROUTING>, B<INPUT> and " | |
1804 | -"B<FORWARD> chains. It cannot be specified with the B<--limit-iface-out> " | |
1805 | -"option." | |
1806 | -msgstr "" | |
1807 | - | |
1808 | -#. type: TP | |
1809 | -#: original/man8/iptables-extensions.8:84 | |
1810 | -#, no-wrap | |
1811 | -msgid "B<--limit-iface-out>" | |
1812 | -msgstr "" | |
1813 | - | |
1814 | -#. type: Plain text | |
1815 | -#: original/man8/iptables-extensions.8:95 | |
1816 | -msgid "" | |
1817 | -"The address type checking can be limited to the interface the packet is " | |
1818 | -"going out. This option is only valid in the B<POSTROUTING>, B<OUTPUT> and " | |
1819 | -"B<FORWARD> chains. It cannot be specified with the B<--limit-iface-in> " | |
1820 | -"option." | |
1821 | -msgstr "" | |
1822 | - | |
1823 | -#. type: SS | |
1824 | -#: original/man8/iptables-extensions.8:95 | |
1825 | -#, no-wrap | |
1826 | -msgid "ah (IPv6-specific)" | |
1827 | -msgstr "" | |
1828 | - | |
1829 | -#. type: Plain text | |
1830 | -#: original/man8/iptables-extensions.8:97 | |
1831 | -msgid "" | |
1832 | -"This module matches the parameters in Authentication header of IPsec " | |
1833 | -"packets." | |
1834 | -msgstr "" | |
1835 | - | |
1836 | -#. type: TP | |
1837 | -#: original/man8/iptables-extensions.8:97 original/man8/iptables-extensions.8:108 | |
1838 | -#, no-wrap | |
1839 | -msgid "[B<!>] B<--ahspi> I<spi>[B<:>I<spi>]" | |
1840 | -msgstr "" | |
1841 | - | |
1842 | -#. type: Plain text | |
1843 | -#: original/man8/iptables-extensions.8:100 | |
1844 | -msgid "Matches SPI." | |
1845 | -msgstr "" | |
1846 | - | |
1847 | -#. type: TP | |
1848 | -#: original/man8/iptables-extensions.8:100 | |
1849 | -#, no-wrap | |
1850 | -msgid "[B<!>] B<--ahlen> I<length>" | |
1851 | -msgstr "" | |
1852 | - | |
1853 | -#. type: Plain text | |
1854 | -#: original/man8/iptables-extensions.8:103 original/man8/iptables-extensions.8:407 original/man8/iptables-extensions.8:540 | |
1855 | -msgid "Total length of this header in octets." | |
1856 | -msgstr "" | |
1857 | - | |
1858 | -#. type: TP | |
1859 | -#: original/man8/iptables-extensions.8:103 | |
1860 | -#, no-wrap | |
1861 | -msgid "B<--ahres>" | |
1862 | -msgstr "" | |
1863 | - | |
1864 | -#. type: Plain text | |
1865 | -#: original/man8/iptables-extensions.8:106 | |
1866 | -msgid "Matches if the reserved field is filled with zero." | |
1867 | -msgstr "" | |
1868 | - | |
1869 | -#. type: SS | |
1870 | -#: original/man8/iptables-extensions.8:106 | |
1871 | -#, no-wrap | |
1872 | -msgid "ah (IPv4-specific)" | |
1873 | -msgstr "" | |
1874 | - | |
1875 | -#. type: Plain text | |
1876 | -#: original/man8/iptables-extensions.8:108 | |
1877 | -msgid "This module matches the SPIs in Authentication header of IPsec packets." | |
1878 | -msgstr "" | |
1879 | - | |
1880 | -#. type: SS | |
1881 | -#: original/man8/iptables-extensions.8:110 | |
1882 | -#, no-wrap | |
1883 | -msgid "cluster" | |
1884 | -msgstr "" | |
1885 | - | |
1886 | -#. type: Plain text | |
1887 | -#: original/man8/iptables-extensions.8:113 | |
1888 | -msgid "" | |
1889 | -"Allows you to deploy gateway and back-end load-sharing clusters without the " | |
1890 | -"need of load-balancers." | |
1891 | -msgstr "" | |
1892 | - | |
1893 | -#. type: Plain text | |
1894 | -#: original/man8/iptables-extensions.8:116 | |
1895 | -msgid "" | |
1896 | -"This match requires that all the nodes see the same packets. Thus, the " | |
1897 | -"cluster match decides if this node has to handle a packet given the " | |
1898 | -"following options:" | |
1899 | -msgstr "" | |
1900 | - | |
1901 | -#. type: TP | |
1902 | -#: original/man8/iptables-extensions.8:116 | |
1903 | -#, no-wrap | |
1904 | -msgid "B<--cluster-total-nodes> I<num>" | |
1905 | -msgstr "" | |
1906 | - | |
1907 | -#. type: Plain text | |
1908 | -#: original/man8/iptables-extensions.8:119 | |
1909 | -msgid "Set number of total nodes in cluster." | |
1910 | -msgstr "" | |
1911 | - | |
1912 | -#. type: TP | |
1913 | -#: original/man8/iptables-extensions.8:119 | |
1914 | -#, no-wrap | |
1915 | -msgid "[B<!>] B<--cluster-local-node> I<num>" | |
1916 | -msgstr "" | |
1917 | - | |
1918 | -#. type: Plain text | |
1919 | -#: original/man8/iptables-extensions.8:122 | |
1920 | -msgid "Set the local node number ID." | |
1921 | -msgstr "" | |
1922 | - | |
1923 | -#. type: TP | |
1924 | -#: original/man8/iptables-extensions.8:122 | |
1925 | -#, no-wrap | |
1926 | -msgid "[B<!>] B<--cluster-local-nodemask> I<mask>" | |
1927 | -msgstr "" | |
1928 | - | |
1929 | -#. type: Plain text | |
1930 | -#: original/man8/iptables-extensions.8:126 | |
1931 | -msgid "" | |
1932 | -"Set the local node number ID mask. You can use this option instead of " | |
1933 | -"B<--cluster-local-node>." | |
1934 | -msgstr "" | |
1935 | - | |
1936 | -#. type: TP | |
1937 | -#: original/man8/iptables-extensions.8:126 | |
1938 | -#, no-wrap | |
1939 | -msgid "B<--cluster-hash-seed> I<value>" | |
1940 | -msgstr "" | |
1941 | - | |
1942 | -#. type: Plain text | |
1943 | -#: original/man8/iptables-extensions.8:129 | |
1944 | -msgid "Set seed value of the Jenkins hash." | |
1945 | -msgstr "" | |
1946 | - | |
1947 | -#. type: TP | |
1948 | -#: original/man8/iptables-extensions.8:131 original/man8/iptables-extensions.8:177 original/man8/iptables-extensions.8:214 original/man8/iptables-extensions.8:362 original/man8/iptables-extensions.8:1588 original/man8/iptables-extensions.8:1636 original/man8/iptables-extensions.8:1685 original/man8/iptables-extensions.8:2016 | |
1949 | -#, no-wrap | |
1950 | -msgid "Example:" | |
1951 | -msgstr "" | |
1952 | - | |
1953 | -#. type: Plain text | |
1954 | -#: original/man8/iptables-extensions.8:136 | |
1955 | -msgid "" | |
1956 | -"iptables -A PREROUTING -t mangle -i eth1 -m cluster --cluster-total-nodes 2 " | |
1957 | -"--cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark " | |
1958 | -"0xffff" | |
1959 | -msgstr "" | |
1960 | - | |
1961 | -#. type: Plain text | |
1962 | -#: original/man8/iptables-extensions.8:141 | |
1963 | -msgid "" | |
1964 | -"iptables -A PREROUTING -t mangle -i eth2 -m cluster --cluster-total-nodes 2 " | |
1965 | -"--cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark " | |
1966 | -"0xffff" | |
1967 | -msgstr "" | |
1968 | - | |
1969 | -#. type: Plain text | |
1970 | -#: original/man8/iptables-extensions.8:144 | |
1971 | -msgid "iptables -A PREROUTING -t mangle -i eth1 -m mark ! --mark 0xffff -j DROP" | |
1972 | -msgstr "" | |
1973 | - | |
1974 | -#. type: Plain text | |
1975 | -#: original/man8/iptables-extensions.8:147 | |
1976 | -msgid "iptables -A PREROUTING -t mangle -i eth2 -m mark ! --mark 0xffff -j DROP" | |
1977 | -msgstr "" | |
1978 | - | |
1979 | -#. type: Plain text | |
1980 | -#: original/man8/iptables-extensions.8:149 | |
1981 | -msgid "And the following commands to make all nodes see the same packets:" | |
1982 | -msgstr "" | |
1983 | - | |
1984 | -#. type: Plain text | |
1985 | -#: original/man8/iptables-extensions.8:151 | |
1986 | -msgid "ip maddr add 01:00:5e:00:01:01 dev eth1" | |
1987 | -msgstr "" | |
1988 | - | |
1989 | -#. type: Plain text | |
1990 | -#: original/man8/iptables-extensions.8:153 | |
1991 | -msgid "ip maddr add 01:00:5e:00:01:02 dev eth2" | |
1992 | -msgstr "" | |
1993 | - | |
1994 | -#. type: Plain text | |
1995 | -#: original/man8/iptables-extensions.8:156 | |
1996 | -msgid "" | |
1997 | -"arptables -A OUTPUT -o eth1 --h-length 6 -j mangle --mangle-mac-s " | |
1998 | -"01:00:5e:00:01:01" | |
1999 | -msgstr "" | |
2000 | - | |
2001 | -#. type: Plain text | |
2002 | -#: original/man8/iptables-extensions.8:160 | |
2003 | -msgid "" | |
2004 | -"arptables -A INPUT -i eth1 --h-length 6 --destination-mac 01:00:5e:00:01:01 " | |
2005 | -"-j mangle --mangle-mac-d 00:zz:yy:xx:5a:27" | |
2006 | -msgstr "" | |
2007 | - | |
2008 | -#. type: Plain text | |
2009 | -#: original/man8/iptables-extensions.8:163 | |
2010 | -msgid "" | |
2011 | -"arptables -A OUTPUT -o eth2 --h-length 6 -j mangle --mangle-mac-s " | |
2012 | -"01:00:5e:00:01:02" | |
2013 | -msgstr "" | |
2014 | - | |
2015 | -#. type: Plain text | |
2016 | -#: original/man8/iptables-extensions.8:167 | |
2017 | -msgid "" | |
2018 | -"arptables -A INPUT -i eth2 --h-length 6 --destination-mac 01:00:5e:00:01:02 " | |
2019 | -"-j mangle --mangle-mac-d 00:zz:yy:xx:5a:27" | |
2020 | -msgstr "" | |
2021 | - | |
2022 | -#. type: Plain text | |
2023 | -#: original/man8/iptables-extensions.8:171 | |
2024 | -msgid "" | |
2025 | -"In the case of TCP connections, pickup facility has to be disabled to avoid " | |
2026 | -"marking TCP ACK packets coming in the reply direction as valid." | |
2027 | -msgstr "" | |
2028 | - | |
2029 | -#. type: Plain text | |
2030 | -#: original/man8/iptables-extensions.8:173 | |
2031 | -msgid "echo 0 E<gt> /proc/sys/net/netfilter/nf_conntrack_tcp_loose" | |
2032 | -msgstr "" | |
2033 | - | |
2034 | -#. type: SS | |
2035 | -#: original/man8/iptables-extensions.8:173 | |
2036 | -#, no-wrap | |
2037 | -msgid "comment" | |
2038 | -msgstr "" | |
2039 | - | |
2040 | -#. type: Plain text | |
2041 | -#: original/man8/iptables-extensions.8:175 | |
2042 | -msgid "Allows you to add comments (up to 256 characters) to any rule." | |
2043 | -msgstr "" | |
2044 | - | |
2045 | -#. type: TP | |
2046 | -#: original/man8/iptables-extensions.8:175 | |
2047 | -#, no-wrap | |
2048 | -msgid "B<--comment> I<comment>" | |
2049 | -msgstr "" | |
2050 | - | |
2051 | -#. type: Plain text | |
2052 | -#: original/man8/iptables-extensions.8:180 | |
2053 | -msgid "iptables -A INPUT -i eth1 -m comment --comment \"my local LAN\"" | |
2054 | -msgstr "" | |
2055 | - | |
2056 | -#. type: SS | |
2057 | -#: original/man8/iptables-extensions.8:180 | |
2058 | -#, no-wrap | |
2059 | -msgid "connbytes" | |
2060 | -msgstr "" | |
2061 | - | |
2062 | -#. type: Plain text | |
2063 | -#: original/man8/iptables-extensions.8:184 | |
2064 | -msgid "" | |
2065 | -"Match by how many bytes or packets a connection (or one of the two flows " | |
2066 | -"constituting the connection) has transferred so far, or by average bytes per " | |
2067 | -"packet." | |
2068 | -msgstr "" | |
2069 | - | |
2070 | -#. type: Plain text | |
2071 | -#: original/man8/iptables-extensions.8:186 | |
2072 | -msgid "The counters are 64-bit and are thus not expected to overflow ;)" | |
2073 | -msgstr "" | |
2074 | - | |
2075 | -#. type: Plain text | |
2076 | -#: original/man8/iptables-extensions.8:189 | |
2077 | -msgid "" | |
2078 | -"The primary use is to detect long-lived downloads and mark them to be " | |
2079 | -"scheduled using a lower priority band in traffic control." | |
2080 | -msgstr "" | |
2081 | - | |
2082 | -#. type: Plain text | |
2083 | -#: original/man8/iptables-extensions.8:192 | |
2084 | -msgid "" | |
2085 | -"The transferred bytes per connection can also be viewed through `conntrack " | |
2086 | -"-L` and accessed via ctnetlink." | |
2087 | -msgstr "" | |
2088 | - | |
2089 | -#. type: Plain text | |
2090 | -#: original/man8/iptables-extensions.8:198 | |
2091 | -msgid "" | |
2092 | -"NOTE that for connections which have no accounting information, the match " | |
2093 | -"will always return false. The \"net.netfilter.nf_conntrack_acct\" sysctl " | |
2094 | -"flag controls whether B<new> connections will be byte/packet " | |
2095 | -"counted. Existing connection flows will not be gaining/losing a/the " | |
2096 | -"accounting structure when be sysctl flag is flipped." | |
2097 | -msgstr "" | |
2098 | - | |
2099 | -#. type: TP | |
2100 | -#: original/man8/iptables-extensions.8:198 | |
2101 | -#, no-wrap | |
2102 | -msgid "[B<!>] B<--connbytes> I<from>[B<:>I<to>]" | |
2103 | -msgstr "" | |
2104 | - | |
2105 | -#. type: Plain text | |
2106 | -#: original/man8/iptables-extensions.8:204 | |
2107 | -msgid "" | |
2108 | -"match packets from a connection whose packets/bytes/average packet size is " | |
2109 | -"more than FROM and less than TO bytes/packets. if TO is omitted only FROM " | |
2110 | -"check is done. \"!\" is used to match packets not falling in the range." | |
2111 | -msgstr "" | |
2112 | - | |
2113 | -#. type: TP | |
2114 | -#: original/man8/iptables-extensions.8:204 | |
2115 | -#, no-wrap | |
2116 | -msgid "B<--connbytes-dir> {B<original>|B<reply>|B<both>}" | |
2117 | -msgstr "" | |
2118 | - | |
2119 | -#. type: Plain text | |
2120 | -#: original/man8/iptables-extensions.8:207 | |
2121 | -msgid "which packets to consider" | |
2122 | -msgstr "" | |
2123 | - | |
2124 | -#. type: TP | |
2125 | -#: original/man8/iptables-extensions.8:207 | |
2126 | -#, no-wrap | |
2127 | -msgid "B<--connbytes-mode> {B<packets>|B<bytes>|B<avgpkt>}" | |
2128 | -msgstr "" | |
2129 | - | |
2130 | -#. type: Plain text | |
2131 | -#: original/man8/iptables-extensions.8:214 | |
2132 | -msgid "" | |
2133 | -"whether to check the amount of packets, number of bytes transferred or the " | |
2134 | -"average size (in bytes) of all packets received so far. Note that when " | |
2135 | -"\"both\" is used together with \"avgpkt\", and data is going (mainly) only " | |
2136 | -"in one direction (for example HTTP), the average packet size will be about " | |
2137 | -"half of the actual data packets." | |
2138 | -msgstr "" | |
2139 | - | |
2140 | -#. type: Plain text | |
2141 | -#: original/man8/iptables-extensions.8:217 | |
2142 | -msgid "" | |
2143 | -"iptables .. -m connbytes --connbytes 10000:100000 --connbytes-dir both " | |
2144 | -"--connbytes-mode bytes ..." | |
2145 | -msgstr "" | |
2146 | - | |
2147 | -#. type: SS | |
2148 | -#: original/man8/iptables-extensions.8:217 | |
2149 | -#, no-wrap | |
2150 | -msgid "connlimit" | |
2151 | -msgstr "" | |
2152 | - | |
2153 | -#. type: Plain text | |
2154 | -#: original/man8/iptables-extensions.8:220 | |
2155 | -msgid "" | |
2156 | -"Allows you to restrict the number of parallel connections to a server per " | |
2157 | -"client IP address (or client address block)." | |
2158 | -msgstr "" | |
2159 | - | |
2160 | -#. type: TP | |
2161 | -#: original/man8/iptables-extensions.8:220 | |
2162 | -#, no-wrap | |
2163 | -msgid "B<--connlimit-upto> I<n>" | |
2164 | -msgstr "" | |
2165 | - | |
2166 | -#. type: Plain text | |
2167 | -#: original/man8/iptables-extensions.8:223 | |
2168 | -msgid "Match if the number of existing connections is below or equal I<n>." | |
2169 | -msgstr "" | |
2170 | - | |
2171 | -#. type: TP | |
2172 | -#: original/man8/iptables-extensions.8:223 | |
2173 | -#, no-wrap | |
2174 | -msgid "B<--connlimit-above> I<n>" | |
2175 | -msgstr "" | |
2176 | - | |
2177 | -#. type: Plain text | |
2178 | -#: original/man8/iptables-extensions.8:226 | |
2179 | -msgid "Match if the number of existing connections is above I<n>." | |
2180 | -msgstr "" | |
2181 | - | |
2182 | -#. type: TP | |
2183 | -#: original/man8/iptables-extensions.8:226 | |
2184 | -#, no-wrap | |
2185 | -msgid "B<--connlimit-mask> I<prefix_length>" | |
2186 | -msgstr "" | |
2187 | - | |
2188 | -#. type: Plain text | |
2189 | -#: original/man8/iptables-extensions.8:231 | |
2190 | -msgid "" | |
2191 | -"Group hosts using the prefix length. For IPv4, this must be a number between " | |
2192 | -"(including) 0 and 32. For IPv6, between 0 and 128. If not specified, the " | |
2193 | -"maximum prefix length for the applicable protocol is used." | |
2194 | -msgstr "" | |
2195 | - | |
2196 | -#. type: TP | |
2197 | -#: original/man8/iptables-extensions.8:231 | |
2198 | -#, no-wrap | |
2199 | -msgid "B<--connlimit-saddr>" | |
2200 | -msgstr "" | |
2201 | - | |
2202 | -#. type: Plain text | |
2203 | -#: original/man8/iptables-extensions.8:235 | |
2204 | -msgid "" | |
2205 | -"Apply the limit onto the source group. This is the default if " | |
2206 | -"--connlimit-daddr is not specified." | |
2207 | -msgstr "" | |
2208 | - | |
2209 | -#. type: TP | |
2210 | -#: original/man8/iptables-extensions.8:235 | |
2211 | -#, no-wrap | |
2212 | -msgid "B<--connlimit-daddr>" | |
2213 | -msgstr "" | |
2214 | - | |
2215 | -#. type: Plain text | |
2216 | -#: original/man8/iptables-extensions.8:238 | |
2217 | -msgid "Apply the limit onto the destination group." | |
2218 | -msgstr "" | |
2219 | - | |
2220 | -#. type: Plain text | |
2221 | -#: original/man8/iptables-extensions.8:240 original/man8/iptables-extensions.8:514 original/man8/iptables-extensions.8:1127 original/man8/iptables-extensions.8:1252 | |
2222 | -msgid "Examples:" | |
2223 | -msgstr "" | |
2224 | - | |
2225 | -#. type: TP | |
2226 | -#: original/man8/iptables-extensions.8:240 | |
2227 | -#, no-wrap | |
2228 | -msgid "# allow 2 telnet connections per client host" | |
2229 | -msgstr "" | |
2230 | - | |
2231 | -#. type: Plain text | |
2232 | -#: original/man8/iptables-extensions.8:243 | |
2233 | -msgid "" | |
2234 | -"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 " | |
2235 | -"-j REJECT" | |
2236 | -msgstr "" | |
2237 | - | |
2238 | -#. type: TP | |
2239 | -#: original/man8/iptables-extensions.8:243 | |
2240 | -#, no-wrap | |
2241 | -msgid "# you can also match the other way around:" | |
2242 | -msgstr "" | |
2243 | - | |
2244 | -#. type: Plain text | |
2245 | -#: original/man8/iptables-extensions.8:246 | |
2246 | -msgid "" | |
2247 | -"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-upto 2 -j " | |
2248 | -"ACCEPT" | |
2249 | -msgstr "" | |
2250 | - | |
2251 | -#. type: TP | |
2252 | -#: original/man8/iptables-extensions.8:246 | |
2253 | -#, no-wrap | |
2254 | -msgid "" | |
2255 | -"# limit the number of parallel HTTP requests to 16 per class C sized source " | |
2256 | -"network (24 bit netmask)" | |
2257 | -msgstr "" | |
2258 | - | |
2259 | -#. type: Plain text | |
2260 | -#: original/man8/iptables-extensions.8:251 | |
2261 | -msgid "" | |
2262 | -"iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 " | |
2263 | -"--connlimit-mask 24 -j REJECT" | |
2264 | -msgstr "" | |
2265 | - | |
2266 | -#. type: TP | |
2267 | -#: original/man8/iptables-extensions.8:251 | |
2268 | -#, no-wrap | |
2269 | -msgid "" | |
2270 | -"# limit the number of parallel HTTP requests to 16 for the link local " | |
2271 | -"network" | |
2272 | -msgstr "" | |
2273 | - | |
2274 | -#. type: Plain text | |
2275 | -#: original/man8/iptables-extensions.8:256 | |
2276 | -msgid "" | |
2277 | -"(ipv6) ip6tables -p tcp --syn --dport 80 -s fe80::/64 -m connlimit " | |
2278 | -"--connlimit-above 16 --connlimit-mask 64 -j REJECT" | |
2279 | -msgstr "" | |
2280 | - | |
2281 | -#. type: TP | |
2282 | -#: original/man8/iptables-extensions.8:256 | |
2283 | -#, no-wrap | |
2284 | -msgid "# Limit the number of connections to a particular host:" | |
2285 | -msgstr "" | |
2286 | - | |
2287 | -#. type: Plain text | |
2288 | -#: original/man8/iptables-extensions.8:260 | |
2289 | -msgid "" | |
2290 | -"ip6tables -p tcp --syn --dport 49152:65535 -d 2001:db8::1 -m connlimit " | |
2291 | -"--connlimit-above 100 -j REJECT" | |
2292 | -msgstr "" | |
2293 | - | |
2294 | -#. type: SS | |
2295 | -#: original/man8/iptables-extensions.8:260 | |
2296 | -#, no-wrap | |
2297 | -msgid "connmark" | |
2298 | -msgstr "" | |
2299 | - | |
2300 | -#. type: Plain text | |
2301 | -#: original/man8/iptables-extensions.8:263 | |
2302 | -msgid "" | |
2303 | -"This module matches the netfilter mark field associated with a connection " | |
2304 | -"(which can be set using the B<CONNMARK> target below)." | |
2305 | -msgstr "" | |
2306 | - | |
2307 | -#. type: TP | |
2308 | -#: original/man8/iptables-extensions.8:263 original/man8/iptables-extensions.8:703 | |
2309 | -#, no-wrap | |
2310 | -msgid "[B<!>] B<--mark> I<value>[B</>I<mask>]" | |
2311 | -msgstr "" | |
2312 | - | |
2313 | -#. type: Plain text | |
2314 | -#: original/man8/iptables-extensions.8:267 | |
2315 | -msgid "" | |
2316 | -"Matches packets in connections with the given mark value (if a mask is " | |
2317 | -"specified, this is logically ANDed with the mark before the comparison)." | |
2318 | -msgstr "" | |
2319 | - | |
2320 | -#. type: SS | |
2321 | -#: original/man8/iptables-extensions.8:267 | |
2322 | -#, no-wrap | |
2323 | -msgid "conntrack" | |
2324 | -msgstr "" | |
2325 | - | |
2326 | -#. type: Plain text | |
2327 | -#: original/man8/iptables-extensions.8:270 | |
2328 | -msgid "" | |
2329 | -"This module, when combined with connection tracking, allows access to the " | |
2330 | -"connection tracking state for this packet/connection." | |
2331 | -msgstr "" | |
2332 | - | |
2333 | -#. type: TP | |
2334 | -#: original/man8/iptables-extensions.8:270 | |
2335 | -#, no-wrap | |
2336 | -msgid "[B<!>] B<--ctstate> I<statelist>" | |
2337 | -msgstr "" | |
2338 | - | |
2339 | -#. type: Plain text | |
2340 | -#: original/man8/iptables-extensions.8:274 | |
2341 | -msgid "" | |
2342 | -"I<statelist> is a comma separated list of the connection states to match. " | |
2343 | -"Possible states are listed below." | |
2344 | -msgstr "" | |
2345 | - | |
2346 | -#. type: TP | |
2347 | -#: original/man8/iptables-extensions.8:274 | |
2348 | -#, no-wrap | |
2349 | -msgid "[B<!>] B<--ctproto> I<l4proto>" | |
2350 | -msgstr "" | |
2351 | - | |
2352 | -#. type: Plain text | |
2353 | -#: original/man8/iptables-extensions.8:277 | |
2354 | -msgid "Layer-4 protocol to match (by number or name)" | |
2355 | -msgstr "" | |
2356 | - | |
2357 | -#. type: TP | |
2358 | -#: original/man8/iptables-extensions.8:277 | |
2359 | -#, no-wrap | |
2360 | -msgid "[B<!>] B<--ctorigsrc> I<address>[B</>I<mask>]" | |
2361 | -msgstr "" | |
2362 | - | |
2363 | -#. type: TP | |
2364 | -#: original/man8/iptables-extensions.8:279 | |
2365 | -#, no-wrap | |
2366 | -msgid "[B<!>] B<--ctorigdst> I<address>[B</>I<mask>]" | |
2367 | -msgstr "" | |
2368 | - | |
2369 | -#. type: TP | |
2370 | -#: original/man8/iptables-extensions.8:281 | |
2371 | -#, no-wrap | |
2372 | -msgid "[B<!>] B<--ctreplsrc> I<address>[B</>I<mask>]" | |
2373 | -msgstr "" | |
2374 | - | |
2375 | -#. type: TP | |
2376 | -#: original/man8/iptables-extensions.8:283 | |
2377 | -#, no-wrap | |
2378 | -msgid "[B<!>] B<--ctrepldst> I<address>[B</>I<mask>]" | |
2379 | -msgstr "" | |
2380 | - | |
2381 | -#. type: Plain text | |
2382 | -#: original/man8/iptables-extensions.8:286 | |
2383 | -msgid "Match against original/reply source/destination address" | |
2384 | -msgstr "" | |
2385 | - | |
2386 | -#. type: TP | |
2387 | -#: original/man8/iptables-extensions.8:286 | |
2388 | -#, no-wrap | |
2389 | -msgid "[B<!>] B<--ctorigsrcport> I<port>[B<:>I<port>]" | |
2390 | -msgstr "" | |
2391 | - | |
2392 | -#. type: TP | |
2393 | -#: original/man8/iptables-extensions.8:288 | |
2394 | -#, no-wrap | |
2395 | -msgid "[B<!>] B<--ctorigdstport> I<port>[B<:>I<port>]" | |
2396 | -msgstr "" | |
2397 | - | |
2398 | -#. type: TP | |
2399 | -#: original/man8/iptables-extensions.8:290 | |
2400 | -#, no-wrap | |
2401 | -msgid "[B<!>] B<--ctreplsrcport> I<port>[B<:>I<port>]" | |
2402 | -msgstr "" | |
2403 | - | |
2404 | -#. type: TP | |
2405 | -#: original/man8/iptables-extensions.8:292 | |
2406 | -#, no-wrap | |
2407 | -msgid "[B<!>] B<--ctrepldstport> I<port>[B<:>I<port>]" | |
2408 | -msgstr "" | |
2409 | - | |
2410 | -#. type: Plain text | |
2411 | -#: original/man8/iptables-extensions.8:296 | |
2412 | -msgid "" | |
2413 | -"Match against original/reply source/destination port (TCP/UDP/etc.) or GRE " | |
2414 | -"key. Matching against port ranges is only supported in kernel versions " | |
2415 | -"above 2.6.38." | |
2416 | -msgstr "" | |
2417 | - | |
2418 | -#. type: TP | |
2419 | -#: original/man8/iptables-extensions.8:296 | |
2420 | -#, no-wrap | |
2421 | -msgid "[B<!>] B<--ctstatus> I<statelist>" | |
2422 | -msgstr "" | |
2423 | - | |
2424 | -#. type: Plain text | |
2425 | -#: original/man8/iptables-extensions.8:300 | |
2426 | -msgid "" | |
2427 | -"I<statuslist> is a comma separated list of the connection statuses to " | |
2428 | -"match. Possible statuses are listed below." | |
2429 | -msgstr "" | |
2430 | - | |
2431 | -#. type: TP | |
2432 | -#: original/man8/iptables-extensions.8:300 | |
2433 | -#, no-wrap | |
2434 | -msgid "[B<!>] B<--ctexpire> I<time>[B<:>I<time>]" | |
2435 | -msgstr "" | |
2436 | - | |
2437 | -#. type: Plain text | |
2438 | -#: original/man8/iptables-extensions.8:304 | |
2439 | -msgid "" | |
2440 | -"Match remaining lifetime in seconds against given value or range of values " | |
2441 | -"(inclusive)" | |
2442 | -msgstr "" | |
2443 | - | |
2444 | -#. type: TP | |
2445 | -#: original/man8/iptables-extensions.8:304 | |
2446 | -#, no-wrap | |
2447 | -msgid "B<--ctdir> {B<ORIGINAL>|B<REPLY>}" | |
2448 | -msgstr "" | |
2449 | - | |
2450 | -#. type: Plain text | |
2451 | -#: original/man8/iptables-extensions.8:308 | |
2452 | -msgid "" | |
2453 | -"Match packets that are flowing in the specified direction. If this flag is " | |
2454 | -"not specified at all, matches packets in both directions." | |
2455 | -msgstr "" | |
2456 | - | |
2457 | -#. type: Plain text | |
2458 | -#: original/man8/iptables-extensions.8:310 | |
2459 | -msgid "States for B<--ctstate>:" | |
2460 | -msgstr "" | |
2461 | - | |
2462 | -#. type: TP | |
2463 | -#: original/man8/iptables-extensions.8:310 | |
2464 | -#, no-wrap | |
2465 | -msgid "B<INVALID>" | |
2466 | -msgstr "" | |
2467 | - | |
2468 | -#. type: Plain text | |
2469 | -#: original/man8/iptables-extensions.8:313 | |
2470 | -msgid "The packet is associated with no known connection." | |
2471 | -msgstr "" | |
2472 | - | |
2473 | -#. type: TP | |
2474 | -#: original/man8/iptables-extensions.8:313 | |
2475 | -#, no-wrap | |
2476 | -msgid "B<NEW>" | |
2477 | -msgstr "" | |
2478 | - | |
2479 | -#. type: Plain text | |
2480 | -#: original/man8/iptables-extensions.8:317 | |
2481 | -msgid "" | |
2482 | -"The packet has started a new connection, or otherwise associated with a " | |
2483 | -"connection which has not seen packets in both directions." | |
2484 | -msgstr "" | |
2485 | - | |
2486 | -#. type: TP | |
2487 | -#: original/man8/iptables-extensions.8:317 | |
2488 | -#, no-wrap | |
2489 | -msgid "B<ESTABLISHED>" | |
2490 | -msgstr "" | |
2491 | - | |
2492 | -#. type: Plain text | |
2493 | -#: original/man8/iptables-extensions.8:321 | |
2494 | -msgid "" | |
2495 | -"The packet is associated with a connection which has seen packets in both " | |
2496 | -"directions." | |
2497 | -msgstr "" | |
2498 | - | |
2499 | -#. type: TP | |
2500 | -#: original/man8/iptables-extensions.8:321 | |
2501 | -#, no-wrap | |
2502 | -msgid "B<RELATED>" | |
2503 | -msgstr "" | |
2504 | - | |
2505 | -#. type: Plain text | |
2506 | -#: original/man8/iptables-extensions.8:325 | |
2507 | -msgid "" | |
2508 | -"The packet is starting a new connection, but is associated with an existing " | |
2509 | -"connection, such as an FTP data transfer, or an ICMP error." | |
2510 | -msgstr "" | |
2511 | - | |
2512 | -#. type: TP | |
2513 | -#: original/man8/iptables-extensions.8:325 | |
2514 | -#, no-wrap | |
2515 | -msgid "B<UNTRACKED>" | |
2516 | -msgstr "" | |
2517 | - | |
2518 | -#. type: Plain text | |
2519 | -#: original/man8/iptables-extensions.8:329 | |
2520 | -msgid "" | |
2521 | -"The packet is not tracked at all, which happens if you explicitly untrack it " | |
2522 | -"by using -j CT --notrack in the raw table." | |
2523 | -msgstr "" | |
2524 | - | |
2525 | -#. type: TP | |
2526 | -#: original/man8/iptables-extensions.8:329 | |
2527 | -#, no-wrap | |
2528 | -msgid "B<SNAT>" | |
2529 | -msgstr "" | |
2530 | - | |
2531 | -#. type: Plain text | |
2532 | -#: original/man8/iptables-extensions.8:333 | |
2533 | -msgid "" | |
2534 | -"A virtual state, matching if the original source address differs from the " | |
2535 | -"reply destination." | |
2536 | -msgstr "" | |
2537 | - | |
2538 | -#. type: TP | |
2539 | -#: original/man8/iptables-extensions.8:333 | |
2540 | -#, no-wrap | |
2541 | -msgid "B<DNAT>" | |
2542 | -msgstr "" | |
2543 | - | |
2544 | -#. type: Plain text | |
2545 | -#: original/man8/iptables-extensions.8:337 | |
2546 | -msgid "" | |
2547 | -"A virtual state, matching if the original destination differs from the reply " | |
2548 | -"source." | |
2549 | -msgstr "" | |
2550 | - | |
2551 | -#. type: Plain text | |
2552 | -#: original/man8/iptables-extensions.8:339 | |
2553 | -msgid "Statuses for B<--ctstatus>:" | |
2554 | -msgstr "" | |
2555 | - | |
2556 | -#. type: TP | |
2557 | -#: original/man8/iptables-extensions.8:339 | |
2558 | -#, no-wrap | |
2559 | -msgid "B<NONE>" | |
2560 | -msgstr "" | |
2561 | - | |
2562 | -#. type: Plain text | |
2563 | -#: original/man8/iptables-extensions.8:342 | |
2564 | -msgid "None of the below." | |
2565 | -msgstr "" | |
2566 | - | |
2567 | -#. type: TP | |
2568 | -#: original/man8/iptables-extensions.8:342 | |
2569 | -#, no-wrap | |
2570 | -msgid "B<EXPECTED>" | |
2571 | -msgstr "" | |
2572 | - | |
2573 | -#. type: Plain text | |
2574 | -#: original/man8/iptables-extensions.8:345 | |
2575 | -msgid "This is an expected connection (i.e. a conntrack helper set it up)." | |
2576 | -msgstr "" | |
2577 | - | |
2578 | -#. type: TP | |
2579 | -#: original/man8/iptables-extensions.8:345 | |
2580 | -#, no-wrap | |
2581 | -msgid "B<SEEN_REPLY>" | |
2582 | -msgstr "" | |
2583 | - | |
2584 | -#. type: Plain text | |
2585 | -#: original/man8/iptables-extensions.8:348 | |
2586 | -msgid "Conntrack has seen packets in both directions." | |
2587 | -msgstr "" | |
2588 | - | |
2589 | -#. type: TP | |
2590 | -#: original/man8/iptables-extensions.8:348 | |
2591 | -#, no-wrap | |
2592 | -msgid "B<ASSURED>" | |
2593 | -msgstr "" | |
2594 | - | |
2595 | -#. type: Plain text | |
2596 | -#: original/man8/iptables-extensions.8:351 | |
2597 | -msgid "Conntrack entry should never be early-expired." | |
2598 | -msgstr "" | |
2599 | - | |
2600 | -#. type: TP | |
2601 | -#: original/man8/iptables-extensions.8:351 | |
2602 | -#, no-wrap | |
2603 | -msgid "B<CONFIRMED>" | |
2604 | -msgstr "" | |
2605 | - | |
2606 | -#. type: Plain text | |
2607 | -#: original/man8/iptables-extensions.8:354 | |
2608 | -msgid "Connection is confirmed: originating packet has left box." | |
2609 | -msgstr "" | |
2610 | - | |
2611 | -#. type: SS | |
2612 | -#: original/man8/iptables-extensions.8:354 | |
2613 | -#, no-wrap | |
2614 | -msgid "cpu" | |
2615 | -msgstr "" | |
2616 | - | |
2617 | -#. type: TP | |
2618 | -#: original/man8/iptables-extensions.8:355 | |
2619 | -#, no-wrap | |
2620 | -msgid "[B<!>] B<--cpu> I<number>" | |
2621 | -msgstr "" | |
2622 | - | |
2623 | -#. type: Plain text | |
2624 | -#: original/man8/iptables-extensions.8:360 | |
2625 | -msgid "" | |
2626 | -"Match cpu handling this packet. cpus are numbered from 0 to NR_CPUS-1 Can be " | |
2627 | -"used in combination with RPS (Remote Packet Steering) or multiqueue NICs to " | |
2628 | -"spread network traffic on different queues." | |
2629 | -msgstr "" | |
2630 | - | |
2631 | -#. type: Plain text | |
2632 | -#: original/man8/iptables-extensions.8:365 | |
2633 | -msgid "" | |
2634 | -"iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 -j REDIRECT " | |
2635 | -"--to-port 8080" | |
2636 | -msgstr "" | |
2637 | - | |
2638 | -#. type: Plain text | |
2639 | -#: original/man8/iptables-extensions.8:368 | |
2640 | -msgid "" | |
2641 | -"iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 -j REDIRECT " | |
2642 | -"--to-port 8081" | |
2643 | -msgstr "" | |
2644 | - | |
2645 | -#. type: Plain text | |
2646 | -#: original/man8/iptables-extensions.8:370 | |
2647 | -msgid "Available since Linux 2.6.36." | |
2648 | -msgstr "" | |
2649 | - | |
2650 | -#. type: SS | |
2651 | -#: original/man8/iptables-extensions.8:370 | |
2652 | -#, no-wrap | |
2653 | -msgid "dccp" | |
2654 | -msgstr "" | |
2655 | - | |
2656 | -#. type: TP | |
2657 | -#: original/man8/iptables-extensions.8:371 original/man8/iptables-extensions.8:1230 original/man8/iptables-extensions.8:1354 original/man8/iptables-extensions.8:1657 | |
2658 | -#, no-wrap | |
2659 | -msgid "[B<!>] B<--source-port>,B<--sport> I<port>[B<:>I<port>]" | |
2660 | -msgstr "" | |
2661 | - | |
2662 | -#. type: TP | |
2663 | -#: original/man8/iptables-extensions.8:373 original/man8/iptables-extensions.8:1232 original/man8/iptables-extensions.8:1365 original/man8/iptables-extensions.8:1663 | |
2664 | -#, no-wrap | |
2665 | -msgid "[B<!>] B<--destination-port>,B<--dport> I<port>[B<:>I<port>]" | |
2666 | -msgstr "" | |
2667 | - | |
2668 | -#. type: TP | |
2669 | -#: original/man8/iptables-extensions.8:375 | |
2670 | -#, no-wrap | |
2671 | -msgid "[B<!>] B<--dccp-types> I<mask>" | |
2672 | -msgstr "" | |
2673 | - | |
2674 | -#. type: Plain text | |
2675 | -#: original/man8/iptables-extensions.8:380 | |
2676 | -msgid "" | |
2677 | -"Match when the DCCP packet type is one of 'mask'. 'mask' is a " | |
2678 | -"comma-separated list of packet types. Packet types are: B<REQUEST RESPONSE " | |
2679 | -"DATA ACK DATAACK CLOSEREQ CLOSE RESET SYNC SYNCACK INVALID>." | |
2680 | -msgstr "" | |
2681 | - | |
2682 | -#. type: TP | |
2683 | -#: original/man8/iptables-extensions.8:380 | |
2684 | -#, no-wrap | |
2685 | -msgid "[B<!>] B<--dccp-option> I<number>" | |
2686 | -msgstr "" | |
2687 | - | |
2688 | -#. type: Plain text | |
2689 | -#: original/man8/iptables-extensions.8:383 | |
2690 | -msgid "Match if DCCP option set." | |
2691 | -msgstr "" | |
2692 | - | |
2693 | -#. type: SS | |
2694 | -#: original/man8/iptables-extensions.8:383 | |
2695 | -#, no-wrap | |
2696 | -msgid "devgroup" | |
2697 | -msgstr "" | |
2698 | - | |
2699 | -#. type: Plain text | |
2700 | -#: original/man8/iptables-extensions.8:385 | |
2701 | -msgid "Match device group of a packets incoming/outgoing interface." | |
2702 | -msgstr "" | |
2703 | - | |
2704 | -#. type: TP | |
2705 | -#: original/man8/iptables-extensions.8:385 | |
2706 | -#, no-wrap | |
2707 | -msgid "[B<!>] B<--src-group> I<name>" | |
2708 | -msgstr "" | |
2709 | - | |
2710 | -#. type: Plain text | |
2711 | -#: original/man8/iptables-extensions.8:388 | |
2712 | -msgid "Match device group of incoming device" | |
2713 | -msgstr "" | |
2714 | - | |
2715 | -#. type: TP | |
2716 | -#: original/man8/iptables-extensions.8:388 | |
2717 | -#, no-wrap | |
2718 | -msgid "[B<!>] B<--dst-group> I<name>" | |
2719 | -msgstr "" | |
2720 | - | |
2721 | -#. type: Plain text | |
2722 | -#: original/man8/iptables-extensions.8:391 | |
2723 | -msgid "Match device group of outgoing device" | |
2724 | -msgstr "" | |
2725 | - | |
2726 | -#. type: SS | |
2727 | -#: original/man8/iptables-extensions.8:391 | |
2728 | -#, no-wrap | |
2729 | -msgid "dscp" | |
2730 | -msgstr "" | |
2731 | - | |
2732 | -#. type: Plain text | |
2733 | -#: original/man8/iptables-extensions.8:394 | |
2734 | -msgid "" | |
2735 | -"This module matches the 6 bit DSCP field within the TOS field in the IP " | |
2736 | -"header. DSCP has superseded TOS within the IETF." | |
2737 | -msgstr "" | |
2738 | - | |
2739 | -#. type: TP | |
2740 | -#: original/man8/iptables-extensions.8:394 | |
2741 | -#, no-wrap | |
2742 | -msgid "[B<!>] B<--dscp> I<value>" | |
2743 | -msgstr "" | |
2744 | - | |
2745 | -#. type: Plain text | |
2746 | -#: original/man8/iptables-extensions.8:397 | |
2747 | -msgid "Match against a numeric (decimal or hex) value [0-63]." | |
2748 | -msgstr "" | |
2749 | - | |
2750 | -#. type: TP | |
2751 | -#: original/man8/iptables-extensions.8:397 | |
2752 | -#, no-wrap | |
2753 | -msgid "[B<!>] B<--dscp-class> I<class>" | |
2754 | -msgstr "" | |
2755 | - | |
2756 | -#. type: Plain text | |
2757 | -#: original/man8/iptables-extensions.8:402 | |
2758 | -msgid "" | |
2759 | -"Match the DiffServ class. This value may be any of the BE, EF, AFxx or CSx " | |
2760 | -"classes. It will then be converted into its according numeric value." | |
2761 | -msgstr "" | |
2762 | - | |
2763 | -#. type: SS | |
2764 | -#: original/man8/iptables-extensions.8:402 | |
2765 | -#, no-wrap | |
2766 | -msgid "dst (IPv6-specific)" | |
2767 | -msgstr "" | |
2768 | - | |
2769 | -#. type: Plain text | |
2770 | -#: original/man8/iptables-extensions.8:404 | |
2771 | -msgid "This module matches the parameters in Destination Options header" | |
2772 | -msgstr "" | |
2773 | - | |
2774 | -#. type: TP | |
2775 | -#: original/man8/iptables-extensions.8:404 | |
2776 | -#, no-wrap | |
2777 | -msgid "[B<!>] B<--dst-len> I<length>" | |
2778 | -msgstr "" | |
2779 | - | |
2780 | -#. type: TP | |
2781 | -#: original/man8/iptables-extensions.8:407 | |
2782 | -#, no-wrap | |
2783 | -msgid "B<--dst-opts> I<type>[B<:>I<length>][B<,>I<type>[B<:>I<length>]...]" | |
2784 | -msgstr "" | |
2785 | - | |
2786 | -#. type: Plain text | |
2787 | -#: original/man8/iptables-extensions.8:410 original/man8/iptables-extensions.8:543 | |
2788 | -msgid "numeric type of option and the length of the option data in octets." | |
2789 | -msgstr "" | |
2790 | - | |
2791 | -#. type: SS | |
2792 | -#: original/man8/iptables-extensions.8:410 | |
2793 | -#, no-wrap | |
2794 | -msgid "ecn" | |
2795 | -msgstr "" | |
2796 | - | |
2797 | -#. type: Plain text | |
2798 | -#: original/man8/iptables-extensions.8:412 | |
2799 | -msgid "" | |
2800 | -"This allows you to match the ECN bits of the IPv4/IPv6 and TCP header. ECN " | |
2801 | -"is the Explicit Congestion Notification mechanism as specified in RFC3168" | |
2802 | -msgstr "" | |
2803 | - | |
2804 | -#. type: TP | |
2805 | -#: original/man8/iptables-extensions.8:412 | |
2806 | -#, no-wrap | |
2807 | -msgid "[B<!>] B<--ecn-tcp-cwr>" | |
2808 | -msgstr "" | |
2809 | - | |
2810 | -#. type: Plain text | |
2811 | -#: original/man8/iptables-extensions.8:415 | |
2812 | -msgid "This matches if the TCP ECN CWR (Congestion Window Received) bit is set." | |
2813 | -msgstr "" | |
2814 | - | |
2815 | -#. type: TP | |
2816 | -#: original/man8/iptables-extensions.8:415 | |
2817 | -#, no-wrap | |
2818 | -msgid "[B<!>] B<--ecn-tcp-ece>" | |
2819 | -msgstr "" | |
2820 | - | |
2821 | -#. type: Plain text | |
2822 | -#: original/man8/iptables-extensions.8:418 | |
2823 | -msgid "This matches if the TCP ECN ECE (ECN Echo) bit is set." | |
2824 | -msgstr "" | |
2825 | - | |
2826 | -#. type: TP | |
2827 | -#: original/man8/iptables-extensions.8:418 | |
2828 | -#, no-wrap | |
2829 | -msgid "[B<!>] B<--ecn-ip-ect> I<num>" | |
2830 | -msgstr "" | |
2831 | - | |
2832 | -#. type: Plain text | |
2833 | -#: original/man8/iptables-extensions.8:422 | |
2834 | -msgid "" | |
2835 | -"This matches a particular IPv4/IPv6 ECT (ECN-Capable Transport). You have to " | |
2836 | -"specify a number between `0' and `3'." | |
2837 | -msgstr "" | |
2838 | - | |
2839 | -#. type: SS | |
2840 | -#: original/man8/iptables-extensions.8:422 | |
2841 | -#, no-wrap | |
2842 | -msgid "esp" | |
2843 | -msgstr "" | |
2844 | - | |
2845 | -#. type: Plain text | |
2846 | -#: original/man8/iptables-extensions.8:424 | |
2847 | -msgid "This module matches the SPIs in ESP header of IPsec packets." | |
2848 | -msgstr "" | |
2849 | - | |
2850 | -#. type: TP | |
2851 | -#: original/man8/iptables-extensions.8:424 | |
2852 | -#, no-wrap | |
2853 | -msgid "[B<!>] B<--espspi> I<spi>[B<:>I<spi>]" | |
2854 | -msgstr "" | |
2855 | - | |
2856 | -#. type: SS | |
2857 | -#: original/man8/iptables-extensions.8:426 | |
2858 | -#, no-wrap | |
2859 | -msgid "eui64 (IPv6-specific)" | |
2860 | -msgstr "" | |
2861 | - | |
2862 | -#. type: Plain text | |
2863 | -#: original/man8/iptables-extensions.8:437 | |
2864 | -msgid "" | |
2865 | -"This module matches the EUI-64 part of a stateless autoconfigured IPv6 " | |
2866 | -"address. It compares the EUI-64 derived from the source MAC address in " | |
2867 | -"Ethernet frame with the lower 64 bits of the IPv6 source address. But " | |
2868 | -"\"Universal/Local\" bit is not compared. This module doesn't match other " | |
2869 | -"link layer frame, and is only valid in the B<PREROUTING>, B<INPUT> and " | |
2870 | -"B<FORWARD> chains." | |
2871 | -msgstr "" | |
2872 | - | |
2873 | -#. type: SS | |
2874 | -#: original/man8/iptables-extensions.8:437 | |
2875 | -#, no-wrap | |
2876 | -msgid "frag (IPv6-specific)" | |
2877 | -msgstr "" | |
2878 | - | |
2879 | -#. type: Plain text | |
2880 | -#: original/man8/iptables-extensions.8:439 | |
2881 | -msgid "This module matches the parameters in Fragment header." | |
2882 | -msgstr "" | |
2883 | - | |
2884 | -#. type: TP | |
2885 | -#: original/man8/iptables-extensions.8:439 | |
2886 | -#, no-wrap | |
2887 | -msgid "[B<!>] B<--fragid> I<id>[B<:>I<id>]" | |
2888 | -msgstr "" | |
2889 | - | |
2890 | -#. type: Plain text | |
2891 | -#: original/man8/iptables-extensions.8:442 | |
2892 | -msgid "Matches the given Identification or range of it." | |
2893 | -msgstr "" | |
2894 | - | |
2895 | -#. type: TP | |
2896 | -#: original/man8/iptables-extensions.8:442 | |
2897 | -#, no-wrap | |
2898 | -msgid "[B<!>] B<--fraglen> I<length>" | |
2899 | -msgstr "" | |
2900 | - | |
2901 | -#. type: Plain text | |
2902 | -#: original/man8/iptables-extensions.8:446 | |
2903 | -msgid "" | |
2904 | -"This option cannot be used with kernel version 2.6.10 or later. The length " | |
2905 | -"of Fragment header is static and this option doesn't make sense." | |
2906 | -msgstr "" | |
2907 | - | |
2908 | -#. type: TP | |
2909 | -#: original/man8/iptables-extensions.8:446 | |
2910 | -#, no-wrap | |
2911 | -msgid "B<--fragres>" | |
2912 | -msgstr "" | |
2913 | - | |
2914 | -#. type: Plain text | |
2915 | -#: original/man8/iptables-extensions.8:449 | |
2916 | -msgid "Matches if the reserved fields are filled with zero." | |
2917 | -msgstr "" | |
2918 | - | |
2919 | -#. type: TP | |
2920 | -#: original/man8/iptables-extensions.8:449 | |
2921 | -#, no-wrap | |
2922 | -msgid "B<--fragfirst>" | |
2923 | -msgstr "" | |
2924 | - | |
2925 | -#. type: Plain text | |
2926 | -#: original/man8/iptables-extensions.8:452 | |
2927 | -msgid "Matches on the first fragment." | |
2928 | -msgstr "" | |
2929 | - | |
2930 | -#. type: TP | |
2931 | -#: original/man8/iptables-extensions.8:452 | |
2932 | -#, no-wrap | |
2933 | -msgid "B<--fragmore>" | |
2934 | -msgstr "" | |
2935 | - | |
2936 | -#. type: Plain text | |
2937 | -#: original/man8/iptables-extensions.8:455 | |
2938 | -msgid "Matches if there are more fragments." | |
2939 | -msgstr "" | |
2940 | - | |
2941 | -#. type: TP | |
2942 | -#: original/man8/iptables-extensions.8:455 | |
2943 | -#, no-wrap | |
2944 | -msgid "B<--fraglast>" | |
2945 | -msgstr "" | |
2946 | - | |
2947 | -#. type: Plain text | |
2948 | -#: original/man8/iptables-extensions.8:458 | |
2949 | -msgid "Matches if this is the last fragment." | |
2950 | -msgstr "" | |
2951 | - | |
2952 | -#. type: SS | |
2953 | -#: original/man8/iptables-extensions.8:458 | |
2954 | -#, no-wrap | |
2955 | -msgid "hashlimit" | |
2956 | -msgstr "" | |
2957 | - | |
2958 | -#. type: Plain text | |
2959 | -#: original/man8/iptables-extensions.8:464 | |
2960 | -msgid "" | |
2961 | -"B<hashlimit> uses hash buckets to express a rate limiting match (like the " | |
2962 | -"B<limit> match) for a group of connections using a B<single> iptables " | |
2963 | -"rule. Grouping can be done per-hostgroup (source and/or destination address) " | |
2964 | -"and/or per-port. It gives you the ability to express \"I<N> packets per time " | |
2965 | -"quantum per group\" or \"I<N> bytes per seconds\" (see below for some " | |
2966 | -"examples)." | |
2967 | -msgstr "" | |
2968 | - | |
2969 | -#. type: Plain text | |
2970 | -#: original/man8/iptables-extensions.8:467 | |
2971 | -msgid "" | |
2972 | -"A hash limit option (B<--hashlimit-upto>, B<--hashlimit-above>) and " | |
2973 | -"B<--hashlimit-name> are required." | |
2974 | -msgstr "" | |
2975 | - | |
2976 | -#. type: TP | |
2977 | -#: original/man8/iptables-extensions.8:467 | |
2978 | -#, no-wrap | |
2979 | -msgid "B<--hashlimit-upto> I<amount>[B</second>|B</minute>|B</hour>|B</day>]" | |
2980 | -msgstr "" | |
2981 | - | |
2982 | -#. type: Plain text | |
2983 | -#: original/man8/iptables-extensions.8:472 | |
2984 | -msgid "" | |
2985 | -"Match if the rate is below or equal to I<amount>/quantum. It is specified " | |
2986 | -"either as a number, with an optional time quantum suffix (the default is " | |
2987 | -"3/hour), or as I<amount>b/second (number of bytes per second)." | |
2988 | -msgstr "" | |
2989 | - | |
2990 | -#. type: TP | |
2991 | -#: original/man8/iptables-extensions.8:472 | |
2992 | -#, no-wrap | |
2993 | -msgid "B<--hashlimit-above> I<amount>[B</second>|B</minute>|B</hour>|B</day>]" | |
2994 | -msgstr "" | |
2995 | - | |
2996 | -#. type: Plain text | |
2997 | -#: original/man8/iptables-extensions.8:475 | |
2998 | -msgid "Match if the rate is above I<amount>/quantum." | |
2999 | -msgstr "" | |
3000 | - | |
3001 | -#. type: TP | |
3002 | -#: original/man8/iptables-extensions.8:475 | |
3003 | -#, no-wrap | |
3004 | -msgid "B<--hashlimit-burst> I<amount>" | |
3005 | -msgstr "" | |
3006 | - | |
3007 | -#. type: Plain text | |
3008 | -#: original/man8/iptables-extensions.8:482 | |
3009 | -msgid "" | |
3010 | -"Maximum initial number of packets to match: this number gets recharged by " | |
3011 | -"one every time the limit specified above is not reached, up to this number; " | |
3012 | -"the default is 5. When byte-based rate matching is requested, this option " | |
3013 | -"specifies the amount of bytes that can exceed the given rate. This option " | |
3014 | -"should be used with caution -- if the entry expires, the burst value is " | |
3015 | -"reset too." | |
3016 | -msgstr "" | |
3017 | - | |
3018 | -#. type: TP | |
3019 | -#: original/man8/iptables-extensions.8:482 | |
3020 | -#, no-wrap | |
3021 | -msgid "B<--hashlimit-mode> {B<srcip>|B<srcport>|B<dstip>|B<dstport>}B<,>..." | |
3022 | -msgstr "" | |
3023 | - | |
3024 | -#. type: Plain text | |
3025 | -#: original/man8/iptables-extensions.8:487 | |
3026 | -msgid "" | |
3027 | -"A comma-separated list of objects to take into consideration. If no " | |
3028 | -"--hashlimit-mode option is given, hashlimit acts like limit, but at the " | |
3029 | -"expensive of doing the hash housekeeping." | |
3030 | -msgstr "" | |
3031 | - | |
3032 | -#. type: TP | |
3033 | -#: original/man8/iptables-extensions.8:487 | |
3034 | -#, no-wrap | |
3035 | -msgid "B<--hashlimit-srcmask> I<prefix>" | |
3036 | -msgstr "" | |
3037 | - | |
3038 | -#. type: Plain text | |
3039 | -#: original/man8/iptables-extensions.8:494 | |
3040 | -msgid "" | |
3041 | -"When --hashlimit-mode srcip is used, all source addresses encountered will " | |
3042 | -"be grouped according to the given prefix length and the so-created subnet " | |
3043 | -"will be subject to hashlimit. I<prefix> must be between (inclusive) 0 and " | |
3044 | -"32. Note that --hashlimit-srcmask 0 is basically doing the same thing as not " | |
3045 | -"specifying srcip for --hashlimit-mode, but is technically more expensive." | |
3046 | -msgstr "" | |
3047 | - | |
3048 | -#. type: TP | |
3049 | -#: original/man8/iptables-extensions.8:494 | |
3050 | -#, no-wrap | |
3051 | -msgid "B<--hashlimit-dstmask> I<prefix>" | |
3052 | -msgstr "" | |
3053 | - | |
3054 | -#. type: Plain text | |
3055 | -#: original/man8/iptables-extensions.8:497 | |
3056 | -msgid "Like --hashlimit-srcmask, but for destination addresses." | |
3057 | -msgstr "" | |
3058 | - | |
3059 | -#. type: TP | |
3060 | -#: original/man8/iptables-extensions.8:497 | |
3061 | -#, no-wrap | |
3062 | -msgid "B<--hashlimit-name> I<foo>" | |
3063 | -msgstr "" | |
3064 | - | |
3065 | -#. type: Plain text | |
3066 | -#: original/man8/iptables-extensions.8:500 | |
3067 | -msgid "The name for the /proc/net/ipt_hashlimit/foo entry." | |
3068 | -msgstr "" | |
3069 | - | |
3070 | -#. type: TP | |
3071 | -#: original/man8/iptables-extensions.8:500 | |
3072 | -#, no-wrap | |
3073 | -msgid "B<--hashlimit-htable-size> I<buckets>" | |
3074 | -msgstr "" | |
3075 | - | |
3076 | -#. type: Plain text | |
3077 | -#: original/man8/iptables-extensions.8:503 | |
3078 | -msgid "The number of buckets of the hash table" | |
3079 | -msgstr "" | |
3080 | - | |
3081 | -#. type: TP | |
3082 | -#: original/man8/iptables-extensions.8:503 | |
3083 | -#, no-wrap | |
3084 | -msgid "B<--hashlimit-htable-max> I<entries>" | |
3085 | -msgstr "" | |
3086 | - | |
3087 | -#. type: Plain text | |
3088 | -#: original/man8/iptables-extensions.8:506 | |
3089 | -msgid "Maximum entries in the hash." | |
3090 | -msgstr "" | |
3091 | - | |
3092 | -#. type: TP | |
3093 | -#: original/man8/iptables-extensions.8:506 | |
3094 | -#, no-wrap | |
3095 | -msgid "B<--hashlimit-htable-expire> I<msec>" | |
3096 | -msgstr "" | |
3097 | - | |
3098 | -#. type: Plain text | |
3099 | -#: original/man8/iptables-extensions.8:509 | |
3100 | -msgid "After how many milliseconds do hash entries expire." | |
3101 | -msgstr "" | |
3102 | - | |
3103 | -#. type: TP | |
3104 | -#: original/man8/iptables-extensions.8:509 | |
3105 | -#, no-wrap | |
3106 | -msgid "B<--hashlimit-htable-gcinterval> I<msec>" | |
3107 | -msgstr "" | |
3108 | - | |
3109 | -#. type: Plain text | |
3110 | -#: original/man8/iptables-extensions.8:512 | |
3111 | -msgid "How many milliseconds between garbage collection intervals." | |
3112 | -msgstr "" | |
3113 | - | |
3114 | -#. type: TP | |
3115 | -#: original/man8/iptables-extensions.8:514 | |
3116 | -#, no-wrap | |
3117 | -msgid "matching on source host" | |
3118 | -msgstr "" | |
3119 | - | |
3120 | -#. type: Plain text | |
3121 | -#: original/man8/iptables-extensions.8:518 | |
3122 | -msgid "" | |
3123 | -"\"1000 packets per second for every host in 192.168.0.0/16\" =E<gt> -s " | |
3124 | -"192.168.0.0/16 --hashlimit-mode srcip --hashlimit-upto 1000/sec" | |
3125 | -msgstr "" | |
3126 | - | |
3127 | -#. type: TP | |
3128 | -#: original/man8/iptables-extensions.8:518 | |
3129 | -#, no-wrap | |
3130 | -msgid "matching on source port" | |
3131 | -msgstr "" | |
3132 | - | |
3133 | -#. type: Plain text | |
3134 | -#: original/man8/iptables-extensions.8:522 | |
3135 | -msgid "" | |
3136 | -"\"100 packets per second for every service of 192.168.1.1\" =E<gt> -s " | |
3137 | -"192.168.1.1 --hashlimit-mode srcport --hashlimit-upto 100/sec" | |
3138 | -msgstr "" | |
3139 | - | |
3140 | -#. type: TP | |
3141 | -#: original/man8/iptables-extensions.8:522 | |
3142 | -#, no-wrap | |
3143 | -msgid "matching on subnet" | |
3144 | -msgstr "" | |
3145 | - | |
3146 | -#. type: Plain text | |
3147 | -#: original/man8/iptables-extensions.8:527 | |
3148 | -msgid "" | |
3149 | -"\"10000 packets per minute for every /28 subnet (groups of 8 addresses) in " | |
3150 | -"10.0.0.0/8\" =E<gt> -s 10.0.0.8 --hashlimit-mask 28 --hashlimit-upto " | |
3151 | -"10000/min" | |
3152 | -msgstr "" | |
3153 | - | |
3154 | -#. type: TP | |
3155 | -#: original/man8/iptables-extensions.8:527 original/man8/iptables-extensions.8:531 | |
3156 | -#, no-wrap | |
3157 | -msgid "matching bytes per second" | |
3158 | -msgstr "" | |
3159 | - | |
3160 | -#. type: Plain text | |
3161 | -#: original/man8/iptables-extensions.8:531 | |
3162 | -msgid "" | |
3163 | -"\"flows exceeding 512kbyte/s\" =E<gt> --hashlimit-mode " | |
3164 | -"srcip,dstip,srcport,dstport --hashlimit-above 512kb/s" | |
3165 | -msgstr "" | |
3166 | - | |
3167 | -#. type: Plain text | |
3168 | -#: original/man8/iptables-extensions.8:535 | |
3169 | -msgid "" | |
3170 | -"\"hosts that exceed 512kbyte/s, but permit up to 1Megabytes without " | |
3171 | -"matching\" --hashlimit-mode dstip --hashlimit-above 512kb/s " | |
3172 | -"--hashlimit-burst 1mb" | |
3173 | -msgstr "" | |
3174 | - | |
3175 | -#. type: SS | |
3176 | -#: original/man8/iptables-extensions.8:535 | |
3177 | -#, no-wrap | |
3178 | -msgid "hbh (IPv6-specific)" | |
3179 | -msgstr "" | |
3180 | - | |
3181 | -#. type: Plain text | |
3182 | -#: original/man8/iptables-extensions.8:537 | |
3183 | -msgid "This module matches the parameters in Hop-by-Hop Options header" | |
3184 | -msgstr "" | |
3185 | - | |
3186 | -#. type: TP | |
3187 | -#: original/man8/iptables-extensions.8:537 | |
3188 | -#, no-wrap | |
3189 | -msgid "[B<!>] B<--hbh-len> I<length>" | |
3190 | -msgstr "" | |
3191 | - | |
3192 | -#. type: TP | |
3193 | -#: original/man8/iptables-extensions.8:540 | |
3194 | -#, no-wrap | |
3195 | -msgid "B<--hbh-opts> I<type>[B<:>I<length>][B<,>I<type>[B<:>I<length>]...]" | |
3196 | -msgstr "" | |
3197 | - | |
3198 | -#. type: SS | |
3199 | -#: original/man8/iptables-extensions.8:543 | |
3200 | -#, no-wrap | |
3201 | -msgid "helper" | |
3202 | -msgstr "" | |
3203 | - | |
3204 | -#. type: Plain text | |
3205 | -#: original/man8/iptables-extensions.8:545 | |
3206 | -msgid "This module matches packets related to a specific conntrack-helper." | |
3207 | -msgstr "" | |
3208 | - | |
3209 | -#. type: TP | |
3210 | -#: original/man8/iptables-extensions.8:545 | |
3211 | -#, no-wrap | |
3212 | -msgid "[B<!>] B<--helper> I<string>" | |
3213 | -msgstr "" | |
3214 | - | |
3215 | -#. type: Plain text | |
3216 | -#: original/man8/iptables-extensions.8:548 | |
3217 | -msgid "Matches packets related to the specified conntrack-helper." | |
3218 | -msgstr "" | |
3219 | - | |
3220 | -#. type: Plain text | |
3221 | -#: original/man8/iptables-extensions.8:552 | |
3222 | -msgid "" | |
3223 | -"string can be \"ftp\" for packets related to a ftp-session on default port. " | |
3224 | -"For other ports append -portnr to the value, ie. \"ftp-2121\"." | |
3225 | -msgstr "" | |
3226 | - | |
3227 | -#. type: Plain text | |
3228 | -#: original/man8/iptables-extensions.8:554 | |
3229 | -msgid "Same rules apply for other conntrack-helpers." | |
3230 | -msgstr "" | |
3231 | - | |
3232 | -#. type: SS | |
3233 | -#: original/man8/iptables-extensions.8:555 | |
3234 | -#, no-wrap | |
3235 | -msgid "hl (IPv6-specific)" | |
3236 | -msgstr "" | |
3237 | - | |
3238 | -#. type: Plain text | |
3239 | -#: original/man8/iptables-extensions.8:557 | |
3240 | -msgid "This module matches the Hop Limit field in the IPv6 header." | |
3241 | -msgstr "" | |
3242 | - | |
3243 | -#. type: TP | |
3244 | -#: original/man8/iptables-extensions.8:557 | |
3245 | -#, no-wrap | |
3246 | -msgid "[B<!>] B<--hl-eq> I<value>" | |
3247 | -msgstr "" | |
3248 | - | |
3249 | -#. type: Plain text | |
3250 | -#: original/man8/iptables-extensions.8:560 | |
3251 | -msgid "Matches if Hop Limit equals I<value>." | |
3252 | -msgstr "" | |
3253 | - | |
3254 | -#. type: TP | |
3255 | -#: original/man8/iptables-extensions.8:560 | |
3256 | -#, no-wrap | |
3257 | -msgid "B<--hl-lt> I<value>" | |
3258 | -msgstr "" | |
3259 | - | |
3260 | -#. type: Plain text | |
3261 | -#: original/man8/iptables-extensions.8:563 | |
3262 | -msgid "Matches if Hop Limit is less than I<value>." | |
3263 | -msgstr "" | |
3264 | - | |
3265 | -#. type: TP | |
3266 | -#: original/man8/iptables-extensions.8:563 | |
3267 | -#, no-wrap | |
3268 | -msgid "B<--hl-gt> I<value>" | |
3269 | -msgstr "" | |
3270 | - | |
3271 | -#. type: Plain text | |
3272 | -#: original/man8/iptables-extensions.8:566 | |
3273 | -msgid "Matches if Hop Limit is greater than I<value>." | |
3274 | -msgstr "" | |
3275 | - | |
3276 | -#. type: SS | |
3277 | -#: original/man8/iptables-extensions.8:566 | |
3278 | -#, no-wrap | |
3279 | -msgid "icmp (IPv4-specific)" | |
3280 | -msgstr "" | |
3281 | - | |
3282 | -#. type: Plain text | |
3283 | -#: original/man8/iptables-extensions.8:569 | |
3284 | -msgid "" | |
3285 | -"This extension can be used if `--protocol icmp' is specified. It provides " | |
3286 | -"the following option:" | |
3287 | -msgstr "" | |
3288 | - | |
3289 | -#. type: TP | |
3290 | -#: original/man8/iptables-extensions.8:569 | |
3291 | -#, no-wrap | |
3292 | -msgid "[B<!>] B<--icmp-type> {I<type>[B</>I<code>]|I<typename>}" | |
3293 | -msgstr "" | |
3294 | - | |
3295 | -#. type: Plain text | |
3296 | -#: original/man8/iptables-extensions.8:573 | |
3297 | -msgid "" | |
3298 | -"This allows specification of the ICMP type, which can be a numeric ICMP " | |
3299 | -"type, type/code pair, or one of the ICMP type names shown by the command" | |
3300 | -msgstr "" | |
3301 | - | |
3302 | -#. type: Plain text | |
3303 | -#: original/man8/iptables-extensions.8:575 | |
3304 | -#, no-wrap | |
3305 | -msgid " iptables -p icmp -h\n" | |
3306 | -msgstr "" | |
3307 | - | |
3308 | -#. type: SS | |
3309 | -#: original/man8/iptables-extensions.8:576 | |
3310 | -#, no-wrap | |
3311 | -msgid "icmp6 (IPv6-specific)" | |
3312 | -msgstr "" | |
3313 | - | |
3314 | -#. type: Plain text | |
3315 | -#: original/man8/iptables-extensions.8:579 | |
3316 | -msgid "" | |
3317 | -"This extension can be used if `--protocol ipv6-icmp' or `--protocol icmpv6' " | |
3318 | -"is specified. It provides the following option:" | |
3319 | -msgstr "" | |
3320 | - | |
3321 | -#. type: TP | |
3322 | -#: original/man8/iptables-extensions.8:579 | |
3323 | -#, no-wrap | |
3324 | -msgid "[B<!>] B<--icmpv6-type> I<type>[B</>I<code>]|I<typename>" | |
3325 | -msgstr "" | |
3326 | - | |
3327 | -#. type: Plain text | |
3328 | -#: original/man8/iptables-extensions.8:588 | |
3329 | -msgid "" | |
3330 | -"This allows specification of the ICMPv6 type, which can be a numeric ICMPv6 " | |
3331 | -"I<type>, I<type> and I<code>, or one of the ICMPv6 type names shown by the " | |
3332 | -"command" | |
3333 | -msgstr "" | |
3334 | - | |
3335 | -#. type: Plain text | |
3336 | -#: original/man8/iptables-extensions.8:590 | |
3337 | -#, no-wrap | |
3338 | -msgid " ip6tables -p ipv6-icmp -h\n" | |
3339 | -msgstr "" | |
3340 | - | |
3341 | -#. type: SS | |
3342 | -#: original/man8/iptables-extensions.8:591 | |
3343 | -#, no-wrap | |
3344 | -msgid "iprange" | |
3345 | -msgstr "" | |
3346 | - | |
3347 | -#. type: Plain text | |
3348 | -#: original/man8/iptables-extensions.8:593 | |
3349 | -msgid "This matches on a given arbitrary range of IP addresses." | |
3350 | -msgstr "" | |
3351 | - | |
3352 | -#. type: TP | |
3353 | -#: original/man8/iptables-extensions.8:593 | |
3354 | -#, no-wrap | |
3355 | -msgid "[B<!>] B<--src-range> I<from>[B<->I<to>]" | |
3356 | -msgstr "" | |
3357 | - | |
3358 | -#. type: Plain text | |
3359 | -#: original/man8/iptables-extensions.8:596 | |
3360 | -msgid "Match source IP in the specified range." | |
3361 | -msgstr "" | |
3362 | - | |
3363 | -#. type: TP | |
3364 | -#: original/man8/iptables-extensions.8:596 | |
3365 | -#, no-wrap | |
3366 | -msgid "[B<!>] B<--dst-range> I<from>[B<->I<to>]" | |
3367 | -msgstr "" | |
3368 | - | |
3369 | -#. type: Plain text | |
3370 | -#: original/man8/iptables-extensions.8:599 | |
3371 | -msgid "Match destination IP in the specified range." | |
3372 | -msgstr "" | |
3373 | - | |
3374 | -#. type: SS | |
3375 | -#: original/man8/iptables-extensions.8:599 | |
3376 | -#, no-wrap | |
3377 | -msgid "ipv6header (IPv6-specific)" | |
3378 | -msgstr "" | |
3379 | - | |
3380 | -#. type: Plain text | |
3381 | -#: original/man8/iptables-extensions.8:601 | |
3382 | -msgid "This module matches IPv6 extension headers and/or upper layer header." | |
3383 | -msgstr "" | |
3384 | - | |
3385 | -#. type: TP | |
3386 | -#: original/man8/iptables-extensions.8:601 | |
3387 | -#, no-wrap | |
3388 | -msgid "B<--soft>" | |
3389 | -msgstr "" | |
3390 | - | |
3391 | -#. type: Plain text | |
3392 | -#: original/man8/iptables-extensions.8:605 | |
3393 | -msgid "" | |
3394 | -"Matches if the packet includes B<any> of the headers specified with " | |
3395 | -"B<--header>." | |
3396 | -msgstr "" | |
3397 | - | |
3398 | -#. type: TP | |
3399 | -#: original/man8/iptables-extensions.8:605 | |
3400 | -#, no-wrap | |
3401 | -msgid "[B<!>] B<--header> I<header>[B<,>I<header>...]" | |
3402 | -msgstr "" | |
3403 | - | |
3404 | -#. type: Plain text | |
3405 | -#: original/man8/iptables-extensions.8:610 | |
3406 | -msgid "" | |
3407 | -"Matches the packet which EXACTLY includes all specified headers. The headers " | |
3408 | -"encapsulated with ESP header are out of scope. Possible I<header> types can " | |
3409 | -"be:" | |
3410 | -msgstr "" | |
3411 | - | |
3412 | -#. type: TP | |
3413 | -#: original/man8/iptables-extensions.8:610 | |
3414 | -#, no-wrap | |
3415 | -msgid "B<hop>|B<hop-by-hop>" | |
3416 | -msgstr "" | |
3417 | - | |
3418 | -#. type: Plain text | |
3419 | -#: original/man8/iptables-extensions.8:613 | |
3420 | -msgid "Hop-by-Hop Options header" | |
3421 | -msgstr "" | |
3422 | - | |
3423 | -#. type: TP | |
3424 | -#: original/man8/iptables-extensions.8:613 | |
3425 | -#, no-wrap | |
3426 | -msgid "B<dst>" | |
3427 | -msgstr "" | |
3428 | - | |
3429 | -#. type: Plain text | |
3430 | -#: original/man8/iptables-extensions.8:616 | |
3431 | -msgid "Destination Options header" | |
3432 | -msgstr "" | |
3433 | - | |
3434 | -#. type: TP | |
3435 | -#: original/man8/iptables-extensions.8:616 | |
3436 | -#, no-wrap | |
3437 | -msgid "B<route>" | |
3438 | -msgstr "" | |
3439 | - | |
3440 | -#. type: Plain text | |
3441 | -#: original/man8/iptables-extensions.8:619 | |
3442 | -msgid "Routing header" | |
3443 | -msgstr "" | |
3444 | - | |
3445 | -#. type: TP | |
3446 | -#: original/man8/iptables-extensions.8:619 | |
3447 | -#, no-wrap | |
3448 | -msgid "B<frag>" | |
3449 | -msgstr "" | |
3450 | - | |
3451 | -#. type: Plain text | |
3452 | -#: original/man8/iptables-extensions.8:622 | |
3453 | -msgid "Fragment header" | |
3454 | -msgstr "" | |
3455 | - | |
3456 | -#. type: TP | |
3457 | -#: original/man8/iptables-extensions.8:622 | |
3458 | -#, no-wrap | |
3459 | -msgid "B<auth>" | |
3460 | -msgstr "" | |
3461 | - | |
3462 | -#. type: Plain text | |
3463 | -#: original/man8/iptables-extensions.8:625 | |
3464 | -msgid "Authentication header" | |
3465 | -msgstr "" | |
3466 | - | |
3467 | -#. type: TP | |
3468 | -#: original/man8/iptables-extensions.8:625 | |
3469 | -#, no-wrap | |
3470 | -msgid "B<esp>" | |
3471 | -msgstr "" | |
3472 | - | |
3473 | -#. type: Plain text | |
3474 | -#: original/man8/iptables-extensions.8:628 | |
3475 | -msgid "Encapsulating Security Payload header" | |
3476 | -msgstr "" | |
3477 | - | |
3478 | -#. type: TP | |
3479 | -#: original/man8/iptables-extensions.8:628 | |
3480 | -#, no-wrap | |
3481 | -msgid "B<none>" | |
3482 | -msgstr "" | |
3483 | - | |
3484 | -#. type: Plain text | |
3485 | -#: original/man8/iptables-extensions.8:632 | |
3486 | -msgid "" | |
3487 | -"No Next header which matches 59 in the 'Next Header field' of IPv6 header or " | |
3488 | -"any IPv6 extension headers" | |
3489 | -msgstr "" | |
3490 | - | |
3491 | -#. type: TP | |
3492 | -#: original/man8/iptables-extensions.8:632 | |
3493 | -#, no-wrap | |
3494 | -msgid "B<proto>" | |
3495 | -msgstr "" | |
3496 | - | |
3497 | -#. type: Plain text | |
3498 | -#: original/man8/iptables-extensions.8:637 | |
3499 | -msgid "" | |
3500 | -"which matches any upper layer protocol header. A protocol name from " | |
3501 | -"/etc/protocols and numeric value also allowed. The number 255 is equivalent " | |
3502 | -"to B<proto>." | |
3503 | -msgstr "" | |
3504 | - | |
3505 | -#. type: SS | |
3506 | -#: original/man8/iptables-extensions.8:637 | |
3507 | -#, no-wrap | |
3508 | -msgid "ipvs" | |
3509 | -msgstr "" | |
3510 | - | |
3511 | -#. type: Plain text | |
3512 | -#: original/man8/iptables-extensions.8:639 | |
3513 | -msgid "Match IPVS connection properties." | |
3514 | -msgstr "" | |
3515 | - | |
3516 | -#. type: TP | |
3517 | -#: original/man8/iptables-extensions.8:639 | |
3518 | -#, no-wrap | |
3519 | -msgid "[B<!>] B<--ipvs>" | |
3520 | -msgstr "" | |
3521 | - | |
3522 | -#. type: Plain text | |
3523 | -#: original/man8/iptables-extensions.8:642 | |
3524 | -msgid "packet belongs to an IPVS connection" | |
3525 | -msgstr "" | |
3526 | - | |
3527 | -#. type: TP | |
3528 | -#: original/man8/iptables-extensions.8:642 | |
3529 | -#, no-wrap | |
3530 | -msgid "Any of the following options implies --ipvs (even negated)" | |
3531 | -msgstr "" | |
3532 | - | |
3533 | -#. type: TP | |
3534 | -#: original/man8/iptables-extensions.8:644 | |
3535 | -#, no-wrap | |
3536 | -msgid "[B<!>] B<--vproto> I<protocol>" | |
3537 | -msgstr "" | |
3538 | - | |
3539 | -#. type: Plain text | |
3540 | -#: original/man8/iptables-extensions.8:647 | |
3541 | -msgid "VIP protocol to match; by number or name, e.g. \"tcp\"" | |
3542 | -msgstr "" | |
3543 | - | |
3544 | -#. type: TP | |
3545 | -#: original/man8/iptables-extensions.8:647 | |
3546 | -#, no-wrap | |
3547 | -msgid "[B<!>] B<--vaddr> I<address>[B</>I<mask>]" | |
3548 | -msgstr "" | |
3549 | - | |
3550 | -#. type: Plain text | |
3551 | -#: original/man8/iptables-extensions.8:650 | |
3552 | -msgid "VIP address to match" | |
3553 | -msgstr "" | |
3554 | - | |
3555 | -#. type: TP | |
3556 | -#: original/man8/iptables-extensions.8:650 | |
3557 | -#, no-wrap | |
3558 | -msgid "[B<!>] B<--vport> I<port>" | |
3559 | -msgstr "" | |
3560 | - | |
3561 | -#. type: Plain text | |
3562 | -#: original/man8/iptables-extensions.8:653 | |
3563 | -msgid "VIP port to match; by number or name, e.g. \"http\"" | |
3564 | -msgstr "" | |
3565 | - | |
3566 | -#. type: TP | |
3567 | -#: original/man8/iptables-extensions.8:653 | |
3568 | -#, no-wrap | |
3569 | -msgid "B<--vdir> {B<ORIGINAL>|B<REPLY>}" | |
3570 | -msgstr "" | |
3571 | - | |
3572 | -#. type: Plain text | |
3573 | -#: original/man8/iptables-extensions.8:656 | |
3574 | -msgid "flow direction of packet" | |
3575 | -msgstr "" | |
3576 | - | |
3577 | -#. type: TP | |
3578 | -#: original/man8/iptables-extensions.8:656 | |
3579 | -#, no-wrap | |
3580 | -msgid "[B<!>] B<--vmethod> {B<GATE>|B<IPIP>|B<MASQ>}" | |
3581 | -msgstr "" | |
3582 | - | |
3583 | -#. type: Plain text | |
3584 | -#: original/man8/iptables-extensions.8:659 | |
3585 | -msgid "IPVS forwarding method used" | |
3586 | -msgstr "" | |
3587 | - | |
3588 | -#. type: TP | |
3589 | -#: original/man8/iptables-extensions.8:659 | |
3590 | -#, no-wrap | |
3591 | -msgid "[B<!>] B<--vportctl> I<port>" | |
3592 | -msgstr "" | |
3593 | - | |
3594 | -#. type: Plain text | |
3595 | -#: original/man8/iptables-extensions.8:662 | |
3596 | -msgid "VIP port of the controlling connection to match, e.g. 21 for FTP" | |
3597 | -msgstr "" | |
3598 | - | |
3599 | -#. type: SS | |
3600 | -#: original/man8/iptables-extensions.8:662 | |
3601 | -#, no-wrap | |
3602 | -msgid "length" | |
3603 | -msgstr "" | |
3604 | - | |
3605 | -#. type: Plain text | |
3606 | -#: original/man8/iptables-extensions.8:666 | |
3607 | -msgid "" | |
3608 | -"This module matches the length of the layer-3 payload (e.g. layer-4 packet) " | |
3609 | -"of a packet against a specific value or range of values." | |
3610 | -msgstr "" | |
3611 | - | |
3612 | -#. type: TP | |
3613 | -#: original/man8/iptables-extensions.8:666 | |
3614 | -#, no-wrap | |
3615 | -msgid "[B<!>] B<--length> I<length>[B<:>I<length>]" | |
3616 | -msgstr "" | |
3617 | - | |
3618 | -#. type: SS | |
3619 | -#: original/man8/iptables-extensions.8:668 | |
3620 | -#, no-wrap | |
3621 | -msgid "limit" | |
3622 | -msgstr "" | |
3623 | - | |
3624 | -#. type: Plain text | |
3625 | -#: original/man8/iptables-extensions.8:674 | |
3626 | -msgid "" | |
3627 | -"This module matches at a limited rate using a token bucket filter. A rule " | |
3628 | -"using this extension will match until this limit is reached. It can be used " | |
3629 | -"in combination with the B<LOG> target to give limited logging, for example." | |
3630 | -msgstr "" | |
3631 | - | |
3632 | -#. type: Plain text | |
3633 | -#: original/man8/iptables-extensions.8:677 | |
3634 | -msgid "" | |
3635 | -"xt_limit has no negation support - you will have to use -m hashlimit ! " | |
3636 | -"--hashlimit I<rate> in this case whilst omitting --hashlimit-mode." | |
3637 | -msgstr "" | |
3638 | - | |
3639 | -#. type: TP | |
3640 | -#: original/man8/iptables-extensions.8:677 | |
3641 | -#, no-wrap | |
3642 | -msgid "B<--limit> I<rate>[B</second>|B</minute>|B</hour>|B</day>]" | |
3643 | -msgstr "" | |
3644 | - | |
3645 | -#. type: Plain text | |
3646 | -#: original/man8/iptables-extensions.8:682 | |
3647 | -msgid "" | |
3648 | -"Maximum average matching rate: specified as a number, with an optional " | |
3649 | -"`/second', `/minute', `/hour', or `/day' suffix; the default is 3/hour." | |
3650 | -msgstr "" | |
3651 | - | |
3652 | -#. type: TP | |
3653 | -#: original/man8/iptables-extensions.8:682 | |
3654 | -#, no-wrap | |
3655 | -msgid "B<--limit-burst> I<number>" | |
3656 | -msgstr "" | |
3657 | - | |
3658 | -#. type: Plain text | |
3659 | -#: original/man8/iptables-extensions.8:687 | |
3660 | -msgid "" | |
3661 | -"Maximum initial number of packets to match: this number gets recharged by " | |
3662 | -"one every time the limit specified above is not reached, up to this number; " | |
3663 | -"the default is 5." | |
3664 | -msgstr "" | |
3665 | - | |
3666 | -#. type: SS | |
3667 | -#: original/man8/iptables-extensions.8:687 | |
3668 | -#, no-wrap | |
3669 | -msgid "mac" | |
3670 | -msgstr "" | |
3671 | - | |
3672 | -#. type: TP | |
3673 | -#: original/man8/iptables-extensions.8:688 | |
3674 | -#, no-wrap | |
3675 | -msgid "[B<!>] B<--mac-source> I<address>" | |
3676 | -msgstr "" | |
3677 | - | |
3678 | -#. type: Plain text | |
3679 | -#: original/man8/iptables-extensions.8:698 | |
3680 | -msgid "" | |
3681 | -"Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note " | |
3682 | -"that this only makes sense for packets coming from an Ethernet device and " | |
3683 | -"entering the B<PREROUTING>, B<FORWARD> or B<INPUT> chains." | |
3684 | -msgstr "" | |
3685 | - | |
3686 | -#. type: SS | |
3687 | -#: original/man8/iptables-extensions.8:698 | |
3688 | -#, no-wrap | |
3689 | -msgid "mark" | |
3690 | -msgstr "" | |
3691 | - | |
3692 | -#. type: Plain text | |
3693 | -#: original/man8/iptables-extensions.8:703 | |
3694 | -msgid "" | |
3695 | -"This module matches the netfilter mark field associated with a packet (which " | |
3696 | -"can be set using the B<MARK> target below)." | |
3697 | -msgstr "" | |
3698 | - | |
3699 | -#. type: Plain text | |
3700 | -#: original/man8/iptables-extensions.8:708 | |
3701 | -msgid "" | |
3702 | -"Matches packets with the given unsigned mark value (if a I<mask> is " | |
3703 | -"specified, this is logically ANDed with the I<mask> before the comparison)." | |
3704 | -msgstr "" | |
3705 | - | |
3706 | -#. type: SS | |
3707 | -#: original/man8/iptables-extensions.8:708 | |
3708 | -#, no-wrap | |
3709 | -msgid "mh (IPv6-specific)" | |
3710 | -msgstr "" | |
3711 | - | |
3712 | -#. type: Plain text | |
3713 | -#: original/man8/iptables-extensions.8:711 | |
3714 | -msgid "" | |
3715 | -"This extension is loaded if `--protocol ipv6-mh' or `--protocol mh' is " | |
3716 | -"specified. It provides the following option:" | |
3717 | -msgstr "" | |
3718 | - | |
3719 | -#. type: TP | |
3720 | -#: original/man8/iptables-extensions.8:711 | |
3721 | -#, no-wrap | |
3722 | -msgid "[B<!>] B<--mh-type> I<type>[B<:>I<type>]" | |
3723 | -msgstr "" | |
3724 | - | |
3725 | -#. type: Plain text | |
3726 | -#: original/man8/iptables-extensions.8:718 | |
3727 | -msgid "" | |
3728 | -"This allows specification of the Mobility Header(MH) type, which can be a " | |
3729 | -"numeric MH I<type>, I<type> or one of the MH type names shown by the command" | |
3730 | -msgstr "" | |
3731 | - | |
3732 | -#. type: Plain text | |
3733 | -#: original/man8/iptables-extensions.8:720 | |
3734 | -#, no-wrap | |
3735 | -msgid " ip6tables -p ipv6-mh -h\n" | |
3736 | -msgstr "" | |
3737 | - | |
3738 | -#. type: SS | |
3739 | -#: original/man8/iptables-extensions.8:721 | |
3740 | -#, no-wrap | |
3741 | -msgid "multiport" | |
3742 | -msgstr "" | |
3743 | - | |
3744 | -#. type: Plain text | |
3745 | -#: original/man8/iptables-extensions.8:728 | |
3746 | -msgid "" | |
3747 | -"This module matches a set of source or destination ports. Up to 15 ports " | |
3748 | -"can be specified. A port range (port:port) counts as two ports. It can " | |
3749 | -"only be used in conjunction with B<-p tcp> or B<-p udp>." | |
3750 | -msgstr "" | |
3751 | - | |
3752 | -#. type: TP | |
3753 | -#: original/man8/iptables-extensions.8:728 | |
3754 | -#, no-wrap | |
3755 | -msgid "" | |
3756 | -"[B<!>] B<--source-ports>,B<--sports> " | |
3757 | -"I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..." | |
3758 | -msgstr "" | |
3759 | - | |
3760 | -#. type: Plain text | |
3761 | -#: original/man8/iptables-extensions.8:736 | |
3762 | -msgid "" | |
3763 | -"Match if the source port is one of the given ports. The flag B<--sports> is " | |
3764 | -"a convenient alias for this option. Multiple ports or port ranges are " | |
3765 | -"separated using a comma, and a port range is specified using a colon. " | |
3766 | -"B<53,1024:65535> would therefore match ports 53 and all from 1024 through " | |
3767 | -"65535." | |
3768 | -msgstr "" | |
3769 | - | |
3770 | -#. type: TP | |
3771 | -#: original/man8/iptables-extensions.8:736 | |
3772 | -#, no-wrap | |
3773 | -msgid "" | |
3774 | -"[B<!>] B<--destination-ports>,B<--dports> " | |
3775 | -"I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..." | |
3776 | -msgstr "" | |
3777 | - | |
3778 | -#. type: Plain text | |
3779 | -#: original/man8/iptables-extensions.8:741 | |
3780 | -msgid "" | |
3781 | -"Match if the destination port is one of the given ports. The flag " | |
3782 | -"B<--dports> is a convenient alias for this option." | |
3783 | -msgstr "" | |
3784 | - | |
3785 | -#. type: TP | |
3786 | -#: original/man8/iptables-extensions.8:741 | |
3787 | -#, no-wrap | |
3788 | -msgid "[B<!>] B<--ports> I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..." | |
3789 | -msgstr "" | |
3790 | - | |
3791 | -#. type: Plain text | |
3792 | -#: original/man8/iptables-extensions.8:745 | |
3793 | -msgid "" | |
3794 | -"Match if either the source or destination ports are equal to one of the " | |
3795 | -"given ports." | |
3796 | -msgstr "" | |
3797 | - | |
3798 | -#. type: SS | |
3799 | -#: original/man8/iptables-extensions.8:745 | |
3800 | -#, no-wrap | |
3801 | -msgid "nfacct" | |
3802 | -msgstr "" | |
3803 | - | |
3804 | -#. type: Plain text | |
3805 | -#: original/man8/iptables-extensions.8:749 | |
3806 | -msgid "" | |
3807 | -"The nfacct match provides the extended accounting infrastructure for " | |
3808 | -"iptables. You have to use this match together with the standalone " | |
3809 | -"user-space utility B<nfacct(8)>" | |
3810 | -msgstr "" | |
3811 | - | |
3812 | -#. type: Plain text | |
3813 | -#: original/man8/iptables-extensions.8:751 | |
3814 | -msgid "The only option available for this match is the following:" | |
3815 | -msgstr "" | |
3816 | - | |
3817 | -#. type: TP | |
3818 | -#: original/man8/iptables-extensions.8:751 | |
3819 | -#, no-wrap | |
3820 | -msgid "B<--nfacct-name> I<name>" | |
3821 | -msgstr "" | |
3822 | - | |
3823 | -#. type: Plain text | |
3824 | -#: original/man8/iptables-extensions.8:755 | |
3825 | -msgid "" | |
3826 | -"This allows you to specify the existing object name that will be use for " | |
3827 | -"accounting the traffic that this rule-set is matching." | |
3828 | -msgstr "" | |
3829 | - | |
3830 | -#. type: Plain text | |
3831 | -#: original/man8/iptables-extensions.8:757 | |
3832 | -msgid "To use this extension, you have to create an accounting object:" | |
3833 | -msgstr "" | |
3834 | - | |
3835 | -#. type: Plain text | |
3836 | -#: original/man8/iptables-extensions.8:759 | |
3837 | -msgid "nfacct add http-traffic" | |
3838 | -msgstr "" | |
3839 | - | |
3840 | -#. type: Plain text | |
3841 | -#: original/man8/iptables-extensions.8:761 | |
3842 | -msgid "Then, you have to attach it to the accounting object via iptables:" | |
3843 | -msgstr "" | |
3844 | - | |
3845 | -#. type: Plain text | |
3846 | -#: original/man8/iptables-extensions.8:763 | |
3847 | -msgid "iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic" | |
3848 | -msgstr "" | |
3849 | - | |
3850 | -#. type: Plain text | |
3851 | -#: original/man8/iptables-extensions.8:765 | |
3852 | -msgid "iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic" | |
3853 | -msgstr "" | |
3854 | - | |
3855 | -#. type: Plain text | |
3856 | -#: original/man8/iptables-extensions.8:767 | |
3857 | -msgid "Then, you can check for the amount of traffic that the rules match:" | |
3858 | -msgstr "" | |
3859 | - | |
3860 | -#. type: Plain text | |
3861 | -#: original/man8/iptables-extensions.8:769 | |
3862 | -msgid "nfacct get http-traffic" | |
3863 | -msgstr "" | |
3864 | - | |
3865 | -#. type: Plain text | |
3866 | -#: original/man8/iptables-extensions.8:771 | |
3867 | -msgid "" | |
3868 | -"{ pkts = 00000000000000000156, bytes = 00000000000000151786 } = " | |
3869 | -"http-traffic;" | |
3870 | -msgstr "" | |
3871 | - | |
3872 | -#. type: Plain text | |
3873 | -#: original/man8/iptables-extensions.8:776 | |
3874 | -msgid "" | |
3875 | -"You can obtain B<nfacct(8)> from http://www.netfilter.org or, alternatively, " | |
3876 | -"from the git.netfilter.org repository." | |
3877 | -msgstr "" | |
3878 | - | |
3879 | -#. type: SS | |
3880 | -#: original/man8/iptables-extensions.8:776 | |
3881 | -#, no-wrap | |
3882 | -msgid "osf" | |
3883 | -msgstr "" | |
3884 | - | |
3885 | -#. type: Plain text | |
3886 | -#: original/man8/iptables-extensions.8:780 | |
3887 | -msgid "" | |
3888 | -"The osf module does passive operating system fingerprinting. This modules " | |
3889 | -"compares some data (Window Size, MSS, options and their order, TTL, DF, and " | |
3890 | -"others) from packets with the SYN bit set." | |
3891 | -msgstr "" | |
3892 | - | |
3893 | -#. type: TP | |
3894 | -#: original/man8/iptables-extensions.8:780 | |
3895 | -#, no-wrap | |
3896 | -msgid "[B<!>] B<--genre> I<string>" | |
3897 | -msgstr "" | |
3898 | - | |
3899 | -#. type: Plain text | |
3900 | -#: original/man8/iptables-extensions.8:783 | |
3901 | -msgid "Match an operating system genre by using a passive fingerprinting." | |
3902 | -msgstr "" | |
3903 | - | |
3904 | -#. type: TP | |
3905 | -#: original/man8/iptables-extensions.8:783 | |
3906 | -#, no-wrap | |
3907 | -msgid "B<--ttl> I<level>" | |
3908 | -msgstr "" | |
3909 | - | |
3910 | -#. type: Plain text | |
3911 | -#: original/man8/iptables-extensions.8:787 | |
3912 | -msgid "" | |
3913 | -"Do additional TTL checks on the packet to determine the operating system. " | |
3914 | -"I<level> can be one of the following values:" | |
3915 | -msgstr "" | |
3916 | - | |
3917 | -#. type: IP | |
3918 | -#: original/man8/iptables-extensions.8:787 original/man8/iptables-extensions.8:790 original/man8/iptables-extensions.8:793 original/man8/iptables-extensions.8:799 original/man8/iptables-extensions.8:801 original/man8/iptables-extensions.8:803 original/man8/iptables-extensions.8:959 original/man8/iptables-extensions.8:961 original/man8/iptables-extensions.8:964 original/man8/iptables-extensions.8:966 original/man8/iptables-extensions.8:969 original/man8/iptables-extensions.8:971 original/man8/iptables-extensions.8:974 original/man8/iptables-extensions.8:977 | |
3919 | -#, no-wrap | |
3920 | -msgid "\\(bu" | |
3921 | -msgstr "" | |
3922 | - | |
3923 | -#. type: Plain text | |
3924 | -#: original/man8/iptables-extensions.8:790 | |
3925 | -msgid "" | |
3926 | -"0 - True IP address and fingerprint TTL comparison. This generally works for " | |
3927 | -"LANs." | |
3928 | -msgstr "" | |
3929 | - | |
3930 | -#. type: Plain text | |
3931 | -#: original/man8/iptables-extensions.8:793 | |
3932 | -msgid "" | |
3933 | -"1 - Check if the IP header's TTL is less than the fingerprint one. Works for " | |
3934 | -"globally-routable addresses." | |
3935 | -msgstr "" | |
3936 | - | |
3937 | -#. type: Plain text | |
3938 | -#: original/man8/iptables-extensions.8:795 | |
3939 | -msgid "2 - Do not compare the TTL at all." | |
3940 | -msgstr "" | |
3941 | - | |
3942 | -#. type: TP | |
3943 | -#: original/man8/iptables-extensions.8:795 | |
3944 | -#, no-wrap | |
3945 | -msgid "B<--log> I<level>" | |
3946 | -msgstr "" | |
3947 | - | |
3948 | -#. type: Plain text | |
3949 | -#: original/man8/iptables-extensions.8:799 | |
3950 | -msgid "" | |
3951 | -"Log determined genres into dmesg even if they do not match the desired one. " | |
3952 | -"I<level> can be one of the following values:" | |
3953 | -msgstr "" | |
3954 | - | |
3955 | -#. type: Plain text | |
3956 | -#: original/man8/iptables-extensions.8:801 | |
3957 | -msgid "0 - Log all matched or unknown signatures" | |
3958 | -msgstr "" | |
3959 | - | |
3960 | -#. type: Plain text | |
3961 | -#: original/man8/iptables-extensions.8:803 | |
3962 | -msgid "1 - Log only the first one" | |
3963 | -msgstr "" | |
3964 | - | |
3965 | -#. type: Plain text | |
3966 | -#: original/man8/iptables-extensions.8:805 | |
3967 | -msgid "2 - Log all known matched signatures" | |
3968 | -msgstr "" | |
3969 | - | |
3970 | -#. type: Plain text | |
3971 | -#: original/man8/iptables-extensions.8:807 | |
3972 | -msgid "You may find something like this in syslog:" | |
3973 | -msgstr "" | |
3974 | - | |
3975 | -#. type: Plain text | |
3976 | -#: original/man8/iptables-extensions.8:810 | |
3977 | -msgid "" | |
3978 | -"Windows [2000:SP3:Windows XP Pro SP1, 2000 SP3]: 11.22.33.55:4024 -E<gt> " | |
3979 | -"11.22.33.44:139 hops=3 Linux [2.5-2.6:] : 1.2.3.4:42624 -E<gt> 1.2.3.5:22 " | |
3980 | -"hops=4" | |
3981 | -msgstr "" | |
3982 | - | |
3983 | -#. type: Plain text | |
3984 | -#: original/man8/iptables-extensions.8:813 | |
3985 | -msgid "" | |
3986 | -"OS fingerprints are loadable using the B<nfnl_osf> program. To load " | |
3987 | -"fingerprints from a file, use:" | |
3988 | -msgstr "" | |
3989 | - | |
3990 | -#. type: Plain text | |
3991 | -#: original/man8/iptables-extensions.8:815 | |
3992 | -msgid "B<nfnl_osf -f /usr/share/xtables/pf.os>" | |
3993 | -msgstr "" | |
3994 | - | |
3995 | -#. type: Plain text | |
3996 | -#: original/man8/iptables-extensions.8:817 | |
3997 | -msgid "To remove them again," | |
3998 | -msgstr "" | |
3999 | - | |
4000 | -#. type: Plain text | |
4001 | -#: original/man8/iptables-extensions.8:819 | |
4002 | -msgid "B<nfnl_osf -f /usr/share/xtables/pf.os -d>" | |
4003 | -msgstr "" | |
4004 | - | |
4005 | -#. type: Plain text | |
4006 | -#: original/man8/iptables-extensions.8:822 | |
4007 | -msgid "" | |
4008 | -"The fingerprint database can be downlaoded from " | |
4009 | -"http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os ." | |
4010 | -msgstr "" | |
4011 | - | |
4012 | -#. type: SS | |
4013 | -#: original/man8/iptables-extensions.8:822 | |
4014 | -#, no-wrap | |
4015 | -msgid "owner" | |
4016 | -msgstr "" | |
4017 | - | |
4018 | -#. type: Plain text | |
4019 | -#: original/man8/iptables-extensions.8:827 | |
4020 | -msgid "" | |
4021 | -"This module attempts to match various characteristics of the packet creator, " | |
4022 | -"for locally generated packets. This match is only valid in the OUTPUT and " | |
4023 | -"POSTROUTING chains. Forwarded packets do not have any socket associated with " | |
4024 | -"them. Packets from kernel threads do have a socket, but usually no owner." | |
4025 | -msgstr "" | |
4026 | - | |
4027 | -#. type: TP | |
4028 | -#: original/man8/iptables-extensions.8:827 | |
4029 | -#, no-wrap | |
4030 | -msgid "[B<!>] B<--uid-owner> I<username>" | |
4031 | -msgstr "" | |
4032 | - | |
4033 | -#. type: TP | |
4034 | -#: original/man8/iptables-extensions.8:829 | |
4035 | -#, no-wrap | |
4036 | -msgid "[B<!>] B<--uid-owner> I<userid>[B<->I<userid>]" | |
4037 | -msgstr "" | |
4038 | - | |
4039 | -#. type: Plain text | |
4040 | -#: original/man8/iptables-extensions.8:833 | |
4041 | -msgid "" | |
4042 | -"Matches if the packet socket's file structure (if it has one) is owned by " | |
4043 | -"the given user. You may also specify a numerical UID, or an UID range." | |
4044 | -msgstr "" | |
4045 | - | |
4046 | -#. type: TP | |
4047 | -#: original/man8/iptables-extensions.8:833 | |
4048 | -#, no-wrap | |
4049 | -msgid "[B<!>] B<--gid-owner> I<groupname>" | |
4050 | -msgstr "" | |
4051 | - | |
4052 | -#. type: TP | |
4053 | -#: original/man8/iptables-extensions.8:835 | |
4054 | -#, no-wrap | |
4055 | -msgid "[B<!>] B<--gid-owner> I<groupid>[B<->I<groupid>]" | |
4056 | -msgstr "" | |
4057 | - | |
4058 | -#. type: Plain text | |
4059 | -#: original/man8/iptables-extensions.8:839 | |
4060 | -msgid "" | |
4061 | -"Matches if the packet socket's file structure is owned by the given group. " | |
4062 | -"You may also specify a numerical GID, or a GID range." | |
4063 | -msgstr "" | |
4064 | - | |
4065 | -#. type: TP | |
4066 | -#: original/man8/iptables-extensions.8:839 | |
4067 | -#, no-wrap | |
4068 | -msgid "[B<!>] B<--socket-exists>" | |
4069 | -msgstr "" | |
4070 | - | |
4071 | -#. type: Plain text | |
4072 | -#: original/man8/iptables-extensions.8:842 | |
4073 | -msgid "Matches if the packet is associated with a socket." | |
4074 | -msgstr "" | |
4075 | - | |
4076 | -#. type: SS | |
4077 | -#: original/man8/iptables-extensions.8:842 | |
4078 | -#, no-wrap | |
4079 | -msgid "physdev" | |
4080 | -msgstr "" | |
4081 | - | |
4082 | -#. type: Plain text | |
4083 | -#: original/man8/iptables-extensions.8:847 | |
4084 | -msgid "" | |
4085 | -"This module matches on the bridge port input and output devices enslaved to " | |
4086 | -"a bridge device. This module is a part of the infrastructure that enables a " | |
4087 | -"transparent bridging IP firewall and is only useful for kernel versions " | |
4088 | -"above version 2.5.44." | |
4089 | -msgstr "" | |
4090 | - | |
4091 | -#. type: TP | |
4092 | -#: original/man8/iptables-extensions.8:847 | |
4093 | -#, no-wrap | |
4094 | -msgid "[B<!>] B<--physdev-in> I<name>" | |
4095 | -msgstr "" | |
4096 | - | |
4097 | -#. type: Plain text | |
4098 | -#: original/man8/iptables-extensions.8:858 | |
4099 | -msgid "" | |
4100 | -"Name of a bridge port via which a packet is received (only for packets " | |
4101 | -"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). If the " | |
4102 | -"interface name ends in a \"+\", then any interface which begins with this " | |
4103 | -"name will match. If the packet didn't arrive through a bridge device, this " | |
4104 | -"packet won't match this option, unless '!' is used." | |
4105 | -msgstr "" | |
4106 | - | |
4107 | -#. type: TP | |
4108 | -#: original/man8/iptables-extensions.8:858 | |
4109 | -#, no-wrap | |
4110 | -msgid "[B<!>] B<--physdev-out> I<name>" | |
4111 | -msgstr "" | |
4112 | - | |
4113 | -#. type: Plain text | |
4114 | -#: original/man8/iptables-extensions.8:875 | |
4115 | -msgid "" | |
4116 | -"Name of a bridge port via which a packet is going to be sent (for packets " | |
4117 | -"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). If the " | |
4118 | -"interface name ends in a \"+\", then any interface which begins with this " | |
4119 | -"name will match. Note that in the B<nat> and B<mangle> B<OUTPUT> chains one " | |
4120 | -"cannot match on the bridge output port, however one can in the B<filter " | |
4121 | -"OUTPUT> chain. If the packet won't leave by a bridge device or if it is yet " | |
4122 | -"unknown what the output device will be, then the packet won't match this " | |
4123 | -"option, unless '!' is used." | |
4124 | -msgstr "" | |
4125 | - | |
4126 | -#. type: TP | |
4127 | -#: original/man8/iptables-extensions.8:875 | |
4128 | -#, no-wrap | |
4129 | -msgid "[B<!>] B<--physdev-is-in>" | |
4130 | -msgstr "" | |
4131 | - | |
4132 | -#. type: Plain text | |
4133 | -#: original/man8/iptables-extensions.8:878 | |
4134 | -msgid "Matches if the packet has entered through a bridge interface." | |
4135 | -msgstr "" | |
4136 | - | |
4137 | -#. type: TP | |
4138 | -#: original/man8/iptables-extensions.8:878 | |
4139 | -#, no-wrap | |
4140 | -msgid "[B<!>] B<--physdev-is-out>" | |
4141 | -msgstr "" | |
4142 | - | |
4143 | -#. type: Plain text | |
4144 | -#: original/man8/iptables-extensions.8:881 | |
4145 | -msgid "Matches if the packet will leave through a bridge interface." | |
4146 | -msgstr "" | |
4147 | - | |
4148 | -#. type: TP | |
4149 | -#: original/man8/iptables-extensions.8:881 | |
4150 | -#, no-wrap | |
4151 | -msgid "[B<!>] B<--physdev-is-bridged>" | |
4152 | -msgstr "" | |
4153 | - | |
4154 | -#. type: Plain text | |
4155 | -#: original/man8/iptables-extensions.8:885 | |
4156 | -msgid "" | |
4157 | -"Matches if the packet is being bridged and therefore is not being routed. " | |
4158 | -"This is only useful in the FORWARD and POSTROUTING chains." | |
4159 | -msgstr "" | |
4160 | - | |
4161 | -#. type: SS | |
4162 | -#: original/man8/iptables-extensions.8:885 | |
4163 | -#, no-wrap | |
4164 | -msgid "pkttype" | |
4165 | -msgstr "" | |
4166 | - | |
4167 | -#. type: Plain text | |
4168 | -#: original/man8/iptables-extensions.8:887 | |
4169 | -msgid "This module matches the link-layer packet type." | |
4170 | -msgstr "" | |
4171 | - | |
4172 | -#. type: TP | |
4173 | -#: original/man8/iptables-extensions.8:887 | |
4174 | -#, no-wrap | |
4175 | -msgid "[B<!>] B<--pkt-type> {B<unicast>|B<broadcast>|B<multicast>}" | |
4176 | -msgstr "" | |
4177 | - | |
4178 | -#. type: SS | |
4179 | -#: original/man8/iptables-extensions.8:889 | |
4180 | -#, no-wrap | |
4181 | -msgid "policy" | |
4182 | -msgstr "" | |
4183 | - | |
4184 | -#. type: Plain text | |
4185 | -#: original/man8/iptables-extensions.8:891 | |
4186 | -msgid "This modules matches the policy used by IPsec for handling a packet." | |
4187 | -msgstr "" | |
4188 | - | |
4189 | -#. type: TP | |
4190 | -#: original/man8/iptables-extensions.8:891 | |
4191 | -#, no-wrap | |
4192 | -msgid "B<--dir> {B<in>|B<out>}" | |
4193 | -msgstr "" | |
4194 | - | |
4195 | -#. type: Plain text | |
4196 | -#: original/man8/iptables-extensions.8:903 | |
4197 | -msgid "" | |
4198 | -"Used to select whether to match the policy used for decapsulation or the " | |
4199 | -"policy that will be used for encapsulation. B<in> is valid in the " | |
4200 | -"B<PREROUTING, INPUT and FORWARD> chains, B<out> is valid in the " | |
4201 | -"B<POSTROUTING, OUTPUT and FORWARD> chains." | |
4202 | -msgstr "" | |
4203 | - | |
4204 | -#. type: TP | |
4205 | -#: original/man8/iptables-extensions.8:903 | |
4206 | -#, no-wrap | |
4207 | -msgid "B<--pol> {B<none>|B<ipsec>}" | |
4208 | -msgstr "" | |
4209 | - | |
4210 | -#. type: Plain text | |
4211 | -#: original/man8/iptables-extensions.8:907 | |
4212 | -msgid "" | |
4213 | -"Matches if the packet is subject to IPsec processing. B<--pol none> cannot " | |
4214 | -"be combined with B<--strict>." | |
4215 | -msgstr "" | |
4216 | - | |
4217 | -#. type: TP | |
4218 | -#: original/man8/iptables-extensions.8:907 | |
4219 | -#, no-wrap | |
4220 | -msgid "B<--strict>" | |
4221 | -msgstr "" | |
4222 | - | |
4223 | -#. type: Plain text | |
4224 | -#: original/man8/iptables-extensions.8:911 | |
4225 | -msgid "" | |
4226 | -"Selects whether to match the exact policy or match if any rule of the policy " | |
4227 | -"matches the given policy." | |
4228 | -msgstr "" | |
4229 | - | |
4230 | -#. type: Plain text | |
4231 | -#: original/man8/iptables-extensions.8:915 | |
4232 | -msgid "" | |
4233 | -"For each policy element that is to be described, one can use one or more of " | |
4234 | -"the following options. When B<--strict> is in effect, at least one must be " | |
4235 | -"used per element." | |
4236 | -msgstr "" | |
4237 | - | |
4238 | -#. type: TP | |
4239 | -#: original/man8/iptables-extensions.8:915 | |
4240 | -#, no-wrap | |
4241 | -msgid "[B<!>] B<--reqid> I<id>" | |
4242 | -msgstr "" | |
4243 | - | |
4244 | -#. type: Plain text | |
4245 | -#: original/man8/iptables-extensions.8:922 | |
4246 | -msgid "" | |
4247 | -"Matches the reqid of the policy rule. The reqid can be specified with " | |
4248 | -"B<setkey(8)> using B<unique:id> as level." | |
4249 | -msgstr "" | |
4250 | - | |
4251 | -#. type: TP | |
4252 | -#: original/man8/iptables-extensions.8:922 | |
4253 | -#, no-wrap | |
4254 | -msgid "[B<!>] B<--spi> I<spi>" | |
4255 | -msgstr "" | |
4256 | - | |
4257 | -#. type: Plain text | |
4258 | -#: original/man8/iptables-extensions.8:925 | |
4259 | -msgid "Matches the SPI of the SA." | |
4260 | -msgstr "" | |
4261 | - | |
4262 | -#. type: TP | |
4263 | -#: original/man8/iptables-extensions.8:925 | |
4264 | -#, no-wrap | |
4265 | -msgid "[B<!>] B<--proto> {B<ah>|B<esp>|B<ipcomp>}" | |
4266 | -msgstr "" | |
4267 | - | |
4268 | -#. type: Plain text | |
4269 | -#: original/man8/iptables-extensions.8:928 | |
4270 | -msgid "Matches the encapsulation protocol." | |
4271 | -msgstr "" | |
4272 | - | |
4273 | -#. type: TP | |
4274 | -#: original/man8/iptables-extensions.8:928 | |
4275 | -#, no-wrap | |
4276 | -msgid "[B<!>] B<--mode> {B<tunnel>|B<transport>}" | |
4277 | -msgstr "" | |
4278 | - | |
4279 | -#. type: Plain text | |
4280 | -#: original/man8/iptables-extensions.8:931 | |
4281 | -msgid "Matches the encapsulation mode." | |
4282 | -msgstr "" | |
4283 | - | |
4284 | -#. type: TP | |
4285 | -#: original/man8/iptables-extensions.8:931 | |
4286 | -#, no-wrap | |
4287 | -msgid "[B<!>] B<--tunnel-src> I<addr>[B</>I<mask>]" | |
4288 | -msgstr "" | |
4289 | - | |
4290 | -#. type: Plain text | |
4291 | -#: original/man8/iptables-extensions.8:935 | |
4292 | -msgid "" | |
4293 | -"Matches the source end-point address of a tunnel mode SA. Only valid with " | |
4294 | -"B<--mode tunnel>." | |
4295 | -msgstr "" | |
4296 | - | |
4297 | -#. type: TP | |
4298 | -#: original/man8/iptables-extensions.8:935 | |
4299 | -#, no-wrap | |
4300 | -msgid "[B<!>] B<--tunnel-dst> I<addr>[B</>I<mask>]" | |
4301 | -msgstr "" | |
4302 | - | |
4303 | -#. type: Plain text | |
4304 | -#: original/man8/iptables-extensions.8:939 | |
4305 | -msgid "" | |
4306 | -"Matches the destination end-point address of a tunnel mode SA. Only valid " | |
4307 | -"with B<--mode tunnel>." | |
4308 | -msgstr "" | |
4309 | - | |
4310 | -#. type: TP | |
4311 | -#: original/man8/iptables-extensions.8:939 | |
4312 | -#, no-wrap | |
4313 | -msgid "B<--next>" | |
4314 | -msgstr "" | |
4315 | - | |
4316 | -#. type: Plain text | |
4317 | -#: original/man8/iptables-extensions.8:943 | |
4318 | -msgid "" | |
4319 | -"Start the next element in the policy specification. Can only be used with " | |
4320 | -"B<--strict>." | |
4321 | -msgstr "" | |
4322 | - | |
4323 | -#. type: SS | |
4324 | -#: original/man8/iptables-extensions.8:943 | |
4325 | -#, no-wrap | |
4326 | -msgid "quota" | |
4327 | -msgstr "" | |
4328 | - | |
4329 | -#. type: Plain text | |
4330 | -#: original/man8/iptables-extensions.8:948 | |
4331 | -msgid "" | |
4332 | -"Implements network quotas by decrementing a byte counter with each " | |
4333 | -"packet. The condition matches until the byte counter reaches zero. Behavior " | |
4334 | -"is reversed with negation (i.e. the condition does not match until the byte " | |
4335 | -"counter reaches zero)." | |
4336 | -msgstr "" | |
4337 | - | |
4338 | -#. type: TP | |
4339 | -#: original/man8/iptables-extensions.8:948 | |
4340 | -#, no-wrap | |
4341 | -msgid "[B<!>] B<--quota> I<bytes>" | |
4342 | -msgstr "" | |
4343 | - | |
4344 | -#. type: Plain text | |
4345 | -#: original/man8/iptables-extensions.8:951 | |
4346 | -msgid "The quota in bytes." | |
4347 | -msgstr "" | |
4348 | - | |
4349 | -#. type: SS | |
4350 | -#: original/man8/iptables-extensions.8:951 | |
4351 | -#, no-wrap | |
4352 | -msgid "rateest" | |
4353 | -msgstr "" | |
4354 | - | |
4355 | -#. type: Plain text | |
4356 | -#: original/man8/iptables-extensions.8:955 | |
4357 | -msgid "" | |
4358 | -"The rate estimator can match on estimated rates as collected by the RATEEST " | |
4359 | -"target. It supports matching on absolute bps/pps values, comparing two rate " | |
4360 | -"estimators and matching on the difference between two rate estimators." | |
4361 | -msgstr "" | |
4362 | - | |
4363 | -#. * Absolute: | |
4364 | -#. type: Plain text | |
4365 | -#: original/man8/iptables-extensions.8:959 | |
4366 | -msgid "" | |
4367 | -"For a better understanding of the available options, these are all possible " | |
4368 | -"combinations:" | |
4369 | -msgstr "" | |
4370 | - | |
4371 | -#. type: Plain text | |
4372 | -#: original/man8/iptables-extensions.8:961 | |
4373 | -msgid "B<rateest> I<operator> B<rateest-bps>" | |
4374 | -msgstr "" | |
4375 | - | |
4376 | -#. * Absolute + Delta: | |
4377 | -#. type: Plain text | |
4378 | -#: original/man8/iptables-extensions.8:964 | |
4379 | -msgid "B<rateest> I<operator> B<rateest-pps>" | |
4380 | -msgstr "" | |
4381 | - | |
4382 | -#. type: Plain text | |
4383 | -#: original/man8/iptables-extensions.8:966 | |
4384 | -msgid "(B<rateest> minus B<rateest-bps1>) I<operator> B<rateest-bps2>" | |
4385 | -msgstr "" | |
4386 | - | |
4387 | -#. * Relative: | |
4388 | -#. type: Plain text | |
4389 | -#: original/man8/iptables-extensions.8:969 | |
4390 | -msgid "(B<rateest> minus B<rateest-pps1>) I<operator> B<rateest-pps2>" | |
4391 | -msgstr "" | |
4392 | - | |
4393 | -#. type: Plain text | |
4394 | -#: original/man8/iptables-extensions.8:971 | |
4395 | -msgid "B<rateest1> I<operator> B<rateest2> B<rateest-bps>(without rate!)" | |
4396 | -msgstr "" | |
4397 | - | |
4398 | -#. * Relative + Delta: | |
4399 | -#. type: Plain text | |
4400 | -#: original/man8/iptables-extensions.8:974 | |
4401 | -msgid "B<rateest1> I<operator> B<rateest2> B<rateest-pps>(without rate!)" | |
4402 | -msgstr "" | |
4403 | - | |
4404 | -#. type: Plain text | |
4405 | -#: original/man8/iptables-extensions.8:977 | |
4406 | -msgid "" | |
4407 | -"(B<rateest1> minus B<rateest-bps1>) I<operator> (B<rateest2> minus " | |
4408 | -"B<rateest-bps2>)" | |
4409 | -msgstr "" | |
4410 | - | |
4411 | -#. type: Plain text | |
4412 | -#: original/man8/iptables-extensions.8:980 | |
4413 | -msgid "" | |
4414 | -"(B<rateest1> minus B<rateest-pps1>) I<operator> (B<rateest2> minus " | |
4415 | -"B<rateest-pps2>)" | |
4416 | -msgstr "" | |
4417 | - | |
4418 | -#. type: TP | |
4419 | -#: original/man8/iptables-extensions.8:980 | |
4420 | -#, no-wrap | |
4421 | -msgid "B<--rateest-delta>" | |
4422 | -msgstr "" | |
4423 | - | |
4424 | -#. type: Plain text | |
4425 | -#: original/man8/iptables-extensions.8:987 | |
4426 | -msgid "" | |
4427 | -"For each estimator (either absolute or relative mode), calculate the " | |
4428 | -"difference between the estimator-determined flow rate and the static value " | |
4429 | -"chosen with the BPS/PPS options. If the flow rate is higher than the " | |
4430 | -"specified BPS/PPS, 0 will be used instead of a negative value. In other " | |
4431 | -"words, \"max(0, rateest#_rate - rateest#_bps)\" is used." | |
4432 | -msgstr "" | |
4433 | - | |
4434 | -#. type: TP | |
4435 | -#: original/man8/iptables-extensions.8:987 | |
4436 | -#, no-wrap | |
4437 | -msgid "[B<!>] B<--rateest-lt>" | |
4438 | -msgstr "" | |
4439 | - | |
4440 | -#. type: Plain text | |
4441 | -#: original/man8/iptables-extensions.8:990 | |
4442 | -msgid "Match if rate is less than given rate/estimator." | |
4443 | -msgstr "" | |
4444 | - | |
4445 | -#. type: TP | |
4446 | -#: original/man8/iptables-extensions.8:990 | |
4447 | -#, no-wrap | |
4448 | -msgid "[B<!>] B<--rateest-gt>" | |
4449 | -msgstr "" | |
4450 | - | |
4451 | -#. type: Plain text | |
4452 | -#: original/man8/iptables-extensions.8:993 | |
4453 | -msgid "Match if rate is greater than given rate/estimator." | |
4454 | -msgstr "" | |
4455 | - | |
4456 | -#. type: TP | |
4457 | -#: original/man8/iptables-extensions.8:993 | |
4458 | -#, no-wrap | |
4459 | -msgid "[B<!>] B<--rateest-eq>" | |
4460 | -msgstr "" | |
4461 | - | |
4462 | -#. type: Plain text | |
4463 | -#: original/man8/iptables-extensions.8:996 | |
4464 | -msgid "Match if rate is equal to given rate/estimator." | |
4465 | -msgstr "" | |
4466 | - | |
4467 | -#. type: Plain text | |
4468 | -#: original/man8/iptables-extensions.8:1000 | |
4469 | -msgid "" | |
4470 | -"In the so-called \"absolute mode\", only one rate estimator is used and " | |
4471 | -"compared against a static value, while in \"relative mode\", two rate " | |
4472 | -"estimators are compared against another." | |
4473 | -msgstr "" | |
4474 | - | |
4475 | -#. type: TP | |
4476 | -#: original/man8/iptables-extensions.8:1000 | |
4477 | -#, no-wrap | |
4478 | -msgid "B<--rateest> I<name>" | |
4479 | -msgstr "" | |
4480 | - | |
4481 | -#. type: Plain text | |
4482 | -#: original/man8/iptables-extensions.8:1003 | |
4483 | -msgid "Name of the one rate estimator for absolute mode." | |
4484 | -msgstr "" | |
4485 | - | |
4486 | -#. type: TP | |
4487 | -#: original/man8/iptables-extensions.8:1003 | |
4488 | -#, no-wrap | |
4489 | -msgid "B<--rateest1> I<name>" | |
4490 | -msgstr "" | |
4491 | - | |
4492 | -#. type: TP | |
4493 | -#: original/man8/iptables-extensions.8:1005 | |
4494 | -#, no-wrap | |
4495 | -msgid "B<--rateest2> I<name>" | |
4496 | -msgstr "" | |
4497 | - | |
4498 | -#. type: Plain text | |
4499 | -#: original/man8/iptables-extensions.8:1008 | |
4500 | -msgid "The names of the two rate estimators for relative mode." | |
4501 | -msgstr "" | |
4502 | - | |
4503 | -#. type: TP | |
4504 | -#: original/man8/iptables-extensions.8:1008 | |
4505 | -#, no-wrap | |
4506 | -msgid "B<--rateest-bps> [I<value>]" | |
4507 | -msgstr "" | |
4508 | - | |
4509 | -#. type: TP | |
4510 | -#: original/man8/iptables-extensions.8:1010 | |
4511 | -#, no-wrap | |
4512 | -msgid "B<--rateest-pps> [I<value>]" | |
4513 | -msgstr "" | |
4514 | - | |
4515 | -#. type: TP | |
4516 | -#: original/man8/iptables-extensions.8:1012 | |
4517 | -#, no-wrap | |
4518 | -msgid "B<--rateest-bps1> [I<value>]" | |
4519 | -msgstr "" | |
4520 | - | |
4521 | -#. type: TP | |
4522 | -#: original/man8/iptables-extensions.8:1014 | |
4523 | -#, no-wrap | |
4524 | -msgid "B<--rateest-bps2> [I<value>]" | |
4525 | -msgstr "" | |
4526 | - | |
4527 | -#. type: TP | |
4528 | -#: original/man8/iptables-extensions.8:1016 | |
4529 | -#, no-wrap | |
4530 | -msgid "B<--rateest-pps1> [I<value>]" | |
4531 | -msgstr "" | |
4532 | - | |
4533 | -#. type: TP | |
4534 | -#: original/man8/iptables-extensions.8:1018 | |
4535 | -#, no-wrap | |
4536 | -msgid "B<--rateest-pps2> [I<value>]" | |
4537 | -msgstr "" | |
4538 | - | |
4539 | -#. type: Plain text | |
4540 | -#: original/man8/iptables-extensions.8:1024 | |
4541 | -msgid "" | |
4542 | -"Compare the estimator(s) by bytes or packets per second, and compare against " | |
4543 | -"the chosen value. See the above bullet list for which option is to be used " | |
4544 | -"in which case. A unit suffix may be used - available ones are: bit, " | |
4545 | -"[kmgt]bit, [KMGT]ibit, Bps, [KMGT]Bps, [KMGT]iBps." | |
4546 | -msgstr "" | |
4547 | - | |
4548 | -#. type: Plain text | |
4549 | -#: original/man8/iptables-extensions.8:1028 | |
4550 | -msgid "" | |
4551 | -"Example: This is what can be used to route outgoing data connections from an " | |
4552 | -"FTP server over two lines based on the available bandwidth at the time the " | |
4553 | -"data connection was started:" | |
4554 | -msgstr "" | |
4555 | - | |
4556 | -#. type: Plain text | |
4557 | -#: original/man8/iptables-extensions.8:1030 | |
4558 | -msgid "# Estimate outgoing rates" | |
4559 | -msgstr "" | |
4560 | - | |
4561 | -#. type: Plain text | |
4562 | -#: original/man8/iptables-extensions.8:1033 | |
4563 | -msgid "" | |
4564 | -"iptables -t mangle -A POSTROUTING -o eth0 -j RATEEST --rateest-name eth0 " | |
4565 | -"--rateest-interval 250ms --rateest-ewma 0.5s" | |
4566 | -msgstr "" | |
4567 | - | |
4568 | -#. type: Plain text | |
4569 | -#: original/man8/iptables-extensions.8:1036 | |
4570 | -msgid "" | |
4571 | -"iptables -t mangle -A POSTROUTING -o ppp0 -j RATEEST --rateest-name ppp0 " | |
4572 | -"--rateest-interval 250ms --rateest-ewma 0.5s" | |
4573 | -msgstr "" | |
4574 | - | |
4575 | -#. type: Plain text | |
4576 | -#: original/man8/iptables-extensions.8:1038 | |
4577 | -msgid "# Mark based on available bandwidth" | |
4578 | -msgstr "" | |
4579 | - | |
4580 | -#. type: Plain text | |
4581 | -#: original/man8/iptables-extensions.8:1042 | |
4582 | -msgid "" | |
4583 | -"iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper " | |
4584 | -"ftp -m rateest --rateest-delta --rateest1 eth0 --rateest-bps1 2.5mbit " | |
4585 | -"--rateest-gt --rateest2 ppp0 --rateest-bps2 2mbit -j CONNMARK --set-mark 1" | |
4586 | -msgstr "" | |
4587 | - | |
4588 | -#. type: Plain text | |
4589 | -#: original/man8/iptables-extensions.8:1046 | |
4590 | -msgid "" | |
4591 | -"iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper " | |
4592 | -"ftp -m rateest --rateest-delta --rateest1 ppp0 --rateest-bps1 2mbit " | |
4593 | -"--rateest-gt --rateest2 eth0 --rateest-bps2 2.5mbit -j CONNMARK --set-mark 2" | |
4594 | -msgstr "" | |
4595 | - | |
4596 | -#. type: Plain text | |
4597 | -#: original/man8/iptables-extensions.8:1048 | |
4598 | -msgid "iptables -t mangle -A balance -j CONNMARK --restore-mark" | |
4599 | -msgstr "" | |
4600 | - | |
4601 | -#. type: SS | |
4602 | -#: original/man8/iptables-extensions.8:1048 | |
4603 | -#, no-wrap | |
4604 | -msgid "realm (IPv4-specific)" | |
4605 | -msgstr "" | |
4606 | - | |
4607 | -#. type: Plain text | |
4608 | -#: original/man8/iptables-extensions.8:1051 | |
4609 | -msgid "" | |
4610 | -"This matches the routing realm. Routing realms are used in complex routing " | |
4611 | -"setups involving dynamic routing protocols like BGP." | |
4612 | -msgstr "" | |
4613 | - | |
4614 | -#. type: TP | |
4615 | -#: original/man8/iptables-extensions.8:1051 | |
4616 | -#, no-wrap | |
4617 | -msgid "[B<!>] B<--realm> I<value>[B</>I<mask>]" | |
4618 | -msgstr "" | |
4619 | - | |
4620 | -#. type: Plain text | |
4621 | -#: original/man8/iptables-extensions.8:1056 | |
4622 | -msgid "" | |
4623 | -"Matches a given realm number (and optionally mask). If not a number, value " | |
4624 | -"can be a named realm from /etc/iproute2/rt_realms (mask can not be used in " | |
4625 | -"that case)." | |
4626 | -msgstr "" | |
4627 | - | |
4628 | -#. type: SS | |
4629 | -#: original/man8/iptables-extensions.8:1056 | |
4630 | -#, no-wrap | |
4631 | -msgid "recent" | |
4632 | -msgstr "" | |
4633 | - | |
4634 | -#. type: Plain text | |
4635 | -#: original/man8/iptables-extensions.8:1059 | |
4636 | -msgid "" | |
4637 | -"Allows you to dynamically create a list of IP addresses and then match " | |
4638 | -"against that list in a few different ways." | |
4639 | -msgstr "" | |
4640 | - | |
4641 | -#. type: Plain text | |
4642 | -#: original/man8/iptables-extensions.8:1063 | |
4643 | -msgid "" | |
4644 | -"For example, you can create a \"badguy\" list out of people attempting to " | |
4645 | -"connect to port 139 on your firewall and then DROP all future packets from " | |
4646 | -"them without considering them." | |
4647 | -msgstr "" | |
4648 | - | |
4649 | -#. type: Plain text | |
4650 | -#: original/man8/iptables-extensions.8:1066 | |
4651 | -msgid "B<--set>, B<--rcheck>, B<--update> and B<--remove> are mutually exclusive." | |
4652 | -msgstr "" | |
4653 | - | |
4654 | -#. type: TP | |
4655 | -#: original/man8/iptables-extensions.8:1066 | |
4656 | -#, no-wrap | |
4657 | -msgid "B<--name> I<name>" | |
4658 | -msgstr "" | |
4659 | - | |
4660 | -#. type: Plain text | |
4661 | -#: original/man8/iptables-extensions.8:1070 | |
4662 | -msgid "" | |
4663 | -"Specify the list to use for the commands. If no name is given then " | |
4664 | -"B<DEFAULT> will be used." | |
4665 | -msgstr "" | |
4666 | - | |
4667 | -#. type: TP | |
4668 | -#: original/man8/iptables-extensions.8:1070 | |
4669 | -#, no-wrap | |
4670 | -msgid "[B<!>] B<--set>" | |
4671 | -msgstr "" | |
4672 | - | |
4673 | -#. type: Plain text | |
4674 | -#: original/man8/iptables-extensions.8:1075 | |
4675 | -msgid "" | |
4676 | -"This will add the source address of the packet to the list. If the source " | |
4677 | -"address is already in the list, this will update the existing entry. This " | |
4678 | -"will always return success (or failure if B<!> is passed in)." | |
4679 | -msgstr "" | |
4680 | - | |
4681 | -#. type: TP | |
4682 | -#: original/man8/iptables-extensions.8:1075 | |
4683 | -#, no-wrap | |
4684 | -msgid "B<--rsource>" | |
4685 | -msgstr "" | |
4686 | - | |
4687 | -#. type: Plain text | |
4688 | -#: original/man8/iptables-extensions.8:1079 | |
4689 | -msgid "" | |
4690 | -"Match/save the source address of each packet in the recent list table. This " | |
4691 | -"is the default." | |
4692 | -msgstr "" | |
4693 | - | |
4694 | -#. type: TP | |
4695 | -#: original/man8/iptables-extensions.8:1079 | |
4696 | -#, no-wrap | |
4697 | -msgid "B<--rdest>" | |
4698 | -msgstr "" | |
4699 | - | |
4700 | -#. type: Plain text | |
4701 | -#: original/man8/iptables-extensions.8:1082 | |
4702 | -msgid "Match/save the destination address of each packet in the recent list table." | |
4703 | -msgstr "" | |
4704 | - | |
4705 | -#. type: TP | |
4706 | -#: original/man8/iptables-extensions.8:1082 | |
4707 | -#, no-wrap | |
4708 | -msgid "B<--mask>netmask" | |
4709 | -msgstr "" | |
4710 | - | |
4711 | -#. type: Plain text | |
4712 | -#: original/man8/iptables-extensions.8:1085 | |
4713 | -msgid "Netmask that will be applied to this recent list." | |
4714 | -msgstr "" | |
4715 | - | |
4716 | -#. type: TP | |
4717 | -#: original/man8/iptables-extensions.8:1085 | |
4718 | -#, no-wrap | |
4719 | -msgid "[B<!>] B<--rcheck>" | |
4720 | -msgstr "" | |
4721 | - | |
4722 | -#. type: Plain text | |
4723 | -#: original/man8/iptables-extensions.8:1088 | |
4724 | -msgid "Check if the source address of the packet is currently in the list." | |
4725 | -msgstr "" | |
4726 | - | |
4727 | -#. type: TP | |
4728 | -#: original/man8/iptables-extensions.8:1088 | |
4729 | -#, no-wrap | |
4730 | -msgid "[B<!>] B<--update>" | |
4731 | -msgstr "" | |
4732 | - | |
4733 | -#. type: Plain text | |
4734 | -#: original/man8/iptables-extensions.8:1092 | |
4735 | -msgid "" | |
4736 | -"Like B<--rcheck>, except it will update the \"last seen\" timestamp if it " | |
4737 | -"matches." | |
4738 | -msgstr "" | |
4739 | - | |
4740 | -#. type: TP | |
4741 | -#: original/man8/iptables-extensions.8:1092 | |
4742 | -#, no-wrap | |
4743 | -msgid "[B<!>] B<--remove>" | |
4744 | -msgstr "" | |
4745 | - | |
4746 | -#. type: Plain text | |
4747 | -#: original/man8/iptables-extensions.8:1097 | |
4748 | -msgid "" | |
4749 | -"Check if the source address of the packet is currently in the list and if so " | |
4750 | -"that address will be removed from the list and the rule will return true. If " | |
4751 | -"the address is not found, false is returned." | |
4752 | -msgstr "" | |
4753 | - | |
4754 | -#. type: TP | |
4755 | -#: original/man8/iptables-extensions.8:1097 | |
4756 | -#, no-wrap | |
4757 | -msgid "B<--seconds> I<seconds>" | |
4758 | -msgstr "" | |
4759 | - | |
4760 | -#. type: Plain text | |
4761 | -#: original/man8/iptables-extensions.8:1102 | |
4762 | -msgid "" | |
4763 | -"This option must be used in conjunction with one of B<--rcheck> or " | |
4764 | -"B<--update>. When used, this will narrow the match to only happen when the " | |
4765 | -"address is in the list and was seen within the last given number of seconds." | |
4766 | -msgstr "" | |
4767 | - | |
4768 | -#. type: TP | |
4769 | -#: original/man8/iptables-extensions.8:1102 | |
4770 | -#, no-wrap | |
4771 | -msgid "B<--reap>" | |
4772 | -msgstr "" | |
4773 | - | |
4774 | -#. type: Plain text | |
4775 | -#: original/man8/iptables-extensions.8:1107 | |
4776 | -msgid "" | |
4777 | -"This option can only be used in conjunction with B<--seconds>. When used, " | |
4778 | -"this will cause entries older than the last given number of seconds to be " | |
4779 | -"purged." | |
4780 | -msgstr "" | |
4781 | - | |
4782 | -#. type: TP | |
4783 | -#: original/man8/iptables-extensions.8:1107 | |
4784 | -#, no-wrap | |
4785 | -msgid "B<--hitcount> I<hits>" | |
4786 | -msgstr "" | |
4787 | - | |
4788 | -#. type: Plain text | |
4789 | -#: original/man8/iptables-extensions.8:1117 | |
4790 | -msgid "" | |
4791 | -"This option must be used in conjunction with one of B<--rcheck> or " | |
4792 | -"B<--update>. When used, this will narrow the match to only happen when the " | |
4793 | -"address is in the list and packets had been received greater than or equal " | |
4794 | -"to the given value. This option may be used along with B<--seconds> to " | |
4795 | -"create an even narrower match requiring a certain number of hits within a " | |
4796 | -"specific time frame. The maximum value for the hitcount parameter is given " | |
4797 | -"by the \"ip_pkt_list_tot\" parameter of the xt_recent kernel " | |
4798 | -"module. Exceeding this value on the command line will cause the rule to be " | |
4799 | -"rejected." | |
4800 | -msgstr "" | |
4801 | - | |
4802 | -#. type: TP | |
4803 | -#: original/man8/iptables-extensions.8:1117 | |
4804 | -#, no-wrap | |
4805 | -msgid "B<--rttl>" | |
4806 | -msgstr "" | |
4807 | - | |
4808 | -#. type: Plain text | |
4809 | -#: original/man8/iptables-extensions.8:1125 | |
4810 | -msgid "" | |
4811 | -"This option may only be used in conjunction with one of B<--rcheck> or " | |
4812 | -"B<--update>. When used, this will narrow the match to only happen when the " | |
4813 | -"address is in the list and the TTL of the current packet matches that of the " | |
4814 | -"packet which hit the B<--set> rule. This may be useful if you have problems " | |
4815 | -"with people faking their source address in order to DoS you via this module " | |
4816 | -"by disallowing others access to your site by sending bogus packets to you." | |
4817 | -msgstr "" | |
4818 | - | |
4819 | -#. type: Plain text | |
4820 | -#: original/man8/iptables-extensions.8:1129 | |
4821 | -msgid "iptables -A FORWARD -m recent --name badguy --rcheck --seconds 60 -j DROP" | |
4822 | -msgstr "" | |
4823 | - | |
4824 | -#. type: Plain text | |
4825 | -#: original/man8/iptables-extensions.8:1131 | |
4826 | -msgid "" | |
4827 | -"iptables -A FORWARD -p tcp -i eth0 --dport 139 -m recent --name badguy --set " | |
4828 | -"-j DROP" | |
4829 | -msgstr "" | |
4830 | - | |
4831 | -#. type: Plain text | |
4832 | -#: original/man8/iptables-extensions.8:1134 | |
4833 | -msgid "" | |
4834 | -"Steve's ipt_recent website (http://snowman.net/projects/ipt_recent/) also " | |
4835 | -"has some examples of usage." | |
4836 | -msgstr "" | |
4837 | - | |
4838 | -#. type: Plain text | |
4839 | -#: original/man8/iptables-extensions.8:1137 | |
4840 | -msgid "" | |
4841 | -"B</proc/net/xt_recent/*> are the current lists of addresses and information " | |
4842 | -"about each entry of each list." | |
4843 | -msgstr "" | |
4844 | - | |
4845 | -#. type: Plain text | |
4846 | -#: original/man8/iptables-extensions.8:1140 | |
4847 | -msgid "" | |
4848 | -"Each file in B</proc/net/xt_recent/> can be read from to see the current " | |
4849 | -"list or written two using the following commands to modify the list:" | |
4850 | -msgstr "" | |
4851 | - | |
4852 | -#. type: TP | |
4853 | -#: original/man8/iptables-extensions.8:1140 | |
4854 | -#, no-wrap | |
4855 | -msgid "B<echo +>I<addr>B< E<gt>/proc/net/xt_recent/DEFAULT>" | |
4856 | -msgstr "" | |
4857 | - | |
4858 | -#. type: Plain text | |
4859 | -#: original/man8/iptables-extensions.8:1143 | |
4860 | -msgid "to add I<addr> to the DEFAULT list" | |
4861 | -msgstr "" | |
4862 | - | |
4863 | -#. type: TP | |
4864 | -#: original/man8/iptables-extensions.8:1143 | |
4865 | -#, no-wrap | |
4866 | -msgid "B<echo ->I<addr>B< E<gt>/proc/net/xt_recent/DEFAULT>" | |
4867 | -msgstr "" | |
4868 | - | |
4869 | -#. type: Plain text | |
4870 | -#: original/man8/iptables-extensions.8:1146 | |
4871 | -msgid "to remove I<addr> from the DEFAULT list" | |
4872 | -msgstr "" | |
4873 | - | |
4874 | -#. type: TP | |
4875 | -#: original/man8/iptables-extensions.8:1146 | |
4876 | -#, no-wrap | |
4877 | -msgid "B<echo / E<gt>/proc/net/xt_recent/DEFAULT>" | |
4878 | -msgstr "" | |
4879 | - | |
4880 | -#. type: Plain text | |
4881 | -#: original/man8/iptables-extensions.8:1149 | |
4882 | -msgid "to flush the DEFAULT list (remove all entries)." | |
4883 | -msgstr "" | |
4884 | - | |
4885 | -#. type: Plain text | |
4886 | -#: original/man8/iptables-extensions.8:1151 | |
4887 | -msgid "The module itself accepts parameters, defaults shown:" | |
4888 | -msgstr "" | |
4889 | - | |
4890 | -#. type: TP | |
4891 | -#: original/man8/iptables-extensions.8:1151 | |
4892 | -#, no-wrap | |
4893 | -msgid "B<ip_list_tot>=I<100>" | |
4894 | -msgstr "" | |
4895 | - | |
4896 | -#. type: Plain text | |
4897 | -#: original/man8/iptables-extensions.8:1154 | |
4898 | -msgid "Number of addresses remembered per table." | |
4899 | -msgstr "" | |
4900 | - | |
4901 | -#. type: TP | |
4902 | -#: original/man8/iptables-extensions.8:1154 | |
4903 | -#, no-wrap | |
4904 | -msgid "B<ip_pkt_list_tot>=I<20>" | |
4905 | -msgstr "" | |
4906 | - | |
4907 | -#. type: Plain text | |
4908 | -#: original/man8/iptables-extensions.8:1157 | |
4909 | -msgid "Number of packets per address remembered." | |
4910 | -msgstr "" | |
4911 | - | |
4912 | -#. type: TP | |
4913 | -#: original/man8/iptables-extensions.8:1157 | |
4914 | -#, no-wrap | |
4915 | -msgid "B<ip_list_hash_size>=I<0>" | |
4916 | -msgstr "" | |
4917 | - | |
4918 | -#. type: Plain text | |
4919 | -#: original/man8/iptables-extensions.8:1160 | |
4920 | -msgid "Hash table size. 0 means to calculate it based on ip_list_tot, default: 512." | |
4921 | -msgstr "" | |
4922 | - | |
4923 | -#. type: TP | |
4924 | -#: original/man8/iptables-extensions.8:1160 | |
4925 | -#, no-wrap | |
4926 | -msgid "B<ip_list_perms>=I<0644>" | |
4927 | -msgstr "" | |
4928 | - | |
4929 | -#. type: Plain text | |
4930 | -#: original/man8/iptables-extensions.8:1163 | |
4931 | -msgid "Permissions for /proc/net/xt_recent/* files." | |
4932 | -msgstr "" | |
4933 | - | |
4934 | -#. type: TP | |
4935 | -#: original/man8/iptables-extensions.8:1163 | |
4936 | -#, no-wrap | |
4937 | -msgid "B<ip_list_uid>=I<0>" | |
4938 | -msgstr "" | |
4939 | - | |
4940 | -#. type: Plain text | |
4941 | -#: original/man8/iptables-extensions.8:1166 | |
4942 | -msgid "Numerical UID for ownership of /proc/net/xt_recent/* files." | |
4943 | -msgstr "" | |
4944 | - | |
4945 | -#. type: TP | |
4946 | -#: original/man8/iptables-extensions.8:1166 | |
4947 | -#, no-wrap | |
4948 | -msgid "B<ip_list_gid>=I<0>" | |
4949 | -msgstr "" | |
4950 | - | |
4951 | -#. type: Plain text | |
4952 | -#: original/man8/iptables-extensions.8:1169 | |
4953 | -msgid "Numerical GID for ownership of /proc/net/xt_recent/* files." | |
4954 | -msgstr "" | |
4955 | - | |
4956 | -#. type: SS | |
4957 | -#: original/man8/iptables-extensions.8:1169 | |
4958 | -#, no-wrap | |
4959 | -msgid "rpfilter" | |
4960 | -msgstr "" | |
4961 | - | |
4962 | -#. type: Plain text | |
4963 | -#: original/man8/iptables-extensions.8:1178 | |
4964 | -msgid "" | |
4965 | -"Performs a reverse path filter test on a packet. If a reply to the packet " | |
4966 | -"would be sent via the same interface that the packet arrived on, the packet " | |
4967 | -"will match. Note that, unlike the in-kernel rp_filter, packets protected by " | |
4968 | -"IPSec are not treated specially. Combine this match with the policy match " | |
4969 | -"if you want this. Also, packets arriving via the loopback interface are " | |
4970 | -"always permitted. This match can only be used in the PREROUTING chain of " | |
4971 | -"the raw or mangle table." | |
4972 | -msgstr "" | |
4973 | - | |
4974 | -#. type: TP | |
4975 | -#: original/man8/iptables-extensions.8:1178 | |
4976 | -#, no-wrap | |
4977 | -msgid "B<--loose>" | |
4978 | -msgstr "" | |
4979 | - | |
4980 | -#. type: Plain text | |
4981 | -#: original/man8/iptables-extensions.8:1182 | |
4982 | -msgid "" | |
4983 | -"Used to specifiy that the reverse path filter test should match even if the " | |
4984 | -"selected output device is not the expected one." | |
4985 | -msgstr "" | |
4986 | - | |
4987 | -#. type: TP | |
4988 | -#: original/man8/iptables-extensions.8:1182 | |
4989 | -#, no-wrap | |
4990 | -msgid "B<--validmark>" | |
4991 | -msgstr "" | |
4992 | - | |
4993 | -#. type: Plain text | |
4994 | -#: original/man8/iptables-extensions.8:1185 | |
4995 | -msgid "" | |
4996 | -"Also use the packets' nfmark value when performing the reverse path route " | |
4997 | -"lookup." | |
4998 | -msgstr "" | |
4999 | - | |
5000 | -#. type: TP | |
5001 | -#: original/man8/iptables-extensions.8:1185 | |
5002 | -#, no-wrap | |
5003 | -msgid "B<--accept-local>" | |
5004 | -msgstr "" | |
5005 | - | |
5006 | -#. type: Plain text | |
5007 | -#: original/man8/iptables-extensions.8:1189 | |
5008 | -msgid "" | |
5009 | -"This will permit packets arriving from the network with a source address " | |
5010 | -"that is also assigned to the local machine." | |
5011 | -msgstr "" | |
5012 | - | |
5013 | -#. type: TP | |
5014 | -#: original/man8/iptables-extensions.8:1189 | |
5015 | -#, no-wrap | |
5016 | -msgid "B<--invert>" | |
5017 | -msgstr "" | |
5018 | - | |
5019 | -#. type: Plain text | |
5020 | -#: original/man8/iptables-extensions.8:1193 | |
5021 | -msgid "" | |
5022 | -"This will invert the sense of the match. Instead of matching packets that " | |
5023 | -"passed the reverse path filter test, match those that have failed it." | |
5024 | -msgstr "" | |
5025 | - | |
5026 | -#. type: Plain text | |
5027 | -#: original/man8/iptables-extensions.8:1195 | |
5028 | -msgid "Example to log and drop packets failing the reverse path filter test:" | |
5029 | -msgstr "" | |
5030 | - | |
5031 | -#. type: Plain text | |
5032 | -#: original/man8/iptables-extensions.8:1197 | |
5033 | -msgid "iptables -t raw -N RPFILTER" | |
5034 | -msgstr "" | |
5035 | - | |
5036 | -#. type: Plain text | |
5037 | -#: original/man8/iptables-extensions.8:1199 | |
5038 | -msgid "iptables -t raw -A RPFILTER -m rpfilter -j RETURN" | |
5039 | -msgstr "" | |
5040 | - | |
5041 | -#. type: Plain text | |
5042 | -#: original/man8/iptables-extensions.8:1201 | |
5043 | -msgid "" | |
5044 | -"iptables -t raw -A RPFILTER -m limit --limit 10/minute -j NFLOG " | |
5045 | -"--nflog-prefix \"rpfilter drop\"" | |
5046 | -msgstr "" | |
5047 | - | |
5048 | -#. type: Plain text | |
5049 | -#: original/man8/iptables-extensions.8:1203 | |
5050 | -msgid "iptables -t raw -A RPFILTER -j DROP" | |
5051 | -msgstr "" | |
5052 | - | |
5053 | -#. type: Plain text | |
5054 | -#: original/man8/iptables-extensions.8:1205 | |
5055 | -msgid "iptables -t raw -A PREROUTING -j RPFILTER" | |
5056 | -msgstr "" | |
5057 | - | |
5058 | -#. type: Plain text | |
5059 | -#: original/man8/iptables-extensions.8:1207 | |
5060 | -msgid "Example to drop failed packets, without logging:" | |
5061 | -msgstr "" | |
5062 | - | |
5063 | -#. type: Plain text | |
5064 | -#: original/man8/iptables-extensions.8:1209 | |
5065 | -msgid "iptables -t raw -A RPFILTER -m rpfilter --invert -j DROP" | |
5066 | -msgstr "" | |
5067 | - | |
5068 | -#. type: SS | |
5069 | -#: original/man8/iptables-extensions.8:1209 | |
5070 | -#, no-wrap | |
5071 | -msgid "rt (IPv6-specific)" | |
5072 | -msgstr "" | |
5073 | - | |
5074 | -#. type: Plain text | |
5075 | -#: original/man8/iptables-extensions.8:1211 | |
5076 | -msgid "Match on IPv6 routing header" | |
5077 | -msgstr "" | |
5078 | - | |
5079 | -#. type: TP | |
5080 | -#: original/man8/iptables-extensions.8:1211 | |
5081 | -#, no-wrap | |
5082 | -msgid "[B<!>] B<--rt-type> I<type>" | |
5083 | -msgstr "" | |
5084 | - | |
5085 | -#. type: Plain text | |
5086 | -#: original/man8/iptables-extensions.8:1214 | |
5087 | -msgid "Match the type (numeric)." | |
5088 | -msgstr "" | |
5089 | - | |
5090 | -#. type: TP | |
5091 | -#: original/man8/iptables-extensions.8:1214 | |
5092 | -#, no-wrap | |
5093 | -msgid "[B<!>] B<--rt-segsleft> I<num>[B<:>I<num>]" | |
5094 | -msgstr "" | |
5095 | - | |
5096 | -#. type: Plain text | |
5097 | -#: original/man8/iptables-extensions.8:1217 | |
5098 | -msgid "Match the `segments left' field (range)." | |
5099 | -msgstr "" | |
5100 | - | |
5101 | -#. type: TP | |
5102 | -#: original/man8/iptables-extensions.8:1217 | |
5103 | -#, no-wrap | |
5104 | -msgid "[B<!>] B<--rt-len> I<length>" | |
5105 | -msgstr "" | |
5106 | - | |
5107 | -#. type: Plain text | |
5108 | -#: original/man8/iptables-extensions.8:1220 | |
5109 | -msgid "Match the length of this header." | |
5110 | -msgstr "" | |
5111 | - | |
5112 | -#. type: TP | |
5113 | -#: original/man8/iptables-extensions.8:1220 | |
5114 | -#, no-wrap | |
5115 | -msgid "B<--rt-0-res>" | |
5116 | -msgstr "" | |
5117 | - | |
5118 | -#. type: Plain text | |
5119 | -#: original/man8/iptables-extensions.8:1223 | |
5120 | -msgid "Match the reserved field, too (type=0)" | |
5121 | -msgstr "" | |
5122 | - | |
5123 | -#. type: TP | |
5124 | -#: original/man8/iptables-extensions.8:1223 | |
5125 | -#, no-wrap | |
5126 | -msgid "B<--rt-0-addrs> I<addr>[B<,>I<addr>...]" | |
5127 | -msgstr "" | |
5128 | - | |
5129 | -#. type: Plain text | |
5130 | -#: original/man8/iptables-extensions.8:1226 | |
5131 | -msgid "Match type=0 addresses (list)." | |
5132 | -msgstr "" | |
5133 | - | |
5134 | -#. type: TP | |
5135 | -#: original/man8/iptables-extensions.8:1226 | |
5136 | -#, no-wrap | |
5137 | -msgid "B<--rt-0-not-strict>" | |
5138 | -msgstr "" | |
5139 | - | |
5140 | -#. type: Plain text | |
5141 | -#: original/man8/iptables-extensions.8:1229 | |
5142 | -msgid "List of type=0 addresses is not a strict list." | |
5143 | -msgstr "" | |
5144 | - | |
5145 | -#. type: SS | |
5146 | -#: original/man8/iptables-extensions.8:1229 | |
5147 | -#, no-wrap | |
5148 | -msgid "sctp" | |
5149 | -msgstr "" | |
5150 | - | |
5151 | -#. type: TP | |
5152 | -#: original/man8/iptables-extensions.8:1234 | |
5153 | -#, no-wrap | |
5154 | -msgid "" | |
5155 | -"[B<!>] B<--chunk-types> {B<all>|B<any>|B<only>} I<chunktype>[B<:>I<flags>] " | |
5156 | -"[...]" | |
5157 | -msgstr "" | |
5158 | - | |
5159 | -#. type: Plain text | |
5160 | -#: original/man8/iptables-extensions.8:1238 | |
5161 | -msgid "" | |
5162 | -"The flag letter in upper case indicates that the flag is to match if set, in " | |
5163 | -"the lower case indicates to match if unset." | |
5164 | -msgstr "" | |
5165 | - | |
5166 | -#. type: Plain text | |
5167 | -#: original/man8/iptables-extensions.8:1240 | |
5168 | -msgid "" | |
5169 | -"Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN " | |
5170 | -"SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE " | |
5171 | -"ASCONF ASCONF_ACK FORWARD_TSN" | |
5172 | -msgstr "" | |
5173 | - | |
5174 | -#. type: Plain text | |
5175 | -#: original/man8/iptables-extensions.8:1242 | |
5176 | -msgid "chunk type available flags" | |
5177 | -msgstr "" | |
5178 | - | |
5179 | -#. type: Plain text | |
5180 | -#: original/man8/iptables-extensions.8:1244 | |
5181 | -msgid "DATA I U B E i u b e" | |
5182 | -msgstr "" | |
5183 | - | |
5184 | -#. type: Plain text | |
5185 | -#: original/man8/iptables-extensions.8:1246 | |
5186 | -msgid "ABORT T t" | |
5187 | -msgstr "" | |
5188 | - | |
5189 | -#. type: Plain text | |
5190 | -#: original/man8/iptables-extensions.8:1248 | |
5191 | -msgid "SHUTDOWN_COMPLETE T t" | |
5192 | -msgstr "" | |
5193 | - | |
5194 | -#. type: Plain text | |
5195 | -#: original/man8/iptables-extensions.8:1250 | |
5196 | -msgid "(lowercase means flag should be \"off\", uppercase means \"on\")" | |
5197 | -msgstr "" | |
5198 | - | |
5199 | -#. type: Plain text | |
5200 | -#: original/man8/iptables-extensions.8:1254 | |
5201 | -msgid "iptables -A INPUT -p sctp --dport 80 -j DROP" | |
5202 | -msgstr "" | |
5203 | - | |
5204 | -#. type: Plain text | |
5205 | -#: original/man8/iptables-extensions.8:1256 | |
5206 | -msgid "iptables -A INPUT -p sctp --chunk-types any DATA,INIT -j DROP" | |
5207 | -msgstr "" | |
5208 | - | |
5209 | -#. type: Plain text | |
5210 | -#: original/man8/iptables-extensions.8:1258 | |
5211 | -msgid "iptables -A INPUT -p sctp --chunk-types any DATA:Be -j ACCEPT" | |
5212 | -msgstr "" | |
5213 | - | |
5214 | -#. type: SS | |
5215 | -#: original/man8/iptables-extensions.8:1258 | |
5216 | -#, no-wrap | |
5217 | -msgid "set" | |
5218 | -msgstr "" | |
5219 | - | |
5220 | -#. type: Plain text | |
5221 | -#: original/man8/iptables-extensions.8:1260 | |
5222 | -msgid "This module matches IP sets which can be defined by ipset(8)." | |
5223 | -msgstr "" | |
5224 | - | |
5225 | -#. type: TP | |
5226 | -#: original/man8/iptables-extensions.8:1260 | |
5227 | -#, no-wrap | |
5228 | -msgid "[B<!>] B<--match-set> I<setname> I<flag>[B<,>I<flag>]..." | |
5229 | -msgstr "" | |
5230 | - | |
5231 | -#. type: Plain text | |
5232 | -#: original/man8/iptables-extensions.8:1267 | |
5233 | -msgid "" | |
5234 | -"where flags are the comma separated list of B<src> and/or B<dst> " | |
5235 | -"specifications and there can be no more than six of them. Hence the command" | |
5236 | -msgstr "" | |
5237 | - | |
5238 | -#. type: Plain text | |
5239 | -#: original/man8/iptables-extensions.8:1269 | |
5240 | -#, no-wrap | |
5241 | -msgid " iptables -A FORWARD -m set --match-set test src,dst\n" | |
5242 | -msgstr "" | |
5243 | - | |
5244 | -#. type: Plain text | |
5245 | -#: original/man8/iptables-extensions.8:1275 | |
5246 | -msgid "" | |
5247 | -"will match packets, for which (if the set type is ipportmap) the source " | |
5248 | -"address and destination port pair can be found in the specified set. If the " | |
5249 | -"set type of the specified set is single dimension (for example ipmap), then " | |
5250 | -"the command will match packets for which the source address can be found in " | |
5251 | -"the specified set." | |
5252 | -msgstr "" | |
5253 | - | |
5254 | -#. type: TP | |
5255 | -#: original/man8/iptables-extensions.8:1275 | |
5256 | -#, no-wrap | |
5257 | -msgid "B<--return--nomatch>" | |
5258 | -msgstr "" | |
5259 | - | |
5260 | -#. type: Plain text | |
5261 | -#: original/man8/iptables-extensions.8:1281 | |
5262 | -msgid "" | |
5263 | -"If the B<--return--nomatch> option is specified and the set type supports " | |
5264 | -"the B<nomatch> flag, then the matching is reversed: a match with an element " | |
5265 | -"flagged with B<nomatch> returns B<true>, while a match with a plain element " | |
5266 | -"returns B<false>." | |
5267 | -msgstr "" | |
5268 | - | |
5269 | -#. type: Plain text | |
5270 | -#: original/man8/iptables-extensions.8:1284 | |
5271 | -msgid "" | |
5272 | -"The option B<--match-set> can be replaced by B<--set> if that does not clash " | |
5273 | -"with an option of other extensions." | |
5274 | -msgstr "" | |
5275 | - | |
5276 | -#. type: Plain text | |
5277 | -#: original/man8/iptables-extensions.8:1287 | |
5278 | -msgid "" | |
5279 | -"Use of -m set requires that ipset kernel support is provided, which, for " | |
5280 | -"standard kernels, is the case since Linux 2.6.39." | |
5281 | -msgstr "" | |
5282 | - | |
5283 | -#. type: SS | |
5284 | -#: original/man8/iptables-extensions.8:1287 | |
5285 | -#, no-wrap | |
5286 | -msgid "socket" | |
5287 | -msgstr "" | |
5288 | - | |
5289 | -#. type: Plain text | |
5290 | -#: original/man8/iptables-extensions.8:1290 | |
5291 | -msgid "" | |
5292 | -"This matches if an open socket can be found by doing a socket lookup on the " | |
5293 | -"packet." | |
5294 | -msgstr "" | |
5295 | - | |
5296 | -#. type: TP | |
5297 | -#: original/man8/iptables-extensions.8:1290 | |
5298 | -#, no-wrap | |
5299 | -msgid "B<--transparent>" | |
5300 | -msgstr "" | |
5301 | - | |
5302 | -#. type: Plain text | |
5303 | -#: original/man8/iptables-extensions.8:1293 | |
5304 | -msgid "Ignore non-transparent sockets." | |
5305 | -msgstr "" | |
5306 | - | |
5307 | -#. type: SS | |
5308 | -#: original/man8/iptables-extensions.8:1293 | |
5309 | -#, no-wrap | |
5310 | -msgid "state" | |
5311 | -msgstr "" | |
5312 | - | |
5313 | -#. type: Plain text | |
5314 | -#: original/man8/iptables-extensions.8:1296 | |
5315 | -msgid "" | |
5316 | -"The \"state\" extension is a subset of the \"conntrack\" module. \"state\" " | |
5317 | -"allows access to the connection tracking state for this packet." | |
5318 | -msgstr "" | |
5319 | - | |
5320 | -#. type: TP | |
5321 | -#: original/man8/iptables-extensions.8:1296 | |
5322 | -#, no-wrap | |
5323 | -msgid "[B<!>] B<--state> I<state>" | |
5324 | -msgstr "" | |
5325 | - | |
5326 | -#. type: Plain text | |
5327 | -#: original/man8/iptables-extensions.8:1302 | |
5328 | -msgid "" | |
5329 | -"Where state is a comma separated list of the connection states to " | |
5330 | -"match. Only a subset of the states unterstood by \"conntrack\" are " | |
5331 | -"recognized: B<INVALID>, B<ESTABLISHED>, B<NEW>, B<RELATED> or " | |
5332 | -"B<UNTRACKED>. For their description, see the \"conntrack\" heading in this " | |
5333 | -"manpage." | |
5334 | -msgstr "" | |
5335 | - | |
5336 | -#. type: SS | |
5337 | -#: original/man8/iptables-extensions.8:1302 | |
5338 | -#, no-wrap | |
5339 | -msgid "statistic" | |
5340 | -msgstr "" | |
5341 | - | |
5342 | -#. type: Plain text | |
5343 | -#: original/man8/iptables-extensions.8:1307 | |
5344 | -msgid "" | |
5345 | -"This module matches packets based on some statistic condition. It supports " | |
5346 | -"two distinct modes settable with the B<--mode> option." | |
5347 | -msgstr "" | |
5348 | - | |
5349 | -#. type: Plain text | |
5350 | -#: original/man8/iptables-extensions.8:1309 | |
5351 | -msgid "Supported options:" | |
5352 | -msgstr "" | |
5353 | - | |
5354 | -#. type: TP | |
5355 | -#: original/man8/iptables-extensions.8:1309 | |
5356 | -#, no-wrap | |
5357 | -msgid "B<--mode> I<mode>" | |
5358 | -msgstr "" | |
5359 | - | |
5360 | -#. type: Plain text | |
5361 | -#: original/man8/iptables-extensions.8:1315 | |
5362 | -msgid "" | |
5363 | -"Set the matching mode of the matching rule, supported modes are B<random> " | |
5364 | -"and B<nth.>" | |
5365 | -msgstr "" | |
5366 | - | |
5367 | -#. type: TP | |
5368 | -#: original/man8/iptables-extensions.8:1315 | |
5369 | -#, no-wrap | |
5370 | -msgid "[B<!>] B<--probability> I<p>" | |
5371 | -msgstr "" | |
5372 | - | |
5373 | -#. type: Plain text | |
5374 | -#: original/man8/iptables-extensions.8:1320 | |
5375 | -msgid "" | |
5376 | -"Set the probability for a packet to be randomly matched. It only works with " | |
5377 | -"the B<random> mode. I<p> must be within 0.0 and 1.0. The supported " | |
5378 | -"granularity is in 1/2147483648th increments." | |
5379 | -msgstr "" | |
5380 | - | |
5381 | -#. type: TP | |
5382 | -#: original/man8/iptables-extensions.8:1320 | |
5383 | -#, no-wrap | |
5384 | -msgid "[B<!>] B<--every> I<n>" | |
5385 | -msgstr "" | |
5386 | - | |
5387 | -#. type: Plain text | |
5388 | -#: original/man8/iptables-extensions.8:1327 | |
5389 | -msgid "" | |
5390 | -"Match one packet every nth packet. It works only with the B<nth> mode (see " | |
5391 | -"also the B<--packet> option)." | |
5392 | -msgstr "" | |
5393 | - | |
5394 | -#. type: TP | |
5395 | -#: original/man8/iptables-extensions.8:1327 | |
5396 | -#, no-wrap | |
5397 | -msgid "B<--packet> I<p>" | |
5398 | -msgstr "" | |
5399 | - | |
5400 | -#. type: Plain text | |
5401 | -#: original/man8/iptables-extensions.8:1332 | |
5402 | -msgid "" | |
5403 | -"Set the initial counter value (0 E<lt>= p E<lt>= n-1, default 0) for the " | |
5404 | -"B<nth> mode." | |
5405 | -msgstr "" | |
5406 | - | |
5407 | -#. type: SS | |
5408 | -#: original/man8/iptables-extensions.8:1332 | |
5409 | -#, no-wrap | |
5410 | -msgid "string" | |
5411 | -msgstr "" | |
5412 | - | |
5413 | -#. type: Plain text | |
5414 | -#: original/man8/iptables-extensions.8:1334 | |
5415 | -msgid "" | |
5416 | -"This modules matches a given string by using some pattern matching " | |
5417 | -"strategy. It requires a linux kernel E<gt>= 2.6.14." | |
5418 | -msgstr "" | |
5419 | - | |
5420 | -#. type: TP | |
5421 | -#: original/man8/iptables-extensions.8:1334 | |
5422 | -#, no-wrap | |
5423 | -msgid "B<--algo> {B<bm>|B<kmp>}" | |
5424 | -msgstr "" | |
5425 | - | |
5426 | -#. type: Plain text | |
5427 | -#: original/man8/iptables-extensions.8:1337 | |
5428 | -msgid "" | |
5429 | -"Select the pattern matching strategy. (bm = Boyer-Moore, kmp = " | |
5430 | -"Knuth-Pratt-Morris)" | |
5431 | -msgstr "" | |
5432 | - | |
5433 | -#. type: TP | |
5434 | -#: original/man8/iptables-extensions.8:1337 | |
5435 | -#, no-wrap | |
5436 | -msgid "B<--from> I<offset>" | |
5437 | -msgstr "" | |
5438 | - | |
5439 | -#. type: Plain text | |
5440 | -#: original/man8/iptables-extensions.8:1340 | |
5441 | -msgid "" | |
5442 | -"Set the offset from which it starts looking for any matching. If not passed, " | |
5443 | -"default is 0." | |
5444 | -msgstr "" | |
5445 | - | |
5446 | -#. type: TP | |
5447 | -#: original/man8/iptables-extensions.8:1340 | |
5448 | -#, no-wrap | |
5449 | -msgid "B<--to> I<offset>" | |
5450 | -msgstr "" | |
5451 | - | |
5452 | -#. type: Plain text | |
5453 | -#: original/man8/iptables-extensions.8:1345 | |
5454 | -msgid "" | |
5455 | -"Set the offset up to which should be scanned. That is, byte I<offset>-1 " | |
5456 | -"(counting from 0) is the last one that is scanned. If not passed, default " | |
5457 | -"is the packet size." | |
5458 | -msgstr "" | |
5459 | - | |
5460 | -#. type: TP | |
5461 | -#: original/man8/iptables-extensions.8:1345 | |
5462 | -#, no-wrap | |
5463 | -msgid "[B<!>] B<--string> I<pattern>" | |
5464 | -msgstr "" | |
5465 | - | |
5466 | -#. type: Plain text | |
5467 | -#: original/man8/iptables-extensions.8:1348 | |
5468 | -msgid "Matches the given pattern." | |
5469 | -msgstr "" | |
5470 | - | |
5471 | -#. type: TP | |
5472 | -#: original/man8/iptables-extensions.8:1348 | |
5473 | -#, no-wrap | |
5474 | -msgid "[B<!>] B<--hex-string> I<pattern>" | |
5475 | -msgstr "" | |
5476 | - | |
5477 | -#. type: Plain text | |
5478 | -#: original/man8/iptables-extensions.8:1351 | |
5479 | -msgid "Matches the given pattern in hex notation." | |
5480 | -msgstr "" | |
5481 | - | |
5482 | -#. type: SS | |
5483 | -#: original/man8/iptables-extensions.8:1351 | |
5484 | -#, no-wrap | |
5485 | -msgid "tcp" | |
5486 | -msgstr "" | |
5487 | - | |
5488 | -#. type: Plain text | |
5489 | -#: original/man8/iptables-extensions.8:1354 | |
5490 | -msgid "" | |
5491 | -"These extensions can be used if `--protocol tcp' is specified. It provides " | |
5492 | -"the following options:" | |
5493 | -msgstr "" | |
5494 | - | |
5495 | -#. type: Plain text | |
5496 | -#: original/man8/iptables-extensions.8:1365 | |
5497 | -msgid "" | |
5498 | -"Source port or port range specification. This can either be a service name " | |
5499 | -"or a port number. An inclusive range can also be specified, using the format " | |
5500 | -"I<first>B<:>I<last>. If the first port is omitted, \"0\" is assumed; if the " | |
5501 | -"last is omitted, \"65535\" is assumed. If the first port is greater than " | |
5502 | -"the second one they will be swapped. The flag B<--sport> is a convenient " | |
5503 | -"alias for this option." | |
5504 | -msgstr "" | |
5505 | - | |
5506 | -#. type: Plain text | |
5507 | -#: original/man8/iptables-extensions.8:1370 | |
5508 | -msgid "" | |
5509 | -"Destination port or port range specification. The flag B<--dport> is a " | |
5510 | -"convenient alias for this option." | |
5511 | -msgstr "" | |
5512 | - | |
5513 | -#. type: TP | |
5514 | -#: original/man8/iptables-extensions.8:1370 | |
5515 | -#, no-wrap | |
5516 | -msgid "[B<!>] B<--tcp-flags> I<mask> I<comp>" | |
5517 | -msgstr "" | |
5518 | - | |
5519 | -#. type: Plain text | |
5520 | -#: original/man8/iptables-extensions.8:1378 | |
5521 | -msgid "" | |
5522 | -"Match when the TCP flags are as specified. The first argument I<mask> is " | |
5523 | -"the flags which we should examine, written as a comma-separated list, and " | |
5524 | -"the second argument I<comp> is a comma-separated list of flags which must be " | |
5525 | -"set. Flags are: B<SYN ACK FIN RST URG PSH ALL NONE>. Hence the command" | |
5526 | -msgstr "" | |
5527 | - | |
5528 | -#. type: Plain text | |
5529 | -#: original/man8/iptables-extensions.8:1380 | |
5530 | -#, no-wrap | |
5531 | -msgid " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n" | |
5532 | -msgstr "" | |
5533 | - | |
5534 | -#. type: Plain text | |
5535 | -#: original/man8/iptables-extensions.8:1383 | |
5536 | -msgid "" | |
5537 | -"will only match packets with the SYN flag set, and the ACK, FIN and RST " | |
5538 | -"flags unset." | |
5539 | -msgstr "" | |
5540 | - | |
5541 | -#. type: TP | |
5542 | -#: original/man8/iptables-extensions.8:1383 | |
5543 | -#, no-wrap | |
5544 | -msgid "[B<!>] B<--syn>" | |
5545 | -msgstr "" | |
5546 | - | |
5547 | -#. type: Plain text | |
5548 | -#: original/man8/iptables-extensions.8:1393 | |
5549 | -msgid "" | |
5550 | -"Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits " | |
5551 | -"cleared. Such packets are used to request TCP connection initiation; for " | |
5552 | -"example, blocking such packets coming in an interface will prevent incoming " | |
5553 | -"TCP connections, but outgoing TCP connections will be unaffected. It is " | |
5554 | -"equivalent to B<--tcp-flags SYN,RST,ACK,FIN SYN>. If the \"!\" flag " | |
5555 | -"precedes the \"--syn\", the sense of the option is inverted." | |
5556 | -msgstr "" | |
5557 | - | |
5558 | -#. type: TP | |
5559 | -#: original/man8/iptables-extensions.8:1393 | |
5560 | -#, no-wrap | |
5561 | -msgid "[B<!>] B<--tcp-option> I<number>" | |
5562 | -msgstr "" | |
5563 | - | |
5564 | -#. type: Plain text | |
5565 | -#: original/man8/iptables-extensions.8:1396 | |
5566 | -msgid "Match if TCP option set." | |
5567 | -msgstr "" | |
5568 | - | |
5569 | -#. type: SS | |
5570 | -#: original/man8/iptables-extensions.8:1396 | |
5571 | -#, no-wrap | |
5572 | -msgid "tcpmss" | |
5573 | -msgstr "" | |
5574 | - | |
5575 | -#. type: Plain text | |
5576 | -#: original/man8/iptables-extensions.8:1398 | |
5577 | -msgid "" | |
5578 | -"This matches the TCP MSS (maximum segment size) field of the TCP header. " | |
5579 | -"You can only use this on TCP SYN or SYN/ACK packets, since the MSS is only " | |
5580 | -"negotiated during the TCP handshake at connection startup time." | |
5581 | -msgstr "" | |
5582 | - | |
5583 | -#. type: TP | |
5584 | -#: original/man8/iptables-extensions.8:1398 | |
5585 | -#, no-wrap | |
5586 | -msgid "[B<!>] B<--mss> I<value>[B<:>I<value>]" | |
5587 | -msgstr "" | |
5588 | - | |
5589 | -#. type: Plain text | |
5590 | -#: original/man8/iptables-extensions.8:1401 | |
5591 | -msgid "Match a given TCP MSS value or range." | |
5592 | -msgstr "" | |
5593 | - | |
5594 | -#. type: SS | |
5595 | -#: original/man8/iptables-extensions.8:1401 | |
5596 | -#, no-wrap | |
5597 | -msgid "time" | |
5598 | -msgstr "" | |
5599 | - | |
5600 | -#. type: Plain text | |
5601 | -#: original/man8/iptables-extensions.8:1405 | |
5602 | -msgid "" | |
5603 | -"This matches if the packet arrival time/date is within a given range. All " | |
5604 | -"options are optional, but are ANDed when specified. All times are " | |
5605 | -"interpreted as UTC by default." | |
5606 | -msgstr "" | |
5607 | - | |
5608 | -#. type: TP | |
5609 | -#: original/man8/iptables-extensions.8:1405 | |
5610 | -#, no-wrap | |
5611 | -msgid "" | |
5612 | -"B<--datestart> " | |
5613 | -"I<YYYY>[B<->I<MM>[B<->I<DD>[B<T>I<hh>[B<:>I<mm>[B<:>I<ss>]]]]]" | |
5614 | -msgstr "" | |
5615 | - | |
5616 | -#. type: TP | |
5617 | -#: original/man8/iptables-extensions.8:1407 | |
5618 | -#, no-wrap | |
5619 | -msgid "B<--datestop> I<YYYY>[B<->I<MM>[B<->I<DD>[B<T>I<hh>[B<:>I<mm>[B<:>I<ss>]]]]]" | |
5620 | -msgstr "" | |
5621 | - | |
5622 | -#. type: Plain text | |
5623 | -#: original/man8/iptables-extensions.8:1411 | |
5624 | -msgid "" | |
5625 | -"Only match during the given time, which must be in ISO 8601 \"T\" notation. " | |
5626 | -"The possible time range is 1970-01-01T00:00:00 to 2038-01-19T04:17:07." | |
5627 | -msgstr "" | |
5628 | - | |
5629 | -#. type: Plain text | |
5630 | -#: original/man8/iptables-extensions.8:1414 | |
5631 | -msgid "" | |
5632 | -"If --datestart or --datestop are not specified, it will default to " | |
5633 | -"1970-01-01 and 2038-01-19, respectively." | |
5634 | -msgstr "" | |
5635 | - | |
5636 | -#. type: TP | |
5637 | -#: original/man8/iptables-extensions.8:1414 | |
5638 | -#, no-wrap | |
5639 | -msgid "B<--timestart> I<hh>B<:>I<mm>[B<:>I<ss>]" | |
5640 | -msgstr "" | |
5641 | - | |
5642 | -#. type: TP | |
5643 | -#: original/man8/iptables-extensions.8:1416 | |
5644 | -#, no-wrap | |
5645 | -msgid "B<--timestop> I<hh>B<:>I<mm>[B<:>I<ss>]" | |
5646 | -msgstr "" | |
5647 | - | |
5648 | -#. type: Plain text | |
5649 | -#: original/man8/iptables-extensions.8:1421 | |
5650 | -msgid "" | |
5651 | -"Only match during the given daytime. The possible time range is 00:00:00 to " | |
5652 | -"23:59:59. Leading zeroes are allowed (e.g. \"06:03\") and correctly " | |
5653 | -"interpreted as base-10." | |
5654 | -msgstr "" | |
5655 | - | |
5656 | -#. type: TP | |
5657 | -#: original/man8/iptables-extensions.8:1421 | |
5658 | -#, no-wrap | |
5659 | -msgid "[B<!>] B<--monthdays> I<day>[B<,>I<day>...]" | |
5660 | -msgstr "" | |
5661 | - | |
5662 | -#. type: Plain text | |
5663 | -#: original/man8/iptables-extensions.8:1427 | |
5664 | -msgid "" | |
5665 | -"Only match on the given days of the month. Possible values are B<1> to " | |
5666 | -"B<31>. Note that specifying B<31> will of course not match on months which " | |
5667 | -"do not have a 31st day; the same goes for 28- or 29-day February." | |
5668 | -msgstr "" | |
5669 | - | |
5670 | -#. type: TP | |
5671 | -#: original/man8/iptables-extensions.8:1427 | |
5672 | -#, no-wrap | |
5673 | -msgid "[B<!>] B<--weekdays> I<day>[B<,>I<day>...]" | |
5674 | -msgstr "" | |
5675 | - | |
5676 | -#. type: Plain text | |
5677 | -#: original/man8/iptables-extensions.8:1433 | |
5678 | -msgid "" | |
5679 | -"Only match on the given weekdays. Possible values are B<Mon>, B<Tue>, " | |
5680 | -"B<Wed>, B<Thu>, B<Fri>, B<Sat>, B<Sun>, or values from B<1> to B<7>, " | |
5681 | -"respectively. You may also use two-character variants (B<Mo>, B<Tu>, etc.)." | |
5682 | -msgstr "" | |
5683 | - | |
5684 | -#. type: TP | |
5685 | -#: original/man8/iptables-extensions.8:1433 | |
5686 | -#, no-wrap | |
5687 | -msgid "B<--contiguous>" | |
5688 | -msgstr "" | |
5689 | - | |
5690 | -#. type: Plain text | |
5691 | -#: original/man8/iptables-extensions.8:1437 | |
5692 | -msgid "" | |
5693 | -"When B<--timestop> is smaller than B<--timestart> value, match this as a " | |
5694 | -"single time period instead distinct intervals. See EXAMPLES." | |
5695 | -msgstr "" | |
5696 | - | |
5697 | -#. type: TP | |
5698 | -#: original/man8/iptables-extensions.8:1437 | |
5699 | -#, no-wrap | |
5700 | -msgid "B<--kerneltz>" | |
5701 | -msgstr "" | |
5702 | - | |
5703 | -#. type: Plain text | |
5704 | -#: original/man8/iptables-extensions.8:1441 | |
5705 | -msgid "" | |
5706 | -"Use the kernel timezone instead of UTC to determine whether a packet meets " | |
5707 | -"the time regulations." | |
5708 | -msgstr "" | |
5709 | - | |
5710 | -#. type: Plain text | |
5711 | -#: original/man8/iptables-extensions.8:1447 | |
5712 | -msgid "" | |
5713 | -"About kernel timezones: Linux keeps the system time in UTC, and always does " | |
5714 | -"so. On boot, system time is initialized from a referential time " | |
5715 | -"source. Where this time source has no timezone information, such as the x86 " | |
5716 | -"CMOS RTC, UTC will be assumed. If the time source is however not in UTC, " | |
5717 | -"userspace should provide the correct system time and timezone to the kernel " | |
5718 | -"once it has the information." | |
5719 | -msgstr "" | |
5720 | - | |
5721 | -#. type: Plain text | |
5722 | -#: original/man8/iptables-extensions.8:1458 | |
5723 | -msgid "" | |
5724 | -"Local time is a feature on top of the (timezone independent) system " | |
5725 | -"time. Each process has its own idea of local time, specified via the TZ " | |
5726 | -"environment variable. The kernel also has its own timezone offset " | |
5727 | -"variable. The TZ userspace environment variable specifies how the UTC-based " | |
5728 | -"system time is displayed, e.g. when you run date(1), or what you see on your " | |
5729 | -"desktop clock. The TZ string may resolve to different offsets at different " | |
5730 | -"dates, which is what enables the automatic time-jumping in userspace. when " | |
5731 | -"DST changes. The kernel's timezone offset variable is used when it has to " | |
5732 | -"convert between non-UTC sources, such as FAT filesystems, to UTC (since the " | |
5733 | -"latter is what the rest of the system uses)." | |
5734 | -msgstr "" | |
5735 | - | |
5736 | -#. type: Plain text | |
5737 | -#: original/man8/iptables-extensions.8:1467 | |
5738 | -msgid "" | |
5739 | -"The caveat with the kernel timezone is that Linux distributions may ignore " | |
5740 | -"to set the kernel timezone, and instead only set the system time. Even if a " | |
5741 | -"particular distribution does set the timezone at boot, it is usually does " | |
5742 | -"not keep the kernel timezone offset - which is what changes on DST - up to " | |
5743 | -"date. ntpd will not touch the kernel timezone, so running it will not " | |
5744 | -"resolve the issue. As such, one may encounter a timezone that is always " | |
5745 | -"+0000, or one that is wrong half of the time of the year. As such, B<using " | |
5746 | -"--kerneltz is highly discouraged.>" | |
5747 | -msgstr "" | |
5748 | - | |
5749 | -#. type: Plain text | |
5750 | -#: original/man8/iptables-extensions.8:1469 | |
5751 | -msgid "EXAMPLES. To match on weekends, use:" | |
5752 | -msgstr "" | |
5753 | - | |
5754 | -#. type: Plain text | |
5755 | -#: original/man8/iptables-extensions.8:1471 | |
5756 | -msgid "-m time --weekdays Sa,Su" | |
5757 | -msgstr "" | |
5758 | - | |
5759 | -#. type: Plain text | |
5760 | -#: original/man8/iptables-extensions.8:1473 | |
5761 | -msgid "Or, to match (once) on a national holiday block:" | |
5762 | -msgstr "" | |
5763 | - | |
5764 | -#. type: Plain text | |
5765 | -#: original/man8/iptables-extensions.8:1475 | |
5766 | -msgid "-m time --datestart 2007-12-24 --datestop 2007-12-27" | |
5767 | -msgstr "" | |
5768 | - | |
5769 | -#. type: Plain text | |
5770 | -#: original/man8/iptables-extensions.8:1478 | |
5771 | -msgid "" | |
5772 | -"Since the stop time is actually inclusive, you would need the following stop " | |
5773 | -"time to not match the first second of the new day:" | |
5774 | -msgstr "" | |
5775 | - | |
5776 | -#. type: Plain text | |
5777 | -#: original/man8/iptables-extensions.8:1480 | |
5778 | -msgid "-m time --datestart 2007-01-01T17:00 --datestop 2007-01-01T23:59:59" | |
5779 | -msgstr "" | |
5780 | - | |
5781 | -#. type: Plain text | |
5782 | -#: original/man8/iptables-extensions.8:1482 | |
5783 | -msgid "During lunch hour:" | |
5784 | -msgstr "" | |
5785 | - | |
5786 | -#. type: Plain text | |
5787 | -#: original/man8/iptables-extensions.8:1484 | |
5788 | -msgid "-m time --timestart 12:30 --timestop 13:30" | |
5789 | -msgstr "" | |
5790 | - | |
5791 | -#. type: Plain text | |
5792 | -#: original/man8/iptables-extensions.8:1486 | |
5793 | -msgid "The fourth Friday in the month:" | |
5794 | -msgstr "" | |
5795 | - | |
5796 | -#. type: Plain text | |
5797 | -#: original/man8/iptables-extensions.8:1488 | |
5798 | -msgid "-m time --weekdays Fr --monthdays 22,23,24,25,26,27,28" | |
5799 | -msgstr "" | |
5800 | - | |
5801 | -#. type: Plain text | |
5802 | -#: original/man8/iptables-extensions.8:1492 | |
5803 | -msgid "" | |
5804 | -"(Note that this exploits a certain mathematical property. It is not possible " | |
5805 | -"to say \"fourth Thursday OR fourth Friday\" in one rule. It is possible with " | |
5806 | -"multiple rules, though.)" | |
5807 | -msgstr "" | |
5808 | - | |
5809 | -#. type: Plain text | |
5810 | -#: original/man8/iptables-extensions.8:1494 | |
5811 | -msgid "Matching across days might not do what is expected. For instance," | |
5812 | -msgstr "" | |
5813 | - | |
5814 | -#. type: Plain text | |
5815 | -#: original/man8/iptables-extensions.8:1500 | |
5816 | -msgid "" | |
5817 | -"-m time --weekdays Mo --timestart 23:00 --timestop 01:00 Will match Monday, " | |
5818 | -"for one hour from midnight to 1 a.m., and then again for another hour from " | |
5819 | -"23:00 onwards. If this is unwanted, e.g. if you would like 'match for two " | |
5820 | -"hours from Montay 23:00 onwards' you need to also specify the --contiguous " | |
5821 | -"option in the example above." | |
5822 | -msgstr "" | |
5823 | - | |
5824 | -#. type: SS | |
5825 | -#: original/man8/iptables-extensions.8:1500 | |
5826 | -#, no-wrap | |
5827 | -msgid "tos" | |
5828 | -msgstr "" | |
5829 | - | |
5830 | -#. type: Plain text | |
5831 | -#: original/man8/iptables-extensions.8:1504 | |
5832 | -msgid "" | |
5833 | -"This module matches the 8-bit Type of Service field in the IPv4 header " | |
5834 | -"(i.e. including the \"Precedence\" bits) or the (also 8-bit) Priority field " | |
5835 | -"in the IPv6 header." | |
5836 | -msgstr "" | |
5837 | - | |
5838 | -#. type: TP | |
5839 | -#: original/man8/iptables-extensions.8:1504 | |
5840 | -#, no-wrap | |
5841 | -msgid "[B<!>] B<--tos> I<value>[B</>I<mask>]" | |
5842 | -msgstr "" | |
5843 | - | |
5844 | -#. type: Plain text | |
5845 | -#: original/man8/iptables-extensions.8:1508 | |
5846 | -msgid "" | |
5847 | -"Matches packets with the given TOS mark value. If a mask is specified, it is " | |
5848 | -"logically ANDed with the TOS mark before the comparison." | |
5849 | -msgstr "" | |
5850 | - | |
5851 | -#. type: TP | |
5852 | -#: original/man8/iptables-extensions.8:1508 | |
5853 | -#, no-wrap | |
5854 | -msgid "[B<!>] B<--tos> I<symbol>" | |
5855 | -msgstr "" | |
5856 | - | |
5857 | -#. type: Plain text | |
5858 | -#: original/man8/iptables-extensions.8:1513 | |
5859 | -msgid "" | |
5860 | -"You can specify a symbolic name when using the tos match for IPv4. The list " | |
5861 | -"of recognized TOS names can be obtained by calling iptables with B<-m tos " | |
5862 | -"-h>. Note that this implies a mask of 0x3F, i.e. all but the ECN bits." | |
5863 | -msgstr "" | |
5864 | - | |
5865 | -#. type: SS | |
5866 | -#: original/man8/iptables-extensions.8:1513 | |
5867 | -#, no-wrap | |
5868 | -msgid "ttl (IPv4-specific)" | |
5869 | -msgstr "" | |
5870 | - | |
5871 | -#. type: Plain text | |
5872 | -#: original/man8/iptables-extensions.8:1515 | |
5873 | -msgid "This module matches the time to live field in the IP header." | |
5874 | -msgstr "" | |
5875 | - | |
5876 | -#. type: TP | |
5877 | -#: original/man8/iptables-extensions.8:1515 | |
5878 | -#, no-wrap | |
5879 | -msgid "[B<!>] B<--ttl-eq> I<ttl>" | |
5880 | -msgstr "" | |
5881 | - | |
5882 | -#. type: Plain text | |
5883 | -#: original/man8/iptables-extensions.8:1518 | |
5884 | -msgid "Matches the given TTL value." | |
5885 | -msgstr "" | |
5886 | - | |
5887 | -#. type: TP | |
5888 | -#: original/man8/iptables-extensions.8:1518 | |
5889 | -#, no-wrap | |
5890 | -msgid "B<--ttl-gt> I<ttl>" | |
5891 | -msgstr "" | |
5892 | - | |
5893 | -#. type: Plain text | |
5894 | -#: original/man8/iptables-extensions.8:1521 | |
5895 | -msgid "Matches if TTL is greater than the given TTL value." | |
5896 | -msgstr "" | |
5897 | - | |
5898 | -#. type: TP | |
5899 | -#: original/man8/iptables-extensions.8:1521 | |
5900 | -#, no-wrap | |
5901 | -msgid "B<--ttl-lt> I<ttl>" | |
5902 | -msgstr "" | |
5903 | - | |
5904 | -#. type: Plain text | |
5905 | -#: original/man8/iptables-extensions.8:1524 | |
5906 | -msgid "Matches if TTL is less than the given TTL value." | |
5907 | -msgstr "" | |
5908 | - | |
5909 | -#. type: SS | |
5910 | -#: original/man8/iptables-extensions.8:1524 | |
5911 | -#, no-wrap | |
5912 | -msgid "u32" | |
5913 | -msgstr "" | |
5914 | - | |
5915 | -#. type: Plain text | |
5916 | -#: original/man8/iptables-extensions.8:1528 | |
5917 | -msgid "" | |
5918 | -"U32 tests whether quantities of up to 4 bytes extracted from a packet have " | |
5919 | -"specified values. The specification of what to extract is general enough to " | |
5920 | -"find data at given offsets from tcp headers or payloads." | |
5921 | -msgstr "" | |
5922 | - | |
5923 | -#. type: TP | |
5924 | -#: original/man8/iptables-extensions.8:1528 | |
5925 | -#, no-wrap | |
5926 | -msgid "[B<!>] B<--u32> I<tests>" | |
5927 | -msgstr "" | |
5928 | - | |
5929 | -#. type: Plain text | |
5930 | -#: original/man8/iptables-extensions.8:1531 | |
5931 | -msgid "The argument amounts to a program in a small language described below." | |
5932 | -msgstr "" | |
5933 | - | |
5934 | -#. type: Plain text | |
5935 | -#: original/man8/iptables-extensions.8:1533 | |
5936 | -msgid "tests := location \"=\" value | tests \"&&\" location \"=\" value" | |
5937 | -msgstr "" | |
5938 | - | |
5939 | -#. type: Plain text | |
5940 | -#: original/man8/iptables-extensions.8:1535 | |
5941 | -msgid "value := range | value \",\" range" | |
5942 | -msgstr "" | |
5943 | - | |
5944 | -#. type: Plain text | |
5945 | -#: original/man8/iptables-extensions.8:1537 | |
5946 | -msgid "range := number | number \":\" number" | |
5947 | -msgstr "" | |
5948 | - | |
5949 | -#. type: Plain text | |
5950 | -#: original/man8/iptables-extensions.8:1540 | |
5951 | -msgid "" | |
5952 | -"a single number, I<n>, is interpreted the same as I<n:n>. I<n:m> is " | |
5953 | -"interpreted as the range of numbers B<E<gt>=n> and B<E<lt>=m>." | |
5954 | -msgstr "" | |
5955 | - | |
5956 | -#. type: Plain text | |
5957 | -#: original/man8/iptables-extensions.8:1542 | |
5958 | -msgid "location := number | location operator number" | |
5959 | -msgstr "" | |
5960 | - | |
5961 | -#. type: Plain text | |
5962 | -#: original/man8/iptables-extensions.8:1544 | |
5963 | -msgid "operator := \"&\" | \"E<lt>E<lt>\" | \"E<gt>E<gt>\" | \"@\"" | |
5964 | -msgstr "" | |
5965 | - | |
5966 | -#. type: Plain text | |
5967 | -#: original/man8/iptables-extensions.8:1549 | |
5968 | -msgid "" | |
5969 | -"The operators B<&>, B<E<lt>E<lt>>, B<E<gt>E<gt>> and B<&&> mean the same as " | |
5970 | -"in C. The B<=> is really a set membership operator and the value syntax " | |
5971 | -"describes a set. The B<@> operator is what allows moving to the next header " | |
5972 | -"and is described further below." | |
5973 | -msgstr "" | |
5974 | - | |
5975 | -#. type: Plain text | |
5976 | -#: original/man8/iptables-extensions.8:1552 | |
5977 | -msgid "" | |
5978 | -"There are currently some artificial implementation limits on the size of the " | |
5979 | -"tests:" | |
5980 | -msgstr "" | |
5981 | - | |
5982 | -#. type: IP | |
5983 | -#: original/man8/iptables-extensions.8:1552 original/man8/iptables-extensions.8:1554 original/man8/iptables-extensions.8:1556 | |
5984 | -#, no-wrap | |
5985 | -msgid " *" | |
5986 | -msgstr "" | |
5987 | - | |
5988 | -#. type: Plain text | |
5989 | -#: original/man8/iptables-extensions.8:1554 | |
5990 | -msgid "no more than 10 of \"B<=>\" (and 9 \"B<&&>\"s) in the u32 argument" | |
5991 | -msgstr "" | |
5992 | - | |
5993 | -#. type: Plain text | |
5994 | -#: original/man8/iptables-extensions.8:1556 | |
5995 | -msgid "no more than 10 ranges (and 9 commas) per value" | |
5996 | -msgstr "" | |
5997 | - | |
5998 | -#. type: Plain text | |
5999 | -#: original/man8/iptables-extensions.8:1558 | |
6000 | -msgid "no more than 10 numbers (and 9 operators) per location" | |
6001 | -msgstr "" | |
6002 | - | |
6003 | -#. type: Plain text | |
6004 | -#: original/man8/iptables-extensions.8:1561 | |
6005 | -msgid "" | |
6006 | -"To describe the meaning of location, imagine the following machine that " | |
6007 | -"interprets it. There are three registers:" | |
6008 | -msgstr "" | |
6009 | - | |
6010 | -#. type: Plain text | |
6011 | -#: original/man8/iptables-extensions.8:1563 | |
6012 | -msgid "A is of type B<char *>, initially the address of the IP header" | |
6013 | -msgstr "" | |
6014 | - | |
6015 | -#. type: Plain text | |
6016 | -#: original/man8/iptables-extensions.8:1565 | |
6017 | -msgid "B and C are unsigned 32 bit integers, initially zero" | |
6018 | -msgstr "" | |
6019 | - | |
6020 | -#. type: Plain text | |
6021 | -#: original/man8/iptables-extensions.8:1567 | |
6022 | -msgid "The instructions are:" | |
6023 | -msgstr "" | |
6024 | - | |
6025 | -#. type: Plain text | |
6026 | -#: original/man8/iptables-extensions.8:1569 | |
6027 | -msgid "number B = number;" | |
6028 | -msgstr "" | |
6029 | - | |
6030 | -#. type: Plain text | |
6031 | -#: original/man8/iptables-extensions.8:1571 | |
6032 | -msgid "" | |
6033 | -"C = (*(A+B)E<lt>E<lt>24) + (*(A+B+1)E<lt>E<lt>16) + (*(A+B+2)E<lt>E<lt>8) + " | |
6034 | -"*(A+B+3)" | |
6035 | -msgstr "" | |
6036 | - | |
6037 | -#. type: Plain text | |
6038 | -#: original/man8/iptables-extensions.8:1573 | |
6039 | -msgid "&number C = C & number" | |
6040 | -msgstr "" | |
6041 | - | |
6042 | -#. type: Plain text | |
6043 | -#: original/man8/iptables-extensions.8:1575 | |
6044 | -msgid "E<lt>E<lt> number C = C E<lt>E<lt> number" | |
6045 | -msgstr "" | |
6046 | - | |
6047 | -#. type: Plain text | |
6048 | -#: original/man8/iptables-extensions.8:1577 | |
6049 | -msgid "E<gt>E<gt> number C = C E<gt>E<gt> number" | |
6050 | -msgstr "" | |
6051 | - | |
6052 | -#. type: Plain text | |
6053 | -#: original/man8/iptables-extensions.8:1579 | |
6054 | -msgid "@number A = A + C; then do the instruction number" | |
6055 | -msgstr "" | |
6056 | - | |
6057 | -#. type: Plain text | |
6058 | -#: original/man8/iptables-extensions.8:1582 | |
6059 | -msgid "" | |
6060 | -"Any access of memory outside [skb-E<gt>data,skb-E<gt>end] causes the match " | |
6061 | -"to fail. Otherwise the result of the computation is the final value of C." | |
6062 | -msgstr "" | |
6063 | - | |
6064 | -#. type: Plain text | |
6065 | -#: original/man8/iptables-extensions.8:1586 | |
6066 | -msgid "" | |
6067 | -"Whitespace is allowed but not required in the tests. However, the characters " | |
6068 | -"that do occur there are likely to require shell quoting, so it is a good " | |
6069 | -"idea to enclose the arguments in quotes." | |
6070 | -msgstr "" | |
6071 | - | |
6072 | -#. type: Plain text | |
6073 | -#: original/man8/iptables-extensions.8:1590 | |
6074 | -msgid "match IP packets with total length E<gt>= 256" | |
6075 | -msgstr "" | |
6076 | - | |
6077 | -#. type: Plain text | |
6078 | -#: original/man8/iptables-extensions.8:1592 | |
6079 | -msgid "The IP header contains a total length field in bytes 2-3." | |
6080 | -msgstr "" | |
6081 | - | |
6082 | -#. type: Plain text | |
6083 | -#: original/man8/iptables-extensions.8:1594 | |
6084 | -msgid "--u32 \"B<0 & 0xFFFF = 0x100:0xFFFF>\"" | |
6085 | -msgstr "" | |
6086 | - | |
6087 | -#. type: Plain text | |
6088 | -#: original/man8/iptables-extensions.8:1596 | |
6089 | -msgid "read bytes 0-3" | |
6090 | -msgstr "" | |
6091 | - | |
6092 | -#. type: Plain text | |
6093 | -#: original/man8/iptables-extensions.8:1599 | |
6094 | -msgid "" | |
6095 | -"AND that with 0xFFFF (giving bytes 2-3), and test whether that is in the " | |
6096 | -"range [0x100:0xFFFF]" | |
6097 | -msgstr "" | |
6098 | - | |
6099 | -#. type: Plain text | |
6100 | -#: original/man8/iptables-extensions.8:1601 | |
6101 | -msgid "Example: (more realistic, hence more complicated)" | |
6102 | -msgstr "" | |
6103 | - | |
6104 | -#. type: Plain text | |
6105 | -#: original/man8/iptables-extensions.8:1603 | |
6106 | -msgid "match ICMP packets with icmp type 0" | |
6107 | -msgstr "" | |
6108 | - | |
6109 | -#. type: Plain text | |
6110 | -#: original/man8/iptables-extensions.8:1605 | |
6111 | -msgid "First test that it is an ICMP packet, true iff byte 9 (protocol) = 1" | |
6112 | -msgstr "" | |
6113 | - | |
6114 | -#. type: Plain text | |
6115 | -#: original/man8/iptables-extensions.8:1607 | |
6116 | -msgid "--u32 \"B<6 & 0xFF = 1 &&> ..." | |
6117 | -msgstr "" | |
6118 | - | |
6119 | -#. type: Plain text | |
6120 | -#: original/man8/iptables-extensions.8:1614 | |
6121 | -msgid "" | |
6122 | -"read bytes 6-9, use B<&> to throw away bytes 6-8 and compare the result to " | |
6123 | -"1. Next test that it is not a fragment. (If so, it might be part of such a " | |
6124 | -"packet but we cannot always tell.) N.B.: This test is generally needed if " | |
6125 | -"you want to match anything beyond the IP header. The last 6 bits of byte 6 " | |
6126 | -"and all of byte 7 are 0 iff this is a complete packet (not a " | |
6127 | -"fragment). Alternatively, you can allow first fragments by only testing the " | |
6128 | -"last 5 bits of byte 6." | |
6129 | -msgstr "" | |
6130 | - | |
6131 | -#. type: Plain text | |
6132 | -#: original/man8/iptables-extensions.8:1616 | |
6133 | -msgid "... B<4 & 0x3FFF = 0 &&> ..." | |
6134 | -msgstr "" | |
6135 | - | |
6136 | -#. type: Plain text | |
6137 | -#: original/man8/iptables-extensions.8:1620 | |
6138 | -msgid "" | |
6139 | -"Last test: the first byte past the IP header (the type) is 0. This is where " | |
6140 | -"we have to use the @syntax. The length of the IP header (IHL) in 32 bit " | |
6141 | -"words is stored in the right half of byte 0 of the IP header itself." | |
6142 | -msgstr "" | |
6143 | - | |
6144 | -#. type: Plain text | |
6145 | -#: original/man8/iptables-extensions.8:1622 | |
6146 | -msgid "... B<0 E<gt>E<gt> 22 & 0x3C @ 0 E<gt>E<gt> 24 = 0>\"" | |
6147 | -msgstr "" | |
6148 | - | |
6149 | -#. type: Plain text | |
6150 | -#: original/man8/iptables-extensions.8:1634 | |
6151 | -msgid "" | |
6152 | -"The first 0 means read bytes 0-3, B<E<gt>E<gt>22> means shift that 22 bits " | |
6153 | -"to the right. Shifting 24 bits would give the first byte, so only 22 bits is " | |
6154 | -"four times that plus a few more bits. B<&3C> then eliminates the two extra " | |
6155 | -"bits on the right and the first four bits of the first byte. For instance, " | |
6156 | -"if IHL=5, then the IP header is 20 (4 x 5) bytes long. In this case, bytes " | |
6157 | -"0-1 are (in binary) xxxx0101 yyzzzzzz, B<E<gt>E<gt>22> gives the 10 bit " | |
6158 | -"value xxxx0101yy and B<&3C> gives 010100. B<@> means to use this number as a " | |
6159 | -"new offset into the packet, and read four bytes starting from there. This is " | |
6160 | -"the first 4 bytes of the ICMP payload, of which byte 0 is the ICMP " | |
6161 | -"type. Therefore, we simply shift the value 24 to the right to throw out all " | |
6162 | -"but the first byte and compare the result with 0." | |
6163 | -msgstr "" | |
6164 | - | |
6165 | -#. type: Plain text | |
6166 | -#: original/man8/iptables-extensions.8:1638 | |
6167 | -msgid "TCP payload bytes 8-12 is any of 1, 2, 5 or 8" | |
6168 | -msgstr "" | |
6169 | - | |
6170 | -#. type: Plain text | |
6171 | -#: original/man8/iptables-extensions.8:1640 | |
6172 | -msgid "First we test that the packet is a tcp packet (similar to ICMP)." | |
6173 | -msgstr "" | |
6174 | - | |
6175 | -#. type: Plain text | |
6176 | -#: original/man8/iptables-extensions.8:1642 | |
6177 | -msgid "--u32 \"B<6 & 0xFF = 6 &&> ..." | |
6178 | -msgstr "" | |
6179 | - | |
6180 | -#. type: Plain text | |
6181 | -#: original/man8/iptables-extensions.8:1644 | |
6182 | -msgid "Next, test that it is not a fragment (same as above)." | |
6183 | -msgstr "" | |
6184 | - | |
6185 | -#. type: Plain text | |
6186 | -#: original/man8/iptables-extensions.8:1646 | |
6187 | -msgid "... B<0 E<gt>E<gt> 22 & 0x3C @ 12 E<gt>E<gt> 26 & 0x3C @ 8 = 1,2,5,8>\"" | |
6188 | -msgstr "" | |
6189 | - | |
6190 | -#. type: Plain text | |
6191 | -#: original/man8/iptables-extensions.8:1654 | |
6192 | -msgid "" | |
6193 | -"B<0E<gt>E<gt>22&3C> as above computes the number of bytes in the IP " | |
6194 | -"header. B<@> makes this the new offset into the packet, which is the start " | |
6195 | -"of the TCP header. The length of the TCP header (again in 32 bit words) is " | |
6196 | -"the left half of byte 12 of the TCP header. The B<12E<gt>E<gt>26&3C> " | |
6197 | -"computes this length in bytes (similar to the IP header before). \"@\" makes " | |
6198 | -"this the new offset, which is the start of the TCP payload. Finally, 8 reads " | |
6199 | -"bytes 8-12 of the payload and B<=> checks whether the result is any of 1, 2, " | |
6200 | -"5 or 8." | |
6201 | -msgstr "" | |
6202 | - | |
6203 | -#. type: SS | |
6204 | -#: original/man8/iptables-extensions.8:1654 | |
6205 | -#, no-wrap | |
6206 | -msgid "udp" | |
6207 | -msgstr "" | |
6208 | - | |
6209 | -#. type: Plain text | |
6210 | -#: original/man8/iptables-extensions.8:1657 | |
6211 | -msgid "" | |
6212 | -"These extensions can be used if `--protocol udp' is specified. It provides " | |
6213 | -"the following options:" | |
6214 | -msgstr "" | |
6215 | - | |
6216 | -#. type: Plain text | |
6217 | -#: original/man8/iptables-extensions.8:1663 | |
6218 | -msgid "" | |
6219 | -"Source port or port range specification. See the description of the " | |
6220 | -"B<--source-port> option of the TCP extension for details." | |
6221 | -msgstr "" | |
6222 | - | |
6223 | -#. type: Plain text | |
6224 | -#: original/man8/iptables-extensions.8:1669 | |
6225 | -msgid "" | |
6226 | -"Destination port or port range specification. See the description of the " | |
6227 | -"B<--destination-port> option of the TCP extension for details." | |
6228 | -msgstr "" | |
6229 | - | |
6230 | -#. type: SS | |
6231 | -#: original/man8/iptables-extensions.8:1669 | |
6232 | -#, no-wrap | |
6233 | -msgid "unclean (IPv4-specific)" | |
6234 | -msgstr "" | |
6235 | - | |
6236 | -#. type: Plain text | |
6237 | -#: original/man8/iptables-extensions.8:1672 | |
6238 | -msgid "" | |
6239 | -"This module takes no options, but attempts to match packets which seem " | |
6240 | -"malformed or unusual. This is regarded as experimental." | |
6241 | -msgstr "" | |
6242 | - | |
6243 | -#. type: SH | |
6244 | -#: original/man8/iptables-extensions.8:1672 | |
6245 | -#, no-wrap | |
6246 | -msgid "TARGET EXTENSIONS" | |
6247 | -msgstr "" | |
6248 | - | |
6249 | -#. @TARGET@ | |
6250 | -#. type: Plain text | |
6251 | -#: original/man8/iptables-extensions.8:1676 | |
6252 | -msgid "" | |
6253 | -"iptables can use extended target modules: the following are included in the " | |
6254 | -"standard distribution." | |
6255 | -msgstr "" | |
6256 | - | |
6257 | -#. type: SS | |
6258 | -#: original/man8/iptables-extensions.8:1676 | |
6259 | -#, no-wrap | |
6260 | -msgid "AUDIT" | |
6261 | -msgstr "" | |
6262 | - | |
6263 | -#. type: Plain text | |
6264 | -#: original/man8/iptables-extensions.8:1680 | |
6265 | -msgid "" | |
6266 | -"This target allows to create audit records for packets hitting the target. " | |
6267 | -"It can be used to record accepted, dropped, and rejected packets. See " | |
6268 | -"auditd(8) for additional details." | |
6269 | -msgstr "" | |
6270 | - | |
6271 | -#. type: TP | |
6272 | -#: original/man8/iptables-extensions.8:1680 | |
6273 | -#, no-wrap | |
6274 | -msgid "B<--type> {B<accept>|B<drop>|B<reject>}" | |
6275 | -msgstr "" | |
6276 | - | |
6277 | -#. type: Plain text | |
6278 | -#: original/man8/iptables-extensions.8:1683 | |
6279 | -msgid "Set type of audit record." | |
6280 | -msgstr "" | |
6281 | - | |
6282 | -#. type: Plain text | |
6283 | -#: original/man8/iptables-extensions.8:1687 | |
6284 | -msgid "iptables -N AUDIT_DROP" | |
6285 | -msgstr "" | |
6286 | - | |
6287 | -#. type: Plain text | |
6288 | -#: original/man8/iptables-extensions.8:1689 | |
6289 | -msgid "iptables -A AUDIT_DROP -j AUDIT --type drop" | |
6290 | -msgstr "" | |
6291 | - | |
6292 | -#. type: Plain text | |
6293 | -#: original/man8/iptables-extensions.8:1691 | |
6294 | -msgid "iptables -A AUDIT_DROP -j DROP" | |
6295 | -msgstr "" | |
6296 | - | |
6297 | -#. type: SS | |
6298 | -#: original/man8/iptables-extensions.8:1691 | |
6299 | -#, no-wrap | |
6300 | -msgid "CHECKSUM" | |
6301 | -msgstr "" | |
6302 | - | |
6303 | -#. type: Plain text | |
6304 | -#: original/man8/iptables-extensions.8:1694 | |
6305 | -msgid "" | |
6306 | -"This target allows to selectively work around broken/old applications. It " | |
6307 | -"can only be used in the mangle table." | |
6308 | -msgstr "" | |
6309 | - | |
6310 | -#. type: TP | |
6311 | -#: original/man8/iptables-extensions.8:1694 | |
6312 | -#, no-wrap | |
6313 | -msgid "B<--checksum-fill>" | |
6314 | -msgstr "" | |
6315 | - | |
6316 | -#. type: Plain text | |
6317 | -#: original/man8/iptables-extensions.8:1700 | |
6318 | -msgid "" | |
6319 | -"Compute and fill in the checksum in a packet that lacks a checksum. This is " | |
6320 | -"particularly useful, if you need to work around old applications such as " | |
6321 | -"dhcp clients, that do not work well with checksum offloads, but don't want " | |
6322 | -"to disable checksum offload in your device." | |
6323 | -msgstr "" | |
6324 | - | |
6325 | -#. type: SS | |
6326 | -#: original/man8/iptables-extensions.8:1700 | |
6327 | -#, no-wrap | |
6328 | -msgid "CLASSIFY" | |
6329 | -msgstr "" | |
6330 | - | |
6331 | -#. type: Plain text | |
6332 | -#: original/man8/iptables-extensions.8:1702 | |
6333 | -msgid "" | |
6334 | -"This module allows you to set the skb-E<gt>priority value (and thus classify " | |
6335 | -"the packet into a specific CBQ class)." | |
6336 | -msgstr "" | |
6337 | - | |
6338 | -#. type: TP | |
6339 | -#: original/man8/iptables-extensions.8:1702 | |
6340 | -#, no-wrap | |
6341 | -msgid "B<--set-class> I<major>B<:>I<minor>" | |
6342 | -msgstr "" | |
6343 | - | |
6344 | -#. type: Plain text | |
6345 | -#: original/man8/iptables-extensions.8:1706 | |
6346 | -msgid "" | |
6347 | -"Set the major and minor class value. The values are always interpreted as " | |
6348 | -"hexadecimal even if no 0x prefix is given." | |
6349 | -msgstr "" | |
6350 | - | |
6351 | -#. type: SS | |
6352 | -#: original/man8/iptables-extensions.8:1706 | |
6353 | -#, no-wrap | |
6354 | -msgid "CLUSTERIP (IPv4-specific)" | |
6355 | -msgstr "" | |
6356 | - | |
6357 | -#. type: Plain text | |
6358 | -#: original/man8/iptables-extensions.8:1711 | |
6359 | -msgid "" | |
6360 | -"This module allows you to configure a simple cluster of nodes that share a " | |
6361 | -"certain IP and MAC address without an explicit load balancer in front of " | |
6362 | -"them. Connections are statically distributed between the nodes in this " | |
6363 | -"cluster." | |
6364 | -msgstr "" | |
6365 | - | |
6366 | -#. type: TP | |
6367 | -#: original/man8/iptables-extensions.8:1711 | |
6368 | -#, no-wrap | |
6369 | -msgid "B<--new>" | |
6370 | -msgstr "" | |
6371 | - | |
6372 | -#. type: Plain text | |
6373 | -#: original/man8/iptables-extensions.8:1715 | |
6374 | -msgid "" | |
6375 | -"Create a new ClusterIP. You always have to set this on the first rule for a " | |
6376 | -"given ClusterIP." | |
6377 | -msgstr "" | |
6378 | - | |
6379 | -#. type: TP | |
6380 | -#: original/man8/iptables-extensions.8:1715 | |
6381 | -#, no-wrap | |
6382 | -msgid "B<--hashmode> I<mode>" | |
6383 | -msgstr "" | |
6384 | - | |
6385 | -#. type: Plain text | |
6386 | -#: original/man8/iptables-extensions.8:1719 | |
6387 | -msgid "" | |
6388 | -"Specify the hashing mode. Has to be one of B<sourceip>, " | |
6389 | -"B<sourceip-sourceport>, B<sourceip-sourceport-destport>." | |
6390 | -msgstr "" | |
6391 | - | |
6392 | -#. type: TP | |
6393 | -#: original/man8/iptables-extensions.8:1719 | |
6394 | -#, no-wrap | |
6395 | -msgid "B<--clustermac> I<mac>" | |
6396 | -msgstr "" | |
6397 | - | |
6398 | -#. type: Plain text | |
6399 | -#: original/man8/iptables-extensions.8:1722 | |
6400 | -msgid "Specify the ClusterIP MAC address. Has to be a link-layer multicast address" | |
6401 | -msgstr "" | |
6402 | - | |
6403 | -#. type: TP | |
6404 | -#: original/man8/iptables-extensions.8:1722 | |
6405 | -#, no-wrap | |
6406 | -msgid "B<--total-nodes> I<num>" | |
6407 | -msgstr "" | |
6408 | - | |
6409 | -#. type: Plain text | |
6410 | -#: original/man8/iptables-extensions.8:1725 | |
6411 | -msgid "Number of total nodes within this cluster." | |
6412 | -msgstr "" | |
6413 | - | |
6414 | -#. type: TP | |
6415 | -#: original/man8/iptables-extensions.8:1725 | |
6416 | -#, no-wrap | |
6417 | -msgid "B<--local-node> I<num>" | |
6418 | -msgstr "" | |
6419 | - | |
6420 | -#. type: Plain text | |
6421 | -#: original/man8/iptables-extensions.8:1728 | |
6422 | -msgid "Local node number within this cluster." | |
6423 | -msgstr "" | |
6424 | - | |
6425 | -#. type: TP | |
6426 | -#: original/man8/iptables-extensions.8:1728 | |
6427 | -#, no-wrap | |
6428 | -msgid "B<--hash-init> I<rnd>" | |
6429 | -msgstr "" | |
6430 | - | |
6431 | -#. type: Plain text | |
6432 | -#: original/man8/iptables-extensions.8:1731 | |
6433 | -msgid "Specify the random seed used for hash initialization." | |
6434 | -msgstr "" | |
6435 | - | |
6436 | -#. type: SS | |
6437 | -#: original/man8/iptables-extensions.8:1731 | |
6438 | -#, no-wrap | |
6439 | -msgid "CONNMARK" | |
6440 | -msgstr "" | |
6441 | - | |
6442 | -#. type: Plain text | |
6443 | -#: original/man8/iptables-extensions.8:1734 | |
6444 | -msgid "" | |
6445 | -"This module sets the netfilter mark value associated with a connection. The " | |
6446 | -"mark is 32 bits wide." | |
6447 | -msgstr "" | |
6448 | - | |
6449 | -#. type: TP | |
6450 | -#: original/man8/iptables-extensions.8:1734 original/man8/iptables-extensions.8:2100 | |
6451 | -#, no-wrap | |
6452 | -msgid "B<--set-xmark> I<value>[B</>I<mask>]" | |
6453 | -msgstr "" | |
6454 | - | |
6455 | -#. type: Plain text | |
6456 | -#: original/man8/iptables-extensions.8:1737 | |
6457 | -msgid "Zero out the bits given by I<mask> and XOR I<value> into the ctmark." | |
6458 | -msgstr "" | |
6459 | - | |
6460 | -#. type: TP | |
6461 | -#: original/man8/iptables-extensions.8:1737 | |
6462 | -#, no-wrap | |
6463 | -msgid "B<--save-mark> [B<--nfmask> I<nfmask>] [B<--ctmask> I<ctmask>]" | |
6464 | -msgstr "" | |
6465 | - | |
6466 | -#. type: Plain text | |
6467 | -#: original/man8/iptables-extensions.8:1741 | |
6468 | -msgid "" | |
6469 | -"Copy the packet mark (nfmark) to the connection mark (ctmark) using the " | |
6470 | -"given masks. The new nfmark value is determined as follows:" | |
6471 | -msgstr "" | |
6472 | - | |
6473 | -#. type: Plain text | |
6474 | -#: original/man8/iptables-extensions.8:1743 | |
6475 | -msgid "ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)" | |
6476 | -msgstr "" | |
6477 | - | |
6478 | -#. type: Plain text | |
6479 | -#: original/man8/iptables-extensions.8:1747 | |
6480 | -msgid "" | |
6481 | -"i.e. I<ctmask> defines what bits to clear and I<nfmask> what bits of the " | |
6482 | -"nfmark to XOR into the ctmark. I<ctmask> and I<nfmask> default to " | |
6483 | -"0xFFFFFFFF." | |
6484 | -msgstr "" | |
6485 | - | |
6486 | -#. type: TP | |
6487 | -#: original/man8/iptables-extensions.8:1747 | |
6488 | -#, no-wrap | |
6489 | -msgid "B<--restore-mark> [B<--nfmask> I<nfmask>] [B<--ctmask> I<ctmask>]" | |
6490 | -msgstr "" | |
6491 | - | |
6492 | -#. type: Plain text | |
6493 | -#: original/man8/iptables-extensions.8:1751 | |
6494 | -msgid "" | |
6495 | -"Copy the connection mark (ctmark) to the packet mark (nfmark) using the " | |
6496 | -"given masks. The new ctmark value is determined as follows:" | |
6497 | -msgstr "" | |
6498 | - | |
6499 | -#. type: Plain text | |
6500 | -#: original/man8/iptables-extensions.8:1753 | |
6501 | -msgid "nfmark = (nfmark & ~I<nfmask>) ^ (ctmark & I<ctmask>);" | |
6502 | -msgstr "" | |
6503 | - | |
6504 | -#. type: Plain text | |
6505 | -#: original/man8/iptables-extensions.8:1757 | |
6506 | -msgid "" | |
6507 | -"i.e. I<nfmask> defines what bits to clear and I<ctmask> what bits of the " | |
6508 | -"ctmark to XOR into the nfmark. I<ctmask> and I<nfmask> default to " | |
6509 | -"0xFFFFFFFF." | |
6510 | -msgstr "" | |
6511 | - | |
6512 | -#. type: Plain text | |
6513 | -#: original/man8/iptables-extensions.8:1759 | |
6514 | -msgid "B<--restore-mark> is only valid in the B<mangle> table." | |
6515 | -msgstr "" | |
6516 | - | |
6517 | -#. type: Plain text | |
6518 | -#: original/man8/iptables-extensions.8:1761 | |
6519 | -msgid "The following mnemonics are available for B<--set-xmark>:" | |
6520 | -msgstr "" | |
6521 | - | |
6522 | -#. type: TP | |
6523 | -#: original/man8/iptables-extensions.8:1761 original/man8/iptables-extensions.8:2110 | |
6524 | -#, no-wrap | |
6525 | -msgid "B<--and-mark> I<bits>" | |
6526 | -msgstr "" | |
6527 | - | |
6528 | -#. type: Plain text | |
6529 | -#: original/man8/iptables-extensions.8:1765 | |
6530 | -msgid "" | |
6531 | -"Binary AND the ctmark with I<bits>. (Mnemonic for B<--set-xmark " | |
6532 | -"0/>I<invbits>, where I<invbits> is the binary negation of I<bits>.)" | |
6533 | -msgstr "" | |
6534 | - | |
6535 | -#. type: TP | |
6536 | -#: original/man8/iptables-extensions.8:1765 original/man8/iptables-extensions.8:2114 | |
6537 | -#, no-wrap | |
6538 | -msgid "B<--or-mark> I<bits>" | |
6539 | -msgstr "" | |
6540 | - | |
6541 | -#. type: Plain text | |
6542 | -#: original/man8/iptables-extensions.8:1769 | |
6543 | -msgid "" | |
6544 | -"Binary OR the ctmark with I<bits>. (Mnemonic for B<--set-xmark> " | |
6545 | -"I<bits>B</>I<bits>.)" | |
6546 | -msgstr "" | |
6547 | - | |
6548 | -#. type: TP | |
6549 | -#: original/man8/iptables-extensions.8:1769 original/man8/iptables-extensions.8:2118 | |
6550 | -#, no-wrap | |
6551 | -msgid "B<--xor-mark> I<bits>" | |
6552 | -msgstr "" | |
6553 | - | |
6554 | -#. type: Plain text | |
6555 | -#: original/man8/iptables-extensions.8:1773 | |
6556 | -msgid "" | |
6557 | -"Binary XOR the ctmark with I<bits>. (Mnemonic for B<--set-xmark> " | |
6558 | -"I<bits>B</0>.)" | |
6559 | -msgstr "" | |
6560 | - | |
6561 | -#. type: TP | |
6562 | -#: original/man8/iptables-extensions.8:1773 original/man8/iptables-extensions.8:2104 | |
6563 | -#, no-wrap | |
6564 | -msgid "B<--set-mark> I<value>[B</>I<mask>]" | |
6565 | -msgstr "" | |
6566 | - | |
6567 | -#. type: Plain text | |
6568 | -#: original/man8/iptables-extensions.8:1777 | |
6569 | -msgid "" | |
6570 | -"Set the connection mark. If a mask is specified then only those bits set in " | |
6571 | -"the mask are modified." | |
6572 | -msgstr "" | |
6573 | - | |
6574 | -#. type: TP | |
6575 | -#: original/man8/iptables-extensions.8:1777 | |
6576 | -#, no-wrap | |
6577 | -msgid "B<--save-mark> [B<--mask> I<mask>]" | |
6578 | -msgstr "" | |
6579 | - | |
6580 | -#. type: Plain text | |
6581 | -#: original/man8/iptables-extensions.8:1781 | |
6582 | -msgid "" | |
6583 | -"Copy the nfmark to the ctmark. If a mask is specified, only those bits are " | |
6584 | -"copied." | |
6585 | -msgstr "" | |
6586 | - | |
6587 | -#. type: TP | |
6588 | -#: original/man8/iptables-extensions.8:1781 | |
6589 | -#, no-wrap | |
6590 | -msgid "B<--restore-mark> [B<--mask> I<mask>]" | |
6591 | -msgstr "" | |
6592 | - | |
6593 | -#. type: Plain text | |
6594 | -#: original/man8/iptables-extensions.8:1785 | |
6595 | -msgid "" | |
6596 | -"Copy the ctmark to the nfmark. If a mask is specified, only those bits are " | |
6597 | -"copied. This is only valid in the B<mangle> table." | |
6598 | -msgstr "" | |
6599 | - | |
6600 | -#. type: SS | |
6601 | -#: original/man8/iptables-extensions.8:1785 | |
6602 | -#, no-wrap | |
6603 | -msgid "CONNSECMARK" | |
6604 | -msgstr "" | |
6605 | - | |
6606 | -#. type: Plain text | |
6607 | -#: original/man8/iptables-extensions.8:1795 | |
6608 | -msgid "" | |
6609 | -"This module copies security markings from packets to connections (if " | |
6610 | -"unlabeled), and from connections back to packets (also only if unlabeled). " | |
6611 | -"Typically used in conjunction with SECMARK, it is valid in the B<security> " | |
6612 | -"table (for backwards compatibility with older kernels, it is also valid in " | |
6613 | -"the B<mangle> table)." | |
6614 | -msgstr "" | |
6615 | - | |
6616 | -#. type: TP | |
6617 | -#: original/man8/iptables-extensions.8:1795 | |
6618 | -#, no-wrap | |
6619 | -msgid "B<--save>" | |
6620 | -msgstr "" | |
6621 | - | |
6622 | -#. type: Plain text | |
6623 | -#: original/man8/iptables-extensions.8:1799 | |
6624 | -msgid "" | |
6625 | -"If the packet has a security marking, copy it to the connection if the " | |
6626 | -"connection is not marked." | |
6627 | -msgstr "" | |
6628 | - | |
6629 | -#. type: TP | |
6630 | -#: original/man8/iptables-extensions.8:1799 | |
6631 | -#, no-wrap | |
6632 | -msgid "B<--restore>" | |
6633 | -msgstr "" | |
6634 | - | |
6635 | -#. type: Plain text | |
6636 | -#: original/man8/iptables-extensions.8:1803 | |
6637 | -msgid "" | |
6638 | -"If the packet does not have a security marking, and the connection does, " | |
6639 | -"copy the security marking from the connection to the packet." | |
6640 | -msgstr "" | |
6641 | - | |
6642 | -#. type: SS | |
6643 | -#: original/man8/iptables-extensions.8:1804 | |
6644 | -#, no-wrap | |
6645 | -msgid "CT" | |
6646 | -msgstr "" | |
6647 | - | |
6648 | -#. type: Plain text | |
6649 | -#: original/man8/iptables-extensions.8:1809 | |
6650 | -msgid "" | |
6651 | -"The CT target allows to set parameters for a packet or its associated " | |
6652 | -"connection. The target attaches a \"template\" connection tracking entry to " | |
6653 | -"the packet, which is then used by the conntrack core when initializing a new " | |
6654 | -"ct entry. This target is thus only valid in the \"raw\" table." | |
6655 | -msgstr "" | |
6656 | - | |
6657 | -#. type: TP | |
6658 | -#: original/man8/iptables-extensions.8:1809 | |
6659 | -#, no-wrap | |
6660 | -msgid "B<--notrack>" | |
6661 | -msgstr "" | |
6662 | - | |
6663 | -#. type: Plain text | |
6664 | -#: original/man8/iptables-extensions.8:1812 | |
6665 | -msgid "Disables connection tracking for this packet." | |
6666 | -msgstr "" | |
6667 | - | |
6668 | -#. type: TP | |
6669 | -#: original/man8/iptables-extensions.8:1812 | |
6670 | -#, no-wrap | |
6671 | -msgid "B<--helper> I<name>" | |
6672 | -msgstr "" | |
6673 | - | |
6674 | -#. type: Plain text | |
6675 | -#: original/man8/iptables-extensions.8:1816 | |
6676 | -msgid "" | |
6677 | -"Use the helper identified by I<name> for the connection. This is more " | |
6678 | -"flexible than loading the conntrack helper modules with preset ports." | |
6679 | -msgstr "" | |
6680 | - | |
6681 | -#. type: TP | |
6682 | -#: original/man8/iptables-extensions.8:1816 | |
6683 | -#, no-wrap | |
6684 | -msgid "B<--ctevents> I<event>[B<,>...]" | |
6685 | -msgstr "" | |
6686 | - | |
6687 | -#. type: Plain text | |
6688 | -#: original/man8/iptables-extensions.8:1822 | |
6689 | -msgid "" | |
6690 | -"Only generate the specified conntrack events for this connection. Possible " | |
6691 | -"event types are: B<new>, B<related>, B<destroy>, B<reply>, B<assured>, " | |
6692 | -"B<protoinfo>, B<helper>, B<mark> (this refers to the ctmark, not nfmark), " | |
6693 | -"B<natseqinfo>, B<secmark> (ctsecmark)." | |
6694 | -msgstr "" | |
6695 | - | |
6696 | -#. type: TP | |
6697 | -#: original/man8/iptables-extensions.8:1822 | |
6698 | -#, no-wrap | |
6699 | -msgid "B<--expevents> I<event>[B<,>...]" | |
6700 | -msgstr "" | |
6701 | - | |
6702 | -#. type: Plain text | |
6703 | -#: original/man8/iptables-extensions.8:1826 | |
6704 | -msgid "" | |
6705 | -"Only generate the specified expectation events for this connection. " | |
6706 | -"Possible event types are: B<new>." | |
6707 | -msgstr "" | |
6708 | - | |
6709 | -#. type: TP | |
6710 | -#: original/man8/iptables-extensions.8:1826 | |
6711 | -#, no-wrap | |
6712 | -msgid "B<--zone> I<id>" | |
6713 | -msgstr "" | |
6714 | - | |
6715 | -#. type: Plain text | |
6716 | -#: original/man8/iptables-extensions.8:1830 | |
6717 | -msgid "" | |
6718 | -"Assign this packet to zone I<id> and only have lookups done in that zone. " | |
6719 | -"By default, packets have zone 0." | |
6720 | -msgstr "" | |
6721 | - | |
6722 | -#. type: TP | |
6723 | -#: original/man8/iptables-extensions.8:1830 | |
6724 | -#, no-wrap | |
6725 | -msgid "B<--timeout> I<name>" | |
6726 | -msgstr "" | |
6727 | - | |
6728 | -#. type: Plain text | |
6729 | -#: original/man8/iptables-extensions.8:1835 | |
6730 | -msgid "" | |
6731 | -"Use the timeout policy identified by I<name> for the connection. This is " | |
6732 | -"provides more flexible timeout policy definition than global timeout values " | |
6733 | -"available at /proc/sys/net/netfilter/nf_conntrack_*_timeout_*." | |
6734 | -msgstr "" | |
6735 | - | |
6736 | -#. type: SS | |
6737 | -#: original/man8/iptables-extensions.8:1835 | |
6738 | -#, no-wrap | |
6739 | -msgid "DNAT (IPv4-specific)" | |
6740 | -msgstr "" | |
6741 | - | |
6742 | -#. type: Plain text | |
6743 | -#: original/man8/iptables-extensions.8:1847 | |
6744 | -msgid "" | |
6745 | -"This target is only valid in the B<nat> table, in the B<PREROUTING> and " | |
6746 | -"B<OUTPUT> chains, and user-defined chains which are only called from those " | |
6747 | -"chains. It specifies that the destination address of the packet should be " | |
6748 | -"modified (and all future packets in this connection will also be mangled), " | |
6749 | -"and rules should cease being examined. It takes one type of option:" | |
6750 | -msgstr "" | |
6751 | - | |
6752 | -#. type: TP | |
6753 | -#: original/man8/iptables-extensions.8:1847 | |
6754 | -#, no-wrap | |
6755 | -msgid "B<--to-destination> [I<ipaddr>[B<->I<ipaddr>]][B<:>I<port>[B<->I<port>]]" | |
6756 | -msgstr "" | |
6757 | - | |
6758 | -#. type: Plain text | |
6759 | -#: original/man8/iptables-extensions.8:1858 | |
6760 | -msgid "" | |
6761 | -"which can specify a single new destination IP address, an inclusive range of " | |
6762 | -"IP addresses, and optionally, a port range (which is only valid if the rule " | |
6763 | -"also specifies B<-p tcp> or B<-p udp>). If no port range is specified, then " | |
6764 | -"the destination port will never be modified. If no IP address is specified " | |
6765 | -"then only the destination port will be modified." | |
6766 | -msgstr "" | |
6767 | - | |
6768 | -#. type: Plain text | |
6769 | -#: original/man8/iptables-extensions.8:1865 | |
6770 | -msgid "" | |
6771 | -"In Kernels up to 2.6.10 you can add several --to-destination options. For " | |
6772 | -"those kernels, if you specify more than one destination address, either via " | |
6773 | -"an address range or multiple --to-destination options, a simple round-robin " | |
6774 | -"(one after another in cycle) load balancing takes place between these " | |
6775 | -"addresses. Later Kernels (E<gt>= 2.6.11-rc1) don't have the ability to NAT " | |
6776 | -"to multiple ranges anymore." | |
6777 | -msgstr "" | |
6778 | - | |
6779 | -#. type: TP | |
6780 | -#: original/man8/iptables-extensions.8:1865 original/man8/iptables-extensions.8:2145 original/man8/iptables-extensions.8:2176 original/man8/iptables-extensions.8:2299 original/man8/iptables-extensions.8:2387 original/man8/iptables-extensions.8:2456 | |
6781 | -#, no-wrap | |
6782 | -msgid "B<--random>" | |
6783 | -msgstr "" | |
6784 | - | |
6785 | -#. type: Plain text | |
6786 | -#: original/man8/iptables-extensions.8:1870 original/man8/iptables-extensions.8:2304 | |
6787 | -msgid "" | |
6788 | -"If option B<--random> is used then port mapping will be randomized (kernel " | |
6789 | -"E<gt>= 2.6.22)." | |
6790 | -msgstr "" | |
6791 | - | |
6792 | -#. type: TP | |
6793 | -#: original/man8/iptables-extensions.8:1870 original/man8/iptables-extensions.8:2461 | |
6794 | -#, no-wrap | |
6795 | -msgid "B<--persistent>" | |
6796 | -msgstr "" | |
6797 | - | |
6798 | -#. type: Plain text | |
6799 | -#: original/man8/iptables-extensions.8:1875 original/man8/iptables-extensions.8:2466 | |
6800 | -msgid "" | |
6801 | -"Gives a client the same source-/destination-address for each connection. " | |
6802 | -"This supersedes the SAME target. Support for persistent mappings is " | |
6803 | -"available from 2.6.29-rc2." | |
6804 | -msgstr "" | |
6805 | - | |
6806 | -#. type: SS | |
6807 | -#: original/man8/iptables-extensions.8:1875 | |
6808 | -#, no-wrap | |
6809 | -msgid "DSCP" | |
6810 | -msgstr "" | |
6811 | - | |
6812 | -#. type: Plain text | |
6813 | -#: original/man8/iptables-extensions.8:1879 | |
6814 | -msgid "" | |
6815 | -"This target allows to alter the value of the DSCP bits within the TOS header " | |
6816 | -"of the IPv4 packet. As this manipulates a packet, it can only be used in " | |
6817 | -"the mangle table." | |
6818 | -msgstr "" | |
6819 | - | |
6820 | -#. type: TP | |
6821 | -#: original/man8/iptables-extensions.8:1879 | |
6822 | -#, no-wrap | |
6823 | -msgid "B<--set-dscp> I<value>" | |
6824 | -msgstr "" | |
6825 | - | |
6826 | -#. type: Plain text | |
6827 | -#: original/man8/iptables-extensions.8:1882 | |
6828 | -msgid "Set the DSCP field to a numerical value (can be decimal or hex)" | |
6829 | -msgstr "" | |
6830 | - | |
6831 | -#. type: TP | |
6832 | -#: original/man8/iptables-extensions.8:1882 | |
6833 | -#, no-wrap | |
6834 | -msgid "B<--set-dscp-class> I<class>" | |
6835 | -msgstr "" | |
6836 | - | |
6837 | -#. type: Plain text | |
6838 | -#: original/man8/iptables-extensions.8:1885 | |
6839 | -msgid "Set the DSCP field to a DiffServ class." | |
6840 | -msgstr "" | |
6841 | - | |
6842 | -#. type: SS | |
6843 | -#: original/man8/iptables-extensions.8:1885 | |
6844 | -#, no-wrap | |
6845 | -msgid "ECN (IPv4-specific)" | |
6846 | -msgstr "" | |
6847 | - | |
6848 | -#. type: Plain text | |
6849 | -#: original/man8/iptables-extensions.8:1888 | |
6850 | -msgid "" | |
6851 | -"This target allows to selectively work around known ECN blackholes. It can " | |
6852 | -"only be used in the mangle table." | |
6853 | -msgstr "" | |
6854 | - | |
6855 | -#. type: TP | |
6856 | -#: original/man8/iptables-extensions.8:1888 | |
6857 | -#, no-wrap | |
6858 | -msgid "B<--ecn-tcp-remove>" | |
6859 | -msgstr "" | |
6860 | - | |
6861 | -#. type: Plain text | |
6862 | -#: original/man8/iptables-extensions.8:1893 | |
6863 | -msgid "" | |
6864 | -"Remove all ECN bits from the TCP header. Of course, it can only be used in " | |
6865 | -"conjunction with B<-p tcp>." | |
6866 | -msgstr "" | |
6867 | - | |
6868 | -#. type: SS | |
6869 | -#: original/man8/iptables-extensions.8:1893 | |
6870 | -#, no-wrap | |
6871 | -msgid "HL (IPv6-specific)" | |
6872 | -msgstr "" | |
6873 | - | |
6874 | -#. type: Plain text | |
6875 | -#: original/man8/iptables-extensions.8:1900 | |
6876 | -msgid "" | |
6877 | -"This is used to modify the Hop Limit field in IPv6 header. The Hop Limit " | |
6878 | -"field is similar to what is known as TTL value in IPv4. Setting or " | |
6879 | -"incrementing the Hop Limit field can potentially be very dangerous, so it " | |
6880 | -"should be avoided at any cost. This target is only valid in B<mangle> table." | |
6881 | -msgstr "" | |
6882 | - | |
6883 | -#. type: Plain text | |
6884 | -#: original/man8/iptables-extensions.8:1902 original/man8/iptables-extensions.8:2613 | |
6885 | -msgid "" | |
6886 | -"B<Don't ever set or increment the value on packets that leave your local " | |
6887 | -"network!>" | |
6888 | -msgstr "" | |
6889 | - | |
6890 | -#. type: TP | |
6891 | -#: original/man8/iptables-extensions.8:1902 | |
6892 | -#, no-wrap | |
6893 | -msgid "B<--hl-set> I<value>" | |
6894 | -msgstr "" | |
6895 | - | |
6896 | -#. type: Plain text | |
6897 | -#: original/man8/iptables-extensions.8:1905 | |
6898 | -msgid "Set the Hop Limit to `value'." | |
6899 | -msgstr "" | |
6900 | - | |
6901 | -#. type: TP | |
6902 | -#: original/man8/iptables-extensions.8:1905 | |
6903 | -#, no-wrap | |
6904 | -msgid "B<--hl-dec> I<value>" | |
6905 | -msgstr "" | |
6906 | - | |
6907 | -#. type: Plain text | |
6908 | -#: original/man8/iptables-extensions.8:1908 | |
6909 | -msgid "Decrement the Hop Limit `value' times." | |
6910 | -msgstr "" | |
6911 | - | |
6912 | -#. type: TP | |
6913 | -#: original/man8/iptables-extensions.8:1908 | |
6914 | -#, no-wrap | |
6915 | -msgid "B<--hl-inc> I<value>" | |
6916 | -msgstr "" | |
6917 | - | |
6918 | -#. type: Plain text | |
6919 | -#: original/man8/iptables-extensions.8:1911 | |
6920 | -msgid "Increment the Hop Limit `value' times." | |
6921 | -msgstr "" | |
6922 | - | |
6923 | -#. type: SS | |
6924 | -#: original/man8/iptables-extensions.8:1911 | |
6925 | -#, no-wrap | |
6926 | -msgid "HMARK" | |
6927 | -msgstr "" | |
6928 | - | |
6929 | -#. type: Plain text | |
6930 | -#: original/man8/iptables-extensions.8:1916 | |
6931 | -msgid "" | |
6932 | -"Like MARK, i.e. set the fwmark, but the mark is calculated from hashing " | |
6933 | -"packet selector at choice. You have also to specify the mark range and, " | |
6934 | -"optionally, the offset to start from. ICMP error messages are inspected and " | |
6935 | -"used to calculate the hashing." | |
6936 | -msgstr "" | |
6937 | - | |
6938 | -#. type: Plain text | |
6939 | -#: original/man8/iptables-extensions.8:1918 | |
6940 | -msgid "Existing options are:" | |
6941 | -msgstr "" | |
6942 | - | |
6943 | -#. type: TP | |
6944 | -#: original/man8/iptables-extensions.8:1918 | |
6945 | -#, no-wrap | |
6946 | -msgid "B<--hmark-tuple> tuple" | |
6947 | -msgstr "" | |
6948 | - | |
6949 | -#. type: Plain text | |
6950 | -#: original/man8/iptables-extensions.8:1933 | |
6951 | -msgid "" | |
6952 | -"Possible tuple members are: B<src> meaning source address (IPv4, IPv6 " | |
6953 | -"address), B<dst> meaning destination address (IPv4, IPv6 address), B<sport> " | |
6954 | -"meaning source port (TCP, UDP, UDPlite, SCTP, DCCP), B<dport> meaning " | |
6955 | -"destination port (TCP, UDP, UDPlite, SCTP, DCCP), B<spi> meaning Security " | |
6956 | -"Parameter Index (AH, ESP), and B<ct> meaning the usage of the conntrack " | |
6957 | -"tuple instead of the packet selectors." | |
6958 | -msgstr "" | |
6959 | - | |
6960 | -#. type: TP | |
6961 | -#: original/man8/iptables-extensions.8:1933 | |
6962 | -#, no-wrap | |
6963 | -msgid "B<--hmark-mod> I<value (must be E<gt> 0)>" | |
6964 | -msgstr "" | |
6965 | - | |
6966 | -#. type: Plain text | |
6967 | -#: original/man8/iptables-extensions.8:1936 | |
6968 | -msgid "Modulus for hash calculation (to limit the range of possible marks)" | |
6969 | -msgstr "" | |
6970 | - | |
6971 | -#. type: TP | |
6972 | -#: original/man8/iptables-extensions.8:1936 | |
6973 | -#, no-wrap | |
6974 | -msgid "B<--hmark-offset> I<value>" | |
6975 | -msgstr "" | |
6976 | - | |
6977 | -#. type: Plain text | |
6978 | -#: original/man8/iptables-extensions.8:1939 | |
6979 | -msgid "Offset to start marks from." | |
6980 | -msgstr "" | |
6981 | - | |
6982 | -#. type: TP | |
6983 | -#: original/man8/iptables-extensions.8:1939 | |
6984 | -#, no-wrap | |
6985 | -msgid "For advanced usage, instead of using --hmark-tuple, you can specify custom" | |
6986 | -msgstr "" | |
6987 | - | |
6988 | -#. type: Plain text | |
6989 | -#: original/man8/iptables-extensions.8:1942 | |
6990 | -msgid "prefixes and masks:" | |
6991 | -msgstr "" | |
6992 | - | |
6993 | -#. type: TP | |
6994 | -#: original/man8/iptables-extensions.8:1942 | |
6995 | -#, no-wrap | |
6996 | -msgid "B<--hmark-src-prefix> I<cidr>" | |
6997 | -msgstr "" | |
6998 | - | |
6999 | -#. type: Plain text | |
7000 | -#: original/man8/iptables-extensions.8:1945 | |
7001 | -msgid "The source address mask in CIDR notation." | |
7002 | -msgstr "" | |
7003 | - | |
7004 | -#. type: TP | |
7005 | -#: original/man8/iptables-extensions.8:1945 | |
7006 | -#, no-wrap | |
7007 | -msgid "B<--hmark-dst-prefix> I<cidr>" | |
7008 | -msgstr "" | |
7009 | - | |
7010 | -#. type: Plain text | |
7011 | -#: original/man8/iptables-extensions.8:1948 | |
7012 | -msgid "The destination address mask in CIDR notation." | |
7013 | -msgstr "" | |
7014 | - | |
7015 | -#. type: TP | |
7016 | -#: original/man8/iptables-extensions.8:1948 | |
7017 | -#, no-wrap | |
7018 | -msgid "B<--hmark-sport-mask> I<value>" | |
7019 | -msgstr "" | |
7020 | - | |
7021 | -#. type: Plain text | |
7022 | -#: original/man8/iptables-extensions.8:1951 | |
7023 | -msgid "A 16 bit source port mask in hexadecimal." | |
7024 | -msgstr "" | |
7025 | - | |
7026 | -#. type: TP | |
7027 | -#: original/man8/iptables-extensions.8:1951 | |
7028 | -#, no-wrap | |
7029 | -msgid "B<--hmark-dport-mask> I<value>" | |
7030 | -msgstr "" | |
7031 | - | |
7032 | -#. type: Plain text | |
7033 | -#: original/man8/iptables-extensions.8:1954 | |
7034 | -msgid "A 16 bit destination port mask in hexadecimal." | |
7035 | -msgstr "" | |
7036 | - | |
7037 | -#. type: TP | |
7038 | -#: original/man8/iptables-extensions.8:1954 | |
7039 | -#, no-wrap | |
7040 | -msgid "B<--hmark-spi-mask> I<value>" | |
7041 | -msgstr "" | |
7042 | - | |
7043 | -#. type: Plain text | |
7044 | -#: original/man8/iptables-extensions.8:1957 | |
7045 | -msgid "A 32 bit field with spi mask." | |
7046 | -msgstr "" | |
7047 | - | |
7048 | -#. type: TP | |
7049 | -#: original/man8/iptables-extensions.8:1957 | |
7050 | -#, no-wrap | |
7051 | -msgid "B<--hmark-proto-mask> I<value>" | |
7052 | -msgstr "" | |
7053 | - | |
7054 | -#. type: Plain text | |
7055 | -#: original/man8/iptables-extensions.8:1960 | |
7056 | -msgid "An 8 bit field with layer 4 protocol number." | |
7057 | -msgstr "" | |
7058 | - | |
7059 | -#. type: TP | |
7060 | -#: original/man8/iptables-extensions.8:1960 | |
7061 | -#, no-wrap | |
7062 | -msgid "B<--hmark-rnd> I<value>" | |
7063 | -msgstr "" | |
7064 | - | |
7065 | -#. type: Plain text | |
7066 | -#: original/man8/iptables-extensions.8:1963 | |
7067 | -msgid "A 32 bit random custom value to feed hash calculation." | |
7068 | -msgstr "" | |
7069 | - | |
7070 | -#. type: Plain text | |
7071 | -#: original/man8/iptables-extensions.8:1965 | |
7072 | -msgid "I<Examples:>" | |
7073 | -msgstr "" | |
7074 | - | |
7075 | -#. type: Plain text | |
7076 | -#: original/man8/iptables-extensions.8:1969 | |
7077 | -#, no-wrap | |
7078 | -msgid "" | |
7079 | -"iptables -t mangle -A PREROUTING -m conntrack --ctstate NEW\n" | |
7080 | -" -j HMARK --hmark-tuple ct,src,dst,proto --hmark-offset 10000\n" | |
7081 | -"--hmark-mod 10 --hmark-rnd 0xfeedcafe\n" | |
7082 | -msgstr "" | |
7083 | - | |
7084 | -#. type: Plain text | |
7085 | -#: original/man8/iptables-extensions.8:1972 | |
7086 | -msgid "" | |
7087 | -"iptables -t mangle -A PREROUTING -j HMARK --hmark-offset 10000 --hmark-tuple " | |
7088 | -"src,dst,proto --hmark-mod 10 --hmark-rnd 0xdeafbeef" | |
7089 | -msgstr "" | |
7090 | - | |
7091 | -#. type: SS | |
7092 | -#: original/man8/iptables-extensions.8:1972 | |
7093 | -#, no-wrap | |
7094 | -msgid "IDLETIMER" | |
7095 | -msgstr "" | |
7096 | - | |
7097 | -#. type: Plain text | |
7098 | -#: original/man8/iptables-extensions.8:1981 | |
7099 | -msgid "" | |
7100 | -"This target can be used to identify when interfaces have been idle for a " | |
7101 | -"certain period of time. Timers are identified by labels and are created " | |
7102 | -"when a rule is set with a new label. The rules also take a timeout value " | |
7103 | -"(in seconds) as an option. If more than one rule uses the same timer label, " | |
7104 | -"the timer will be restarted whenever any of the rules get a hit. One entry " | |
7105 | -"for each timer is created in sysfs. This attribute contains the timer " | |
7106 | -"remaining for the timer to expire. The attributes are located under the " | |
7107 | -"xt_idletimer class:" | |
7108 | -msgstr "" | |
7109 | - | |
7110 | -#. type: Plain text | |
7111 | -#: original/man8/iptables-extensions.8:1983 | |
7112 | -msgid "/sys/class/xt_idletimer/timers/E<lt>labelE<gt>" | |
7113 | -msgstr "" | |
7114 | - | |
7115 | -#. type: Plain text | |
7116 | -#: original/man8/iptables-extensions.8:1986 | |
7117 | -msgid "" | |
7118 | -"When the timer expires, the target module sends a sysfs notification to the " | |
7119 | -"userspace, which can then decide what to do (eg. disconnect to save power)." | |
7120 | -msgstr "" | |
7121 | - | |
7122 | -#. type: TP | |
7123 | -#: original/man8/iptables-extensions.8:1986 | |
7124 | -#, no-wrap | |
7125 | -msgid "B<--timeout> I<amount>" | |
7126 | -msgstr "" | |
7127 | - | |
7128 | -#. type: Plain text | |
7129 | -#: original/man8/iptables-extensions.8:1989 | |
7130 | -msgid "This is the time in seconds that will trigger the notification." | |
7131 | -msgstr "" | |
7132 | - | |
7133 | -#. type: TP | |
7134 | -#: original/man8/iptables-extensions.8:1989 | |
7135 | -#, no-wrap | |
7136 | -msgid "B<--label> I<string>" | |
7137 | -msgstr "" | |
7138 | - | |
7139 | -#. type: Plain text | |
7140 | -#: original/man8/iptables-extensions.8:1993 | |
7141 | -msgid "" | |
7142 | -"This is a unique identifier for the timer. The maximum length for the label " | |
7143 | -"string is 27 characters." | |
7144 | -msgstr "" | |
7145 | - | |
7146 | -#. type: SS | |
7147 | -#: original/man8/iptables-extensions.8:1993 | |
7148 | -#, no-wrap | |
7149 | -msgid "LED" | |
7150 | -msgstr "" | |
7151 | - | |
7152 | -#. type: Plain text | |
7153 | -#: original/man8/iptables-extensions.8:1999 | |
7154 | -msgid "" | |
7155 | -"This creates an LED-trigger that can then be attached to system indicator " | |
7156 | -"lights, to blink or illuminate them when certain packets pass through the " | |
7157 | -"system. One example might be to light up an LED for a few minutes every time " | |
7158 | -"an SSH connection is made to the local machine. The following options " | |
7159 | -"control the trigger behavior:" | |
7160 | -msgstr "" | |
7161 | - | |
7162 | -#. type: TP | |
7163 | -#: original/man8/iptables-extensions.8:1999 | |
7164 | -#, no-wrap | |
7165 | -msgid "B<--led-trigger-id> I<name>" | |
7166 | -msgstr "" | |
7167 | - | |
7168 | -#. type: Plain text | |
7169 | -#: original/man8/iptables-extensions.8:2003 | |
7170 | -msgid "" | |
7171 | -"This is the name given to the LED trigger. The actual name of the trigger " | |
7172 | -"will be prefixed with \"netfilter-\"." | |
7173 | -msgstr "" | |
7174 | - | |
7175 | -#. type: TP | |
7176 | -#: original/man8/iptables-extensions.8:2003 | |
7177 | -#, no-wrap | |
7178 | -msgid "B<--led-delay> I<ms>" | |
7179 | -msgstr "" | |
7180 | - | |
7181 | -#. type: Plain text | |
7182 | -#: original/man8/iptables-extensions.8:2011 | |
7183 | -msgid "" | |
7184 | -"This indicates how long (in milliseconds) the LED should be left illuminated " | |
7185 | -"when a packet arrives before being switched off again. The default is 0 " | |
7186 | -"(blink as fast as possible.) The special value I<inf> can be given to leave " | |
7187 | -"the LED on permanently once activated. (In this case the trigger will need " | |
7188 | -"to be manually detached and reattached to the LED device to switch it off " | |
7189 | -"again.)" | |
7190 | -msgstr "" | |
7191 | - | |
7192 | -#. type: TP | |
7193 | -#: original/man8/iptables-extensions.8:2011 | |
7194 | -#, no-wrap | |
7195 | -msgid "B<--led-always-blink>" | |
7196 | -msgstr "" | |
7197 | - | |
7198 | -#. type: Plain text | |
7199 | -#: original/man8/iptables-extensions.8:2016 | |
7200 | -msgid "" | |
7201 | -"Always make the LED blink on packet arrival, even if the LED is already on. " | |
7202 | -"This allows notification of new packets even with long delay values (which " | |
7203 | -"otherwise would result in a silent prolonging of the delay time.)" | |
7204 | -msgstr "" | |
7205 | - | |
7206 | -#. type: TP | |
7207 | -#: original/man8/iptables-extensions.8:2018 | |
7208 | -#, no-wrap | |
7209 | -msgid "Create an LED trigger for incoming SSH traffic:" | |
7210 | -msgstr "" | |
7211 | - | |
7212 | -#. type: Plain text | |
7213 | -#: original/man8/iptables-extensions.8:2021 | |
7214 | -msgid "iptables -A INPUT -p tcp --dport 22 -j LED --led-trigger-id ssh" | |
7215 | -msgstr "" | |
7216 | - | |
7217 | -#. type: TP | |
7218 | -#: original/man8/iptables-extensions.8:2021 | |
7219 | -#, no-wrap | |
7220 | -msgid "Then attach the new trigger to an LED:" | |
7221 | -msgstr "" | |
7222 | - | |
7223 | -#. type: Plain text | |
7224 | -#: original/man8/iptables-extensions.8:2024 | |
7225 | -msgid "echo netfilter-ssh E<gt>/sys/class/leds/I<ledname>/trigger" | |
7226 | -msgstr "" | |
7227 | - | |
7228 | -#. type: SS | |
7229 | -#: original/man8/iptables-extensions.8:2024 | |
7230 | -#, no-wrap | |
7231 | -msgid "LOG (IPv6-specific)" | |
7232 | -msgstr "" | |
7233 | - | |
7234 | -#. type: Plain text | |
7235 | -#: original/man8/iptables-extensions.8:2036 | |
7236 | -msgid "" | |
7237 | -"Turn on kernel logging of matching packets. When this option is set for a " | |
7238 | -"rule, the Linux kernel will print some information on all matching packets " | |
7239 | -"(like most IPv6 IPv6-header fields) via the kernel log (where it can be read " | |
7240 | -"with I<dmesg> or I<syslogd>(8)). This is a \"non-terminating target\", " | |
7241 | -"i.e. rule traversal continues at the next rule. So if you want to LOG the " | |
7242 | -"packets you refuse, use two separate rules with the same matching criteria, " | |
7243 | -"first using target LOG then DROP (or REJECT)." | |
7244 | -msgstr "" | |
7245 | - | |
7246 | -#. type: TP | |
7247 | -#: original/man8/iptables-extensions.8:2036 original/man8/iptables-extensions.8:2071 | |
7248 | -#, no-wrap | |
7249 | -msgid "B<--log-level> I<level>" | |
7250 | -msgstr "" | |
7251 | - | |
7252 | -#. type: Plain text | |
7253 | -#: original/man8/iptables-extensions.8:2042 original/man8/iptables-extensions.8:2077 | |
7254 | -msgid "" | |
7255 | -"Level of logging, which can be (system-specific) numeric or a mnemonic. " | |
7256 | -"Possible values are (in decreasing order of priority): B<emerg>, B<alert>, " | |
7257 | -"B<crit>, B<error>, B<warning>, B<notice>, B<info> or B<debug>." | |
7258 | -msgstr "" | |
7259 | - | |
7260 | -#. type: TP | |
7261 | -#: original/man8/iptables-extensions.8:2042 original/man8/iptables-extensions.8:2077 | |
7262 | -#, no-wrap | |
7263 | -msgid "B<--log-prefix> I<prefix>" | |
7264 | -msgstr "" | |
7265 | - | |
7266 | -#. type: Plain text | |
7267 | -#: original/man8/iptables-extensions.8:2046 original/man8/iptables-extensions.8:2081 | |
7268 | -msgid "" | |
7269 | -"Prefix log messages with the specified prefix; up to 29 letters long, and " | |
7270 | -"useful for distinguishing messages in the logs." | |
7271 | -msgstr "" | |
7272 | - | |
7273 | -#. type: TP | |
7274 | -#: original/man8/iptables-extensions.8:2046 original/man8/iptables-extensions.8:2081 | |
7275 | -#, no-wrap | |
7276 | -msgid "B<--log-tcp-sequence>" | |
7277 | -msgstr "" | |
7278 | - | |
7279 | -#. type: Plain text | |
7280 | -#: original/man8/iptables-extensions.8:2050 original/man8/iptables-extensions.8:2085 | |
7281 | -msgid "" | |
7282 | -"Log TCP sequence numbers. This is a security risk if the log is readable by " | |
7283 | -"users." | |
7284 | -msgstr "" | |
7285 | - | |
7286 | -#. type: TP | |
7287 | -#: original/man8/iptables-extensions.8:2050 original/man8/iptables-extensions.8:2085 | |
7288 | -#, no-wrap | |
7289 | -msgid "B<--log-tcp-options>" | |
7290 | -msgstr "" | |
7291 | - | |
7292 | -#. type: Plain text | |
7293 | -#: original/man8/iptables-extensions.8:2053 original/man8/iptables-extensions.8:2088 | |
7294 | -msgid "Log options from the TCP packet header." | |
7295 | -msgstr "" | |
7296 | - | |
7297 | -#. type: TP | |
7298 | -#: original/man8/iptables-extensions.8:2053 original/man8/iptables-extensions.8:2088 | |
7299 | -#, no-wrap | |
7300 | -msgid "B<--log-ip-options>" | |
7301 | -msgstr "" | |
7302 | - | |
7303 | -#. type: Plain text | |
7304 | -#: original/man8/iptables-extensions.8:2056 | |
7305 | -msgid "Log options from the IPv6 packet header." | |
7306 | -msgstr "" | |
7307 | - | |
7308 | -#. type: TP | |
7309 | -#: original/man8/iptables-extensions.8:2056 original/man8/iptables-extensions.8:2091 | |
7310 | -#, no-wrap | |
7311 | -msgid "B<--log-uid>" | |
7312 | -msgstr "" | |
7313 | - | |
7314 | -#. type: Plain text | |
7315 | -#: original/man8/iptables-extensions.8:2059 original/man8/iptables-extensions.8:2094 | |
7316 | -msgid "Log the userid of the process which generated the packet." | |
7317 | -msgstr "" | |
7318 | - | |
7319 | -#. type: SS | |
7320 | -#: original/man8/iptables-extensions.8:2059 | |
7321 | -#, no-wrap | |
7322 | -msgid "LOG (IPv4-specific)" | |
7323 | -msgstr "" | |
7324 | - | |
7325 | -#. type: Plain text | |
7326 | -#: original/man8/iptables-extensions.8:2071 | |
7327 | -msgid "" | |
7328 | -"Turn on kernel logging of matching packets. When this option is set for a " | |
7329 | -"rule, the Linux kernel will print some information on all matching packets " | |
7330 | -"(like most IP header fields) via the kernel log (where it can be read with " | |
7331 | -"I<dmesg> or I<syslogd>(8)). This is a \"non-terminating target\", i.e. rule " | |
7332 | -"traversal continues at the next rule. So if you want to LOG the packets you " | |
7333 | -"refuse, use two separate rules with the same matching criteria, first using " | |
7334 | -"target LOG then DROP (or REJECT)." | |
7335 | -msgstr "" | |
7336 | - | |
7337 | -#. type: Plain text | |
7338 | -#: original/man8/iptables-extensions.8:2091 | |
7339 | -msgid "Log options from the IP packet header." | |
7340 | -msgstr "" | |
7341 | - | |
7342 | -#. type: SS | |
7343 | -#: original/man8/iptables-extensions.8:2094 | |
7344 | -#, no-wrap | |
7345 | -msgid "MARK" | |
7346 | -msgstr "" | |
7347 | - | |
7348 | -#. type: Plain text | |
7349 | -#: original/man8/iptables-extensions.8:2100 | |
7350 | -msgid "" | |
7351 | -"This target is used to set the Netfilter mark value associated with the " | |
7352 | -"packet. It can, for example, be used in conjunction with routing based on " | |
7353 | -"fwmark (needs iproute2). If you plan on doing so, note that the mark needs " | |
7354 | -"to be set in the PREROUTING chain of the mangle table to affect routing. " | |
7355 | -"The mark field is 32 bits wide." | |
7356 | -msgstr "" | |
7357 | - | |
7358 | -#. type: Plain text | |
7359 | -#: original/man8/iptables-extensions.8:2104 | |
7360 | -msgid "" | |
7361 | -"Zeroes out the bits given by I<mask> and XORs I<value> into the packet mark " | |
7362 | -"(\"nfmark\"). If I<mask> is omitted, 0xFFFFFFFF is assumed." | |
7363 | -msgstr "" | |
7364 | - | |
7365 | -#. type: Plain text | |
7366 | -#: original/man8/iptables-extensions.8:2108 | |
7367 | -msgid "" | |
7368 | -"Zeroes out the bits given by I<mask> and ORs I<value> into the packet " | |
7369 | -"mark. If I<mask> is omitted, 0xFFFFFFFF is assumed." | |
7370 | -msgstr "" | |
7371 | - | |
7372 | -#. type: Plain text | |
7373 | -#: original/man8/iptables-extensions.8:2110 original/man8/iptables-extensions.8:2545 | |
7374 | -msgid "The following mnemonics are available:" | |
7375 | -msgstr "" | |
7376 | - | |
7377 | -#. type: Plain text | |
7378 | -#: original/man8/iptables-extensions.8:2114 | |
7379 | -msgid "" | |
7380 | -"Binary AND the nfmark with I<bits>. (Mnemonic for B<--set-xmark " | |
7381 | -"0/>I<invbits>, where I<invbits> is the binary negation of I<bits>.)" | |
7382 | -msgstr "" | |
7383 | - | |
7384 | -#. type: Plain text | |
7385 | -#: original/man8/iptables-extensions.8:2118 | |
7386 | -msgid "" | |
7387 | -"Binary OR the nfmark with I<bits>. (Mnemonic for B<--set-xmark> " | |
7388 | -"I<bits>B</>I<bits>.)" | |
7389 | -msgstr "" | |
7390 | - | |
7391 | -#. type: Plain text | |
7392 | -#: original/man8/iptables-extensions.8:2122 | |
7393 | -msgid "" | |
7394 | -"Binary XOR the nfmark with I<bits>. (Mnemonic for B<--set-xmark> " | |
7395 | -"I<bits>B</0>.)" | |
7396 | -msgstr "" | |
7397 | - | |
7398 | -#. type: SS | |
7399 | -#: original/man8/iptables-extensions.8:2122 | |
7400 | -#, no-wrap | |
7401 | -msgid "MASQUERADE (IPv6-specific)" | |
7402 | -msgstr "" | |
7403 | - | |
7404 | -#. type: Plain text | |
7405 | -#: original/man8/iptables-extensions.8:2136 | |
7406 | -msgid "" | |
7407 | -"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. " | |
7408 | -"It should only be used with dynamically assigned IPv6 (dialup) connections: " | |
7409 | -"if you have a static IP address, you should use the SNAT target. " | |
7410 | -"Masquerading is equivalent to specifying a mapping to the IP address of the " | |
7411 | -"interface the packet is going out, but also has the effect that connections " | |
7412 | -"are I<forgotten> when the interface goes down. This is the correct behavior " | |
7413 | -"when the next dialup is unlikely to have the same interface address (and " | |
7414 | -"hence any established connections are lost anyway)." | |
7415 | -msgstr "" | |
7416 | - | |
7417 | -#. type: TP | |
7418 | -#: original/man8/iptables-extensions.8:2136 original/man8/iptables-extensions.8:2167 original/man8/iptables-extensions.8:2291 | |
7419 | -#, no-wrap | |
7420 | -msgid "B<--to-ports> I<port>[B<->I<port>]" | |
7421 | -msgstr "" | |
7422 | - | |
7423 | -#. type: Plain text | |
7424 | -#: original/man8/iptables-extensions.8:2145 original/man8/iptables-extensions.8:2176 | |
7425 | -msgid "" | |
7426 | -"This specifies a range of source ports to use, overriding the default " | |
7427 | -"B<SNAT> source port-selection heuristics (see above). This is only valid if " | |
7428 | -"the rule also specifies B<-p tcp> or B<-p udp>." | |
7429 | -msgstr "" | |
7430 | - | |
7431 | -#. type: Plain text | |
7432 | -#: original/man8/iptables-extensions.8:2151 | |
7433 | -msgid "" | |
7434 | -"Randomize source port mapping If option B<--random> is used then port " | |
7435 | -"mapping will be randomized." | |
7436 | -msgstr "" | |
7437 | - | |
7438 | -#. type: SS | |
7439 | -#: original/man8/iptables-extensions.8:2153 | |
7440 | -#, no-wrap | |
7441 | -msgid "MASQUERADE (IPv4-specific)" | |
7442 | -msgstr "" | |
7443 | - | |
7444 | -#. type: Plain text | |
7445 | -#: original/man8/iptables-extensions.8:2167 | |
7446 | -msgid "" | |
7447 | -"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. " | |
7448 | -"It should only be used with dynamically assigned IP (dialup) connections: " | |
7449 | -"if you have a static IP address, you should use the SNAT target. " | |
7450 | -"Masquerading is equivalent to specifying a mapping to the IP address of the " | |
7451 | -"interface the packet is going out, but also has the effect that connections " | |
7452 | -"are I<forgotten> when the interface goes down. This is the correct behavior " | |
7453 | -"when the next dialup is unlikely to have the same interface address (and " | |
7454 | -"hence any established connections are lost anyway)." | |
7455 | -msgstr "" | |
7456 | - | |
7457 | -#. type: Plain text | |
7458 | -#: original/man8/iptables-extensions.8:2182 | |
7459 | -msgid "" | |
7460 | -"Randomize source port mapping If option B<--random> is used then port " | |
7461 | -"mapping will be randomized (kernel E<gt>= 2.6.21)." | |
7462 | -msgstr "" | |
7463 | - | |
7464 | -#. type: SS | |
7465 | -#: original/man8/iptables-extensions.8:2184 | |
7466 | -#, no-wrap | |
7467 | -msgid "MIRROR (IPv4-specific)" | |
7468 | -msgstr "" | |
7469 | - | |
7470 | -#. type: Plain text | |
7471 | -#: original/man8/iptables-extensions.8:2197 | |
7472 | -msgid "" | |
7473 | -"This is an experimental demonstration target which inverts the source and " | |
7474 | -"destination fields in the IP header and retransmits the packet. It is only " | |
7475 | -"valid in the B<INPUT>, B<FORWARD> and B<PREROUTING> chains, and user-defined " | |
7476 | -"chains which are only called from those chains. Note that the outgoing " | |
7477 | -"packets are B<NOT> seen by any packet filtering chains, connection tracking " | |
7478 | -"or NAT, to avoid loops and other problems." | |
7479 | -msgstr "" | |
7480 | - | |
7481 | -#. type: SS | |
7482 | -#: original/man8/iptables-extensions.8:2197 | |
7483 | -#, no-wrap | |
7484 | -msgid "NETMAP (IPv4-specific)" | |
7485 | -msgstr "" | |
7486 | - | |
7487 | -#. type: Plain text | |
7488 | -#: original/man8/iptables-extensions.8:2202 | |
7489 | -msgid "" | |
7490 | -"This target allows you to statically map a whole network of addresses onto " | |
7491 | -"another network of addresses. It can only be used from rules in the B<nat> " | |
7492 | -"table." | |
7493 | -msgstr "" | |
7494 | - | |
7495 | -#. type: TP | |
7496 | -#: original/man8/iptables-extensions.8:2202 | |
7497 | -#, no-wrap | |
7498 | -msgid "B<--to> I<address>[B</>I<mask>]" | |
7499 | -msgstr "" | |
7500 | - | |
7501 | -#. type: Plain text | |
7502 | -#: original/man8/iptables-extensions.8:2207 | |
7503 | -msgid "" | |
7504 | -"Network address to map to. The resulting address will be constructed in the " | |
7505 | -"following way: All 'one' bits in the mask are filled in from the new " | |
7506 | -"`address'. All bits that are zero in the mask are filled in from the " | |
7507 | -"original address." | |
7508 | -msgstr "" | |
7509 | - | |
7510 | -#. type: SS | |
7511 | -#: original/man8/iptables-extensions.8:2207 | |
7512 | -#, no-wrap | |
7513 | -msgid "NFLOG" | |
7514 | -msgstr "" | |
7515 | - | |
7516 | -#. type: Plain text | |
7517 | -#: original/man8/iptables-extensions.8:2217 | |
7518 | -msgid "" | |
7519 | -"This target provides logging of matching packets. When this target is set " | |
7520 | -"for a rule, the Linux kernel will pass the packet to the loaded logging " | |
7521 | -"backend to log the packet. This is usually used in combination with " | |
7522 | -"nfnetlink_log as logging backend, which will multicast the packet through a " | |
7523 | -"I<netlink> socket to the specified multicast group. One or more userspace " | |
7524 | -"processes may subscribe to the group to receive the packets. Like LOG, this " | |
7525 | -"is a non-terminating target, i.e. rule traversal continues at the next rule." | |
7526 | -msgstr "" | |
7527 | - | |
7528 | -#. type: TP | |
7529 | -#: original/man8/iptables-extensions.8:2217 | |
7530 | -#, no-wrap | |
7531 | -msgid "B<--nflog-group> I<nlgroup>" | |
7532 | -msgstr "" | |
7533 | - | |
7534 | -#. type: Plain text | |
7535 | -#: original/man8/iptables-extensions.8:2221 | |
7536 | -msgid "" | |
7537 | -"The netlink group (0 - 2^16-1) to which packets are (only applicable for " | |
7538 | -"nfnetlink_log). The default value is 0." | |
7539 | -msgstr "" | |
7540 | - | |
7541 | -#. type: TP | |
7542 | -#: original/man8/iptables-extensions.8:2221 | |
7543 | -#, no-wrap | |
7544 | -msgid "B<--nflog-prefix> I<prefix>" | |
7545 | -msgstr "" | |
7546 | - | |
7547 | -#. type: Plain text | |
7548 | -#: original/man8/iptables-extensions.8:2225 | |
7549 | -msgid "" | |
7550 | -"A prefix string to include in the log message, up to 64 characters long, " | |
7551 | -"useful for distinguishing messages in the logs." | |
7552 | -msgstr "" | |
7553 | - | |
7554 | -#. type: TP | |
7555 | -#: original/man8/iptables-extensions.8:2225 | |
7556 | -#, no-wrap | |
7557 | -msgid "B<--nflog-range> I<size>" | |
7558 | -msgstr "" | |
7559 | - | |
7560 | -#. type: Plain text | |
7561 | -#: original/man8/iptables-extensions.8:2230 | |
7562 | -msgid "" | |
7563 | -"The number of bytes to be copied to userspace (only applicable for " | |
7564 | -"nfnetlink_log). nfnetlink_log instances may specify their own range, this " | |
7565 | -"option overrides it." | |
7566 | -msgstr "" | |
7567 | - | |
7568 | -#. type: TP | |
7569 | -#: original/man8/iptables-extensions.8:2230 | |
7570 | -#, no-wrap | |
7571 | -msgid "B<--nflog-threshold> I<size>" | |
7572 | -msgstr "" | |
7573 | - | |
7574 | -#. type: Plain text | |
7575 | -#: original/man8/iptables-extensions.8:2237 | |
7576 | -msgid "" | |
7577 | -"Number of packets to queue inside the kernel before sending them to " | |
7578 | -"userspace (only applicable for nfnetlink_log). Higher values result in less " | |
7579 | -"overhead per packet, but increase delay until the packets reach " | |
7580 | -"userspace. The default value is 1." | |
7581 | -msgstr "" | |
7582 | - | |
7583 | -#. type: SS | |
7584 | -#: original/man8/iptables-extensions.8:2237 | |
7585 | -#, no-wrap | |
7586 | -msgid "NFQUEUE" | |
7587 | -msgstr "" | |
7588 | - | |
7589 | -#. type: Plain text | |
7590 | -#: original/man8/iptables-extensions.8:2247 | |
7591 | -msgid "" | |
7592 | -"This target is an extension of the QUEUE target. As opposed to QUEUE, it " | |
7593 | -"allows you to put a packet into any specific queue, identified by its 16-bit " | |
7594 | -"queue number. It can only be used with Kernel versions 2.6.14 or later, " | |
7595 | -"since it requires the B<nfnetlink_queue> kernel support. The " | |
7596 | -"B<queue-balance> option was added in Linux 2.6.31, B<queue-bypass> in " | |
7597 | -"2.6.39." | |
7598 | -msgstr "" | |
7599 | - | |
7600 | -#. type: TP | |
7601 | -#: original/man8/iptables-extensions.8:2247 | |
7602 | -#, no-wrap | |
7603 | -msgid "B<--queue-num> I<value>" | |
7604 | -msgstr "" | |
7605 | - | |
7606 | -#. type: Plain text | |
7607 | -#: original/man8/iptables-extensions.8:2250 | |
7608 | -msgid "" | |
7609 | -"This specifies the QUEUE number to use. Valid queue numbers are 0 to " | |
7610 | -"65535. The default value is 0." | |
7611 | -msgstr "" | |
7612 | - | |
7613 | -#. type: TP | |
7614 | -#: original/man8/iptables-extensions.8:2251 | |
7615 | -#, no-wrap | |
7616 | -msgid "B<--queue-balance> I<value>B<:>I<value>" | |
7617 | -msgstr "" | |
7618 | - | |
7619 | -#. type: Plain text | |
7620 | -#: original/man8/iptables-extensions.8:2257 | |
7621 | -msgid "" | |
7622 | -"This specifies a range of queues to use. Packets are then balanced across " | |
7623 | -"the given queues. This is useful for multicore systems: start multiple " | |
7624 | -"instances of the userspace program on queues x, x+1, .. x+n and use " | |
7625 | -"\"--queue-balance I<x>B<:>I<x+n>\". Packets belonging to the same " | |
7626 | -"connection are put into the same nfqueue." | |
7627 | -msgstr "" | |
7628 | - | |
7629 | -#. type: TP | |
7630 | -#: original/man8/iptables-extensions.8:2258 | |
7631 | -#, no-wrap | |
7632 | -msgid "B<--queue-bypass>" | |
7633 | -msgstr "" | |
7634 | - | |
7635 | -#. type: Plain text | |
7636 | -#: original/man8/iptables-extensions.8:2263 | |
7637 | -msgid "" | |
7638 | -"By default, if no userspace program is listening on an NFQUEUE, then all " | |
7639 | -"packets that are to be queued are dropped. When this option is used, the " | |
7640 | -"NFQUEUE rule is silently bypassed instead. The packet will move on to the " | |
7641 | -"next rule." | |
7642 | -msgstr "" | |
7643 | - | |
7644 | -#. type: SS | |
7645 | -#: original/man8/iptables-extensions.8:2263 | |
7646 | -#, no-wrap | |
7647 | -msgid "NOTRACK" | |
7648 | -msgstr "" | |
7649 | - | |
7650 | -#. type: Plain text | |
7651 | -#: original/man8/iptables-extensions.8:2267 | |
7652 | -msgid "" | |
7653 | -"This target disables connection tracking for all packets matching that " | |
7654 | -"rule. It is obsoleted by -j CT --notrack. Like CT, NOTRACK can only be used " | |
7655 | -"in the B<raw> table." | |
7656 | -msgstr "" | |
7657 | - | |
7658 | -#. type: SS | |
7659 | -#: original/man8/iptables-extensions.8:2267 | |
7660 | -#, no-wrap | |
7661 | -msgid "RATEEST" | |
7662 | -msgstr "" | |
7663 | - | |
7664 | -#. type: Plain text | |
7665 | -#: original/man8/iptables-extensions.8:2270 | |
7666 | -msgid "" | |
7667 | -"The RATEEST target collects statistics, performs rate estimation calculation " | |
7668 | -"and saves the results for later evaluation using the B<rateest> match." | |
7669 | -msgstr "" | |
7670 | - | |
7671 | -#. type: TP | |
7672 | -#: original/man8/iptables-extensions.8:2270 | |
7673 | -#, no-wrap | |
7674 | -msgid "B<--rateest-name> I<name>" | |
7675 | -msgstr "" | |
7676 | - | |
7677 | -#. type: Plain text | |
7678 | -#: original/man8/iptables-extensions.8:2274 | |
7679 | -msgid "" | |
7680 | -"Count matched packets into the pool referred to by I<name>, which is freely " | |
7681 | -"choosable." | |
7682 | -msgstr "" | |
7683 | - | |
7684 | -#. type: TP | |
7685 | -#: original/man8/iptables-extensions.8:2274 | |
7686 | -#, no-wrap | |
7687 | -msgid "B<--rateest-interval> I<amount>{B<s>|B<ms>|B<us>}" | |
7688 | -msgstr "" | |
7689 | - | |
7690 | -#. type: Plain text | |
7691 | -#: original/man8/iptables-extensions.8:2277 | |
7692 | -msgid "Rate measurement interval, in seconds, milliseconds or microseconds." | |
7693 | -msgstr "" | |
7694 | - | |
7695 | -#. type: TP | |
7696 | -#: original/man8/iptables-extensions.8:2277 | |
7697 | -#, no-wrap | |
7698 | -msgid "B<--rateest-ewmalog> I<value>" | |
7699 | -msgstr "" | |
7700 | - | |
7701 | -#. type: Plain text | |
7702 | -#: original/man8/iptables-extensions.8:2280 | |
7703 | -msgid "Rate measurement averaging time constant." | |
7704 | -msgstr "" | |
7705 | - | |
7706 | -#. type: SS | |
7707 | -#: original/man8/iptables-extensions.8:2280 | |
7708 | -#, no-wrap | |
7709 | -msgid "REDIRECT (IPv4-specific)" | |
7710 | -msgstr "" | |
7711 | - | |
7712 | -#. type: Plain text | |
7713 | -#: original/man8/iptables-extensions.8:2291 | |
7714 | -msgid "" | |
7715 | -"This target is only valid in the B<nat> table, in the B<PREROUTING> and " | |
7716 | -"B<OUTPUT> chains, and user-defined chains which are only called from those " | |
7717 | -"chains. It redirects the packet to the machine itself by changing the " | |
7718 | -"destination IP to the primary address of the incoming interface " | |
7719 | -"(locally-generated packets are mapped to the 127.0.0.1 address)." | |
7720 | -msgstr "" | |
7721 | - | |
7722 | -#. type: Plain text | |
7723 | -#: original/man8/iptables-extensions.8:2299 | |
7724 | -msgid "" | |
7725 | -"This specifies a destination port or range of ports to use: without this, " | |
7726 | -"the destination port is never altered. This is only valid if the rule also " | |
7727 | -"specifies B<-p tcp> or B<-p udp>." | |
7728 | -msgstr "" | |
7729 | - | |
7730 | -#. type: SS | |
7731 | -#: original/man8/iptables-extensions.8:2306 | |
7732 | -#, no-wrap | |
7733 | -msgid "REJECT (IPv6-specific)" | |
7734 | -msgstr "" | |
7735 | - | |
7736 | -#. type: Plain text | |
7737 | -#: original/man8/iptables-extensions.8:2319 original/man8/iptables-extensions.8:2353 | |
7738 | -msgid "" | |
7739 | -"This is used to send back an error packet in response to the matched packet: " | |
7740 | -"otherwise it is equivalent to B<DROP> so it is a terminating TARGET, ending " | |
7741 | -"rule traversal. This target is only valid in the B<INPUT>, B<FORWARD> and " | |
7742 | -"B<OUTPUT> chains, and user-defined chains which are only called from those " | |
7743 | -"chains. The following option controls the nature of the error packet " | |
7744 | -"returned:" | |
7745 | -msgstr "" | |
7746 | - | |
7747 | -#. type: TP | |
7748 | -#: original/man8/iptables-extensions.8:2319 original/man8/iptables-extensions.8:2353 | |
7749 | -#, no-wrap | |
7750 | -msgid "B<--reject-with> I<type>" | |
7751 | -msgstr "" | |
7752 | - | |
7753 | -#. type: Plain text | |
7754 | -#: original/man8/iptables-extensions.8:2340 | |
7755 | -msgid "" | |
7756 | -"The type given can be B<icmp6-no-route>, B<no-route>, " | |
7757 | -"B<icmp6-adm-prohibited>, B<adm-prohibited>, B<icmp6-addr-unreachable>, " | |
7758 | -"B<addr-unreach>, B<icmp6-port-unreachable> or B<port-unreach> which return " | |
7759 | -"the appropriate ICMPv6 error message (B<port-unreach> is the " | |
7760 | -"default). Finally, the option B<tcp-reset> can be used on rules which only " | |
7761 | -"match the TCP protocol: this causes a TCP RST packet to be sent back. This " | |
7762 | -"is mainly useful for blocking I<ident> (113/tcp) probes which frequently " | |
7763 | -"occur when sending mail to broken mail hosts (which won't accept your mail " | |
7764 | -"otherwise). B<tcp-reset> can only be used with kernel versions 2.6.14 or " | |
7765 | -"later." | |
7766 | -msgstr "" | |
7767 | - | |
7768 | -#. type: SS | |
7769 | -#: original/man8/iptables-extensions.8:2340 | |
7770 | -#, no-wrap | |
7771 | -msgid "REJECT (IPv4-specific)" | |
7772 | -msgstr "" | |
7773 | - | |
7774 | -#. type: Plain text | |
7775 | -#: original/man8/iptables-extensions.8:2371 | |
7776 | -msgid "" | |
7777 | -"The type given can be B<icmp-net-unreachable>, B<icmp-host-unreachable>, " | |
7778 | -"B<icmp-port-unreachable>, B<icmp-proto-unreachable>, B<icmp-net-prohibited>, " | |
7779 | -"B<icmp-host-prohibited> or B<icmp-admin-prohibited> (*) which return the " | |
7780 | -"appropriate ICMP error message (B<port-unreachable> is the default). The " | |
7781 | -"option B<tcp-reset> can be used on rules which only match the TCP protocol: " | |
7782 | -"this causes a TCP RST packet to be sent back. This is mainly useful for " | |
7783 | -"blocking I<ident> (113/tcp) probes which frequently occur when sending mail " | |
7784 | -"to broken mail hosts (which won't accept your mail otherwise)." | |
7785 | -msgstr "" | |
7786 | - | |
7787 | -#. type: Plain text | |
7788 | -#: original/man8/iptables-extensions.8:2373 | |
7789 | -msgid "" | |
7790 | -"(*) Using icmp-admin-prohibited with kernels that do not support it will " | |
7791 | -"result in a plain DROP instead of REJECT" | |
7792 | -msgstr "" | |
7793 | - | |
7794 | -#. type: SS | |
7795 | -#: original/man8/iptables-extensions.8:2373 | |
7796 | -#, no-wrap | |
7797 | -msgid "SAME (IPv4-specific)" | |
7798 | -msgstr "" | |
7799 | - | |
7800 | -#. type: Plain text | |
7801 | -#: original/man8/iptables-extensions.8:2377 | |
7802 | -msgid "" | |
7803 | -"Similar to SNAT/DNAT depending on chain: it takes a range of addresses " | |
7804 | -"(`--to 1.2.3.4-1.2.3.7') and gives a client the same " | |
7805 | -"source-/destination-address for each connection." | |
7806 | -msgstr "" | |
7807 | - | |
7808 | -#. type: Plain text | |
7809 | -#: original/man8/iptables-extensions.8:2379 | |
7810 | -msgid "N.B.: The DNAT target's B<--persistent> option replaced the SAME target." | |
7811 | -msgstr "" | |
7812 | - | |
7813 | -#. type: TP | |
7814 | -#: original/man8/iptables-extensions.8:2379 | |
7815 | -#, no-wrap | |
7816 | -msgid "B<--to> I<ipaddr>[B<->I<ipaddr>]" | |
7817 | -msgstr "" | |
7818 | - | |
7819 | -#. type: Plain text | |
7820 | -#: original/man8/iptables-extensions.8:2383 | |
7821 | -msgid "" | |
7822 | -"Addresses to map source to. May be specified more than once for multiple " | |
7823 | -"ranges." | |
7824 | -msgstr "" | |
7825 | - | |
7826 | -#. type: TP | |
7827 | -#: original/man8/iptables-extensions.8:2383 | |
7828 | -#, no-wrap | |
7829 | -msgid "B<--nodst>" | |
7830 | -msgstr "" | |
7831 | - | |
7832 | -#. type: Plain text | |
7833 | -#: original/man8/iptables-extensions.8:2387 | |
7834 | -msgid "" | |
7835 | -"Don't use the destination-ip in the calculations when selecting the new " | |
7836 | -"source-ip" | |
7837 | -msgstr "" | |
7838 | - | |
7839 | -#. type: Plain text | |
7840 | -#: original/man8/iptables-extensions.8:2391 | |
7841 | -msgid "" | |
7842 | -"Port mapping will be forcibly randomized to avoid attacks based on port " | |
7843 | -"prediction (kernel E<gt>= 2.6.21)." | |
7844 | -msgstr "" | |
7845 | - | |
7846 | -#. type: SS | |
7847 | -#: original/man8/iptables-extensions.8:2391 | |
7848 | -#, no-wrap | |
7849 | -msgid "SECMARK" | |
7850 | -msgstr "" | |
7851 | - | |
7852 | -#. type: Plain text | |
7853 | -#: original/man8/iptables-extensions.8:2400 | |
7854 | -msgid "" | |
7855 | -"This is used to set the security mark value associated with the packet for " | |
7856 | -"use by security subsystems such as SELinux. It is valid in the B<security> " | |
7857 | -"table (for backwards compatibility with older kernels, it is also valid in " | |
7858 | -"the B<mangle> table). The mark is 32 bits wide." | |
7859 | -msgstr "" | |
7860 | - | |
7861 | -#. type: TP | |
7862 | -#: original/man8/iptables-extensions.8:2400 | |
7863 | -#, no-wrap | |
7864 | -msgid "B<--selctx> I<security_context>" | |
7865 | -msgstr "" | |
7866 | - | |
7867 | -#. type: SS | |
7868 | -#: original/man8/iptables-extensions.8:2402 | |
7869 | -#, no-wrap | |
7870 | -msgid "SET" | |
7871 | -msgstr "" | |
7872 | - | |
7873 | -#. type: Plain text | |
7874 | -#: original/man8/iptables-extensions.8:2405 | |
7875 | -msgid "" | |
7876 | -"This module adds and/or deletes entries from IP sets which can be defined by " | |
7877 | -"ipset(8)." | |
7878 | -msgstr "" | |
7879 | - | |
7880 | -#. type: TP | |
7881 | -#: original/man8/iptables-extensions.8:2405 | |
7882 | -#, no-wrap | |
7883 | -msgid "B<--add-set> I<setname> I<flag>[B<,>I<flag>...]" | |
7884 | -msgstr "" | |
7885 | - | |
7886 | -#. type: Plain text | |
7887 | -#: original/man8/iptables-extensions.8:2408 | |
7888 | -msgid "add the address(es)/port(s) of the packet to the set" | |
7889 | -msgstr "" | |
7890 | - | |
7891 | -#. type: TP | |
7892 | -#: original/man8/iptables-extensions.8:2408 | |
7893 | -#, no-wrap | |
7894 | -msgid "B<--del-set> I<setname> I<flag>[B<,>I<flag>...]" | |
7895 | -msgstr "" | |
7896 | - | |
7897 | -#. type: Plain text | |
7898 | -#: original/man8/iptables-extensions.8:2411 | |
7899 | -msgid "delete the address(es)/port(s) of the packet from the set" | |
7900 | -msgstr "" | |
7901 | - | |
7902 | -#. type: Plain text | |
7903 | -#: original/man8/iptables-extensions.8:2417 | |
7904 | -msgid "" | |
7905 | -"where I<flag>(s) are B<src> and/or B<dst> specifications and there can be no " | |
7906 | -"more than six of them." | |
7907 | -msgstr "" | |
7908 | - | |
7909 | -#. type: TP | |
7910 | -#: original/man8/iptables-extensions.8:2417 | |
7911 | -#, no-wrap | |
7912 | -msgid "B<--timeout> I<value>" | |
7913 | -msgstr "" | |
7914 | - | |
7915 | -#. type: Plain text | |
7916 | -#: original/man8/iptables-extensions.8:2421 | |
7917 | -msgid "" | |
7918 | -"when adding an entry, the timeout value to use instead of the default one " | |
7919 | -"from the set definition" | |
7920 | -msgstr "" | |
7921 | - | |
7922 | -#. type: TP | |
7923 | -#: original/man8/iptables-extensions.8:2421 | |
7924 | -#, no-wrap | |
7925 | -msgid "B<--exist>" | |
7926 | -msgstr "" | |
7927 | - | |
7928 | -#. type: Plain text | |
7929 | -#: original/man8/iptables-extensions.8:2425 | |
7930 | -msgid "" | |
7931 | -"when adding an entry if it already exists, reset the timeout value to the " | |
7932 | -"specified one or to the default from the set definition" | |
7933 | -msgstr "" | |
7934 | - | |
7935 | -#. type: Plain text | |
7936 | -#: original/man8/iptables-extensions.8:2428 | |
7937 | -msgid "" | |
7938 | -"Use of -j SET requires that ipset kernel support is provided, which, for " | |
7939 | -"standard kernels, is the case since Linux 2.6.39." | |
7940 | -msgstr "" | |
7941 | - | |
7942 | -#. type: SS | |
7943 | -#: original/man8/iptables-extensions.8:2428 | |
7944 | -#, no-wrap | |
7945 | -msgid "SNAT (IPv4-specific)" | |
7946 | -msgstr "" | |
7947 | - | |
7948 | -#. type: Plain text | |
7949 | -#: original/man8/iptables-extensions.8:2437 | |
7950 | -msgid "" | |
7951 | -"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. " | |
7952 | -"It specifies that the source address of the packet should be modified (and " | |
7953 | -"all future packets in this connection will also be mangled), and rules " | |
7954 | -"should cease being examined. It takes one type of option:" | |
7955 | -msgstr "" | |
7956 | - | |
7957 | -#. type: TP | |
7958 | -#: original/man8/iptables-extensions.8:2437 | |
7959 | -#, no-wrap | |
7960 | -msgid "B<--to-source> [I<ipaddr>[B<->I<ipaddr>]][B<:>I<port>[B<->I<port>]]" | |
7961 | -msgstr "" | |
7962 | - | |
7963 | -#. type: Plain text | |
7964 | -#: original/man8/iptables-extensions.8:2449 | |
7965 | -msgid "" | |
7966 | -"which can specify a single new source IP address, an inclusive range of IP " | |
7967 | -"addresses, and optionally, a port range (which is only valid if the rule " | |
7968 | -"also specifies B<-p tcp> or B<-p udp>). If no port range is specified, then " | |
7969 | -"source ports below 512 will be mapped to other ports below 512: those " | |
7970 | -"between 512 and 1023 inclusive will be mapped to ports below 1024, and other " | |
7971 | -"ports will be mapped to 1024 or above. Where possible, no port alteration " | |
7972 | -"will occur." | |
7973 | -msgstr "" | |
7974 | - | |
7975 | -#. type: Plain text | |
7976 | -#: original/man8/iptables-extensions.8:2456 | |
7977 | -msgid "" | |
7978 | -"In Kernels up to 2.6.10, you can add several --to-source options. For those " | |
7979 | -"kernels, if you specify more than one source address, either via an address " | |
7980 | -"range or multiple --to-source options, a simple round-robin (one after " | |
7981 | -"another in cycle) takes place between these addresses. Later Kernels " | |
7982 | -"(E<gt>= 2.6.11-rc1) don't have the ability to NAT to multiple ranges " | |
7983 | -"anymore." | |
7984 | -msgstr "" | |
7985 | - | |
7986 | -#. type: Plain text | |
7987 | -#: original/man8/iptables-extensions.8:2461 | |
7988 | -msgid "" | |
7989 | -"If option B<--random> is used then port mapping will be randomized (kernel " | |
7990 | -"E<gt>= 2.6.21)." | |
7991 | -msgstr "" | |
7992 | - | |
7993 | -#. type: SS | |
7994 | -#: original/man8/iptables-extensions.8:2466 | |
7995 | -#, no-wrap | |
7996 | -msgid "TCPMSS" | |
7997 | -msgstr "" | |
7998 | - | |
7999 | -#. type: Plain text | |
8000 | -#: original/man8/iptables-extensions.8:2473 | |
8001 | -msgid "" | |
8002 | -"This target allows to alter the MSS value of TCP SYN packets, to control the " | |
8003 | -"maximum size for that connection (usually limiting it to your outgoing " | |
8004 | -"interface's MTU minus 40 for IPv4 or 60 for IPv6, respectively). Of course, " | |
8005 | -"it can only be used in conjunction with B<-p tcp>." | |
8006 | -msgstr "" | |
8007 | - | |
8008 | -#. type: Plain text | |
8009 | -#: original/man8/iptables-extensions.8:2480 | |
8010 | -msgid "" | |
8011 | -"This target is used to overcome criminally braindead ISPs or servers which " | |
8012 | -"block \"ICMP Fragmentation Needed\" or \"ICMPv6 Packet Too Big\" packets. " | |
8013 | -"The symptoms of this problem are that everything works fine from your Linux " | |
8014 | -"firewall/router, but machines behind it can never exchange large packets:" | |
8015 | -msgstr "" | |
8016 | - | |
8017 | -#. type: IP | |
8018 | -#: original/man8/iptables-extensions.8:2480 | |
8019 | -#, no-wrap | |
8020 | -msgid "1." | |
8021 | -msgstr "" | |
8022 | - | |
8023 | -#. type: Plain text | |
8024 | -#: original/man8/iptables-extensions.8:2482 | |
8025 | -msgid "Web browsers connect, then hang with no data received." | |
8026 | -msgstr "" | |
8027 | - | |
8028 | -#. type: IP | |
8029 | -#: original/man8/iptables-extensions.8:2482 | |
8030 | -#, no-wrap | |
8031 | -msgid "2." | |
8032 | -msgstr "" | |
8033 | - | |
8034 | -#. type: Plain text | |
8035 | -#: original/man8/iptables-extensions.8:2484 | |
8036 | -msgid "Small mail works fine, but large emails hang." | |
8037 | -msgstr "" | |
8038 | - | |
8039 | -#. type: IP | |
8040 | -#: original/man8/iptables-extensions.8:2484 | |
8041 | -#, no-wrap | |
8042 | -msgid "3." | |
8043 | -msgstr "" | |
8044 | - | |
8045 | -#. type: Plain text | |
8046 | -#: original/man8/iptables-extensions.8:2486 | |
8047 | -msgid "ssh works fine, but scp hangs after initial handshaking." | |
8048 | -msgstr "" | |
8049 | - | |
8050 | -#. type: Plain text | |
8051 | -#: original/man8/iptables-extensions.8:2489 | |
8052 | -msgid "" | |
8053 | -"Workaround: activate this option and add a rule to your firewall " | |
8054 | -"configuration like:" | |
8055 | -msgstr "" | |
8056 | - | |
8057 | -#. type: Plain text | |
8058 | -#: original/man8/iptables-extensions.8:2492 | |
8059 | -#, no-wrap | |
8060 | -msgid "" | |
8061 | -" iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN\n" | |
8062 | -" -j TCPMSS --clamp-mss-to-pmtu\n" | |
8063 | -msgstr "" | |
8064 | - | |
8065 | -#. type: TP | |
8066 | -#: original/man8/iptables-extensions.8:2492 | |
8067 | -#, no-wrap | |
8068 | -msgid "B<--set-mss> I<value>" | |
8069 | -msgstr "" | |
8070 | - | |
8071 | -#. type: Plain text | |
8072 | -#: original/man8/iptables-extensions.8:2497 | |
8073 | -msgid "" | |
8074 | -"Explicitly sets MSS option to specified value. If the MSS of the packet is " | |
8075 | -"already lower than I<value>, it will B<not> be increased (from Linux 2.6.25 " | |
8076 | -"onwards) to avoid more problems with hosts relying on a proper MSS." | |
8077 | -msgstr "" | |
8078 | - | |
8079 | -#. type: TP | |
8080 | -#: original/man8/iptables-extensions.8:2497 | |
8081 | -#, no-wrap | |
8082 | -msgid "B<--clamp-mss-to-pmtu>" | |
8083 | -msgstr "" | |
8084 | - | |
8085 | -#. type: Plain text | |
8086 | -#: original/man8/iptables-extensions.8:2506 | |
8087 | -msgid "" | |
8088 | -"Automatically clamp MSS value to (path_MTU - 40 for IPv4; -60 for IPv6). " | |
8089 | -"This may not function as desired where asymmetric routes with differing path " | |
8090 | -"MTU exist \\(em the kernel uses the path MTU which it would use to send " | |
8091 | -"packets from itself to the source and destination IP addresses. Prior to " | |
8092 | -"Linux 2.6.25, only the path MTU to the destination IP address was considered " | |
8093 | -"by this option; subsequent kernels also consider the path MTU to the source " | |
8094 | -"IP address." | |
8095 | -msgstr "" | |
8096 | - | |
8097 | -#. type: Plain text | |
8098 | -#: original/man8/iptables-extensions.8:2508 | |
8099 | -msgid "These options are mutually exclusive." | |
8100 | -msgstr "" | |
8101 | - | |
8102 | -#. type: SS | |
8103 | -#: original/man8/iptables-extensions.8:2508 | |
8104 | -#, no-wrap | |
8105 | -msgid "TCPOPTSTRIP" | |
8106 | -msgstr "" | |
8107 | - | |
8108 | -#. type: Plain text | |
8109 | -#: original/man8/iptables-extensions.8:2511 | |
8110 | -msgid "" | |
8111 | -"This target will strip TCP options off a TCP packet. (It will actually " | |
8112 | -"replace them by NO-OPs.) As such, you will need to add the B<-p tcp> " | |
8113 | -"parameters." | |
8114 | -msgstr "" | |
8115 | - | |
8116 | -#. type: TP | |
8117 | -#: original/man8/iptables-extensions.8:2511 | |
8118 | -#, no-wrap | |
8119 | -msgid "B<--strip-options> I<option>[B<,>I<option>...]" | |
8120 | -msgstr "" | |
8121 | - | |
8122 | -#. type: Plain text | |
8123 | -#: original/man8/iptables-extensions.8:2516 | |
8124 | -msgid "" | |
8125 | -"Strip the given option(s). The options may be specified by TCP option number " | |
8126 | -"or by symbolic name. The list of recognized options can be obtained by " | |
8127 | -"calling iptables with B<-j TCPOPTSTRIP -h>." | |
8128 | -msgstr "" | |
8129 | - | |
8130 | -#. type: SS | |
8131 | -#: original/man8/iptables-extensions.8:2516 | |
8132 | -#, no-wrap | |
8133 | -msgid "TEE" | |
8134 | -msgstr "" | |
8135 | - | |
8136 | -#. type: Plain text | |
8137 | -#: original/man8/iptables-extensions.8:2521 | |
8138 | -msgid "" | |
8139 | -"The B<TEE> target will clone a packet and redirect this clone to another " | |
8140 | -"machine on the B<local> network segment. In other words, the nexthop must be " | |
8141 | -"the target, or you will have to configure the nexthop to forward it further " | |
8142 | -"if so desired." | |
8143 | -msgstr "" | |
8144 | - | |
8145 | -#. type: TP | |
8146 | -#: original/man8/iptables-extensions.8:2521 | |
8147 | -#, no-wrap | |
8148 | -msgid "B<--gateway> I<ipaddr>" | |
8149 | -msgstr "" | |
8150 | - | |
8151 | -#. type: Plain text | |
8152 | -#: original/man8/iptables-extensions.8:2525 | |
8153 | -msgid "" | |
8154 | -"Send the cloned packet to the host reachable at the given IP address. Use " | |
8155 | -"of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is invalid." | |
8156 | -msgstr "" | |
8157 | - | |
8158 | -#. type: Plain text | |
8159 | -#: original/man8/iptables-extensions.8:2527 | |
8160 | -msgid "To forward all incoming traffic on eth0 to an Network Layer logging box:" | |
8161 | -msgstr "" | |
8162 | - | |
8163 | -#. type: Plain text | |
8164 | -#: original/man8/iptables-extensions.8:2529 | |
8165 | -msgid "-t mangle -A PREROUTING -i eth0 -j TEE --gateway 2001:db8::1" | |
8166 | -msgstr "" | |
8167 | - | |
8168 | -#. type: SS | |
8169 | -#: original/man8/iptables-extensions.8:2529 | |
8170 | -#, no-wrap | |
8171 | -msgid "TOS" | |
8172 | -msgstr "" | |
8173 | - | |
8174 | -#. type: Plain text | |
8175 | -#: original/man8/iptables-extensions.8:2534 | |
8176 | -msgid "" | |
8177 | -"This module sets the Type of Service field in the IPv4 header (including the " | |
8178 | -"\"precedence\" bits) or the Priority field in the IPv6 header. Note that TOS " | |
8179 | -"shares the same bits as DSCP and ECN. The TOS target is only valid in the " | |
8180 | -"B<mangle> table." | |
8181 | -msgstr "" | |
8182 | - | |
8183 | -#. type: TP | |
8184 | -#: original/man8/iptables-extensions.8:2534 | |
8185 | -#, no-wrap | |
8186 | -msgid "B<--set-tos> I<value>[B</>I<mask>]" | |
8187 | -msgstr "" | |
8188 | - | |
8189 | -#. type: Plain text | |
8190 | -#: original/man8/iptables-extensions.8:2538 | |
8191 | -msgid "" | |
8192 | -"Zeroes out the bits given by I<mask> (see NOTE below) and XORs I<value> into " | |
8193 | -"the TOS/Priority field. If I<mask> is omitted, 0xFF is assumed." | |
8194 | -msgstr "" | |
8195 | - | |
8196 | -#. type: TP | |
8197 | -#: original/man8/iptables-extensions.8:2538 | |
8198 | -#, no-wrap | |
8199 | -msgid "B<--set-tos> I<symbol>" | |
8200 | -msgstr "" | |
8201 | - | |
8202 | -#. type: Plain text | |
8203 | -#: original/man8/iptables-extensions.8:2543 | |
8204 | -msgid "" | |
8205 | -"You can specify a symbolic name when using the TOS target for IPv4. It " | |
8206 | -"implies a mask of 0xFF (see NOTE below). The list of recognized TOS names " | |
8207 | -"can be obtained by calling iptables with B<-j TOS -h>." | |
8208 | -msgstr "" | |
8209 | - | |
8210 | -#. type: TP | |
8211 | -#: original/man8/iptables-extensions.8:2545 | |
8212 | -#, no-wrap | |
8213 | -msgid "B<--and-tos> I<bits>" | |
8214 | -msgstr "" | |
8215 | - | |
8216 | -#. type: Plain text | |
8217 | -#: original/man8/iptables-extensions.8:2550 | |
8218 | -msgid "" | |
8219 | -"Binary AND the TOS value with I<bits>. (Mnemonic for B<--set-tos " | |
8220 | -"0/>I<invbits>, where I<invbits> is the binary negation of I<bits>. See NOTE " | |
8221 | -"below.)" | |
8222 | -msgstr "" | |
8223 | - | |
8224 | -#. type: TP | |
8225 | -#: original/man8/iptables-extensions.8:2550 | |
8226 | -#, no-wrap | |
8227 | -msgid "B<--or-tos> I<bits>" | |
8228 | -msgstr "" | |
8229 | - | |
8230 | -#. type: Plain text | |
8231 | -#: original/man8/iptables-extensions.8:2554 | |
8232 | -msgid "" | |
8233 | -"Binary OR the TOS value with I<bits>. (Mnemonic for B<--set-tos> " | |
8234 | -"I<bits>B</>I<bits>. See NOTE below.)" | |
8235 | -msgstr "" | |
8236 | - | |
8237 | -#. type: TP | |
8238 | -#: original/man8/iptables-extensions.8:2554 | |
8239 | -#, no-wrap | |
8240 | -msgid "B<--xor-tos> I<bits>" | |
8241 | -msgstr "" | |
8242 | - | |
8243 | -#. type: Plain text | |
8244 | -#: original/man8/iptables-extensions.8:2558 | |
8245 | -msgid "" | |
8246 | -"Binary XOR the TOS value with I<bits>. (Mnemonic for B<--set-tos> " | |
8247 | -"I<bits>B</0>. See NOTE below.)" | |
8248 | -msgstr "" | |
8249 | - | |
8250 | -#. type: Plain text | |
8251 | -#: original/man8/iptables-extensions.8:2566 | |
8252 | -msgid "" | |
8253 | -"NOTE: In Linux kernels up to and including 2.6.38, with the exception of " | |
8254 | -"longterm releases 2.6.32 (E<gt>=.42), 2.6.33 (E<gt>=.15), and 2.6.35 " | |
8255 | -"(E<gt>=.14), there is a bug whereby IPv6 TOS mangling does not behave as " | |
8256 | -"documented and differs from the IPv4 version. The TOS mask indicates the " | |
8257 | -"bits one wants to zero out, so it needs to be inverted before applying it to " | |
8258 | -"the original TOS field. However, the aformentioned kernels forgo the " | |
8259 | -"inversion which breaks --set-tos and its mnemonics." | |
8260 | -msgstr "" | |
8261 | - | |
8262 | -#. type: SS | |
8263 | -#: original/man8/iptables-extensions.8:2566 | |
8264 | -#, no-wrap | |
8265 | -msgid "TPROXY" | |
8266 | -msgstr "" | |
8267 | - | |
8268 | -#. type: Plain text | |
8269 | -#: original/man8/iptables-extensions.8:2573 | |
8270 | -msgid "" | |
8271 | -"This target is only valid in the B<mangle> table, in the B<PREROUTING> chain " | |
8272 | -"and user-defined chains which are only called from this chain. It redirects " | |
8273 | -"the packet to a local socket without changing the packet header in any " | |
8274 | -"way. It can also change the mark value which can then be used in advanced " | |
8275 | -"routing rules. It takes three options:" | |
8276 | -msgstr "" | |
8277 | - | |
8278 | -#. type: TP | |
8279 | -#: original/man8/iptables-extensions.8:2573 | |
8280 | -#, no-wrap | |
8281 | -msgid "B<--on-port> I<port>" | |
8282 | -msgstr "" | |
8283 | - | |
8284 | -#. type: Plain text | |
8285 | -#: original/man8/iptables-extensions.8:2578 | |
8286 | -msgid "" | |
8287 | -"This specifies a destination port to use. It is a required option, 0 means " | |
8288 | -"the new destination port is the same as the original. This is only valid if " | |
8289 | -"the rule also specifies B<-p tcp> or B<-p udp>." | |
8290 | -msgstr "" | |
8291 | - | |
8292 | -#. type: TP | |
8293 | -#: original/man8/iptables-extensions.8:2578 | |
8294 | -#, no-wrap | |
8295 | -msgid "B<--on-ip> I<address>" | |
8296 | -msgstr "" | |
8297 | - | |
8298 | -#. type: Plain text | |
8299 | -#: original/man8/iptables-extensions.8:2583 | |
8300 | -msgid "" | |
8301 | -"This specifies a destination address to use. By default the address is the " | |
8302 | -"IP address of the incoming interface. This is only valid if the rule also " | |
8303 | -"specifies B<-p tcp> or B<-p udp>." | |
8304 | -msgstr "" | |
8305 | - | |
8306 | -#. type: TP | |
8307 | -#: original/man8/iptables-extensions.8:2583 | |
8308 | -#, no-wrap | |
8309 | -msgid "B<--tproxy-mark> I<value>[B</>I<mask>]" | |
8310 | -msgstr "" | |
8311 | - | |
8312 | -#. type: Plain text | |
8313 | -#: original/man8/iptables-extensions.8:2588 | |
8314 | -msgid "" | |
8315 | -"Marks packets with the given value/mask. The fwmark value set here can be " | |
8316 | -"used by advanced routing. (Required for transparent proxying to work: " | |
8317 | -"otherwise these packets will get forwarded, which is probably not what you " | |
8318 | -"want.)" | |
8319 | -msgstr "" | |
8320 | - | |
8321 | -#. type: SS | |
8322 | -#: original/man8/iptables-extensions.8:2588 | |
8323 | -#, no-wrap | |
8324 | -msgid "TRACE" | |
8325 | -msgstr "" | |
8326 | - | |
8327 | -#. type: Plain text | |
8328 | -#: original/man8/iptables-extensions.8:2591 | |
8329 | -msgid "" | |
8330 | -"This target marks packets so that the kernel will log every rule which match " | |
8331 | -"the packets as those traverse the tables, chains, rules." | |
8332 | -msgstr "" | |
8333 | - | |
8334 | -#. type: Plain text | |
8335 | -#: original/man8/iptables-extensions.8:2598 | |
8336 | -msgid "" | |
8337 | -"A logging backend, such as ip(6)t_LOG or nfnetlink_log, must be loaded for " | |
8338 | -"this to be visible. The packets are logged with the string prefix: \"TRACE: " | |
8339 | -"tablename:chainname:type:rulenum \" where type can be \"rule\" for plain " | |
8340 | -"rule, \"return\" for implicit rule at the end of a user defined chain and " | |
8341 | -"\"policy\" for the policy of the built in chains." | |
8342 | -msgstr "" | |
8343 | - | |
8344 | -#. type: Plain text | |
8345 | -#: original/man8/iptables-extensions.8:2602 | |
8346 | -msgid "It can only be used in the B<raw> table." | |
8347 | -msgstr "" | |
8348 | - | |
8349 | -#. type: SS | |
8350 | -#: original/man8/iptables-extensions.8:2602 | |
8351 | -#, no-wrap | |
8352 | -msgid "TTL (IPv4-specific)" | |
8353 | -msgstr "" | |
8354 | - | |
8355 | -#. type: Plain text | |
8356 | -#: original/man8/iptables-extensions.8:2606 | |
8357 | -msgid "" | |
8358 | -"This is used to modify the IPv4 TTL header field. The TTL field determines " | |
8359 | -"how many hops (routers) a packet can traverse until it's time to live is " | |
8360 | -"exceeded." | |
8361 | -msgstr "" | |
8362 | - | |
8363 | -#. type: Plain text | |
8364 | -#: original/man8/iptables-extensions.8:2611 | |
8365 | -msgid "" | |
8366 | -"Setting or incrementing the TTL field can potentially be very dangerous, so " | |
8367 | -"it should be avoided at any cost. This target is only valid in B<mangle> " | |
8368 | -"table." | |
8369 | -msgstr "" | |
8370 | - | |
8371 | -#. type: TP | |
8372 | -#: original/man8/iptables-extensions.8:2613 | |
8373 | -#, no-wrap | |
8374 | -msgid "B<--ttl-set> I<value>" | |
8375 | -msgstr "" | |
8376 | - | |
8377 | -#. type: Plain text | |
8378 | -#: original/man8/iptables-extensions.8:2616 | |
8379 | -msgid "Set the TTL value to `value'." | |
8380 | -msgstr "" | |
8381 | - | |
8382 | -#. type: TP | |
8383 | -#: original/man8/iptables-extensions.8:2616 | |
8384 | -#, no-wrap | |
8385 | -msgid "B<--ttl-dec> I<value>" | |
8386 | -msgstr "" | |
8387 | - | |
8388 | -#. type: Plain text | |
8389 | -#: original/man8/iptables-extensions.8:2619 | |
8390 | -msgid "Decrement the TTL value `value' times." | |
8391 | -msgstr "" | |
8392 | - | |
8393 | -#. type: TP | |
8394 | -#: original/man8/iptables-extensions.8:2619 | |
8395 | -#, no-wrap | |
8396 | -msgid "B<--ttl-inc> I<value>" | |
8397 | -msgstr "" | |
8398 | - | |
8399 | -#. type: Plain text | |
8400 | -#: original/man8/iptables-extensions.8:2622 | |
8401 | -msgid "Increment the TTL value `value' times." | |
8402 | -msgstr "" | |
8403 | - | |
8404 | -#. type: SS | |
8405 | -#: original/man8/iptables-extensions.8:2622 | |
8406 | -#, no-wrap | |
8407 | -msgid "ULOG (IPv4-specific)" | |
8408 | -msgstr "" | |
8409 | - | |
8410 | -#. type: Plain text | |
8411 | -#: original/man8/iptables-extensions.8:2631 | |
8412 | -msgid "" | |
8413 | -"This target provides userspace logging of matching packets. When this " | |
8414 | -"target is set for a rule, the Linux kernel will multicast this packet " | |
8415 | -"through a I<netlink> socket. One or more userspace processes may then " | |
8416 | -"subscribe to various multicast groups and receive the packets. Like LOG, " | |
8417 | -"this is a \"non-terminating target\", i.e. rule traversal continues at the " | |
8418 | -"next rule." | |
8419 | -msgstr "" | |
8420 | - | |
8421 | -#. type: TP | |
8422 | -#: original/man8/iptables-extensions.8:2631 | |
8423 | -#, no-wrap | |
8424 | -msgid "B<--ulog-nlgroup> I<nlgroup>" | |
8425 | -msgstr "" | |
8426 | - | |
8427 | -#. type: Plain text | |
8428 | -#: original/man8/iptables-extensions.8:2635 | |
8429 | -msgid "" | |
8430 | -"This specifies the netlink group (1-32) to which the packet is sent. " | |
8431 | -"Default value is 1." | |
8432 | -msgstr "" | |
8433 | - | |
8434 | -#. type: TP | |
8435 | -#: original/man8/iptables-extensions.8:2635 | |
8436 | -#, no-wrap | |
8437 | -msgid "B<--ulog-prefix> I<prefix>" | |
8438 | -msgstr "" | |
8439 | - | |
8440 | -#. type: Plain text | |
8441 | -#: original/man8/iptables-extensions.8:2639 | |
8442 | -msgid "" | |
8443 | -"Prefix log messages with the specified prefix; up to 32 characters long, and " | |
8444 | -"useful for distinguishing messages in the logs." | |
8445 | -msgstr "" | |
8446 | - | |
8447 | -#. type: TP | |
8448 | -#: original/man8/iptables-extensions.8:2639 | |
8449 | -#, no-wrap | |
8450 | -msgid "B<--ulog-cprange> I<size>" | |
8451 | -msgstr "" | |
8452 | - | |
8453 | -#. type: Plain text | |
8454 | -#: original/man8/iptables-extensions.8:2643 | |
8455 | -msgid "" | |
8456 | -"Number of bytes to be copied to userspace. A value of 0 always copies the " | |
8457 | -"entire packet, regardless of its size. Default is 0." | |
8458 | -msgstr "" | |
8459 | - | |
8460 | -#. type: TP | |
8461 | -#: original/man8/iptables-extensions.8:2643 | |
8462 | -#, no-wrap | |
8463 | -msgid "B<--ulog-qthreshold> I<size>" | |
8464 | -msgstr "" | |
8465 | - | |
8466 | -#. type: Plain text | |
8467 | -#: original/man8/iptables-extensions.8:2649 | |
8468 | -msgid "" | |
8469 | -"Number of packet to queue inside kernel. Setting this value to, e.g. 10 " | |
8470 | -"accumulates ten packets inside the kernel and transmits them as one netlink " | |
8471 | -"multipart message to userspace. Default is 1 (for backwards compatibility)." | |
8472 | -msgstr "" | |
8473 | - | |
8474 | -#. type: TH | |
8475 | -#: original/man8/iptables-apply.8:5 | |
8476 | -#, no-wrap | |
8477 | -msgid "iptables-apply" | |
8478 | -msgstr "" | |
8479 | - | |
8480 | -#. type: TH | |
8481 | -#: original/man8/iptables-apply.8:5 | |
8482 | -#, no-wrap | |
8483 | -msgid "2006-06-04" | |
8484 | -msgstr "" | |
8485 | - | |
8486 | -#. type: Plain text | |
8487 | -#: original/man8/iptables-apply.8:10 | |
8488 | -msgid "iptables-apply - a safer way to update iptables remotely" | |
8489 | -msgstr "" | |
8490 | - | |
8491 | -#. type: Plain text | |
8492 | -#: original/man8/iptables-apply.8:12 | |
8493 | -msgid "B<iptables-apply> [-B<hV>] [B<-t> I<timeout>] I<ruleset-file>" | |
8494 | -msgstr "" | |
8495 | - | |
8496 | -#. type: Plain text | |
8497 | -#: original/man8/iptables-apply.8:20 | |
8498 | -msgid "" | |
8499 | -"iptables-apply will try to apply a new ruleset (as output by " | |
8500 | -"iptables-save/read by iptables-restore) to iptables, then prompt the user " | |
8501 | -"whether the changes are okay. If the new ruleset cut the existing " | |
8502 | -"connection, the user will not be able to answer affirmatively. In this case, " | |
8503 | -"the script rolls back to the previous ruleset after the timeout expired. The " | |
8504 | -"timeout can be set with B<-t>." | |
8505 | -msgstr "" | |
8506 | - | |
8507 | -#. type: Plain text | |
8508 | -#: original/man8/iptables-apply.8:23 | |
8509 | -msgid "" | |
8510 | -"When called as B<ip6tables-apply>, the script will use " | |
8511 | -"ip6tables-save/-restore instead." | |
8512 | -msgstr "" | |
8513 | - | |
8514 | -#. type: TP | |
8515 | -#: original/man8/iptables-apply.8:24 | |
8516 | -#, no-wrap | |
8517 | -msgid "B<-t> I<seconds>, B<--timeout> I<seconds>" | |
8518 | -msgstr "" | |
8519 | - | |
8520 | -#. type: Plain text | |
8521 | -#: original/man8/iptables-apply.8:28 | |
8522 | -msgid "" | |
8523 | -"Sets the timeout after which the script will roll back to the previous " | |
8524 | -"ruleset." | |
8525 | -msgstr "" | |
8526 | - | |
8527 | -#. type: Plain text | |
8528 | -#: original/man8/iptables-apply.8:31 | |
8529 | -msgid "Display usage information." | |
8530 | -msgstr "" | |
8531 | - | |
8532 | -#. type: TP | |
8533 | -#: original/man8/iptables-apply.8:31 | |
8534 | -#, no-wrap | |
8535 | -msgid "B<-V>, B<--version>" | |
8536 | -msgstr "" | |
8537 | - | |
8538 | -#. type: Plain text | |
8539 | -#: original/man8/iptables-apply.8:34 | |
8540 | -msgid "Display version information." | |
8541 | -msgstr "" | |
8542 | - | |
8543 | -#. type: Plain text | |
8544 | -#: original/man8/iptables-apply.8:37 | |
8545 | -msgid "B<iptables-restore>(8), B<iptables-save>(8), B<iptables>(8)." | |
8546 | -msgstr "" | |
8547 | - | |
8548 | -#. type: SH | |
8549 | -#: original/man8/iptables-apply.8:37 | |
8550 | -#, no-wrap | |
8551 | -msgid "LEGALESE" | |
8552 | -msgstr "" | |
8553 | - | |
8554 | -#. type: Plain text | |
8555 | -#: original/man8/iptables-apply.8:40 | |
8556 | -msgid "iptables-apply is copyright by Martin F. Krafft." | |
8557 | -msgstr "" | |
8558 | - | |
8559 | -#. type: Plain text | |
8560 | -#: original/man8/iptables-apply.8:42 | |
8561 | -msgid "" | |
8562 | -"This manual page was written by Martin F. Krafft " | |
8563 | -"E<lt>madduck@madduck.netE<gt>" | |
8564 | -msgstr "" | |
8565 | - | |
8566 | -#. type: Plain text | |
8567 | -#: original/man8/iptables-apply.8:44 | |
8568 | -msgid "" | |
8569 | -"Permission is granted to copy, distribute and/or modify this document under " | |
8570 | -"the terms of the Artistic License 2.0." | |
8571 | -msgstr "" | |
8572 | - | |
8573 | -#. type: TH | |
8574 | -#: original/man1/iptables-xml.1:1 | |
8575 | -#, no-wrap | |
8576 | -msgid "IPTABLES-XML" | |
8577 | -msgstr "" | |
8578 | - | |
8579 | -#. type: TH | |
8580 | -#: original/man1/iptables-xml.1:1 | |
8581 | -#, no-wrap | |
8582 | -msgid "Jul 16, 2007" | |
8583 | -msgstr "" | |
8584 | - | |
8585 | -#. type: Plain text | |
8586 | -#: original/man1/iptables-xml.1:23 | |
8587 | -msgid "iptables-xml \\(em Convert iptables-save format to XML" | |
8588 | -msgstr "" | |
8589 | - | |
8590 | -#. type: Plain text | |
8591 | -#: original/man1/iptables-xml.1:25 | |
8592 | -msgid "B<iptables-xml> [B<-c>] [B<-v>]" | |
8593 | -msgstr "" | |
8594 | - | |
8595 | -#. type: Plain text | |
8596 | -#: original/man1/iptables-xml.1:31 | |
8597 | -msgid "" | |
8598 | -"B<iptables-xml> is used to convert the output of iptables-save into an " | |
8599 | -"easily manipulatable XML format to STDOUT. Use I/O-redirection provided by " | |
8600 | -"your shell to write to a file." | |
8601 | -msgstr "" | |
8602 | - | |
8603 | -#. type: TP | |
8604 | -#: original/man1/iptables-xml.1:31 | |
8605 | -#, no-wrap | |
8606 | -msgid "B<-c>, B<--combine>" | |
8607 | -msgstr "" | |
8608 | - | |
8609 | -#. type: Plain text | |
8610 | -#: original/man1/iptables-xml.1:38 | |
8611 | -msgid "" | |
8612 | -"combine consecutive rules with the same matches but different " | |
8613 | -"targets. iptables does not currently support more than one target per match, " | |
8614 | -"so this simulates that by collecting the targets from consecutive iptables " | |
8615 | -"rules into one action tag, but only when the rule matches are " | |
8616 | -"identical. Terminating actions like RETURN, DROP, ACCEPT and QUEUE are not " | |
8617 | -"combined with subsequent targets." | |
8618 | -msgstr "" | |
8619 | - | |
8620 | -#. type: Plain text | |
8621 | -#: original/man1/iptables-xml.1:41 | |
8622 | -msgid "" | |
8623 | -"Output xml comments containing the iptables line from which the XML is " | |
8624 | -"derived" | |
8625 | -msgstr "" | |
8626 | - | |
8627 | -#. type: Plain text | |
8628 | -#: original/man1/iptables-xml.1:48 | |
8629 | -msgid "" | |
8630 | -"iptables-xml does a mechanistic conversion to a very expressive xml format; " | |
8631 | -"the only semantic considerations are for -g and -j targets in order to " | |
8632 | -"discriminate between E<lt>callE<gt> E<lt>gotoE<gt> and " | |
8633 | -"E<lt>nane-of-targetE<gt> as it helps xml processing scripts if they can tell " | |
8634 | -"the difference between a target like SNAT and another chain." | |
8635 | -msgstr "" | |
8636 | - | |
8637 | -#. type: Plain text | |
8638 | -#: original/man1/iptables-xml.1:50 | |
8639 | -msgid "Some sample output is:" | |
8640 | -msgstr "" | |
8641 | - | |
8642 | -#. type: Plain text | |
8643 | -#: original/man1/iptables-xml.1:74 | |
8644 | -#, no-wrap | |
8645 | -msgid "" | |
8646 | -"E<lt>iptables-rulesE<gt>\n" | |
8647 | -" E<lt>table name=\"mangle\"E<gt>\n" | |
8648 | -" E<lt>chain name=\"PREROUTING\" policy=\"ACCEPT\" " | |
8649 | -"packet-count=\"63436\"\n" | |
8650 | -"byte-count=\"7137573\"E<gt>\n" | |
8651 | -" E<lt>ruleE<gt>\n" | |
8652 | -" E<lt>conditionsE<gt>\n" | |
8653 | -" E<lt>matchE<gt>\n" | |
8654 | -" E<lt>pE<gt>tcpE<lt>/pE<gt>\n" | |
8655 | -" E<lt>/matchE<gt>\n" | |
8656 | -" E<lt>tcpE<gt>\n" | |
8657 | -" E<lt>sportE<gt>8443E<lt>/sportE<gt>\n" | |
8658 | -" E<lt>/tcpE<gt>\n" | |
8659 | -" E<lt>/conditionsE<gt>\n" | |
8660 | -" E<lt>actionsE<gt>\n" | |
8661 | -" E<lt>callE<gt>\n" | |
8662 | -" E<lt>check_ip/E<gt>\n" | |
8663 | -" E<lt>/callE<gt>\n" | |
8664 | -" E<lt>ACCEPT/E<gt>\n" | |
8665 | -" E<lt>/actionsE<gt>\n" | |
8666 | -" E<lt>/ruleE<gt>\n" | |
8667 | -" E<lt>/chainE<gt>\n" | |
8668 | -" E<lt>/tableE<gt>\n" | |
8669 | -"E<lt>/iptables-rulesE<gt>\n" | |
8670 | -msgstr "" | |
8671 | - | |
8672 | -#. type: Plain text | |
8673 | -#: original/man1/iptables-xml.1:79 | |
8674 | -msgid "" | |
8675 | -"Conversion from XML to iptables-save format may be done using the " | |
8676 | -"iptables.xslt script and xsltproc, or a custom program using libxsltproc or " | |
8677 | -"similar; in this fashion:" | |
8678 | -msgstr "" | |
8679 | - | |
8680 | -#. type: Plain text | |
8681 | -#: original/man1/iptables-xml.1:81 | |
8682 | -msgid "xsltproc iptables.xslt my-iptables.xml | iptables-restore" | |
8683 | -msgstr "" | |
8684 | - | |
8685 | -#. type: Plain text | |
8686 | -#: original/man1/iptables-xml.1:84 | |
8687 | -msgid "None known as of iptables-1.3.7 release" | |
8688 | -msgstr "" | |
8689 | - | |
8690 | -#. type: Plain text | |
8691 | -#: original/man1/iptables-xml.1:86 | |
8692 | -msgid "Sam Liddicott E<lt>azez@ufomechanic.netE<gt>" | |
8693 | -msgstr "" | |
8694 | - | |
8695 | -#. type: Plain text | |
8696 | -#: original/man1/iptables-xml.1:87 | |
8697 | -msgid "B<iptables-save>(8), B<iptables-restore>(8), B<iptables>(8)" | |
8698 | -msgstr "" |
@@ -1,10614 +0,0 @@ | ||
1 | -# SOME DESCRIPTIVE TITLE | |
2 | -# Copyright (C) YEAR Free Software Foundation, Inc. | |
3 | -# This file is distributed under the same license as the PACKAGE package. | |
4 | -# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. | |
5 | -# | |
6 | -msgid "" | |
7 | -msgstr "" | |
8 | -"Project-Id-Version: PACKAGE VERSION\n" | |
9 | -"POT-Creation-Date: 2013-04-03 12:09+0900\n" | |
10 | -"PO-Revision-Date: 2013-04-03 12:35+0900\n" | |
11 | -"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" | |
12 | -"Language-Team: LANGUAGE <LL@li.org>\n" | |
13 | -"Language: \n" | |
14 | -"MIME-Version: 1.0\n" | |
15 | -"Content-Type: text/plain; charset=UTF-8\n" | |
16 | -"Content-Transfer-Encoding: 8bit\n" | |
17 | - | |
18 | -#. type: TH | |
19 | -#: original/man8/ip6tables-restore.8:1 | |
20 | -#, no-wrap | |
21 | -msgid "IP6TABLES-RESTORE" | |
22 | -msgstr "IP6TABLES-RESTORE" | |
23 | - | |
24 | -#. type: TH | |
25 | -#: original/man8/ip6tables-restore.8:1 original/man8/ip6tables-save.8:1 | |
26 | -#, no-wrap | |
27 | -msgid "Jan 30, 2002" | |
28 | -msgstr "Jan 30, 2002" | |
29 | - | |
30 | -#. Man page written by Sam Liddicott <azez@ufomechanic.net> | |
31 | -#. It is based on the iptables-save man page. | |
32 | -#. This program is free software; you can redistribute it and/or modify | |
33 | -#. it under the terms of the GNU General Public License as published by | |
34 | -#. the Free Software Foundation; either version 2 of the License, or | |
35 | -#. (at your option) any later version. | |
36 | -#. This program is distributed in the hope that it will be useful, | |
37 | -#. but WITHOUT ANY WARRANTY; without even the implied warranty of | |
38 | -#. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
39 | -#. GNU General Public License for more details. | |
40 | -#. You should have received a copy of the GNU General Public License | |
41 | -#. along with this program; if not, write to the Free Software | |
42 | -#. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | |
43 | -#. type: SH | |
44 | -#: original/man8/ip6tables-restore.8:21 original/man8/ip6tables-save.8:21 | |
45 | -#: original/man8/ip6tables.8:27 original/man8/iptables-restore.8:21 | |
46 | -#: original/man8/iptables-save.8:21 original/man8/iptables.8:25 | |
47 | -#: original/man8/iptables-extensions.8:2 original/man8/iptables-apply.8:8 | |
48 | -#: original/man1/iptables-xml.1:21 | |
49 | -#, no-wrap | |
50 | -msgid "NAME" | |
51 | -msgstr "名前" | |
52 | - | |
53 | -#. type: Plain text | |
54 | -#: original/man8/ip6tables-restore.8:23 | |
55 | -#, fuzzy | |
56 | -#| msgid "ip6tables-restore - Restore IPv6 Tables" | |
57 | -msgid "ip6tables-restore \\(em Restore IPv6 Tables" | |
58 | -msgstr "ip6tables-restore - IPv6 テーブルを復元する" | |
59 | - | |
60 | -#. type: SH | |
61 | -#: original/man8/ip6tables-restore.8:23 original/man8/ip6tables-save.8:23 | |
62 | -#: original/man8/ip6tables.8:29 original/man8/iptables-restore.8:23 | |
63 | -#: original/man8/iptables-save.8:23 original/man8/iptables.8:27 | |
64 | -#: original/man8/iptables-extensions.8:4 original/man8/iptables-apply.8:10 | |
65 | -#: original/man1/iptables-xml.1:23 | |
66 | -#, no-wrap | |
67 | -msgid "SYNOPSIS" | |
68 | -msgstr "書式" | |
69 | - | |
70 | -#. type: Plain text | |
71 | -#: original/man8/ip6tables-restore.8:26 | |
72 | -#, fuzzy | |
73 | -#| msgid "B<iptables-restore >[-c] [-n]" | |
74 | -msgid "B<ip6tables-restore> [B<-chntv>] [B<-M> I<modprobe>] [B<-T> I<name>]" | |
75 | -msgstr "B<iptables-restore >[-c] [-n]" | |
76 | - | |
77 | -#. type: SH | |
78 | -#: original/man8/ip6tables-restore.8:26 original/man8/ip6tables-save.8:26 | |
79 | -#: original/man8/ip6tables.8:55 original/man8/iptables-restore.8:26 | |
80 | -#: original/man8/iptables-save.8:26 original/man8/iptables.8:54 | |
81 | -#: original/man8/iptables-apply.8:12 original/man1/iptables-xml.1:25 | |
82 | -#, no-wrap | |
83 | -msgid "DESCRIPTION" | |
84 | -msgstr "説明" | |
85 | - | |
86 | -#. type: Plain text | |
87 | -#: original/man8/ip6tables-restore.8:31 | |
88 | -msgid "" | |
89 | -"B<ip6tables-restore> is used to restore IPv6 Tables from data specified on " | |
90 | -"STDIN. Use I/O redirection provided by your shell to read from a file" | |
91 | -msgstr "" | |
92 | -"B<ip6tables-restore> は標準入力で指定されたデータから IPv6 テーブルを復元する" | |
93 | -"ために使われる。 ファイルから読み込むためには、 シェルで提供されている I/O リ" | |
94 | -"ダイレクションを使うこと。" | |
95 | - | |
96 | -#. type: TP | |
97 | -#: original/man8/ip6tables-restore.8:31 original/man8/ip6tables-save.8:35 | |
98 | -#: original/man8/iptables-restore.8:31 original/man8/iptables-save.8:35 | |
99 | -#, no-wrap | |
100 | -msgid "B<-c>, B<--counters>" | |
101 | -msgstr "B<-c>, B<--counters>" | |
102 | - | |
103 | -#. type: Plain text | |
104 | -#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34 | |
105 | -msgid "restore the values of all packet and byte counters" | |
106 | -msgstr "全てのパケットカウンタとバイトカウンタの値を復元する。" | |
107 | - | |
108 | -#. type: TP | |
109 | -#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34 | |
110 | -#: original/man8/iptables-apply.8:28 | |
111 | -#, no-wrap | |
112 | -msgid "B<-h>, B<--help>" | |
113 | -msgstr "B<-h>, B<--help>" | |
114 | - | |
115 | -#. type: Plain text | |
116 | -#: original/man8/ip6tables-restore.8:37 original/man8/iptables-restore.8:37 | |
117 | -msgid "Print a short option summary." | |
118 | -msgstr "" | |
119 | - | |
120 | -#. type: TP | |
121 | -#: original/man8/ip6tables-restore.8:37 original/man8/iptables-restore.8:37 | |
122 | -#, no-wrap | |
123 | -msgid "B<-n>, B<--noflush> " | |
124 | -msgstr "B<-n>, B<--noflush> " | |
125 | - | |
126 | -#. type: Plain text | |
127 | -#: original/man8/ip6tables-restore.8:42 | |
128 | -msgid "" | |
129 | -"don't flush the previous contents of the table. If not specified, " | |
130 | -"B<ip6tables-restore> flushes (deletes) all previous contents of the " | |
131 | -"respective table." | |
132 | -msgstr "これまでのテーブルの内容をフラッシュしない。 指定されない場合、 B<ip6tables-restore> は、これまでの各テーブルの内容を全てフラッシュ (削除) する。" | |
133 | - | |
134 | -#. type: TP | |
135 | -#: original/man8/ip6tables-restore.8:42 original/man8/iptables-restore.8:42 | |
136 | -#, no-wrap | |
137 | -msgid "B<-t>, B<--test>" | |
138 | -msgstr "B<-t>, B<--test>" | |
139 | - | |
140 | -#. type: Plain text | |
141 | -#: original/man8/ip6tables-restore.8:45 original/man8/iptables-restore.8:45 | |
142 | -msgid "Only parse and construct the ruleset, but do not commit it." | |
143 | -msgstr "" | |
144 | - | |
145 | -#. type: TP | |
146 | -#: original/man8/ip6tables-restore.8:45 original/man8/ip6tables.8:355 | |
147 | -#: original/man8/iptables-restore.8:45 original/man8/iptables.8:343 | |
148 | -#: original/man1/iptables-xml.1:38 | |
149 | -#, no-wrap | |
150 | -msgid "B<-v>, B<--verbose>" | |
151 | -msgstr "B<-v>, B<--verbose>" | |
152 | - | |
153 | -#. type: Plain text | |
154 | -#: original/man8/ip6tables-restore.8:48 original/man8/iptables-restore.8:48 | |
155 | -msgid "Print additional debug info during ruleset processing." | |
156 | -msgstr "" | |
157 | - | |
158 | -#. type: TP | |
159 | -#: original/man8/ip6tables-restore.8:48 original/man8/iptables-restore.8:48 | |
160 | -#, no-wrap | |
161 | -msgid "B<-M>, B<--modprobe> I<modprobe_program>" | |
162 | -msgstr "B<-M>, B<--modprobe> I<modprobe_program>" | |
163 | - | |
164 | -#. type: Plain text | |
165 | -#: original/man8/ip6tables-restore.8:52 | |
166 | -msgid "" | |
167 | -"Specify the path to the modprobe program. By default, ip6tables-restore will " | |
168 | -"inspect /proc/sys/kernel/modprobe to determine the executable's path." | |
169 | -msgstr "" | |
170 | - | |
171 | -#. type: TP | |
172 | -#: original/man8/ip6tables-restore.8:52 original/man8/iptables-restore.8:52 | |
173 | -#, no-wrap | |
174 | -msgid "B<-T>, B<--table> I<name>" | |
175 | -msgstr "B<-T>, B<--table> I<name>" | |
176 | - | |
177 | -#. type: Plain text | |
178 | -#: original/man8/ip6tables-restore.8:57 | |
179 | -#, fuzzy | |
180 | -#| msgid "" | |
181 | -#| "don't flush the previous contents of the table. If not specified, " | |
182 | -#| "B<ip6tables-restore> flushes (deletes) all previous contents of the " | |
183 | -#| "respective IPv6 Table." | |
184 | -msgid "" | |
185 | -"Restore only the named table even if the input stream contains other ones. " | |
186 | -"B<ip6tables-restore> flushes (deletes) all previous contents of the " | |
187 | -"respective IPv6 Table." | |
188 | -msgstr "" | |
189 | -"これまでのテーブルの内容をフラッシュしない。 指定されない場合、 B<ip6tables-" | |
190 | -"restore> は、これまでの各 IPv6 テーブルの内容を全てフラッシュ (削除) する。" | |
191 | - | |
192 | -#. type: SH | |
193 | -#: original/man8/ip6tables-restore.8:57 original/man8/ip6tables-save.8:42 | |
194 | -#: original/man8/ip6tables.8:395 original/man8/iptables-restore.8:55 | |
195 | -#: original/man8/iptables-save.8:42 original/man8/iptables.8:383 | |
196 | -#: original/man1/iptables-xml.1:82 | |
197 | -#, no-wrap | |
198 | -msgid "BUGS" | |
199 | -msgstr "バグ" | |
200 | - | |
201 | -#. type: Plain text | |
202 | -#: original/man8/ip6tables-restore.8:59 original/man8/ip6tables-save.8:44 | |
203 | -#: original/man8/iptables-restore.8:57 original/man8/iptables-save.8:44 | |
204 | -msgid "None known as of iptables-1.2.1 release" | |
205 | -msgstr "iptables-1.2.1 リリースでは知られていない。" | |
206 | - | |
207 | -#. type: SH | |
208 | -#: original/man8/ip6tables-restore.8:59 original/man8/ip6tables-save.8:44 | |
209 | -#: original/man8/ip6tables.8:430 original/man8/iptables.8:429 | |
210 | -#, no-wrap | |
211 | -msgid "AUTHORS" | |
212 | -msgstr "作者" | |
213 | - | |
214 | -#. type: Plain text | |
215 | -#: original/man8/ip6tables-restore.8:61 original/man8/ip6tables-save.8:46 | |
216 | -#: original/man8/iptables-restore.8:59 original/man8/iptables-save.8:46 | |
217 | -msgid "Harald Welte E<lt>laforge@gnumonks.orgE<gt>" | |
218 | -msgstr "Harald Welte E<lt>laforge@gnumonks.orgE<gt>" | |
219 | - | |
220 | -#. type: Plain text | |
221 | -#: original/man8/ip6tables-restore.8:63 original/man8/ip6tables-save.8:48 | |
222 | -msgid "Andras Kis-Szabo E<lt>kisza@sch.bme.huE<gt>" | |
223 | -msgstr "Andras Kis-Szabo E<lt>kisza@sch.bme.huE<gt>" | |
224 | - | |
225 | -#. type: SH | |
226 | -#: original/man8/ip6tables-restore.8:63 original/man8/ip6tables-save.8:48 | |
227 | -#: original/man8/ip6tables.8:412 original/man8/iptables-restore.8:59 | |
228 | -#: original/man8/iptables-save.8:46 original/man8/iptables.8:411 | |
229 | -#: original/man8/iptables-apply.8:34 original/man1/iptables-xml.1:86 | |
230 | -#, no-wrap | |
231 | -msgid "SEE ALSO" | |
232 | -msgstr "関連項目" | |
233 | - | |
234 | -#. type: Plain text | |
235 | -#: original/man8/ip6tables-restore.8:65 | |
236 | -msgid "B<ip6tables-save>(8), B<ip6tables>(8)" | |
237 | -msgstr "B<ip6tables-save>(8), B<ip6tables>(8)" | |
238 | - | |
239 | -#. type: Plain text | |
240 | -#: original/man8/ip6tables-restore.8:68 original/man8/ip6tables-save.8:53 | |
241 | -#: original/man8/iptables-restore.8:64 original/man8/iptables-save.8:51 | |
242 | -msgid "" | |
243 | -"The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which " | |
244 | -"details NAT, and the netfilter-hacking-HOWTO which details the internals." | |
245 | -msgstr "" | |
246 | -"より多くの iptables の使用法について 詳細に説明している iptables-HOWTO。 NAT " | |
247 | -"について詳細に説明している NAT-HOWTO。 内部構造について詳細に説明している " | |
248 | -"netfilter-hacking-HOWTO。" | |
249 | - | |
250 | -#. type: TH | |
251 | -#: original/man8/ip6tables-save.8:1 | |
252 | -#, no-wrap | |
253 | -msgid "IP6TABLES-SAVE" | |
254 | -msgstr "IP6TABLES-SAVE" | |
255 | - | |
256 | -#. type: Plain text | |
257 | -#: original/man8/ip6tables-save.8:23 | |
258 | -msgid "ip6tables-save \\(em dump iptables rules to stdout" | |
259 | -msgstr "" | |
260 | - | |
261 | -#. type: Plain text | |
262 | -#: original/man8/ip6tables-save.8:26 | |
263 | -msgid "B<ip6tables-save> [B<-M> I<modprobe>] [B<-c>] [B<-t> I<table>" | |
264 | -msgstr "B<ip6tables-save> [B<-M> I<modprobe>] [B<-c>] [B<-t> I<table>" | |
265 | - | |
266 | -#. type: Plain text | |
267 | -#: original/man8/ip6tables-save.8:31 | |
268 | -msgid "" | |
269 | -"B<ip6tables-save> is used to dump the contents of an IPv6 Table in easily " | |
270 | -"parseable format to STDOUT. Use I/O-redirection provided by your shell to " | |
271 | -"write to a file." | |
272 | -msgstr "" | |
273 | -"B<ip6tables-save> は IPv6 テーブルの内容を簡単に解析できる形式で 標準出力にダ" | |
274 | -"ンプするために使われる。 ファイルに書き出すためには、 シェルで提供されている " | |
275 | -"I/O リダイレクションを使うこと。" | |
276 | - | |
277 | -#. type: TP | |
278 | -#: original/man8/ip6tables-save.8:31 original/man8/iptables-save.8:31 | |
279 | -#, no-wrap | |
280 | -msgid "B<-M> I<modprobe_program>" | |
281 | -msgstr "B<-M> I<modprobe_program>" | |
282 | - | |
283 | -#. type: Plain text | |
284 | -#: original/man8/ip6tables-save.8:35 original/man8/iptables-save.8:35 | |
285 | -msgid "" | |
286 | -"Specify the path to the modprobe program. By default, iptables-save will " | |
287 | -"inspect /proc/sys/kernel/modprobe to determine the executable's path." | |
288 | -msgstr "" | |
289 | - | |
290 | -#. type: Plain text | |
291 | -#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38 | |
292 | -msgid "" | |
293 | -"include the current values of all packet and byte counters in the output" | |
294 | -msgstr "全てのパケットカウンタとバイトカウンタの現在の値を出力する。" | |
295 | - | |
296 | -#. type: TP | |
297 | -#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38 | |
298 | -#, no-wrap | |
299 | -msgid "B<-t>, B<--table> I<tablename>" | |
300 | -msgstr "B<-t>, B<--table> I<tablename>" | |
301 | - | |
302 | -#. type: Plain text | |
303 | -#: original/man8/ip6tables-save.8:42 original/man8/iptables-save.8:42 | |
304 | -msgid "" | |
305 | -"restrict output to only one table. If not specified, output includes all " | |
306 | -"available tables." | |
307 | -msgstr "" | |
308 | -"出力を 1 つのテーブルのみに制限する。 指定されない場合、得られた全てのテーブ" | |
309 | -"ルを出力する。" | |
310 | - | |
311 | -#. type: Plain text | |
312 | -#: original/man8/ip6tables-save.8:50 | |
313 | -msgid "B<ip6tables-restore>(8), B<ip6tables>(8)" | |
314 | -msgstr "B<ip6tables-restore>(8), B<ip6tables>(8)" | |
315 | - | |
316 | -#. type: TH | |
317 | -#: original/man8/ip6tables.8:1 | |
318 | -#, no-wrap | |
319 | -msgid "IP6TABLES" | |
320 | -msgstr "IP6TABLES" | |
321 | - | |
322 | -#. type: TH | |
323 | -#: original/man8/ip6tables.8:1 original/man8/iptables.8:1 | |
324 | -#: original/man8/iptables-extensions.8:1 | |
325 | -#, no-wrap | |
326 | -msgid "iptables 1.4.18" | |
327 | -msgstr "" | |
328 | - | |
329 | -#. type: Plain text | |
330 | -#: original/man8/ip6tables.8:29 | |
331 | -msgid "ip6tables \\(em IPv6 packet filter administration" | |
332 | -msgstr "ip6tables \\(em IPv6 パケットフィルタを管理する" | |
333 | - | |
334 | -#. type: Plain text | |
335 | -#: original/man8/ip6tables.8:32 | |
336 | -msgid "" | |
337 | -"B<ip6tables> [B<-t> I<table>] {B<-A>|B<-C>|B<-D>} I<chain rule-" | |
338 | -"specification> [I<options...>]" | |
339 | -msgstr "B<ip6tables> [B<-t> I<テーブル>] {B<-A>|B<-C>|B<-D>} I<チェイン ルールの詳細> [I<オプション...>]" | |
340 | - | |
341 | -#. type: Plain text | |
342 | -#: original/man8/ip6tables.8:35 | |
343 | -msgid "" | |
344 | -"B<ip6tables> [B<-t> I<table>] B<-I> I<chain> [I<rulenum>] I<rule-" | |
345 | -"specification> [I<options...>]" | |
346 | -msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-I> I<チェイン> [I<ルール番号>] I<ルールの詳細> [I<オプション...>]" | |
347 | - | |
348 | -#. type: Plain text | |
349 | -#: original/man8/ip6tables.8:38 | |
350 | -msgid "" | |
351 | -"B<ip6tables> [B<-t> I<table>] B<-R> I<chain rulenum rule-specification> " | |
352 | -"[I<options...>]" | |
353 | -msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-R> I<チェイン ルール番号 ルールの詳細> [I<オプション...>]" | |
354 | - | |
355 | -#. type: Plain text | |
356 | -#: original/man8/ip6tables.8:41 | |
357 | -msgid "B<ip6tables> [B<-t> I<table>] B<-D> I<chain rulenum> [I<options...>]" | |
358 | -msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-D> I<チェイン ルール番号> [I<オプション...>]" | |
359 | - | |
360 | -#. type: Plain text | |
361 | -#: original/man8/ip6tables.8:43 | |
362 | -msgid "B<ip6tables> [B<-t> I<table>] B<-S> [I<chain> [I<rulenum>]]" | |
363 | -msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-S> [I<チェイン> [I<ルール番号>]]" | |
364 | - | |
365 | -#. type: Plain text | |
366 | -#: original/man8/ip6tables.8:46 | |
367 | -msgid "" | |
368 | -"B<ip6tables> [B<-t> I<table>] {B<-F>|B<-L>|B<-Z>} [I<chain> [I<rulenum>]] " | |
369 | -"[I<options...>]" | |
370 | -msgstr "B<ip6tables> [B<-t> I<テーブル>] {B<-F>|B<-L>|B<-Z>} [I<チェイン> [I<ルール番号>]] [I<オプション...>]" | |
371 | - | |
372 | -#. type: Plain text | |
373 | -#: original/man8/ip6tables.8:48 | |
374 | -msgid "B<ip6tables> [B<-t> I<table>] B<-N> I<chain>" | |
375 | -msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-N> I<チェイン>" | |
376 | - | |
377 | -#. type: Plain text | |
378 | -#: original/man8/ip6tables.8:50 | |
379 | -msgid "B<ip6tables> [B<-t> I<table>] B<-X> [I<chain>]" | |
380 | -msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-X> [I<チェイン>]" | |
381 | - | |
382 | -#. type: Plain text | |
383 | -#: original/man8/ip6tables.8:53 | |
384 | -msgid "B<ip6tables> [B<-t> I<table>] B<-P> I<chain target> [I<options...>]" | |
385 | -msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-P> I<チェイン ターゲット> [I<オプション...>]" | |
386 | - | |
387 | -#. type: Plain text | |
388 | -#: original/man8/ip6tables.8:55 | |
389 | -msgid "B<ip6tables> [B<-t> I<table>] B<-E> I<old-chain-name new-chain-name>" | |
390 | -msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-E> I<旧チェイン名 新チェイン名>" | |
391 | - | |
392 | -#. type: Plain text | |
393 | -#: original/man8/ip6tables.8:61 | |
394 | -msgid "" | |
395 | -"B<Ip6tables> is used to set up, maintain, and inspect the tables of IPv6 " | |
396 | -"packet filter rules in the Linux kernel. Several different tables may be " | |
397 | -"defined. Each table contains a number of built-in chains and may also " | |
398 | -"contain user-defined chains." | |
399 | -msgstr "" | |
400 | -"B<ip6tables> は Linux カーネルの IPv6 パケットフィルタルールのテーブルを 設" | |
401 | -"定・管理・検査するために使われる。 複数の異なるテーブルが定義される可能性があ" | |
402 | -"る。 各テーブルは組み込み済みチェインを含む。 さらにユーザー定義のチェインを" | |
403 | -"含むこともできる。" | |
404 | - | |
405 | -#. type: Plain text | |
406 | -#: original/man8/ip6tables.8:66 original/man8/iptables.8:65 | |
407 | -msgid "" | |
408 | -"Each chain is a list of rules which can match a set of packets. Each rule " | |
409 | -"specifies what to do with a packet that matches. This is called a `target', " | |
410 | -"which may be a jump to a user-defined chain in the same table." | |
411 | -msgstr "" | |
412 | -"各チェインは、パケット群にマッチするルールのリストである。 各ルールは\n" | |
413 | -"マッチしたパケットに対して何をするかを指定する。 これは「ターゲット」と\n" | |
414 | -"呼ばれ、 同じテーブル内のユーザー定義チェインにジャンプすることもできる。" | |
415 | - | |
416 | -#. type: SH | |
417 | -#: original/man8/ip6tables.8:66 original/man8/iptables.8:65 | |
418 | -#, no-wrap | |
419 | -msgid "TARGETS" | |
420 | -msgstr "ターゲット" | |
421 | - | |
422 | -#. type: Plain text | |
423 | -#: original/man8/ip6tables.8:72 original/man8/iptables.8:71 | |
424 | -#, fuzzy | |
425 | -#| msgid "" | |
426 | -#| "A firewall rule specifies criteria for a packet, and a target. If the " | |
427 | -#| "packet does not match, the next rule in the chain is the examined; if it " | |
428 | -#| "does match, then the next rule is specified by the value of the target, " | |
429 | -#| "which can be the name of a user-defined chain or one of the special " | |
430 | -#| "values I<ACCEPT>, I<DROP>, I<QUEUE>, or I<RETURN>." | |
431 | -msgid "" | |
432 | -"A firewall rule specifies criteria for a packet and a target. If the packet " | |
433 | -"does not match, the next rule in the chain is the examined; if it does " | |
434 | -"match, then the next rule is specified by the value of the target, which can " | |
435 | -"be the name of a user-defined chain or one of the special values B<ACCEPT>, " | |
436 | -"B<DROP>, B<QUEUE> or B<RETURN>." | |
437 | -msgstr "" | |
438 | -"ファイアウォールのルールは、パケットを判断する基準とターゲットを指定する。\n" | |
439 | -"パケットがマッチしない場合、チェイン内の次のルールが評価される。\n" | |
440 | -"パケットがマッチした場合、 ターゲットの値によって次のルールが指定される。\n" | |
441 | -"ターゲットの値は、ユーザー定義チェインの名前、または特別な値\n" | |
442 | -"I<ACCEPT>, I<DROP>, I<QUEUE>, I<RETURN> のうちの 1 つである。" | |
443 | - | |
444 | -#. type: Plain text | |
445 | -#: original/man8/ip6tables.8:89 original/man8/iptables.8:88 | |
446 | -#, fuzzy | |
447 | -#| msgid "" | |
448 | -#| "I<ACCEPT> means to let the packet through. I<DROP> means to drop the " | |
449 | -#| "packet on the floor. I<QUEUE> means to pass the packet to userspace (if " | |
450 | -#| "supported by the kernel). I<RETURN> means stop traversing this chain and " | |
451 | -#| "resume at the next rule in the previous (calling) chain. If the end of a " | |
452 | -#| "built-in chain is reached or a rule in a built-in chain with target " | |
453 | -#| "I<RETURN> is matched, the target specified by the chain policy determines " | |
454 | -#| "the fate of the packet." | |
455 | -msgid "" | |
456 | -"B<ACCEPT> means to let the packet through. B<DROP> means to drop the packet " | |
457 | -"on the floor. B<QUEUE> means to pass the packet to userspace. (How the " | |
458 | -"packet can be received by a userspace process differs by the particular " | |
459 | -"queue handler. 2.4.x and 2.6.x kernels up to 2.6.13 include the B<ip_queue> " | |
460 | -"queue handler. Kernels 2.6.14 and later additionally include the " | |
461 | -"B<nfnetlink_queue> queue handler. Packets with a target of QUEUE will be " | |
462 | -"sent to queue number '0' in this case. Please also see the B<NFQUEUE> target " | |
463 | -"as described later in this man page.) B<RETURN> means stop traversing this " | |
464 | -"chain and resume at the next rule in the previous (calling) chain. If the " | |
465 | -"end of a built-in chain is reached or a rule in a built-in chain with target " | |
466 | -"B<RETURN> is matched, the target specified by the chain policy determines " | |
467 | -"the fate of the packet." | |
468 | -msgstr "" | |
469 | -"I<ACCEPT> はパケットを通すという意味である。 \n" | |
470 | -"I<DROP> はパケットを床に落す (捨てる) という意味である。 \n" | |
471 | -"I<QUEUE> はパケットをユーザー空間に渡すという意味である \n" | |
472 | -"(カーネルがサポートしていればであるが)。\n" | |
473 | -"I<RETURN> は、このチェインを辿るのを中止して、\n" | |
474 | -"前の (呼び出し元) チェインの次のルールから再開するという意味である。\n" | |
475 | -"組み込み済みチェインの最後に到達した場合、 または組み込み済みチェインで\n" | |
476 | -"ターゲット I<RETURN> を持つルールにマッチした場合、\n" | |
477 | -"チェインポリシーで指定されたターゲットが パケットの行方を決定する。" | |
478 | - | |
479 | -#. type: SH | |
480 | -#: original/man8/ip6tables.8:89 original/man8/iptables.8:88 | |
481 | -#, no-wrap | |
482 | -msgid "TABLES" | |
483 | -msgstr "テーブル" | |
484 | - | |
485 | -#. type: Plain text | |
486 | -#: original/man8/ip6tables.8:93 original/man8/iptables.8:92 | |
487 | -#, fuzzy | |
488 | -#| msgid "" | |
489 | -#| "There are currently three independent tables (which tables are present at " | |
490 | -#| "any time depends on the kernel configuration options and which modules " | |
491 | -#| "are present)." | |
492 | -msgid "" | |
493 | -"There are currently five independent tables (which tables are present at any " | |
494 | -"time depends on the kernel configuration options and which modules are " | |
495 | -"present)." | |
496 | -msgstr "" | |
497 | -"現在のところ 3 つの独立なテーブルが存在する (ある時点でどのテーブルが存在する" | |
498 | -"かは、 カーネルの設定やどういったモジュールが存在するかに依存する)。" | |
499 | - | |
500 | -#. type: TP | |
501 | -#: original/man8/ip6tables.8:93 original/man8/iptables.8:92 | |
502 | -#, fuzzy, no-wrap | |
503 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
504 | -msgid "B<-t>, B<--table> I<table>" | |
505 | -msgstr "B<-t>, B<--table> B<tablename>" | |
506 | - | |
507 | -#. type: Plain text | |
508 | -#: original/man8/ip6tables.8:99 original/man8/iptables.8:98 | |
509 | -msgid "" | |
510 | -"This option specifies the packet matching table which the command should " | |
511 | -"operate on. If the kernel is configured with automatic module loading, an " | |
512 | -"attempt will be made to load the appropriate module for that table if it is " | |
513 | -"not already there." | |
514 | -msgstr "" | |
515 | -"このオプションは、このコマンドが操作するパケットマッチングテーブルを\n" | |
516 | -"指定する。 カーネルに自動モジュールローディングが設定されている場合、\n" | |
517 | -"そのテーブルに対する適切なモジュールがまだロードされていなければ、\n" | |
518 | -"そのモジュールがロードされる。" | |
519 | - | |
520 | -#. type: Plain text | |
521 | -#: original/man8/ip6tables.8:101 original/man8/iptables.8:100 | |
522 | -msgid "The tables are as follows:" | |
523 | -msgstr "テーブルは以下の通りである。" | |
524 | - | |
525 | -#. type: TP | |
526 | -#: original/man8/ip6tables.8:102 original/man8/iptables.8:101 | |
527 | -#, no-wrap | |
528 | -msgid "B<filter>:" | |
529 | -msgstr "B<filter>:" | |
530 | - | |
531 | -#. type: Plain text | |
532 | -#: original/man8/ip6tables.8:108 original/man8/iptables.8:107 | |
533 | -#, fuzzy | |
534 | -#| msgid "" | |
535 | -#| "This is the default table (if no -t option is passed). It contains the " | |
536 | -#| "built-in chains B<INPUT> (for packets coming into the box itself), " | |
537 | -#| "B<FORWARD> (for packets being routed through the box), and B<OUTPUT> (for " | |
538 | -#| "locally-generated packets)." | |
539 | -msgid "" | |
540 | -"This is the default table (if no -t option is passed). It contains the built-" | |
541 | -"in chains B<INPUT> (for packets destined to local sockets), B<FORWARD> (for " | |
542 | -"packets being routed through the box), and B<OUTPUT> (for locally-generated " | |
543 | -"packets)." | |
544 | -msgstr "" | |
545 | -"(-t オプションが指定されていない場合は) これがデフォルトのテーブルである。\n" | |
546 | -"これには B<INPUT> (マシン自体に入ってくるパケットに対するチェイン)・\n" | |
547 | -"B<FORWARD> (マシンを経由するパケットに対するチェイン)・ \n" | |
548 | -"B<OUTPUT> (ローカルマシンで生成されたパケットに対するチェイン) という\n" | |
549 | -"組み込み済みチェインが含まれる。" | |
550 | - | |
551 | -#. type: TP | |
552 | -#: original/man8/ip6tables.8:108 original/man8/iptables.8:107 | |
553 | -#, no-wrap | |
554 | -msgid "B<nat>:" | |
555 | -msgstr "B<nat>:" | |
556 | - | |
557 | -#. type: Plain text | |
558 | -#: original/man8/ip6tables.8:115 | |
559 | -#, fuzzy | |
560 | -#| msgid "" | |
561 | -#| "This table is consulted when a packet that creates a new connection is " | |
562 | -#| "encountered. It consists of three built-ins: B<PREROUTING> (for altering " | |
563 | -#| "packets as soon as they come in), B<OUTPUT> (for altering locally-" | |
564 | -#| "generated packets before routing), and B<POSTROUTING> (for altering " | |
565 | -#| "packets as they are about to go out)." | |
566 | -msgid "" | |
567 | -"This table is consulted when a packet that creates a new connection is " | |
568 | -"encountered. It consists of three built-ins: B<PREROUTING> (for altering " | |
569 | -"packets as soon as they come in), B<OUTPUT> (for altering locally-generated " | |
570 | -"packets before routing), and B<POSTROUTING> (for altering packets as they " | |
571 | -"are about to go out). Available since kernel 3.7." | |
572 | -msgstr "" | |
573 | -"このテーブルは新しい接続を開くようなパケットに対して参照される。 これには " | |
574 | -"B<PREROUTING> (パケットが入ってきた場合、すぐにそのパケットを変換するための" | |
575 | -"チェイン)・ B<OUTPUT> (ローカルで生成されたパケットをルーティングの前に変換す" | |
576 | -"るためのチェイン)・ B<POSTROUTING> (パケットが出て行くときに変換するための" | |
577 | -"チェイン) という 3 つの組み込み済みチェインが含まれる。" | |
578 | - | |
579 | -#. type: TP | |
580 | -#: original/man8/ip6tables.8:115 original/man8/iptables.8:114 | |
581 | -#, no-wrap | |
582 | -msgid "B<mangle>:" | |
583 | -msgstr "B<mangle>:" | |
584 | - | |
585 | -#. type: Plain text | |
586 | -#: original/man8/ip6tables.8:125 original/man8/iptables.8:124 | |
587 | -msgid "" | |
588 | -"This table is used for specialized packet alteration. Until kernel 2.4.17 " | |
589 | -"it had two built-in chains: B<PREROUTING> (for altering incoming packets " | |
590 | -"before routing) and B<OUTPUT> (for altering locally-generated packets before " | |
591 | -"routing). Since kernel 2.4.18, three other built-in chains are also " | |
592 | -"supported: B<INPUT> (for packets coming into the box itself), B<FORWARD> " | |
593 | -"(for altering packets being routed through the box), and B<POSTROUTING> (for " | |
594 | -"altering packets as they are about to go out)." | |
595 | -msgstr "" | |
596 | -"このテーブルは特別なパケット変換に使われる。 カーネル 2.4.17 までは、\n" | |
597 | -"B<PREROUTING> (パケットが入ってきた場合、 すぐにそのパケットを変換する\n" | |
598 | -"ためのチェイン)・ B<OUTPUT> (ローカルで生成されたパケットを ルーティン\n" | |
599 | -"グの前に変換するためのチェイン) という 2 つの組み込み済みチェインが含ま\n" | |
600 | -"れていた。 カーネル 2.4.18 からは、これらの他に B<INPUT> (マシン自体に\n" | |
601 | -"入ってくるパケットに対するチェイン)・ B<FORWARD> (マシンを経由するパケッ\n" | |
602 | -"トに対するチェイン)・ B<POSTROUTING> (パケットが出て行くときに変換する\n" | |
603 | -"ためのチェイン)・ という 3 つの組み込み済みチェインもサポートされる。" | |
604 | - | |
605 | -#. type: TP | |
606 | -#: original/man8/ip6tables.8:125 original/man8/iptables.8:124 | |
607 | -#, no-wrap | |
608 | -msgid "B<raw>:" | |
609 | -msgstr "" | |
610 | - | |
611 | -#. type: Plain text | |
612 | -#: original/man8/ip6tables.8:133 original/man8/iptables.8:132 | |
613 | -msgid "" | |
614 | -"This table is used mainly for configuring exemptions from connection " | |
615 | -"tracking in combination with the NOTRACK target. It registers at the " | |
616 | -"netfilter hooks with higher priority and is thus called before ip_conntrack, " | |
617 | -"or any other IP tables. It provides the following built-in chains: " | |
618 | -"B<PREROUTING> (for packets arriving via any network interface) B<OUTPUT> " | |
619 | -"(for packets generated by local processes)" | |
620 | -msgstr "" | |
621 | - | |
622 | -#. type: TP | |
623 | -#: original/man8/ip6tables.8:133 original/man8/iptables.8:132 | |
624 | -#, no-wrap | |
625 | -msgid "B<security>:" | |
626 | -msgstr "" | |
627 | - | |
628 | -#. type: Plain text | |
629 | -#: original/man8/ip6tables.8:144 original/man8/iptables.8:143 | |
630 | -msgid "" | |
631 | -"This table is used for Mandatory Access Control (MAC) networking rules, such " | |
632 | -"as those enabled by the B<SECMARK> and B<CONNSECMARK> targets. Mandatory " | |
633 | -"Access Control is implemented by Linux Security Modules such as SELinux. " | |
634 | -"The security table is called after the filter table, allowing any " | |
635 | -"Discretionary Access Control (DAC) rules in the filter table to take effect " | |
636 | -"before MAC rules. This table provides the following built-in chains: " | |
637 | -"B<INPUT> (for packets coming into the box itself), B<OUTPUT> (for altering " | |
638 | -"locally-generated packets before routing), and B<FORWARD> (for altering " | |
639 | -"packets being routed through the box)." | |
640 | -msgstr "" | |
641 | - | |
642 | -#. type: SH | |
643 | -#: original/man8/ip6tables.8:145 original/man8/iptables.8:144 | |
644 | -#: original/man8/iptables-apply.8:23 | |
645 | -#, no-wrap | |
646 | -msgid "OPTIONS" | |
647 | -msgstr "オプション" | |
648 | - | |
649 | -#. type: Plain text | |
650 | -#: original/man8/ip6tables.8:148 | |
651 | -msgid "" | |
652 | -"The options that are recognized by B<ip6tables> can be divided into several " | |
653 | -"different groups." | |
654 | -msgstr "B<ip6tables> で使えるオプションは、いくつかのグループに分けられる。" | |
655 | - | |
656 | -#. type: SS | |
657 | -#: original/man8/ip6tables.8:148 original/man8/iptables.8:147 | |
658 | -#, no-wrap | |
659 | -msgid "COMMANDS" | |
660 | -msgstr "コマンド" | |
661 | - | |
662 | -#. type: Plain text | |
663 | -#: original/man8/ip6tables.8:154 | |
664 | -msgid "" | |
665 | -"These options specify the specific action to perform. Only one of them can " | |
666 | -"be specified on the command line unless otherwise specified below. For all " | |
667 | -"the long versions of the command and option names, you need to use only " | |
668 | -"enough letters to ensure that B<ip6tables> can differentiate it from all " | |
669 | -"other options." | |
670 | -msgstr "" | |
671 | -"これらのオプションは、実行する特定の動作を指定する。 以下の説明で許可されてい" | |
672 | -"ない限り、 この中の 1 つしかコマンドラインで指定することができない。 長いバー" | |
673 | -"ジョンのコマンド名とオプション名は、 B<ip6tables> が他のコマンド名やオプショ" | |
674 | -"ン名と区別できる範囲で (文字を省略して) 指定することもできる。" | |
675 | - | |
676 | -#. type: TP | |
677 | -#: original/man8/ip6tables.8:154 original/man8/ip6tables.8:237 | |
678 | -#: original/man8/iptables.8:153 | |
679 | -#, fuzzy, no-wrap | |
680 | -#| msgid "B<-A, --append >I<chain rule-specification>" | |
681 | -msgid "B<-A>, B<--append> I<chain rule-specification>" | |
682 | -msgstr "B<-A, --append >I<chain rule-specification>" | |
683 | - | |
684 | -#. type: Plain text | |
685 | -#: original/man8/ip6tables.8:159 original/man8/ip6tables.8:242 | |
686 | -#: original/man8/iptables.8:158 | |
687 | -msgid "" | |
688 | -"Append one or more rules to the end of the selected chain. When the source " | |
689 | -"and/or destination names resolve to more than one address, a rule will be " | |
690 | -"added for each possible address combination." | |
691 | -msgstr "" | |
692 | -"選択されたチェインの最後に 1 つ以上のルールを追加する。\n" | |
693 | -"送信元や送信先の名前の解決を行って、 1 つ以上のアドレスに展開された\n" | |
694 | -"場合は、可能なアドレスの組合せそれぞれに対してルールが追加される。" | |
695 | - | |
696 | -#. type: TP | |
697 | -#: original/man8/ip6tables.8:159 original/man8/iptables.8:158 | |
698 | -#, fuzzy, no-wrap | |
699 | -#| msgid "B<-A, --append >I<chain rule-specification>" | |
700 | -msgid "B<-C>, B<--check> I<chain rule-specification>" | |
701 | -msgstr "B<-A, --append >I<chain rule-specification>" | |
702 | - | |
703 | -#. type: Plain text | |
704 | -#: original/man8/ip6tables.8:165 original/man8/iptables.8:164 | |
705 | -msgid "" | |
706 | -"Check whether a rule matching the specification does exist in the selected " | |
707 | -"chain. This command uses the same logic as B<-D> to find a matching entry, " | |
708 | -"but does not alter the existing iptables configuration and uses its exit " | |
709 | -"code to indicate success or failure." | |
710 | -msgstr "" | |
711 | - | |
712 | -#. type: TP | |
713 | -#: original/man8/ip6tables.8:165 original/man8/iptables.8:164 | |
714 | -#, fuzzy, no-wrap | |
715 | -#| msgid "B<-D, --delete >I<chain rule-specification>" | |
716 | -msgid "B<-D>, B<--delete> I<chain rule-specification>" | |
717 | -msgstr "B<-D, --delete >I<chain rule-specification>" | |
718 | - | |
719 | -#. type: TP | |
720 | -#: original/man8/ip6tables.8:168 original/man8/iptables.8:167 | |
721 | -#, fuzzy, no-wrap | |
722 | -#| msgid "B<-D, --delete >I<chain rulenum>" | |
723 | -msgid "B<-D>, B<--delete> I<chain rulenum>" | |
724 | -msgstr "B<-D, --delete >I<chain rulenum>" | |
725 | - | |
726 | -#. type: Plain text | |
727 | -#: original/man8/ip6tables.8:173 original/man8/iptables.8:172 | |
728 | -msgid "" | |
729 | -"Delete one or more rules from the selected chain. There are two versions of " | |
730 | -"this command: the rule can be specified as a number in the chain (starting " | |
731 | -"at 1 for the first rule) or a rule to match." | |
732 | -msgstr "" | |
733 | -"選択されたチェインから 1 つ以上のルールを削除する。 このコマンドには 2 つの使" | |
734 | -"い方がある: チェインの中の番号 (最初のルールを 1 とする) を指定する場合と、 " | |
735 | -"マッチするルールを指定する場合である。" | |
736 | - | |
737 | -#. type: TP | |
738 | -#: original/man8/ip6tables.8:173 original/man8/iptables.8:172 | |
739 | -#, fuzzy, no-wrap | |
740 | -#| msgid "B<-I, --insert >I<chain> [I<rulenum>] I<rule-specification>" | |
741 | -msgid "B<-I>, B<--insert> I<chain> [I<rulenum>] I<rule-specification>" | |
742 | -msgstr "B<-I, --insert >I<チェイン> [I<ルール番号>] I<ルールの詳細>" | |
743 | - | |
744 | -#. type: Plain text | |
745 | -#: original/man8/ip6tables.8:179 original/man8/iptables.8:178 | |
746 | -msgid "" | |
747 | -"Insert one or more rules in the selected chain as the given rule number. " | |
748 | -"So, if the rule number is 1, the rule or rules are inserted at the head of " | |
749 | -"the chain. This is also the default if no rule number is specified." | |
750 | -msgstr "" | |
751 | -"選択されたチェインにルール番号を指定して 1 つ以上のルールを挿入する。 ルール" | |
752 | -"番号が 1 の場合、ルールはチェインの先頭に挿入される。 これはルール番号が指定" | |
753 | -"されない場合のデフォルトでもある。" | |
754 | - | |
755 | -#. type: TP | |
756 | -#: original/man8/ip6tables.8:179 original/man8/iptables.8:178 | |
757 | -#, fuzzy, no-wrap | |
758 | -#| msgid "B<-R, --replace >I<chain rulenum rule-specification>" | |
759 | -msgid "B<-R>, B<--replace> I<chain rulenum rule-specification>" | |
760 | -msgstr "B<-R, --replace >I<chain rulenum rule-specification>" | |
761 | - | |
762 | -#. type: Plain text | |
763 | -#: original/man8/ip6tables.8:184 original/man8/iptables.8:183 | |
764 | -msgid "" | |
765 | -"Replace a rule in the selected chain. If the source and/or destination " | |
766 | -"names resolve to multiple addresses, the command will fail. Rules are " | |
767 | -"numbered starting at 1." | |
768 | -msgstr "" | |
769 | -"選択されたチェインにあるルールを置き換える。\n" | |
770 | -"送信元や送信先の名前が 1 つ以上のアドレスに解決された場合は、\n" | |
771 | -"このコマンドは失敗する。ルール番号は 1 からはじまる。" | |
772 | - | |
773 | -#. type: TP | |
774 | -#: original/man8/ip6tables.8:184 original/man8/iptables.8:183 | |
775 | -#, fuzzy, no-wrap | |
776 | -#| msgid "B<-L, --list >[I<chain>]" | |
777 | -msgid "B<-L>, B<--list> [I<chain>]" | |
778 | -msgstr "B<-L, --list >[I<chain>]" | |
779 | - | |
780 | -#. type: Plain text | |
781 | -#: original/man8/ip6tables.8:189 | |
782 | -#, fuzzy | |
783 | -#| msgid "" | |
784 | -#| "List all rules in the selected chain. If no chain is selected, all " | |
785 | -#| "chains are listed. As every other iptables command, it applies to the " | |
786 | -#| "specified table (filter is the default), so NAT rules get listed by" | |
787 | -msgid "" | |
788 | -"List all rules in the selected chain. If no chain is selected, all chains " | |
789 | -"are listed. Like every other ip6tables command, it applies to the specified " | |
790 | -"table (filter is the default)." | |
791 | -msgstr "" | |
792 | -"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場" | |
793 | -"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同" | |
794 | -"様に、指定されたテーブル (デフォルトは filter) に対して作用する。 よって NAT " | |
795 | -"ルールを表示するには以下のようにする。" | |
796 | - | |
797 | -#. type: Plain text | |
798 | -#: original/man8/ip6tables.8:196 original/man8/iptables.8:197 | |
799 | -msgid "" | |
800 | -"Please note that it is often used with the B<-n> option, in order to avoid " | |
801 | -"long reverse DNS lookups. It is legal to specify the B<-Z> (zero) option as " | |
802 | -"well, in which case the chain(s) will be atomically listed and zeroed. The " | |
803 | -"exact output is affected by the other arguments given. The exact rules are " | |
804 | -"suppressed until you use" | |
805 | -msgstr "" | |
806 | -"DNS の逆引きを避けるために、よく B<-n> オプションと共に使用される。\n" | |
807 | -"B<-Z> (ゼロ化) オプションを同時に指定することもできる。この場合、\n" | |
808 | -"チェインは要素毎にリストされて、 (訳註: パケットカウンタとバイト\n" | |
809 | -"カウンタが) ゼロにされる。出力表示は同時に与えられた他の引き数に\n" | |
810 | -"影響される。以下のように、 B<-v> オプションを指定しない限り、\n" | |
811 | -"実際のルールそのものは表示されない。" | |
812 | - | |
813 | -#. type: Plain text | |
814 | -#: original/man8/ip6tables.8:198 | |
815 | -#, no-wrap | |
816 | -msgid " ip6tables -L -v\n" | |
817 | -msgstr " ip6tables -L -v\n" | |
818 | - | |
819 | -#. type: TP | |
820 | -#: original/man8/ip6tables.8:199 original/man8/iptables.8:200 | |
821 | -#, fuzzy, no-wrap | |
822 | -#| msgid "B<-L, --list >[I<chain>]" | |
823 | -msgid "B<-S>, B<--list-rules> [I<chain>]" | |
824 | -msgstr "B<-L, --list >[I<chain>]" | |
825 | - | |
826 | -#. type: Plain text | |
827 | -#: original/man8/ip6tables.8:204 | |
828 | -#, fuzzy | |
829 | -#| msgid "" | |
830 | -#| "List all rules in the selected chain. If no chain is selected, all " | |
831 | -#| "chains are listed. As every other iptables command, it applies to the " | |
832 | -#| "specified table (filter is the default), so NAT rules get listed by" | |
833 | -msgid "" | |
834 | -"Print all rules in the selected chain. If no chain is selected, all chains " | |
835 | -"are printed like ip6tables-save. Like every other ip6tables command, it " | |
836 | -"applies to the specified table (filter is the default)." | |
837 | -msgstr "" | |
838 | -"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場" | |
839 | -"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同" | |
840 | -"様に、指定されたテーブル (デフォルトは filter) に対して作用する。 よって NAT " | |
841 | -"ルールを表示するには以下のようにする。" | |
842 | - | |
843 | -#. type: TP | |
844 | -#: original/man8/ip6tables.8:204 original/man8/iptables.8:205 | |
845 | -#, fuzzy, no-wrap | |
846 | -#| msgid "B<-F, --flush >[I<chain>]" | |
847 | -msgid "B<-F>, B<--flush> [I<chain>]" | |
848 | -msgstr "B<-F, --flush >[I<chain>]" | |
849 | - | |
850 | -#. type: Plain text | |
851 | -#: original/man8/ip6tables.8:208 original/man8/iptables.8:209 | |
852 | -msgid "" | |
853 | -"Flush the selected chain (all the chains in the table if none is given). " | |
854 | -"This is equivalent to deleting all the rules one by one." | |
855 | -msgstr "" | |
856 | -"選択されたチェイン (何も指定されなければテーブル内の全てのチェイン) \n" | |
857 | -"の内容を全消去する。これは全てのルールを 1 個ずつ削除するのと\n" | |
858 | -"同じである。" | |
859 | - | |
860 | -#. type: TP | |
861 | -#: original/man8/ip6tables.8:208 original/man8/iptables.8:209 | |
862 | -#, fuzzy, no-wrap | |
863 | -#| msgid "B<-Z, --zero >[I<chain>]" | |
864 | -msgid "B<-Z>, B<--zero> [I<chain> [I<rulenum>]]" | |
865 | -msgstr "B<-Z, --zero >[I<chain>]" | |
866 | - | |
867 | -#. type: Plain text | |
868 | -#: original/man8/ip6tables.8:216 original/man8/iptables.8:217 | |
869 | -#, fuzzy | |
870 | -#| msgid "" | |
871 | -#| "Zero the packet and byte counters in all chains. It is legal to specify " | |
872 | -#| "the B<-L, --list> (list) option as well, to see the counters immediately " | |
873 | -#| "before they are cleared. (See above.)" | |
874 | -msgid "" | |
875 | -"Zero the packet and byte counters in all chains, or only the given chain, or " | |
876 | -"only the given rule in a chain. It is legal to specify the B<-L>, B<--list> " | |
877 | -"(list) option as well, to see the counters immediately before they are " | |
878 | -"cleared. (See above.)" | |
879 | -msgstr "" | |
880 | -"すべてのチェインのパケットカウンタとバイトカウンタをゼロにする。 クリアされる" | |
881 | -"直前のカウンタを見るために、 B<-L, --list> (一覧表示) オプションと同時に指定" | |
882 | -"することもできる (上記を参照)。" | |
883 | - | |
884 | -#. type: TP | |
885 | -#: original/man8/ip6tables.8:216 original/man8/iptables.8:217 | |
886 | -#, fuzzy, no-wrap | |
887 | -#| msgid "B<-N, --new-chain >I<chain>" | |
888 | -msgid "B<-N>, B<--new-chain> I<chain>" | |
889 | -msgstr "B<-N, --new-chain >I<chain>" | |
890 | - | |
891 | -#. type: Plain text | |
892 | -#: original/man8/ip6tables.8:220 original/man8/iptables.8:221 | |
893 | -msgid "" | |
894 | -"Create a new user-defined chain by the given name. There must be no target " | |
895 | -"of that name already." | |
896 | -msgstr "" | |
897 | -"指定した名前でユーザー定義チェインを作成する。 同じ名前のターゲットが既に存在" | |
898 | -"してはならない。" | |
899 | - | |
900 | -#. type: TP | |
901 | -#: original/man8/ip6tables.8:220 original/man8/iptables.8:221 | |
902 | -#, fuzzy, no-wrap | |
903 | -#| msgid "B<-X, --delete-chain >[I<chain>]" | |
904 | -msgid "B<-X>, B<--delete-chain> [I<chain>]" | |
905 | -msgstr "B<-X, --delete-chain >[I<chain>]" | |
906 | - | |
907 | -#. type: Plain text | |
908 | -#: original/man8/ip6tables.8:227 original/man8/iptables.8:228 | |
909 | -#, fuzzy | |
910 | -#| msgid "" | |
911 | -#| "Delete the optional user-defined chain specified. There must be no " | |
912 | -#| "references to the chain. If there are, you must delete or replace the " | |
913 | -#| "referring rules before the chain can be deleted. If no argument is " | |
914 | -#| "given, it will attempt to delete every non-builtin chain in the table." | |
915 | -msgid "" | |
916 | -"Delete the optional user-defined chain specified. There must be no " | |
917 | -"references to the chain. If there are, you must delete or replace the " | |
918 | -"referring rules before the chain can be deleted. The chain must be empty, i." | |
919 | -"e. not contain any rules. If no argument is given, it will attempt to " | |
920 | -"delete every non-builtin chain in the table." | |
921 | -msgstr "" | |
922 | -"指定したユーザー定義チェインを削除する。 そのチェインが参照されていては\n" | |
923 | -"ならない。 チェインを削除する前に、そのチェインを参照しているルールを\n" | |
924 | -"削除するか置き換えるかしなければならない。 引き数が与えられない場合、テー\n" | |
925 | -"ブルにあるチェインのうち 組み込み済みチェインでないものを全て削除する。" | |
926 | - | |
927 | -#. type: TP | |
928 | -#: original/man8/ip6tables.8:227 original/man8/iptables.8:228 | |
929 | -#, fuzzy, no-wrap | |
930 | -#| msgid "B<-P, --policy >I<chain target>" | |
931 | -msgid "B<-P>, B<--policy> I<chain target>" | |
932 | -msgstr "B<-P, --policy >I<chain target>" | |
933 | - | |
934 | -#. type: Plain text | |
935 | -#: original/man8/ip6tables.8:233 original/man8/iptables.8:234 | |
936 | -msgid "" | |
937 | -"Set the policy for the chain to the given target. See the section " | |
938 | -"B<TARGETS> for the legal targets. Only built-in (non-user-defined) chains " | |
939 | -"can have policies, and neither built-in nor user-defined chains can be " | |
940 | -"policy targets." | |
941 | -msgstr "" | |
942 | -"チェインのポリシーを指定したターゲットに設定する。指定可能なターゲット\n" | |
943 | -"は「B<ターゲット>」の章を参照すること。 (ユーザー定義ではない) 組み込み\n" | |
944 | -"済みチェインにしかポリシーは設定できない。 また、組み込み済みチェインも\n" | |
945 | -"ユーザー定義チェインも ポリシーのターゲットに設定することはできない。" | |
946 | - | |
947 | -#. type: TP | |
948 | -#: original/man8/ip6tables.8:233 original/man8/iptables.8:234 | |
949 | -#, fuzzy, no-wrap | |
950 | -#| msgid "B<-E, --rename-chain >I<old-chain new-chain>" | |
951 | -msgid "B<-E>, B<--rename-chain> I<old-chain new-chain>" | |
952 | -msgstr "B<-E, --rename-chain >I<old-chain new-chain>" | |
953 | - | |
954 | -#. type: Plain text | |
955 | -#: original/man8/ip6tables.8:237 original/man8/iptables.8:238 | |
956 | -msgid "" | |
957 | -"Rename the user specified chain to the user supplied name. This is " | |
958 | -"cosmetic, and has no effect on the structure of the table." | |
959 | -msgstr "" | |
960 | -"ユーザー定義チェインを指定した名前に変更する。 これは見た目だけの変更なので、" | |
961 | -"テーブルの構造には何も影響しない。" | |
962 | - | |
963 | -#. type: TP | |
964 | -#: original/man8/ip6tables.8:242 original/man8/iptables.8:238 | |
965 | -#, no-wrap | |
966 | -msgid "B<-h>" | |
967 | -msgstr "B<-h>" | |
968 | - | |
969 | -#. type: Plain text | |
970 | -#: original/man8/ip6tables.8:246 original/man8/iptables.8:242 | |
971 | -msgid "Help. Give a (currently very brief) description of the command syntax." | |
972 | -msgstr "ヘルプ。 (今のところはとても簡単な) コマンド書式の説明を表示する。" | |
973 | - | |
974 | -#. type: SS | |
975 | -#: original/man8/ip6tables.8:246 original/man8/iptables.8:242 | |
976 | -#, no-wrap | |
977 | -msgid "PARAMETERS" | |
978 | -msgstr "パラメータ" | |
979 | - | |
980 | -#. type: Plain text | |
981 | -#: original/man8/ip6tables.8:249 original/man8/iptables.8:245 | |
982 | -msgid "" | |
983 | -"The following parameters make up a rule specification (as used in the add, " | |
984 | -"delete, insert, replace and append commands)." | |
985 | -msgstr "" | |
986 | -"以下のパラメータは (add, delete, insert, replace, append コマンドで用いられ" | |
987 | -"て) ルールの仕様を決める。" | |
988 | - | |
989 | -#. type: TP | |
990 | -#: original/man8/ip6tables.8:249 original/man8/iptables.8:245 | |
991 | -#, fuzzy, no-wrap | |
992 | -#| msgid "B<-c>, B<--counters>" | |
993 | -msgid "B<-4>, B<--ipv4>" | |
994 | -msgstr "B<-c>, B<--counters>" | |
995 | - | |
996 | -#. type: Plain text | |
997 | -#: original/man8/ip6tables.8:255 | |
998 | -msgid "" | |
999 | -"If a rule using the B<-4> option is inserted with (and only with) ip6tables-" | |
1000 | -"restore, it will be silently ignored. Any other uses will throw an error. " | |
1001 | -"This option allows to put both IPv4 and IPv6 rules in a single rule file for " | |
1002 | -"use with both iptables-restore and ip6tables-restore." | |
1003 | -msgstr "" | |
1004 | - | |
1005 | -#. type: TP | |
1006 | -#: original/man8/ip6tables.8:255 original/man8/iptables.8:248 | |
1007 | -#, fuzzy, no-wrap | |
1008 | -#| msgid "B<-c>, B<--counters>" | |
1009 | -msgid "B<-6>, B<--ipv6>" | |
1010 | -msgstr "B<-c>, B<--counters>" | |
1011 | - | |
1012 | -#. type: Plain text | |
1013 | -#: original/man8/ip6tables.8:258 | |
1014 | -msgid "This option has no effect in ip6tables and ip6tables-restore." | |
1015 | -msgstr "" | |
1016 | - | |
1017 | -#. type: TP | |
1018 | -#: original/man8/ip6tables.8:258 original/man8/iptables.8:254 | |
1019 | -#, fuzzy, no-wrap | |
1020 | -#| msgid "B<-p, --protocol >[!] I<protocol>" | |
1021 | -msgid "[B<!>] B<-p>, B<--protocol> I<protocol>" | |
1022 | -msgstr "B<-p, --protocol >[!] I<protocol>" | |
1023 | - | |
1024 | -#. type: Plain text | |
1025 | -#: original/man8/ip6tables.8:276 | |
1026 | -#, fuzzy | |
1027 | -#| msgid "" | |
1028 | -#| "The protocol of the rule or of the packet to check. The specified " | |
1029 | -#| "protocol can be one of I<tcp>, I<udp>, I<icmp>, or I<all>, or it can be a " | |
1030 | -#| "numeric value, representing one of these protocols or a different one. A " | |
1031 | -#| "protocol name from /etc/protocols is also allowed. A \"!\" argument " | |
1032 | -#| "before the protocol inverts the test. The number zero is equivalent to " | |
1033 | -#| "I<all>. Protocol I<all> will match with all protocols and is taken as " | |
1034 | -#| "default when this option is omitted." | |
1035 | -msgid "" | |
1036 | -"The protocol of the rule or of the packet to check. The specified protocol " | |
1037 | -"can be one of B<tcp>, B<udp>, B<udplite>, B<icmpv6>, B<esp>, B<mh> or the " | |
1038 | -"special keyword \"B<all>\", or it can be a numeric value, representing one " | |
1039 | -"of these protocols or a different one. A protocol name from /etc/protocols " | |
1040 | -"is also allowed. But IPv6 extension headers except B<esp> are not allowed. " | |
1041 | -"B<esp> and B<ipv6-nonext> can be used with Kernel version 2.6.11 or later. " | |
1042 | -"A \"!\" argument before the protocol inverts the test. The number zero is " | |
1043 | -"equivalent to B<all>, which means that you cannot test the protocol field " | |
1044 | -"for the value 0 directly. To match on a HBH header, even if it were the " | |
1045 | -"last, you cannot use B<-p 0>, but always need B<-m hbh>. \"B<all>\" will " | |
1046 | -"match with all protocols and is taken as default when this option is omitted." | |
1047 | -msgstr "" | |
1048 | -"ルールで使われるプロトコル、またはチェックされるパケットのプロトコル。 指定で" | |
1049 | -"きるプロトコルは、 I<tcp>, I<udp>, I<icmp>, I<all> のいずれか 1 つか、数値で" | |
1050 | -"ある。 数値には、これらのプロトコルのどれかないし別のプロトコルを表す 数値を" | |
1051 | -"指定することができる。 /etc/protocols にあるプロトコル名も指定できる。 プロト" | |
1052 | -"コルの前に \"!\" を置くと、そのプロトコルを除外するという意味になる。 数値 0 " | |
1053 | -"は I<all> と等しい。 プロトコル I<all> は全てのプロトコルとマッチし、 このオ" | |
1054 | -"プションが省略された際のデフォルトである。" | |
1055 | - | |
1056 | -#. type: TP | |
1057 | -#: original/man8/ip6tables.8:276 | |
1058 | -#, fuzzy, no-wrap | |
1059 | -#| msgid "B<-s, --source >[!] I<address>[/I<mask>]" | |
1060 | -msgid "[B<!>] B<-s>, B<--source> I<address>[B</>I<mask>]" | |
1061 | -msgstr "B<-s, --source >[!] I<address>[/I<mask>]" | |
1062 | - | |
1063 | -#. type: Plain text | |
1064 | -#: original/man8/ip6tables.8:293 | |
1065 | -#, fuzzy | |
1066 | -#| msgid "" | |
1067 | -#| "Source specification. I<Address> can be either a network name, a " | |
1068 | -#| "hostname (please note that specifying any name to be resolved with a " | |
1069 | -#| "remote query such as DNS is a really bad idea), a network IP address " | |
1070 | -#| "(with /mask), or a plain IP address. The I<mask> can be either a network " | |
1071 | -#| "mask or a plain number, specifying the number of 1's at the left side of " | |
1072 | -#| "the network mask. Thus, a mask of I<24> is equivalent to " | |
1073 | -#| "I<255.255.255.0>. A \"!\" argument before the address specification " | |
1074 | -#| "inverts the sense of the address. The flag B<--src> is an alias for this " | |
1075 | -#| "option." | |
1076 | -msgid "" | |
1077 | -"Source specification. I<Address> can be either be a hostname, a network IP " | |
1078 | -"address (with B</>I<mask>), or a plain IP address. Names will be resolved " | |
1079 | -"once only, before the rule is submitted to the kernel. Please note that " | |
1080 | -"specifying any name to be resolved with a remote query such as DNS is a " | |
1081 | -"really bad idea. (Resolving network names is not supported at this time.) " | |
1082 | -"The I<mask> is a plain number, specifying the number of 1's at the left side " | |
1083 | -"of the network mask. A \"!\" argument before the address specification " | |
1084 | -"inverts the sense of the address. The flag B<--src> is an alias for this " | |
1085 | -"option. Multiple addresses can be specified, but this will B<expand to " | |
1086 | -"multiple rules> (when adding with -A), or will cause multiple rules to be " | |
1087 | -"deleted (with -D)." | |
1088 | -msgstr "" | |
1089 | -"送信元の指定。 I<address> はホスト名 (DNS のようなリモートへの問い合わせで解" | |
1090 | -"決する名前を指定するのは非常に良くない) ・ネットワーク IP アドレス (/mask を" | |
1091 | -"指定する)・ 通常の IP アドレス、のいずれかである。 I<mask> はネットワークマス" | |
1092 | -"クか、 ネットワークマスクの左側にある 1 の数を指定する数値である。 つまり、 " | |
1093 | -"I<24> という mask は I<255.255.255.0> に等しい。 アドレス指定の前に \"!\" を" | |
1094 | -"置くと、そのアドレスを除外するという意味になる。 フラグ B<--src> は、このオプ" | |
1095 | -"ションの別名である。" | |
1096 | - | |
1097 | -#. type: TP | |
1098 | -#: original/man8/ip6tables.8:293 | |
1099 | -#, fuzzy, no-wrap | |
1100 | -#| msgid "B<-d, --destination >[!] I<address>[/I<mask>]" | |
1101 | -msgid "[B<!>] B<-d>, B<--destination> I<address>[B</>I<mask>]" | |
1102 | -msgstr "B<-d, --destination >[!] I<address>[/I<mask>]" | |
1103 | - | |
1104 | -#. type: Plain text | |
1105 | -#: original/man8/ip6tables.8:299 original/man8/iptables.8:288 | |
1106 | -msgid "" | |
1107 | -"Destination specification. See the description of the B<-s> (source) flag " | |
1108 | -"for a detailed description of the syntax. The flag B<--dst> is an alias for " | |
1109 | -"this option." | |
1110 | -msgstr "" | |
1111 | -"送信先の指定。 書式の詳しい説明については、 B<-s> (送信元) フラグの説明を参照" | |
1112 | -"すること。 フラグ B<--dst> は、このオプションの別名である。" | |
1113 | - | |
1114 | -#. type: TP | |
1115 | -#: original/man8/ip6tables.8:299 original/man8/iptables.8:288 | |
1116 | -#, fuzzy, no-wrap | |
1117 | -#| msgid "B<-L, --list >[I<chain>]" | |
1118 | -msgid "B<-m>, B<--match> I<match>" | |
1119 | -msgstr "B<-L, --list >[I<chain>]" | |
1120 | - | |
1121 | -#. type: Plain text | |
1122 | -#: original/man8/ip6tables.8:306 original/man8/iptables.8:295 | |
1123 | -msgid "" | |
1124 | -"Specifies a match to use, that is, an extension module that tests for a " | |
1125 | -"specific property. The set of matches make up the condition under which a " | |
1126 | -"target is invoked. Matches are evaluated first to last as specified on the " | |
1127 | -"command line and work in short-circuit fashion, i.e. if one extension yields " | |
1128 | -"false, evaluation will stop." | |
1129 | -msgstr "" | |
1130 | - | |
1131 | -#. type: TP | |
1132 | -#: original/man8/ip6tables.8:306 original/man8/iptables.8:295 | |
1133 | -#, fuzzy, no-wrap | |
1134 | -#| msgid "B<-j, --jump >I<target>" | |
1135 | -msgid "B<-j>, B<--jump> I<target>" | |
1136 | -msgstr "B<-j, --jump >I<target>" | |
1137 | - | |
1138 | -#. type: Plain text | |
1139 | -#: original/man8/ip6tables.8:317 original/man8/iptables.8:306 | |
1140 | -#, fuzzy | |
1141 | -#| msgid "" | |
1142 | -#| "This specifies the target of the rule; i.e., what to do if the packet " | |
1143 | -#| "matches it. The target can be a user-defined chain (other than the one " | |
1144 | -#| "this rule is in), one of the special builtin targets which decide the " | |
1145 | -#| "fate of the packet immediately, or an extension (see B<EXTENSIONS> " | |
1146 | -#| "below). If this option is omitted in a rule, then matching the rule will " | |
1147 | -#| "have no effect on the packet's fate, but the counters on the rule will be " | |
1148 | -#| "incremented." | |
1149 | -msgid "" | |
1150 | -"This specifies the target of the rule; i.e., what to do if the packet " | |
1151 | -"matches it. The target can be a user-defined chain (other than the one this " | |
1152 | -"rule is in), one of the special builtin targets which decide the fate of the " | |
1153 | -"packet immediately, or an extension (see B<EXTENSIONS> below). If this " | |
1154 | -"option is omitted in a rule (and B<-g> is not used), then matching the rule " | |
1155 | -"will have no effect on the packet's fate, but the counters on the rule will " | |
1156 | -"be incremented." | |
1157 | -msgstr "" | |
1158 | -"ルールのターゲット、つまり、パケットがマッチした場合にどうするかを指定\n" | |
1159 | -"する。ターゲットはユーザー定義チェイン (そのルール自身が入っている\n" | |
1160 | -"チェイン以外) でも、パケットの行方を即時に決定する特別な組み込み済み\n" | |
1161 | -"ターゲットでも、拡張されたターゲット (以下の 「B<ターゲットの拡張>」 を\n" | |
1162 | -"参照) でもよい。 このオプションがルールの中で省略された場合、 ルールに\n" | |
1163 | -"マッチしてもパケットの行方に何も影響しないが、 ルールのカウンタは 1 つ\n" | |
1164 | -"加算される。" | |
1165 | - | |
1166 | -#. type: TP | |
1167 | -#: original/man8/ip6tables.8:317 original/man8/iptables.8:306 | |
1168 | -#, fuzzy, no-wrap | |
1169 | -#| msgid "B<-L, --list >[I<chain>]" | |
1170 | -msgid "B<-g>, B<--goto> I<chain>" | |
1171 | -msgstr "B<-L, --list >[I<chain>]" | |
1172 | - | |
1173 | -#. type: Plain text | |
1174 | -#: original/man8/ip6tables.8:323 original/man8/iptables.8:312 | |
1175 | -msgid "" | |
1176 | -"This specifies that the processing should continue in a user specified " | |
1177 | -"chain. Unlike the --jump option return will not continue processing in this " | |
1178 | -"chain but instead in the chain that called us via --jump." | |
1179 | -msgstr "" | |
1180 | - | |
1181 | -#. type: TP | |
1182 | -#: original/man8/ip6tables.8:323 original/man8/iptables.8:312 | |
1183 | -#, fuzzy, no-wrap | |
1184 | -#| msgid "B<-i, --in-interface >[!] I<name>" | |
1185 | -msgid "[B<!>] B<-i>, B<--in-interface> I<name>" | |
1186 | -msgstr "B<-i, --in-interface >[!] I<name>" | |
1187 | - | |
1188 | -#. type: Plain text | |
1189 | -#: original/man8/ip6tables.8:331 original/man8/iptables.8:320 | |
1190 | -#, fuzzy | |
1191 | -#| msgid "" | |
1192 | -#| "Name of an interface via which a packet is going to be received (only for " | |
1193 | -#| "packets entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). " | |
1194 | -#| "When the \"!\" argument is used before the interface name, the sense is " | |
1195 | -#| "inverted. If the interface name ends in a \"+\", then any interface " | |
1196 | -#| "which begins with this name will match. If this option is omitted, any " | |
1197 | -#| "interface name will match." | |
1198 | -msgid "" | |
1199 | -"Name of an interface via which a packet was received (only for packets " | |
1200 | -"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). When the \"!\" " | |
1201 | -"argument is used before the interface name, the sense is inverted. If the " | |
1202 | -"interface name ends in a \"+\", then any interface which begins with this " | |
1203 | -"name will match. If this option is omitted, any interface name will match." | |
1204 | -msgstr "" | |
1205 | -"パケットを受信することになるインターフェース名 (B<INPUT>, B<FORWARD>,\n" | |
1206 | -"B<PREROUTING> チェインに入るパケットのみ)。インターフェース名の前に\n" | |
1207 | -"\"!\" を置くと、 そのインターフェースを除外するという意味になる。\n" | |
1208 | -"インターフェース名が \"+\" で終っている場合、 その名前で始まる任意の\n" | |
1209 | -"インターフェース名にマッチする。このオプションが省略された場合、\n" | |
1210 | -"任意のインターフェース名にマッチする。" | |
1211 | - | |
1212 | -#. type: TP | |
1213 | -#: original/man8/ip6tables.8:331 original/man8/iptables.8:320 | |
1214 | -#, fuzzy, no-wrap | |
1215 | -#| msgid "B<-o, --out-interface >[!] I<name>" | |
1216 | -msgid "[B<!>] B<-o>, B<--out-interface> I<name>" | |
1217 | -msgstr "B<-o, --out-interface >[!] I<name>" | |
1218 | - | |
1219 | -#. type: Plain text | |
1220 | -#: original/man8/ip6tables.8:348 original/man8/iptables.8:328 | |
1221 | -msgid "" | |
1222 | -"Name of an interface via which a packet is going to be sent (for packets " | |
1223 | -"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). When the \"!" | |
1224 | -"\" argument is used before the interface name, the sense is inverted. If " | |
1225 | -"the interface name ends in a \"+\", then any interface which begins with " | |
1226 | -"this name will match. If this option is omitted, any interface name will " | |
1227 | -"match." | |
1228 | -msgstr "" | |
1229 | -"パケットを送信することになるインターフェース名 (B<FORWARD>, B<OUTPUT>, " | |
1230 | -"B<POSTROUTING> チェインに入るパケットのみ)。 インターフェース名の前に \"!\" " | |
1231 | -"を置くと、 そのインターフェースを除外するという意味になる。 インターフェース" | |
1232 | -"名が \"+\" で終っている場合、 その名前で始まる任意のインターフェース名にマッ" | |
1233 | -"チする。 このオプションが省略された場合、 任意のインターフェース名にマッチす" | |
1234 | -"る。" | |
1235 | - | |
1236 | -#. type: TP | |
1237 | -#: original/man8/ip6tables.8:348 original/man8/iptables.8:336 | |
1238 | -#, fuzzy, no-wrap | |
1239 | -#| msgid "B<-c, --set-counters >I<PKTS BYTES>" | |
1240 | -msgid "B<-c>, B<--set-counters> I<packets bytes>" | |
1241 | -msgstr "B<-c, --set-counters >I<PKTS BYTES>" | |
1242 | - | |
1243 | -#. type: Plain text | |
1244 | -#: original/man8/ip6tables.8:353 original/man8/iptables.8:341 | |
1245 | -#, fuzzy | |
1246 | -#| msgid "" | |
1247 | -#| "This enables the administrator to initialize the packet and byte counters " | |
1248 | -#| "of a rule (during B<INSERT,> B<APPEND,> B<REPLACE> operations)." | |
1249 | -msgid "" | |
1250 | -"This enables the administrator to initialize the packet and byte counters of " | |
1251 | -"a rule (during B<INSERT>, B<APPEND>, B<REPLACE> operations)." | |
1252 | -msgstr "" | |
1253 | -"このオプションを使うと、 (B<insert>, B<append>, B<replace> 操作において) 管理" | |
1254 | -"者はパケットカウンタとバイトカウンタを 初期化することができる。" | |
1255 | - | |
1256 | -#. type: SS | |
1257 | -#: original/man8/ip6tables.8:353 original/man8/iptables.8:341 | |
1258 | -#, no-wrap | |
1259 | -msgid "OTHER OPTIONS" | |
1260 | -msgstr "その他のオプション" | |
1261 | - | |
1262 | -#. type: Plain text | |
1263 | -#: original/man8/ip6tables.8:355 original/man8/iptables.8:343 | |
1264 | -msgid "The following additional options can be specified:" | |
1265 | -msgstr "その他に以下のオプションを指定することができる:" | |
1266 | - | |
1267 | -#. type: Plain text | |
1268 | -#: original/man8/ip6tables.8:365 original/man8/iptables.8:353 | |
1269 | -#, fuzzy | |
1270 | -#| msgid "" | |
1271 | -#| "Verbose output. This option makes the list command show the interface " | |
1272 | -#| "name, the rule options (if any), and the TOS masks. The packet and byte " | |
1273 | -#| "counters are also listed, with the suffix 'K', 'M' or 'G' for 1000, " | |
1274 | -#| "1,000,000 and 1,000,000,000 multipliers respectively (but see the B<-x> " | |
1275 | -#| "flag to change this). For appending, insertion, deletion and " | |
1276 | -#| "replacement, this causes detailed information on the rule or rules to be " | |
1277 | -#| "printed." | |
1278 | -msgid "" | |
1279 | -"Verbose output. This option makes the list command show the interface name, " | |
1280 | -"the rule options (if any), and the TOS masks. The packet and byte counters " | |
1281 | -"are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and " | |
1282 | -"1,000,000,000 multipliers respectively (but see the B<-x> flag to change " | |
1283 | -"this). For appending, insertion, deletion and replacement, this causes " | |
1284 | -"detailed information on the rule or rules to be printed. B<-v> may be " | |
1285 | -"specified multiple times to possibly emit more detailed debug statements." | |
1286 | -msgstr "" | |
1287 | -"詳細な出力を行う。 list コマンドの際に、インターフェース名・ (もしあれば) " | |
1288 | -"ルールのオプション・TOS マスクを表示させる。 パケットとバイトカウンタも表示さ" | |
1289 | -"れる。 添字 'K', 'M', 'G' は、 それぞれ 1000, 1,000,000, 1,000,000,000 倍を表" | |
1290 | -"す (これを変更する B<-x> フラグも見よ)。 このオプションを append, insert, " | |
1291 | -"delete, replace コマンドに適用すると、 ルールについての詳細な情報を表示する。" | |
1292 | - | |
1293 | -#. type: TP | |
1294 | -#: original/man8/ip6tables.8:365 original/man8/iptables.8:353 | |
1295 | -#, fuzzy, no-wrap | |
1296 | -#| msgid "B<-n, --numeric>" | |
1297 | -msgid "B<-n>, B<--numeric>" | |
1298 | -msgstr "B<-n, --numeric>" | |
1299 | - | |
1300 | -#. type: Plain text | |
1301 | -#: original/man8/ip6tables.8:371 original/man8/iptables.8:359 | |
1302 | -msgid "" | |
1303 | -"Numeric output. IP addresses and port numbers will be printed in numeric " | |
1304 | -"format. By default, the program will try to display them as host names, " | |
1305 | -"network names, or services (whenever applicable)." | |
1306 | -msgstr "" | |
1307 | -"数値による出力を行う。 IP アドレスやポート番号を数値によるフォーマット\n" | |
1308 | -"で表示する。 デフォルトでは、iptables は (可能であれば) これらの情報を\n" | |
1309 | -"ホスト名・ネットワーク名・サービス名で表示しようとする。" | |
1310 | - | |
1311 | -#. type: TP | |
1312 | -#: original/man8/ip6tables.8:371 original/man8/iptables.8:359 | |
1313 | -#, fuzzy, no-wrap | |
1314 | -#| msgid "B<-x, --exact>" | |
1315 | -msgid "B<-x>, B<--exact>" | |
1316 | -msgstr "B<-x, --exact>" | |
1317 | - | |
1318 | -#. type: Plain text | |
1319 | -#: original/man8/ip6tables.8:378 original/man8/iptables.8:366 | |
1320 | -msgid "" | |
1321 | -"Expand numbers. Display the exact value of the packet and byte counters, " | |
1322 | -"instead of only the rounded number in K's (multiples of 1000) M's " | |
1323 | -"(multiples of 1000K) or G's (multiples of 1000M). This option is only " | |
1324 | -"relevant for the B<-L> command." | |
1325 | -msgstr "" | |
1326 | -"厳密な数値で表示する。 パケットカウンタとバイトカウンタを、 K (1000 の何倍" | |
1327 | -"か)・M (1000K の何倍か)・G (1000M の何倍か) ではなく、 厳密な値で表示する。 " | |
1328 | -"このオプションは、 B<-L> コマンドとしか関係しない。" | |
1329 | - | |
1330 | -#. type: TP | |
1331 | -#: original/man8/ip6tables.8:378 original/man8/iptables.8:366 | |
1332 | -#, no-wrap | |
1333 | -msgid "B<--line-numbers>" | |
1334 | -msgstr "B<--line-numbers>" | |
1335 | - | |
1336 | -#. type: Plain text | |
1337 | -#: original/man8/ip6tables.8:382 original/man8/iptables.8:370 | |
1338 | -msgid "" | |
1339 | -"When listing rules, add line numbers to the beginning of each rule, " | |
1340 | -"corresponding to that rule's position in the chain." | |
1341 | -msgstr "" | |
1342 | -"ルールを一覧表示する際、そのルールがチェインのどの位置にあるかを表す 行番号を" | |
1343 | -"各行の始めに付加する。" | |
1344 | - | |
1345 | -#. type: TP | |
1346 | -#: original/man8/ip6tables.8:382 original/man8/iptables.8:370 | |
1347 | -#, fuzzy, no-wrap | |
1348 | -#| msgid "B<--modprobe=command>" | |
1349 | -msgid "B<--modprobe=>I<command>" | |
1350 | -msgstr "B<--modprobe=command>" | |
1351 | - | |
1352 | -#. type: Plain text | |
1353 | -#: original/man8/ip6tables.8:386 original/man8/iptables.8:374 | |
1354 | -#, fuzzy | |
1355 | -#| msgid "" | |
1356 | -#| "When adding or inserting rules into a chain, use B<command> to load any " | |
1357 | -#| "necessary modules (targets, match extensions, etc)." | |
1358 | -msgid "" | |
1359 | -"When adding or inserting rules into a chain, use I<command> to load any " | |
1360 | -"necessary modules (targets, match extensions, etc)." | |
1361 | -msgstr "" | |
1362 | -"チェインにルールを追加または挿入する際に、 (ターゲットやマッチングの拡張など" | |
1363 | -"で) 必要なモジュールをロードするために使う B<command> を指定する。" | |
1364 | - | |
1365 | -#. type: SH | |
1366 | -#: original/man8/ip6tables.8:386 original/man8/iptables-extensions.8:10 | |
1367 | -#, no-wrap | |
1368 | -msgid "MATCH EXTENSIONS" | |
1369 | -msgstr "マッチングの拡張" | |
1370 | - | |
1371 | -#. type: Plain text | |
1372 | -#: original/man8/ip6tables.8:390 original/man8/iptables.8:378 | |
1373 | -msgid "" | |
1374 | -"iptables can use extended packet matching and target modules. A list of " | |
1375 | -"these is available in the B<iptables-extensions>(8) manpage." | |
1376 | -msgstr "" | |
1377 | - | |
1378 | -#. type: SH | |
1379 | -#: original/man8/ip6tables.8:390 original/man8/iptables.8:378 | |
1380 | -#, no-wrap | |
1381 | -msgid "DIAGNOSTICS" | |
1382 | -msgstr "返り値" | |
1383 | - | |
1384 | -#. type: Plain text | |
1385 | -#: original/man8/ip6tables.8:395 original/man8/iptables.8:383 | |
1386 | -msgid "" | |
1387 | -"Various error messages are printed to standard error. The exit code is 0 " | |
1388 | -"for correct functioning. Errors which appear to be caused by invalid or " | |
1389 | -"abused command line parameters cause an exit code of 2, and other errors " | |
1390 | -"cause an exit code of 1." | |
1391 | -msgstr "" | |
1392 | -"いろいろなエラーメッセージが標準エラーに表示される。 正しく機能した場合、終了" | |
1393 | -"コードは 0 である。 不正なコマンドラインパラメータによりエラーが発生した場合" | |
1394 | -"は、 終了コード 2 が返される。 その他のエラーの場合は、終了コード 1 が返され" | |
1395 | -"る。" | |
1396 | - | |
1397 | -#. type: Plain text | |
1398 | -#: original/man8/ip6tables.8:398 | |
1399 | -msgid "" | |
1400 | -"Bugs? What's this? ;-) Well... the counters are not reliable on sparc64." | |
1401 | -msgstr "" | |
1402 | -"バグ? バグって何? ;-) えーと…、sparc64 ではカウンター値が信頼できない。" | |
1403 | - | |
1404 | -#. type: SH | |
1405 | -#: original/man8/ip6tables.8:398 original/man8/iptables.8:386 | |
1406 | -#, no-wrap | |
1407 | -msgid "COMPATIBILITY WITH IPCHAINS" | |
1408 | -msgstr "IPCHAINS との互換性" | |
1409 | - | |
1410 | -#. type: Plain text | |
1411 | -#: original/man8/ip6tables.8:407 | |
1412 | -msgid "" | |
1413 | -"This B<ip6tables> is very similar to ipchains by Rusty Russell. The main " | |
1414 | -"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for " | |
1415 | -"packets coming into the local host and originating from the local host " | |
1416 | -"respectively. Hence every packet only passes through one of the three " | |
1417 | -"chains (except loopback traffic, which involves both INPUT and OUTPUT " | |
1418 | -"chains); previously a forwarded packet would pass through all three." | |
1419 | -msgstr "" | |
1420 | -"B<ip6tables> は、Rusty Russell の ipchains と非常によく似ている。 大きな違い" | |
1421 | -"は、チェイン B<INPUT> と B<OUTPUT> が、それぞれローカルホストに入ってくるパ" | |
1422 | -"ケットと、 ローカルホストから出されるパケットのみしか調べないという点であ" | |
1423 | -"る。 よって、全てのパケットは 3 つあるチェインのうち 1 つしか通らない (ループ" | |
1424 | -"バックトラフィックは例外で、INPUT と OUTPUT チェインの両方を通る)。 以前は " | |
1425 | -"(ipchains では)、 フォワードされるパケットが 3 つのチェイン全てを通っていた。" | |
1426 | - | |
1427 | -#. type: Plain text | |
1428 | -#: original/man8/ip6tables.8:412 | |
1429 | -msgid "" | |
1430 | -"The other main difference is that B<-i> refers to the input interface; B<-o> " | |
1431 | -"refers to the output interface, and both are available for packets entering " | |
1432 | -"the B<FORWARD> chain. There are several other changes in ip6tables." | |
1433 | -msgstr "" | |
1434 | -"その他の大きな違いは、 B<-i> で入力インターフェース、 B<-o> で出力インター" | |
1435 | -"フェースを指定し、 ともに B<FORWARD> チェインに入るパケットに対して指定可能な" | |
1436 | -"点である。 ip6tables では、その他にもいくつかの変更がある。" | |
1437 | - | |
1438 | -#. type: Plain text | |
1439 | -#: original/man8/ip6tables.8:421 | |
1440 | -#, fuzzy | |
1441 | -#| msgid "" | |
1442 | -#| "B<ip6tables-save>(8), B<ip6tables-restore(8),> B<iptables>(8), B<iptables-" | |
1443 | -#| "save>(8), B<iptables-restore>(8)." | |
1444 | -msgid "" | |
1445 | -"B<ip6tables-save>(8), B<ip6tables-restore>(8), B<iptables>(8), B<iptables-" | |
1446 | -"apply>(8), B<iptables-extensions>(8), B<iptables-save>(8), B<iptables-" | |
1447 | -"restore>(8), B<libipq>(3)." | |
1448 | -msgstr "" | |
1449 | -"B<ip6tables-save>(8), B<ip6tables-restore(8),> B<iptables>(8), B<iptables-" | |
1450 | -"save>(8), B<iptables-restore>(8)." | |
1451 | - | |
1452 | -#. type: Plain text | |
1453 | -#: original/man8/ip6tables.8:427 | |
1454 | -#, fuzzy | |
1455 | -#| msgid "" | |
1456 | -#| "The packet-filtering-HOWTO details iptables usage for packet filtering, " | |
1457 | -#| "the NAT-HOWTO details NAT, the netfilter-extensions-HOWTO details the " | |
1458 | -#| "extensions that are not in the standard distribution, and the netfilter-" | |
1459 | -#| "hacking-HOWTO details the netfilter internals." | |
1460 | -msgid "" | |
1461 | -"The packet-filtering-HOWTO details iptables usage for packet filtering, the " | |
1462 | -"netfilter-extensions-HOWTO details the extensions that are not in the " | |
1463 | -"standard distribution, and the netfilter-hacking-HOWTO details the netfilter " | |
1464 | -"internals." | |
1465 | -msgstr "" | |
1466 | -"パケットフィルタリングについての詳細な iptables の使用法を\n" | |
1467 | -"説明している packet-filtering-HOWTO。\n" | |
1468 | -"NAT について詳細に説明している NAT-HOWTO。\n" | |
1469 | -"標準的な配布には含まれない拡張の詳細を 説明している \n" | |
1470 | -"netfilter-extensions-HOWTO。\n" | |
1471 | -"内部構造について詳細に説明している netfilter-hacking-HOWTO。" | |
1472 | - | |
1473 | -#. type: Plain text | |
1474 | -#: original/man8/ip6tables.8:430 original/man8/iptables.8:429 | |
1475 | -msgid "See B<http://www.netfilter.org/>." | |
1476 | -msgstr "B<http://www.netfilter.org/> を参照。" | |
1477 | - | |
1478 | -#. type: Plain text | |
1479 | -#: original/man8/ip6tables.8:433 | |
1480 | -msgid "" | |
1481 | -"Rusty Russell wrote iptables, in early consultation with Michael Neuling." | |
1482 | -msgstr "" | |
1483 | -"Rusty Russell は、初期の段階で Michael Neuling に相談して iptables を書いた。" | |
1484 | - | |
1485 | -#. type: Plain text | |
1486 | -#: original/man8/ip6tables.8:437 original/man8/iptables.8:436 | |
1487 | -msgid "" | |
1488 | -"Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet " | |
1489 | -"selection framework in iptables, then wrote the mangle table, the owner " | |
1490 | -"match, the mark stuff, and ran around doing cool stuff everywhere." | |
1491 | -msgstr "" | |
1492 | -"Marc Boucher は Rusty に iptables の一般的なパケット選択の考え方を勧めて、 " | |
1493 | -"ipnatctl を止めさせた。 そして、mangle テーブル・所有者マッチング・ mark 機能" | |
1494 | -"を書き、いたるところで使われている素晴らしいコードを書いた。" | |
1495 | - | |
1496 | -#. type: Plain text | |
1497 | -#: original/man8/ip6tables.8:439 original/man8/iptables.8:438 | |
1498 | -msgid "James Morris wrote the TOS target, and tos match." | |
1499 | -msgstr "James Morris が TOS ターゲットと tos マッチングを書いた。" | |
1500 | - | |
1501 | -#. type: Plain text | |
1502 | -#: original/man8/ip6tables.8:441 original/man8/iptables.8:440 | |
1503 | -msgid "Jozsef Kadlecsik wrote the REJECT target." | |
1504 | -msgstr "Jozsef Kadlecsik が REJECT ターゲットを書いた。" | |
1505 | - | |
1506 | -#. type: Plain text | |
1507 | -#: original/man8/ip6tables.8:443 | |
1508 | -#, fuzzy | |
1509 | -#| msgid "Harald Welte wrote the ULOG target, TTL match+target and libipulog." | |
1510 | -msgid "" | |
1511 | -"Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as " | |
1512 | -"TTL match+target and libipulog." | |
1513 | -msgstr "" | |
1514 | -"Harald Welte が ULOG ターゲット・TTL マッチングと TTL ターゲット・ libipulog " | |
1515 | -"を書いた。" | |
1516 | - | |
1517 | -#. type: Plain text | |
1518 | -#: original/man8/ip6tables.8:447 original/man8/iptables.8:446 | |
1519 | -#, fuzzy | |
1520 | -#| msgid "" | |
1521 | -#| "The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Jozsef " | |
1522 | -#| "Kadlecsik, James Morris, Harald Welte and Rusty Russell." | |
1523 | -msgid "" | |
1524 | -"The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Yasuyuki " | |
1525 | -"Kozakai, Jozsef Kadlecsik, Patrick McHardy, James Morris, Pablo Neira Ayuso, " | |
1526 | -"Harald Welte and Rusty Russell." | |
1527 | -msgstr "" | |
1528 | -"Netfilter コアチームは、Marc Boucher, Martin Josefsson, Jozsef Kadlecsik, " | |
1529 | -"James Morris, Harald Welte, Rusty Russell である。" | |
1530 | - | |
1531 | -#. .. and did I mention that we are incredibly cool people? | |
1532 | -#. .. sexy, too .. | |
1533 | -#. .. witty, charming, powerful .. | |
1534 | -#. .. and most of all, modest .. | |
1535 | -#. type: Plain text | |
1536 | -#: original/man8/ip6tables.8:454 | |
1537 | -msgid "" | |
1538 | -"ip6tables man page created by Andras Kis-Szabo, based on iptables man page " | |
1539 | -"written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>." | |
1540 | -msgstr "" | |
1541 | -"ip6tables の man ページは、Andras Kis-Szabo によって作成された。 これは " | |
1542 | -"Herve Eychenne E<lt>rv@wallfire.orgE<gt> によって書かれた iptables の man " | |
1543 | -"ページを元にしている。" | |
1544 | - | |
1545 | -#. type: SH | |
1546 | -#: original/man8/ip6tables.8:454 original/man8/iptables.8:452 | |
1547 | -#, no-wrap | |
1548 | -msgid "VERSION" | |
1549 | -msgstr "" | |
1550 | - | |
1551 | -#. type: Plain text | |
1552 | -#: original/man8/ip6tables.8:456 | |
1553 | -msgid "This manual page applies to ip6tables 1.4.18." | |
1554 | -msgstr "" | |
1555 | - | |
1556 | -#. type: TH | |
1557 | -#: original/man8/iptables-restore.8:1 | |
1558 | -#, no-wrap | |
1559 | -msgid "IPTABLES-RESTORE" | |
1560 | -msgstr "IPTABLES-RESTORE" | |
1561 | - | |
1562 | -#. type: TH | |
1563 | -#: original/man8/iptables-restore.8:1 original/man8/iptables-save.8:1 | |
1564 | -#, no-wrap | |
1565 | -msgid "Jan 04, 2001" | |
1566 | -msgstr "Jan 04, 2001" | |
1567 | - | |
1568 | -#. type: Plain text | |
1569 | -#: original/man8/iptables-restore.8:23 | |
1570 | -#, fuzzy | |
1571 | -#| msgid "iptables-restore - Restore IP Tables" | |
1572 | -msgid "iptables-restore \\(em Restore IP Tables" | |
1573 | -msgstr "iptables-restore - IP テーブルを復元する" | |
1574 | - | |
1575 | -#. type: Plain text | |
1576 | -#: original/man8/iptables-restore.8:26 | |
1577 | -#, fuzzy | |
1578 | -#| msgid "B<iptables-restore >[-c] [-n]" | |
1579 | -msgid "B<iptables-restore> [B<-chntv>] [B<-M> I<modprobe>] [B<-T> I<name>]" | |
1580 | -msgstr "B<iptables-restore >[-c] [-n]" | |
1581 | - | |
1582 | -#. type: Plain text | |
1583 | -#: original/man8/iptables-restore.8:31 | |
1584 | -msgid "" | |
1585 | -"B<iptables-restore> is used to restore IP Tables from data specified on " | |
1586 | -"STDIN. Use I/O redirection provided by your shell to read from a file" | |
1587 | -msgstr "" | |
1588 | -"B<iptables-restore> は標準入力で指定されたデータから IP テーブルを復元するた" | |
1589 | -"めに使われる。 ファイルから読み込むためには、 シェルで提供されている I/O リダ" | |
1590 | -"イレクションを使うこと。" | |
1591 | - | |
1592 | -#. type: Plain text | |
1593 | -#: original/man8/iptables-restore.8:42 | |
1594 | -#, fuzzy | |
1595 | -#| msgid "" | |
1596 | -#| "don't flush the previous contents of the table. If not specified, " | |
1597 | -#| "B<iptables-restore> flushes (deletes) all previous contents of the " | |
1598 | -#| "respective IP Table." | |
1599 | -msgid "" | |
1600 | -"don't flush the previous contents of the table. If not specified, B<iptables-" | |
1601 | -"restore> flushes (deletes) all previous contents of the respective table." | |
1602 | -msgstr "" | |
1603 | -"これまでのテーブルの内容をフラッシュしない。 指定されない場合、 B<iptables-" | |
1604 | -"restore> は、これまでの各 IP テーブルの内容を全てフラッシュ (削除) する。" | |
1605 | - | |
1606 | -#. type: Plain text | |
1607 | -#: original/man8/iptables-restore.8:52 | |
1608 | -msgid "" | |
1609 | -"Specify the path to the modprobe program. By default, iptables-restore will " | |
1610 | -"inspect /proc/sys/kernel/modprobe to determine the executable's path." | |
1611 | -msgstr "" | |
1612 | - | |
1613 | -#. type: Plain text | |
1614 | -#: original/man8/iptables-restore.8:55 | |
1615 | -msgid "" | |
1616 | -"Restore only the named table even if the input stream contains other ones." | |
1617 | -msgstr "" | |
1618 | - | |
1619 | -#. type: SH | |
1620 | -#: original/man8/iptables-restore.8:57 original/man8/iptables-save.8:44 | |
1621 | -#: original/man1/iptables-xml.1:84 | |
1622 | -#, no-wrap | |
1623 | -msgid "AUTHOR" | |
1624 | -msgstr "作者" | |
1625 | - | |
1626 | -#. type: Plain text | |
1627 | -#: original/man8/iptables-restore.8:61 | |
1628 | -msgid "B<iptables-save>(8), B<iptables>(8)" | |
1629 | -msgstr "B<iptables-save>(8), B<iptables>(8)" | |
1630 | - | |
1631 | -#. type: TH | |
1632 | -#: original/man8/iptables-save.8:1 | |
1633 | -#, no-wrap | |
1634 | -msgid "IPTABLES-SAVE" | |
1635 | -msgstr "IPTABLES-SAVE" | |
1636 | - | |
1637 | -#. type: Plain text | |
1638 | -#: original/man8/iptables-save.8:23 | |
1639 | -msgid "iptables-save \\(em dump iptables rules to stdout" | |
1640 | -msgstr "" | |
1641 | - | |
1642 | -#. type: Plain text | |
1643 | -#: original/man8/iptables-save.8:26 | |
1644 | -#, fuzzy | |
1645 | -#| msgid "B<iptables-save >[-c] [-t table]" | |
1646 | -msgid "B<iptables-save> [B<-M> I<modprobe>] [B<-c>] [B<-t> I<table>]" | |
1647 | -msgstr "B<iptables-save >[-c] [-t table]" | |
1648 | - | |
1649 | -#. type: Plain text | |
1650 | -#: original/man8/iptables-save.8:31 | |
1651 | -msgid "" | |
1652 | -"B<iptables-save> is used to dump the contents of an IP Table in easily " | |
1653 | -"parseable format to STDOUT. Use I/O-redirection provided by your shell to " | |
1654 | -"write to a file." | |
1655 | -msgstr "" | |
1656 | -"B<iptables-save> は IP テーブルの内容を簡単に解析できる形式で 標準出力にダン" | |
1657 | -"プするために使われる。 ファイルに書き出すためには、 シェルで提供されている I/" | |
1658 | -"O リダイレクションを使うこと。" | |
1659 | - | |
1660 | -#. type: Plain text | |
1661 | -#: original/man8/iptables-save.8:48 | |
1662 | -msgid "B<iptables-restore>(8), B<iptables>(8)" | |
1663 | -msgstr "B<iptables-restore>(8), B<iptables>(8)" | |
1664 | - | |
1665 | -#. type: TH | |
1666 | -#: original/man8/iptables.8:1 | |
1667 | -#, no-wrap | |
1668 | -msgid "IPTABLES" | |
1669 | -msgstr "IPTABLES" | |
1670 | - | |
1671 | -#. type: Plain text | |
1672 | -#: original/man8/iptables.8:27 | |
1673 | -#, fuzzy | |
1674 | -#| msgid "iptables - administration tool for IPv4 packet filtering and NAT" | |
1675 | -msgid "iptables \\(em administration tool for IPv4 packet filtering and NAT" | |
1676 | -msgstr "iptables - IPv4 のパケットフィルタと NAT を管理するツール" | |
1677 | - | |
1678 | -#. type: Plain text | |
1679 | -#: original/man8/iptables.8:30 | |
1680 | -#, fuzzy | |
1681 | -#| msgid "B<iptables [-t table] -[AD] >chain rule-specification [options]" | |
1682 | -msgid "" | |
1683 | -"B<iptables> [B<-t> I<table>] {B<-A>|B<-C>|B<-D>} I<chain> I<rule-" | |
1684 | -"specification>" | |
1685 | -msgstr "B<iptables [-t table] -[AD] >チェイン ルールの詳細 [オプション]" | |
1686 | - | |
1687 | -#. type: Plain text | |
1688 | -#: original/man8/iptables.8:32 | |
1689 | -#, fuzzy | |
1690 | -#| msgid "" | |
1691 | -#| "B<iptables [-t table] -I >chain [rulenum] rule-specification [options]" | |
1692 | -msgid "" | |
1693 | -"B<iptables> [B<-t> I<table>] B<-I> I<chain> [I<rulenum>] I<rule-" | |
1694 | -"specification>" | |
1695 | -msgstr "" | |
1696 | -"B<iptables [-t table] -I >チェイン [ルール番号] ルールの詳細 [オプション]" | |
1697 | - | |
1698 | -#. type: Plain text | |
1699 | -#: original/man8/iptables.8:34 | |
1700 | -#, fuzzy | |
1701 | -#| msgid "B<iptables [-t table] -R >chain rulenum rule-specification [options]" | |
1702 | -msgid "B<iptables> [B<-t> I<table>] B<-R> I<chain rulenum rule-specification>" | |
1703 | -msgstr "" | |
1704 | -"B<iptables [-t table] -R >チェイン ルール番号 ルールの詳細 [オプション]" | |
1705 | - | |
1706 | -#. type: Plain text | |
1707 | -#: original/man8/iptables.8:36 | |
1708 | -#, fuzzy | |
1709 | -#| msgid "B<iptables [-t table] -D >chain rulenum [options]" | |
1710 | -msgid "B<iptables> [B<-t> I<table>] B<-D> I<chain rulenum>" | |
1711 | -msgstr "B<iptables [-t table] -D >チェイン ルール番号 [オプション]" | |
1712 | - | |
1713 | -#. type: Plain text | |
1714 | -#: original/man8/iptables.8:38 | |
1715 | -#, fuzzy | |
1716 | -#| msgid "B<iptables [-t table] -D >chain rulenum [options]" | |
1717 | -msgid "B<iptables> [B<-t> I<table>] B<-S> [I<chain> [I<rulenum>]]" | |
1718 | -msgstr "B<iptables [-t table] -D >チェイン ルール番号 [オプション]" | |
1719 | - | |
1720 | -#. type: Plain text | |
1721 | -#: original/man8/iptables.8:40 | |
1722 | -#, fuzzy | |
1723 | -#| msgid "B<iptables [-t table] -D >chain rulenum [options]" | |
1724 | -msgid "" | |
1725 | -"B<iptables> [B<-t> I<table>] {B<-F>|B<-L>|B<-Z>} [I<chain> [I<rulenum>]] " | |
1726 | -"[I<options...>]" | |
1727 | -msgstr "B<iptables [-t table] -D >チェイン ルール番号 [オプション]" | |
1728 | - | |
1729 | -#. type: Plain text | |
1730 | -#: original/man8/iptables.8:42 | |
1731 | -#, fuzzy | |
1732 | -#| msgid "B<iptables [-t table] -N >chain" | |
1733 | -msgid "B<iptables> [B<-t> I<table>] B<-N> I<chain>" | |
1734 | -msgstr "B<iptables [-t table] -N >チェイン" | |
1735 | - | |
1736 | -#. type: Plain text | |
1737 | -#: original/man8/iptables.8:44 | |
1738 | -#, fuzzy | |
1739 | -#| msgid "B<iptables [-t table] -X >[chain]" | |
1740 | -msgid "B<iptables> [B<-t> I<table>] B<-X> [I<chain>]" | |
1741 | -msgstr "B<iptables [-t table] -X >[チェイン]" | |
1742 | - | |
1743 | -#. type: Plain text | |
1744 | -#: original/man8/iptables.8:46 | |
1745 | -#, fuzzy | |
1746 | -#| msgid "B<iptables [-t table] -P >chain target [options]" | |
1747 | -msgid "B<iptables> [B<-t> I<table>] B<-P> I<chain target>" | |
1748 | -msgstr "B<iptables [-t table] -P >チェイン ターゲット [オプション]" | |
1749 | - | |
1750 | -#. type: Plain text | |
1751 | -#: original/man8/iptables.8:48 | |
1752 | -#, fuzzy | |
1753 | -#| msgid "B<iptables [-t table] -E >old-chain-name new-chain-name" | |
1754 | -msgid "B<iptables> [B<-t> I<table>] B<-E> I<old-chain-name new-chain-name>" | |
1755 | -msgstr "B<iptables [-t table] -E >旧チェイン名 新チェイン名" | |
1756 | - | |
1757 | -#. type: Plain text | |
1758 | -#: original/man8/iptables.8:50 | |
1759 | -msgid "rule-specification = [I<matches...>] [I<target>]" | |
1760 | -msgstr "" | |
1761 | - | |
1762 | -#. type: Plain text | |
1763 | -#: original/man8/iptables.8:52 | |
1764 | -msgid "match = B<-m> I<matchname> [I<per-match-options>]" | |
1765 | -msgstr "" | |
1766 | - | |
1767 | -#. type: Plain text | |
1768 | -#: original/man8/iptables.8:54 | |
1769 | -msgid "target = B<-j> I<targetname> [I<per-target-options>]" | |
1770 | -msgstr "" | |
1771 | - | |
1772 | -#. type: Plain text | |
1773 | -#: original/man8/iptables.8:60 | |
1774 | -#, fuzzy | |
1775 | -#| msgid "" | |
1776 | -#| "B<Iptables> is used to set up, maintain, and inspect the tables of IP " | |
1777 | -#| "packet filter rules in the Linux kernel. Several different tables may be " | |
1778 | -#| "defined. Each table contains a number of built-in chains and may also " | |
1779 | -#| "contain user-defined chains." | |
1780 | -msgid "" | |
1781 | -"B<Iptables> is used to set up, maintain, and inspect the tables of IPv4 " | |
1782 | -"packet filter rules in the Linux kernel. Several different tables may be " | |
1783 | -"defined. Each table contains a number of built-in chains and may also " | |
1784 | -"contain user-defined chains." | |
1785 | -msgstr "" | |
1786 | -"B<iptables> は Linux カーネルの IP パケットフィルタルールのテーブルを 設定・" | |
1787 | -"管理・検査するために使われる。 複数の異なるテーブルを定義できる。 各テーブル" | |
1788 | -"にはたくさんの組み込み済みチェインが含まれており、 さらにユーザー定義のチェイ" | |
1789 | -"ンを加えることもできる。" | |
1790 | - | |
1791 | -#. type: Plain text | |
1792 | -#: original/man8/iptables.8:114 | |
1793 | -msgid "" | |
1794 | -"This table is consulted when a packet that creates a new connection is " | |
1795 | -"encountered. It consists of three built-ins: B<PREROUTING> (for altering " | |
1796 | -"packets as soon as they come in), B<OUTPUT> (for altering locally-generated " | |
1797 | -"packets before routing), and B<POSTROUTING> (for altering packets as they " | |
1798 | -"are about to go out)." | |
1799 | -msgstr "" | |
1800 | -"このテーブルは新しい接続を開くようなパケットに対して参照される。 これには " | |
1801 | -"B<PREROUTING> (パケットが入ってきた場合、すぐにそのパケットを変換するための" | |
1802 | -"チェイン)・ B<OUTPUT> (ローカルで生成されたパケットをルーティングの前に変換す" | |
1803 | -"るためのチェイン)・ B<POSTROUTING> (パケットが出て行くときに変換するための" | |
1804 | -"チェイン) という 3 つの組み込み済みチェインが含まれる。" | |
1805 | - | |
1806 | -#. type: Plain text | |
1807 | -#: original/man8/iptables.8:147 | |
1808 | -msgid "" | |
1809 | -"The options that are recognized by B<iptables> can be divided into several " | |
1810 | -"different groups." | |
1811 | -msgstr "B<iptables> で使えるオプションは、いくつかのグループに分けられる。" | |
1812 | - | |
1813 | -#. type: Plain text | |
1814 | -#: original/man8/iptables.8:153 | |
1815 | -#, fuzzy | |
1816 | -#| msgid "" | |
1817 | -#| "These options specify the specific action to perform. Only one of them " | |
1818 | -#| "can be specified on the command line unless otherwise specified below. " | |
1819 | -#| "For all the long versions of the command and option names, you need to " | |
1820 | -#| "use only enough letters to ensure that B<iptables> can differentiate it " | |
1821 | -#| "from all other options." | |
1822 | -msgid "" | |
1823 | -"These options specify the desired action to perform. Only one of them can be " | |
1824 | -"specified on the command line unless otherwise stated below. For long " | |
1825 | -"versions of the command and option names, you need to use only enough " | |
1826 | -"letters to ensure that B<iptables> can differentiate it from all other " | |
1827 | -"options." | |
1828 | -msgstr "" | |
1829 | -"これらのオプションは、実行する特定の動作を指定する。 以下の説明で注記されてい" | |
1830 | -"ない限り、 コマンドラインで指定できるのはこの中の 1 つだけである。 長いバー" | |
1831 | -"ジョンのコマンド名とオプション名は、 B<iptables> が他のコマンド名やオプション" | |
1832 | -"名と区別できる範囲で (文字を省略して) 指定することもできる。" | |
1833 | - | |
1834 | -#. type: Plain text | |
1835 | -#: original/man8/iptables.8:188 | |
1836 | -#, fuzzy | |
1837 | -#| msgid "" | |
1838 | -#| "List all rules in the selected chain. If no chain is selected, all " | |
1839 | -#| "chains are listed. As every other iptables command, it applies to the " | |
1840 | -#| "specified table (filter is the default), so NAT rules get listed by" | |
1841 | -msgid "" | |
1842 | -"List all rules in the selected chain. If no chain is selected, all chains " | |
1843 | -"are listed. Like every other iptables command, it applies to the specified " | |
1844 | -"table (filter is the default), so NAT rules get listed by" | |
1845 | -msgstr "" | |
1846 | -"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場" | |
1847 | -"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同" | |
1848 | -"様に、指定されたテーブル (デフォルトは filter) に対して作用する。 よって NAT " | |
1849 | -"ルールを表示するには以下のようにする。" | |
1850 | - | |
1851 | -#. type: Plain text | |
1852 | -#: original/man8/iptables.8:190 | |
1853 | -#, no-wrap | |
1854 | -msgid " iptables -t nat -n -L\n" | |
1855 | -msgstr " iptables -t nat -n -L\n" | |
1856 | - | |
1857 | -#. type: Plain text | |
1858 | -#: original/man8/iptables.8:199 | |
1859 | -#, no-wrap | |
1860 | -msgid " iptables -L -v\n" | |
1861 | -msgstr " iptables -L -v\n" | |
1862 | - | |
1863 | -#. type: Plain text | |
1864 | -#: original/man8/iptables.8:205 | |
1865 | -#, fuzzy | |
1866 | -#| msgid "" | |
1867 | -#| "List all rules in the selected chain. If no chain is selected, all " | |
1868 | -#| "chains are listed. As every other iptables command, it applies to the " | |
1869 | -#| "specified table (filter is the default), so NAT rules get listed by" | |
1870 | -msgid "" | |
1871 | -"Print all rules in the selected chain. If no chain is selected, all chains " | |
1872 | -"are printed like iptables-save. Like every other iptables command, it " | |
1873 | -"applies to the specified table (filter is the default)." | |
1874 | -msgstr "" | |
1875 | -"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場" | |
1876 | -"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同" | |
1877 | -"様に、指定されたテーブル (デフォルトは filter) に対して作用する。 よって NAT " | |
1878 | -"ルールを表示するには以下のようにする。" | |
1879 | - | |
1880 | -#. type: Plain text | |
1881 | -#: original/man8/iptables.8:248 | |
1882 | -msgid "This option has no effect in iptables and iptables-restore." | |
1883 | -msgstr "" | |
1884 | - | |
1885 | -#. type: Plain text | |
1886 | -#: original/man8/iptables.8:254 | |
1887 | -msgid "" | |
1888 | -"If a rule using the B<-6> option is inserted with (and only with) iptables-" | |
1889 | -"restore, it will be silently ignored. Any other uses will throw an error. " | |
1890 | -"This option allows to put both IPv4 and IPv6 rules in a single rule file for " | |
1891 | -"use with both iptables-restore and ip6tables-restore." | |
1892 | -msgstr "" | |
1893 | - | |
1894 | -#. type: Plain text | |
1895 | -#: original/man8/iptables.8:265 | |
1896 | -#, fuzzy | |
1897 | -#| msgid "" | |
1898 | -#| "The protocol of the rule or of the packet to check. The specified " | |
1899 | -#| "protocol can be one of I<tcp>, I<udp>, I<icmp>, or I<all>, or it can be a " | |
1900 | -#| "numeric value, representing one of these protocols or a different one. A " | |
1901 | -#| "protocol name from /etc/protocols is also allowed. A \"!\" argument " | |
1902 | -#| "before the protocol inverts the test. The number zero is equivalent to " | |
1903 | -#| "I<all>. Protocol I<all> will match with all protocols and is taken as " | |
1904 | -#| "default when this option is omitted." | |
1905 | -msgid "" | |
1906 | -"The protocol of the rule or of the packet to check. The specified protocol " | |
1907 | -"can be one of B<tcp>, B<udp>, B<udplite>, B<icmp>, B<esp>, B<ah>, B<sctp> or " | |
1908 | -"the special keyword \"B<all>\", or it can be a numeric value, representing " | |
1909 | -"one of these protocols or a different one. A protocol name from /etc/" | |
1910 | -"protocols is also allowed. A \"!\" argument before the protocol inverts the " | |
1911 | -"test. The number zero is equivalent to B<all>. \"B<all>\" will match with " | |
1912 | -"all protocols and is taken as default when this option is omitted." | |
1913 | -msgstr "" | |
1914 | -"ルールで使われるプロトコル、またはチェックされるパケットのプロトコル。 指定で" | |
1915 | -"きるプロトコルは、 I<tcp>, I<udp>, I<icmp>, I<all> のいずれか 1 つか、数値で" | |
1916 | -"ある。 数値には、これらのプロトコルのどれかないし別のプロトコルを表す 数値を" | |
1917 | -"指定することができる。 /etc/protocols にあるプロトコル名も指定できる。 プロト" | |
1918 | -"コルの前に \"!\" を置くと、そのプロトコルを除外するという意味になる。 数値 0 " | |
1919 | -"は I<all> と等しい。 プロトコル I<all> は全てのプロトコルとマッチし、 このオ" | |
1920 | -"プションが省略された際のデフォルトである。" | |
1921 | - | |
1922 | -#. type: TP | |
1923 | -#: original/man8/iptables.8:265 | |
1924 | -#, fuzzy, no-wrap | |
1925 | -#| msgid "B<-s, --source >[!] I<address>[/I<mask>]" | |
1926 | -msgid "[B<!>] B<-s>, B<--source> I<address>[B</>I<mask>][B<,>I<...>]" | |
1927 | -msgstr "B<-s, --source >[!] I<address>[/I<mask>]" | |
1928 | - | |
1929 | -#. type: Plain text | |
1930 | -#: original/man8/iptables.8:282 | |
1931 | -#, fuzzy | |
1932 | -#| msgid "" | |
1933 | -#| "Source specification. I<Address> can be either a network name, a " | |
1934 | -#| "hostname (please note that specifying any name to be resolved with a " | |
1935 | -#| "remote query such as DNS is a really bad idea), a network IP address " | |
1936 | -#| "(with /mask), or a plain IP address. The I<mask> can be either a network " | |
1937 | -#| "mask or a plain number, specifying the number of 1's at the left side of " | |
1938 | -#| "the network mask. Thus, a mask of I<24> is equivalent to " | |
1939 | -#| "I<255.255.255.0>. A \"!\" argument before the address specification " | |
1940 | -#| "inverts the sense of the address. The flag B<--src> is an alias for this " | |
1941 | -#| "option." | |
1942 | -msgid "" | |
1943 | -"Source specification. I<Address> can be either a network name, a hostname, a " | |
1944 | -"network IP address (with B</>I<mask>), or a plain IP address. Hostnames will " | |
1945 | -"be resolved once only, before the rule is submitted to the kernel. Please " | |
1946 | -"note that specifying any name to be resolved with a remote query such as DNS " | |
1947 | -"is a really bad idea. The I<mask> can be either a network mask or a plain " | |
1948 | -"number, specifying the number of 1's at the left side of the network mask. " | |
1949 | -"Thus, a mask of I<24> is equivalent to I<255.255.255.0>. A \"!\" argument " | |
1950 | -"before the address specification inverts the sense of the address. The flag " | |
1951 | -"B<--src> is an alias for this option. Multiple addresses can be specified, " | |
1952 | -"but this will B<expand to multiple rules> (when adding with -A), or will " | |
1953 | -"cause multiple rules to be deleted (with -D)." | |
1954 | -msgstr "" | |
1955 | -"送信元の指定。 I<address> はホスト名 (DNS のようなリモートへの問い合わせで解" | |
1956 | -"決する名前を指定するのは非常に良くない) ・ネットワーク IP アドレス (/mask を" | |
1957 | -"指定する)・ 通常の IP アドレス、のいずれかである。 I<mask> はネットワークマス" | |
1958 | -"クか、 ネットワークマスクの左側にある 1 の数を指定する数値である。 つまり、 " | |
1959 | -"I<24> という mask は I<255.255.255.0> に等しい。 アドレス指定の前に \"!\" を" | |
1960 | -"置くと、そのアドレスを除外するという意味になる。 フラグ B<--src> は、このオプ" | |
1961 | -"ションの別名である。" | |
1962 | - | |
1963 | -#. type: TP | |
1964 | -#: original/man8/iptables.8:282 | |
1965 | -#, fuzzy, no-wrap | |
1966 | -#| msgid "B<-d, --destination >[!] I<address>[/I<mask>]" | |
1967 | -msgid "[B<!>] B<-d>, B<--destination> I<address>[B</>I<mask>][B<,>I<...>]" | |
1968 | -msgstr "B<-d, --destination >[!] I<address>[/I<mask>]" | |
1969 | - | |
1970 | -#. type: TP | |
1971 | -#: original/man8/iptables.8:328 | |
1972 | -#, fuzzy, no-wrap | |
1973 | -#| msgid "B<[!] -f, --fragment>" | |
1974 | -msgid "[B<!>] B<-f>, B<--fragment>" | |
1975 | -msgstr "B<[!] -f, --fragment>" | |
1976 | - | |
1977 | -#. type: Plain text | |
1978 | -#: original/man8/iptables.8:336 | |
1979 | -msgid "" | |
1980 | -"This means that the rule only refers to second and further fragments of " | |
1981 | -"fragmented packets. Since there is no way to tell the source or destination " | |
1982 | -"ports of such a packet (or ICMP type), such a packet will not match any " | |
1983 | -"rules which specify them. When the \"!\" argument precedes the \"-f\" flag, " | |
1984 | -"the rule will only match head fragments, or unfragmented packets." | |
1985 | -msgstr "" | |
1986 | -"このオプションは、分割されたパケット (fragmented packet) のうち 2 番目以降の" | |
1987 | -"パケットだけを参照するルールであることを意味する。 このようなパケット (また" | |
1988 | -"は ICMP タイプのパケット) は 送信元・送信先ポートを知る方法がないので、 送信" | |
1989 | -"元や送信先を指定するようなルールにはマッチしない。 \"-f\" フラグの前に \"!\" " | |
1990 | -"を置くと、 分割されたパケットのうち最初のものか、 分割されていないパケットだ" | |
1991 | -"けにマッチする。" | |
1992 | - | |
1993 | -#. type: SH | |
1994 | -#: original/man8/iptables.8:374 | |
1995 | -#, fuzzy, no-wrap | |
1996 | -#| msgid "TARGET EXTENSIONS" | |
1997 | -msgid "MATCH AND TARGET EXTENSIONS" | |
1998 | -msgstr "ターゲットの拡張" | |
1999 | - | |
2000 | -#. type: Plain text | |
2001 | -#: original/man8/iptables.8:386 | |
2002 | -msgid "" | |
2003 | -"Bugs? What's this? ;-) Well, you might want to have a look at http://" | |
2004 | -"bugzilla.netfilter.org/" | |
2005 | -msgstr "" | |
2006 | - | |
2007 | -#. type: Plain text | |
2008 | -#: original/man8/iptables.8:395 | |
2009 | -msgid "" | |
2010 | -"This B<iptables> is very similar to ipchains by Rusty Russell. The main " | |
2011 | -"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for " | |
2012 | -"packets coming into the local host and originating from the local host " | |
2013 | -"respectively. Hence every packet only passes through one of the three " | |
2014 | -"chains (except loopback traffic, which involves both INPUT and OUTPUT " | |
2015 | -"chains); previously a forwarded packet would pass through all three." | |
2016 | -msgstr "" | |
2017 | -"B<iptables> は、Rusty Russell の ipchains と非常によく似ている。 大きな違い" | |
2018 | -"は、チェイン B<INPUT> と B<OUTPUT> が、それぞれローカルホストに入ってくるパ" | |
2019 | -"ケットと、 ローカルホストから出されるパケットのみしか調べないという点であ" | |
2020 | -"る。 よって、(INPUT と OUTPUT の両方のチェインを起動する ループバックトラ" | |
2021 | -"フィックを除く) 全てのパケットは 3 つあるチェインのうち 1 しか通らない。 以" | |
2022 | -"前は (ipchains では)、 フォワードされるパケットは 3 つのチェイン全てを通って" | |
2023 | -"いた。" | |
2024 | - | |
2025 | -#. type: Plain text | |
2026 | -#: original/man8/iptables.8:399 | |
2027 | -msgid "" | |
2028 | -"The other main difference is that B<-i> refers to the input interface; B<-o> " | |
2029 | -"refers to the output interface, and both are available for packets entering " | |
2030 | -"the B<FORWARD> chain." | |
2031 | -msgstr "" | |
2032 | -"その他の大きな違いは、 B<-i> で入力インターフェース、 B<-o> で出力インター" | |
2033 | -"フェースを参照すること、 そしてともに B<FORWARD> チェインに入るパケットに対し" | |
2034 | -"て指定可能な点である。" | |
2035 | - | |
2036 | -#. type: Plain text | |
2037 | -#: original/man8/iptables.8:405 | |
2038 | -msgid "" | |
2039 | -"The various forms of NAT have been separated out; B<iptables> is a pure " | |
2040 | -"packet filter when using the default `filter' table, with optional extension " | |
2041 | -"modules. This should simplify much of the previous confusion over the " | |
2042 | -"combination of IP masquerading and packet filtering seen previously. So the " | |
2043 | -"following options are handled differently:" | |
2044 | -msgstr "" | |
2045 | -"NAT のいろいろな形式が分割された。 オプションの拡張モジュールとともに デフォ" | |
2046 | -"ルトの「フィルタ」テーブルを用いた場合、 B<iptables> は純粋なパケットフィルタ" | |
2047 | -"となる。 これは、以前みられた IP マスカレーディングとパケットフィルタリング" | |
2048 | -"の 組合せによる混乱を簡略化する。 よって、オプション" | |
2049 | - | |
2050 | -#. type: Plain text | |
2051 | -#: original/man8/iptables.8:409 | |
2052 | -#, no-wrap | |
2053 | -msgid "" | |
2054 | -" -j MASQ\n" | |
2055 | -" -M -S\n" | |
2056 | -" -M -L\n" | |
2057 | -msgstr "" | |
2058 | -" -j MASQ\n" | |
2059 | -" -M -S\n" | |
2060 | -" -M -L\n" | |
2061 | - | |
2062 | -#. type: Plain text | |
2063 | -#: original/man8/iptables.8:411 | |
2064 | -msgid "There are several other changes in iptables." | |
2065 | -msgstr "" | |
2066 | -"は別のものとして扱われる。 iptables では、その他にもいくつかの変更がある。" | |
2067 | - | |
2068 | -#. type: Plain text | |
2069 | -#: original/man8/iptables.8:420 | |
2070 | -#, fuzzy | |
2071 | -#| msgid "" | |
2072 | -#| "B<iptables-save>(8), B<iptables-restore>(8), B<ip6tables>(8), B<ip6tables-" | |
2073 | -#| "save>(8), B<ip6tables-restore>(8)." | |
2074 | -msgid "" | |
2075 | -"B<iptables-apply>(8), B<iptables-save>(8), B<iptables-restore>(8), " | |
2076 | -"B<iptables-extensions>(8), B<ip6tables>(8), B<ip6tables-save>(8), " | |
2077 | -"B<ip6tables-restore>(8), B<libipq>(3)." | |
2078 | -msgstr "" | |
2079 | -"B<iptables-save>(8), B<iptables-restore>(8), B<ip6tables>(8), B<ip6tables-" | |
2080 | -"save>(8), B<ip6tables-restore>(8)." | |
2081 | - | |
2082 | -#. type: Plain text | |
2083 | -#: original/man8/iptables.8:426 | |
2084 | -msgid "" | |
2085 | -"The packet-filtering-HOWTO details iptables usage for packet filtering, the " | |
2086 | -"NAT-HOWTO details NAT, the netfilter-extensions-HOWTO details the extensions " | |
2087 | -"that are not in the standard distribution, and the netfilter-hacking-HOWTO " | |
2088 | -"details the netfilter internals." | |
2089 | -msgstr "" | |
2090 | -"パケットフィルタリングについての詳細な iptables の使用法を\n" | |
2091 | -"説明している packet-filtering-HOWTO。\n" | |
2092 | -"NAT について詳細に説明している NAT-HOWTO。\n" | |
2093 | -"標準的な配布には含まれない拡張の詳細を 説明している \n" | |
2094 | -"netfilter-extensions-HOWTO。\n" | |
2095 | -"内部構造について詳細に説明している netfilter-hacking-HOWTO。" | |
2096 | - | |
2097 | -#. type: Plain text | |
2098 | -#: original/man8/iptables.8:432 | |
2099 | -#, fuzzy | |
2100 | -#| msgid "" | |
2101 | -#| "Rusty Russell wrote iptables, in early consultation with Michael Neuling." | |
2102 | -msgid "" | |
2103 | -"Rusty Russell originally wrote iptables, in early consultation with Michael " | |
2104 | -"Neuling." | |
2105 | -msgstr "" | |
2106 | -"Rusty Russell は、初期の段階で Michael Neuling に相談して iptables を書いた。" | |
2107 | - | |
2108 | -#. type: Plain text | |
2109 | -#: original/man8/iptables.8:442 | |
2110 | -#, fuzzy | |
2111 | -#| msgid "" | |
2112 | -#| "Harald Welte wrote the ULOG target, TTL, DSCP, ECN matches and targets." | |
2113 | -msgid "" | |
2114 | -"Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as " | |
2115 | -"the TTL, DSCP, ECN matches and targets." | |
2116 | -msgstr "" | |
2117 | -"Harald Welte が ULOG ターゲットと、 TTL, DSCP, ECN のマッチ・ターゲットを書い" | |
2118 | -"た。" | |
2119 | - | |
2120 | -#. .. and did I mention that we are incredibly cool people? | |
2121 | -#. .. sexy, too .. | |
2122 | -#. .. witty, charming, powerful .. | |
2123 | -#. .. and most of all, modest .. | |
2124 | -#. type: Plain text | |
2125 | -#: original/man8/iptables.8:452 | |
2126 | -#, fuzzy | |
2127 | -#| msgid "Man page written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>." | |
2128 | -msgid "" | |
2129 | -"Man page originally written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>." | |
2130 | -msgstr "man ページは Herve Eychenne E<lt>rv@wallfire.orgE<gt> が書いた。" | |
2131 | - | |
2132 | -#. type: Plain text | |
2133 | -#: original/man8/iptables.8:454 | |
2134 | -msgid "This manual page applies to iptables 1.4.18." | |
2135 | -msgstr "" | |
2136 | - | |
2137 | -#. type: TH | |
2138 | -#: original/man8/iptables-extensions.8:1 | |
2139 | -#, fuzzy, no-wrap | |
2140 | -#| msgid " iptables -m tos -h\n" | |
2141 | -msgid "iptables-extensions" | |
2142 | -msgstr " iptables -m tos -h\n" | |
2143 | - | |
2144 | -#. type: Plain text | |
2145 | -#: original/man8/iptables-extensions.8:4 | |
2146 | -#, fuzzy | |
2147 | -#| msgid "" | |
2148 | -#| "iptables can use extended target modules: the following are included in " | |
2149 | -#| "the standard distribution." | |
2150 | -msgid "" | |
2151 | -"iptables-extensions \\(em list of extensions in the standard iptables " | |
2152 | -"distribution" | |
2153 | -msgstr "" | |
2154 | -"iptables は拡張ターゲットモジュールを使うことができる: 以下のものが、標準的な" | |
2155 | -"ディストリビューションに含まれている。" | |
2156 | - | |
2157 | -#. type: Plain text | |
2158 | -#: original/man8/iptables-extensions.8:7 | |
2159 | -#, fuzzy | |
2160 | -#| msgid "B<ip6tables [-t table] -P >chain target [options]" | |
2161 | -msgid "" | |
2162 | -"B<ip6tables> [B<-m> I<name> [I<module-options>...]] [B<-j> I<target-name> " | |
2163 | -"[I<target-options>...]" | |
2164 | -msgstr "B<ip6tables [-t テーブル] -P >チェイン ターゲット [オプション]" | |
2165 | - | |
2166 | -#. type: Plain text | |
2167 | -#: original/man8/iptables-extensions.8:10 | |
2168 | -#, fuzzy | |
2169 | -#| msgid "B<ip6tables [-t table] -P >chain target [options]" | |
2170 | -msgid "" | |
2171 | -"B<iptables> [B<-m> I<name> [I<module-options>...]] [B<-j> I<target-name> " | |
2172 | -"[I<target-options>...]" | |
2173 | -msgstr "B<ip6tables [-t テーブル] -P >チェイン ターゲット [オプション]" | |
2174 | - | |
2175 | -#. type: Plain text | |
2176 | -#: original/man8/iptables-extensions.8:20 | |
2177 | -#, fuzzy | |
2178 | -#| msgid "" | |
2179 | -#| "iptables can use extended packet matching modules. These are loaded in " | |
2180 | -#| "two ways: implicitly, when B<-p> or B<--protocol> is specified, or with " | |
2181 | -#| "the B<-m> or B<--match> options, followed by the matching module name; " | |
2182 | -#| "after these, various extra command line options become available, " | |
2183 | -#| "depending on the specific module. You can specify multiple extended " | |
2184 | -#| "match modules in one line, and you can use the B<-h> or B<--help> options " | |
2185 | -#| "after the module has been specified to receive help specific to that " | |
2186 | -#| "module." | |
2187 | -msgid "" | |
2188 | -"iptables can use extended packet matching modules with the B<-m> or B<--" | |
2189 | -"match> options, followed by the matching module name; after these, various " | |
2190 | -"extra command line options become available, depending on the specific " | |
2191 | -"module. You can specify multiple extended match modules in one line, and " | |
2192 | -"you can use the B<-h> or B<--help> options after the module has been " | |
2193 | -"specified to receive help specific to that module. The extended match " | |
2194 | -"modules are evaluated in the order they are specified in the rule." | |
2195 | -msgstr "" | |
2196 | -"iptables は拡張されたパケットマッチングモジュールを使うことができる。 これら" | |
2197 | -"のモジュールは 2 種類の方法でロードされる: モジュールは、 B<-p> または B<--" | |
2198 | -"protocol> で暗黙のうちに指定されるか、 B<-m> または B<--match> の後にモジュー" | |
2199 | -"ル名を続けて指定される。 これらのモジュールの後ろには、モジュールに応じて 他" | |
2200 | -"のいろいろなコマンドラインオプションを指定することができる。 複数の拡張マッチ" | |
2201 | -"ングモジュールを一行で指定することができる。 また、モジュールに特有のヘルプを" | |
2202 | -"表示させるためには、 モジュールを指定した後で B<-h> または B<--help> を指定す" | |
2203 | -"ればよい。" | |
2204 | - | |
2205 | -#. @MATCH@ | |
2206 | -#. type: Plain text | |
2207 | -#: original/man8/iptables-extensions.8:25 | |
2208 | -msgid "" | |
2209 | -"If the B<-p> or B<--protocol> was specified and if and only if an unknown " | |
2210 | -"option is encountered, iptables will try load a match module of the same " | |
2211 | -"name as the protocol, to try making the option available." | |
2212 | -msgstr "" | |
2213 | - | |
2214 | -#. type: SS | |
2215 | -#: original/man8/iptables-extensions.8:25 | |
2216 | -#, no-wrap | |
2217 | -msgid "addrtype" | |
2218 | -msgstr "" | |
2219 | - | |
2220 | -#. type: Plain text | |
2221 | -#: original/man8/iptables-extensions.8:30 | |
2222 | -msgid "" | |
2223 | -"This module matches packets based on their B<address type.> Address types " | |
2224 | -"are used within the kernel networking stack and categorize addresses into " | |
2225 | -"various groups. The exact definition of that group depends on the specific " | |
2226 | -"layer three protocol." | |
2227 | -msgstr "" | |
2228 | - | |
2229 | -#. type: Plain text | |
2230 | -#: original/man8/iptables-extensions.8:32 | |
2231 | -#, fuzzy | |
2232 | -#| msgid "The following additional options can be specified:" | |
2233 | -msgid "The following address types are possible:" | |
2234 | -msgstr "その他に以下のオプションを指定することができる:" | |
2235 | - | |
2236 | -#. type: TP | |
2237 | -#: original/man8/iptables-extensions.8:32 | |
2238 | -#, no-wrap | |
2239 | -msgid "B<UNSPEC>" | |
2240 | -msgstr "" | |
2241 | - | |
2242 | -#. type: Plain text | |
2243 | -#: original/man8/iptables-extensions.8:35 | |
2244 | -msgid "an unspecified address (i.e. 0.0.0.0)" | |
2245 | -msgstr "" | |
2246 | - | |
2247 | -#. type: TP | |
2248 | -#: original/man8/iptables-extensions.8:35 | |
2249 | -#, no-wrap | |
2250 | -msgid "B<UNICAST>" | |
2251 | -msgstr "" | |
2252 | - | |
2253 | -#. type: Plain text | |
2254 | -#: original/man8/iptables-extensions.8:38 | |
2255 | -msgid "an unicast address" | |
2256 | -msgstr "" | |
2257 | - | |
2258 | -#. type: TP | |
2259 | -#: original/man8/iptables-extensions.8:38 | |
2260 | -#, no-wrap | |
2261 | -msgid "B<LOCAL>" | |
2262 | -msgstr "" | |
2263 | - | |
2264 | -#. type: Plain text | |
2265 | -#: original/man8/iptables-extensions.8:41 | |
2266 | -msgid "a local address" | |
2267 | -msgstr "" | |
2268 | - | |
2269 | -#. type: TP | |
2270 | -#: original/man8/iptables-extensions.8:41 | |
2271 | -#, no-wrap | |
2272 | -msgid "B<BROADCAST>" | |
2273 | -msgstr "" | |
2274 | - | |
2275 | -#. type: Plain text | |
2276 | -#: original/man8/iptables-extensions.8:44 | |
2277 | -msgid "a broadcast address" | |
2278 | -msgstr "" | |
2279 | - | |
2280 | -#. type: TP | |
2281 | -#: original/man8/iptables-extensions.8:44 | |
2282 | -#, no-wrap | |
2283 | -msgid "B<ANYCAST>" | |
2284 | -msgstr "" | |
2285 | - | |
2286 | -#. type: Plain text | |
2287 | -#: original/man8/iptables-extensions.8:47 | |
2288 | -msgid "an anycast packet" | |
2289 | -msgstr "" | |
2290 | - | |
2291 | -#. type: TP | |
2292 | -#: original/man8/iptables-extensions.8:47 | |
2293 | -#, no-wrap | |
2294 | -msgid "B<MULTICAST>" | |
2295 | -msgstr "" | |
2296 | - | |
2297 | -#. type: Plain text | |
2298 | -#: original/man8/iptables-extensions.8:50 | |
2299 | -msgid "a multicast address" | |
2300 | -msgstr "" | |
2301 | - | |
2302 | -#. type: TP | |
2303 | -#: original/man8/iptables-extensions.8:50 | |
2304 | -#, no-wrap | |
2305 | -msgid "B<BLACKHOLE>" | |
2306 | -msgstr "" | |
2307 | - | |
2308 | -#. type: Plain text | |
2309 | -#: original/man8/iptables-extensions.8:53 | |
2310 | -msgid "a blackhole address" | |
2311 | -msgstr "" | |
2312 | - | |
2313 | -#. type: TP | |
2314 | -#: original/man8/iptables-extensions.8:53 | |
2315 | -#, no-wrap | |
2316 | -msgid "B<UNREACHABLE>" | |
2317 | -msgstr "" | |
2318 | - | |
2319 | -#. type: Plain text | |
2320 | -#: original/man8/iptables-extensions.8:56 | |
2321 | -msgid "an unreachable address" | |
2322 | -msgstr "" | |
2323 | - | |
2324 | -#. type: TP | |
2325 | -#: original/man8/iptables-extensions.8:56 | |
2326 | -#, no-wrap | |
2327 | -msgid "B<PROHIBIT>" | |
2328 | -msgstr "" | |
2329 | - | |
2330 | -#. type: Plain text | |
2331 | -#: original/man8/iptables-extensions.8:59 | |
2332 | -msgid "a prohibited address" | |
2333 | -msgstr "" | |
2334 | - | |
2335 | -#. type: TP | |
2336 | -#: original/man8/iptables-extensions.8:59 | |
2337 | -#, no-wrap | |
2338 | -msgid "B<THROW>" | |
2339 | -msgstr "" | |
2340 | - | |
2341 | -#. type: Plain text | |
2342 | -#: original/man8/iptables-extensions.8:62 | |
2343 | -#: original/man8/iptables-extensions.8:65 | |
2344 | -msgid "FIXME" | |
2345 | -msgstr "" | |
2346 | - | |
2347 | -#. type: TP | |
2348 | -#: original/man8/iptables-extensions.8:62 | |
2349 | -#, no-wrap | |
2350 | -msgid "B<NAT>" | |
2351 | -msgstr "" | |
2352 | - | |
2353 | -#. type: TP | |
2354 | -#: original/man8/iptables-extensions.8:65 | |
2355 | -#, no-wrap | |
2356 | -msgid "B<XRESOLVE>" | |
2357 | -msgstr "" | |
2358 | - | |
2359 | -#. type: TP | |
2360 | -#: original/man8/iptables-extensions.8:67 | |
2361 | -#, fuzzy, no-wrap | |
2362 | -#| msgid "B<--icmp-type >[!] I<typename>" | |
2363 | -msgid "[B<!>] B<--src-type> I<type>" | |
2364 | -msgstr "B<--icmp-type >[!] I<typename>" | |
2365 | - | |
2366 | -#. type: Plain text | |
2367 | -#: original/man8/iptables-extensions.8:70 | |
2368 | -#, fuzzy | |
2369 | -#| msgid "" | |
2370 | -#| "Matches if the packet was created by a process with the given process id." | |
2371 | -msgid "Matches if the source address is of given type" | |
2372 | -msgstr "" | |
2373 | -"指定されたプロセス ID のプロセスにより パケットが生成されている場合にマッチす" | |
2374 | -"る。" | |
2375 | - | |
2376 | -#. type: TP | |
2377 | -#: original/man8/iptables-extensions.8:70 | |
2378 | -#, fuzzy, no-wrap | |
2379 | -#| msgid "B<--icmp-type >[!] I<typename>" | |
2380 | -msgid "[B<!>] B<--dst-type> I<type>" | |
2381 | -msgstr "B<--icmp-type >[!] I<typename>" | |
2382 | - | |
2383 | -#. type: Plain text | |
2384 | -#: original/man8/iptables-extensions.8:73 | |
2385 | -#, fuzzy | |
2386 | -#| msgid "Match against reply destination address" | |
2387 | -msgid "Matches if the destination address is of given type" | |
2388 | -msgstr "応答の宛先アドレスにマッチする。" | |
2389 | - | |
2390 | -#. type: TP | |
2391 | -#: original/man8/iptables-extensions.8:73 | |
2392 | -#, fuzzy, no-wrap | |
2393 | -#| msgid "B<--limit >I<rate>" | |
2394 | -msgid "B<--limit-iface-in>" | |
2395 | -msgstr "B<--limit >I<rate>" | |
2396 | - | |
2397 | -#. type: Plain text | |
2398 | -#: original/man8/iptables-extensions.8:84 | |
2399 | -msgid "" | |
2400 | -"The address type checking can be limited to the interface the packet is " | |
2401 | -"coming in. This option is only valid in the B<PREROUTING>, B<INPUT> and " | |
2402 | -"B<FORWARD> chains. It cannot be specified with the B<--limit-iface-out> " | |
2403 | -"option." | |
2404 | -msgstr "" | |
2405 | - | |
2406 | -#. type: TP | |
2407 | -#: original/man8/iptables-extensions.8:84 | |
2408 | -#, fuzzy, no-wrap | |
2409 | -#| msgid "B<--limit >I<rate>" | |
2410 | -msgid "B<--limit-iface-out>" | |
2411 | -msgstr "B<--limit >I<rate>" | |
2412 | - | |
2413 | -#. type: Plain text | |
2414 | -#: original/man8/iptables-extensions.8:95 | |
2415 | -msgid "" | |
2416 | -"The address type checking can be limited to the interface the packet is " | |
2417 | -"going out. This option is only valid in the B<POSTROUTING>, B<OUTPUT> and " | |
2418 | -"B<FORWARD> chains. It cannot be specified with the B<--limit-iface-in> " | |
2419 | -"option." | |
2420 | -msgstr "" | |
2421 | - | |
2422 | -#. type: SS | |
2423 | -#: original/man8/iptables-extensions.8:95 | |
2424 | -#, no-wrap | |
2425 | -msgid "ah (IPv6-specific)" | |
2426 | -msgstr "" | |
2427 | - | |
2428 | -#. type: Plain text | |
2429 | -#: original/man8/iptables-extensions.8:97 | |
2430 | -#, fuzzy | |
2431 | -#| msgid "This module matches the SPIs in AH header of IPSec packets." | |
2432 | -msgid "" | |
2433 | -"This module matches the parameters in Authentication header of IPsec packets." | |
2434 | -msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。" | |
2435 | - | |
2436 | -#. type: TP | |
2437 | -#: original/man8/iptables-extensions.8:97 | |
2438 | -#: original/man8/iptables-extensions.8:108 | |
2439 | -#, fuzzy, no-wrap | |
2440 | -#| msgid "B<--ahspi >[!] I<spi>[:I<spi>]" | |
2441 | -msgid "[B<!>] B<--ahspi> I<spi>[B<:>I<spi>]" | |
2442 | -msgstr "B<--ahspi >[!] I<spi>[:I<spi>]" | |
2443 | - | |
2444 | -#. type: Plain text | |
2445 | -#: original/man8/iptables-extensions.8:100 | |
2446 | -msgid "Matches SPI." | |
2447 | -msgstr "" | |
2448 | - | |
2449 | -#. type: TP | |
2450 | -#: original/man8/iptables-extensions.8:100 | |
2451 | -#, fuzzy, no-wrap | |
2452 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
2453 | -msgid "[B<!>] B<--ahlen> I<length>" | |
2454 | -msgstr "B<-t>, B<--table> B<tablename>" | |
2455 | - | |
2456 | -#. type: Plain text | |
2457 | -#: original/man8/iptables-extensions.8:103 | |
2458 | -#: original/man8/iptables-extensions.8:407 | |
2459 | -#: original/man8/iptables-extensions.8:540 | |
2460 | -msgid "Total length of this header in octets." | |
2461 | -msgstr "" | |
2462 | - | |
2463 | -#. type: TP | |
2464 | -#: original/man8/iptables-extensions.8:103 | |
2465 | -#, no-wrap | |
2466 | -msgid "B<--ahres>" | |
2467 | -msgstr "" | |
2468 | - | |
2469 | -#. type: Plain text | |
2470 | -#: original/man8/iptables-extensions.8:106 | |
2471 | -msgid "Matches if the reserved field is filled with zero." | |
2472 | -msgstr "" | |
2473 | - | |
2474 | -#. type: SS | |
2475 | -#: original/man8/iptables-extensions.8:106 | |
2476 | -#, no-wrap | |
2477 | -msgid "ah (IPv4-specific)" | |
2478 | -msgstr "" | |
2479 | - | |
2480 | -#. type: Plain text | |
2481 | -#: original/man8/iptables-extensions.8:108 | |
2482 | -#, fuzzy | |
2483 | -#| msgid "This module matches the SPIs in AH header of IPSec packets." | |
2484 | -msgid "This module matches the SPIs in Authentication header of IPsec packets." | |
2485 | -msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。" | |
2486 | - | |
2487 | -#. type: SS | |
2488 | -#: original/man8/iptables-extensions.8:110 | |
2489 | -#, no-wrap | |
2490 | -msgid "cluster" | |
2491 | -msgstr "" | |
2492 | - | |
2493 | -#. type: Plain text | |
2494 | -#: original/man8/iptables-extensions.8:113 | |
2495 | -msgid "" | |
2496 | -"Allows you to deploy gateway and back-end load-sharing clusters without the " | |
2497 | -"need of load-balancers." | |
2498 | -msgstr "" | |
2499 | - | |
2500 | -#. type: Plain text | |
2501 | -#: original/man8/iptables-extensions.8:116 | |
2502 | -msgid "" | |
2503 | -"This match requires that all the nodes see the same packets. Thus, the " | |
2504 | -"cluster match decides if this node has to handle a packet given the " | |
2505 | -"following options:" | |
2506 | -msgstr "" | |
2507 | - | |
2508 | -#. type: TP | |
2509 | -#: original/man8/iptables-extensions.8:116 | |
2510 | -#, no-wrap | |
2511 | -msgid "B<--cluster-total-nodes> I<num>" | |
2512 | -msgstr "" | |
2513 | - | |
2514 | -#. type: Plain text | |
2515 | -#: original/man8/iptables-extensions.8:119 | |
2516 | -msgid "Set number of total nodes in cluster." | |
2517 | -msgstr "" | |
2518 | - | |
2519 | -#. type: TP | |
2520 | -#: original/man8/iptables-extensions.8:119 | |
2521 | -#, fuzzy, no-wrap | |
2522 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
2523 | -msgid "[B<!>] B<--cluster-local-node> I<num>" | |
2524 | -msgstr "B<-t>, B<--table> B<tablename>" | |
2525 | - | |
2526 | -#. type: Plain text | |
2527 | -#: original/man8/iptables-extensions.8:122 | |
2528 | -msgid "Set the local node number ID." | |
2529 | -msgstr "" | |
2530 | - | |
2531 | -#. type: TP | |
2532 | -#: original/man8/iptables-extensions.8:122 | |
2533 | -#, no-wrap | |
2534 | -msgid "[B<!>] B<--cluster-local-nodemask> I<mask>" | |
2535 | -msgstr "" | |
2536 | - | |
2537 | -#. type: Plain text | |
2538 | -#: original/man8/iptables-extensions.8:126 | |
2539 | -msgid "" | |
2540 | -"Set the local node number ID mask. You can use this option instead of B<--" | |
2541 | -"cluster-local-node>." | |
2542 | -msgstr "" | |
2543 | - | |
2544 | -#. type: TP | |
2545 | -#: original/man8/iptables-extensions.8:126 | |
2546 | -#, fuzzy, no-wrap | |
2547 | -#| msgid "B<--set-mss >I<value>" | |
2548 | -msgid "B<--cluster-hash-seed> I<value>" | |
2549 | -msgstr "B<--set-mss >I<value>" | |
2550 | - | |
2551 | -#. type: Plain text | |
2552 | -#: original/man8/iptables-extensions.8:129 | |
2553 | -msgid "Set seed value of the Jenkins hash." | |
2554 | -msgstr "" | |
2555 | - | |
2556 | -#. type: TP | |
2557 | -#: original/man8/iptables-extensions.8:131 | |
2558 | -#: original/man8/iptables-extensions.8:177 | |
2559 | -#: original/man8/iptables-extensions.8:214 | |
2560 | -#: original/man8/iptables-extensions.8:362 | |
2561 | -#: original/man8/iptables-extensions.8:1588 | |
2562 | -#: original/man8/iptables-extensions.8:1636 | |
2563 | -#: original/man8/iptables-extensions.8:1685 | |
2564 | -#: original/man8/iptables-extensions.8:2016 | |
2565 | -#, no-wrap | |
2566 | -msgid "Example:" | |
2567 | -msgstr "" | |
2568 | - | |
2569 | -#. type: Plain text | |
2570 | -#: original/man8/iptables-extensions.8:136 | |
2571 | -msgid "" | |
2572 | -"iptables -A PREROUTING -t mangle -i eth1 -m cluster --cluster-total-nodes 2 " | |
2573 | -"--cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark " | |
2574 | -"0xffff" | |
2575 | -msgstr "" | |
2576 | - | |
2577 | -#. type: Plain text | |
2578 | -#: original/man8/iptables-extensions.8:141 | |
2579 | -msgid "" | |
2580 | -"iptables -A PREROUTING -t mangle -i eth2 -m cluster --cluster-total-nodes 2 " | |
2581 | -"--cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark " | |
2582 | -"0xffff" | |
2583 | -msgstr "" | |
2584 | - | |
2585 | -#. type: Plain text | |
2586 | -#: original/man8/iptables-extensions.8:144 | |
2587 | -msgid "" | |
2588 | -"iptables -A PREROUTING -t mangle -i eth1 -m mark ! --mark 0xffff -j DROP" | |
2589 | -msgstr "" | |
2590 | - | |
2591 | -#. type: Plain text | |
2592 | -#: original/man8/iptables-extensions.8:147 | |
2593 | -msgid "" | |
2594 | -"iptables -A PREROUTING -t mangle -i eth2 -m mark ! --mark 0xffff -j DROP" | |
2595 | -msgstr "" | |
2596 | - | |
2597 | -#. type: Plain text | |
2598 | -#: original/man8/iptables-extensions.8:149 | |
2599 | -msgid "And the following commands to make all nodes see the same packets:" | |
2600 | -msgstr "" | |
2601 | - | |
2602 | -#. type: Plain text | |
2603 | -#: original/man8/iptables-extensions.8:151 | |
2604 | -msgid "ip maddr add 01:00:5e:00:01:01 dev eth1" | |
2605 | -msgstr "" | |
2606 | - | |
2607 | -#. type: Plain text | |
2608 | -#: original/man8/iptables-extensions.8:153 | |
2609 | -msgid "ip maddr add 01:00:5e:00:01:02 dev eth2" | |
2610 | -msgstr "" | |
2611 | - | |
2612 | -#. type: Plain text | |
2613 | -#: original/man8/iptables-extensions.8:156 | |
2614 | -msgid "" | |
2615 | -"arptables -A OUTPUT -o eth1 --h-length 6 -j mangle --mangle-mac-s " | |
2616 | -"01:00:5e:00:01:01" | |
2617 | -msgstr "" | |
2618 | - | |
2619 | -#. type: Plain text | |
2620 | -#: original/man8/iptables-extensions.8:160 | |
2621 | -msgid "" | |
2622 | -"arptables -A INPUT -i eth1 --h-length 6 --destination-mac 01:00:5e:00:01:01 -" | |
2623 | -"j mangle --mangle-mac-d 00:zz:yy:xx:5a:27" | |
2624 | -msgstr "" | |
2625 | - | |
2626 | -#. type: Plain text | |
2627 | -#: original/man8/iptables-extensions.8:163 | |
2628 | -msgid "" | |
2629 | -"arptables -A OUTPUT -o eth2 --h-length 6 -j mangle --mangle-mac-s " | |
2630 | -"01:00:5e:00:01:02" | |
2631 | -msgstr "" | |
2632 | - | |
2633 | -#. type: Plain text | |
2634 | -#: original/man8/iptables-extensions.8:167 | |
2635 | -msgid "" | |
2636 | -"arptables -A INPUT -i eth2 --h-length 6 --destination-mac 01:00:5e:00:01:02 -" | |
2637 | -"j mangle --mangle-mac-d 00:zz:yy:xx:5a:27" | |
2638 | -msgstr "" | |
2639 | - | |
2640 | -#. type: Plain text | |
2641 | -#: original/man8/iptables-extensions.8:171 | |
2642 | -msgid "" | |
2643 | -"In the case of TCP connections, pickup facility has to be disabled to avoid " | |
2644 | -"marking TCP ACK packets coming in the reply direction as valid." | |
2645 | -msgstr "" | |
2646 | - | |
2647 | -#. type: Plain text | |
2648 | -#: original/man8/iptables-extensions.8:173 | |
2649 | -msgid "echo 0 E<gt> /proc/sys/net/netfilter/nf_conntrack_tcp_loose" | |
2650 | -msgstr "" | |
2651 | - | |
2652 | -#. type: SS | |
2653 | -#: original/man8/iptables-extensions.8:173 | |
2654 | -#, no-wrap | |
2655 | -msgid "comment" | |
2656 | -msgstr "" | |
2657 | - | |
2658 | -#. type: Plain text | |
2659 | -#: original/man8/iptables-extensions.8:175 | |
2660 | -msgid "Allows you to add comments (up to 256 characters) to any rule." | |
2661 | -msgstr "" | |
2662 | - | |
2663 | -#. type: TP | |
2664 | -#: original/man8/iptables-extensions.8:175 | |
2665 | -#, no-wrap | |
2666 | -msgid "B<--comment> I<comment>" | |
2667 | -msgstr "" | |
2668 | - | |
2669 | -#. type: Plain text | |
2670 | -#: original/man8/iptables-extensions.8:180 | |
2671 | -msgid "iptables -A INPUT -i eth1 -m comment --comment \"my local LAN\"" | |
2672 | -msgstr "" | |
2673 | - | |
2674 | -#. type: SS | |
2675 | -#: original/man8/iptables-extensions.8:180 | |
2676 | -#, no-wrap | |
2677 | -msgid "connbytes" | |
2678 | -msgstr "" | |
2679 | - | |
2680 | -#. type: Plain text | |
2681 | -#: original/man8/iptables-extensions.8:184 | |
2682 | -msgid "" | |
2683 | -"Match by how many bytes or packets a connection (or one of the two flows " | |
2684 | -"constituting the connection) has transferred so far, or by average bytes per " | |
2685 | -"packet." | |
2686 | -msgstr "" | |
2687 | - | |
2688 | -#. type: Plain text | |
2689 | -#: original/man8/iptables-extensions.8:186 | |
2690 | -msgid "The counters are 64-bit and are thus not expected to overflow ;)" | |
2691 | -msgstr "" | |
2692 | - | |
2693 | -#. type: Plain text | |
2694 | -#: original/man8/iptables-extensions.8:189 | |
2695 | -msgid "" | |
2696 | -"The primary use is to detect long-lived downloads and mark them to be " | |
2697 | -"scheduled using a lower priority band in traffic control." | |
2698 | -msgstr "" | |
2699 | - | |
2700 | -#. type: Plain text | |
2701 | -#: original/man8/iptables-extensions.8:192 | |
2702 | -msgid "" | |
2703 | -"The transferred bytes per connection can also be viewed through `conntrack -" | |
2704 | -"L` and accessed via ctnetlink." | |
2705 | -msgstr "" | |
2706 | - | |
2707 | -#. type: Plain text | |
2708 | -#: original/man8/iptables-extensions.8:198 | |
2709 | -msgid "" | |
2710 | -"NOTE that for connections which have no accounting information, the match " | |
2711 | -"will always return false. The \"net.netfilter.nf_conntrack_acct\" sysctl " | |
2712 | -"flag controls whether B<new> connections will be byte/packet counted. " | |
2713 | -"Existing connection flows will not be gaining/losing a/the accounting " | |
2714 | -"structure when be sysctl flag is flipped." | |
2715 | -msgstr "" | |
2716 | - | |
2717 | -#. type: TP | |
2718 | -#: original/man8/iptables-extensions.8:198 | |
2719 | -#, no-wrap | |
2720 | -msgid "[B<!>] B<--connbytes> I<from>[B<:>I<to>]" | |
2721 | -msgstr "" | |
2722 | - | |
2723 | -#. type: Plain text | |
2724 | -#: original/man8/iptables-extensions.8:204 | |
2725 | -msgid "" | |
2726 | -"match packets from a connection whose packets/bytes/average packet size is " | |
2727 | -"more than FROM and less than TO bytes/packets. if TO is omitted only FROM " | |
2728 | -"check is done. \"!\" is used to match packets not falling in the range." | |
2729 | -msgstr "" | |
2730 | - | |
2731 | -#. type: TP | |
2732 | -#: original/man8/iptables-extensions.8:204 | |
2733 | -#, no-wrap | |
2734 | -msgid "B<--connbytes-dir> {B<original>|B<reply>|B<both>}" | |
2735 | -msgstr "" | |
2736 | - | |
2737 | -#. type: Plain text | |
2738 | -#: original/man8/iptables-extensions.8:207 | |
2739 | -msgid "which packets to consider" | |
2740 | -msgstr "" | |
2741 | - | |
2742 | -#. type: TP | |
2743 | -#: original/man8/iptables-extensions.8:207 | |
2744 | -#, no-wrap | |
2745 | -msgid "B<--connbytes-mode> {B<packets>|B<bytes>|B<avgpkt>}" | |
2746 | -msgstr "" | |
2747 | - | |
2748 | -#. type: Plain text | |
2749 | -#: original/man8/iptables-extensions.8:214 | |
2750 | -msgid "" | |
2751 | -"whether to check the amount of packets, number of bytes transferred or the " | |
2752 | -"average size (in bytes) of all packets received so far. Note that when \"both" | |
2753 | -"\" is used together with \"avgpkt\", and data is going (mainly) only in one " | |
2754 | -"direction (for example HTTP), the average packet size will be about half of " | |
2755 | -"the actual data packets." | |
2756 | -msgstr "" | |
2757 | - | |
2758 | -#. type: Plain text | |
2759 | -#: original/man8/iptables-extensions.8:217 | |
2760 | -msgid "" | |
2761 | -"iptables .. -m connbytes --connbytes 10000:100000 --connbytes-dir both --" | |
2762 | -"connbytes-mode bytes ..." | |
2763 | -msgstr "" | |
2764 | - | |
2765 | -#. type: SS | |
2766 | -#: original/man8/iptables-extensions.8:217 | |
2767 | -#, fuzzy, no-wrap | |
2768 | -#| msgid "limit" | |
2769 | -msgid "connlimit" | |
2770 | -msgstr "limit" | |
2771 | - | |
2772 | -#. type: Plain text | |
2773 | -#: original/man8/iptables-extensions.8:220 | |
2774 | -msgid "" | |
2775 | -"Allows you to restrict the number of parallel connections to a server per " | |
2776 | -"client IP address (or client address block)." | |
2777 | -msgstr "" | |
2778 | - | |
2779 | -#. type: TP | |
2780 | -#: original/man8/iptables-extensions.8:220 | |
2781 | -#, fuzzy, no-wrap | |
2782 | -#| msgid "B<--limit-burst >I<number>" | |
2783 | -msgid "B<--connlimit-upto> I<n>" | |
2784 | -msgstr "B<--limit-burst >I<number>" | |
2785 | - | |
2786 | -#. type: Plain text | |
2787 | -#: original/man8/iptables-extensions.8:223 | |
2788 | -msgid "Match if the number of existing connections is below or equal I<n>." | |
2789 | -msgstr "" | |
2790 | - | |
2791 | -#. type: TP | |
2792 | -#: original/man8/iptables-extensions.8:223 | |
2793 | -#, fuzzy, no-wrap | |
2794 | -#| msgid "B<--limit-burst >I<number>" | |
2795 | -msgid "B<--connlimit-above> I<n>" | |
2796 | -msgstr "B<--limit-burst >I<number>" | |
2797 | - | |
2798 | -#. type: Plain text | |
2799 | -#: original/man8/iptables-extensions.8:226 | |
2800 | -msgid "Match if the number of existing connections is above I<n>." | |
2801 | -msgstr "" | |
2802 | - | |
2803 | -#. type: TP | |
2804 | -#: original/man8/iptables-extensions.8:226 | |
2805 | -#, no-wrap | |
2806 | -msgid "B<--connlimit-mask> I<prefix_length>" | |
2807 | -msgstr "" | |
2808 | - | |
2809 | -#. type: Plain text | |
2810 | -#: original/man8/iptables-extensions.8:231 | |
2811 | -msgid "" | |
2812 | -"Group hosts using the prefix length. For IPv4, this must be a number between " | |
2813 | -"(including) 0 and 32. For IPv6, between 0 and 128. If not specified, the " | |
2814 | -"maximum prefix length for the applicable protocol is used." | |
2815 | -msgstr "" | |
2816 | - | |
2817 | -#. type: TP | |
2818 | -#: original/man8/iptables-extensions.8:231 | |
2819 | -#, no-wrap | |
2820 | -msgid "B<--connlimit-saddr>" | |
2821 | -msgstr "" | |
2822 | - | |
2823 | -#. type: Plain text | |
2824 | -#: original/man8/iptables-extensions.8:235 | |
2825 | -msgid "" | |
2826 | -"Apply the limit onto the source group. This is the default if --connlimit-" | |
2827 | -"daddr is not specified." | |
2828 | -msgstr "" | |
2829 | - | |
2830 | -#. type: TP | |
2831 | -#: original/man8/iptables-extensions.8:235 | |
2832 | -#, no-wrap | |
2833 | -msgid "B<--connlimit-daddr>" | |
2834 | -msgstr "" | |
2835 | - | |
2836 | -#. type: Plain text | |
2837 | -#: original/man8/iptables-extensions.8:238 | |
2838 | -msgid "Apply the limit onto the destination group." | |
2839 | -msgstr "" | |
2840 | - | |
2841 | -#. type: Plain text | |
2842 | -#: original/man8/iptables-extensions.8:240 | |
2843 | -#: original/man8/iptables-extensions.8:514 | |
2844 | -#: original/man8/iptables-extensions.8:1127 | |
2845 | -#: original/man8/iptables-extensions.8:1252 | |
2846 | -msgid "Examples:" | |
2847 | -msgstr "" | |
2848 | - | |
2849 | -#. type: TP | |
2850 | -#: original/man8/iptables-extensions.8:240 | |
2851 | -#, no-wrap | |
2852 | -msgid "# allow 2 telnet connections per client host" | |
2853 | -msgstr "" | |
2854 | - | |
2855 | -#. type: Plain text | |
2856 | -#: original/man8/iptables-extensions.8:243 | |
2857 | -msgid "" | |
2858 | -"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -" | |
2859 | -"j REJECT" | |
2860 | -msgstr "" | |
2861 | - | |
2862 | -#. type: TP | |
2863 | -#: original/man8/iptables-extensions.8:243 | |
2864 | -#, no-wrap | |
2865 | -msgid "# you can also match the other way around:" | |
2866 | -msgstr "" | |
2867 | - | |
2868 | -#. type: Plain text | |
2869 | -#: original/man8/iptables-extensions.8:246 | |
2870 | -msgid "" | |
2871 | -"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-upto 2 -j " | |
2872 | -"ACCEPT" | |
2873 | -msgstr "" | |
2874 | - | |
2875 | -#. type: TP | |
2876 | -#: original/man8/iptables-extensions.8:246 | |
2877 | -#, no-wrap | |
2878 | -msgid "# limit the number of parallel HTTP requests to 16 per class C sized source network (24 bit netmask)" | |
2879 | -msgstr "" | |
2880 | - | |
2881 | -#. type: Plain text | |
2882 | -#: original/man8/iptables-extensions.8:251 | |
2883 | -msgid "" | |
2884 | -"iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --" | |
2885 | -"connlimit-mask 24 -j REJECT" | |
2886 | -msgstr "" | |
2887 | - | |
2888 | -#. type: TP | |
2889 | -#: original/man8/iptables-extensions.8:251 | |
2890 | -#, no-wrap | |
2891 | -msgid "# limit the number of parallel HTTP requests to 16 for the link local network" | |
2892 | -msgstr "" | |
2893 | - | |
2894 | -#. type: Plain text | |
2895 | -#: original/man8/iptables-extensions.8:256 | |
2896 | -msgid "" | |
2897 | -"(ipv6) ip6tables -p tcp --syn --dport 80 -s fe80::/64 -m connlimit --" | |
2898 | -"connlimit-above 16 --connlimit-mask 64 -j REJECT" | |
2899 | -msgstr "" | |
2900 | - | |
2901 | -#. type: TP | |
2902 | -#: original/man8/iptables-extensions.8:256 | |
2903 | -#, no-wrap | |
2904 | -msgid "# Limit the number of connections to a particular host:" | |
2905 | -msgstr "" | |
2906 | - | |
2907 | -#. type: Plain text | |
2908 | -#: original/man8/iptables-extensions.8:260 | |
2909 | -msgid "" | |
2910 | -"ip6tables -p tcp --syn --dport 49152:65535 -d 2001:db8::1 -m connlimit --" | |
2911 | -"connlimit-above 100 -j REJECT" | |
2912 | -msgstr "" | |
2913 | - | |
2914 | -#. type: SS | |
2915 | -#: original/man8/iptables-extensions.8:260 | |
2916 | -#, fuzzy, no-wrap | |
2917 | -#| msgid "conntrack" | |
2918 | -msgid "connmark" | |
2919 | -msgstr "conntrack" | |
2920 | - | |
2921 | -#. type: Plain text | |
2922 | -#: original/man8/iptables-extensions.8:263 | |
2923 | -#, fuzzy | |
2924 | -#| msgid "" | |
2925 | -#| "This module matches the netfilter mark field associated with a packet " | |
2926 | -#| "(which can be set using the B<MARK> target below)." | |
2927 | -msgid "" | |
2928 | -"This module matches the netfilter mark field associated with a connection " | |
2929 | -"(which can be set using the B<CONNMARK> target below)." | |
2930 | -msgstr "" | |
2931 | -"このモジュールはパケットに関連づけられた netfilter の mark フィールドにマッチ" | |
2932 | -"する (このフィールドは、以下の B<MARK> ターゲットで設定される)。" | |
2933 | - | |
2934 | -#. type: TP | |
2935 | -#: original/man8/iptables-extensions.8:263 | |
2936 | -#: original/man8/iptables-extensions.8:703 | |
2937 | -#, fuzzy, no-wrap | |
2938 | -#| msgid "B<--mark >I<value>[/I<mask>]" | |
2939 | -msgid "[B<!>] B<--mark> I<value>[B</>I<mask>]" | |
2940 | -msgstr "B<--mark >I<value>[/I<mask>]" | |
2941 | - | |
2942 | -#. type: Plain text | |
2943 | -#: original/man8/iptables-extensions.8:267 | |
2944 | -#, fuzzy | |
2945 | -#| msgid "" | |
2946 | -#| "Matches packets with the given unsigned mark value (if a mask is " | |
2947 | -#| "specified, this is logically ANDed with the mask before the comparison)." | |
2948 | -msgid "" | |
2949 | -"Matches packets in connections with the given mark value (if a mask is " | |
2950 | -"specified, this is logically ANDed with the mark before the comparison)." | |
2951 | -msgstr "" | |
2952 | -"指定された符号なし mark 値のパケットにマッチする (mask が指定されると、比較の" | |
2953 | -"前に mask との論理積 (AND) がとられる)。" | |
2954 | - | |
2955 | -#. type: SS | |
2956 | -#: original/man8/iptables-extensions.8:267 | |
2957 | -#, no-wrap | |
2958 | -msgid "conntrack" | |
2959 | -msgstr "conntrack" | |
2960 | - | |
2961 | -#. type: Plain text | |
2962 | -#: original/man8/iptables-extensions.8:270 | |
2963 | -#, fuzzy | |
2964 | -#| msgid "" | |
2965 | -#| "This module, when combined with connection tracking, allows access to the " | |
2966 | -#| "connection tracking state for this packet." | |
2967 | -msgid "" | |
2968 | -"This module, when combined with connection tracking, allows access to the " | |
2969 | -"connection tracking state for this packet/connection." | |
2970 | -msgstr "" | |
2971 | -"このモジュールは、接続追跡 (connection tracking) と組み合わせて用いると、 パ" | |
2972 | -"ケットについての接続追跡状態を知ることができる。" | |
2973 | - | |
2974 | -#. type: TP | |
2975 | -#: original/man8/iptables-extensions.8:270 | |
2976 | -#, fuzzy, no-wrap | |
2977 | -#| msgid "B<--ctstate >I<state>" | |
2978 | -msgid "[B<!>] B<--ctstate> I<statelist>" | |
2979 | -msgstr "B<--ctstate >I<state>" | |
2980 | - | |
2981 | -#. type: Plain text | |
2982 | -#: original/man8/iptables-extensions.8:274 | |
2983 | -msgid "" | |
2984 | -"I<statelist> is a comma separated list of the connection states to match. " | |
2985 | -"Possible states are listed below." | |
2986 | -msgstr "" | |
2987 | - | |
2988 | -#. type: TP | |
2989 | -#: original/man8/iptables-extensions.8:274 | |
2990 | -#, fuzzy, no-wrap | |
2991 | -#| msgid "B<--ctproto >I<proto>" | |
2992 | -msgid "[B<!>] B<--ctproto> I<l4proto>" | |
2993 | -msgstr "B<--ctproto >I<proto>" | |
2994 | - | |
2995 | -#. type: Plain text | |
2996 | -#: original/man8/iptables-extensions.8:277 | |
2997 | -#, fuzzy | |
2998 | -#| msgid "Protocol to match (by number or name)" | |
2999 | -msgid "Layer-4 protocol to match (by number or name)" | |
3000 | -msgstr "(名前または数値で) 指定されたプロトコルにマッチする。" | |
3001 | - | |
3002 | -#. type: TP | |
3003 | -#: original/man8/iptables-extensions.8:277 | |
3004 | -#, fuzzy, no-wrap | |
3005 | -#| msgid "B<--ctorigsrc >I<[!] address[/mask]>" | |
3006 | -msgid "[B<!>] B<--ctorigsrc> I<address>[B</>I<mask>]" | |
3007 | -msgstr "B<--ctorigsrc >I<[!] address[/mask]>" | |
3008 | - | |
3009 | -#. type: TP | |
3010 | -#: original/man8/iptables-extensions.8:279 | |
3011 | -#, fuzzy, no-wrap | |
3012 | -#| msgid "B<--ctorigdst >I<[!] address[/mask]>" | |
3013 | -msgid "[B<!>] B<--ctorigdst> I<address>[B</>I<mask>]" | |
3014 | -msgstr "B<--ctorigdst >I<[!] address[/mask]>" | |
3015 | - | |
3016 | -#. type: TP | |
3017 | -#: original/man8/iptables-extensions.8:281 | |
3018 | -#, fuzzy, no-wrap | |
3019 | -#| msgid "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>" | |
3020 | -msgid "[B<!>] B<--ctreplsrc> I<address>[B</>I<mask>]" | |
3021 | -msgstr "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>" | |
3022 | - | |
3023 | -#. type: TP | |
3024 | -#: original/man8/iptables-extensions.8:283 | |
3025 | -#, fuzzy, no-wrap | |
3026 | -#| msgid "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>" | |
3027 | -msgid "[B<!>] B<--ctrepldst> I<address>[B</>I<mask>]" | |
3028 | -msgstr "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>" | |
3029 | - | |
3030 | -#. type: Plain text | |
3031 | -#: original/man8/iptables-extensions.8:286 | |
3032 | -#, fuzzy | |
3033 | -#| msgid "Match against original destination address" | |
3034 | -msgid "Match against original/reply source/destination address" | |
3035 | -msgstr "書き換え前の宛先アドレスにマッチする。" | |
3036 | - | |
3037 | -#. type: TP | |
3038 | -#: original/man8/iptables-extensions.8:286 | |
3039 | -#, fuzzy, no-wrap | |
3040 | -#| msgid "B<--source-port >[!] I<port>[:I<port>]" | |
3041 | -msgid "[B<!>] B<--ctorigsrcport> I<port>[B<:>I<port>]" | |
3042 | -msgstr "B<--source-port >[!] I<port>[:I<port>]" | |
3043 | - | |
3044 | -#. type: TP | |
3045 | -#: original/man8/iptables-extensions.8:288 | |
3046 | -#, fuzzy, no-wrap | |
3047 | -#| msgid "B<--to-ports >I<port>[-I<port>]" | |
3048 | -msgid "[B<!>] B<--ctorigdstport> I<port>[B<:>I<port>]" | |
3049 | -msgstr "B<--to-ports >I<port>[-I<port>]" | |
3050 | - | |
3051 | -#. type: TP | |
3052 | -#: original/man8/iptables-extensions.8:290 | |
3053 | -#, fuzzy, no-wrap | |
3054 | -#| msgid "B<--source-port >[!] I<port>[:I<port>]" | |
3055 | -msgid "[B<!>] B<--ctreplsrcport> I<port>[B<:>I<port>]" | |
3056 | -msgstr "B<--source-port >[!] I<port>[:I<port>]" | |
3057 | - | |
3058 | -#. type: TP | |
3059 | -#: original/man8/iptables-extensions.8:292 | |
3060 | -#, fuzzy, no-wrap | |
3061 | -#| msgid "B<--source-port >[!] I<port>[:I<port>]" | |
3062 | -msgid "[B<!>] B<--ctrepldstport> I<port>[B<:>I<port>]" | |
3063 | -msgstr "B<--source-port >[!] I<port>[:I<port>]" | |
3064 | - | |
3065 | -#. type: Plain text | |
3066 | -#: original/man8/iptables-extensions.8:296 | |
3067 | -msgid "" | |
3068 | -"Match against original/reply source/destination port (TCP/UDP/etc.) or GRE " | |
3069 | -"key. Matching against port ranges is only supported in kernel versions " | |
3070 | -"above 2.6.38." | |
3071 | -msgstr "" | |
3072 | - | |
3073 | -#. type: TP | |
3074 | -#: original/man8/iptables-extensions.8:296 | |
3075 | -#, fuzzy, no-wrap | |
3076 | -#| msgid "B<--ctstate >I<state>" | |
3077 | -msgid "[B<!>] B<--ctstatus> I<statelist>" | |
3078 | -msgstr "B<--ctstate >I<state>" | |
3079 | - | |
3080 | -#. type: Plain text | |
3081 | -#: original/man8/iptables-extensions.8:300 | |
3082 | -msgid "" | |
3083 | -"I<statuslist> is a comma separated list of the connection statuses to " | |
3084 | -"match. Possible statuses are listed below." | |
3085 | -msgstr "" | |
3086 | - | |
3087 | -#. type: TP | |
3088 | -#: original/man8/iptables-extensions.8:300 | |
3089 | -#, fuzzy, no-wrap | |
3090 | -#| msgid "B<--ctexpire >I<time[:time]>" | |
3091 | -msgid "[B<!>] B<--ctexpire> I<time>[B<:>I<time>]" | |
3092 | -msgstr "B<--ctexpire >I<time[:time]>" | |
3093 | - | |
3094 | -#. type: Plain text | |
3095 | -#: original/man8/iptables-extensions.8:304 | |
3096 | -msgid "" | |
3097 | -"Match remaining lifetime in seconds against given value or range of values " | |
3098 | -"(inclusive)" | |
3099 | -msgstr "有効期間の残り秒数、またはその範囲(両端を含む)にマッチする。" | |
3100 | - | |
3101 | -#. type: TP | |
3102 | -#: original/man8/iptables-extensions.8:304 | |
3103 | -#, no-wrap | |
3104 | -msgid "B<--ctdir> {B<ORIGINAL>|B<REPLY>}" | |
3105 | -msgstr "" | |
3106 | - | |
3107 | -#. type: Plain text | |
3108 | -#: original/man8/iptables-extensions.8:308 | |
3109 | -msgid "" | |
3110 | -"Match packets that are flowing in the specified direction. If this flag is " | |
3111 | -"not specified at all, matches packets in both directions." | |
3112 | -msgstr "" | |
3113 | - | |
3114 | -#. type: Plain text | |
3115 | -#: original/man8/iptables-extensions.8:310 | |
3116 | -msgid "States for B<--ctstate>:" | |
3117 | -msgstr "" | |
3118 | - | |
3119 | -#. type: TP | |
3120 | -#: original/man8/iptables-extensions.8:310 | |
3121 | -#, no-wrap | |
3122 | -msgid "B<INVALID>" | |
3123 | -msgstr "" | |
3124 | - | |
3125 | -#. type: Plain text | |
3126 | -#: original/man8/iptables-extensions.8:313 | |
3127 | -#, fuzzy | |
3128 | -#| msgid "" | |
3129 | -#| "Matches if the packet was created by a process with the given process id." | |
3130 | -msgid "The packet is associated with no known connection." | |
3131 | -msgstr "" | |
3132 | -"指定されたプロセス ID のプロセスにより パケットが生成されている場合にマッチす" | |
3133 | -"る。" | |
3134 | - | |
3135 | -#. type: TP | |
3136 | -#: original/man8/iptables-extensions.8:313 | |
3137 | -#, no-wrap | |
3138 | -msgid "B<NEW>" | |
3139 | -msgstr "" | |
3140 | - | |
3141 | -#. type: Plain text | |
3142 | -#: original/man8/iptables-extensions.8:317 | |
3143 | -msgid "" | |
3144 | -"The packet has started a new connection, or otherwise associated with a " | |
3145 | -"connection which has not seen packets in both directions." | |
3146 | -msgstr "" | |
3147 | - | |
3148 | -#. type: TP | |
3149 | -#: original/man8/iptables-extensions.8:317 | |
3150 | -#, no-wrap | |
3151 | -msgid "B<ESTABLISHED>" | |
3152 | -msgstr "" | |
3153 | - | |
3154 | -#. type: Plain text | |
3155 | -#: original/man8/iptables-extensions.8:321 | |
3156 | -#, fuzzy | |
3157 | -#| msgid "" | |
3158 | -#| "This module matches the netfilter mark field associated with a packet " | |
3159 | -#| "(which can be set using the B<MARK> target below)." | |
3160 | -msgid "" | |
3161 | -"The packet is associated with a connection which has seen packets in both " | |
3162 | -"directions." | |
3163 | -msgstr "" | |
3164 | -"このモジュールはパケットに関連づけられた netfilter の mark フィールドにマッチ" | |
3165 | -"する (このフィールドは、以下の B<MARK> ターゲットで設定される)。" | |
3166 | - | |
3167 | -#. type: TP | |
3168 | -#: original/man8/iptables-extensions.8:321 | |
3169 | -#, no-wrap | |
3170 | -msgid "B<RELATED>" | |
3171 | -msgstr "" | |
3172 | - | |
3173 | -#. type: Plain text | |
3174 | -#: original/man8/iptables-extensions.8:325 | |
3175 | -msgid "" | |
3176 | -"The packet is starting a new connection, but is associated with an existing " | |
3177 | -"connection, such as an FTP data transfer, or an ICMP error." | |
3178 | -msgstr "" | |
3179 | - | |
3180 | -#. type: TP | |
3181 | -#: original/man8/iptables-extensions.8:325 | |
3182 | -#, no-wrap | |
3183 | -msgid "B<UNTRACKED>" | |
3184 | -msgstr "" | |
3185 | - | |
3186 | -#. type: Plain text | |
3187 | -#: original/man8/iptables-extensions.8:329 | |
3188 | -msgid "" | |
3189 | -"The packet is not tracked at all, which happens if you explicitly untrack it " | |
3190 | -"by using -j CT --notrack in the raw table." | |
3191 | -msgstr "" | |
3192 | - | |
3193 | -#. type: TP | |
3194 | -#: original/man8/iptables-extensions.8:329 | |
3195 | -#, fuzzy, no-wrap | |
3196 | -#| msgid "SNAT" | |
3197 | -msgid "B<SNAT>" | |
3198 | -msgstr "SNAT" | |
3199 | - | |
3200 | -#. type: Plain text | |
3201 | -#: original/man8/iptables-extensions.8:333 | |
3202 | -msgid "" | |
3203 | -"A virtual state, matching if the original source address differs from the " | |
3204 | -"reply destination." | |
3205 | -msgstr "" | |
3206 | - | |
3207 | -#. type: TP | |
3208 | -#: original/man8/iptables-extensions.8:333 | |
3209 | -#, fuzzy, no-wrap | |
3210 | -#| msgid "DNAT" | |
3211 | -msgid "B<DNAT>" | |
3212 | -msgstr "DNAT" | |
3213 | - | |
3214 | -#. type: Plain text | |
3215 | -#: original/man8/iptables-extensions.8:337 | |
3216 | -msgid "" | |
3217 | -"A virtual state, matching if the original destination differs from the reply " | |
3218 | -"source." | |
3219 | -msgstr "" | |
3220 | - | |
3221 | -#. type: Plain text | |
3222 | -#: original/man8/iptables-extensions.8:339 | |
3223 | -msgid "Statuses for B<--ctstatus>:" | |
3224 | -msgstr "" | |
3225 | - | |
3226 | -#. type: TP | |
3227 | -#: original/man8/iptables-extensions.8:339 | |
3228 | -#, no-wrap | |
3229 | -msgid "B<NONE>" | |
3230 | -msgstr "" | |
3231 | - | |
3232 | -#. type: Plain text | |
3233 | -#: original/man8/iptables-extensions.8:342 | |
3234 | -msgid "None of the below." | |
3235 | -msgstr "" | |
3236 | - | |
3237 | -#. type: TP | |
3238 | -#: original/man8/iptables-extensions.8:342 | |
3239 | -#, no-wrap | |
3240 | -msgid "B<EXPECTED>" | |
3241 | -msgstr "" | |
3242 | - | |
3243 | -#. type: Plain text | |
3244 | -#: original/man8/iptables-extensions.8:345 | |
3245 | -msgid "This is an expected connection (i.e. a conntrack helper set it up)." | |
3246 | -msgstr "" | |
3247 | - | |
3248 | -#. type: TP | |
3249 | -#: original/man8/iptables-extensions.8:345 | |
3250 | -#, no-wrap | |
3251 | -msgid "B<SEEN_REPLY>" | |
3252 | -msgstr "" | |
3253 | - | |
3254 | -#. type: Plain text | |
3255 | -#: original/man8/iptables-extensions.8:348 | |
3256 | -msgid "Conntrack has seen packets in both directions." | |
3257 | -msgstr "" | |
3258 | - | |
3259 | -#. type: TP | |
3260 | -#: original/man8/iptables-extensions.8:348 | |
3261 | -#, no-wrap | |
3262 | -msgid "B<ASSURED>" | |
3263 | -msgstr "" | |
3264 | - | |
3265 | -#. type: Plain text | |
3266 | -#: original/man8/iptables-extensions.8:351 | |
3267 | -msgid "Conntrack entry should never be early-expired." | |
3268 | -msgstr "" | |
3269 | - | |
3270 | -#. type: TP | |
3271 | -#: original/man8/iptables-extensions.8:351 | |
3272 | -#, no-wrap | |
3273 | -msgid "B<CONFIRMED>" | |
3274 | -msgstr "" | |
3275 | - | |
3276 | -#. type: Plain text | |
3277 | -#: original/man8/iptables-extensions.8:354 | |
3278 | -msgid "Connection is confirmed: originating packet has left box." | |
3279 | -msgstr "" | |
3280 | - | |
3281 | -#. type: SS | |
3282 | -#: original/man8/iptables-extensions.8:354 | |
3283 | -#, fuzzy, no-wrap | |
3284 | -#| msgid "tcp" | |
3285 | -msgid "cpu" | |
3286 | -msgstr "tcp" | |
3287 | - | |
3288 | -#. type: TP | |
3289 | -#: original/man8/iptables-extensions.8:355 | |
3290 | -#, fuzzy, no-wrap | |
3291 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
3292 | -msgid "[B<!>] B<--cpu> I<number>" | |
3293 | -msgstr "B<-t>, B<--table> B<tablename>" | |
3294 | - | |
3295 | -#. type: Plain text | |
3296 | -#: original/man8/iptables-extensions.8:360 | |
3297 | -msgid "" | |
3298 | -"Match cpu handling this packet. cpus are numbered from 0 to NR_CPUS-1 Can be " | |
3299 | -"used in combination with RPS (Remote Packet Steering) or multiqueue NICs to " | |
3300 | -"spread network traffic on different queues." | |
3301 | -msgstr "" | |
3302 | - | |
3303 | -#. type: Plain text | |
3304 | -#: original/man8/iptables-extensions.8:365 | |
3305 | -msgid "" | |
3306 | -"iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 -j REDIRECT --" | |
3307 | -"to-port 8080" | |
3308 | -msgstr "" | |
3309 | - | |
3310 | -#. type: Plain text | |
3311 | -#: original/man8/iptables-extensions.8:368 | |
3312 | -msgid "" | |
3313 | -"iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 -j REDIRECT --" | |
3314 | -"to-port 8081" | |
3315 | -msgstr "" | |
3316 | - | |
3317 | -#. type: Plain text | |
3318 | -#: original/man8/iptables-extensions.8:370 | |
3319 | -msgid "Available since Linux 2.6.36." | |
3320 | -msgstr "" | |
3321 | - | |
3322 | -#. type: SS | |
3323 | -#: original/man8/iptables-extensions.8:370 | |
3324 | -#, no-wrap | |
3325 | -msgid "dccp" | |
3326 | -msgstr "" | |
3327 | - | |
3328 | -#. type: TP | |
3329 | -#: original/man8/iptables-extensions.8:371 | |
3330 | -#: original/man8/iptables-extensions.8:1230 | |
3331 | -#: original/man8/iptables-extensions.8:1354 | |
3332 | -#: original/man8/iptables-extensions.8:1657 | |
3333 | -#, fuzzy, no-wrap | |
3334 | -#| msgid "B<--source-ports >I<port>[,I<port>[,I<port>...]]" | |
3335 | -msgid "[B<!>] B<--source-port>,B<--sport> I<port>[B<:>I<port>]" | |
3336 | -msgstr "B<--source-ports >I<port>[,I<port>[,I<port>...]]" | |
3337 | - | |
3338 | -#. type: TP | |
3339 | -#: original/man8/iptables-extensions.8:373 | |
3340 | -#: original/man8/iptables-extensions.8:1232 | |
3341 | -#: original/man8/iptables-extensions.8:1365 | |
3342 | -#: original/man8/iptables-extensions.8:1663 | |
3343 | -#, fuzzy, no-wrap | |
3344 | -#| msgid "B<--destination-ports >I<port>[,I<port>[,I<port>...]]" | |
3345 | -msgid "[B<!>] B<--destination-port>,B<--dport> I<port>[B<:>I<port>]" | |
3346 | -msgstr "B<--destination-ports >I<port>[,I<port>[,I<port>...]]" | |
3347 | - | |
3348 | -#. type: TP | |
3349 | -#: original/man8/iptables-extensions.8:375 | |
3350 | -#, no-wrap | |
3351 | -msgid "[B<!>] B<--dccp-types> I<mask>" | |
3352 | -msgstr "" | |
3353 | - | |
3354 | -#. type: Plain text | |
3355 | -#: original/man8/iptables-extensions.8:380 | |
3356 | -msgid "" | |
3357 | -"Match when the DCCP packet type is one of 'mask'. 'mask' is a comma-" | |
3358 | -"separated list of packet types. Packet types are: B<REQUEST RESPONSE DATA " | |
3359 | -"ACK DATAACK CLOSEREQ CLOSE RESET SYNC SYNCACK INVALID>." | |
3360 | -msgstr "" | |
3361 | - | |
3362 | -#. type: TP | |
3363 | -#: original/man8/iptables-extensions.8:380 | |
3364 | -#, fuzzy, no-wrap | |
3365 | -#| msgid "B<--tcp-option >[!] I<number>" | |
3366 | -msgid "[B<!>] B<--dccp-option> I<number>" | |
3367 | -msgstr "B<--tcp-option >[!] I<number>" | |
3368 | - | |
3369 | -#. type: Plain text | |
3370 | -#: original/man8/iptables-extensions.8:383 | |
3371 | -#, fuzzy | |
3372 | -#| msgid "Match if TCP option set." | |
3373 | -msgid "Match if DCCP option set." | |
3374 | -msgstr "TCP オプションが設定されている場合にマッチする。" | |
3375 | - | |
3376 | -#. type: SS | |
3377 | -#: original/man8/iptables-extensions.8:383 | |
3378 | -#, no-wrap | |
3379 | -msgid "devgroup" | |
3380 | -msgstr "" | |
3381 | - | |
3382 | -#. type: Plain text | |
3383 | -#: original/man8/iptables-extensions.8:385 | |
3384 | -msgid "Match device group of a packets incoming/outgoing interface." | |
3385 | -msgstr "" | |
3386 | - | |
3387 | -#. type: TP | |
3388 | -#: original/man8/iptables-extensions.8:385 | |
3389 | -#, fuzzy, no-wrap | |
3390 | -#| msgid "B<--physdev-out name>" | |
3391 | -msgid "[B<!>] B<--src-group> I<name>" | |
3392 | -msgstr "B<--physdev-out name>" | |
3393 | - | |
3394 | -#. type: Plain text | |
3395 | -#: original/man8/iptables-extensions.8:388 | |
3396 | -msgid "Match device group of incoming device" | |
3397 | -msgstr "" | |
3398 | - | |
3399 | -#. type: TP | |
3400 | -#: original/man8/iptables-extensions.8:388 | |
3401 | -#, fuzzy, no-wrap | |
3402 | -#| msgid "B<--physdev-out name>" | |
3403 | -msgid "[B<!>] B<--dst-group> I<name>" | |
3404 | -msgstr "B<--physdev-out name>" | |
3405 | - | |
3406 | -#. type: Plain text | |
3407 | -#: original/man8/iptables-extensions.8:391 | |
3408 | -msgid "Match device group of outgoing device" | |
3409 | -msgstr "" | |
3410 | - | |
3411 | -#. type: SS | |
3412 | -#: original/man8/iptables-extensions.8:391 | |
3413 | -#, no-wrap | |
3414 | -msgid "dscp" | |
3415 | -msgstr "dscp" | |
3416 | - | |
3417 | -#. type: Plain text | |
3418 | -#: original/man8/iptables-extensions.8:394 | |
3419 | -msgid "" | |
3420 | -"This module matches the 6 bit DSCP field within the TOS field in the IP " | |
3421 | -"header. DSCP has superseded TOS within the IETF." | |
3422 | -msgstr "" | |
3423 | -"このモジュールは、IP ヘッダーの TOS フィールド内にある、 6 bit の DSCP フィー" | |
3424 | -"ルドにマッチする。 IETF では DSCP が TOS に取って代わった。" | |
3425 | - | |
3426 | -#. type: TP | |
3427 | -#: original/man8/iptables-extensions.8:394 | |
3428 | -#, fuzzy, no-wrap | |
3429 | -#| msgid "B<--dscp >I<value>" | |
3430 | -msgid "[B<!>] B<--dscp> I<value>" | |
3431 | -msgstr "B<--dscp >I<value>" | |
3432 | - | |
3433 | -#. type: Plain text | |
3434 | -#: original/man8/iptables-extensions.8:397 | |
3435 | -#, fuzzy | |
3436 | -#| msgid "Match against a numeric (decimal or hex) value [0-32]." | |
3437 | -msgid "Match against a numeric (decimal or hex) value [0-63]." | |
3438 | -msgstr "(10 進または 16 進の) 数値 [0-63] にマッチする。" | |
3439 | - | |
3440 | -#. type: TP | |
3441 | -#: original/man8/iptables-extensions.8:397 | |
3442 | -#, fuzzy, no-wrap | |
3443 | -#| msgid "B<--set-dscp-class >I<class>" | |
3444 | -msgid "[B<!>] B<--dscp-class> I<class>" | |
3445 | -msgstr "B<--set-dscp-class >I<class>" | |
3446 | - | |
3447 | -#. type: Plain text | |
3448 | -#: original/man8/iptables-extensions.8:402 | |
3449 | -#, fuzzy | |
3450 | -#| msgid "" | |
3451 | -#| "Match the DiffServ class. This value may be any of the BE, EF, AFxx or " | |
3452 | -#| "CSx classes. It will then be converted into it's according numeric value." | |
3453 | -msgid "" | |
3454 | -"Match the DiffServ class. This value may be any of the BE, EF, AFxx or CSx " | |
3455 | -"classes. It will then be converted into its according numeric value." | |
3456 | -msgstr "" | |
3457 | -"DiffServ クラスにマッチする。 値は BE, EF, AFxx, CSx クラスのいずれかであ" | |
3458 | -"る。 これらは、対応する数値で指定するのと同じである。" | |
3459 | - | |
3460 | -#. type: SS | |
3461 | -#: original/man8/iptables-extensions.8:402 | |
3462 | -#, no-wrap | |
3463 | -msgid "dst (IPv6-specific)" | |
3464 | -msgstr "" | |
3465 | - | |
3466 | -#. type: Plain text | |
3467 | -#: original/man8/iptables-extensions.8:404 | |
3468 | -#, fuzzy | |
3469 | -#| msgid "This module matches the time to live field in the IP header." | |
3470 | -msgid "This module matches the parameters in Destination Options header" | |
3471 | -msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。" | |
3472 | - | |
3473 | -#. type: TP | |
3474 | -#: original/man8/iptables-extensions.8:404 | |
3475 | -#, fuzzy, no-wrap | |
3476 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
3477 | -msgid "[B<!>] B<--dst-len> I<length>" | |
3478 | -msgstr "B<-t>, B<--table> B<tablename>" | |
3479 | - | |
3480 | -#. type: TP | |
3481 | -#: original/man8/iptables-extensions.8:407 | |
3482 | -#, no-wrap | |
3483 | -msgid "B<--dst-opts> I<type>[B<:>I<length>][B<,>I<type>[B<:>I<length>]...]" | |
3484 | -msgstr "" | |
3485 | - | |
3486 | -#. type: Plain text | |
3487 | -#: original/man8/iptables-extensions.8:410 | |
3488 | -#: original/man8/iptables-extensions.8:543 | |
3489 | -msgid "numeric type of option and the length of the option data in octets." | |
3490 | -msgstr "" | |
3491 | - | |
3492 | -#. type: SS | |
3493 | -#: original/man8/iptables-extensions.8:410 | |
3494 | -#, no-wrap | |
3495 | -msgid "ecn" | |
3496 | -msgstr "" | |
3497 | - | |
3498 | -#. type: Plain text | |
3499 | -#: original/man8/iptables-extensions.8:412 | |
3500 | -msgid "" | |
3501 | -"This allows you to match the ECN bits of the IPv4/IPv6 and TCP header. ECN " | |
3502 | -"is the Explicit Congestion Notification mechanism as specified in RFC3168" | |
3503 | -msgstr "" | |
3504 | - | |
3505 | -#. type: TP | |
3506 | -#: original/man8/iptables-extensions.8:412 | |
3507 | -#, fuzzy, no-wrap | |
3508 | -#| msgid "B<--ecn-tcp-remove>" | |
3509 | -msgid "[B<!>] B<--ecn-tcp-cwr>" | |
3510 | -msgstr "B<--ecn-tcp-remove>" | |
3511 | - | |
3512 | -#. type: Plain text | |
3513 | -#: original/man8/iptables-extensions.8:415 | |
3514 | -msgid "" | |
3515 | -"This matches if the TCP ECN CWR (Congestion Window Received) bit is set." | |
3516 | -msgstr "" | |
3517 | - | |
3518 | -#. type: TP | |
3519 | -#: original/man8/iptables-extensions.8:415 | |
3520 | -#, fuzzy, no-wrap | |
3521 | -#| msgid "B<--ecn-tcp-remove>" | |
3522 | -msgid "[B<!>] B<--ecn-tcp-ece>" | |
3523 | -msgstr "B<--ecn-tcp-remove>" | |
3524 | - | |
3525 | -#. type: Plain text | |
3526 | -#: original/man8/iptables-extensions.8:418 | |
3527 | -msgid "This matches if the TCP ECN ECE (ECN Echo) bit is set." | |
3528 | -msgstr "" | |
3529 | - | |
3530 | -#. type: TP | |
3531 | -#: original/man8/iptables-extensions.8:418 | |
3532 | -#, no-wrap | |
3533 | -msgid "[B<!>] B<--ecn-ip-ect> I<num>" | |
3534 | -msgstr "" | |
3535 | - | |
3536 | -#. type: Plain text | |
3537 | -#: original/man8/iptables-extensions.8:422 | |
3538 | -msgid "" | |
3539 | -"This matches a particular IPv4/IPv6 ECT (ECN-Capable Transport). You have to " | |
3540 | -"specify a number between `0' and `3'." | |
3541 | -msgstr "" | |
3542 | - | |
3543 | -#. type: SS | |
3544 | -#: original/man8/iptables-extensions.8:422 | |
3545 | -#, no-wrap | |
3546 | -msgid "esp" | |
3547 | -msgstr "esp" | |
3548 | - | |
3549 | -#. type: Plain text | |
3550 | -#: original/man8/iptables-extensions.8:424 | |
3551 | -#, fuzzy | |
3552 | -#| msgid "This module matches the SPIs in ESP header of IPSec packets." | |
3553 | -msgid "This module matches the SPIs in ESP header of IPsec packets." | |
3554 | -msgstr "このモジュールは IPSec パケットの ESP ヘッダーの SPI 値にマッチする。" | |
3555 | - | |
3556 | -#. type: TP | |
3557 | -#: original/man8/iptables-extensions.8:424 | |
3558 | -#, fuzzy, no-wrap | |
3559 | -#| msgid "B<--espspi >[!] I<spi>[:I<spi>]" | |
3560 | -msgid "[B<!>] B<--espspi> I<spi>[B<:>I<spi>]" | |
3561 | -msgstr "B<--espspi >[!] I<spi>[:I<spi>]" | |
3562 | - | |
3563 | -#. type: SS | |
3564 | -#: original/man8/iptables-extensions.8:426 | |
3565 | -#, no-wrap | |
3566 | -msgid "eui64 (IPv6-specific)" | |
3567 | -msgstr "" | |
3568 | - | |
3569 | -#. type: Plain text | |
3570 | -#: original/man8/iptables-extensions.8:437 | |
3571 | -msgid "" | |
3572 | -"This module matches the EUI-64 part of a stateless autoconfigured IPv6 " | |
3573 | -"address. It compares the EUI-64 derived from the source MAC address in " | |
3574 | -"Ethernet frame with the lower 64 bits of the IPv6 source address. But " | |
3575 | -"\"Universal/Local\" bit is not compared. This module doesn't match other " | |
3576 | -"link layer frame, and is only valid in the B<PREROUTING>, B<INPUT> and " | |
3577 | -"B<FORWARD> chains." | |
3578 | -msgstr "" | |
3579 | - | |
3580 | -#. type: SS | |
3581 | -#: original/man8/iptables-extensions.8:437 | |
3582 | -#, no-wrap | |
3583 | -msgid "frag (IPv6-specific)" | |
3584 | -msgstr "" | |
3585 | - | |
3586 | -#. type: Plain text | |
3587 | -#: original/man8/iptables-extensions.8:439 | |
3588 | -#, fuzzy | |
3589 | -#| msgid "This module matches the time to live field in the IP header." | |
3590 | -msgid "This module matches the parameters in Fragment header." | |
3591 | -msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。" | |
3592 | - | |
3593 | -#. type: TP | |
3594 | -#: original/man8/iptables-extensions.8:439 | |
3595 | -#, no-wrap | |
3596 | -msgid "[B<!>] B<--fragid> I<id>[B<:>I<id>]" | |
3597 | -msgstr "" | |
3598 | - | |
3599 | -#. type: Plain text | |
3600 | -#: original/man8/iptables-extensions.8:442 | |
3601 | -msgid "Matches the given Identification or range of it." | |
3602 | -msgstr "" | |
3603 | - | |
3604 | -#. type: TP | |
3605 | -#: original/man8/iptables-extensions.8:442 | |
3606 | -#, fuzzy, no-wrap | |
3607 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
3608 | -msgid "[B<!>] B<--fraglen> I<length>" | |
3609 | -msgstr "B<-t>, B<--table> B<tablename>" | |
3610 | - | |
3611 | -#. type: Plain text | |
3612 | -#: original/man8/iptables-extensions.8:446 | |
3613 | -msgid "" | |
3614 | -"This option cannot be used with kernel version 2.6.10 or later. The length " | |
3615 | -"of Fragment header is static and this option doesn't make sense." | |
3616 | -msgstr "" | |
3617 | - | |
3618 | -#. type: TP | |
3619 | -#: original/man8/iptables-extensions.8:446 | |
3620 | -#, no-wrap | |
3621 | -msgid "B<--fragres>" | |
3622 | -msgstr "" | |
3623 | - | |
3624 | -#. type: Plain text | |
3625 | -#: original/man8/iptables-extensions.8:449 | |
3626 | -msgid "Matches if the reserved fields are filled with zero." | |
3627 | -msgstr "" | |
3628 | - | |
3629 | -#. type: TP | |
3630 | -#: original/man8/iptables-extensions.8:449 | |
3631 | -#, no-wrap | |
3632 | -msgid "B<--fragfirst>" | |
3633 | -msgstr "" | |
3634 | - | |
3635 | -#. type: Plain text | |
3636 | -#: original/man8/iptables-extensions.8:452 | |
3637 | -msgid "Matches on the first fragment." | |
3638 | -msgstr "" | |
3639 | - | |
3640 | -#. type: TP | |
3641 | -#: original/man8/iptables-extensions.8:452 | |
3642 | -#, fuzzy, no-wrap | |
3643 | -#| msgid "B<[!] -f, --fragment>" | |
3644 | -msgid "B<--fragmore>" | |
3645 | -msgstr "B<[!] -f, --fragment>" | |
3646 | - | |
3647 | -#. type: Plain text | |
3648 | -#: original/man8/iptables-extensions.8:455 | |
3649 | -msgid "Matches if there are more fragments." | |
3650 | -msgstr "" | |
3651 | - | |
3652 | -#. type: TP | |
3653 | -#: original/man8/iptables-extensions.8:455 | |
3654 | -#, no-wrap | |
3655 | -msgid "B<--fraglast>" | |
3656 | -msgstr "" | |
3657 | - | |
3658 | -#. type: Plain text | |
3659 | -#: original/man8/iptables-extensions.8:458 | |
3660 | -msgid "Matches if this is the last fragment." | |
3661 | -msgstr "" | |
3662 | - | |
3663 | -#. type: SS | |
3664 | -#: original/man8/iptables-extensions.8:458 | |
3665 | -#, fuzzy, no-wrap | |
3666 | -#| msgid "limit" | |
3667 | -msgid "hashlimit" | |
3668 | -msgstr "limit" | |
3669 | - | |
3670 | -#. type: Plain text | |
3671 | -#: original/man8/iptables-extensions.8:464 | |
3672 | -msgid "" | |
3673 | -"B<hashlimit> uses hash buckets to express a rate limiting match (like the " | |
3674 | -"B<limit> match) for a group of connections using a B<single> iptables rule. " | |
3675 | -"Grouping can be done per-hostgroup (source and/or destination address) and/" | |
3676 | -"or per-port. It gives you the ability to express \"I<N> packets per time " | |
3677 | -"quantum per group\" or \"I<N> bytes per seconds\" (see below for some " | |
3678 | -"examples)." | |
3679 | -msgstr "" | |
3680 | - | |
3681 | -#. type: Plain text | |
3682 | -#: original/man8/iptables-extensions.8:467 | |
3683 | -msgid "" | |
3684 | -"A hash limit option (B<--hashlimit-upto>, B<--hashlimit-above>) and B<--" | |
3685 | -"hashlimit-name> are required." | |
3686 | -msgstr "" | |
3687 | - | |
3688 | -#. type: TP | |
3689 | -#: original/man8/iptables-extensions.8:467 | |
3690 | -#, no-wrap | |
3691 | -msgid "B<--hashlimit-upto> I<amount>[B</second>|B</minute>|B</hour>|B</day>]" | |
3692 | -msgstr "" | |
3693 | - | |
3694 | -#. type: Plain text | |
3695 | -#: original/man8/iptables-extensions.8:472 | |
3696 | -#, fuzzy | |
3697 | -#| msgid "" | |
3698 | -#| "Maximum average matching rate: specified as a number, with an optional `/" | |
3699 | -#| "second', `/minute', `/hour', or `/day' suffix; the default is 3/hour." | |
3700 | -msgid "" | |
3701 | -"Match if the rate is below or equal to I<amount>/quantum. It is specified " | |
3702 | -"either as a number, with an optional time quantum suffix (the default is 3/" | |
3703 | -"hour), or as I<amount>b/second (number of bytes per second)." | |
3704 | -msgstr "" | |
3705 | -"単位時間あたりの平均マッチ回数の最大値。 数値で指定され、添字 `/second', `/" | |
3706 | -"minute', `/hour', `/day' を付けることもできる。 デフォルトは 3/hour である。" | |
3707 | - | |
3708 | -#. type: TP | |
3709 | -#: original/man8/iptables-extensions.8:472 | |
3710 | -#, no-wrap | |
3711 | -msgid "B<--hashlimit-above> I<amount>[B</second>|B</minute>|B</hour>|B</day>]" | |
3712 | -msgstr "" | |
3713 | - | |
3714 | -#. type: Plain text | |
3715 | -#: original/man8/iptables-extensions.8:475 | |
3716 | -msgid "Match if the rate is above I<amount>/quantum." | |
3717 | -msgstr "" | |
3718 | - | |
3719 | -#. type: TP | |
3720 | -#: original/man8/iptables-extensions.8:475 | |
3721 | -#, fuzzy, no-wrap | |
3722 | -#| msgid "B<--limit-burst >I<number>" | |
3723 | -msgid "B<--hashlimit-burst> I<amount>" | |
3724 | -msgstr "B<--limit-burst >I<number>" | |
3725 | - | |
3726 | -#. type: Plain text | |
3727 | -#: original/man8/iptables-extensions.8:482 | |
3728 | -#, fuzzy | |
3729 | -#| msgid "" | |
3730 | -#| "Maximum initial number of packets to match: this number gets recharged by " | |
3731 | -#| "one every time the limit specified above is not reached, up to this " | |
3732 | -#| "number; the default is 5." | |
3733 | -msgid "" | |
3734 | -"Maximum initial number of packets to match: this number gets recharged by " | |
3735 | -"one every time the limit specified above is not reached, up to this number; " | |
3736 | -"the default is 5. When byte-based rate matching is requested, this option " | |
3737 | -"specifies the amount of bytes that can exceed the given rate. This option " | |
3738 | -"should be used with caution -- if the entry expires, the burst value is " | |
3739 | -"reset too." | |
3740 | -msgstr "" | |
3741 | -"パケットがマッチする回数の最大初期値: 上のオプションで指定した制限に\n" | |
3742 | -"達しなければ、 その度ごとに、この数値になるまで 1 個ずつ増やされる。\n" | |
3743 | -"デフォルトは 5 である。" | |
3744 | - | |
3745 | -#. type: TP | |
3746 | -#: original/man8/iptables-extensions.8:482 | |
3747 | -#, no-wrap | |
3748 | -msgid "B<--hashlimit-mode> {B<srcip>|B<srcport>|B<dstip>|B<dstport>}B<,>..." | |
3749 | -msgstr "" | |
3750 | - | |
3751 | -#. type: Plain text | |
3752 | -#: original/man8/iptables-extensions.8:487 | |
3753 | -msgid "" | |
3754 | -"A comma-separated list of objects to take into consideration. If no --" | |
3755 | -"hashlimit-mode option is given, hashlimit acts like limit, but at the " | |
3756 | -"expensive of doing the hash housekeeping." | |
3757 | -msgstr "" | |
3758 | - | |
3759 | -#. type: TP | |
3760 | -#: original/man8/iptables-extensions.8:487 | |
3761 | -#, fuzzy, no-wrap | |
3762 | -#| msgid "B<--limit >I<rate>" | |
3763 | -msgid "B<--hashlimit-srcmask> I<prefix>" | |
3764 | -msgstr "B<--limit >I<rate>" | |
3765 | - | |
3766 | -#. type: Plain text | |
3767 | -#: original/man8/iptables-extensions.8:494 | |
3768 | -msgid "" | |
3769 | -"When --hashlimit-mode srcip is used, all source addresses encountered will " | |
3770 | -"be grouped according to the given prefix length and the so-created subnet " | |
3771 | -"will be subject to hashlimit. I<prefix> must be between (inclusive) 0 and " | |
3772 | -"32. Note that --hashlimit-srcmask 0 is basically doing the same thing as not " | |
3773 | -"specifying srcip for --hashlimit-mode, but is technically more expensive." | |
3774 | -msgstr "" | |
3775 | - | |
3776 | -#. type: TP | |
3777 | -#: original/man8/iptables-extensions.8:494 | |
3778 | -#, fuzzy, no-wrap | |
3779 | -#| msgid "B<--limit >I<rate>" | |
3780 | -msgid "B<--hashlimit-dstmask> I<prefix>" | |
3781 | -msgstr "B<--limit >I<rate>" | |
3782 | - | |
3783 | -#. type: Plain text | |
3784 | -#: original/man8/iptables-extensions.8:497 | |
3785 | -msgid "Like --hashlimit-srcmask, but for destination addresses." | |
3786 | -msgstr "" | |
3787 | - | |
3788 | -#. type: TP | |
3789 | -#: original/man8/iptables-extensions.8:497 | |
3790 | -#, no-wrap | |
3791 | -msgid "B<--hashlimit-name> I<foo>" | |
3792 | -msgstr "" | |
3793 | - | |
3794 | -#. type: Plain text | |
3795 | -#: original/man8/iptables-extensions.8:500 | |
3796 | -msgid "The name for the /proc/net/ipt_hashlimit/foo entry." | |
3797 | -msgstr "" | |
3798 | - | |
3799 | -#. type: TP | |
3800 | -#: original/man8/iptables-extensions.8:500 | |
3801 | -#, no-wrap | |
3802 | -msgid "B<--hashlimit-htable-size> I<buckets>" | |
3803 | -msgstr "" | |
3804 | - | |
3805 | -#. type: Plain text | |
3806 | -#: original/man8/iptables-extensions.8:503 | |
3807 | -msgid "The number of buckets of the hash table" | |
3808 | -msgstr "" | |
3809 | - | |
3810 | -#. type: TP | |
3811 | -#: original/man8/iptables-extensions.8:503 | |
3812 | -#, no-wrap | |
3813 | -msgid "B<--hashlimit-htable-max> I<entries>" | |
3814 | -msgstr "" | |
3815 | - | |
3816 | -#. type: Plain text | |
3817 | -#: original/man8/iptables-extensions.8:506 | |
3818 | -msgid "Maximum entries in the hash." | |
3819 | -msgstr "" | |
3820 | - | |
3821 | -#. type: TP | |
3822 | -#: original/man8/iptables-extensions.8:506 | |
3823 | -#, no-wrap | |
3824 | -msgid "B<--hashlimit-htable-expire> I<msec>" | |
3825 | -msgstr "" | |
3826 | - | |
3827 | -#. type: Plain text | |
3828 | -#: original/man8/iptables-extensions.8:509 | |
3829 | -msgid "After how many milliseconds do hash entries expire." | |
3830 | -msgstr "" | |
3831 | - | |
3832 | -#. type: TP | |
3833 | -#: original/man8/iptables-extensions.8:509 | |
3834 | -#, no-wrap | |
3835 | -msgid "B<--hashlimit-htable-gcinterval> I<msec>" | |
3836 | -msgstr "" | |
3837 | - | |
3838 | -#. type: Plain text | |
3839 | -#: original/man8/iptables-extensions.8:512 | |
3840 | -msgid "How many milliseconds between garbage collection intervals." | |
3841 | -msgstr "" | |
3842 | - | |
3843 | -#. type: TP | |
3844 | -#: original/man8/iptables-extensions.8:514 | |
3845 | -#, fuzzy, no-wrap | |
3846 | -#| msgid "Match against original source address" | |
3847 | -msgid "matching on source host" | |
3848 | -msgstr "書き換え前の送信元アドレスにマッチする。" | |
3849 | - | |
3850 | -#. type: Plain text | |
3851 | -#: original/man8/iptables-extensions.8:518 | |
3852 | -msgid "" | |
3853 | -"\"1000 packets per second for every host in 192.168.0.0/16\" =E<gt> -s " | |
3854 | -"192.168.0.0/16 --hashlimit-mode srcip --hashlimit-upto 1000/sec" | |
3855 | -msgstr "" | |
3856 | - | |
3857 | -#. type: TP | |
3858 | -#: original/man8/iptables-extensions.8:518 | |
3859 | -#, fuzzy, no-wrap | |
3860 | -#| msgid "Match against original source address" | |
3861 | -msgid "matching on source port" | |
3862 | -msgstr "書き換え前の送信元アドレスにマッチする。" | |
3863 | - | |
3864 | -#. type: Plain text | |
3865 | -#: original/man8/iptables-extensions.8:522 | |
3866 | -msgid "" | |
3867 | -"\"100 packets per second for every service of 192.168.1.1\" =E<gt> -s " | |
3868 | -"192.168.1.1 --hashlimit-mode srcport --hashlimit-upto 100/sec" | |
3869 | -msgstr "" | |
3870 | - | |
3871 | -#. type: TP | |
3872 | -#: original/man8/iptables-extensions.8:522 | |
3873 | -#, no-wrap | |
3874 | -msgid "matching on subnet" | |
3875 | -msgstr "" | |
3876 | - | |
3877 | -#. type: Plain text | |
3878 | -#: original/man8/iptables-extensions.8:527 | |
3879 | -msgid "" | |
3880 | -"\"10000 packets per minute for every /28 subnet (groups of 8 addresses) in " | |
3881 | -"10.0.0.0/8\" =E<gt> -s 10.0.0.8 --hashlimit-mask 28 --hashlimit-upto 10000/" | |
3882 | -"min" | |
3883 | -msgstr "" | |
3884 | - | |
3885 | -#. type: TP | |
3886 | -#: original/man8/iptables-extensions.8:527 | |
3887 | -#: original/man8/iptables-extensions.8:531 | |
3888 | -#, no-wrap | |
3889 | -msgid "matching bytes per second" | |
3890 | -msgstr "" | |
3891 | - | |
3892 | -#. type: Plain text | |
3893 | -#: original/man8/iptables-extensions.8:531 | |
3894 | -msgid "" | |
3895 | -"\"flows exceeding 512kbyte/s\" =E<gt> --hashlimit-mode srcip,dstip,srcport," | |
3896 | -"dstport --hashlimit-above 512kb/s" | |
3897 | -msgstr "" | |
3898 | - | |
3899 | -#. type: Plain text | |
3900 | -#: original/man8/iptables-extensions.8:535 | |
3901 | -msgid "" | |
3902 | -"\"hosts that exceed 512kbyte/s, but permit up to 1Megabytes without matching" | |
3903 | -"\" --hashlimit-mode dstip --hashlimit-above 512kb/s --hashlimit-burst 1mb" | |
3904 | -msgstr "" | |
3905 | - | |
3906 | -#. type: SS | |
3907 | -#: original/man8/iptables-extensions.8:535 | |
3908 | -#, no-wrap | |
3909 | -msgid "hbh (IPv6-specific)" | |
3910 | -msgstr "" | |
3911 | - | |
3912 | -#. type: Plain text | |
3913 | -#: original/man8/iptables-extensions.8:537 | |
3914 | -#, fuzzy | |
3915 | -#| msgid "This module matches the time to live field in the IP header." | |
3916 | -msgid "This module matches the parameters in Hop-by-Hop Options header" | |
3917 | -msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。" | |
3918 | - | |
3919 | -#. type: TP | |
3920 | -#: original/man8/iptables-extensions.8:537 | |
3921 | -#, fuzzy, no-wrap | |
3922 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
3923 | -msgid "[B<!>] B<--hbh-len> I<length>" | |
3924 | -msgstr "B<-t>, B<--table> B<tablename>" | |
3925 | - | |
3926 | -#. type: TP | |
3927 | -#: original/man8/iptables-extensions.8:540 | |
3928 | -#, no-wrap | |
3929 | -msgid "B<--hbh-opts> I<type>[B<:>I<length>][B<,>I<type>[B<:>I<length>]...]" | |
3930 | -msgstr "" | |
3931 | - | |
3932 | -#. type: SS | |
3933 | -#: original/man8/iptables-extensions.8:543 | |
3934 | -#, no-wrap | |
3935 | -msgid "helper" | |
3936 | -msgstr "helper" | |
3937 | - | |
3938 | -#. type: Plain text | |
3939 | -#: original/man8/iptables-extensions.8:545 | |
3940 | -msgid "This module matches packets related to a specific conntrack-helper." | |
3941 | -msgstr "" | |
3942 | -"このモジュールは、指定された接続追跡ヘルパーモジュールに 関連するパケットに" | |
3943 | -"マッチする。" | |
3944 | - | |
3945 | -#. type: TP | |
3946 | -#: original/man8/iptables-extensions.8:545 | |
3947 | -#, fuzzy, no-wrap | |
3948 | -#| msgid "B<--helper >I<string>" | |
3949 | -msgid "[B<!>] B<--helper> I<string>" | |
3950 | -msgstr "B<--helper >I<string>" | |
3951 | - | |
3952 | -#. type: Plain text | |
3953 | -#: original/man8/iptables-extensions.8:548 | |
3954 | -msgid "Matches packets related to the specified conntrack-helper." | |
3955 | -msgstr "指定された接続追跡ヘルパーモジュールに 関連するパケットにマッチする。" | |
3956 | - | |
3957 | -#. type: Plain text | |
3958 | -#: original/man8/iptables-extensions.8:552 | |
3959 | -msgid "" | |
3960 | -"string can be \"ftp\" for packets related to a ftp-session on default port. " | |
3961 | -"For other ports append -portnr to the value, ie. \"ftp-2121\"." | |
3962 | -msgstr "" | |
3963 | -"デフォルトのポートを使った ftp-セッションに関連するパケットでは、 string に " | |
3964 | -"\"ftp\" と書ける。 他のポートでは \"-ポート番号\" を値に付け加える。 すなわ" | |
3965 | -"ち \"ftp-2121\" となる。" | |
3966 | - | |
3967 | -#. type: Plain text | |
3968 | -#: original/man8/iptables-extensions.8:554 | |
3969 | -msgid "Same rules apply for other conntrack-helpers." | |
3970 | -msgstr "他の接続追跡ヘルパーでも同じルールが適用される。" | |
3971 | - | |
3972 | -#. type: SS | |
3973 | -#: original/man8/iptables-extensions.8:555 | |
3974 | -#, no-wrap | |
3975 | -msgid "hl (IPv6-specific)" | |
3976 | -msgstr "" | |
3977 | - | |
3978 | -#. type: Plain text | |
3979 | -#: original/man8/iptables-extensions.8:557 | |
3980 | -#, fuzzy | |
3981 | -#| msgid "This module matches the time to live field in the IP header." | |
3982 | -msgid "This module matches the Hop Limit field in the IPv6 header." | |
3983 | -msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。" | |
3984 | - | |
3985 | -#. type: TP | |
3986 | -#: original/man8/iptables-extensions.8:557 | |
3987 | -#, fuzzy, no-wrap | |
3988 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
3989 | -msgid "[B<!>] B<--hl-eq> I<value>" | |
3990 | -msgstr "B<-t>, B<--table> B<tablename>" | |
3991 | - | |
3992 | -#. type: Plain text | |
3993 | -#: original/man8/iptables-extensions.8:560 | |
3994 | -msgid "Matches if Hop Limit equals I<value>." | |
3995 | -msgstr "" | |
3996 | - | |
3997 | -#. type: TP | |
3998 | -#: original/man8/iptables-extensions.8:560 | |
3999 | -#, fuzzy, no-wrap | |
4000 | -#| msgid "B<--dscp >I<value>" | |
4001 | -msgid "B<--hl-lt> I<value>" | |
4002 | -msgstr "B<--dscp >I<value>" | |
4003 | - | |
4004 | -#. type: Plain text | |
4005 | -#: original/man8/iptables-extensions.8:563 | |
4006 | -msgid "Matches if Hop Limit is less than I<value>." | |
4007 | -msgstr "" | |
4008 | - | |
4009 | -#. type: TP | |
4010 | -#: original/man8/iptables-extensions.8:563 | |
4011 | -#, fuzzy, no-wrap | |
4012 | -#| msgid "B<--dscp >I<value>" | |
4013 | -msgid "B<--hl-gt> I<value>" | |
4014 | -msgstr "B<--dscp >I<value>" | |
4015 | - | |
4016 | -#. type: Plain text | |
4017 | -#: original/man8/iptables-extensions.8:566 | |
4018 | -msgid "Matches if Hop Limit is greater than I<value>." | |
4019 | -msgstr "" | |
4020 | - | |
4021 | -#. type: SS | |
4022 | -#: original/man8/iptables-extensions.8:566 | |
4023 | -#, no-wrap | |
4024 | -msgid "icmp (IPv4-specific)" | |
4025 | -msgstr "" | |
4026 | - | |
4027 | -#. type: Plain text | |
4028 | -#: original/man8/iptables-extensions.8:569 | |
4029 | -#, fuzzy | |
4030 | -#| msgid "" | |
4031 | -#| "This extension is loaded if `--protocol icmp' is specified. It provides " | |
4032 | -#| "the following option:" | |
4033 | -msgid "" | |
4034 | -"This extension can be used if `--protocol icmp' is specified. It provides " | |
4035 | -"the following option:" | |
4036 | -msgstr "" | |
4037 | -"この拡張は `--protocol icmp' が指定された場合にロードされ、 以下のオプション" | |
4038 | -"が提供される:" | |
4039 | - | |
4040 | -#. type: TP | |
4041 | -#: original/man8/iptables-extensions.8:569 | |
4042 | -#, fuzzy, no-wrap | |
4043 | -#| msgid "B<--icmp-type >[!] I<typename>" | |
4044 | -msgid "[B<!>] B<--icmp-type> {I<type>[B</>I<code>]|I<typename>}" | |
4045 | -msgstr "B<--icmp-type >[!] I<typename>" | |
4046 | - | |
4047 | -#. type: Plain text | |
4048 | -#: original/man8/iptables-extensions.8:573 | |
4049 | -#, fuzzy | |
4050 | -#| msgid "" | |
4051 | -#| "This allows specification of the ICMP type, which can be a numeric ICMP " | |
4052 | -#| "type, or one of the ICMP type names shown by the command" | |
4053 | -msgid "" | |
4054 | -"This allows specification of the ICMP type, which can be a numeric ICMP " | |
4055 | -"type, type/code pair, or one of the ICMP type names shown by the command" | |
4056 | -msgstr "" | |
4057 | -"ICMP タイプを指定できる。タイプ指定には、 数値の ICMP タイプ、または以下のコ" | |
4058 | -"マンド で表示される ICMP タイプ名を指定できる。" | |
4059 | - | |
4060 | -#. type: Plain text | |
4061 | -#: original/man8/iptables-extensions.8:575 | |
4062 | -#, no-wrap | |
4063 | -msgid " iptables -p icmp -h\n" | |
4064 | -msgstr " iptables -p icmp -h\n" | |
4065 | - | |
4066 | -#. type: SS | |
4067 | -#: original/man8/iptables-extensions.8:576 | |
4068 | -#, no-wrap | |
4069 | -msgid "icmp6 (IPv6-specific)" | |
4070 | -msgstr "" | |
4071 | - | |
4072 | -#. type: Plain text | |
4073 | -#: original/man8/iptables-extensions.8:579 | |
4074 | -#, fuzzy | |
4075 | -#| msgid "" | |
4076 | -#| "This extension is loaded if `--protocol ipv6-icmp' or `--protocol icmpv6' " | |
4077 | -#| "is specified. It provides the following option:" | |
4078 | -msgid "" | |
4079 | -"This extension can be used if `--protocol ipv6-icmp' or `--protocol icmpv6' " | |
4080 | -"is specified. It provides the following option:" | |
4081 | -msgstr "" | |
4082 | -"これらの拡張は `--protocol ipv6-icmp' または `--protocol icmpv6' が指定された" | |
4083 | -"場合にロードされ、 以下のオプションが提供される:" | |
4084 | - | |
4085 | -#. type: TP | |
4086 | -#: original/man8/iptables-extensions.8:579 | |
4087 | -#, fuzzy, no-wrap | |
4088 | -#| msgid "B<--icmpv6-type >[!] I<typename>" | |
4089 | -msgid "[B<!>] B<--icmpv6-type> I<type>[B</>I<code>]|I<typename>" | |
4090 | -msgstr "B<--icmpv6-type >[!] I<typename>" | |
4091 | - | |
4092 | -#. type: Plain text | |
4093 | -#: original/man8/iptables-extensions.8:588 | |
4094 | -#, fuzzy | |
4095 | -#| msgid "" | |
4096 | -#| "This allows specification of the ICMP type, which can be a numeric ICMP " | |
4097 | -#| "type, or one of the ICMP type names shown by the command" | |
4098 | -msgid "" | |
4099 | -"This allows specification of the ICMPv6 type, which can be a numeric ICMPv6 " | |
4100 | -"I<type>, I<type> and I<code>, or one of the ICMPv6 type names shown by the " | |
4101 | -"command" | |
4102 | -msgstr "" | |
4103 | -"ICMP タイプを指定できる。タイプ指定には、 数値の ICMP タイプ、または以下のコ" | |
4104 | -"マンド で表示される ICMP タイプ名を指定できる。" | |
4105 | - | |
4106 | -#. type: Plain text | |
4107 | -#: original/man8/iptables-extensions.8:590 | |
4108 | -#, no-wrap | |
4109 | -msgid " ip6tables -p ipv6-icmp -h\n" | |
4110 | -msgstr " ip6tables -p ipv6-icmp -h\n" | |
4111 | - | |
4112 | -#. type: SS | |
4113 | -#: original/man8/iptables-extensions.8:591 | |
4114 | -#, no-wrap | |
4115 | -msgid "iprange" | |
4116 | -msgstr "" | |
4117 | - | |
4118 | -#. type: Plain text | |
4119 | -#: original/man8/iptables-extensions.8:593 | |
4120 | -msgid "This matches on a given arbitrary range of IP addresses." | |
4121 | -msgstr "" | |
4122 | - | |
4123 | -#. type: TP | |
4124 | -#: original/man8/iptables-extensions.8:593 | |
4125 | -#, no-wrap | |
4126 | -msgid "[B<!>] B<--src-range> I<from>[B<->I<to>]" | |
4127 | -msgstr "" | |
4128 | - | |
4129 | -#. type: Plain text | |
4130 | -#: original/man8/iptables-extensions.8:596 | |
4131 | -msgid "Match source IP in the specified range." | |
4132 | -msgstr "" | |
4133 | - | |
4134 | -#. type: TP | |
4135 | -#: original/man8/iptables-extensions.8:596 | |
4136 | -#, no-wrap | |
4137 | -msgid "[B<!>] B<--dst-range> I<from>[B<->I<to>]" | |
4138 | -msgstr "" | |
4139 | - | |
4140 | -#. type: Plain text | |
4141 | -#: original/man8/iptables-extensions.8:599 | |
4142 | -msgid "Match destination IP in the specified range." | |
4143 | -msgstr "" | |
4144 | - | |
4145 | -#. type: SS | |
4146 | -#: original/man8/iptables-extensions.8:599 | |
4147 | -#, no-wrap | |
4148 | -msgid "ipv6header (IPv6-specific)" | |
4149 | -msgstr "" | |
4150 | - | |
4151 | -#. type: Plain text | |
4152 | -#: original/man8/iptables-extensions.8:601 | |
4153 | -#, fuzzy | |
4154 | -#| msgid "This module matches the SPIs in AH header of IPSec packets." | |
4155 | -msgid "This module matches IPv6 extension headers and/or upper layer header." | |
4156 | -msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。" | |
4157 | - | |
4158 | -#. type: TP | |
4159 | -#: original/man8/iptables-extensions.8:601 | |
4160 | -#, no-wrap | |
4161 | -msgid "B<--soft>" | |
4162 | -msgstr "" | |
4163 | - | |
4164 | -#. type: Plain text | |
4165 | -#: original/man8/iptables-extensions.8:605 | |
4166 | -msgid "" | |
4167 | -"Matches if the packet includes B<any> of the headers specified with B<--" | |
4168 | -"header>." | |
4169 | -msgstr "" | |
4170 | - | |
4171 | -#. type: TP | |
4172 | -#: original/man8/iptables-extensions.8:605 | |
4173 | -#, no-wrap | |
4174 | -msgid "[B<!>] B<--header> I<header>[B<,>I<header>...]" | |
4175 | -msgstr "" | |
4176 | - | |
4177 | -#. type: Plain text | |
4178 | -#: original/man8/iptables-extensions.8:610 | |
4179 | -msgid "" | |
4180 | -"Matches the packet which EXACTLY includes all specified headers. The headers " | |
4181 | -"encapsulated with ESP header are out of scope. Possible I<header> types can " | |
4182 | -"be:" | |
4183 | -msgstr "" | |
4184 | - | |
4185 | -#. type: TP | |
4186 | -#: original/man8/iptables-extensions.8:610 | |
4187 | -#, no-wrap | |
4188 | -msgid "B<hop>|B<hop-by-hop>" | |
4189 | -msgstr "" | |
4190 | - | |
4191 | -#. type: Plain text | |
4192 | -#: original/man8/iptables-extensions.8:613 | |
4193 | -msgid "Hop-by-Hop Options header" | |
4194 | -msgstr "" | |
4195 | - | |
4196 | -#. type: TP | |
4197 | -#: original/man8/iptables-extensions.8:613 | |
4198 | -#, no-wrap | |
4199 | -msgid "B<dst>" | |
4200 | -msgstr "" | |
4201 | - | |
4202 | -#. type: Plain text | |
4203 | -#: original/man8/iptables-extensions.8:616 | |
4204 | -msgid "Destination Options header" | |
4205 | -msgstr "" | |
4206 | - | |
4207 | -#. type: TP | |
4208 | -#: original/man8/iptables-extensions.8:616 | |
4209 | -#, no-wrap | |
4210 | -msgid "B<route>" | |
4211 | -msgstr "" | |
4212 | - | |
4213 | -#. type: Plain text | |
4214 | -#: original/man8/iptables-extensions.8:619 | |
4215 | -msgid "Routing header" | |
4216 | -msgstr "" | |
4217 | - | |
4218 | -#. type: TP | |
4219 | -#: original/man8/iptables-extensions.8:619 | |
4220 | -#, no-wrap | |
4221 | -msgid "B<frag>" | |
4222 | -msgstr "" | |
4223 | - | |
4224 | -#. type: Plain text | |
4225 | -#: original/man8/iptables-extensions.8:622 | |
4226 | -msgid "Fragment header" | |
4227 | -msgstr "" | |
4228 | - | |
4229 | -#. type: TP | |
4230 | -#: original/man8/iptables-extensions.8:622 | |
4231 | -#, no-wrap | |
4232 | -msgid "B<auth>" | |
4233 | -msgstr "" | |
4234 | - | |
4235 | -#. type: Plain text | |
4236 | -#: original/man8/iptables-extensions.8:625 | |
4237 | -msgid "Authentication header" | |
4238 | -msgstr "" | |
4239 | - | |
4240 | -#. type: TP | |
4241 | -#: original/man8/iptables-extensions.8:625 | |
4242 | -#, no-wrap | |
4243 | -msgid "B<esp>" | |
4244 | -msgstr "" | |
4245 | - | |
4246 | -#. type: Plain text | |
4247 | -#: original/man8/iptables-extensions.8:628 | |
4248 | -msgid "Encapsulating Security Payload header" | |
4249 | -msgstr "" | |
4250 | - | |
4251 | -#. type: TP | |
4252 | -#: original/man8/iptables-extensions.8:628 | |
4253 | -#, no-wrap | |
4254 | -msgid "B<none>" | |
4255 | -msgstr "" | |
4256 | - | |
4257 | -#. type: Plain text | |
4258 | -#: original/man8/iptables-extensions.8:632 | |
4259 | -msgid "" | |
4260 | -"No Next header which matches 59 in the 'Next Header field' of IPv6 header or " | |
4261 | -"any IPv6 extension headers" | |
4262 | -msgstr "" | |
4263 | - | |
4264 | -#. type: TP | |
4265 | -#: original/man8/iptables-extensions.8:632 | |
4266 | -#, no-wrap | |
4267 | -msgid "B<proto>" | |
4268 | -msgstr "" | |
4269 | - | |
4270 | -#. type: Plain text | |
4271 | -#: original/man8/iptables-extensions.8:637 | |
4272 | -msgid "" | |
4273 | -"which matches any upper layer protocol header. A protocol name from /etc/" | |
4274 | -"protocols and numeric value also allowed. The number 255 is equivalent to " | |
4275 | -"B<proto>." | |
4276 | -msgstr "" | |
4277 | - | |
4278 | -#. type: SS | |
4279 | -#: original/man8/iptables-extensions.8:637 | |
4280 | -#, no-wrap | |
4281 | -msgid "ipvs" | |
4282 | -msgstr "" | |
4283 | - | |
4284 | -#. type: Plain text | |
4285 | -#: original/man8/iptables-extensions.8:639 | |
4286 | -msgid "Match IPVS connection properties." | |
4287 | -msgstr "" | |
4288 | - | |
4289 | -#. type: TP | |
4290 | -#: original/man8/iptables-extensions.8:639 | |
4291 | -#, fuzzy, no-wrap | |
4292 | -#| msgid "B<-c>, B<--counters>" | |
4293 | -msgid "[B<!>] B<--ipvs>" | |
4294 | -msgstr "B<-c>, B<--counters>" | |
4295 | - | |
4296 | -#. type: Plain text | |
4297 | -#: original/man8/iptables-extensions.8:642 | |
4298 | -msgid "packet belongs to an IPVS connection" | |
4299 | -msgstr "" | |
4300 | - | |
4301 | -#. type: TP | |
4302 | -#: original/man8/iptables-extensions.8:642 | |
4303 | -#, no-wrap | |
4304 | -msgid "Any of the following options implies --ipvs (even negated)" | |
4305 | -msgstr "" | |
4306 | - | |
4307 | -#. type: TP | |
4308 | -#: original/man8/iptables-extensions.8:644 | |
4309 | -#, fuzzy, no-wrap | |
4310 | -#| msgid "B<-p, --protocol >[!] I<protocol>" | |
4311 | -msgid "[B<!>] B<--vproto> I<protocol>" | |
4312 | -msgstr "B<-p, --protocol >[!] I<protocol>" | |
4313 | - | |
4314 | -#. type: Plain text | |
4315 | -#: original/man8/iptables-extensions.8:647 | |
4316 | -#, fuzzy | |
4317 | -#| msgid "Protocol to match (by number or name)" | |
4318 | -msgid "VIP protocol to match; by number or name, e.g. \"tcp\"" | |
4319 | -msgstr "(名前または数値で) 指定されたプロトコルにマッチする。" | |
4320 | - | |
4321 | -#. type: TP | |
4322 | -#: original/man8/iptables-extensions.8:647 | |
4323 | -#, fuzzy, no-wrap | |
4324 | -#| msgid "B<-s, --source >[!] I<address>[/I<mask>]" | |
4325 | -msgid "[B<!>] B<--vaddr> I<address>[B</>I<mask>]" | |
4326 | -msgstr "B<-s, --source >[!] I<address>[/I<mask>]" | |
4327 | - | |
4328 | -#. type: Plain text | |
4329 | -#: original/man8/iptables-extensions.8:650 | |
4330 | -msgid "VIP address to match" | |
4331 | -msgstr "" | |
4332 | - | |
4333 | -#. type: TP | |
4334 | -#: original/man8/iptables-extensions.8:650 | |
4335 | -#, fuzzy, no-wrap | |
4336 | -#| msgid "B<--ctproto >I<proto>" | |
4337 | -msgid "[B<!>] B<--vport> I<port>" | |
4338 | -msgstr "B<--ctproto >I<proto>" | |
4339 | - | |
4340 | -#. type: Plain text | |
4341 | -#: original/man8/iptables-extensions.8:653 | |
4342 | -#, fuzzy | |
4343 | -#| msgid "Protocol to match (by number or name)" | |
4344 | -msgid "VIP port to match; by number or name, e.g. \"http\"" | |
4345 | -msgstr "(名前または数値で) 指定されたプロトコルにマッチする。" | |
4346 | - | |
4347 | -#. type: TP | |
4348 | -#: original/man8/iptables-extensions.8:653 | |
4349 | -#, no-wrap | |
4350 | -msgid "B<--vdir> {B<ORIGINAL>|B<REPLY>}" | |
4351 | -msgstr "" | |
4352 | - | |
4353 | -#. type: Plain text | |
4354 | -#: original/man8/iptables-extensions.8:656 | |
4355 | -msgid "flow direction of packet" | |
4356 | -msgstr "" | |
4357 | - | |
4358 | -#. type: TP | |
4359 | -#: original/man8/iptables-extensions.8:656 | |
4360 | -#, no-wrap | |
4361 | -msgid "[B<!>] B<--vmethod> {B<GATE>|B<IPIP>|B<MASQ>}" | |
4362 | -msgstr "" | |
4363 | - | |
4364 | -#. type: Plain text | |
4365 | -#: original/man8/iptables-extensions.8:659 | |
4366 | -msgid "IPVS forwarding method used" | |
4367 | -msgstr "" | |
4368 | - | |
4369 | -#. type: TP | |
4370 | -#: original/man8/iptables-extensions.8:659 | |
4371 | -#, no-wrap | |
4372 | -msgid "[B<!>] B<--vportctl> I<port>" | |
4373 | -msgstr "" | |
4374 | - | |
4375 | -#. type: Plain text | |
4376 | -#: original/man8/iptables-extensions.8:662 | |
4377 | -msgid "VIP port of the controlling connection to match, e.g. 21 for FTP" | |
4378 | -msgstr "" | |
4379 | - | |
4380 | -#. type: SS | |
4381 | -#: original/man8/iptables-extensions.8:662 | |
4382 | -#, no-wrap | |
4383 | -msgid "length" | |
4384 | -msgstr "length" | |
4385 | - | |
4386 | -#. type: Plain text | |
4387 | -#: original/man8/iptables-extensions.8:666 | |
4388 | -#, fuzzy | |
4389 | -#| msgid "" | |
4390 | -#| "This module matches the length of a packet against a specific value or " | |
4391 | -#| "range of values." | |
4392 | -msgid "" | |
4393 | -"This module matches the length of the layer-3 payload (e.g. layer-4 packet) " | |
4394 | -"of a packet against a specific value or range of values." | |
4395 | -msgstr "このモジュールは、指定されたパケット長、またはその範囲にマッチする。" | |
4396 | - | |
4397 | -#. type: TP | |
4398 | -#: original/man8/iptables-extensions.8:666 | |
4399 | -#, fuzzy, no-wrap | |
4400 | -#| msgid "B<--length >I<length>[:I<length>]" | |
4401 | -msgid "[B<!>] B<--length> I<length>[B<:>I<length>]" | |
4402 | -msgstr "B<--length >I<length>[:I<length>]" | |
4403 | - | |
4404 | -#. type: SS | |
4405 | -#: original/man8/iptables-extensions.8:668 | |
4406 | -#, no-wrap | |
4407 | -msgid "limit" | |
4408 | -msgstr "limit" | |
4409 | - | |
4410 | -#. type: Plain text | |
4411 | -#: original/man8/iptables-extensions.8:674 | |
4412 | -#, fuzzy | |
4413 | -#| msgid "" | |
4414 | -#| "This module matches at a limited rate using a token bucket filter. A " | |
4415 | -#| "rule using this extension will match until this limit is reached (unless " | |
4416 | -#| "the `!' flag is used). It can be used in combination with the B<LOG> " | |
4417 | -#| "target to give limited logging, for example." | |
4418 | -msgid "" | |
4419 | -"This module matches at a limited rate using a token bucket filter. A rule " | |
4420 | -"using this extension will match until this limit is reached. It can be used " | |
4421 | -"in combination with the B<LOG> target to give limited logging, for example." | |
4422 | -msgstr "" | |
4423 | -"このモジュールは、トークンバケツフィルタを使い、 単位時間あたり制限され\n" | |
4424 | -"た回数だけマッチする。 この拡張を使ったルールは、(`!' フラグが指定され\n" | |
4425 | -"ない限り) 制限に達するまでマッチする。 例えば、このモジュールはログ記録\n" | |
4426 | -"を制限するために B<LOG> ターゲットと組み合わせて使うことができる。" | |
4427 | - | |
4428 | -#. type: Plain text | |
4429 | -#: original/man8/iptables-extensions.8:677 | |
4430 | -msgid "" | |
4431 | -"xt_limit has no negation support - you will have to use -m hashlimit ! --" | |
4432 | -"hashlimit I<rate> in this case whilst omitting --hashlimit-mode." | |
4433 | -msgstr "" | |
4434 | - | |
4435 | -#. type: TP | |
4436 | -#: original/man8/iptables-extensions.8:677 | |
4437 | -#, no-wrap | |
4438 | -msgid "B<--limit> I<rate>[B</second>|B</minute>|B</hour>|B</day>]" | |
4439 | -msgstr "" | |
4440 | - | |
4441 | -#. type: Plain text | |
4442 | -#: original/man8/iptables-extensions.8:682 | |
4443 | -msgid "" | |
4444 | -"Maximum average matching rate: specified as a number, with an optional `/" | |
4445 | -"second', `/minute', `/hour', or `/day' suffix; the default is 3/hour." | |
4446 | -msgstr "" | |
4447 | -"単位時間あたりの平均マッチ回数の最大値。 数値で指定され、添字 `/second', `/" | |
4448 | -"minute', `/hour', `/day' を付けることもできる。 デフォルトは 3/hour である。" | |
4449 | - | |
4450 | -#. type: TP | |
4451 | -#: original/man8/iptables-extensions.8:682 | |
4452 | -#, fuzzy, no-wrap | |
4453 | -#| msgid "B<--limit-burst >I<number>" | |
4454 | -msgid "B<--limit-burst> I<number>" | |
4455 | -msgstr "B<--limit-burst >I<number>" | |
4456 | - | |
4457 | -#. type: Plain text | |
4458 | -#: original/man8/iptables-extensions.8:687 | |
4459 | -msgid "" | |
4460 | -"Maximum initial number of packets to match: this number gets recharged by " | |
4461 | -"one every time the limit specified above is not reached, up to this number; " | |
4462 | -"the default is 5." | |
4463 | -msgstr "" | |
4464 | -"パケットがマッチする回数の最大初期値: 上のオプションで指定した制限に\n" | |
4465 | -"達しなければ、 その度ごとに、この数値になるまで 1 個ずつ増やされる。\n" | |
4466 | -"デフォルトは 5 である。" | |
4467 | - | |
4468 | -#. type: SS | |
4469 | -#: original/man8/iptables-extensions.8:687 | |
4470 | -#, no-wrap | |
4471 | -msgid "mac" | |
4472 | -msgstr "mac" | |
4473 | - | |
4474 | -#. type: TP | |
4475 | -#: original/man8/iptables-extensions.8:688 | |
4476 | -#, fuzzy, no-wrap | |
4477 | -#| msgid "B<--mac-source >[!] I<address>" | |
4478 | -msgid "[B<!>] B<--mac-source> I<address>" | |
4479 | -msgstr "B<--mac-source >[!] I<address>" | |
4480 | - | |
4481 | -#. type: Plain text | |
4482 | -#: original/man8/iptables-extensions.8:698 | |
4483 | -msgid "" | |
4484 | -"Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note " | |
4485 | -"that this only makes sense for packets coming from an Ethernet device and " | |
4486 | -"entering the B<PREROUTING>, B<FORWARD> or B<INPUT> chains." | |
4487 | -msgstr "" | |
4488 | -"送信元 MAC アドレスにマッチする。 I<address> は XX:XX:XX:XX:XX:XX と\n" | |
4489 | -"いう形式でなければならない。イーサーネットデバイスから入ってくるパケッ\n" | |
4490 | -"トで、 B<PREROUTING>, B<FORWARD>, B<INPUT> チェインに入るパケットにしか\n" | |
4491 | -"意味がない。" | |
4492 | - | |
4493 | -#. type: SS | |
4494 | -#: original/man8/iptables-extensions.8:698 | |
4495 | -#, no-wrap | |
4496 | -msgid "mark" | |
4497 | -msgstr "mark" | |
4498 | - | |
4499 | -#. type: Plain text | |
4500 | -#: original/man8/iptables-extensions.8:703 | |
4501 | -msgid "" | |
4502 | -"This module matches the netfilter mark field associated with a packet (which " | |
4503 | -"can be set using the B<MARK> target below)." | |
4504 | -msgstr "" | |
4505 | -"このモジュールはパケットに関連づけられた netfilter の mark フィールドにマッチ" | |
4506 | -"する (このフィールドは、以下の B<MARK> ターゲットで設定される)。" | |
4507 | - | |
4508 | -#. type: Plain text | |
4509 | -#: original/man8/iptables-extensions.8:708 | |
4510 | -#, fuzzy | |
4511 | -#| msgid "" | |
4512 | -#| "Matches packets with the given unsigned mark value (if a mask is " | |
4513 | -#| "specified, this is logically ANDed with the mask before the comparison)." | |
4514 | -msgid "" | |
4515 | -"Matches packets with the given unsigned mark value (if a I<mask> is " | |
4516 | -"specified, this is logically ANDed with the I<mask> before the comparison)." | |
4517 | -msgstr "" | |
4518 | -"指定された符号なし mark 値のパケットにマッチする (mask が指定されると、比較の" | |
4519 | -"前に mask との論理積 (AND) がとられる)。" | |
4520 | - | |
4521 | -#. type: SS | |
4522 | -#: original/man8/iptables-extensions.8:708 | |
4523 | -#, no-wrap | |
4524 | -msgid "mh (IPv6-specific)" | |
4525 | -msgstr "" | |
4526 | - | |
4527 | -#. type: Plain text | |
4528 | -#: original/man8/iptables-extensions.8:711 | |
4529 | -#, fuzzy | |
4530 | -#| msgid "" | |
4531 | -#| "This extension is loaded if `--protocol ipv6-icmp' or `--protocol icmpv6' " | |
4532 | -#| "is specified. It provides the following option:" | |
4533 | -msgid "" | |
4534 | -"This extension is loaded if `--protocol ipv6-mh' or `--protocol mh' is " | |
4535 | -"specified. It provides the following option:" | |
4536 | -msgstr "" | |
4537 | -"これらの拡張は `--protocol ipv6-icmp' または `--protocol icmpv6' が指定された" | |
4538 | -"場合にロードされ、 以下のオプションが提供される:" | |
4539 | - | |
4540 | -#. type: TP | |
4541 | -#: original/man8/iptables-extensions.8:711 | |
4542 | -#, no-wrap | |
4543 | -msgid "[B<!>] B<--mh-type> I<type>[B<:>I<type>]" | |
4544 | -msgstr "" | |
4545 | - | |
4546 | -#. type: Plain text | |
4547 | -#: original/man8/iptables-extensions.8:718 | |
4548 | -#, fuzzy | |
4549 | -#| msgid "" | |
4550 | -#| "This allows specification of the ICMP type, which can be a numeric ICMP " | |
4551 | -#| "type, or one of the ICMP type names shown by the command" | |
4552 | -msgid "" | |
4553 | -"This allows specification of the Mobility Header(MH) type, which can be a " | |
4554 | -"numeric MH I<type>, I<type> or one of the MH type names shown by the command" | |
4555 | -msgstr "" | |
4556 | -"ICMP タイプを指定できる。タイプ指定には、 数値の ICMP タイプ、または以下のコ" | |
4557 | -"マンド で表示される ICMP タイプ名を指定できる。" | |
4558 | - | |
4559 | -#. type: Plain text | |
4560 | -#: original/man8/iptables-extensions.8:720 | |
4561 | -#, fuzzy, no-wrap | |
4562 | -#| msgid " ip6tables -p ipv6-icmp -h\n" | |
4563 | -msgid " ip6tables -p ipv6-mh -h\n" | |
4564 | -msgstr " ip6tables -p ipv6-icmp -h\n" | |
4565 | - | |
4566 | -#. type: SS | |
4567 | -#: original/man8/iptables-extensions.8:721 | |
4568 | -#, no-wrap | |
4569 | -msgid "multiport" | |
4570 | -msgstr "multiport" | |
4571 | - | |
4572 | -#. type: Plain text | |
4573 | -#: original/man8/iptables-extensions.8:728 | |
4574 | -#, fuzzy | |
4575 | -#| msgid "" | |
4576 | -#| "This module matches a set of source or destination ports. Up to 15 ports " | |
4577 | -#| "can be specified. It can only be used in conjunction with B<-p tcp> or " | |
4578 | -#| "B<-p udp>." | |
4579 | -msgid "" | |
4580 | -"This module matches a set of source or destination ports. Up to 15 ports " | |
4581 | -"can be specified. A port range (port:port) counts as two ports. It can " | |
4582 | -"only be used in conjunction with B<-p tcp> or B<-p udp>." | |
4583 | -msgstr "" | |
4584 | -"このモジュールは送信元や送信先のポートの集合にマッチする。 ポートは 15 個まで" | |
4585 | -"指定できる。 このモジュールは B<-p tcp> または B<-p udp> と組み合わせて使うこ" | |
4586 | -"としかできない。" | |
4587 | - | |
4588 | -#. type: TP | |
4589 | -#: original/man8/iptables-extensions.8:728 | |
4590 | -#, fuzzy, no-wrap | |
4591 | -#| msgid "B<--source-ports >I<port>[,I<port>[,I<port>...]]" | |
4592 | -msgid "[B<!>] B<--source-ports>,B<--sports> I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..." | |
4593 | -msgstr "B<--source-ports >I<port>[,I<port>[,I<port>...]]" | |
4594 | - | |
4595 | -#. type: Plain text | |
4596 | -#: original/man8/iptables-extensions.8:736 | |
4597 | -msgid "" | |
4598 | -"Match if the source port is one of the given ports. The flag B<--sports> is " | |
4599 | -"a convenient alias for this option. Multiple ports or port ranges are " | |
4600 | -"separated using a comma, and a port range is specified using a colon. " | |
4601 | -"B<53,1024:65535> would therefore match ports 53 and all from 1024 through " | |
4602 | -"65535." | |
4603 | -msgstr "" | |
4604 | - | |
4605 | -#. type: TP | |
4606 | -#: original/man8/iptables-extensions.8:736 | |
4607 | -#, fuzzy, no-wrap | |
4608 | -#| msgid "B<--destination-ports >I<port>[,I<port>[,I<port>...]]" | |
4609 | -msgid "[B<!>] B<--destination-ports>,B<--dports> I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..." | |
4610 | -msgstr "B<--destination-ports >I<port>[,I<port>[,I<port>...]]" | |
4611 | - | |
4612 | -#. type: Plain text | |
4613 | -#: original/man8/iptables-extensions.8:741 | |
4614 | -msgid "" | |
4615 | -"Match if the destination port is one of the given ports. The flag B<--" | |
4616 | -"dports> is a convenient alias for this option." | |
4617 | -msgstr "" | |
4618 | -"宛先ポートが指定されたポートのうちのいずれかであればマッチする。\n" | |
4619 | -"フラグ B<--dports> は、このオプションの便利な別名である。" | |
4620 | - | |
4621 | -#. type: TP | |
4622 | -#: original/man8/iptables-extensions.8:741 | |
4623 | -#, fuzzy, no-wrap | |
4624 | -#| msgid "B<--ports >I<port>[,I<port>[,I<port>...]]" | |
4625 | -msgid "[B<!>] B<--ports> I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..." | |
4626 | -msgstr "B<--ports >I<port>[,I<port>[,I<port>...]]" | |
4627 | - | |
4628 | -#. type: Plain text | |
4629 | -#: original/man8/iptables-extensions.8:745 | |
4630 | -#, fuzzy | |
4631 | -#| msgid "" | |
4632 | -#| "Match if the both the source and destination ports are equal to each " | |
4633 | -#| "other and to one of the given ports." | |
4634 | -msgid "" | |
4635 | -"Match if either the source or destination ports are equal to one of the " | |
4636 | -"given ports." | |
4637 | -msgstr "" | |
4638 | -"送信元ポートと宛先ポートが等しく、 かつそのポートが指定されたポートの\n" | |
4639 | -"うちのいずれかであればマッチする。" | |
4640 | - | |
4641 | -#. type: SS | |
4642 | -#: original/man8/iptables-extensions.8:745 | |
4643 | -#, no-wrap | |
4644 | -msgid "nfacct" | |
4645 | -msgstr "" | |
4646 | - | |
4647 | -#. type: Plain text | |
4648 | -#: original/man8/iptables-extensions.8:749 | |
4649 | -msgid "" | |
4650 | -"The nfacct match provides the extended accounting infrastructure for " | |
4651 | -"iptables. You have to use this match together with the standalone user-" | |
4652 | -"space utility B<nfacct(8)>" | |
4653 | -msgstr "" | |
4654 | - | |
4655 | -#. type: Plain text | |
4656 | -#: original/man8/iptables-extensions.8:751 | |
4657 | -msgid "The only option available for this match is the following:" | |
4658 | -msgstr "" | |
4659 | - | |
4660 | -#. type: TP | |
4661 | -#: original/man8/iptables-extensions.8:751 | |
4662 | -#, fuzzy, no-wrap | |
4663 | -#| msgid "B<--cmd-owner >I<name>" | |
4664 | -msgid "B<--nfacct-name> I<name>" | |
4665 | -msgstr "B<--cmd-owner >I<name>" | |
4666 | - | |
4667 | -#. type: Plain text | |
4668 | -#: original/man8/iptables-extensions.8:755 | |
4669 | -msgid "" | |
4670 | -"This allows you to specify the existing object name that will be use for " | |
4671 | -"accounting the traffic that this rule-set is matching." | |
4672 | -msgstr "" | |
4673 | - | |
4674 | -#. type: Plain text | |
4675 | -#: original/man8/iptables-extensions.8:757 | |
4676 | -msgid "To use this extension, you have to create an accounting object:" | |
4677 | -msgstr "" | |
4678 | - | |
4679 | -#. type: Plain text | |
4680 | -#: original/man8/iptables-extensions.8:759 | |
4681 | -msgid "nfacct add http-traffic" | |
4682 | -msgstr "" | |
4683 | - | |
4684 | -#. type: Plain text | |
4685 | -#: original/man8/iptables-extensions.8:761 | |
4686 | -msgid "Then, you have to attach it to the accounting object via iptables:" | |
4687 | -msgstr "" | |
4688 | - | |
4689 | -#. type: Plain text | |
4690 | -#: original/man8/iptables-extensions.8:763 | |
4691 | -msgid "" | |
4692 | -"iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic" | |
4693 | -msgstr "" | |
4694 | - | |
4695 | -#. type: Plain text | |
4696 | -#: original/man8/iptables-extensions.8:765 | |
4697 | -msgid "" | |
4698 | -"iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic" | |
4699 | -msgstr "" | |
4700 | - | |
4701 | -#. type: Plain text | |
4702 | -#: original/man8/iptables-extensions.8:767 | |
4703 | -msgid "Then, you can check for the amount of traffic that the rules match:" | |
4704 | -msgstr "" | |
4705 | - | |
4706 | -#. type: Plain text | |
4707 | -#: original/man8/iptables-extensions.8:769 | |
4708 | -msgid "nfacct get http-traffic" | |
4709 | -msgstr "" | |
4710 | - | |
4711 | -#. type: Plain text | |
4712 | -#: original/man8/iptables-extensions.8:771 | |
4713 | -msgid "" | |
4714 | -"{ pkts = 00000000000000000156, bytes = 00000000000000151786 } = http-traffic;" | |
4715 | -msgstr "" | |
4716 | - | |
4717 | -#. type: Plain text | |
4718 | -#: original/man8/iptables-extensions.8:776 | |
4719 | -msgid "" | |
4720 | -"You can obtain B<nfacct(8)> from http://www.netfilter.org or, alternatively, " | |
4721 | -"from the git.netfilter.org repository." | |
4722 | -msgstr "" | |
4723 | - | |
4724 | -#. type: SS | |
4725 | -#: original/man8/iptables-extensions.8:776 | |
4726 | -#, fuzzy, no-wrap | |
4727 | -#| msgid "tos" | |
4728 | -msgid "osf" | |
4729 | -msgstr "tos" | |
4730 | - | |
4731 | -#. type: Plain text | |
4732 | -#: original/man8/iptables-extensions.8:780 | |
4733 | -msgid "" | |
4734 | -"The osf module does passive operating system fingerprinting. This modules " | |
4735 | -"compares some data (Window Size, MSS, options and their order, TTL, DF, and " | |
4736 | -"others) from packets with the SYN bit set." | |
4737 | -msgstr "" | |
4738 | - | |
4739 | -#. type: TP | |
4740 | -#: original/man8/iptables-extensions.8:780 | |
4741 | -#, fuzzy, no-wrap | |
4742 | -#| msgid "B<--helper >I<string>" | |
4743 | -msgid "[B<!>] B<--genre> I<string>" | |
4744 | -msgstr "B<--helper >I<string>" | |
4745 | - | |
4746 | -#. type: Plain text | |
4747 | -#: original/man8/iptables-extensions.8:783 | |
4748 | -msgid "Match an operating system genre by using a passive fingerprinting." | |
4749 | -msgstr "" | |
4750 | - | |
4751 | -#. type: TP | |
4752 | -#: original/man8/iptables-extensions.8:783 | |
4753 | -#, fuzzy, no-wrap | |
4754 | -#| msgid "B<--ttl >I<ttl>" | |
4755 | -msgid "B<--ttl> I<level>" | |
4756 | -msgstr "B<--ttl >I<ttl>" | |
4757 | - | |
4758 | -#. type: Plain text | |
4759 | -#: original/man8/iptables-extensions.8:787 | |
4760 | -msgid "" | |
4761 | -"Do additional TTL checks on the packet to determine the operating system. " | |
4762 | -"I<level> can be one of the following values:" | |
4763 | -msgstr "" | |
4764 | - | |
4765 | -#. type: IP | |
4766 | -#: original/man8/iptables-extensions.8:787 | |
4767 | -#: original/man8/iptables-extensions.8:790 | |
4768 | -#: original/man8/iptables-extensions.8:793 | |
4769 | -#: original/man8/iptables-extensions.8:799 | |
4770 | -#: original/man8/iptables-extensions.8:801 | |
4771 | -#: original/man8/iptables-extensions.8:803 | |
4772 | -#: original/man8/iptables-extensions.8:959 | |
4773 | -#: original/man8/iptables-extensions.8:961 | |
4774 | -#: original/man8/iptables-extensions.8:964 | |
4775 | -#: original/man8/iptables-extensions.8:966 | |
4776 | -#: original/man8/iptables-extensions.8:969 | |
4777 | -#: original/man8/iptables-extensions.8:971 | |
4778 | -#: original/man8/iptables-extensions.8:974 | |
4779 | -#: original/man8/iptables-extensions.8:977 | |
4780 | -#, no-wrap | |
4781 | -msgid "\\(bu" | |
4782 | -msgstr "" | |
4783 | - | |
4784 | -#. type: Plain text | |
4785 | -#: original/man8/iptables-extensions.8:790 | |
4786 | -msgid "" | |
4787 | -"0 - True IP address and fingerprint TTL comparison. This generally works for " | |
4788 | -"LANs." | |
4789 | -msgstr "" | |
4790 | - | |
4791 | -#. type: Plain text | |
4792 | -#: original/man8/iptables-extensions.8:793 | |
4793 | -msgid "" | |
4794 | -"1 - Check if the IP header's TTL is less than the fingerprint one. Works for " | |
4795 | -"globally-routable addresses." | |
4796 | -msgstr "" | |
4797 | - | |
4798 | -#. type: Plain text | |
4799 | -#: original/man8/iptables-extensions.8:795 | |
4800 | -msgid "2 - Do not compare the TTL at all." | |
4801 | -msgstr "" | |
4802 | - | |
4803 | -#. type: TP | |
4804 | -#: original/man8/iptables-extensions.8:795 | |
4805 | -#, fuzzy, no-wrap | |
4806 | -#| msgid "B<--log-level >I<level>" | |
4807 | -msgid "B<--log> I<level>" | |
4808 | -msgstr "B<--log-level >I<level>" | |
4809 | - | |
4810 | -#. type: Plain text | |
4811 | -#: original/man8/iptables-extensions.8:799 | |
4812 | -msgid "" | |
4813 | -"Log determined genres into dmesg even if they do not match the desired one. " | |
4814 | -"I<level> can be one of the following values:" | |
4815 | -msgstr "" | |
4816 | - | |
4817 | -#. type: Plain text | |
4818 | -#: original/man8/iptables-extensions.8:801 | |
4819 | -msgid "0 - Log all matched or unknown signatures" | |
4820 | -msgstr "" | |
4821 | - | |
4822 | -#. type: Plain text | |
4823 | -#: original/man8/iptables-extensions.8:803 | |
4824 | -msgid "1 - Log only the first one" | |
4825 | -msgstr "" | |
4826 | - | |
4827 | -#. type: Plain text | |
4828 | -#: original/man8/iptables-extensions.8:805 | |
4829 | -msgid "2 - Log all known matched signatures" | |
4830 | -msgstr "" | |
4831 | - | |
4832 | -#. type: Plain text | |
4833 | -#: original/man8/iptables-extensions.8:807 | |
4834 | -msgid "You may find something like this in syslog:" | |
4835 | -msgstr "" | |
4836 | - | |
4837 | -#. type: Plain text | |
4838 | -#: original/man8/iptables-extensions.8:810 | |
4839 | -msgid "" | |
4840 | -"Windows [2000:SP3:Windows XP Pro SP1, 2000 SP3]: 11.22.33.55:4024 -E<gt> " | |
4841 | -"11.22.33.44:139 hops=3 Linux [2.5-2.6:] : 1.2.3.4:42624 -E<gt> 1.2.3.5:22 " | |
4842 | -"hops=4" | |
4843 | -msgstr "" | |
4844 | - | |
4845 | -#. type: Plain text | |
4846 | -#: original/man8/iptables-extensions.8:813 | |
4847 | -msgid "" | |
4848 | -"OS fingerprints are loadable using the B<nfnl_osf> program. To load " | |
4849 | -"fingerprints from a file, use:" | |
4850 | -msgstr "" | |
4851 | - | |
4852 | -#. type: Plain text | |
4853 | -#: original/man8/iptables-extensions.8:815 | |
4854 | -msgid "B<nfnl_osf -f /usr/share/xtables/pf.os>" | |
4855 | -msgstr "" | |
4856 | - | |
4857 | -#. type: Plain text | |
4858 | -#: original/man8/iptables-extensions.8:817 | |
4859 | -msgid "To remove them again," | |
4860 | -msgstr "" | |
4861 | - | |
4862 | -#. type: Plain text | |
4863 | -#: original/man8/iptables-extensions.8:819 | |
4864 | -msgid "B<nfnl_osf -f /usr/share/xtables/pf.os -d>" | |
4865 | -msgstr "" | |
4866 | - | |
4867 | -#. type: Plain text | |
4868 | -#: original/man8/iptables-extensions.8:822 | |
4869 | -msgid "" | |
4870 | -"The fingerprint database can be downlaoded from http://www.openbsd.org/cgi-" | |
4871 | -"bin/cvsweb/src/etc/pf.os ." | |
4872 | -msgstr "" | |
4873 | - | |
4874 | -#. type: SS | |
4875 | -#: original/man8/iptables-extensions.8:822 | |
4876 | -#, no-wrap | |
4877 | -msgid "owner" | |
4878 | -msgstr "owner" | |
4879 | - | |
4880 | -#. type: Plain text | |
4881 | -#: original/man8/iptables-extensions.8:827 | |
4882 | -#, fuzzy | |
4883 | -#| msgid "" | |
4884 | -#| "This module attempts to match various characteristics of the packet " | |
4885 | -#| "creator, for locally-generated packets. It is only valid in the " | |
4886 | -#| "B<OUTPUT> chain, and even this some packets (such as ICMP ping responses) " | |
4887 | -#| "may have no owner, and hence never match." | |
4888 | -msgid "" | |
4889 | -"This module attempts to match various characteristics of the packet creator, " | |
4890 | -"for locally generated packets. This match is only valid in the OUTPUT and " | |
4891 | -"POSTROUTING chains. Forwarded packets do not have any socket associated with " | |
4892 | -"them. Packets from kernel threads do have a socket, but usually no owner." | |
4893 | -msgstr "" | |
4894 | -"このモジュールは、ローカルで生成されたパケットに付いて、 パケット生成者のいろ" | |
4895 | -"いろな特性に対してマッチを行う。 これは B<OUTPUT> チェインのみでしか有効でな" | |
4896 | -"い。 また、(ICMP ping 応答のような) パケットは、 所有者がいないので絶対にマッ" | |
4897 | -"チしない。" | |
4898 | - | |
4899 | -#. type: TP | |
4900 | -#: original/man8/iptables-extensions.8:827 | |
4901 | -#, fuzzy, no-wrap | |
4902 | -#| msgid "B<--uid-owner >I<userid>" | |
4903 | -msgid "[B<!>] B<--uid-owner> I<username>" | |
4904 | -msgstr "B<--uid-owner >I<userid>" | |
4905 | - | |
4906 | -#. type: TP | |
4907 | -#: original/man8/iptables-extensions.8:829 | |
4908 | -#, fuzzy, no-wrap | |
4909 | -#| msgid "B<--uid-owner >I<userid>" | |
4910 | -msgid "[B<!>] B<--uid-owner> I<userid>[B<->I<userid>]" | |
4911 | -msgstr "B<--uid-owner >I<userid>" | |
4912 | - | |
4913 | -#. type: Plain text | |
4914 | -#: original/man8/iptables-extensions.8:833 | |
4915 | -msgid "" | |
4916 | -"Matches if the packet socket's file structure (if it has one) is owned by " | |
4917 | -"the given user. You may also specify a numerical UID, or an UID range." | |
4918 | -msgstr "" | |
4919 | - | |
4920 | -#. type: TP | |
4921 | -#: original/man8/iptables-extensions.8:833 | |
4922 | -#, fuzzy, no-wrap | |
4923 | -#| msgid "B<--gid-owner >I<groupid>" | |
4924 | -msgid "[B<!>] B<--gid-owner> I<groupname>" | |
4925 | -msgstr "B<--gid-owner >I<groupid>" | |
4926 | - | |
4927 | -#. type: TP | |
4928 | -#: original/man8/iptables-extensions.8:835 | |
4929 | -#, fuzzy, no-wrap | |
4930 | -#| msgid "B<--gid-owner >I<groupid>" | |
4931 | -msgid "[B<!>] B<--gid-owner> I<groupid>[B<->I<groupid>]" | |
4932 | -msgstr "B<--gid-owner >I<groupid>" | |
4933 | - | |
4934 | -#. type: Plain text | |
4935 | -#: original/man8/iptables-extensions.8:839 | |
4936 | -msgid "" | |
4937 | -"Matches if the packet socket's file structure is owned by the given group. " | |
4938 | -"You may also specify a numerical GID, or a GID range." | |
4939 | -msgstr "" | |
4940 | - | |
4941 | -#. type: TP | |
4942 | -#: original/man8/iptables-extensions.8:839 | |
4943 | -#, no-wrap | |
4944 | -msgid "[B<!>] B<--socket-exists>" | |
4945 | -msgstr "" | |
4946 | - | |
4947 | -#. type: Plain text | |
4948 | -#: original/man8/iptables-extensions.8:842 | |
4949 | -#, fuzzy | |
4950 | -#| msgid "" | |
4951 | -#| "Matches if the packet was created by a process with the given process id." | |
4952 | -msgid "Matches if the packet is associated with a socket." | |
4953 | -msgstr "" | |
4954 | -"指定されたプロセス ID のプロセスにより パケットが生成されている場合にマッチす" | |
4955 | -"る。" | |
4956 | - | |
4957 | -#. type: SS | |
4958 | -#: original/man8/iptables-extensions.8:842 | |
4959 | -#, no-wrap | |
4960 | -msgid "physdev" | |
4961 | -msgstr "physdev" | |
4962 | - | |
4963 | -#. type: Plain text | |
4964 | -#: original/man8/iptables-extensions.8:847 | |
4965 | -msgid "" | |
4966 | -"This module matches on the bridge port input and output devices enslaved to " | |
4967 | -"a bridge device. This module is a part of the infrastructure that enables a " | |
4968 | -"transparent bridging IP firewall and is only useful for kernel versions " | |
4969 | -"above version 2.5.44." | |
4970 | -msgstr "" | |
4971 | -"このモジュールは、ブリッジデバイスのスレーブにされた、 ブリッジポートの入出力" | |
4972 | -"デバイスにマッチする。 このモジュールは、ブリッジによる透過的な IP ファイア" | |
4973 | -"ウォールの基盤の一部であり、 カーネルバージョン 2.5.44 以降でのみ有効である。" | |
4974 | - | |
4975 | -#. type: TP | |
4976 | -#: original/man8/iptables-extensions.8:847 | |
4977 | -#, fuzzy, no-wrap | |
4978 | -#| msgid "B<--physdev-in name>" | |
4979 | -msgid "[B<!>] B<--physdev-in> I<name>" | |
4980 | -msgstr "B<--physdev-in name>" | |
4981 | - | |
4982 | -#. type: Plain text | |
4983 | -#: original/man8/iptables-extensions.8:858 | |
4984 | -msgid "" | |
4985 | -"Name of a bridge port via which a packet is received (only for packets " | |
4986 | -"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). If the " | |
4987 | -"interface name ends in a \"+\", then any interface which begins with this " | |
4988 | -"name will match. If the packet didn't arrive through a bridge device, this " | |
4989 | -"packet won't match this option, unless '!' is used." | |
4990 | -msgstr "" | |
4991 | -"パケットが受信されるブリッジのポート名 (B<INPUT>, B<FORWARD>, B<PREROUTING> " | |
4992 | -"チェインに入るパケットのみ)。 インターフェース名が \"+\" で終っている場合、 " | |
4993 | -"その名前で始まる任意のインターフェース名にマッチする。 ブリッジデバイスを通し" | |
4994 | -"て受け取られなかったパケットは、 \\&'!' が指定されていない限り、このオプショ" | |
4995 | -"ンにマッチしない。" | |
4996 | - | |
4997 | -#. type: TP | |
4998 | -#: original/man8/iptables-extensions.8:858 | |
4999 | -#, fuzzy, no-wrap | |
5000 | -#| msgid "B<--physdev-out name>" | |
5001 | -msgid "[B<!>] B<--physdev-out> I<name>" | |
5002 | -msgstr "B<--physdev-out name>" | |
5003 | - | |
5004 | -#. type: Plain text | |
5005 | -#: original/man8/iptables-extensions.8:875 | |
5006 | -#, fuzzy | |
5007 | -#| msgid "" | |
5008 | -#| "Name of a bridge port via which a packet is going to be sent (for packets " | |
5009 | -#| "entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). If the " | |
5010 | -#| "interface name ends in a \"+\", then any interface which begins with this " | |
5011 | -#| "name will match. Note that in the B<nat> and B<mangle> B<OUTPUT> chains " | |
5012 | -#| "one cannot match on the bridge output port, however one can in the " | |
5013 | -#| "B<filter OUTPUT> chain. If the packet won't leave by a bridge device or " | |
5014 | -#| "it is yet unknown what the output device will be, then the packet won't " | |
5015 | -#| "match this option, unless '!' is used." | |
5016 | -msgid "" | |
5017 | -"Name of a bridge port via which a packet is going to be sent (for packets " | |
5018 | -"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). If the " | |
5019 | -"interface name ends in a \"+\", then any interface which begins with this " | |
5020 | -"name will match. Note that in the B<nat> and B<mangle> B<OUTPUT> chains one " | |
5021 | -"cannot match on the bridge output port, however one can in the B<filter " | |
5022 | -"OUTPUT> chain. If the packet won't leave by a bridge device or if it is yet " | |
5023 | -"unknown what the output device will be, then the packet won't match this " | |
5024 | -"option, unless '!' is used." | |
5025 | -msgstr "" | |
5026 | -"パケットを送信することになるブリッジのポート名 (B<FORWARD>, B<OUTPUT>, " | |
5027 | -"B<POSTROUTING> チェインに入るパケットのみ)。 インターフェース名が \"+\" で" | |
5028 | -"終っている場合、 その名前で始まる任意のインターフェース名にマッチする。 " | |
5029 | -"B<nat> と B<mangle> テーブルの B<OUTPUT> チェインではブリッジの出力ポートに" | |
5030 | -"マッチさせることができないが、 B<filter> テーブルの B<OUPUT> チェインではマッ" | |
5031 | -"チ可能である。 パケットがブリッジデバイスから送られなかった場合、 またはパ" | |
5032 | -"ケットの出力デバイスが不明であった場合は、 \\&'!' が指定されていない限り、パ" | |
5033 | -"ケットはこのオプションにマッチしない。" | |
5034 | - | |
5035 | -#. type: TP | |
5036 | -#: original/man8/iptables-extensions.8:875 | |
5037 | -#, fuzzy, no-wrap | |
5038 | -#| msgid "B<--physdev-is-in>" | |
5039 | -msgid "[B<!>] B<--physdev-is-in>" | |
5040 | -msgstr "B<--physdev-is-in>" | |
5041 | - | |
5042 | -#. type: Plain text | |
5043 | -#: original/man8/iptables-extensions.8:878 | |
5044 | -msgid "Matches if the packet has entered through a bridge interface." | |
5045 | -msgstr "パケットがブリッジインターフェースに入った場合にマッチする。" | |
5046 | - | |
5047 | -#. type: TP | |
5048 | -#: original/man8/iptables-extensions.8:878 | |
5049 | -#, fuzzy, no-wrap | |
5050 | -#| msgid "B<--physdev-is-out>" | |
5051 | -msgid "[B<!>] B<--physdev-is-out>" | |
5052 | -msgstr "B<--physdev-is-out>" | |
5053 | - | |
5054 | -#. type: Plain text | |
5055 | -#: original/man8/iptables-extensions.8:881 | |
5056 | -msgid "Matches if the packet will leave through a bridge interface." | |
5057 | -msgstr "パケットがブリッジインターフェースから出ようとした場合にマッチする。" | |
5058 | - | |
5059 | -#. type: TP | |
5060 | -#: original/man8/iptables-extensions.8:881 | |
5061 | -#, fuzzy, no-wrap | |
5062 | -#| msgid "B<--physdev-is-bridged>" | |
5063 | -msgid "[B<!>] B<--physdev-is-bridged>" | |
5064 | -msgstr "B<--physdev-is-bridged>" | |
5065 | - | |
5066 | -#. type: Plain text | |
5067 | -#: original/man8/iptables-extensions.8:885 | |
5068 | -msgid "" | |
5069 | -"Matches if the packet is being bridged and therefore is not being routed. " | |
5070 | -"This is only useful in the FORWARD and POSTROUTING chains." | |
5071 | -msgstr "" | |
5072 | -"パケットがブリッジされることにより、 ルーティングされなかった場合にマッチす" | |
5073 | -"る。 これは FORWARD, POSTROUTING チェインにおいてのみ役立つ。" | |
5074 | - | |
5075 | -#. type: SS | |
5076 | -#: original/man8/iptables-extensions.8:885 | |
5077 | -#, no-wrap | |
5078 | -msgid "pkttype" | |
5079 | -msgstr "pkttype" | |
5080 | - | |
5081 | -#. type: Plain text | |
5082 | -#: original/man8/iptables-extensions.8:887 | |
5083 | -msgid "This module matches the link-layer packet type." | |
5084 | -msgstr "このモジュールは、リンク層のパケットタイプにマッチする。" | |
5085 | - | |
5086 | -#. type: TP | |
5087 | -#: original/man8/iptables-extensions.8:887 | |
5088 | -#, fuzzy, no-wrap | |
5089 | -#| msgid "B<--pkt-type >I<[unicast|broadcast|multicast]>" | |
5090 | -msgid "[B<!>] B<--pkt-type> {B<unicast>|B<broadcast>|B<multicast>}" | |
5091 | -msgstr "B<--pkt-type >I<[unicast|broadcast|multicast]>" | |
5092 | - | |
5093 | -#. type: SS | |
5094 | -#: original/man8/iptables-extensions.8:889 | |
5095 | -#, no-wrap | |
5096 | -msgid "policy" | |
5097 | -msgstr "" | |
5098 | - | |
5099 | -#. type: Plain text | |
5100 | -#: original/man8/iptables-extensions.8:891 | |
5101 | -#, fuzzy | |
5102 | -#| msgid "This module matches the SPIs in AH header of IPSec packets." | |
5103 | -msgid "This modules matches the policy used by IPsec for handling a packet." | |
5104 | -msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。" | |
5105 | - | |
5106 | -#. type: TP | |
5107 | -#: original/man8/iptables-extensions.8:891 | |
5108 | -#, no-wrap | |
5109 | -msgid "B<--dir> {B<in>|B<out>}" | |
5110 | -msgstr "" | |
5111 | - | |
5112 | -#. type: Plain text | |
5113 | -#: original/man8/iptables-extensions.8:903 | |
5114 | -msgid "" | |
5115 | -"Used to select whether to match the policy used for decapsulation or the " | |
5116 | -"policy that will be used for encapsulation. B<in> is valid in the " | |
5117 | -"B<PREROUTING, INPUT and FORWARD> chains, B<out> is valid in the " | |
5118 | -"B<POSTROUTING, OUTPUT and FORWARD> chains." | |
5119 | -msgstr "" | |
5120 | - | |
5121 | -#. type: TP | |
5122 | -#: original/man8/iptables-extensions.8:903 | |
5123 | -#, no-wrap | |
5124 | -msgid "B<--pol> {B<none>|B<ipsec>}" | |
5125 | -msgstr "" | |
5126 | - | |
5127 | -#. type: Plain text | |
5128 | -#: original/man8/iptables-extensions.8:907 | |
5129 | -msgid "" | |
5130 | -"Matches if the packet is subject to IPsec processing. B<--pol none> cannot " | |
5131 | -"be combined with B<--strict>." | |
5132 | -msgstr "" | |
5133 | - | |
5134 | -#. type: TP | |
5135 | -#: original/man8/iptables-extensions.8:907 | |
5136 | -#, no-wrap | |
5137 | -msgid "B<--strict>" | |
5138 | -msgstr "" | |
5139 | - | |
5140 | -#. type: Plain text | |
5141 | -#: original/man8/iptables-extensions.8:911 | |
5142 | -msgid "" | |
5143 | -"Selects whether to match the exact policy or match if any rule of the policy " | |
5144 | -"matches the given policy." | |
5145 | -msgstr "" | |
5146 | - | |
5147 | -#. type: Plain text | |
5148 | -#: original/man8/iptables-extensions.8:915 | |
5149 | -msgid "" | |
5150 | -"For each policy element that is to be described, one can use one or more of " | |
5151 | -"the following options. When B<--strict> is in effect, at least one must be " | |
5152 | -"used per element." | |
5153 | -msgstr "" | |
5154 | - | |
5155 | -#. type: TP | |
5156 | -#: original/man8/iptables-extensions.8:915 | |
5157 | -#, no-wrap | |
5158 | -msgid "[B<!>] B<--reqid> I<id>" | |
5159 | -msgstr "" | |
5160 | - | |
5161 | -#. type: Plain text | |
5162 | -#: original/man8/iptables-extensions.8:922 | |
5163 | -msgid "" | |
5164 | -"Matches the reqid of the policy rule. The reqid can be specified with " | |
5165 | -"B<setkey(8)> using B<unique:id> as level." | |
5166 | -msgstr "" | |
5167 | - | |
5168 | -#. type: TP | |
5169 | -#: original/man8/iptables-extensions.8:922 | |
5170 | -#, fuzzy, no-wrap | |
5171 | -#| msgid "B<--ahspi >[!] I<spi>[:I<spi>]" | |
5172 | -msgid "[B<!>] B<--spi> I<spi>" | |
5173 | -msgstr "B<--ahspi >[!] I<spi>[:I<spi>]" | |
5174 | - | |
5175 | -#. type: Plain text | |
5176 | -#: original/man8/iptables-extensions.8:925 | |
5177 | -msgid "Matches the SPI of the SA." | |
5178 | -msgstr "" | |
5179 | - | |
5180 | -#. type: TP | |
5181 | -#: original/man8/iptables-extensions.8:925 | |
5182 | -#, no-wrap | |
5183 | -msgid "[B<!>] B<--proto> {B<ah>|B<esp>|B<ipcomp>}" | |
5184 | -msgstr "" | |
5185 | - | |
5186 | -#. type: Plain text | |
5187 | -#: original/man8/iptables-extensions.8:928 | |
5188 | -msgid "Matches the encapsulation protocol." | |
5189 | -msgstr "" | |
5190 | - | |
5191 | -#. type: TP | |
5192 | -#: original/man8/iptables-extensions.8:928 | |
5193 | -#, no-wrap | |
5194 | -msgid "[B<!>] B<--mode> {B<tunnel>|B<transport>}" | |
5195 | -msgstr "" | |
5196 | - | |
5197 | -#. type: Plain text | |
5198 | -#: original/man8/iptables-extensions.8:931 | |
5199 | -#, fuzzy | |
5200 | -#| msgid "Matches the given TTL value." | |
5201 | -msgid "Matches the encapsulation mode." | |
5202 | -msgstr "指定された TTL 値にマッチする。" | |
5203 | - | |
5204 | -#. type: TP | |
5205 | -#: original/man8/iptables-extensions.8:931 | |
5206 | -#, fuzzy, no-wrap | |
5207 | -#| msgid "B<-s, --source >[!] I<address>[/I<mask>]" | |
5208 | -msgid "[B<!>] B<--tunnel-src> I<addr>[B</>I<mask>]" | |
5209 | -msgstr "B<-s, --source >[!] I<address>[/I<mask>]" | |
5210 | - | |
5211 | -#. type: Plain text | |
5212 | -#: original/man8/iptables-extensions.8:935 | |
5213 | -msgid "" | |
5214 | -"Matches the source end-point address of a tunnel mode SA. Only valid with " | |
5215 | -"B<--mode tunnel>." | |
5216 | -msgstr "" | |
5217 | - | |
5218 | -#. type: TP | |
5219 | -#: original/man8/iptables-extensions.8:935 | |
5220 | -#, fuzzy, no-wrap | |
5221 | -#| msgid "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>" | |
5222 | -msgid "[B<!>] B<--tunnel-dst> I<addr>[B</>I<mask>]" | |
5223 | -msgstr "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>" | |
5224 | - | |
5225 | -#. type: Plain text | |
5226 | -#: original/man8/iptables-extensions.8:939 | |
5227 | -msgid "" | |
5228 | -"Matches the destination end-point address of a tunnel mode SA. Only valid " | |
5229 | -"with B<--mode tunnel>." | |
5230 | -msgstr "" | |
5231 | - | |
5232 | -#. type: TP | |
5233 | -#: original/man8/iptables-extensions.8:939 | |
5234 | -#, no-wrap | |
5235 | -msgid "B<--next>" | |
5236 | -msgstr "" | |
5237 | - | |
5238 | -#. type: Plain text | |
5239 | -#: original/man8/iptables-extensions.8:943 | |
5240 | -msgid "" | |
5241 | -"Start the next element in the policy specification. Can only be used with " | |
5242 | -"B<--strict>." | |
5243 | -msgstr "" | |
5244 | - | |
5245 | -#. type: SS | |
5246 | -#: original/man8/iptables-extensions.8:943 | |
5247 | -#, no-wrap | |
5248 | -msgid "quota" | |
5249 | -msgstr "" | |
5250 | - | |
5251 | -#. type: Plain text | |
5252 | -#: original/man8/iptables-extensions.8:948 | |
5253 | -msgid "" | |
5254 | -"Implements network quotas by decrementing a byte counter with each packet. " | |
5255 | -"The condition matches until the byte counter reaches zero. Behavior is " | |
5256 | -"reversed with negation (i.e. the condition does not match until the byte " | |
5257 | -"counter reaches zero)." | |
5258 | -msgstr "" | |
5259 | - | |
5260 | -#. type: TP | |
5261 | -#: original/man8/iptables-extensions.8:948 | |
5262 | -#, fuzzy, no-wrap | |
5263 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
5264 | -msgid "[B<!>] B<--quota> I<bytes>" | |
5265 | -msgstr "B<-t>, B<--table> B<tablename>" | |
5266 | - | |
5267 | -#. type: Plain text | |
5268 | -#: original/man8/iptables-extensions.8:951 | |
5269 | -msgid "The quota in bytes." | |
5270 | -msgstr "" | |
5271 | - | |
5272 | -#. type: SS | |
5273 | -#: original/man8/iptables-extensions.8:951 | |
5274 | -#, no-wrap | |
5275 | -msgid "rateest" | |
5276 | -msgstr "" | |
5277 | - | |
5278 | -#. type: Plain text | |
5279 | -#: original/man8/iptables-extensions.8:955 | |
5280 | -msgid "" | |
5281 | -"The rate estimator can match on estimated rates as collected by the RATEEST " | |
5282 | -"target. It supports matching on absolute bps/pps values, comparing two rate " | |
5283 | -"estimators and matching on the difference between two rate estimators." | |
5284 | -msgstr "" | |
5285 | - | |
5286 | -#. * Absolute: | |
5287 | -#. type: Plain text | |
5288 | -#: original/man8/iptables-extensions.8:959 | |
5289 | -msgid "" | |
5290 | -"For a better understanding of the available options, these are all possible " | |
5291 | -"combinations:" | |
5292 | -msgstr "" | |
5293 | - | |
5294 | -#. type: Plain text | |
5295 | -#: original/man8/iptables-extensions.8:961 | |
5296 | -msgid "B<rateest> I<operator> B<rateest-bps>" | |
5297 | -msgstr "" | |
5298 | - | |
5299 | -#. * Absolute + Delta: | |
5300 | -#. type: Plain text | |
5301 | -#: original/man8/iptables-extensions.8:964 | |
5302 | -msgid "B<rateest> I<operator> B<rateest-pps>" | |
5303 | -msgstr "" | |
5304 | - | |
5305 | -#. type: Plain text | |
5306 | -#: original/man8/iptables-extensions.8:966 | |
5307 | -msgid "(B<rateest> minus B<rateest-bps1>) I<operator> B<rateest-bps2>" | |
5308 | -msgstr "" | |
5309 | - | |
5310 | -#. * Relative: | |
5311 | -#. type: Plain text | |
5312 | -#: original/man8/iptables-extensions.8:969 | |
5313 | -msgid "(B<rateest> minus B<rateest-pps1>) I<operator> B<rateest-pps2>" | |
5314 | -msgstr "" | |
5315 | - | |
5316 | -#. type: Plain text | |
5317 | -#: original/man8/iptables-extensions.8:971 | |
5318 | -msgid "B<rateest1> I<operator> B<rateest2> B<rateest-bps>(without rate!)" | |
5319 | -msgstr "" | |
5320 | - | |
5321 | -#. * Relative + Delta: | |
5322 | -#. type: Plain text | |
5323 | -#: original/man8/iptables-extensions.8:974 | |
5324 | -msgid "B<rateest1> I<operator> B<rateest2> B<rateest-pps>(without rate!)" | |
5325 | -msgstr "" | |
5326 | - | |
5327 | -#. type: Plain text | |
5328 | -#: original/man8/iptables-extensions.8:977 | |
5329 | -msgid "" | |
5330 | -"(B<rateest1> minus B<rateest-bps1>) I<operator> (B<rateest2> minus B<rateest-" | |
5331 | -"bps2>)" | |
5332 | -msgstr "" | |
5333 | - | |
5334 | -#. type: Plain text | |
5335 | -#: original/man8/iptables-extensions.8:980 | |
5336 | -msgid "" | |
5337 | -"(B<rateest1> minus B<rateest-pps1>) I<operator> (B<rateest2> minus B<rateest-" | |
5338 | -"pps2>)" | |
5339 | -msgstr "" | |
5340 | - | |
5341 | -#. type: TP | |
5342 | -#: original/man8/iptables-extensions.8:980 | |
5343 | -#, no-wrap | |
5344 | -msgid "B<--rateest-delta>" | |
5345 | -msgstr "" | |
5346 | - | |
5347 | -#. type: Plain text | |
5348 | -#: original/man8/iptables-extensions.8:987 | |
5349 | -msgid "" | |
5350 | -"For each estimator (either absolute or relative mode), calculate the " | |
5351 | -"difference between the estimator-determined flow rate and the static value " | |
5352 | -"chosen with the BPS/PPS options. If the flow rate is higher than the " | |
5353 | -"specified BPS/PPS, 0 will be used instead of a negative value. In other " | |
5354 | -"words, \"max(0, rateest#_rate - rateest#_bps)\" is used." | |
5355 | -msgstr "" | |
5356 | - | |
5357 | -#. type: TP | |
5358 | -#: original/man8/iptables-extensions.8:987 | |
5359 | -#, no-wrap | |
5360 | -msgid "[B<!>] B<--rateest-lt>" | |
5361 | -msgstr "" | |
5362 | - | |
5363 | -#. type: Plain text | |
5364 | -#: original/man8/iptables-extensions.8:990 | |
5365 | -msgid "Match if rate is less than given rate/estimator." | |
5366 | -msgstr "" | |
5367 | - | |
5368 | -#. type: TP | |
5369 | -#: original/man8/iptables-extensions.8:990 | |
5370 | -#, no-wrap | |
5371 | -msgid "[B<!>] B<--rateest-gt>" | |
5372 | -msgstr "" | |
5373 | - | |
5374 | -#. type: Plain text | |
5375 | -#: original/man8/iptables-extensions.8:993 | |
5376 | -msgid "Match if rate is greater than given rate/estimator." | |
5377 | -msgstr "" | |
5378 | - | |
5379 | -#. type: TP | |
5380 | -#: original/man8/iptables-extensions.8:993 | |
5381 | -#, no-wrap | |
5382 | -msgid "[B<!>] B<--rateest-eq>" | |
5383 | -msgstr "" | |
5384 | - | |
5385 | -#. type: Plain text | |
5386 | -#: original/man8/iptables-extensions.8:996 | |
5387 | -msgid "Match if rate is equal to given rate/estimator." | |
5388 | -msgstr "" | |
5389 | - | |
5390 | -#. type: Plain text | |
5391 | -#: original/man8/iptables-extensions.8:1000 | |
5392 | -msgid "" | |
5393 | -"In the so-called \"absolute mode\", only one rate estimator is used and " | |
5394 | -"compared against a static value, while in \"relative mode\", two rate " | |
5395 | -"estimators are compared against another." | |
5396 | -msgstr "" | |
5397 | - | |
5398 | -#. type: TP | |
5399 | -#: original/man8/iptables-extensions.8:1000 | |
5400 | -#, fuzzy, no-wrap | |
5401 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
5402 | -msgid "B<--rateest> I<name>" | |
5403 | -msgstr "B<-t>, B<--table> B<tablename>" | |
5404 | - | |
5405 | -#. type: Plain text | |
5406 | -#: original/man8/iptables-extensions.8:1003 | |
5407 | -msgid "Name of the one rate estimator for absolute mode." | |
5408 | -msgstr "" | |
5409 | - | |
5410 | -#. type: TP | |
5411 | -#: original/man8/iptables-extensions.8:1003 | |
5412 | -#, fuzzy, no-wrap | |
5413 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
5414 | -msgid "B<--rateest1> I<name>" | |
5415 | -msgstr "B<-t>, B<--table> B<tablename>" | |
5416 | - | |
5417 | -#. type: TP | |
5418 | -#: original/man8/iptables-extensions.8:1005 | |
5419 | -#, fuzzy, no-wrap | |
5420 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
5421 | -msgid "B<--rateest2> I<name>" | |
5422 | -msgstr "B<-t>, B<--table> B<tablename>" | |
5423 | - | |
5424 | -#. type: Plain text | |
5425 | -#: original/man8/iptables-extensions.8:1008 | |
5426 | -msgid "The names of the two rate estimators for relative mode." | |
5427 | -msgstr "" | |
5428 | - | |
5429 | -#. type: TP | |
5430 | -#: original/man8/iptables-extensions.8:1008 | |
5431 | -#, fuzzy, no-wrap | |
5432 | -#| msgid "B<--set-mss >I<value>" | |
5433 | -msgid "B<--rateest-bps> [I<value>]" | |
5434 | -msgstr "B<--set-mss >I<value>" | |
5435 | - | |
5436 | -#. type: TP | |
5437 | -#: original/man8/iptables-extensions.8:1010 | |
5438 | -#, fuzzy, no-wrap | |
5439 | -#| msgid "B<--set-mss >I<value>" | |
5440 | -msgid "B<--rateest-pps> [I<value>]" | |
5441 | -msgstr "B<--set-mss >I<value>" | |
5442 | - | |
5443 | -#. type: TP | |
5444 | -#: original/man8/iptables-extensions.8:1012 | |
5445 | -#, fuzzy, no-wrap | |
5446 | -#| msgid "B<--set-mss >I<value>" | |
5447 | -msgid "B<--rateest-bps1> [I<value>]" | |
5448 | -msgstr "B<--set-mss >I<value>" | |
5449 | - | |
5450 | -#. type: TP | |
5451 | -#: original/man8/iptables-extensions.8:1014 | |
5452 | -#, fuzzy, no-wrap | |
5453 | -#| msgid "B<--set-mss >I<value>" | |
5454 | -msgid "B<--rateest-bps2> [I<value>]" | |
5455 | -msgstr "B<--set-mss >I<value>" | |
5456 | - | |
5457 | -#. type: TP | |
5458 | -#: original/man8/iptables-extensions.8:1016 | |
5459 | -#, fuzzy, no-wrap | |
5460 | -#| msgid "B<--set-mss >I<value>" | |
5461 | -msgid "B<--rateest-pps1> [I<value>]" | |
5462 | -msgstr "B<--set-mss >I<value>" | |
5463 | - | |
5464 | -#. type: TP | |
5465 | -#: original/man8/iptables-extensions.8:1018 | |
5466 | -#, fuzzy, no-wrap | |
5467 | -#| msgid "B<--set-mss >I<value>" | |
5468 | -msgid "B<--rateest-pps2> [I<value>]" | |
5469 | -msgstr "B<--set-mss >I<value>" | |
5470 | - | |
5471 | -#. type: Plain text | |
5472 | -#: original/man8/iptables-extensions.8:1024 | |
5473 | -msgid "" | |
5474 | -"Compare the estimator(s) by bytes or packets per second, and compare against " | |
5475 | -"the chosen value. See the above bullet list for which option is to be used " | |
5476 | -"in which case. A unit suffix may be used - available ones are: bit, [kmgt]" | |
5477 | -"bit, [KMGT]ibit, Bps, [KMGT]Bps, [KMGT]iBps." | |
5478 | -msgstr "" | |
5479 | - | |
5480 | -#. type: Plain text | |
5481 | -#: original/man8/iptables-extensions.8:1028 | |
5482 | -msgid "" | |
5483 | -"Example: This is what can be used to route outgoing data connections from an " | |
5484 | -"FTP server over two lines based on the available bandwidth at the time the " | |
5485 | -"data connection was started:" | |
5486 | -msgstr "" | |
5487 | - | |
5488 | -#. type: Plain text | |
5489 | -#: original/man8/iptables-extensions.8:1030 | |
5490 | -msgid "# Estimate outgoing rates" | |
5491 | -msgstr "" | |
5492 | - | |
5493 | -#. type: Plain text | |
5494 | -#: original/man8/iptables-extensions.8:1033 | |
5495 | -msgid "" | |
5496 | -"iptables -t mangle -A POSTROUTING -o eth0 -j RATEEST --rateest-name eth0 --" | |
5497 | -"rateest-interval 250ms --rateest-ewma 0.5s" | |
5498 | -msgstr "" | |
5499 | - | |
5500 | -#. type: Plain text | |
5501 | -#: original/man8/iptables-extensions.8:1036 | |
5502 | -msgid "" | |
5503 | -"iptables -t mangle -A POSTROUTING -o ppp0 -j RATEEST --rateest-name ppp0 --" | |
5504 | -"rateest-interval 250ms --rateest-ewma 0.5s" | |
5505 | -msgstr "" | |
5506 | - | |
5507 | -#. type: Plain text | |
5508 | -#: original/man8/iptables-extensions.8:1038 | |
5509 | -msgid "# Mark based on available bandwidth" | |
5510 | -msgstr "" | |
5511 | - | |
5512 | -#. type: Plain text | |
5513 | -#: original/man8/iptables-extensions.8:1042 | |
5514 | -msgid "" | |
5515 | -"iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper " | |
5516 | -"ftp -m rateest --rateest-delta --rateest1 eth0 --rateest-bps1 2.5mbit --" | |
5517 | -"rateest-gt --rateest2 ppp0 --rateest-bps2 2mbit -j CONNMARK --set-mark 1" | |
5518 | -msgstr "" | |
5519 | - | |
5520 | -#. type: Plain text | |
5521 | -#: original/man8/iptables-extensions.8:1046 | |
5522 | -msgid "" | |
5523 | -"iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper " | |
5524 | -"ftp -m rateest --rateest-delta --rateest1 ppp0 --rateest-bps1 2mbit --" | |
5525 | -"rateest-gt --rateest2 eth0 --rateest-bps2 2.5mbit -j CONNMARK --set-mark 2" | |
5526 | -msgstr "" | |
5527 | - | |
5528 | -#. type: Plain text | |
5529 | -#: original/man8/iptables-extensions.8:1048 | |
5530 | -msgid "iptables -t mangle -A balance -j CONNMARK --restore-mark" | |
5531 | -msgstr "" | |
5532 | - | |
5533 | -#. type: SS | |
5534 | -#: original/man8/iptables-extensions.8:1048 | |
5535 | -#, no-wrap | |
5536 | -msgid "realm (IPv4-specific)" | |
5537 | -msgstr "" | |
5538 | - | |
5539 | -#. type: Plain text | |
5540 | -#: original/man8/iptables-extensions.8:1051 | |
5541 | -msgid "" | |
5542 | -"This matches the routing realm. Routing realms are used in complex routing " | |
5543 | -"setups involving dynamic routing protocols like BGP." | |
5544 | -msgstr "" | |
5545 | - | |
5546 | -#. type: TP | |
5547 | -#: original/man8/iptables-extensions.8:1051 | |
5548 | -#, fuzzy, no-wrap | |
5549 | -#| msgid "B<--mark >I<value>[/I<mask>]" | |
5550 | -msgid "[B<!>] B<--realm> I<value>[B</>I<mask>]" | |
5551 | -msgstr "B<--mark >I<value>[/I<mask>]" | |
5552 | - | |
5553 | -#. type: Plain text | |
5554 | -#: original/man8/iptables-extensions.8:1056 | |
5555 | -msgid "" | |
5556 | -"Matches a given realm number (and optionally mask). If not a number, value " | |
5557 | -"can be a named realm from /etc/iproute2/rt_realms (mask can not be used in " | |
5558 | -"that case)." | |
5559 | -msgstr "" | |
5560 | - | |
5561 | -#. type: SS | |
5562 | -#: original/man8/iptables-extensions.8:1056 | |
5563 | -#, no-wrap | |
5564 | -msgid "recent" | |
5565 | -msgstr "" | |
5566 | - | |
5567 | -#. type: Plain text | |
5568 | -#: original/man8/iptables-extensions.8:1059 | |
5569 | -msgid "" | |
5570 | -"Allows you to dynamically create a list of IP addresses and then match " | |
5571 | -"against that list in a few different ways." | |
5572 | -msgstr "" | |
5573 | - | |
5574 | -#. type: Plain text | |
5575 | -#: original/man8/iptables-extensions.8:1063 | |
5576 | -msgid "" | |
5577 | -"For example, you can create a \"badguy\" list out of people attempting to " | |
5578 | -"connect to port 139 on your firewall and then DROP all future packets from " | |
5579 | -"them without considering them." | |
5580 | -msgstr "" | |
5581 | - | |
5582 | -#. type: Plain text | |
5583 | -#: original/man8/iptables-extensions.8:1066 | |
5584 | -msgid "" | |
5585 | -"B<--set>, B<--rcheck>, B<--update> and B<--remove> are mutually exclusive." | |
5586 | -msgstr "" | |
5587 | - | |
5588 | -#. type: TP | |
5589 | -#: original/man8/iptables-extensions.8:1066 | |
5590 | -#, fuzzy, no-wrap | |
5591 | -#| msgid "B<--cmd-owner >I<name>" | |
5592 | -msgid "B<--name> I<name>" | |
5593 | -msgstr "B<--cmd-owner >I<name>" | |
5594 | - | |
5595 | -#. type: Plain text | |
5596 | -#: original/man8/iptables-extensions.8:1070 | |
5597 | -msgid "" | |
5598 | -"Specify the list to use for the commands. If no name is given then " | |
5599 | -"B<DEFAULT> will be used." | |
5600 | -msgstr "" | |
5601 | - | |
5602 | -#. type: TP | |
5603 | -#: original/man8/iptables-extensions.8:1070 | |
5604 | -#, fuzzy, no-wrap | |
5605 | -#| msgid "B<-v, --verbose>" | |
5606 | -msgid "[B<!>] B<--set>" | |
5607 | -msgstr "B<-v, --verbose>" | |
5608 | - | |
5609 | -#. type: Plain text | |
5610 | -#: original/man8/iptables-extensions.8:1075 | |
5611 | -msgid "" | |
5612 | -"This will add the source address of the packet to the list. If the source " | |
5613 | -"address is already in the list, this will update the existing entry. This " | |
5614 | -"will always return success (or failure if B<!> is passed in)." | |
5615 | -msgstr "" | |
5616 | - | |
5617 | -#. type: TP | |
5618 | -#: original/man8/iptables-extensions.8:1075 | |
5619 | -#, no-wrap | |
5620 | -msgid "B<--rsource>" | |
5621 | -msgstr "" | |
5622 | - | |
5623 | -#. type: Plain text | |
5624 | -#: original/man8/iptables-extensions.8:1079 | |
5625 | -msgid "" | |
5626 | -"Match/save the source address of each packet in the recent list table. This " | |
5627 | -"is the default." | |
5628 | -msgstr "" | |
5629 | - | |
5630 | -#. type: TP | |
5631 | -#: original/man8/iptables-extensions.8:1079 | |
5632 | -#, fuzzy, no-wrap | |
5633 | -#| msgid "B<--physdev-is-out>" | |
5634 | -msgid "B<--rdest>" | |
5635 | -msgstr "B<--physdev-is-out>" | |
5636 | - | |
5637 | -#. type: Plain text | |
5638 | -#: original/man8/iptables-extensions.8:1082 | |
5639 | -msgid "" | |
5640 | -"Match/save the destination address of each packet in the recent list table." | |
5641 | -msgstr "" | |
5642 | - | |
5643 | -#. type: TP | |
5644 | -#: original/man8/iptables-extensions.8:1082 | |
5645 | -#, no-wrap | |
5646 | -msgid "B<--mask>netmask" | |
5647 | -msgstr "" | |
5648 | - | |
5649 | -#. type: Plain text | |
5650 | -#: original/man8/iptables-extensions.8:1085 | |
5651 | -msgid "Netmask that will be applied to this recent list." | |
5652 | -msgstr "" | |
5653 | - | |
5654 | -#. type: TP | |
5655 | -#: original/man8/iptables-extensions.8:1085 | |
5656 | -#, fuzzy, no-wrap | |
5657 | -#| msgid "B<-c>, B<--counters>" | |
5658 | -msgid "[B<!>] B<--rcheck>" | |
5659 | -msgstr "B<-c>, B<--counters>" | |
5660 | - | |
5661 | -#. type: Plain text | |
5662 | -#: original/man8/iptables-extensions.8:1088 | |
5663 | -msgid "Check if the source address of the packet is currently in the list." | |
5664 | -msgstr "" | |
5665 | - | |
5666 | -#. type: TP | |
5667 | -#: original/man8/iptables-extensions.8:1088 | |
5668 | -#, fuzzy, no-wrap | |
5669 | -#| msgid "B<-c>, B<--counters>" | |
5670 | -msgid "[B<!>] B<--update>" | |
5671 | -msgstr "B<-c>, B<--counters>" | |
5672 | - | |
5673 | -#. type: Plain text | |
5674 | -#: original/man8/iptables-extensions.8:1092 | |
5675 | -msgid "" | |
5676 | -"Like B<--rcheck>, except it will update the \"last seen\" timestamp if it " | |
5677 | -"matches." | |
5678 | -msgstr "" | |
5679 | - | |
5680 | -#. type: TP | |
5681 | -#: original/man8/iptables-extensions.8:1092 | |
5682 | -#, fuzzy, no-wrap | |
5683 | -#| msgid "B<-v, --verbose>" | |
5684 | -msgid "[B<!>] B<--remove>" | |
5685 | -msgstr "B<-v, --verbose>" | |
5686 | - | |
5687 | -#. type: Plain text | |
5688 | -#: original/man8/iptables-extensions.8:1097 | |
5689 | -msgid "" | |
5690 | -"Check if the source address of the packet is currently in the list and if so " | |
5691 | -"that address will be removed from the list and the rule will return true. If " | |
5692 | -"the address is not found, false is returned." | |
5693 | -msgstr "" | |
5694 | - | |
5695 | -#. type: TP | |
5696 | -#: original/man8/iptables-extensions.8:1097 | |
5697 | -#, fuzzy, no-wrap | |
5698 | -#| msgid "B<--set-tos >I<tos>" | |
5699 | -msgid "B<--seconds> I<seconds>" | |
5700 | -msgstr "B<--set-tos >I<tos>" | |
5701 | - | |
5702 | -#. type: Plain text | |
5703 | -#: original/man8/iptables-extensions.8:1102 | |
5704 | -msgid "" | |
5705 | -"This option must be used in conjunction with one of B<--rcheck> or B<--" | |
5706 | -"update>. When used, this will narrow the match to only happen when the " | |
5707 | -"address is in the list and was seen within the last given number of seconds." | |
5708 | -msgstr "" | |
5709 | - | |
5710 | -#. type: TP | |
5711 | -#: original/man8/iptables-extensions.8:1102 | |
5712 | -#, no-wrap | |
5713 | -msgid "B<--reap>" | |
5714 | -msgstr "" | |
5715 | - | |
5716 | -#. type: Plain text | |
5717 | -#: original/man8/iptables-extensions.8:1107 | |
5718 | -msgid "" | |
5719 | -"This option can only be used in conjunction with B<--seconds>. When used, " | |
5720 | -"this will cause entries older than the last given number of seconds to be " | |
5721 | -"purged." | |
5722 | -msgstr "" | |
5723 | - | |
5724 | -#. type: TP | |
5725 | -#: original/man8/iptables-extensions.8:1107 | |
5726 | -#, fuzzy, no-wrap | |
5727 | -#| msgid "B<--tos >I<tos>" | |
5728 | -msgid "B<--hitcount> I<hits>" | |
5729 | -msgstr "B<--tos >I<tos>" | |
5730 | - | |
5731 | -#. type: Plain text | |
5732 | -#: original/man8/iptables-extensions.8:1117 | |
5733 | -msgid "" | |
5734 | -"This option must be used in conjunction with one of B<--rcheck> or B<--" | |
5735 | -"update>. When used, this will narrow the match to only happen when the " | |
5736 | -"address is in the list and packets had been received greater than or equal " | |
5737 | -"to the given value. This option may be used along with B<--seconds> to " | |
5738 | -"create an even narrower match requiring a certain number of hits within a " | |
5739 | -"specific time frame. The maximum value for the hitcount parameter is given " | |
5740 | -"by the \"ip_pkt_list_tot\" parameter of the xt_recent kernel module. " | |
5741 | -"Exceeding this value on the command line will cause the rule to be rejected." | |
5742 | -msgstr "" | |
5743 | - | |
5744 | -#. type: TP | |
5745 | -#: original/man8/iptables-extensions.8:1117 | |
5746 | -#, fuzzy, no-wrap | |
5747 | -#| msgid "B<--ttl >I<ttl>" | |
5748 | -msgid "B<--rttl>" | |
5749 | -msgstr "B<--ttl >I<ttl>" | |
5750 | - | |
5751 | -#. type: Plain text | |
5752 | -#: original/man8/iptables-extensions.8:1125 | |
5753 | -msgid "" | |
5754 | -"This option may only be used in conjunction with one of B<--rcheck> or B<--" | |
5755 | -"update>. When used, this will narrow the match to only happen when the " | |
5756 | -"address is in the list and the TTL of the current packet matches that of the " | |
5757 | -"packet which hit the B<--set> rule. This may be useful if you have problems " | |
5758 | -"with people faking their source address in order to DoS you via this module " | |
5759 | -"by disallowing others access to your site by sending bogus packets to you." | |
5760 | -msgstr "" | |
5761 | - | |
5762 | -#. type: Plain text | |
5763 | -#: original/man8/iptables-extensions.8:1129 | |
5764 | -msgid "" | |
5765 | -"iptables -A FORWARD -m recent --name badguy --rcheck --seconds 60 -j DROP" | |
5766 | -msgstr "" | |
5767 | - | |
5768 | -#. type: Plain text | |
5769 | -#: original/man8/iptables-extensions.8:1131 | |
5770 | -msgid "" | |
5771 | -"iptables -A FORWARD -p tcp -i eth0 --dport 139 -m recent --name badguy --set " | |
5772 | -"-j DROP" | |
5773 | -msgstr "" | |
5774 | - | |
5775 | -#. type: Plain text | |
5776 | -#: original/man8/iptables-extensions.8:1134 | |
5777 | -msgid "" | |
5778 | -"Steve's ipt_recent website (http://snowman.net/projects/ipt_recent/) also " | |
5779 | -"has some examples of usage." | |
5780 | -msgstr "" | |
5781 | - | |
5782 | -#. type: Plain text | |
5783 | -#: original/man8/iptables-extensions.8:1137 | |
5784 | -msgid "" | |
5785 | -"B</proc/net/xt_recent/*> are the current lists of addresses and information " | |
5786 | -"about each entry of each list." | |
5787 | -msgstr "" | |
5788 | - | |
5789 | -#. type: Plain text | |
5790 | -#: original/man8/iptables-extensions.8:1140 | |
5791 | -msgid "" | |
5792 | -"Each file in B</proc/net/xt_recent/> can be read from to see the current " | |
5793 | -"list or written two using the following commands to modify the list:" | |
5794 | -msgstr "" | |
5795 | - | |
5796 | -#. type: TP | |
5797 | -#: original/man8/iptables-extensions.8:1140 | |
5798 | -#, no-wrap | |
5799 | -msgid "B<echo +>I<addr>B< E<gt>/proc/net/xt_recent/DEFAULT>" | |
5800 | -msgstr "" | |
5801 | - | |
5802 | -#. type: Plain text | |
5803 | -#: original/man8/iptables-extensions.8:1143 | |
5804 | -msgid "to add I<addr> to the DEFAULT list" | |
5805 | -msgstr "" | |
5806 | - | |
5807 | -#. type: TP | |
5808 | -#: original/man8/iptables-extensions.8:1143 | |
5809 | -#, no-wrap | |
5810 | -msgid "B<echo ->I<addr>B< E<gt>/proc/net/xt_recent/DEFAULT>" | |
5811 | -msgstr "" | |
5812 | - | |
5813 | -#. type: Plain text | |
5814 | -#: original/man8/iptables-extensions.8:1146 | |
5815 | -msgid "to remove I<addr> from the DEFAULT list" | |
5816 | -msgstr "" | |
5817 | - | |
5818 | -#. type: TP | |
5819 | -#: original/man8/iptables-extensions.8:1146 | |
5820 | -#, no-wrap | |
5821 | -msgid "B<echo / E<gt>/proc/net/xt_recent/DEFAULT>" | |
5822 | -msgstr "" | |
5823 | - | |
5824 | -#. type: Plain text | |
5825 | -#: original/man8/iptables-extensions.8:1149 | |
5826 | -msgid "to flush the DEFAULT list (remove all entries)." | |
5827 | -msgstr "" | |
5828 | - | |
5829 | -#. type: Plain text | |
5830 | -#: original/man8/iptables-extensions.8:1151 | |
5831 | -msgid "The module itself accepts parameters, defaults shown:" | |
5832 | -msgstr "" | |
5833 | - | |
5834 | -#. type: TP | |
5835 | -#: original/man8/iptables-extensions.8:1151 | |
5836 | -#, no-wrap | |
5837 | -msgid "B<ip_list_tot>=I<100>" | |
5838 | -msgstr "" | |
5839 | - | |
5840 | -#. type: Plain text | |
5841 | -#: original/man8/iptables-extensions.8:1154 | |
5842 | -msgid "Number of addresses remembered per table." | |
5843 | -msgstr "" | |
5844 | - | |
5845 | -#. type: TP | |
5846 | -#: original/man8/iptables-extensions.8:1154 | |
5847 | -#, no-wrap | |
5848 | -msgid "B<ip_pkt_list_tot>=I<20>" | |
5849 | -msgstr "" | |
5850 | - | |
5851 | -#. type: Plain text | |
5852 | -#: original/man8/iptables-extensions.8:1157 | |
5853 | -msgid "Number of packets per address remembered." | |
5854 | -msgstr "" | |
5855 | - | |
5856 | -#. type: TP | |
5857 | -#: original/man8/iptables-extensions.8:1157 | |
5858 | -#, no-wrap | |
5859 | -msgid "B<ip_list_hash_size>=I<0>" | |
5860 | -msgstr "" | |
5861 | - | |
5862 | -#. type: Plain text | |
5863 | -#: original/man8/iptables-extensions.8:1160 | |
5864 | -msgid "" | |
5865 | -"Hash table size. 0 means to calculate it based on ip_list_tot, default: 512." | |
5866 | -msgstr "" | |
5867 | - | |
5868 | -#. type: TP | |
5869 | -#: original/man8/iptables-extensions.8:1160 | |
5870 | -#, no-wrap | |
5871 | -msgid "B<ip_list_perms>=I<0644>" | |
5872 | -msgstr "" | |
5873 | - | |
5874 | -#. type: Plain text | |
5875 | -#: original/man8/iptables-extensions.8:1163 | |
5876 | -msgid "Permissions for /proc/net/xt_recent/* files." | |
5877 | -msgstr "" | |
5878 | - | |
5879 | -#. type: TP | |
5880 | -#: original/man8/iptables-extensions.8:1163 | |
5881 | -#, no-wrap | |
5882 | -msgid "B<ip_list_uid>=I<0>" | |
5883 | -msgstr "" | |
5884 | - | |
5885 | -#. type: Plain text | |
5886 | -#: original/man8/iptables-extensions.8:1166 | |
5887 | -msgid "Numerical UID for ownership of /proc/net/xt_recent/* files." | |
5888 | -msgstr "" | |
5889 | - | |
5890 | -#. type: TP | |
5891 | -#: original/man8/iptables-extensions.8:1166 | |
5892 | -#, no-wrap | |
5893 | -msgid "B<ip_list_gid>=I<0>" | |
5894 | -msgstr "" | |
5895 | - | |
5896 | -#. type: Plain text | |
5897 | -#: original/man8/iptables-extensions.8:1169 | |
5898 | -msgid "Numerical GID for ownership of /proc/net/xt_recent/* files." | |
5899 | -msgstr "" | |
5900 | - | |
5901 | -#. type: SS | |
5902 | -#: original/man8/iptables-extensions.8:1169 | |
5903 | -#, fuzzy, no-wrap | |
5904 | -#| msgid "B<filter>:" | |
5905 | -msgid "rpfilter" | |
5906 | -msgstr "B<filter>:" | |
5907 | - | |
5908 | -#. type: Plain text | |
5909 | -#: original/man8/iptables-extensions.8:1178 | |
5910 | -msgid "" | |
5911 | -"Performs a reverse path filter test on a packet. If a reply to the packet " | |
5912 | -"would be sent via the same interface that the packet arrived on, the packet " | |
5913 | -"will match. Note that, unlike the in-kernel rp_filter, packets protected by " | |
5914 | -"IPSec are not treated specially. Combine this match with the policy match " | |
5915 | -"if you want this. Also, packets arriving via the loopback interface are " | |
5916 | -"always permitted. This match can only be used in the PREROUTING chain of " | |
5917 | -"the raw or mangle table." | |
5918 | -msgstr "" | |
5919 | - | |
5920 | -#. type: TP | |
5921 | -#: original/man8/iptables-extensions.8:1178 | |
5922 | -#, fuzzy, no-wrap | |
5923 | -#| msgid "B<--tos >I<tos>" | |
5924 | -msgid "B<--loose>" | |
5925 | -msgstr "B<--tos >I<tos>" | |
5926 | - | |
5927 | -#. type: Plain text | |
5928 | -#: original/man8/iptables-extensions.8:1182 | |
5929 | -msgid "" | |
5930 | -"Used to specifiy that the reverse path filter test should match even if the " | |
5931 | -"selected output device is not the expected one." | |
5932 | -msgstr "" | |
5933 | - | |
5934 | -#. type: TP | |
5935 | -#: original/man8/iptables-extensions.8:1182 | |
5936 | -#, no-wrap | |
5937 | -msgid "B<--validmark>" | |
5938 | -msgstr "" | |
5939 | - | |
5940 | -#. type: Plain text | |
5941 | -#: original/man8/iptables-extensions.8:1185 | |
5942 | -msgid "" | |
5943 | -"Also use the packets' nfmark value when performing the reverse path route " | |
5944 | -"lookup." | |
5945 | -msgstr "" | |
5946 | - | |
5947 | -#. type: TP | |
5948 | -#: original/man8/iptables-extensions.8:1185 | |
5949 | -#, no-wrap | |
5950 | -msgid "B<--accept-local>" | |
5951 | -msgstr "" | |
5952 | - | |
5953 | -#. type: Plain text | |
5954 | -#: original/man8/iptables-extensions.8:1189 | |
5955 | -msgid "" | |
5956 | -"This will permit packets arriving from the network with a source address " | |
5957 | -"that is also assigned to the local machine." | |
5958 | -msgstr "" | |
5959 | - | |
5960 | -#. type: TP | |
5961 | -#: original/man8/iptables-extensions.8:1189 | |
5962 | -#, fuzzy, no-wrap | |
5963 | -#| msgid "B<-I, --insert>" | |
5964 | -msgid "B<--invert>" | |
5965 | -msgstr "B<-I, --insert>" | |
5966 | - | |
5967 | -#. type: Plain text | |
5968 | -#: original/man8/iptables-extensions.8:1193 | |
5969 | -msgid "" | |
5970 | -"This will invert the sense of the match. Instead of matching packets that " | |
5971 | -"passed the reverse path filter test, match those that have failed it." | |
5972 | -msgstr "" | |
5973 | - | |
5974 | -#. type: Plain text | |
5975 | -#: original/man8/iptables-extensions.8:1195 | |
5976 | -msgid "Example to log and drop packets failing the reverse path filter test:" | |
5977 | -msgstr "" | |
5978 | - | |
5979 | -#. type: Plain text | |
5980 | -#: original/man8/iptables-extensions.8:1197 | |
5981 | -#, fuzzy | |
5982 | -#| msgid " iptables -t nat -n -L\n" | |
5983 | -msgid "iptables -t raw -N RPFILTER" | |
5984 | -msgstr " iptables -t nat -n -L\n" | |
5985 | - | |
5986 | -#. type: Plain text | |
5987 | -#: original/man8/iptables-extensions.8:1199 | |
5988 | -msgid "iptables -t raw -A RPFILTER -m rpfilter -j RETURN" | |
5989 | -msgstr "" | |
5990 | - | |
5991 | -#. type: Plain text | |
5992 | -#: original/man8/iptables-extensions.8:1201 | |
5993 | -msgid "" | |
5994 | -"iptables -t raw -A RPFILTER -m limit --limit 10/minute -j NFLOG --nflog-" | |
5995 | -"prefix \"rpfilter drop\"" | |
5996 | -msgstr "" | |
5997 | - | |
5998 | -#. type: Plain text | |
5999 | -#: original/man8/iptables-extensions.8:1203 | |
6000 | -msgid "iptables -t raw -A RPFILTER -j DROP" | |
6001 | -msgstr "" | |
6002 | - | |
6003 | -#. type: Plain text | |
6004 | -#: original/man8/iptables-extensions.8:1205 | |
6005 | -msgid "iptables -t raw -A PREROUTING -j RPFILTER" | |
6006 | -msgstr "" | |
6007 | - | |
6008 | -#. type: Plain text | |
6009 | -#: original/man8/iptables-extensions.8:1207 | |
6010 | -msgid "Example to drop failed packets, without logging:" | |
6011 | -msgstr "" | |
6012 | - | |
6013 | -#. type: Plain text | |
6014 | -#: original/man8/iptables-extensions.8:1209 | |
6015 | -msgid "iptables -t raw -A RPFILTER -m rpfilter --invert -j DROP" | |
6016 | -msgstr "" | |
6017 | - | |
6018 | -#. type: SS | |
6019 | -#: original/man8/iptables-extensions.8:1209 | |
6020 | -#, no-wrap | |
6021 | -msgid "rt (IPv6-specific)" | |
6022 | -msgstr "" | |
6023 | - | |
6024 | -#. type: Plain text | |
6025 | -#: original/man8/iptables-extensions.8:1211 | |
6026 | -msgid "Match on IPv6 routing header" | |
6027 | -msgstr "" | |
6028 | - | |
6029 | -#. type: TP | |
6030 | -#: original/man8/iptables-extensions.8:1211 | |
6031 | -#, fuzzy, no-wrap | |
6032 | -#| msgid "B<--icmp-type >[!] I<typename>" | |
6033 | -msgid "[B<!>] B<--rt-type> I<type>" | |
6034 | -msgstr "B<--icmp-type >[!] I<typename>" | |
6035 | - | |
6036 | -#. type: Plain text | |
6037 | -#: original/man8/iptables-extensions.8:1214 | |
6038 | -msgid "Match the type (numeric)." | |
6039 | -msgstr "" | |
6040 | - | |
6041 | -#. type: TP | |
6042 | -#: original/man8/iptables-extensions.8:1214 | |
6043 | -#, no-wrap | |
6044 | -msgid "[B<!>] B<--rt-segsleft> I<num>[B<:>I<num>]" | |
6045 | -msgstr "" | |
6046 | - | |
6047 | -#. type: Plain text | |
6048 | -#: original/man8/iptables-extensions.8:1217 | |
6049 | -msgid "Match the `segments left' field (range)." | |
6050 | -msgstr "" | |
6051 | - | |
6052 | -#. type: TP | |
6053 | -#: original/man8/iptables-extensions.8:1217 | |
6054 | -#, fuzzy, no-wrap | |
6055 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
6056 | -msgid "[B<!>] B<--rt-len> I<length>" | |
6057 | -msgstr "B<-t>, B<--table> B<tablename>" | |
6058 | - | |
6059 | -#. type: Plain text | |
6060 | -#: original/man8/iptables-extensions.8:1220 | |
6061 | -msgid "Match the length of this header." | |
6062 | -msgstr "" | |
6063 | - | |
6064 | -#. type: TP | |
6065 | -#: original/man8/iptables-extensions.8:1220 | |
6066 | -#, no-wrap | |
6067 | -msgid "B<--rt-0-res>" | |
6068 | -msgstr "" | |
6069 | - | |
6070 | -#. type: Plain text | |
6071 | -#: original/man8/iptables-extensions.8:1223 | |
6072 | -msgid "Match the reserved field, too (type=0)" | |
6073 | -msgstr "" | |
6074 | - | |
6075 | -#. type: TP | |
6076 | -#: original/man8/iptables-extensions.8:1223 | |
6077 | -#, no-wrap | |
6078 | -msgid "B<--rt-0-addrs> I<addr>[B<,>I<addr>...]" | |
6079 | -msgstr "" | |
6080 | - | |
6081 | -#. type: Plain text | |
6082 | -#: original/man8/iptables-extensions.8:1226 | |
6083 | -msgid "Match type=0 addresses (list)." | |
6084 | -msgstr "" | |
6085 | - | |
6086 | -#. type: TP | |
6087 | -#: original/man8/iptables-extensions.8:1226 | |
6088 | -#, no-wrap | |
6089 | -msgid "B<--rt-0-not-strict>" | |
6090 | -msgstr "" | |
6091 | - | |
6092 | -#. type: Plain text | |
6093 | -#: original/man8/iptables-extensions.8:1229 | |
6094 | -msgid "List of type=0 addresses is not a strict list." | |
6095 | -msgstr "" | |
6096 | - | |
6097 | -#. type: SS | |
6098 | -#: original/man8/iptables-extensions.8:1229 | |
6099 | -#, no-wrap | |
6100 | -msgid "sctp" | |
6101 | -msgstr "" | |
6102 | - | |
6103 | -#. type: TP | |
6104 | -#: original/man8/iptables-extensions.8:1234 | |
6105 | -#, no-wrap | |
6106 | -msgid "[B<!>] B<--chunk-types> {B<all>|B<any>|B<only>} I<chunktype>[B<:>I<flags>] [...]" | |
6107 | -msgstr "" | |
6108 | - | |
6109 | -#. type: Plain text | |
6110 | -#: original/man8/iptables-extensions.8:1238 | |
6111 | -msgid "" | |
6112 | -"The flag letter in upper case indicates that the flag is to match if set, in " | |
6113 | -"the lower case indicates to match if unset." | |
6114 | -msgstr "" | |
6115 | - | |
6116 | -#. type: Plain text | |
6117 | -#: original/man8/iptables-extensions.8:1240 | |
6118 | -msgid "" | |
6119 | -"Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN " | |
6120 | -"SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE " | |
6121 | -"ASCONF ASCONF_ACK FORWARD_TSN" | |
6122 | -msgstr "" | |
6123 | - | |
6124 | -#. type: Plain text | |
6125 | -#: original/man8/iptables-extensions.8:1242 | |
6126 | -msgid "chunk type available flags" | |
6127 | -msgstr "" | |
6128 | - | |
6129 | -#. type: Plain text | |
6130 | -#: original/man8/iptables-extensions.8:1244 | |
6131 | -msgid "DATA I U B E i u b e" | |
6132 | -msgstr "" | |
6133 | - | |
6134 | -#. type: Plain text | |
6135 | -#: original/man8/iptables-extensions.8:1246 | |
6136 | -msgid "ABORT T t" | |
6137 | -msgstr "" | |
6138 | - | |
6139 | -#. type: Plain text | |
6140 | -#: original/man8/iptables-extensions.8:1248 | |
6141 | -msgid "SHUTDOWN_COMPLETE T t" | |
6142 | -msgstr "" | |
6143 | - | |
6144 | -#. type: Plain text | |
6145 | -#: original/man8/iptables-extensions.8:1250 | |
6146 | -msgid "(lowercase means flag should be \"off\", uppercase means \"on\")" | |
6147 | -msgstr "" | |
6148 | - | |
6149 | -#. type: Plain text | |
6150 | -#: original/man8/iptables-extensions.8:1254 | |
6151 | -msgid "iptables -A INPUT -p sctp --dport 80 -j DROP" | |
6152 | -msgstr "" | |
6153 | - | |
6154 | -#. type: Plain text | |
6155 | -#: original/man8/iptables-extensions.8:1256 | |
6156 | -msgid "iptables -A INPUT -p sctp --chunk-types any DATA,INIT -j DROP" | |
6157 | -msgstr "" | |
6158 | - | |
6159 | -#. type: Plain text | |
6160 | -#: original/man8/iptables-extensions.8:1258 | |
6161 | -msgid "iptables -A INPUT -p sctp --chunk-types any DATA:Be -j ACCEPT" | |
6162 | -msgstr "" | |
6163 | - | |
6164 | -#. type: SS | |
6165 | -#: original/man8/iptables-extensions.8:1258 | |
6166 | -#, no-wrap | |
6167 | -msgid "set" | |
6168 | -msgstr "" | |
6169 | - | |
6170 | -#. type: Plain text | |
6171 | -#: original/man8/iptables-extensions.8:1260 | |
6172 | -#, fuzzy | |
6173 | -#| msgid "This module matches the SPIs in AH header of IPSec packets." | |
6174 | -msgid "This module matches IP sets which can be defined by ipset(8)." | |
6175 | -msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。" | |
6176 | - | |
6177 | -#. type: TP | |
6178 | -#: original/man8/iptables-extensions.8:1260 | |
6179 | -#, no-wrap | |
6180 | -msgid "[B<!>] B<--match-set> I<setname> I<flag>[B<,>I<flag>]..." | |
6181 | -msgstr "" | |
6182 | - | |
6183 | -#. type: Plain text | |
6184 | -#: original/man8/iptables-extensions.8:1267 | |
6185 | -msgid "" | |
6186 | -"where flags are the comma separated list of B<src> and/or B<dst> " | |
6187 | -"specifications and there can be no more than six of them. Hence the command" | |
6188 | -msgstr "" | |
6189 | - | |
6190 | -#. type: Plain text | |
6191 | -#: original/man8/iptables-extensions.8:1269 | |
6192 | -#, fuzzy, no-wrap | |
6193 | -#| msgid " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n" | |
6194 | -msgid " iptables -A FORWARD -m set --match-set test src,dst\n" | |
6195 | -msgstr " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n" | |
6196 | - | |
6197 | -#. type: Plain text | |
6198 | -#: original/man8/iptables-extensions.8:1275 | |
6199 | -msgid "" | |
6200 | -"will match packets, for which (if the set type is ipportmap) the source " | |
6201 | -"address and destination port pair can be found in the specified set. If the " | |
6202 | -"set type of the specified set is single dimension (for example ipmap), then " | |
6203 | -"the command will match packets for which the source address can be found in " | |
6204 | -"the specified set." | |
6205 | -msgstr "" | |
6206 | - | |
6207 | -#. type: TP | |
6208 | -#: original/man8/iptables-extensions.8:1275 | |
6209 | -#, no-wrap | |
6210 | -msgid "B<--return--nomatch>" | |
6211 | -msgstr "" | |
6212 | - | |
6213 | -#. type: Plain text | |
6214 | -#: original/man8/iptables-extensions.8:1281 | |
6215 | -msgid "" | |
6216 | -"If the B<--return--nomatch> option is specified and the set type supports " | |
6217 | -"the B<nomatch> flag, then the matching is reversed: a match with an element " | |
6218 | -"flagged with B<nomatch> returns B<true>, while a match with a plain element " | |
6219 | -"returns B<false>." | |
6220 | -msgstr "" | |
6221 | - | |
6222 | -#. type: Plain text | |
6223 | -#: original/man8/iptables-extensions.8:1284 | |
6224 | -msgid "" | |
6225 | -"The option B<--match-set> can be replaced by B<--set> if that does not clash " | |
6226 | -"with an option of other extensions." | |
6227 | -msgstr "" | |
6228 | - | |
6229 | -#. type: Plain text | |
6230 | -#: original/man8/iptables-extensions.8:1287 | |
6231 | -msgid "" | |
6232 | -"Use of -m set requires that ipset kernel support is provided, which, for " | |
6233 | -"standard kernels, is the case since Linux 2.6.39." | |
6234 | -msgstr "" | |
6235 | - | |
6236 | -#. type: SS | |
6237 | -#: original/man8/iptables-extensions.8:1287 | |
6238 | -#, no-wrap | |
6239 | -msgid "socket" | |
6240 | -msgstr "" | |
6241 | - | |
6242 | -#. type: Plain text | |
6243 | -#: original/man8/iptables-extensions.8:1290 | |
6244 | -msgid "" | |
6245 | -"This matches if an open socket can be found by doing a socket lookup on the " | |
6246 | -"packet." | |
6247 | -msgstr "" | |
6248 | - | |
6249 | -#. type: TP | |
6250 | -#: original/man8/iptables-extensions.8:1290 | |
6251 | -#, no-wrap | |
6252 | -msgid "B<--transparent>" | |
6253 | -msgstr "" | |
6254 | - | |
6255 | -#. type: Plain text | |
6256 | -#: original/man8/iptables-extensions.8:1293 | |
6257 | -msgid "Ignore non-transparent sockets." | |
6258 | -msgstr "" | |
6259 | - | |
6260 | -#. type: SS | |
6261 | -#: original/man8/iptables-extensions.8:1293 | |
6262 | -#, no-wrap | |
6263 | -msgid "state" | |
6264 | -msgstr "state" | |
6265 | - | |
6266 | -#. type: Plain text | |
6267 | -#: original/man8/iptables-extensions.8:1296 | |
6268 | -#, fuzzy | |
6269 | -#| msgid "" | |
6270 | -#| "This module, when combined with connection tracking, allows access to the " | |
6271 | -#| "connection tracking state for this packet." | |
6272 | -msgid "" | |
6273 | -"The \"state\" extension is a subset of the \"conntrack\" module. \"state\" " | |
6274 | -"allows access to the connection tracking state for this packet." | |
6275 | -msgstr "" | |
6276 | -"このモジュールは、接続追跡 (connection tracking) と組み合わせて用いると、 パ" | |
6277 | -"ケットについての接続追跡状態を知ることができる。" | |
6278 | - | |
6279 | -#. type: TP | |
6280 | -#: original/man8/iptables-extensions.8:1296 | |
6281 | -#, fuzzy, no-wrap | |
6282 | -#| msgid "B<--state >I<state>" | |
6283 | -msgid "[B<!>] B<--state> I<state>" | |
6284 | -msgstr "B<--state >I<state>" | |
6285 | - | |
6286 | -#. type: Plain text | |
6287 | -#: original/man8/iptables-extensions.8:1302 | |
6288 | -msgid "" | |
6289 | -"Where state is a comma separated list of the connection states to match. " | |
6290 | -"Only a subset of the states unterstood by \"conntrack\" are recognized: " | |
6291 | -"B<INVALID>, B<ESTABLISHED>, B<NEW>, B<RELATED> or B<UNTRACKED>. For their " | |
6292 | -"description, see the \"conntrack\" heading in this manpage." | |
6293 | -msgstr "" | |
6294 | - | |
6295 | -#. type: SS | |
6296 | -#: original/man8/iptables-extensions.8:1302 | |
6297 | -#, no-wrap | |
6298 | -msgid "statistic" | |
6299 | -msgstr "" | |
6300 | - | |
6301 | -#. type: Plain text | |
6302 | -#: original/man8/iptables-extensions.8:1307 | |
6303 | -msgid "" | |
6304 | -"This module matches packets based on some statistic condition. It supports " | |
6305 | -"two distinct modes settable with the B<--mode> option." | |
6306 | -msgstr "" | |
6307 | - | |
6308 | -#. type: Plain text | |
6309 | -#: original/man8/iptables-extensions.8:1309 | |
6310 | -msgid "Supported options:" | |
6311 | -msgstr "" | |
6312 | - | |
6313 | -#. type: TP | |
6314 | -#: original/man8/iptables-extensions.8:1309 | |
6315 | -#, fuzzy, no-wrap | |
6316 | -#| msgid "B<--cmd-owner >I<name>" | |
6317 | -msgid "B<--mode> I<mode>" | |
6318 | -msgstr "B<--cmd-owner >I<name>" | |
6319 | - | |
6320 | -#. type: Plain text | |
6321 | -#: original/man8/iptables-extensions.8:1315 | |
6322 | -msgid "" | |
6323 | -"Set the matching mode of the matching rule, supported modes are B<random> " | |
6324 | -"and B<nth.>" | |
6325 | -msgstr "" | |
6326 | - | |
6327 | -#. type: TP | |
6328 | -#: original/man8/iptables-extensions.8:1315 | |
6329 | -#, fuzzy, no-wrap | |
6330 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
6331 | -msgid "[B<!>] B<--probability> I<p>" | |
6332 | -msgstr "B<-t>, B<--table> B<tablename>" | |
6333 | - | |
6334 | -#. type: Plain text | |
6335 | -#: original/man8/iptables-extensions.8:1320 | |
6336 | -msgid "" | |
6337 | -"Set the probability for a packet to be randomly matched. It only works with " | |
6338 | -"the B<random> mode. I<p> must be within 0.0 and 1.0. The supported " | |
6339 | -"granularity is in 1/2147483648th increments." | |
6340 | -msgstr "" | |
6341 | - | |
6342 | -#. type: TP | |
6343 | -#: original/man8/iptables-extensions.8:1320 | |
6344 | -#, fuzzy, no-wrap | |
6345 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
6346 | -msgid "[B<!>] B<--every> I<n>" | |
6347 | -msgstr "B<-t>, B<--table> B<tablename>" | |
6348 | - | |
6349 | -#. type: Plain text | |
6350 | -#: original/man8/iptables-extensions.8:1327 | |
6351 | -msgid "" | |
6352 | -"Match one packet every nth packet. It works only with the B<nth> mode (see " | |
6353 | -"also the B<--packet> option)." | |
6354 | -msgstr "" | |
6355 | - | |
6356 | -#. type: TP | |
6357 | -#: original/man8/iptables-extensions.8:1327 | |
6358 | -#, no-wrap | |
6359 | -msgid "B<--packet> I<p>" | |
6360 | -msgstr "" | |
6361 | - | |
6362 | -#. type: Plain text | |
6363 | -#: original/man8/iptables-extensions.8:1332 | |
6364 | -msgid "" | |
6365 | -"Set the initial counter value (0 E<lt>= p E<lt>= n-1, default 0) for the " | |
6366 | -"B<nth> mode." | |
6367 | -msgstr "" | |
6368 | - | |
6369 | -#. type: SS | |
6370 | -#: original/man8/iptables-extensions.8:1332 | |
6371 | -#, no-wrap | |
6372 | -msgid "string" | |
6373 | -msgstr "" | |
6374 | - | |
6375 | -#. type: Plain text | |
6376 | -#: original/man8/iptables-extensions.8:1334 | |
6377 | -msgid "" | |
6378 | -"This modules matches a given string by using some pattern matching strategy. " | |
6379 | -"It requires a linux kernel E<gt>= 2.6.14." | |
6380 | -msgstr "" | |
6381 | - | |
6382 | -#. type: TP | |
6383 | -#: original/man8/iptables-extensions.8:1334 | |
6384 | -#, no-wrap | |
6385 | -msgid "B<--algo> {B<bm>|B<kmp>}" | |
6386 | -msgstr "" | |
6387 | - | |
6388 | -#. type: Plain text | |
6389 | -#: original/man8/iptables-extensions.8:1337 | |
6390 | -msgid "" | |
6391 | -"Select the pattern matching strategy. (bm = Boyer-Moore, kmp = Knuth-Pratt-" | |
6392 | -"Morris)" | |
6393 | -msgstr "" | |
6394 | - | |
6395 | -#. type: TP | |
6396 | -#: original/man8/iptables-extensions.8:1337 | |
6397 | -#, fuzzy, no-wrap | |
6398 | -#| msgid "B<--tos >I<tos>" | |
6399 | -msgid "B<--from> I<offset>" | |
6400 | -msgstr "B<--tos >I<tos>" | |
6401 | - | |
6402 | -#. type: Plain text | |
6403 | -#: original/man8/iptables-extensions.8:1340 | |
6404 | -msgid "" | |
6405 | -"Set the offset from which it starts looking for any matching. If not passed, " | |
6406 | -"default is 0." | |
6407 | -msgstr "" | |
6408 | - | |
6409 | -#. type: TP | |
6410 | -#: original/man8/iptables-extensions.8:1340 | |
6411 | -#, fuzzy, no-wrap | |
6412 | -#| msgid "B<--tos >I<tos>" | |
6413 | -msgid "B<--to> I<offset>" | |
6414 | -msgstr "B<--tos >I<tos>" | |
6415 | - | |
6416 | -#. type: Plain text | |
6417 | -#: original/man8/iptables-extensions.8:1345 | |
6418 | -msgid "" | |
6419 | -"Set the offset up to which should be scanned. That is, byte I<offset>-1 " | |
6420 | -"(counting from 0) is the last one that is scanned. If not passed, default " | |
6421 | -"is the packet size." | |
6422 | -msgstr "" | |
6423 | - | |
6424 | -#. type: TP | |
6425 | -#: original/man8/iptables-extensions.8:1345 | |
6426 | -#, no-wrap | |
6427 | -msgid "[B<!>] B<--string> I<pattern>" | |
6428 | -msgstr "" | |
6429 | - | |
6430 | -#. type: Plain text | |
6431 | -#: original/man8/iptables-extensions.8:1348 | |
6432 | -#, fuzzy | |
6433 | -#| msgid "Matches the given TTL value." | |
6434 | -msgid "Matches the given pattern." | |
6435 | -msgstr "指定された TTL 値にマッチする。" | |
6436 | - | |
6437 | -#. type: TP | |
6438 | -#: original/man8/iptables-extensions.8:1348 | |
6439 | -#, no-wrap | |
6440 | -msgid "[B<!>] B<--hex-string> I<pattern>" | |
6441 | -msgstr "" | |
6442 | - | |
6443 | -#. type: Plain text | |
6444 | -#: original/man8/iptables-extensions.8:1351 | |
6445 | -#, fuzzy | |
6446 | -#| msgid "Matches the given TTL value." | |
6447 | -msgid "Matches the given pattern in hex notation." | |
6448 | -msgstr "指定された TTL 値にマッチする。" | |
6449 | - | |
6450 | -#. type: SS | |
6451 | -#: original/man8/iptables-extensions.8:1351 | |
6452 | -#, no-wrap | |
6453 | -msgid "tcp" | |
6454 | -msgstr "tcp" | |
6455 | - | |
6456 | -#. type: Plain text | |
6457 | -#: original/man8/iptables-extensions.8:1354 | |
6458 | -#, fuzzy | |
6459 | -#| msgid "" | |
6460 | -#| "These extensions are loaded if `--protocol tcp' is specified. It provides " | |
6461 | -#| "the following options:" | |
6462 | -msgid "" | |
6463 | -"These extensions can be used if `--protocol tcp' is specified. It provides " | |
6464 | -"the following options:" | |
6465 | -msgstr "" | |
6466 | -"これらの拡張は `--protocol tcp' が指定され場合にロードされ、 以下のオプション" | |
6467 | -"が提供される:" | |
6468 | - | |
6469 | -#. type: Plain text | |
6470 | -#: original/man8/iptables-extensions.8:1365 | |
6471 | -#, fuzzy | |
6472 | -#| msgid "" | |
6473 | -#| "Source port or port range specification. This can either be a service " | |
6474 | -#| "name or a port number. An inclusive range can also be specified, using " | |
6475 | -#| "the format I<port>:I<port>. If the first port is omitted, \"0\" is " | |
6476 | -#| "assumed; if the last is omitted, \"65535\" is assumed. If the second " | |
6477 | -#| "port greater then the first they will be swapped. The flag B<--sport> is " | |
6478 | -#| "a convenient alias for this option." | |
6479 | -msgid "" | |
6480 | -"Source port or port range specification. This can either be a service name " | |
6481 | -"or a port number. An inclusive range can also be specified, using the format " | |
6482 | -"I<first>B<:>I<last>. If the first port is omitted, \"0\" is assumed; if the " | |
6483 | -"last is omitted, \"65535\" is assumed. If the first port is greater than " | |
6484 | -"the second one they will be swapped. The flag B<--sport> is a convenient " | |
6485 | -"alias for this option." | |
6486 | -msgstr "" | |
6487 | -"送信元ポートまたはポート範囲の指定。 サービス名またはポート番号を指定で\n" | |
6488 | -"きる。 I<port>:I<port> という形式で、2 つの番号を含む範囲を指定すること\n" | |
6489 | -"もできる。 最初のポートを省略した場合、\"0\" を仮定する。 最後のポートを\n" | |
6490 | -"省略した場合、\"65535\" を仮定する。 最初のポートが最後のポートより大きい\n" | |
6491 | -"場合、2 つは入れ換えられる。 フラグ B<--sport> は、このオプションの便利\n" | |
6492 | -"な別名である。" | |
6493 | - | |
6494 | -#. type: Plain text | |
6495 | -#: original/man8/iptables-extensions.8:1370 | |
6496 | -msgid "" | |
6497 | -"Destination port or port range specification. The flag B<--dport> is a " | |
6498 | -"convenient alias for this option." | |
6499 | -msgstr "" | |
6500 | -"送信先ポートまたはポート範囲の指定。 フラグ B<--dport> は、このオプションの便" | |
6501 | -"利な別名である。" | |
6502 | - | |
6503 | -#. type: TP | |
6504 | -#: original/man8/iptables-extensions.8:1370 | |
6505 | -#, fuzzy, no-wrap | |
6506 | -#| msgid "B<--tcp-flags >[!] I<mask> I<comp>" | |
6507 | -msgid "[B<!>] B<--tcp-flags> I<mask> I<comp>" | |
6508 | -msgstr "B<--tcp-flags >[!] I<mask> I<comp>" | |
6509 | - | |
6510 | -#. type: Plain text | |
6511 | -#: original/man8/iptables-extensions.8:1378 | |
6512 | -#, fuzzy | |
6513 | -#| msgid "" | |
6514 | -#| "Match when the TCP flags are as specified. The first argument is the " | |
6515 | -#| "flags which we should examine, written as a comma-separated list, and the " | |
6516 | -#| "second argument is a comma-separated list of flags which must be set. " | |
6517 | -#| "Flags are: B<SYN ACK FIN RST URG PSH ALL NONE>. Hence the command" | |
6518 | -msgid "" | |
6519 | -"Match when the TCP flags are as specified. The first argument I<mask> is " | |
6520 | -"the flags which we should examine, written as a comma-separated list, and " | |
6521 | -"the second argument I<comp> is a comma-separated list of flags which must be " | |
6522 | -"set. Flags are: B<SYN ACK FIN RST URG PSH ALL NONE>. Hence the command" | |
6523 | -msgstr "" | |
6524 | -"TCP フラグが指定されたものと等しい場合にマッチする。 第 1 引き数は評価\n" | |
6525 | -"対象とするフラグで、コンマ区切りのリストである。 第 2 引き数は必ず設定\n" | |
6526 | -"しなければならないフラグで、コンマ区切りのリストである。 指定できるフラ\n" | |
6527 | -"グは B<SYN ACK FIN RST URG PSH ALL NONE> である。 よって、コマンド" | |
6528 | - | |
6529 | -#. type: Plain text | |
6530 | -#: original/man8/iptables-extensions.8:1380 | |
6531 | -#, no-wrap | |
6532 | -msgid " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n" | |
6533 | -msgstr " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n" | |
6534 | - | |
6535 | -#. type: Plain text | |
6536 | -#: original/man8/iptables-extensions.8:1383 | |
6537 | -msgid "" | |
6538 | -"will only match packets with the SYN flag set, and the ACK, FIN and RST " | |
6539 | -"flags unset." | |
6540 | -msgstr "" | |
6541 | -"は、SYN フラグが設定され ACK, FIN, RST フラグが設定されていない パケットにの" | |
6542 | -"みマッチする。" | |
6543 | - | |
6544 | -#. type: TP | |
6545 | -#: original/man8/iptables-extensions.8:1383 | |
6546 | -#, fuzzy, no-wrap | |
6547 | -#| msgid "B<[!] --syn>" | |
6548 | -msgid "[B<!>] B<--syn>" | |
6549 | -msgstr "B<[!] --syn>" | |
6550 | - | |
6551 | -#. type: Plain text | |
6552 | -#: original/man8/iptables-extensions.8:1393 | |
6553 | -#, fuzzy | |
6554 | -#| msgid "" | |
6555 | -#| "Only match TCP packets with the SYN bit set and the ACK and RST bits " | |
6556 | -#| "cleared. Such packets are used to request TCP connection initiation; for " | |
6557 | -#| "example, blocking such packets coming in an interface will prevent " | |
6558 | -#| "incoming TCP connections, but outgoing TCP connections will be " | |
6559 | -#| "unaffected. It is equivalent to B<--tcp-flags SYN,RST,ACK SYN>. If the " | |
6560 | -#| "\"!\" flag precedes the \"--syn\", the sense of the option is inverted." | |
6561 | -msgid "" | |
6562 | -"Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits " | |
6563 | -"cleared. Such packets are used to request TCP connection initiation; for " | |
6564 | -"example, blocking such packets coming in an interface will prevent incoming " | |
6565 | -"TCP connections, but outgoing TCP connections will be unaffected. It is " | |
6566 | -"equivalent to B<--tcp-flags SYN,RST,ACK,FIN SYN>. If the \"!\" flag " | |
6567 | -"precedes the \"--syn\", the sense of the option is inverted." | |
6568 | -msgstr "" | |
6569 | -"SYN ビットが設定され ACK と RST ビットがクリアされている TCP パケットに\n" | |
6570 | -"のみマッチする。このようなパケットは TCP 接続の開始要求に使われる。例え\n" | |
6571 | -"ば、あるインターフェースに入ってくるこのようなパケットをブロックすれば、\n" | |
6572 | -"内側への TCP 接続は禁止されるが、外側への TCP 接続には影響しない。 これ\n" | |
6573 | -"は B<--tcp-flags SYN,RST,ACK SYN> と等しい。 \"--syn\" の前に \"!\" フラグ\n" | |
6574 | -"を置くと、 SYN ビットがクリアされ ACK と RST ビットが設定されている\n" | |
6575 | -"TCP パケットにのみマッチする。" | |
6576 | - | |
6577 | -#. type: TP | |
6578 | -#: original/man8/iptables-extensions.8:1393 | |
6579 | -#, fuzzy, no-wrap | |
6580 | -#| msgid "B<--tcp-option >[!] I<number>" | |
6581 | -msgid "[B<!>] B<--tcp-option> I<number>" | |
6582 | -msgstr "B<--tcp-option >[!] I<number>" | |
6583 | - | |
6584 | -#. type: Plain text | |
6585 | -#: original/man8/iptables-extensions.8:1396 | |
6586 | -msgid "Match if TCP option set." | |
6587 | -msgstr "TCP オプションが設定されている場合にマッチする。" | |
6588 | - | |
6589 | -#. type: SS | |
6590 | -#: original/man8/iptables-extensions.8:1396 | |
6591 | -#, no-wrap | |
6592 | -msgid "tcpmss" | |
6593 | -msgstr "" | |
6594 | - | |
6595 | -#. type: Plain text | |
6596 | -#: original/man8/iptables-extensions.8:1398 | |
6597 | -msgid "" | |
6598 | -"This matches the TCP MSS (maximum segment size) field of the TCP header. " | |
6599 | -"You can only use this on TCP SYN or SYN/ACK packets, since the MSS is only " | |
6600 | -"negotiated during the TCP handshake at connection startup time." | |
6601 | -msgstr "" | |
6602 | - | |
6603 | -#. type: TP | |
6604 | -#: original/man8/iptables-extensions.8:1398 | |
6605 | -#, fuzzy, no-wrap | |
6606 | -#| msgid "B<--mss >I<value>[:I<value>]" | |
6607 | -msgid "[B<!>] B<--mss> I<value>[B<:>I<value>]" | |
6608 | -msgstr "B<--mss >I<value>[:I<value>]" | |
6609 | - | |
6610 | -#. type: Plain text | |
6611 | -#: original/man8/iptables-extensions.8:1401 | |
6612 | -#, fuzzy | |
6613 | -#| msgid "Matches the given TTL value." | |
6614 | -msgid "Match a given TCP MSS value or range." | |
6615 | -msgstr "指定された TTL 値にマッチする。" | |
6616 | - | |
6617 | -#. type: SS | |
6618 | -#: original/man8/iptables-extensions.8:1401 | |
6619 | -#, no-wrap | |
6620 | -msgid "time" | |
6621 | -msgstr "" | |
6622 | - | |
6623 | -#. type: Plain text | |
6624 | -#: original/man8/iptables-extensions.8:1405 | |
6625 | -msgid "" | |
6626 | -"This matches if the packet arrival time/date is within a given range. All " | |
6627 | -"options are optional, but are ANDed when specified. All times are " | |
6628 | -"interpreted as UTC by default." | |
6629 | -msgstr "" | |
6630 | - | |
6631 | -#. type: TP | |
6632 | -#: original/man8/iptables-extensions.8:1405 | |
6633 | -#, no-wrap | |
6634 | -msgid "B<--datestart> I<YYYY>[B<->I<MM>[B<->I<DD>[B<T>I<hh>[B<:>I<mm>[B<:>I<ss>]]]]]" | |
6635 | -msgstr "" | |
6636 | - | |
6637 | -#. type: TP | |
6638 | -#: original/man8/iptables-extensions.8:1407 | |
6639 | -#, no-wrap | |
6640 | -msgid "B<--datestop> I<YYYY>[B<->I<MM>[B<->I<DD>[B<T>I<hh>[B<:>I<mm>[B<:>I<ss>]]]]]" | |
6641 | -msgstr "" | |
6642 | - | |
6643 | -#. type: Plain text | |
6644 | -#: original/man8/iptables-extensions.8:1411 | |
6645 | -msgid "" | |
6646 | -"Only match during the given time, which must be in ISO 8601 \"T\" notation. " | |
6647 | -"The possible time range is 1970-01-01T00:00:00 to 2038-01-19T04:17:07." | |
6648 | -msgstr "" | |
6649 | - | |
6650 | -#. type: Plain text | |
6651 | -#: original/man8/iptables-extensions.8:1414 | |
6652 | -msgid "" | |
6653 | -"If --datestart or --datestop are not specified, it will default to " | |
6654 | -"1970-01-01 and 2038-01-19, respectively." | |
6655 | -msgstr "" | |
6656 | - | |
6657 | -#. type: TP | |
6658 | -#: original/man8/iptables-extensions.8:1414 | |
6659 | -#, no-wrap | |
6660 | -msgid "B<--timestart> I<hh>B<:>I<mm>[B<:>I<ss>]" | |
6661 | -msgstr "" | |
6662 | - | |
6663 | -#. type: TP | |
6664 | -#: original/man8/iptables-extensions.8:1416 | |
6665 | -#, no-wrap | |
6666 | -msgid "B<--timestop> I<hh>B<:>I<mm>[B<:>I<ss>]" | |
6667 | -msgstr "" | |
6668 | - | |
6669 | -#. type: Plain text | |
6670 | -#: original/man8/iptables-extensions.8:1421 | |
6671 | -msgid "" | |
6672 | -"Only match during the given daytime. The possible time range is 00:00:00 to " | |
6673 | -"23:59:59. Leading zeroes are allowed (e.g. \"06:03\") and correctly " | |
6674 | -"interpreted as base-10." | |
6675 | -msgstr "" | |
6676 | - | |
6677 | -#. type: TP | |
6678 | -#: original/man8/iptables-extensions.8:1421 | |
6679 | -#, no-wrap | |
6680 | -msgid "[B<!>] B<--monthdays> I<day>[B<,>I<day>...]" | |
6681 | -msgstr "" | |
6682 | - | |
6683 | -#. type: Plain text | |
6684 | -#: original/man8/iptables-extensions.8:1427 | |
6685 | -msgid "" | |
6686 | -"Only match on the given days of the month. Possible values are B<1> to " | |
6687 | -"B<31>. Note that specifying B<31> will of course not match on months which " | |
6688 | -"do not have a 31st day; the same goes for 28- or 29-day February." | |
6689 | -msgstr "" | |
6690 | - | |
6691 | -#. type: TP | |
6692 | -#: original/man8/iptables-extensions.8:1427 | |
6693 | -#, no-wrap | |
6694 | -msgid "[B<!>] B<--weekdays> I<day>[B<,>I<day>...]" | |
6695 | -msgstr "" | |
6696 | - | |
6697 | -#. type: Plain text | |
6698 | -#: original/man8/iptables-extensions.8:1433 | |
6699 | -msgid "" | |
6700 | -"Only match on the given weekdays. Possible values are B<Mon>, B<Tue>, " | |
6701 | -"B<Wed>, B<Thu>, B<Fri>, B<Sat>, B<Sun>, or values from B<1> to B<7>, " | |
6702 | -"respectively. You may also use two-character variants (B<Mo>, B<Tu>, etc.)." | |
6703 | -msgstr "" | |
6704 | - | |
6705 | -#. type: TP | |
6706 | -#: original/man8/iptables-extensions.8:1433 | |
6707 | -#, fuzzy, no-wrap | |
6708 | -#| msgid "B<--tos >I<tos>" | |
6709 | -msgid "B<--contiguous>" | |
6710 | -msgstr "B<--tos >I<tos>" | |
6711 | - | |
6712 | -#. type: Plain text | |
6713 | -#: original/man8/iptables-extensions.8:1437 | |
6714 | -msgid "" | |
6715 | -"When B<--timestop> is smaller than B<--timestart> value, match this as a " | |
6716 | -"single time period instead distinct intervals. See EXAMPLES." | |
6717 | -msgstr "" | |
6718 | - | |
6719 | -#. type: TP | |
6720 | -#: original/man8/iptables-extensions.8:1437 | |
6721 | -#, no-wrap | |
6722 | -msgid "B<--kerneltz>" | |
6723 | -msgstr "" | |
6724 | - | |
6725 | -#. type: Plain text | |
6726 | -#: original/man8/iptables-extensions.8:1441 | |
6727 | -msgid "" | |
6728 | -"Use the kernel timezone instead of UTC to determine whether a packet meets " | |
6729 | -"the time regulations." | |
6730 | -msgstr "" | |
6731 | - | |
6732 | -#. type: Plain text | |
6733 | -#: original/man8/iptables-extensions.8:1447 | |
6734 | -msgid "" | |
6735 | -"About kernel timezones: Linux keeps the system time in UTC, and always does " | |
6736 | -"so. On boot, system time is initialized from a referential time source. " | |
6737 | -"Where this time source has no timezone information, such as the x86 CMOS " | |
6738 | -"RTC, UTC will be assumed. If the time source is however not in UTC, " | |
6739 | -"userspace should provide the correct system time and timezone to the kernel " | |
6740 | -"once it has the information." | |
6741 | -msgstr "" | |
6742 | - | |
6743 | -#. type: Plain text | |
6744 | -#: original/man8/iptables-extensions.8:1458 | |
6745 | -msgid "" | |
6746 | -"Local time is a feature on top of the (timezone independent) system time. " | |
6747 | -"Each process has its own idea of local time, specified via the TZ " | |
6748 | -"environment variable. The kernel also has its own timezone offset variable. " | |
6749 | -"The TZ userspace environment variable specifies how the UTC-based system " | |
6750 | -"time is displayed, e.g. when you run date(1), or what you see on your " | |
6751 | -"desktop clock. The TZ string may resolve to different offsets at different " | |
6752 | -"dates, which is what enables the automatic time-jumping in userspace. when " | |
6753 | -"DST changes. The kernel's timezone offset variable is used when it has to " | |
6754 | -"convert between non-UTC sources, such as FAT filesystems, to UTC (since the " | |
6755 | -"latter is what the rest of the system uses)." | |
6756 | -msgstr "" | |
6757 | - | |
6758 | -#. type: Plain text | |
6759 | -#: original/man8/iptables-extensions.8:1467 | |
6760 | -msgid "" | |
6761 | -"The caveat with the kernel timezone is that Linux distributions may ignore " | |
6762 | -"to set the kernel timezone, and instead only set the system time. Even if a " | |
6763 | -"particular distribution does set the timezone at boot, it is usually does " | |
6764 | -"not keep the kernel timezone offset - which is what changes on DST - up to " | |
6765 | -"date. ntpd will not touch the kernel timezone, so running it will not " | |
6766 | -"resolve the issue. As such, one may encounter a timezone that is always " | |
6767 | -"+0000, or one that is wrong half of the time of the year. As such, B<using --" | |
6768 | -"kerneltz is highly discouraged.>" | |
6769 | -msgstr "" | |
6770 | - | |
6771 | -#. type: Plain text | |
6772 | -#: original/man8/iptables-extensions.8:1469 | |
6773 | -msgid "EXAMPLES. To match on weekends, use:" | |
6774 | -msgstr "" | |
6775 | - | |
6776 | -#. type: Plain text | |
6777 | -#: original/man8/iptables-extensions.8:1471 | |
6778 | -msgid "-m time --weekdays Sa,Su" | |
6779 | -msgstr "" | |
6780 | - | |
6781 | -#. type: Plain text | |
6782 | -#: original/man8/iptables-extensions.8:1473 | |
6783 | -msgid "Or, to match (once) on a national holiday block:" | |
6784 | -msgstr "" | |
6785 | - | |
6786 | -#. type: Plain text | |
6787 | -#: original/man8/iptables-extensions.8:1475 | |
6788 | -msgid "-m time --datestart 2007-12-24 --datestop 2007-12-27" | |
6789 | -msgstr "" | |
6790 | - | |
6791 | -#. type: Plain text | |
6792 | -#: original/man8/iptables-extensions.8:1478 | |
6793 | -msgid "" | |
6794 | -"Since the stop time is actually inclusive, you would need the following stop " | |
6795 | -"time to not match the first second of the new day:" | |
6796 | -msgstr "" | |
6797 | - | |
6798 | -#. type: Plain text | |
6799 | -#: original/man8/iptables-extensions.8:1480 | |
6800 | -msgid "-m time --datestart 2007-01-01T17:00 --datestop 2007-01-01T23:59:59" | |
6801 | -msgstr "" | |
6802 | - | |
6803 | -#. type: Plain text | |
6804 | -#: original/man8/iptables-extensions.8:1482 | |
6805 | -msgid "During lunch hour:" | |
6806 | -msgstr "" | |
6807 | - | |
6808 | -#. type: Plain text | |
6809 | -#: original/man8/iptables-extensions.8:1484 | |
6810 | -msgid "-m time --timestart 12:30 --timestop 13:30" | |
6811 | -msgstr "" | |
6812 | - | |
6813 | -#. type: Plain text | |
6814 | -#: original/man8/iptables-extensions.8:1486 | |
6815 | -msgid "The fourth Friday in the month:" | |
6816 | -msgstr "" | |
6817 | - | |
6818 | -#. type: Plain text | |
6819 | -#: original/man8/iptables-extensions.8:1488 | |
6820 | -msgid "-m time --weekdays Fr --monthdays 22,23,24,25,26,27,28" | |
6821 | -msgstr "" | |
6822 | - | |
6823 | -#. type: Plain text | |
6824 | -#: original/man8/iptables-extensions.8:1492 | |
6825 | -msgid "" | |
6826 | -"(Note that this exploits a certain mathematical property. It is not possible " | |
6827 | -"to say \"fourth Thursday OR fourth Friday\" in one rule. It is possible with " | |
6828 | -"multiple rules, though.)" | |
6829 | -msgstr "" | |
6830 | - | |
6831 | -#. type: Plain text | |
6832 | -#: original/man8/iptables-extensions.8:1494 | |
6833 | -msgid "Matching across days might not do what is expected. For instance," | |
6834 | -msgstr "" | |
6835 | - | |
6836 | -#. type: Plain text | |
6837 | -#: original/man8/iptables-extensions.8:1500 | |
6838 | -msgid "" | |
6839 | -"-m time --weekdays Mo --timestart 23:00 --timestop 01:00 Will match Monday, " | |
6840 | -"for one hour from midnight to 1 a.m., and then again for another hour from " | |
6841 | -"23:00 onwards. If this is unwanted, e.g. if you would like 'match for two " | |
6842 | -"hours from Montay 23:00 onwards' you need to also specify the --contiguous " | |
6843 | -"option in the example above." | |
6844 | -msgstr "" | |
6845 | - | |
6846 | -#. type: SS | |
6847 | -#: original/man8/iptables-extensions.8:1500 | |
6848 | -#, no-wrap | |
6849 | -msgid "tos" | |
6850 | -msgstr "tos" | |
6851 | - | |
6852 | -#. type: Plain text | |
6853 | -#: original/man8/iptables-extensions.8:1504 | |
6854 | -#, fuzzy | |
6855 | -#| msgid "" | |
6856 | -#| "This module matches the 8 bits of Type of Service field in the IP header " | |
6857 | -#| "(ie. including the precedence bits)." | |
6858 | -msgid "" | |
6859 | -"This module matches the 8-bit Type of Service field in the IPv4 header (i." | |
6860 | -"e. including the \"Precedence\" bits) or the (also 8-bit) Priority field in " | |
6861 | -"the IPv6 header." | |
6862 | -msgstr "" | |
6863 | -"このモジュールは IP ヘッダーの 8 ビットの (つまり上位ビットを含む) Type of " | |
6864 | -"Service フィールドにマッチする。" | |
6865 | - | |
6866 | -#. type: TP | |
6867 | -#: original/man8/iptables-extensions.8:1504 | |
6868 | -#, fuzzy, no-wrap | |
6869 | -#| msgid "B<--mark >I<value>[/I<mask>]" | |
6870 | -msgid "[B<!>] B<--tos> I<value>[B</>I<mask>]" | |
6871 | -msgstr "B<--mark >I<value>[/I<mask>]" | |
6872 | - | |
6873 | -#. type: Plain text | |
6874 | -#: original/man8/iptables-extensions.8:1508 | |
6875 | -#, fuzzy | |
6876 | -#| msgid "" | |
6877 | -#| "Matches packets with the given unsigned mark value (if a mask is " | |
6878 | -#| "specified, this is logically ANDed with the mask before the comparison)." | |
6879 | -msgid "" | |
6880 | -"Matches packets with the given TOS mark value. If a mask is specified, it is " | |
6881 | -"logically ANDed with the TOS mark before the comparison." | |
6882 | -msgstr "" | |
6883 | -"指定された符号なし mark 値のパケットにマッチする (mask が指定されると、比較の" | |
6884 | -"前に mask との論理積 (AND) がとられる)。" | |
6885 | - | |
6886 | -#. type: TP | |
6887 | -#: original/man8/iptables-extensions.8:1508 | |
6888 | -#, fuzzy, no-wrap | |
6889 | -#| msgid "B<--tos >I<tos>" | |
6890 | -msgid "[B<!>] B<--tos> I<symbol>" | |
6891 | -msgstr "B<--tos >I<tos>" | |
6892 | - | |
6893 | -#. type: Plain text | |
6894 | -#: original/man8/iptables-extensions.8:1513 | |
6895 | -msgid "" | |
6896 | -"You can specify a symbolic name when using the tos match for IPv4. The list " | |
6897 | -"of recognized TOS names can be obtained by calling iptables with B<-m tos -" | |
6898 | -"h>. Note that this implies a mask of 0x3F, i.e. all but the ECN bits." | |
6899 | -msgstr "" | |
6900 | - | |
6901 | -#. type: SS | |
6902 | -#: original/man8/iptables-extensions.8:1513 | |
6903 | -#, no-wrap | |
6904 | -msgid "ttl (IPv4-specific)" | |
6905 | -msgstr "" | |
6906 | - | |
6907 | -#. type: Plain text | |
6908 | -#: original/man8/iptables-extensions.8:1515 | |
6909 | -msgid "This module matches the time to live field in the IP header." | |
6910 | -msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。" | |
6911 | - | |
6912 | -#. type: TP | |
6913 | -#: original/man8/iptables-extensions.8:1515 | |
6914 | -#, fuzzy, no-wrap | |
6915 | -#| msgid "B<--ttl >I<ttl>" | |
6916 | -msgid "[B<!>] B<--ttl-eq> I<ttl>" | |
6917 | -msgstr "B<--ttl >I<ttl>" | |
6918 | - | |
6919 | -#. type: Plain text | |
6920 | -#: original/man8/iptables-extensions.8:1518 | |
6921 | -msgid "Matches the given TTL value." | |
6922 | -msgstr "指定された TTL 値にマッチする。" | |
6923 | - | |
6924 | -#. type: TP | |
6925 | -#: original/man8/iptables-extensions.8:1518 | |
6926 | -#, fuzzy, no-wrap | |
6927 | -#| msgid "B<--ttl >I<ttl>" | |
6928 | -msgid "B<--ttl-gt> I<ttl>" | |
6929 | -msgstr "B<--ttl >I<ttl>" | |
6930 | - | |
6931 | -#. type: Plain text | |
6932 | -#: original/man8/iptables-extensions.8:1521 | |
6933 | -#, fuzzy | |
6934 | -#| msgid "Matches the given TTL value." | |
6935 | -msgid "Matches if TTL is greater than the given TTL value." | |
6936 | -msgstr "指定された TTL 値にマッチする。" | |
6937 | - | |
6938 | -#. type: TP | |
6939 | -#: original/man8/iptables-extensions.8:1521 | |
6940 | -#, fuzzy, no-wrap | |
6941 | -#| msgid "B<--ttl >I<ttl>" | |
6942 | -msgid "B<--ttl-lt> I<ttl>" | |
6943 | -msgstr "B<--ttl >I<ttl>" | |
6944 | - | |
6945 | -#. type: Plain text | |
6946 | -#: original/man8/iptables-extensions.8:1524 | |
6947 | -#, fuzzy | |
6948 | -#| msgid "Matches the given TTL value." | |
6949 | -msgid "Matches if TTL is less than the given TTL value." | |
6950 | -msgstr "指定された TTL 値にマッチする。" | |
6951 | - | |
6952 | -#. type: SS | |
6953 | -#: original/man8/iptables-extensions.8:1524 | |
6954 | -#, no-wrap | |
6955 | -msgid "u32" | |
6956 | -msgstr "" | |
6957 | - | |
6958 | -#. type: Plain text | |
6959 | -#: original/man8/iptables-extensions.8:1528 | |
6960 | -msgid "" | |
6961 | -"U32 tests whether quantities of up to 4 bytes extracted from a packet have " | |
6962 | -"specified values. The specification of what to extract is general enough to " | |
6963 | -"find data at given offsets from tcp headers or payloads." | |
6964 | -msgstr "" | |
6965 | - | |
6966 | -#. type: TP | |
6967 | -#: original/man8/iptables-extensions.8:1528 | |
6968 | -#, no-wrap | |
6969 | -msgid "[B<!>] B<--u32> I<tests>" | |
6970 | -msgstr "" | |
6971 | - | |
6972 | -#. type: Plain text | |
6973 | -#: original/man8/iptables-extensions.8:1531 | |
6974 | -msgid "The argument amounts to a program in a small language described below." | |
6975 | -msgstr "" | |
6976 | - | |
6977 | -#. type: Plain text | |
6978 | -#: original/man8/iptables-extensions.8:1533 | |
6979 | -msgid "tests := location \"=\" value | tests \"&&\" location \"=\" value" | |
6980 | -msgstr "" | |
6981 | - | |
6982 | -#. type: Plain text | |
6983 | -#: original/man8/iptables-extensions.8:1535 | |
6984 | -msgid "value := range | value \",\" range" | |
6985 | -msgstr "" | |
6986 | - | |
6987 | -#. type: Plain text | |
6988 | -#: original/man8/iptables-extensions.8:1537 | |
6989 | -msgid "range := number | number \":\" number" | |
6990 | -msgstr "" | |
6991 | - | |
6992 | -#. type: Plain text | |
6993 | -#: original/man8/iptables-extensions.8:1540 | |
6994 | -msgid "" | |
6995 | -"a single number, I<n>, is interpreted the same as I<n:n>. I<n:m> is " | |
6996 | -"interpreted as the range of numbers B<E<gt>=n> and B<E<lt>=m>." | |
6997 | -msgstr "" | |
6998 | - | |
6999 | -#. type: Plain text | |
7000 | -#: original/man8/iptables-extensions.8:1542 | |
7001 | -msgid "location := number | location operator number" | |
7002 | -msgstr "" | |
7003 | - | |
7004 | -#. type: Plain text | |
7005 | -#: original/man8/iptables-extensions.8:1544 | |
7006 | -msgid "operator := \"&\" | \"E<lt>E<lt>\" | \"E<gt>E<gt>\" | \"@\"" | |
7007 | -msgstr "" | |
7008 | - | |
7009 | -#. type: Plain text | |
7010 | -#: original/man8/iptables-extensions.8:1549 | |
7011 | -msgid "" | |
7012 | -"The operators B<&>, B<E<lt>E<lt>>, B<E<gt>E<gt>> and B<&&> mean the same as " | |
7013 | -"in C. The B<=> is really a set membership operator and the value syntax " | |
7014 | -"describes a set. The B<@> operator is what allows moving to the next header " | |
7015 | -"and is described further below." | |
7016 | -msgstr "" | |
7017 | - | |
7018 | -#. type: Plain text | |
7019 | -#: original/man8/iptables-extensions.8:1552 | |
7020 | -msgid "" | |
7021 | -"There are currently some artificial implementation limits on the size of the " | |
7022 | -"tests:" | |
7023 | -msgstr "" | |
7024 | - | |
7025 | -#. type: IP | |
7026 | -#: original/man8/iptables-extensions.8:1552 | |
7027 | -#: original/man8/iptables-extensions.8:1554 | |
7028 | -#: original/man8/iptables-extensions.8:1556 | |
7029 | -#, no-wrap | |
7030 | -msgid " *" | |
7031 | -msgstr "" | |
7032 | - | |
7033 | -#. type: Plain text | |
7034 | -#: original/man8/iptables-extensions.8:1554 | |
7035 | -msgid "no more than 10 of \"B<=>\" (and 9 \"B<&&>\"s) in the u32 argument" | |
7036 | -msgstr "" | |
7037 | - | |
7038 | -#. type: Plain text | |
7039 | -#: original/man8/iptables-extensions.8:1556 | |
7040 | -msgid "no more than 10 ranges (and 9 commas) per value" | |
7041 | -msgstr "" | |
7042 | - | |
7043 | -#. type: Plain text | |
7044 | -#: original/man8/iptables-extensions.8:1558 | |
7045 | -msgid "no more than 10 numbers (and 9 operators) per location" | |
7046 | -msgstr "" | |
7047 | - | |
7048 | -#. type: Plain text | |
7049 | -#: original/man8/iptables-extensions.8:1561 | |
7050 | -msgid "" | |
7051 | -"To describe the meaning of location, imagine the following machine that " | |
7052 | -"interprets it. There are three registers:" | |
7053 | -msgstr "" | |
7054 | - | |
7055 | -#. type: Plain text | |
7056 | -#: original/man8/iptables-extensions.8:1563 | |
7057 | -msgid "A is of type B<char *>, initially the address of the IP header" | |
7058 | -msgstr "" | |
7059 | - | |
7060 | -#. type: Plain text | |
7061 | -#: original/man8/iptables-extensions.8:1565 | |
7062 | -msgid "B and C are unsigned 32 bit integers, initially zero" | |
7063 | -msgstr "" | |
7064 | - | |
7065 | -#. type: Plain text | |
7066 | -#: original/man8/iptables-extensions.8:1567 | |
7067 | -msgid "The instructions are:" | |
7068 | -msgstr "" | |
7069 | - | |
7070 | -#. type: Plain text | |
7071 | -#: original/man8/iptables-extensions.8:1569 | |
7072 | -msgid "number B = number;" | |
7073 | -msgstr "" | |
7074 | - | |
7075 | -#. type: Plain text | |
7076 | -#: original/man8/iptables-extensions.8:1571 | |
7077 | -msgid "" | |
7078 | -"C = (*(A+B)E<lt>E<lt>24) + (*(A+B+1)E<lt>E<lt>16) + (*(A+B+2)E<lt>E<lt>8) + *" | |
7079 | -"(A+B+3)" | |
7080 | -msgstr "" | |
7081 | - | |
7082 | -#. type: Plain text | |
7083 | -#: original/man8/iptables-extensions.8:1573 | |
7084 | -msgid "&number C = C & number" | |
7085 | -msgstr "" | |
7086 | - | |
7087 | -#. type: Plain text | |
7088 | -#: original/man8/iptables-extensions.8:1575 | |
7089 | -msgid "E<lt>E<lt> number C = C E<lt>E<lt> number" | |
7090 | -msgstr "" | |
7091 | - | |
7092 | -#. type: Plain text | |
7093 | -#: original/man8/iptables-extensions.8:1577 | |
7094 | -msgid "E<gt>E<gt> number C = C E<gt>E<gt> number" | |
7095 | -msgstr "" | |
7096 | - | |
7097 | -#. type: Plain text | |
7098 | -#: original/man8/iptables-extensions.8:1579 | |
7099 | -msgid "@number A = A + C; then do the instruction number" | |
7100 | -msgstr "" | |
7101 | - | |
7102 | -#. type: Plain text | |
7103 | -#: original/man8/iptables-extensions.8:1582 | |
7104 | -msgid "" | |
7105 | -"Any access of memory outside [skb-E<gt>data,skb-E<gt>end] causes the match " | |
7106 | -"to fail. Otherwise the result of the computation is the final value of C." | |
7107 | -msgstr "" | |
7108 | - | |
7109 | -#. type: Plain text | |
7110 | -#: original/man8/iptables-extensions.8:1586 | |
7111 | -msgid "" | |
7112 | -"Whitespace is allowed but not required in the tests. However, the characters " | |
7113 | -"that do occur there are likely to require shell quoting, so it is a good " | |
7114 | -"idea to enclose the arguments in quotes." | |
7115 | -msgstr "" | |
7116 | - | |
7117 | -#. type: Plain text | |
7118 | -#: original/man8/iptables-extensions.8:1590 | |
7119 | -msgid "match IP packets with total length E<gt>= 256" | |
7120 | -msgstr "" | |
7121 | - | |
7122 | -#. type: Plain text | |
7123 | -#: original/man8/iptables-extensions.8:1592 | |
7124 | -msgid "The IP header contains a total length field in bytes 2-3." | |
7125 | -msgstr "" | |
7126 | - | |
7127 | -#. type: Plain text | |
7128 | -#: original/man8/iptables-extensions.8:1594 | |
7129 | -msgid "--u32 \"B<0 & 0xFFFF = 0x100:0xFFFF>\"" | |
7130 | -msgstr "" | |
7131 | - | |
7132 | -#. type: Plain text | |
7133 | -#: original/man8/iptables-extensions.8:1596 | |
7134 | -msgid "read bytes 0-3" | |
7135 | -msgstr "" | |
7136 | - | |
7137 | -#. type: Plain text | |
7138 | -#: original/man8/iptables-extensions.8:1599 | |
7139 | -msgid "" | |
7140 | -"AND that with 0xFFFF (giving bytes 2-3), and test whether that is in the " | |
7141 | -"range [0x100:0xFFFF]" | |
7142 | -msgstr "" | |
7143 | - | |
7144 | -#. type: Plain text | |
7145 | -#: original/man8/iptables-extensions.8:1601 | |
7146 | -msgid "Example: (more realistic, hence more complicated)" | |
7147 | -msgstr "" | |
7148 | - | |
7149 | -#. type: Plain text | |
7150 | -#: original/man8/iptables-extensions.8:1603 | |
7151 | -msgid "match ICMP packets with icmp type 0" | |
7152 | -msgstr "" | |
7153 | - | |
7154 | -#. type: Plain text | |
7155 | -#: original/man8/iptables-extensions.8:1605 | |
7156 | -msgid "First test that it is an ICMP packet, true iff byte 9 (protocol) = 1" | |
7157 | -msgstr "" | |
7158 | - | |
7159 | -#. type: Plain text | |
7160 | -#: original/man8/iptables-extensions.8:1607 | |
7161 | -msgid "--u32 \"B<6 & 0xFF = 1 &&> ..." | |
7162 | -msgstr "" | |
7163 | - | |
7164 | -#. type: Plain text | |
7165 | -#: original/man8/iptables-extensions.8:1614 | |
7166 | -msgid "" | |
7167 | -"read bytes 6-9, use B<&> to throw away bytes 6-8 and compare the result to " | |
7168 | -"1. Next test that it is not a fragment. (If so, it might be part of such a " | |
7169 | -"packet but we cannot always tell.) N.B.: This test is generally needed if " | |
7170 | -"you want to match anything beyond the IP header. The last 6 bits of byte 6 " | |
7171 | -"and all of byte 7 are 0 iff this is a complete packet (not a fragment). " | |
7172 | -"Alternatively, you can allow first fragments by only testing the last 5 bits " | |
7173 | -"of byte 6." | |
7174 | -msgstr "" | |
7175 | - | |
7176 | -#. type: Plain text | |
7177 | -#: original/man8/iptables-extensions.8:1616 | |
7178 | -msgid "... B<4 & 0x3FFF = 0 &&> ..." | |
7179 | -msgstr "" | |
7180 | - | |
7181 | -#. type: Plain text | |
7182 | -#: original/man8/iptables-extensions.8:1620 | |
7183 | -msgid "" | |
7184 | -"Last test: the first byte past the IP header (the type) is 0. This is where " | |
7185 | -"we have to use the @syntax. The length of the IP header (IHL) in 32 bit " | |
7186 | -"words is stored in the right half of byte 0 of the IP header itself." | |
7187 | -msgstr "" | |
7188 | - | |
7189 | -#. type: Plain text | |
7190 | -#: original/man8/iptables-extensions.8:1622 | |
7191 | -msgid "... B<0 E<gt>E<gt> 22 & 0x3C @ 0 E<gt>E<gt> 24 = 0>\"" | |
7192 | -msgstr "" | |
7193 | - | |
7194 | -#. type: Plain text | |
7195 | -#: original/man8/iptables-extensions.8:1634 | |
7196 | -msgid "" | |
7197 | -"The first 0 means read bytes 0-3, B<E<gt>E<gt>22> means shift that 22 bits " | |
7198 | -"to the right. Shifting 24 bits would give the first byte, so only 22 bits is " | |
7199 | -"four times that plus a few more bits. B<&3C> then eliminates the two extra " | |
7200 | -"bits on the right and the first four bits of the first byte. For instance, " | |
7201 | -"if IHL=5, then the IP header is 20 (4 x 5) bytes long. In this case, bytes " | |
7202 | -"0-1 are (in binary) xxxx0101 yyzzzzzz, B<E<gt>E<gt>22> gives the 10 bit " | |
7203 | -"value xxxx0101yy and B<&3C> gives 010100. B<@> means to use this number as a " | |
7204 | -"new offset into the packet, and read four bytes starting from there. This is " | |
7205 | -"the first 4 bytes of the ICMP payload, of which byte 0 is the ICMP type. " | |
7206 | -"Therefore, we simply shift the value 24 to the right to throw out all but " | |
7207 | -"the first byte and compare the result with 0." | |
7208 | -msgstr "" | |
7209 | - | |
7210 | -#. type: Plain text | |
7211 | -#: original/man8/iptables-extensions.8:1638 | |
7212 | -msgid "TCP payload bytes 8-12 is any of 1, 2, 5 or 8" | |
7213 | -msgstr "" | |
7214 | - | |
7215 | -#. type: Plain text | |
7216 | -#: original/man8/iptables-extensions.8:1640 | |
7217 | -msgid "First we test that the packet is a tcp packet (similar to ICMP)." | |
7218 | -msgstr "" | |
7219 | - | |
7220 | -#. type: Plain text | |
7221 | -#: original/man8/iptables-extensions.8:1642 | |
7222 | -msgid "--u32 \"B<6 & 0xFF = 6 &&> ..." | |
7223 | -msgstr "" | |
7224 | - | |
7225 | -#. type: Plain text | |
7226 | -#: original/man8/iptables-extensions.8:1644 | |
7227 | -msgid "Next, test that it is not a fragment (same as above)." | |
7228 | -msgstr "" | |
7229 | - | |
7230 | -#. type: Plain text | |
7231 | -#: original/man8/iptables-extensions.8:1646 | |
7232 | -msgid "... B<0 E<gt>E<gt> 22 & 0x3C @ 12 E<gt>E<gt> 26 & 0x3C @ 8 = 1,2,5,8>\"" | |
7233 | -msgstr "" | |
7234 | - | |
7235 | -#. type: Plain text | |
7236 | -#: original/man8/iptables-extensions.8:1654 | |
7237 | -msgid "" | |
7238 | -"B<0E<gt>E<gt>22&3C> as above computes the number of bytes in the IP header. " | |
7239 | -"B<@> makes this the new offset into the packet, which is the start of the " | |
7240 | -"TCP header. The length of the TCP header (again in 32 bit words) is the left " | |
7241 | -"half of byte 12 of the TCP header. The B<12E<gt>E<gt>26&3C> computes this " | |
7242 | -"length in bytes (similar to the IP header before). \"@\" makes this the new " | |
7243 | -"offset, which is the start of the TCP payload. Finally, 8 reads bytes 8-12 " | |
7244 | -"of the payload and B<=> checks whether the result is any of 1, 2, 5 or 8." | |
7245 | -msgstr "" | |
7246 | - | |
7247 | -#. type: SS | |
7248 | -#: original/man8/iptables-extensions.8:1654 | |
7249 | -#, no-wrap | |
7250 | -msgid "udp" | |
7251 | -msgstr "udp" | |
7252 | - | |
7253 | -#. type: Plain text | |
7254 | -#: original/man8/iptables-extensions.8:1657 | |
7255 | -#, fuzzy | |
7256 | -#| msgid "" | |
7257 | -#| "These extensions are loaded if `--protocol udp' is specified. It " | |
7258 | -#| "provides the following options:" | |
7259 | -msgid "" | |
7260 | -"These extensions can be used if `--protocol udp' is specified. It provides " | |
7261 | -"the following options:" | |
7262 | -msgstr "" | |
7263 | -"これらの拡張は `--protocol udp' が指定された場合にロードされ、 以下のオプショ" | |
7264 | -"ンが提供される:" | |
7265 | - | |
7266 | -#. type: Plain text | |
7267 | -#: original/man8/iptables-extensions.8:1663 | |
7268 | -msgid "" | |
7269 | -"Source port or port range specification. See the description of the B<--" | |
7270 | -"source-port> option of the TCP extension for details." | |
7271 | -msgstr "" | |
7272 | -"送信元ポートまたはポート範囲の指定。 詳細は TCP 拡張の B<--source-port> オプ" | |
7273 | -"ションの説明を参照すること。" | |
7274 | - | |
7275 | -#. type: Plain text | |
7276 | -#: original/man8/iptables-extensions.8:1669 | |
7277 | -msgid "" | |
7278 | -"Destination port or port range specification. See the description of the " | |
7279 | -"B<--destination-port> option of the TCP extension for details." | |
7280 | -msgstr "" | |
7281 | -"送信先ポートまたはポート範囲の指定。 詳細は TCP 拡張の B<--destination-port> " | |
7282 | -"オプションの説明を参照すること。" | |
7283 | - | |
7284 | -#. type: SS | |
7285 | -#: original/man8/iptables-extensions.8:1669 | |
7286 | -#, no-wrap | |
7287 | -msgid "unclean (IPv4-specific)" | |
7288 | -msgstr "" | |
7289 | - | |
7290 | -#. type: Plain text | |
7291 | -#: original/man8/iptables-extensions.8:1672 | |
7292 | -msgid "" | |
7293 | -"This module takes no options, but attempts to match packets which seem " | |
7294 | -"malformed or unusual. This is regarded as experimental." | |
7295 | -msgstr "" | |
7296 | -"このモジュールにはオプションがないが、 おかしく正常でないように見えるパケット" | |
7297 | -"にマッチする。 これは実験的なものとして扱われている。" | |
7298 | - | |
7299 | -#. type: SH | |
7300 | -#: original/man8/iptables-extensions.8:1672 | |
7301 | -#, no-wrap | |
7302 | -msgid "TARGET EXTENSIONS" | |
7303 | -msgstr "ターゲットの拡張" | |
7304 | - | |
7305 | -#. @TARGET@ | |
7306 | -#. type: Plain text | |
7307 | -#: original/man8/iptables-extensions.8:1676 | |
7308 | -msgid "" | |
7309 | -"iptables can use extended target modules: the following are included in the " | |
7310 | -"standard distribution." | |
7311 | -msgstr "" | |
7312 | -"iptables は拡張ターゲットモジュールを使うことができる: 以下のものが、標準的な" | |
7313 | -"ディストリビューションに含まれている。" | |
7314 | - | |
7315 | -#. type: SS | |
7316 | -#: original/man8/iptables-extensions.8:1676 | |
7317 | -#, no-wrap | |
7318 | -msgid "AUDIT" | |
7319 | -msgstr "" | |
7320 | - | |
7321 | -#. type: Plain text | |
7322 | -#: original/man8/iptables-extensions.8:1680 | |
7323 | -msgid "" | |
7324 | -"This target allows to create audit records for packets hitting the target. " | |
7325 | -"It can be used to record accepted, dropped, and rejected packets. See auditd" | |
7326 | -"(8) for additional details." | |
7327 | -msgstr "" | |
7328 | - | |
7329 | -#. type: TP | |
7330 | -#: original/man8/iptables-extensions.8:1680 | |
7331 | -#, no-wrap | |
7332 | -msgid "B<--type> {B<accept>|B<drop>|B<reject>}" | |
7333 | -msgstr "" | |
7334 | - | |
7335 | -#. type: Plain text | |
7336 | -#: original/man8/iptables-extensions.8:1683 | |
7337 | -msgid "Set type of audit record." | |
7338 | -msgstr "" | |
7339 | - | |
7340 | -#. type: Plain text | |
7341 | -#: original/man8/iptables-extensions.8:1687 | |
7342 | -#, fuzzy | |
7343 | -#| msgid " iptables -j TOS -h\n" | |
7344 | -msgid "iptables -N AUDIT_DROP" | |
7345 | -msgstr " iptables -j TOS -h\n" | |
7346 | - | |
7347 | -#. type: Plain text | |
7348 | -#: original/man8/iptables-extensions.8:1689 | |
7349 | -msgid "iptables -A AUDIT_DROP -j AUDIT --type drop" | |
7350 | -msgstr "" | |
7351 | - | |
7352 | -#. type: Plain text | |
7353 | -#: original/man8/iptables-extensions.8:1691 | |
7354 | -#, fuzzy | |
7355 | -#| msgid " iptables -j TOS -h\n" | |
7356 | -msgid "iptables -A AUDIT_DROP -j DROP" | |
7357 | -msgstr " iptables -j TOS -h\n" | |
7358 | - | |
7359 | -#. type: SS | |
7360 | -#: original/man8/iptables-extensions.8:1691 | |
7361 | -#, no-wrap | |
7362 | -msgid "CHECKSUM" | |
7363 | -msgstr "" | |
7364 | - | |
7365 | -#. type: Plain text | |
7366 | -#: original/man8/iptables-extensions.8:1694 | |
7367 | -#, fuzzy | |
7368 | -#| msgid "" | |
7369 | -#| "This target allows to selectively work around known ECN blackholes. It " | |
7370 | -#| "can only be used in the mangle table." | |
7371 | -msgid "" | |
7372 | -"This target allows to selectively work around broken/old applications. It " | |
7373 | -"can only be used in the mangle table." | |
7374 | -msgstr "" | |
7375 | -"このターゲットは ECN ブラックホール問題への対処を可能にする。 mangle テーブル" | |
7376 | -"でのみ使用できる。" | |
7377 | - | |
7378 | -#. type: TP | |
7379 | -#: original/man8/iptables-extensions.8:1694 | |
7380 | -#, no-wrap | |
7381 | -msgid "B<--checksum-fill>" | |
7382 | -msgstr "" | |
7383 | - | |
7384 | -#. type: Plain text | |
7385 | -#: original/man8/iptables-extensions.8:1700 | |
7386 | -msgid "" | |
7387 | -"Compute and fill in the checksum in a packet that lacks a checksum. This is " | |
7388 | -"particularly useful, if you need to work around old applications such as " | |
7389 | -"dhcp clients, that do not work well with checksum offloads, but don't want " | |
7390 | -"to disable checksum offload in your device." | |
7391 | -msgstr "" | |
7392 | - | |
7393 | -#. type: SS | |
7394 | -#: original/man8/iptables-extensions.8:1700 | |
7395 | -#, no-wrap | |
7396 | -msgid "CLASSIFY" | |
7397 | -msgstr "" | |
7398 | - | |
7399 | -#. type: Plain text | |
7400 | -#: original/man8/iptables-extensions.8:1702 | |
7401 | -msgid "" | |
7402 | -"This module allows you to set the skb-E<gt>priority value (and thus classify " | |
7403 | -"the packet into a specific CBQ class)." | |
7404 | -msgstr "" | |
7405 | - | |
7406 | -#. type: TP | |
7407 | -#: original/man8/iptables-extensions.8:1702 | |
7408 | -#, fuzzy, no-wrap | |
7409 | -#| msgid "B<--set-mark >I<mark>" | |
7410 | -msgid "B<--set-class> I<major>B<:>I<minor>" | |
7411 | -msgstr "B<--set-mark >I<mark>" | |
7412 | - | |
7413 | -#. type: Plain text | |
7414 | -#: original/man8/iptables-extensions.8:1706 | |
7415 | -msgid "" | |
7416 | -"Set the major and minor class value. The values are always interpreted as " | |
7417 | -"hexadecimal even if no 0x prefix is given." | |
7418 | -msgstr "" | |
7419 | - | |
7420 | -#. type: SS | |
7421 | -#: original/man8/iptables-extensions.8:1706 | |
7422 | -#, no-wrap | |
7423 | -msgid "CLUSTERIP (IPv4-specific)" | |
7424 | -msgstr "" | |
7425 | - | |
7426 | -#. type: Plain text | |
7427 | -#: original/man8/iptables-extensions.8:1711 | |
7428 | -msgid "" | |
7429 | -"This module allows you to configure a simple cluster of nodes that share a " | |
7430 | -"certain IP and MAC address without an explicit load balancer in front of " | |
7431 | -"them. Connections are statically distributed between the nodes in this " | |
7432 | -"cluster." | |
7433 | -msgstr "" | |
7434 | - | |
7435 | -#. type: TP | |
7436 | -#: original/man8/iptables-extensions.8:1711 | |
7437 | -#, no-wrap | |
7438 | -msgid "B<--new>" | |
7439 | -msgstr "" | |
7440 | - | |
7441 | -#. type: Plain text | |
7442 | -#: original/man8/iptables-extensions.8:1715 | |
7443 | -msgid "" | |
7444 | -"Create a new ClusterIP. You always have to set this on the first rule for a " | |
7445 | -"given ClusterIP." | |
7446 | -msgstr "" | |
7447 | - | |
7448 | -#. type: TP | |
7449 | -#: original/man8/iptables-extensions.8:1715 | |
7450 | -#, fuzzy, no-wrap | |
7451 | -#| msgid "B<--cmd-owner >I<name>" | |
7452 | -msgid "B<--hashmode> I<mode>" | |
7453 | -msgstr "B<--cmd-owner >I<name>" | |
7454 | - | |
7455 | -#. type: Plain text | |
7456 | -#: original/man8/iptables-extensions.8:1719 | |
7457 | -msgid "" | |
7458 | -"Specify the hashing mode. Has to be one of B<sourceip>, B<sourceip-" | |
7459 | -"sourceport>, B<sourceip-sourceport-destport>." | |
7460 | -msgstr "" | |
7461 | - | |
7462 | -#. type: TP | |
7463 | -#: original/man8/iptables-extensions.8:1719 | |
7464 | -#, fuzzy, no-wrap | |
7465 | -#| msgid "B<--set-mark >I<mark>" | |
7466 | -msgid "B<--clustermac> I<mac>" | |
7467 | -msgstr "B<--set-mark >I<mark>" | |
7468 | - | |
7469 | -#. type: Plain text | |
7470 | -#: original/man8/iptables-extensions.8:1722 | |
7471 | -msgid "" | |
7472 | -"Specify the ClusterIP MAC address. Has to be a link-layer multicast address" | |
7473 | -msgstr "" | |
7474 | - | |
7475 | -#. type: TP | |
7476 | -#: original/man8/iptables-extensions.8:1722 | |
7477 | -#, fuzzy, no-wrap | |
7478 | -#| msgid "B<-t>, B<--table> B<tablename>" | |
7479 | -msgid "B<--total-nodes> I<num>" | |
7480 | -msgstr "B<-t>, B<--table> B<tablename>" | |
7481 | - | |
7482 | -#. type: Plain text | |
7483 | -#: original/man8/iptables-extensions.8:1725 | |
7484 | -msgid "Number of total nodes within this cluster." | |
7485 | -msgstr "" | |
7486 | - | |
7487 | -#. type: TP | |
7488 | -#: original/man8/iptables-extensions.8:1725 | |
7489 | -#, fuzzy, no-wrap | |
7490 | -#| msgid "B<--cmd-owner >I<name>" | |
7491 | -msgid "B<--local-node> I<num>" | |
7492 | -msgstr "B<--cmd-owner >I<name>" | |
7493 | - | |
7494 | -#. type: Plain text | |
7495 | -#: original/man8/iptables-extensions.8:1728 | |
7496 | -msgid "Local node number within this cluster." | |
7497 | -msgstr "" | |
7498 | - | |
7499 | -#. type: TP | |
7500 | -#: original/man8/iptables-extensions.8:1728 | |
7501 | -#, fuzzy, no-wrap | |
7502 | -#| msgid "B<--limit >I<rate>" | |
7503 | -msgid "B<--hash-init> I<rnd>" | |
7504 | -msgstr "B<--limit >I<rate>" | |
7505 | - | |
7506 | -#. type: Plain text | |
7507 | -#: original/man8/iptables-extensions.8:1731 | |
7508 | -msgid "Specify the random seed used for hash initialization." | |
7509 | -msgstr "" | |
7510 | - | |
7511 | -#. type: SS | |
7512 | -#: original/man8/iptables-extensions.8:1731 | |
7513 | -#, fuzzy, no-wrap | |
7514 | -#| msgid "MARK" | |
7515 | -msgid "CONNMARK" | |
7516 | -msgstr "MARK" | |
7517 | - | |
7518 | -#. type: Plain text | |
7519 | -#: original/man8/iptables-extensions.8:1734 | |
7520 | -#, fuzzy | |
7521 | -#| msgid "" | |
7522 | -#| "This is used to set the netfilter mark value associated with the packet. " | |
7523 | -#| "It is only valid in the B<mangle> table." | |
7524 | -msgid "" | |
7525 | -"This module sets the netfilter mark value associated with a connection. The " | |
7526 | -"mark is 32 bits wide." | |
7527 | -msgstr "" | |
7528 | -"パケットに関連づけられた netfilter の mark 値を指定する。 B<mangle> テーブル" | |
7529 | -"のみで有効である。" | |
7530 | - | |
7531 | -#. type: TP | |
7532 | -#: original/man8/iptables-extensions.8:1734 | |
7533 | -#: original/man8/iptables-extensions.8:2100 | |
7534 | -#, fuzzy, no-wrap | |
7535 | -#| msgid "B<--mark >I<value>[/I<mask>]" | |
7536 | -msgid "B<--set-xmark> I<value>[B</>I<mask>]" | |
7537 | -msgstr "B<--mark >I<value>[/I<mask>]" | |
7538 | - | |
7539 | -#. type: Plain text | |
7540 | -#: original/man8/iptables-extensions.8:1737 | |
7541 | -msgid "Zero out the bits given by I<mask> and XOR I<value> into the ctmark." | |
7542 | -msgstr "" | |
7543 | - | |
7544 | -#. type: TP | |
7545 | -#: original/man8/iptables-extensions.8:1737 | |
7546 | -#, no-wrap | |
7547 | -msgid "B<--save-mark> [B<--nfmask> I<nfmask>] [B<--ctmask> I<ctmask>]" | |
7548 | -msgstr "" | |
7549 | - | |
7550 | -#. type: Plain text | |
7551 | -#: original/man8/iptables-extensions.8:1741 | |
7552 | -msgid "" | |
7553 | -"Copy the packet mark (nfmark) to the connection mark (ctmark) using the " | |
7554 | -"given masks. The new nfmark value is determined as follows:" | |
7555 | -msgstr "" | |
7556 | - | |
7557 | -#. type: Plain text | |
7558 | -#: original/man8/iptables-extensions.8:1743 | |
7559 | -msgid "ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)" | |
7560 | -msgstr "" | |
7561 | - | |
7562 | -#. type: Plain text | |
7563 | -#: original/man8/iptables-extensions.8:1747 | |
7564 | -msgid "" | |
7565 | -"i.e. I<ctmask> defines what bits to clear and I<nfmask> what bits of the " | |
7566 | -"nfmark to XOR into the ctmark. I<ctmask> and I<nfmask> default to 0xFFFFFFFF." | |
7567 | -msgstr "" | |
7568 | - | |
7569 | -#. type: TP | |
7570 | -#: original/man8/iptables-extensions.8:1747 | |
7571 | -#, no-wrap | |
7572 | -msgid "B<--restore-mark> [B<--nfmask> I<nfmask>] [B<--ctmask> I<ctmask>]" | |
7573 | -msgstr "" | |
7574 | - | |
7575 | -#. type: Plain text | |
7576 | -#: original/man8/iptables-extensions.8:1751 | |
7577 | -msgid "" | |
7578 | -"Copy the connection mark (ctmark) to the packet mark (nfmark) using the " | |
7579 | -"given masks. The new ctmark value is determined as follows:" | |
7580 | -msgstr "" | |
7581 | - | |
7582 | -#. type: Plain text | |
7583 | -#: original/man8/iptables-extensions.8:1753 | |
7584 | -msgid "nfmark = (nfmark & ~I<nfmask>) ^ (ctmark & I<ctmask>);" | |
7585 | -msgstr "" | |
7586 | - | |
7587 | -#. type: Plain text | |
7588 | -#: original/man8/iptables-extensions.8:1757 | |
7589 | -msgid "" | |
7590 | -"i.e. I<nfmask> defines what bits to clear and I<ctmask> what bits of the " | |
7591 | -"ctmark to XOR into the nfmark. I<ctmask> and I<nfmask> default to 0xFFFFFFFF." | |
7592 | -msgstr "" | |
7593 | - | |
7594 | -#. type: Plain text | |
7595 | -#: original/man8/iptables-extensions.8:1759 | |
7596 | -msgid "B<--restore-mark> is only valid in the B<mangle> table." | |
7597 | -msgstr "" | |
7598 | - | |
7599 | -#. type: Plain text | |
7600 | -#: original/man8/iptables-extensions.8:1761 | |
7601 | -msgid "The following mnemonics are available for B<--set-xmark>:" | |
7602 | -msgstr "" | |
7603 | - | |
7604 | -#. type: TP | |
7605 | -#: original/man8/iptables-extensions.8:1761 | |
7606 | -#: original/man8/iptables-extensions.8:2110 | |
7607 | -#, fuzzy, no-wrap | |
7608 | -#| msgid "B<--set-mark >I<mark>" | |
7609 | -msgid "B<--and-mark> I<bits>" | |
7610 | -msgstr "B<--set-mark >I<mark>" | |
7611 | - | |
7612 | -#. type: Plain text | |
7613 | -#: original/man8/iptables-extensions.8:1765 | |
7614 | -msgid "" | |
7615 | -"Binary AND the ctmark with I<bits>. (Mnemonic for B<--set-xmark 0/" | |
7616 | -">I<invbits>, where I<invbits> is the binary negation of I<bits>.)" | |
7617 | -msgstr "" | |
7618 | - | |
7619 | -#. type: TP | |
7620 | -#: original/man8/iptables-extensions.8:1765 | |
7621 | -#: original/man8/iptables-extensions.8:2114 | |
7622 | -#, fuzzy, no-wrap | |
7623 | -#| msgid "B<--set-mark >I<mark>" | |
7624 | -msgid "B<--or-mark> I<bits>" | |
7625 | -msgstr "B<--set-mark >I<mark>" | |
7626 | - | |
7627 | -#. type: Plain text | |
7628 | -#: original/man8/iptables-extensions.8:1769 | |
7629 | -msgid "" | |
7630 | -"Binary OR the ctmark with I<bits>. (Mnemonic for B<--set-xmark> I<bits>B</" | |
7631 | -">I<bits>.)" | |
7632 | -msgstr "" | |
7633 | - | |
7634 | -#. type: TP | |
7635 | -#: original/man8/iptables-extensions.8:1769 | |
7636 | -#: original/man8/iptables-extensions.8:2118 | |
7637 | -#, fuzzy, no-wrap | |
7638 | -#| msgid "B<--set-mark >I<mark>" | |
7639 | -msgid "B<--xor-mark> I<bits>" | |
7640 | -msgstr "B<--set-mark >I<mark>" | |
7641 | - | |
7642 | -#. type: Plain text | |
7643 | -#: original/man8/iptables-extensions.8:1773 | |
7644 | -msgid "" | |
7645 | -"Binary XOR the ctmark with I<bits>. (Mnemonic for B<--set-xmark> " | |
7646 | -"I<bits>B</0>.)" | |
7647 | -msgstr "" | |
7648 | - | |
7649 | -#. type: TP | |
7650 | -#: original/man8/iptables-extensions.8:1773 | |
7651 | -#: original/man8/iptables-extensions.8:2104 | |
7652 | -#, fuzzy, no-wrap | |
7653 | -#| msgid "B<--mark >I<value>[/I<mask>]" | |
7654 | -msgid "B<--set-mark> I<value>[B</>I<mask>]" | |
7655 | -msgstr "B<--mark >I<value>[/I<mask>]" | |
7656 | - | |
7657 | -#. type: Plain text | |
7658 | -#: original/man8/iptables-extensions.8:1777 | |
7659 | -msgid "" | |
7660 | -"Set the connection mark. If a mask is specified then only those bits set in " | |
7661 | -"the mask are modified." | |
7662 | -msgstr "" | |
7663 | - | |
7664 | -#. type: TP | |
7665 | -#: original/man8/iptables-extensions.8:1777 | |
7666 | -#, fuzzy, no-wrap | |
7667 | -#| msgid "B<--set-mark >I<mark>" | |
7668 | -msgid "B<--save-mark> [B<--mask> I<mask>]" | |
7669 | -msgstr "B<--set-mark >I<mark>" | |
7670 | - | |
7671 | -#. type: Plain text | |
7672 | -#: original/man8/iptables-extensions.8:1781 | |
7673 | -msgid "" | |
7674 | -"Copy the nfmark to the ctmark. If a mask is specified, only those bits are " | |
7675 | -"copied." | |
7676 | -msgstr "" | |
7677 | - | |
7678 | -#. type: TP | |
7679 | -#: original/man8/iptables-extensions.8:1781 | |
7680 | -#, fuzzy, no-wrap | |
7681 | -#| msgid "B<--set-mark >I<mark>" | |
7682 | -msgid "B<--restore-mark> [B<--mask> I<mask>]" | |
7683 | -msgstr "B<--set-mark >I<mark>" | |
7684 | - | |
7685 | -#. type: Plain text | |
7686 | -#: original/man8/iptables-extensions.8:1785 | |
7687 | -#, fuzzy | |
7688 | -#| msgid "" | |
7689 | -#| "This is used to set the netfilter mark value associated with the packet. " | |
7690 | -#| "It is only valid in the B<mangle> table." | |
7691 | -msgid "" | |
7692 | -"Copy the ctmark to the nfmark. If a mask is specified, only those bits are " | |
7693 | -"copied. This is only valid in the B<mangle> table." | |
7694 | -msgstr "" | |
7695 | -"パケットに関連づけられた netfilter の mark 値を指定する。 B<mangle> テーブル" | |
7696 | -"のみで有効である。" | |
7697 | - | |
7698 | -#. type: SS | |
7699 | -#: original/man8/iptables-extensions.8:1785 | |
7700 | -#, no-wrap | |
7701 | -msgid "CONNSECMARK" | |
7702 | -msgstr "" | |
7703 | - | |
7704 | -#. type: Plain text | |
7705 | -#: original/man8/iptables-extensions.8:1795 | |
7706 | -msgid "" | |
7707 | -"This module copies security markings from packets to connections (if " | |
7708 | -"unlabeled), and from connections back to packets (also only if unlabeled). " | |
7709 | -"Typically used in conjunction with SECMARK, it is valid in the B<security> " | |
7710 | -"table (for backwards compatibility with older kernels, it is also valid in " | |
7711 | -"the B<mangle> table)." | |
7712 | -msgstr "" | |
7713 | - | |
7714 | -#. type: TP | |
7715 | -#: original/man8/iptables-extensions.8:1795 | |
7716 | -#, no-wrap | |
7717 | -msgid "B<--save>" | |
7718 | -msgstr "" | |
7719 | - | |
7720 | -#. type: Plain text | |
7721 | -#: original/man8/iptables-extensions.8:1799 | |
7722 | -msgid "" | |
7723 | -"If the packet has a security marking, copy it to the connection if the " | |
7724 | -"connection is not marked." | |
7725 | -msgstr "" | |
7726 | - | |
7727 | -#. type: TP | |
7728 | -#: original/man8/iptables-extensions.8:1799 | |
7729 | -#, no-wrap | |
7730 | -msgid "B<--restore>" | |
7731 | -msgstr "" | |
7732 | - | |
7733 | -#. type: Plain text | |
7734 | -#: original/man8/iptables-extensions.8:1803 | |
7735 | -msgid "" | |
7736 | -"If the packet does not have a security marking, and the connection does, " | |
7737 | -"copy the security marking from the connection to the packet." | |
7738 | -msgstr "" | |
7739 | - | |
7740 | -#. type: SS | |
7741 | -#: original/man8/iptables-extensions.8:1804 | |
7742 | -#, no-wrap | |
7743 | -msgid "CT" | |
7744 | -msgstr "" | |
7745 | - | |
7746 | -#. type: Plain text | |
7747 | -#: original/man8/iptables-extensions.8:1809 | |
7748 | -msgid "" | |
7749 | -"The CT target allows to set parameters for a packet or its associated " | |
7750 | -"connection. The target attaches a \"template\" connection tracking entry to " | |
7751 | -"the packet, which is then used by the conntrack core when initializing a new " | |
7752 | -"ct entry. This target is thus only valid in the \"raw\" table." | |
7753 | -msgstr "" | |
7754 | - | |
7755 | -#. type: TP | |
7756 | -#: original/man8/iptables-extensions.8:1809 | |
7757 | -#, no-wrap | |
7758 | -msgid "B<--notrack>" | |
7759 | -msgstr "" | |
7760 | - | |
7761 | -#. type: Plain text | |
7762 | -#: original/man8/iptables-extensions.8:1812 | |
7763 | -msgid "Disables connection tracking for this packet." | |
7764 | -msgstr "" | |
7765 | - | |
7766 | -#. type: TP | |
7767 | -#: original/man8/iptables-extensions.8:1812 | |
7768 | -#, fuzzy, no-wrap | |
7769 | -#| msgid "B<--helper >I<string>" | |
7770 | -msgid "B<--helper> I<name>" | |
7771 | -msgstr "B<--helper >I<string>" | |
7772 | - | |
7773 | -#. type: Plain text | |
7774 | -#: original/man8/iptables-extensions.8:1816 | |
7775 | -msgid "" | |
7776 | -"Use the helper identified by I<name> for the connection. This is more " | |
7777 | -"flexible than loading the conntrack helper modules with preset ports." | |
7778 | -msgstr "" | |
7779 | - | |
7780 | -#. type: TP | |
7781 | -#: original/man8/iptables-extensions.8:1816 | |
7782 | -#, no-wrap | |
7783 | -msgid "B<--ctevents> I<event>[B<,>...]" | |
7784 | -msgstr "" | |
7785 | - | |
7786 | -#. type: Plain text | |
7787 | -#: original/man8/iptables-extensions.8:1822 | |
7788 | -msgid "" | |
7789 | -"Only generate the specified conntrack events for this connection. Possible " | |
7790 | -"event types are: B<new>, B<related>, B<destroy>, B<reply>, B<assured>, " | |
7791 | -"B<protoinfo>, B<helper>, B<mark> (this refers to the ctmark, not nfmark), " | |
7792 | -"B<natseqinfo>, B<secmark> (ctsecmark)." | |
7793 | -msgstr "" | |
7794 | - | |
7795 | -#. type: TP | |
7796 | -#: original/man8/iptables-extensions.8:1822 | |
7797 | -#, no-wrap | |
7798 | -msgid "B<--expevents> I<event>[B<,>...]" | |
7799 | -msgstr "" | |
7800 | - | |
7801 | -#. type: Plain text | |
7802 | -#: original/man8/iptables-extensions.8:1826 | |
7803 | -msgid "" | |
7804 | -"Only generate the specified expectation events for this connection. " | |
7805 | -"Possible event types are: B<new>." | |
7806 | -msgstr "" | |
7807 | - | |
7808 | -#. type: TP | |
7809 | -#: original/man8/iptables-extensions.8:1826 | |
7810 | -#, fuzzy, no-wrap | |
7811 | -#| msgid "B<--uid-owner >I<userid>" | |
7812 | -msgid "B<--zone> I<id>" | |
7813 | -msgstr "B<--uid-owner >I<userid>" | |
7814 | - | |
7815 | -#. type: Plain text | |
7816 | -#: original/man8/iptables-extensions.8:1830 | |
7817 | -msgid "" | |
7818 | -"Assign this packet to zone I<id> and only have lookups done in that zone. " | |
7819 | -"By default, packets have zone 0." | |
7820 | -msgstr "" | |
7821 | - | |
7822 | -#. type: TP | |
7823 | -#: original/man8/iptables-extensions.8:1830 | |
7824 | -#, fuzzy, no-wrap | |
7825 | -#| msgid "B<--set-mss >I<value>" | |
7826 | -msgid "B<--timeout> I<name>" | |
7827 | -msgstr "B<--set-mss >I<value>" | |
7828 | - | |
7829 | -#. type: Plain text | |
7830 | -#: original/man8/iptables-extensions.8:1835 | |
7831 | -msgid "" | |
7832 | -"Use the timeout policy identified by I<name> for the connection. This is " | |
7833 | -"provides more flexible timeout policy definition than global timeout values " | |
7834 | -"available at /proc/sys/net/netfilter/nf_conntrack_*_timeout_*." | |
7835 | -msgstr "" | |
7836 | - | |
7837 | -#. type: SS | |
7838 | -#: original/man8/iptables-extensions.8:1835 | |
7839 | -#, no-wrap | |
7840 | -msgid "DNAT (IPv4-specific)" | |
7841 | -msgstr "" | |
7842 | - | |
7843 | -#. type: Plain text | |
7844 | -#: original/man8/iptables-extensions.8:1847 | |
7845 | -msgid "" | |
7846 | -"This target is only valid in the B<nat> table, in the B<PREROUTING> and " | |
7847 | -"B<OUTPUT> chains, and user-defined chains which are only called from those " | |
7848 | -"chains. It specifies that the destination address of the packet should be " | |
7849 | -"modified (and all future packets in this connection will also be mangled), " | |
7850 | -"and rules should cease being examined. It takes one type of option:" | |
7851 | -msgstr "" | |
7852 | -"このターゲットは B<nat> テーブルの B<PREROUTING>, B<OUTPUT> チェイン、これら" | |
7853 | -"のチェインから呼び出される ユーザー定義チェインのみで有効である。 このター" | |
7854 | -"ゲットはパケットの送信先アドレスを修正する (この接続の以降のパケットも修正し" | |
7855 | -"て分からなく (mangle) する)。 さらに、ルールによるチェックを止めさせる。 この" | |
7856 | -"ターゲットにはオプションが 1 種類ある:" | |
7857 | - | |
7858 | -#. type: TP | |
7859 | -#: original/man8/iptables-extensions.8:1847 | |
7860 | -#, fuzzy, no-wrap | |
7861 | -#| msgid "B<--to-destination >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]" | |
7862 | -msgid "B<--to-destination> [I<ipaddr>[B<->I<ipaddr>]][B<:>I<port>[B<->I<port>]]" | |
7863 | -msgstr "B |
Part of diff was cut off due to size limit. Use your local client to view the full diff.