OSDN -- 오픈 소스 소프트웨어 개발 및 다운로드
Translation Status of 한국말 translation status for ko
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

iptables: Commit


Commit MetaInfo

Revisiona74e727c7fd6c02bf886dbccb61bfca1259754af (tree)
Time2013-04-08 15:23:30
AuthorAkihiro MOTOKI <amotoki@gmai...>
CommiterAkihiro MOTOKI

Log Message

iptables: Convert PO files to PO files per roff page

Change Summary

Incremental Difference

--- a/po4a/cmd/iptables-cmd.cfg
+++ /dev/null
@@ -1,28 +0,0 @@
1-[po_directory] po4a/cmd
2-
3-[type: man] original/man8/ip6tables-restore.8 $lang:draft/man8/ip6tables-restore.8 \
4- add_$lang:?po4a/add_$lang/copyright/ip6tables-restore.8.txt
5-
6-[type: man] original/man8/ip6tables-save.8 $lang:draft/man8/ip6tables-save.8 \
7- add_$lang:?po4a/add_$lang/copyright/ip6tables-save.8.txt
8-
9-[type: man] original/man8/ip6tables.8 $lang:draft/man8/ip6tables.8 \
10- add_$lang:?po4a/add_$lang/copyright/ip6tables.8.txt
11-
12-[type: man] original/man8/iptables-restore.8 $lang:draft/man8/iptables-restore.8 \
13- add_$lang:?po4a/add_$lang/copyright/iptables-restore.8.txt
14-
15-[type: man] original/man8/iptables-save.8 $lang:draft/man8/iptables-save.8 \
16- add_$lang:?po4a/add_$lang/copyright/iptables-save.8.txt
17-
18-[type: man] original/man8/iptables.8 $lang:draft/man8/iptables.8 \
19- add_$lang:?po4a/add_$lang/copyright/iptables.8.txt
20-
21-[type: man] original/man8/iptables-extensions.8 $lang:draft/man8/iptables-extensions.8 \
22- add_$lang:?po4a/add_$lang/copyright/iptables-extensions.8.txt
23-
24-[type: man] original/man8/iptables-apply.8 $lang:draft/man8/iptables-apply.8 \
25- add_$lang:?po4a/add_$lang/copyright/iptables-apply.8.txt
26-
27-[type: man] original/man1/iptables-xml.1 $lang:draft/man1/iptables-xml.1 \
28- add_$lang:?po4a/add_$lang/copyright/iptables-xml.1.txt
--- a/po4a/cmd/iptables-cmd.pot
+++ /dev/null
@@ -1,8698 +0,0 @@
1-# SOME DESCRIPTIVE TITLE
2-# Copyright (C) YEAR Free Software Foundation, Inc.
3-# This file is distributed under the same license as the PACKAGE package.
4-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
5-#
6-#, fuzzy
7-msgid ""
8-msgstr ""
9-"Project-Id-Version: PACKAGE VERSION\n"
10-"POT-Creation-Date: 2013-04-03 12:30+0900\n"
11-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
12-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13-"Language-Team: LANGUAGE <LL@li.org>\n"
14-"Language: \n"
15-"MIME-Version: 1.0\n"
16-"Content-Type: text/plain; charset=CHARSET\n"
17-"Content-Transfer-Encoding: 8bit\n"
18-
19-#. type: TH
20-#: original/man8/ip6tables-restore.8:1
21-#, no-wrap
22-msgid "IP6TABLES-RESTORE"
23-msgstr ""
24-
25-#. type: TH
26-#: original/man8/ip6tables-restore.8:1 original/man8/ip6tables-save.8:1
27-#, no-wrap
28-msgid "Jan 30, 2002"
29-msgstr ""
30-
31-#
32-#. Man page written by Sam Liddicott <azez@ufomechanic.net>
33-#. It is based on the iptables-save man page.
34-#
35-#. This program is free software; you can redistribute it and/or modify
36-#. it under the terms of the GNU General Public License as published by
37-#. the Free Software Foundation; either version 2 of the License, or
38-#. (at your option) any later version.
39-#
40-#. This program is distributed in the hope that it will be useful,
41-#. but WITHOUT ANY WARRANTY; without even the implied warranty of
42-#. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
43-#. GNU General Public License for more details.
44-#
45-#. You should have received a copy of the GNU General Public License
46-#. along with this program; if not, write to the Free Software
47-#. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
48-#. type: SH
49-#: original/man8/ip6tables-restore.8:21 original/man8/ip6tables-save.8:21 original/man8/ip6tables.8:27 original/man8/iptables-restore.8:21 original/man8/iptables-save.8:21 original/man8/iptables.8:25 original/man8/iptables-extensions.8:2 original/man8/iptables-apply.8:8 original/man1/iptables-xml.1:21
50-#, no-wrap
51-msgid "NAME"
52-msgstr ""
53-
54-#. type: Plain text
55-#: original/man8/ip6tables-restore.8:23
56-msgid "ip6tables-restore \\(em Restore IPv6 Tables"
57-msgstr ""
58-
59-#. type: SH
60-#: original/man8/ip6tables-restore.8:23 original/man8/ip6tables-save.8:23 original/man8/ip6tables.8:29 original/man8/iptables-restore.8:23 original/man8/iptables-save.8:23 original/man8/iptables.8:27 original/man8/iptables-extensions.8:4 original/man8/iptables-apply.8:10 original/man1/iptables-xml.1:23
61-#, no-wrap
62-msgid "SYNOPSIS"
63-msgstr ""
64-
65-#. type: Plain text
66-#: original/man8/ip6tables-restore.8:26
67-msgid "B<ip6tables-restore> [B<-chntv>] [B<-M> I<modprobe>] [B<-T> I<name>]"
68-msgstr ""
69-
70-#. type: SH
71-#: original/man8/ip6tables-restore.8:26 original/man8/ip6tables-save.8:26 original/man8/ip6tables.8:55 original/man8/iptables-restore.8:26 original/man8/iptables-save.8:26 original/man8/iptables.8:54 original/man8/iptables-apply.8:12 original/man1/iptables-xml.1:25
72-#, no-wrap
73-msgid "DESCRIPTION"
74-msgstr ""
75-
76-#. type: Plain text
77-#: original/man8/ip6tables-restore.8:31
78-msgid ""
79-"B<ip6tables-restore> is used to restore IPv6 Tables from data specified on "
80-"STDIN. Use I/O redirection provided by your shell to read from a file"
81-msgstr ""
82-
83-#. type: TP
84-#: original/man8/ip6tables-restore.8:31 original/man8/ip6tables-save.8:35 original/man8/iptables-restore.8:31 original/man8/iptables-save.8:35
85-#, no-wrap
86-msgid "B<-c>, B<--counters>"
87-msgstr ""
88-
89-#. type: Plain text
90-#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34
91-msgid "restore the values of all packet and byte counters"
92-msgstr ""
93-
94-#. type: TP
95-#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34 original/man8/iptables-apply.8:28
96-#, no-wrap
97-msgid "B<-h>, B<--help>"
98-msgstr ""
99-
100-#. type: Plain text
101-#: original/man8/ip6tables-restore.8:37 original/man8/iptables-restore.8:37
102-msgid "Print a short option summary."
103-msgstr ""
104-
105-#. type: TP
106-#: original/man8/ip6tables-restore.8:37 original/man8/iptables-restore.8:37
107-#, no-wrap
108-msgid "B<-n>, B<--noflush> "
109-msgstr ""
110-
111-#. type: Plain text
112-#: original/man8/ip6tables-restore.8:42
113-msgid ""
114-"don't flush the previous contents of the table. If not specified, "
115-"B<ip6tables-restore> flushes (deletes) all previous contents of the "
116-"respective table."
117-msgstr ""
118-
119-#. type: TP
120-#: original/man8/ip6tables-restore.8:42 original/man8/iptables-restore.8:42
121-#, no-wrap
122-msgid "B<-t>, B<--test>"
123-msgstr ""
124-
125-#. type: Plain text
126-#: original/man8/ip6tables-restore.8:45 original/man8/iptables-restore.8:45
127-msgid "Only parse and construct the ruleset, but do not commit it."
128-msgstr ""
129-
130-#. type: TP
131-#: original/man8/ip6tables-restore.8:45 original/man8/ip6tables.8:355 original/man8/iptables-restore.8:45 original/man8/iptables.8:343 original/man1/iptables-xml.1:38
132-#, no-wrap
133-msgid "B<-v>, B<--verbose>"
134-msgstr ""
135-
136-#. type: Plain text
137-#: original/man8/ip6tables-restore.8:48 original/man8/iptables-restore.8:48
138-msgid "Print additional debug info during ruleset processing."
139-msgstr ""
140-
141-#. type: TP
142-#: original/man8/ip6tables-restore.8:48 original/man8/iptables-restore.8:48
143-#, no-wrap
144-msgid "B<-M>, B<--modprobe> I<modprobe_program>"
145-msgstr ""
146-
147-#. type: Plain text
148-#: original/man8/ip6tables-restore.8:52
149-msgid ""
150-"Specify the path to the modprobe program. By default, ip6tables-restore will "
151-"inspect /proc/sys/kernel/modprobe to determine the executable's path."
152-msgstr ""
153-
154-#. type: TP
155-#: original/man8/ip6tables-restore.8:52 original/man8/iptables-restore.8:52
156-#, no-wrap
157-msgid "B<-T>, B<--table> I<name>"
158-msgstr ""
159-
160-#. type: Plain text
161-#: original/man8/ip6tables-restore.8:57
162-msgid ""
163-"Restore only the named table even if the input stream contains other ones. "
164-"B<ip6tables-restore> flushes (deletes) all previous contents of the "
165-"respective IPv6 Table."
166-msgstr ""
167-
168-#. type: SH
169-#: original/man8/ip6tables-restore.8:57 original/man8/ip6tables-save.8:42 original/man8/ip6tables.8:395 original/man8/iptables-restore.8:55 original/man8/iptables-save.8:42 original/man8/iptables.8:383 original/man1/iptables-xml.1:82
170-#, no-wrap
171-msgid "BUGS"
172-msgstr ""
173-
174-#. type: Plain text
175-#: original/man8/ip6tables-restore.8:59 original/man8/ip6tables-save.8:44 original/man8/iptables-restore.8:57 original/man8/iptables-save.8:44
176-msgid "None known as of iptables-1.2.1 release"
177-msgstr ""
178-
179-#. type: SH
180-#: original/man8/ip6tables-restore.8:59 original/man8/ip6tables-save.8:44 original/man8/ip6tables.8:430 original/man8/iptables.8:429
181-#, no-wrap
182-msgid "AUTHORS"
183-msgstr ""
184-
185-#. type: Plain text
186-#: original/man8/ip6tables-restore.8:61 original/man8/ip6tables-save.8:46 original/man8/iptables-restore.8:59 original/man8/iptables-save.8:46
187-msgid "Harald Welte E<lt>laforge@gnumonks.orgE<gt>"
188-msgstr ""
189-
190-#. type: Plain text
191-#: original/man8/ip6tables-restore.8:63 original/man8/ip6tables-save.8:48
192-msgid "Andras Kis-Szabo E<lt>kisza@sch.bme.huE<gt>"
193-msgstr ""
194-
195-#. type: SH
196-#: original/man8/ip6tables-restore.8:63 original/man8/ip6tables-save.8:48 original/man8/ip6tables.8:412 original/man8/iptables-restore.8:59 original/man8/iptables-save.8:46 original/man8/iptables.8:411 original/man8/iptables-apply.8:34 original/man1/iptables-xml.1:86
197-#, no-wrap
198-msgid "SEE ALSO"
199-msgstr ""
200-
201-#. type: Plain text
202-#: original/man8/ip6tables-restore.8:65
203-msgid "B<ip6tables-save>(8), B<ip6tables>(8)"
204-msgstr ""
205-
206-#. type: Plain text
207-#: original/man8/ip6tables-restore.8:68 original/man8/ip6tables-save.8:53 original/man8/iptables-restore.8:64 original/man8/iptables-save.8:51
208-msgid ""
209-"The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which "
210-"details NAT, and the netfilter-hacking-HOWTO which details the internals."
211-msgstr ""
212-
213-#. type: TH
214-#: original/man8/ip6tables-save.8:1
215-#, no-wrap
216-msgid "IP6TABLES-SAVE"
217-msgstr ""
218-
219-#. type: Plain text
220-#: original/man8/ip6tables-save.8:23
221-msgid "ip6tables-save \\(em dump iptables rules to stdout"
222-msgstr ""
223-
224-#. type: Plain text
225-#: original/man8/ip6tables-save.8:26
226-msgid "B<ip6tables-save> [B<-M> I<modprobe>] [B<-c>] [B<-t> I<table>"
227-msgstr ""
228-
229-#. type: Plain text
230-#: original/man8/ip6tables-save.8:31
231-msgid ""
232-"B<ip6tables-save> is used to dump the contents of an IPv6 Table in easily "
233-"parseable format to STDOUT. Use I/O-redirection provided by your shell to "
234-"write to a file."
235-msgstr ""
236-
237-#. type: TP
238-#: original/man8/ip6tables-save.8:31 original/man8/iptables-save.8:31
239-#, no-wrap
240-msgid "B<-M> I<modprobe_program>"
241-msgstr ""
242-
243-#. type: Plain text
244-#: original/man8/ip6tables-save.8:35 original/man8/iptables-save.8:35
245-msgid ""
246-"Specify the path to the modprobe program. By default, iptables-save will "
247-"inspect /proc/sys/kernel/modprobe to determine the executable's path."
248-msgstr ""
249-
250-#. type: Plain text
251-#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38
252-msgid "include the current values of all packet and byte counters in the output"
253-msgstr ""
254-
255-#. type: TP
256-#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38
257-#, no-wrap
258-msgid "B<-t>, B<--table> I<tablename>"
259-msgstr ""
260-
261-#. type: Plain text
262-#: original/man8/ip6tables-save.8:42 original/man8/iptables-save.8:42
263-msgid ""
264-"restrict output to only one table. If not specified, output includes all "
265-"available tables."
266-msgstr ""
267-
268-#. type: Plain text
269-#: original/man8/ip6tables-save.8:50
270-msgid "B<ip6tables-restore>(8), B<ip6tables>(8)"
271-msgstr ""
272-
273-#. type: TH
274-#: original/man8/ip6tables.8:1
275-#, no-wrap
276-msgid "IP6TABLES"
277-msgstr ""
278-
279-#. type: TH
280-#: original/man8/ip6tables.8:1 original/man8/ip6tables.8:1 original/man8/iptables.8:1 original/man8/iptables.8:1 original/man8/iptables-extensions.8:1 original/man8/iptables-extensions.8:1
281-#, no-wrap
282-msgid "iptables 1.4.18"
283-msgstr ""
284-
285-#. type: Plain text
286-#: original/man8/ip6tables.8:29
287-msgid "ip6tables \\(em IPv6 packet filter administration"
288-msgstr ""
289-
290-#. type: Plain text
291-#: original/man8/ip6tables.8:32
292-msgid ""
293-"B<ip6tables> [B<-t> I<table>] {B<-A>|B<-C>|B<-D>} I<chain "
294-"rule-specification> [I<options...>]"
295-msgstr ""
296-
297-#. type: Plain text
298-#: original/man8/ip6tables.8:35
299-msgid ""
300-"B<ip6tables> [B<-t> I<table>] B<-I> I<chain> [I<rulenum>] "
301-"I<rule-specification> [I<options...>]"
302-msgstr ""
303-
304-#. type: Plain text
305-#: original/man8/ip6tables.8:38
306-msgid ""
307-"B<ip6tables> [B<-t> I<table>] B<-R> I<chain rulenum rule-specification> "
308-"[I<options...>]"
309-msgstr ""
310-
311-#. type: Plain text
312-#: original/man8/ip6tables.8:41
313-msgid "B<ip6tables> [B<-t> I<table>] B<-D> I<chain rulenum> [I<options...>]"
314-msgstr ""
315-
316-#. type: Plain text
317-#: original/man8/ip6tables.8:43
318-msgid "B<ip6tables> [B<-t> I<table>] B<-S> [I<chain> [I<rulenum>]]"
319-msgstr ""
320-
321-#. type: Plain text
322-#: original/man8/ip6tables.8:46
323-msgid ""
324-"B<ip6tables> [B<-t> I<table>] {B<-F>|B<-L>|B<-Z>} [I<chain> [I<rulenum>]] "
325-"[I<options...>]"
326-msgstr ""
327-
328-#. type: Plain text
329-#: original/man8/ip6tables.8:48
330-msgid "B<ip6tables> [B<-t> I<table>] B<-N> I<chain>"
331-msgstr ""
332-
333-#. type: Plain text
334-#: original/man8/ip6tables.8:50
335-msgid "B<ip6tables> [B<-t> I<table>] B<-X> [I<chain>]"
336-msgstr ""
337-
338-#. type: Plain text
339-#: original/man8/ip6tables.8:53
340-msgid "B<ip6tables> [B<-t> I<table>] B<-P> I<chain target> [I<options...>]"
341-msgstr ""
342-
343-#. type: Plain text
344-#: original/man8/ip6tables.8:55
345-msgid "B<ip6tables> [B<-t> I<table>] B<-E> I<old-chain-name new-chain-name>"
346-msgstr ""
347-
348-#. type: Plain text
349-#: original/man8/ip6tables.8:61
350-msgid ""
351-"B<Ip6tables> is used to set up, maintain, and inspect the tables of IPv6 "
352-"packet filter rules in the Linux kernel. Several different tables may be "
353-"defined. Each table contains a number of built-in chains and may also "
354-"contain user-defined chains."
355-msgstr ""
356-
357-#. type: Plain text
358-#: original/man8/ip6tables.8:66 original/man8/iptables.8:65
359-msgid ""
360-"Each chain is a list of rules which can match a set of packets. Each rule "
361-"specifies what to do with a packet that matches. This is called a `target', "
362-"which may be a jump to a user-defined chain in the same table."
363-msgstr ""
364-
365-#. type: SH
366-#: original/man8/ip6tables.8:66 original/man8/iptables.8:65
367-#, no-wrap
368-msgid "TARGETS"
369-msgstr ""
370-
371-#. type: Plain text
372-#: original/man8/ip6tables.8:72 original/man8/iptables.8:71
373-msgid ""
374-"A firewall rule specifies criteria for a packet and a target. If the packet "
375-"does not match, the next rule in the chain is the examined; if it does "
376-"match, then the next rule is specified by the value of the target, which can "
377-"be the name of a user-defined chain or one of the special values B<ACCEPT>, "
378-"B<DROP>, B<QUEUE> or B<RETURN>."
379-msgstr ""
380-
381-#. type: Plain text
382-#: original/man8/ip6tables.8:89 original/man8/iptables.8:88
383-msgid ""
384-"B<ACCEPT> means to let the packet through. B<DROP> means to drop the packet "
385-"on the floor. B<QUEUE> means to pass the packet to userspace. (How the "
386-"packet can be received by a userspace process differs by the particular "
387-"queue handler. 2.4.x and 2.6.x kernels up to 2.6.13 include the B<ip_queue> "
388-"queue handler. Kernels 2.6.14 and later additionally include the "
389-"B<nfnetlink_queue> queue handler. Packets with a target of QUEUE will be "
390-"sent to queue number '0' in this case. Please also see the B<NFQUEUE> target "
391-"as described later in this man page.) B<RETURN> means stop traversing this "
392-"chain and resume at the next rule in the previous (calling) chain. If the "
393-"end of a built-in chain is reached or a rule in a built-in chain with target "
394-"B<RETURN> is matched, the target specified by the chain policy determines "
395-"the fate of the packet."
396-msgstr ""
397-
398-#. type: SH
399-#: original/man8/ip6tables.8:89 original/man8/iptables.8:88
400-#, no-wrap
401-msgid "TABLES"
402-msgstr ""
403-
404-#. type: Plain text
405-#: original/man8/ip6tables.8:93 original/man8/iptables.8:92
406-msgid ""
407-"There are currently five independent tables (which tables are present at any "
408-"time depends on the kernel configuration options and which modules are "
409-"present)."
410-msgstr ""
411-
412-#. type: TP
413-#: original/man8/ip6tables.8:93 original/man8/iptables.8:92
414-#, no-wrap
415-msgid "B<-t>, B<--table> I<table>"
416-msgstr ""
417-
418-#. type: Plain text
419-#: original/man8/ip6tables.8:99 original/man8/iptables.8:98
420-msgid ""
421-"This option specifies the packet matching table which the command should "
422-"operate on. If the kernel is configured with automatic module loading, an "
423-"attempt will be made to load the appropriate module for that table if it is "
424-"not already there."
425-msgstr ""
426-
427-#. type: Plain text
428-#: original/man8/ip6tables.8:101 original/man8/iptables.8:100
429-msgid "The tables are as follows:"
430-msgstr ""
431-
432-#. type: TP
433-#: original/man8/ip6tables.8:102 original/man8/iptables.8:101
434-#, no-wrap
435-msgid "B<filter>:"
436-msgstr ""
437-
438-#. type: Plain text
439-#: original/man8/ip6tables.8:108 original/man8/iptables.8:107
440-msgid ""
441-"This is the default table (if no -t option is passed). It contains the "
442-"built-in chains B<INPUT> (for packets destined to local sockets), B<FORWARD> "
443-"(for packets being routed through the box), and B<OUTPUT> (for "
444-"locally-generated packets)."
445-msgstr ""
446-
447-#. type: TP
448-#: original/man8/ip6tables.8:108 original/man8/iptables.8:107
449-#, no-wrap
450-msgid "B<nat>:"
451-msgstr ""
452-
453-#. type: Plain text
454-#: original/man8/ip6tables.8:115
455-msgid ""
456-"This table is consulted when a packet that creates a new connection is "
457-"encountered. It consists of three built-ins: B<PREROUTING> (for altering "
458-"packets as soon as they come in), B<OUTPUT> (for altering locally-generated "
459-"packets before routing), and B<POSTROUTING> (for altering packets as they "
460-"are about to go out). Available since kernel 3.7."
461-msgstr ""
462-
463-#. type: TP
464-#: original/man8/ip6tables.8:115 original/man8/iptables.8:114
465-#, no-wrap
466-msgid "B<mangle>:"
467-msgstr ""
468-
469-#. type: Plain text
470-#: original/man8/ip6tables.8:125 original/man8/iptables.8:124
471-msgid ""
472-"This table is used for specialized packet alteration. Until kernel 2.4.17 "
473-"it had two built-in chains: B<PREROUTING> (for altering incoming packets "
474-"before routing) and B<OUTPUT> (for altering locally-generated packets before "
475-"routing). Since kernel 2.4.18, three other built-in chains are also "
476-"supported: B<INPUT> (for packets coming into the box itself), B<FORWARD> "
477-"(for altering packets being routed through the box), and B<POSTROUTING> (for "
478-"altering packets as they are about to go out)."
479-msgstr ""
480-
481-#. type: TP
482-#: original/man8/ip6tables.8:125 original/man8/iptables.8:124
483-#, no-wrap
484-msgid "B<raw>:"
485-msgstr ""
486-
487-#. type: Plain text
488-#: original/man8/ip6tables.8:133 original/man8/iptables.8:132
489-msgid ""
490-"This table is used mainly for configuring exemptions from connection "
491-"tracking in combination with the NOTRACK target. It registers at the "
492-"netfilter hooks with higher priority and is thus called before ip_conntrack, "
493-"or any other IP tables. It provides the following built-in chains: "
494-"B<PREROUTING> (for packets arriving via any network interface) B<OUTPUT> "
495-"(for packets generated by local processes)"
496-msgstr ""
497-
498-#. type: TP
499-#: original/man8/ip6tables.8:133 original/man8/iptables.8:132
500-#, no-wrap
501-msgid "B<security>:"
502-msgstr ""
503-
504-#. type: Plain text
505-#: original/man8/ip6tables.8:144 original/man8/iptables.8:143
506-msgid ""
507-"This table is used for Mandatory Access Control (MAC) networking rules, such "
508-"as those enabled by the B<SECMARK> and B<CONNSECMARK> targets. Mandatory "
509-"Access Control is implemented by Linux Security Modules such as SELinux. "
510-"The security table is called after the filter table, allowing any "
511-"Discretionary Access Control (DAC) rules in the filter table to take effect "
512-"before MAC rules. This table provides the following built-in chains: "
513-"B<INPUT> (for packets coming into the box itself), B<OUTPUT> (for altering "
514-"locally-generated packets before routing), and B<FORWARD> (for altering "
515-"packets being routed through the box)."
516-msgstr ""
517-
518-#. type: SH
519-#: original/man8/ip6tables.8:145 original/man8/iptables.8:144 original/man8/iptables-apply.8:23
520-#, no-wrap
521-msgid "OPTIONS"
522-msgstr ""
523-
524-#. type: Plain text
525-#: original/man8/ip6tables.8:148
526-msgid ""
527-"The options that are recognized by B<ip6tables> can be divided into several "
528-"different groups."
529-msgstr ""
530-
531-#. type: SS
532-#: original/man8/ip6tables.8:148 original/man8/iptables.8:147
533-#, no-wrap
534-msgid "COMMANDS"
535-msgstr ""
536-
537-#. type: Plain text
538-#: original/man8/ip6tables.8:154
539-msgid ""
540-"These options specify the specific action to perform. Only one of them can "
541-"be specified on the command line unless otherwise specified below. For all "
542-"the long versions of the command and option names, you need to use only "
543-"enough letters to ensure that B<ip6tables> can differentiate it from all "
544-"other options."
545-msgstr ""
546-
547-#. type: TP
548-#: original/man8/ip6tables.8:154 original/man8/ip6tables.8:237 original/man8/iptables.8:153
549-#, no-wrap
550-msgid "B<-A>, B<--append> I<chain rule-specification>"
551-msgstr ""
552-
553-#. type: Plain text
554-#: original/man8/ip6tables.8:159 original/man8/ip6tables.8:242 original/man8/iptables.8:158
555-msgid ""
556-"Append one or more rules to the end of the selected chain. When the source "
557-"and/or destination names resolve to more than one address, a rule will be "
558-"added for each possible address combination."
559-msgstr ""
560-
561-#. type: TP
562-#: original/man8/ip6tables.8:159 original/man8/iptables.8:158
563-#, no-wrap
564-msgid "B<-C>, B<--check> I<chain rule-specification>"
565-msgstr ""
566-
567-#. type: Plain text
568-#: original/man8/ip6tables.8:165 original/man8/iptables.8:164
569-msgid ""
570-"Check whether a rule matching the specification does exist in the selected "
571-"chain. This command uses the same logic as B<-D> to find a matching entry, "
572-"but does not alter the existing iptables configuration and uses its exit "
573-"code to indicate success or failure."
574-msgstr ""
575-
576-#. type: TP
577-#: original/man8/ip6tables.8:165 original/man8/iptables.8:164
578-#, no-wrap
579-msgid "B<-D>, B<--delete> I<chain rule-specification>"
580-msgstr ""
581-
582-#. type: TP
583-#: original/man8/ip6tables.8:168 original/man8/iptables.8:167
584-#, no-wrap
585-msgid "B<-D>, B<--delete> I<chain rulenum>"
586-msgstr ""
587-
588-#. type: Plain text
589-#: original/man8/ip6tables.8:173 original/man8/iptables.8:172
590-msgid ""
591-"Delete one or more rules from the selected chain. There are two versions of "
592-"this command: the rule can be specified as a number in the chain (starting "
593-"at 1 for the first rule) or a rule to match."
594-msgstr ""
595-
596-#. type: TP
597-#: original/man8/ip6tables.8:173 original/man8/iptables.8:172
598-#, no-wrap
599-msgid "B<-I>, B<--insert> I<chain> [I<rulenum>] I<rule-specification>"
600-msgstr ""
601-
602-#. type: Plain text
603-#: original/man8/ip6tables.8:179 original/man8/iptables.8:178
604-msgid ""
605-"Insert one or more rules in the selected chain as the given rule number. "
606-"So, if the rule number is 1, the rule or rules are inserted at the head of "
607-"the chain. This is also the default if no rule number is specified."
608-msgstr ""
609-
610-#. type: TP
611-#: original/man8/ip6tables.8:179 original/man8/iptables.8:178
612-#, no-wrap
613-msgid "B<-R>, B<--replace> I<chain rulenum rule-specification>"
614-msgstr ""
615-
616-#. type: Plain text
617-#: original/man8/ip6tables.8:184 original/man8/iptables.8:183
618-msgid ""
619-"Replace a rule in the selected chain. If the source and/or destination "
620-"names resolve to multiple addresses, the command will fail. Rules are "
621-"numbered starting at 1."
622-msgstr ""
623-
624-#. type: TP
625-#: original/man8/ip6tables.8:184 original/man8/iptables.8:183
626-#, no-wrap
627-msgid "B<-L>, B<--list> [I<chain>]"
628-msgstr ""
629-
630-#. type: Plain text
631-#: original/man8/ip6tables.8:189
632-msgid ""
633-"List all rules in the selected chain. If no chain is selected, all chains "
634-"are listed. Like every other ip6tables command, it applies to the specified "
635-"table (filter is the default)."
636-msgstr ""
637-
638-#. type: Plain text
639-#: original/man8/ip6tables.8:196 original/man8/iptables.8:197
640-msgid ""
641-"Please note that it is often used with the B<-n> option, in order to avoid "
642-"long reverse DNS lookups. It is legal to specify the B<-Z> (zero) option as "
643-"well, in which case the chain(s) will be atomically listed and zeroed. The "
644-"exact output is affected by the other arguments given. The exact rules are "
645-"suppressed until you use"
646-msgstr ""
647-
648-#. type: Plain text
649-#: original/man8/ip6tables.8:198
650-#, no-wrap
651-msgid " ip6tables -L -v\n"
652-msgstr ""
653-
654-#. type: TP
655-#: original/man8/ip6tables.8:199 original/man8/iptables.8:200
656-#, no-wrap
657-msgid "B<-S>, B<--list-rules> [I<chain>]"
658-msgstr ""
659-
660-#. type: Plain text
661-#: original/man8/ip6tables.8:204
662-msgid ""
663-"Print all rules in the selected chain. If no chain is selected, all chains "
664-"are printed like ip6tables-save. Like every other ip6tables command, it "
665-"applies to the specified table (filter is the default)."
666-msgstr ""
667-
668-#. type: TP
669-#: original/man8/ip6tables.8:204 original/man8/iptables.8:205
670-#, no-wrap
671-msgid "B<-F>, B<--flush> [I<chain>]"
672-msgstr ""
673-
674-#. type: Plain text
675-#: original/man8/ip6tables.8:208 original/man8/iptables.8:209
676-msgid ""
677-"Flush the selected chain (all the chains in the table if none is given). "
678-"This is equivalent to deleting all the rules one by one."
679-msgstr ""
680-
681-#. type: TP
682-#: original/man8/ip6tables.8:208 original/man8/iptables.8:209
683-#, no-wrap
684-msgid "B<-Z>, B<--zero> [I<chain> [I<rulenum>]]"
685-msgstr ""
686-
687-#. type: Plain text
688-#: original/man8/ip6tables.8:216 original/man8/iptables.8:217
689-msgid ""
690-"Zero the packet and byte counters in all chains, or only the given chain, or "
691-"only the given rule in a chain. It is legal to specify the B<-L>, B<--list> "
692-"(list) option as well, to see the counters immediately before they are "
693-"cleared. (See above.)"
694-msgstr ""
695-
696-#. type: TP
697-#: original/man8/ip6tables.8:216 original/man8/iptables.8:217
698-#, no-wrap
699-msgid "B<-N>, B<--new-chain> I<chain>"
700-msgstr ""
701-
702-#. type: Plain text
703-#: original/man8/ip6tables.8:220 original/man8/iptables.8:221
704-msgid ""
705-"Create a new user-defined chain by the given name. There must be no target "
706-"of that name already."
707-msgstr ""
708-
709-#. type: TP
710-#: original/man8/ip6tables.8:220 original/man8/iptables.8:221
711-#, no-wrap
712-msgid "B<-X>, B<--delete-chain> [I<chain>]"
713-msgstr ""
714-
715-#. type: Plain text
716-#: original/man8/ip6tables.8:227 original/man8/iptables.8:228
717-msgid ""
718-"Delete the optional user-defined chain specified. There must be no "
719-"references to the chain. If there are, you must delete or replace the "
720-"referring rules before the chain can be deleted. The chain must be empty, "
721-"i.e. not contain any rules. If no argument is given, it will attempt to "
722-"delete every non-builtin chain in the table."
723-msgstr ""
724-
725-#. type: TP
726-#: original/man8/ip6tables.8:227 original/man8/iptables.8:228
727-#, no-wrap
728-msgid "B<-P>, B<--policy> I<chain target>"
729-msgstr ""
730-
731-#. type: Plain text
732-#: original/man8/ip6tables.8:233 original/man8/iptables.8:234
733-msgid ""
734-"Set the policy for the chain to the given target. See the section "
735-"B<TARGETS> for the legal targets. Only built-in (non-user-defined) chains "
736-"can have policies, and neither built-in nor user-defined chains can be "
737-"policy targets."
738-msgstr ""
739-
740-#. type: TP
741-#: original/man8/ip6tables.8:233 original/man8/iptables.8:234
742-#, no-wrap
743-msgid "B<-E>, B<--rename-chain> I<old-chain new-chain>"
744-msgstr ""
745-
746-#. type: Plain text
747-#: original/man8/ip6tables.8:237 original/man8/iptables.8:238
748-msgid ""
749-"Rename the user specified chain to the user supplied name. This is "
750-"cosmetic, and has no effect on the structure of the table."
751-msgstr ""
752-
753-#. type: TP
754-#: original/man8/ip6tables.8:242 original/man8/iptables.8:238
755-#, no-wrap
756-msgid "B<-h>"
757-msgstr ""
758-
759-#. type: Plain text
760-#: original/man8/ip6tables.8:246 original/man8/iptables.8:242
761-msgid "Help. Give a (currently very brief) description of the command syntax."
762-msgstr ""
763-
764-#. type: SS
765-#: original/man8/ip6tables.8:246 original/man8/iptables.8:242
766-#, no-wrap
767-msgid "PARAMETERS"
768-msgstr ""
769-
770-#. type: Plain text
771-#: original/man8/ip6tables.8:249 original/man8/iptables.8:245
772-msgid ""
773-"The following parameters make up a rule specification (as used in the add, "
774-"delete, insert, replace and append commands)."
775-msgstr ""
776-
777-#. type: TP
778-#: original/man8/ip6tables.8:249 original/man8/iptables.8:245
779-#, no-wrap
780-msgid "B<-4>, B<--ipv4>"
781-msgstr ""
782-
783-#. type: Plain text
784-#: original/man8/ip6tables.8:255
785-msgid ""
786-"If a rule using the B<-4> option is inserted with (and only with) "
787-"ip6tables-restore, it will be silently ignored. Any other uses will throw an "
788-"error. This option allows to put both IPv4 and IPv6 rules in a single rule "
789-"file for use with both iptables-restore and ip6tables-restore."
790-msgstr ""
791-
792-#. type: TP
793-#: original/man8/ip6tables.8:255 original/man8/iptables.8:248
794-#, no-wrap
795-msgid "B<-6>, B<--ipv6>"
796-msgstr ""
797-
798-#. type: Plain text
799-#: original/man8/ip6tables.8:258
800-msgid "This option has no effect in ip6tables and ip6tables-restore."
801-msgstr ""
802-
803-#. type: TP
804-#: original/man8/ip6tables.8:258 original/man8/iptables.8:254
805-#, no-wrap
806-msgid "[B<!>] B<-p>, B<--protocol> I<protocol>"
807-msgstr ""
808-
809-#. type: Plain text
810-#: original/man8/ip6tables.8:276
811-msgid ""
812-"The protocol of the rule or of the packet to check. The specified protocol "
813-"can be one of B<tcp>, B<udp>, B<udplite>, B<icmpv6>, B<esp>, B<mh> or the "
814-"special keyword \"B<all>\", or it can be a numeric value, representing one "
815-"of these protocols or a different one. A protocol name from /etc/protocols "
816-"is also allowed. But IPv6 extension headers except B<esp> are not allowed. "
817-"B<esp> and B<ipv6-nonext> can be used with Kernel version 2.6.11 or later. "
818-"A \"!\" argument before the protocol inverts the test. The number zero is "
819-"equivalent to B<all>, which means that you cannot test the protocol field "
820-"for the value 0 directly. To match on a HBH header, even if it were the "
821-"last, you cannot use B<-p 0>, but always need B<-m hbh>. \"B<all>\" will "
822-"match with all protocols and is taken as default when this option is "
823-"omitted."
824-msgstr ""
825-
826-#. type: TP
827-#: original/man8/ip6tables.8:276
828-#, no-wrap
829-msgid "[B<!>] B<-s>, B<--source> I<address>[B</>I<mask>]"
830-msgstr ""
831-
832-#. type: Plain text
833-#: original/man8/ip6tables.8:293
834-msgid ""
835-"Source specification. I<Address> can be either be a hostname, a network IP "
836-"address (with B</>I<mask>), or a plain IP address. Names will be resolved "
837-"once only, before the rule is submitted to the kernel. Please note that "
838-"specifying any name to be resolved with a remote query such as DNS is a "
839-"really bad idea. (Resolving network names is not supported at this time.) "
840-"The I<mask> is a plain number, specifying the number of 1's at the left side "
841-"of the network mask. A \"!\" argument before the address specification "
842-"inverts the sense of the address. The flag B<--src> is an alias for this "
843-"option. Multiple addresses can be specified, but this will B<expand to "
844-"multiple rules> (when adding with -A), or will cause multiple rules to be "
845-"deleted (with -D)."
846-msgstr ""
847-
848-#. type: TP
849-#: original/man8/ip6tables.8:293
850-#, no-wrap
851-msgid "[B<!>] B<-d>, B<--destination> I<address>[B</>I<mask>]"
852-msgstr ""
853-
854-#. type: Plain text
855-#: original/man8/ip6tables.8:299 original/man8/iptables.8:288
856-msgid ""
857-"Destination specification. See the description of the B<-s> (source) flag "
858-"for a detailed description of the syntax. The flag B<--dst> is an alias for "
859-"this option."
860-msgstr ""
861-
862-#. type: TP
863-#: original/man8/ip6tables.8:299 original/man8/iptables.8:288
864-#, no-wrap
865-msgid "B<-m>, B<--match> I<match>"
866-msgstr ""
867-
868-#. type: Plain text
869-#: original/man8/ip6tables.8:306 original/man8/iptables.8:295
870-msgid ""
871-"Specifies a match to use, that is, an extension module that tests for a "
872-"specific property. The set of matches make up the condition under which a "
873-"target is invoked. Matches are evaluated first to last as specified on the "
874-"command line and work in short-circuit fashion, i.e. if one extension yields "
875-"false, evaluation will stop."
876-msgstr ""
877-
878-#. type: TP
879-#: original/man8/ip6tables.8:306 original/man8/iptables.8:295
880-#, no-wrap
881-msgid "B<-j>, B<--jump> I<target>"
882-msgstr ""
883-
884-#. type: Plain text
885-#: original/man8/ip6tables.8:317 original/man8/iptables.8:306
886-msgid ""
887-"This specifies the target of the rule; i.e., what to do if the packet "
888-"matches it. The target can be a user-defined chain (other than the one this "
889-"rule is in), one of the special builtin targets which decide the fate of the "
890-"packet immediately, or an extension (see B<EXTENSIONS> below). If this "
891-"option is omitted in a rule (and B<-g> is not used), then matching the rule "
892-"will have no effect on the packet's fate, but the counters on the rule will "
893-"be incremented."
894-msgstr ""
895-
896-#. type: TP
897-#: original/man8/ip6tables.8:317 original/man8/iptables.8:306
898-#, no-wrap
899-msgid "B<-g>, B<--goto> I<chain>"
900-msgstr ""
901-
902-#. type: Plain text
903-#: original/man8/ip6tables.8:323 original/man8/iptables.8:312
904-msgid ""
905-"This specifies that the processing should continue in a user specified "
906-"chain. Unlike the --jump option return will not continue processing in this "
907-"chain but instead in the chain that called us via --jump."
908-msgstr ""
909-
910-#. type: TP
911-#: original/man8/ip6tables.8:323 original/man8/iptables.8:312
912-#, no-wrap
913-msgid "[B<!>] B<-i>, B<--in-interface> I<name>"
914-msgstr ""
915-
916-#. type: Plain text
917-#: original/man8/ip6tables.8:331 original/man8/iptables.8:320
918-msgid ""
919-"Name of an interface via which a packet was received (only for packets "
920-"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). When the \"!\" "
921-"argument is used before the interface name, the sense is inverted. If the "
922-"interface name ends in a \"+\", then any interface which begins with this "
923-"name will match. If this option is omitted, any interface name will match."
924-msgstr ""
925-
926-#. type: TP
927-#: original/man8/ip6tables.8:331 original/man8/iptables.8:320
928-#, no-wrap
929-msgid "[B<!>] B<-o>, B<--out-interface> I<name>"
930-msgstr ""
931-
932-#. type: Plain text
933-#: original/man8/ip6tables.8:348 original/man8/iptables.8:328
934-msgid ""
935-"Name of an interface via which a packet is going to be sent (for packets "
936-"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). When the "
937-"\"!\" argument is used before the interface name, the sense is inverted. If "
938-"the interface name ends in a \"+\", then any interface which begins with "
939-"this name will match. If this option is omitted, any interface name will "
940-"match."
941-msgstr ""
942-
943-#. type: TP
944-#: original/man8/ip6tables.8:348 original/man8/iptables.8:336
945-#, no-wrap
946-msgid "B<-c>, B<--set-counters> I<packets bytes>"
947-msgstr ""
948-
949-#. type: Plain text
950-#: original/man8/ip6tables.8:353 original/man8/iptables.8:341
951-msgid ""
952-"This enables the administrator to initialize the packet and byte counters of "
953-"a rule (during B<INSERT>, B<APPEND>, B<REPLACE> operations)."
954-msgstr ""
955-
956-#. type: SS
957-#: original/man8/ip6tables.8:353 original/man8/iptables.8:341
958-#, no-wrap
959-msgid "OTHER OPTIONS"
960-msgstr ""
961-
962-#. type: Plain text
963-#: original/man8/ip6tables.8:355 original/man8/iptables.8:343
964-msgid "The following additional options can be specified:"
965-msgstr ""
966-
967-#. type: Plain text
968-#: original/man8/ip6tables.8:365 original/man8/iptables.8:353
969-msgid ""
970-"Verbose output. This option makes the list command show the interface name, "
971-"the rule options (if any), and the TOS masks. The packet and byte counters "
972-"are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and "
973-"1,000,000,000 multipliers respectively (but see the B<-x> flag to change "
974-"this). For appending, insertion, deletion and replacement, this causes "
975-"detailed information on the rule or rules to be printed. B<-v> may be "
976-"specified multiple times to possibly emit more detailed debug statements."
977-msgstr ""
978-
979-#. type: TP
980-#: original/man8/ip6tables.8:365 original/man8/iptables.8:353
981-#, no-wrap
982-msgid "B<-n>, B<--numeric>"
983-msgstr ""
984-
985-#. type: Plain text
986-#: original/man8/ip6tables.8:371 original/man8/iptables.8:359
987-msgid ""
988-"Numeric output. IP addresses and port numbers will be printed in numeric "
989-"format. By default, the program will try to display them as host names, "
990-"network names, or services (whenever applicable)."
991-msgstr ""
992-
993-#. type: TP
994-#: original/man8/ip6tables.8:371 original/man8/iptables.8:359
995-#, no-wrap
996-msgid "B<-x>, B<--exact>"
997-msgstr ""
998-
999-#. type: Plain text
1000-#: original/man8/ip6tables.8:378 original/man8/iptables.8:366
1001-msgid ""
1002-"Expand numbers. Display the exact value of the packet and byte counters, "
1003-"instead of only the rounded number in K's (multiples of 1000) M's "
1004-"(multiples of 1000K) or G's (multiples of 1000M). This option is only "
1005-"relevant for the B<-L> command."
1006-msgstr ""
1007-
1008-#. type: TP
1009-#: original/man8/ip6tables.8:378 original/man8/iptables.8:366
1010-#, no-wrap
1011-msgid "B<--line-numbers>"
1012-msgstr ""
1013-
1014-#. type: Plain text
1015-#: original/man8/ip6tables.8:382 original/man8/iptables.8:370
1016-msgid ""
1017-"When listing rules, add line numbers to the beginning of each rule, "
1018-"corresponding to that rule's position in the chain."
1019-msgstr ""
1020-
1021-#. type: TP
1022-#: original/man8/ip6tables.8:382 original/man8/iptables.8:370
1023-#, no-wrap
1024-msgid "B<--modprobe=>I<command>"
1025-msgstr ""
1026-
1027-#. type: Plain text
1028-#: original/man8/ip6tables.8:386 original/man8/iptables.8:374
1029-msgid ""
1030-"When adding or inserting rules into a chain, use I<command> to load any "
1031-"necessary modules (targets, match extensions, etc)."
1032-msgstr ""
1033-
1034-#. type: SH
1035-#: original/man8/ip6tables.8:386 original/man8/iptables-extensions.8:10
1036-#, no-wrap
1037-msgid "MATCH EXTENSIONS"
1038-msgstr ""
1039-
1040-#. type: Plain text
1041-#: original/man8/ip6tables.8:390 original/man8/iptables.8:378
1042-msgid ""
1043-"iptables can use extended packet matching and target modules. A list of "
1044-"these is available in the B<iptables-extensions>(8) manpage."
1045-msgstr ""
1046-
1047-#. type: SH
1048-#: original/man8/ip6tables.8:390 original/man8/iptables.8:378
1049-#, no-wrap
1050-msgid "DIAGNOSTICS"
1051-msgstr ""
1052-
1053-#. type: Plain text
1054-#: original/man8/ip6tables.8:395 original/man8/iptables.8:383
1055-msgid ""
1056-"Various error messages are printed to standard error. The exit code is 0 "
1057-"for correct functioning. Errors which appear to be caused by invalid or "
1058-"abused command line parameters cause an exit code of 2, and other errors "
1059-"cause an exit code of 1."
1060-msgstr ""
1061-
1062-#. type: Plain text
1063-#: original/man8/ip6tables.8:398
1064-msgid "Bugs? What's this? ;-) Well... the counters are not reliable on sparc64."
1065-msgstr ""
1066-
1067-#. type: SH
1068-#: original/man8/ip6tables.8:398 original/man8/iptables.8:386
1069-#, no-wrap
1070-msgid "COMPATIBILITY WITH IPCHAINS"
1071-msgstr ""
1072-
1073-#. type: Plain text
1074-#: original/man8/ip6tables.8:407
1075-msgid ""
1076-"This B<ip6tables> is very similar to ipchains by Rusty Russell. The main "
1077-"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for "
1078-"packets coming into the local host and originating from the local host "
1079-"respectively. Hence every packet only passes through one of the three "
1080-"chains (except loopback traffic, which involves both INPUT and OUTPUT "
1081-"chains); previously a forwarded packet would pass through all three."
1082-msgstr ""
1083-
1084-#. type: Plain text
1085-#: original/man8/ip6tables.8:412
1086-msgid ""
1087-"The other main difference is that B<-i> refers to the input interface; B<-o> "
1088-"refers to the output interface, and both are available for packets entering "
1089-"the B<FORWARD> chain. There are several other changes in ip6tables."
1090-msgstr ""
1091-
1092-#. type: Plain text
1093-#: original/man8/ip6tables.8:421
1094-msgid ""
1095-"B<ip6tables-save>(8), B<ip6tables-restore>(8), B<iptables>(8), "
1096-"B<iptables-apply>(8), B<iptables-extensions>(8), B<iptables-save>(8), "
1097-"B<iptables-restore>(8), B<libipq>(3)."
1098-msgstr ""
1099-
1100-#. type: Plain text
1101-#: original/man8/ip6tables.8:427
1102-msgid ""
1103-"The packet-filtering-HOWTO details iptables usage for packet filtering, the "
1104-"netfilter-extensions-HOWTO details the extensions that are not in the "
1105-"standard distribution, and the netfilter-hacking-HOWTO details the netfilter "
1106-"internals."
1107-msgstr ""
1108-
1109-#. type: Plain text
1110-#: original/man8/ip6tables.8:430 original/man8/iptables.8:429
1111-msgid "See B<http://www.netfilter.org/>."
1112-msgstr ""
1113-
1114-#. type: Plain text
1115-#: original/man8/ip6tables.8:433
1116-msgid "Rusty Russell wrote iptables, in early consultation with Michael Neuling."
1117-msgstr ""
1118-
1119-#. type: Plain text
1120-#: original/man8/ip6tables.8:437 original/man8/iptables.8:436
1121-msgid ""
1122-"Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet "
1123-"selection framework in iptables, then wrote the mangle table, the owner "
1124-"match, the mark stuff, and ran around doing cool stuff everywhere."
1125-msgstr ""
1126-
1127-#. type: Plain text
1128-#: original/man8/ip6tables.8:439 original/man8/iptables.8:438
1129-msgid "James Morris wrote the TOS target, and tos match."
1130-msgstr ""
1131-
1132-#. type: Plain text
1133-#: original/man8/ip6tables.8:441 original/man8/iptables.8:440
1134-msgid "Jozsef Kadlecsik wrote the REJECT target."
1135-msgstr ""
1136-
1137-#. type: Plain text
1138-#: original/man8/ip6tables.8:443
1139-msgid ""
1140-"Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as "
1141-"TTL match+target and libipulog."
1142-msgstr ""
1143-
1144-#. type: Plain text
1145-#: original/man8/ip6tables.8:447 original/man8/iptables.8:446
1146-msgid ""
1147-"The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Yasuyuki "
1148-"Kozakai, Jozsef Kadlecsik, Patrick McHardy, James Morris, Pablo Neira Ayuso, "
1149-"Harald Welte and Rusty Russell."
1150-msgstr ""
1151-
1152-#. .. and did I mention that we are incredibly cool people?
1153-#. .. sexy, too ..
1154-#. .. witty, charming, powerful ..
1155-#. .. and most of all, modest ..
1156-#. type: Plain text
1157-#: original/man8/ip6tables.8:454
1158-msgid ""
1159-"ip6tables man page created by Andras Kis-Szabo, based on iptables man page "
1160-"written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
1161-msgstr ""
1162-
1163-#. type: SH
1164-#: original/man8/ip6tables.8:454 original/man8/iptables.8:452
1165-#, no-wrap
1166-msgid "VERSION"
1167-msgstr ""
1168-
1169-#. type: Plain text
1170-#: original/man8/ip6tables.8:456
1171-msgid "This manual page applies to ip6tables 1.4.18."
1172-msgstr ""
1173-
1174-#. type: TH
1175-#: original/man8/iptables-restore.8:1
1176-#, no-wrap
1177-msgid "IPTABLES-RESTORE"
1178-msgstr ""
1179-
1180-#. type: TH
1181-#: original/man8/iptables-restore.8:1 original/man8/iptables-save.8:1
1182-#, no-wrap
1183-msgid "Jan 04, 2001"
1184-msgstr ""
1185-
1186-#. type: Plain text
1187-#: original/man8/iptables-restore.8:23
1188-msgid "iptables-restore \\(em Restore IP Tables"
1189-msgstr ""
1190-
1191-#. type: Plain text
1192-#: original/man8/iptables-restore.8:26
1193-msgid "B<iptables-restore> [B<-chntv>] [B<-M> I<modprobe>] [B<-T> I<name>]"
1194-msgstr ""
1195-
1196-#. type: Plain text
1197-#: original/man8/iptables-restore.8:31
1198-msgid ""
1199-"B<iptables-restore> is used to restore IP Tables from data specified on "
1200-"STDIN. Use I/O redirection provided by your shell to read from a file"
1201-msgstr ""
1202-
1203-#. type: Plain text
1204-#: original/man8/iptables-restore.8:42
1205-msgid ""
1206-"don't flush the previous contents of the table. If not specified, "
1207-"B<iptables-restore> flushes (deletes) all previous contents of the "
1208-"respective table."
1209-msgstr ""
1210-
1211-#. type: Plain text
1212-#: original/man8/iptables-restore.8:52
1213-msgid ""
1214-"Specify the path to the modprobe program. By default, iptables-restore will "
1215-"inspect /proc/sys/kernel/modprobe to determine the executable's path."
1216-msgstr ""
1217-
1218-#. type: Plain text
1219-#: original/man8/iptables-restore.8:55
1220-msgid "Restore only the named table even if the input stream contains other ones."
1221-msgstr ""
1222-
1223-#. type: SH
1224-#: original/man8/iptables-restore.8:57 original/man8/iptables-save.8:44 original/man1/iptables-xml.1:84
1225-#, no-wrap
1226-msgid "AUTHOR"
1227-msgstr ""
1228-
1229-#. type: Plain text
1230-#: original/man8/iptables-restore.8:61
1231-msgid "B<iptables-save>(8), B<iptables>(8)"
1232-msgstr ""
1233-
1234-#. type: TH
1235-#: original/man8/iptables-save.8:1
1236-#, no-wrap
1237-msgid "IPTABLES-SAVE"
1238-msgstr ""
1239-
1240-#. type: Plain text
1241-#: original/man8/iptables-save.8:23
1242-msgid "iptables-save \\(em dump iptables rules to stdout"
1243-msgstr ""
1244-
1245-#. type: Plain text
1246-#: original/man8/iptables-save.8:26
1247-msgid "B<iptables-save> [B<-M> I<modprobe>] [B<-c>] [B<-t> I<table>]"
1248-msgstr ""
1249-
1250-#. type: Plain text
1251-#: original/man8/iptables-save.8:31
1252-msgid ""
1253-"B<iptables-save> is used to dump the contents of an IP Table in easily "
1254-"parseable format to STDOUT. Use I/O-redirection provided by your shell to "
1255-"write to a file."
1256-msgstr ""
1257-
1258-#. type: Plain text
1259-#: original/man8/iptables-save.8:48
1260-msgid "B<iptables-restore>(8), B<iptables>(8)"
1261-msgstr ""
1262-
1263-#. type: TH
1264-#: original/man8/iptables.8:1
1265-#, no-wrap
1266-msgid "IPTABLES"
1267-msgstr ""
1268-
1269-#. type: Plain text
1270-#: original/man8/iptables.8:27
1271-msgid "iptables \\(em administration tool for IPv4 packet filtering and NAT"
1272-msgstr ""
1273-
1274-#. type: Plain text
1275-#: original/man8/iptables.8:30
1276-msgid ""
1277-"B<iptables> [B<-t> I<table>] {B<-A>|B<-C>|B<-D>} I<chain> "
1278-"I<rule-specification>"
1279-msgstr ""
1280-
1281-#. type: Plain text
1282-#: original/man8/iptables.8:32
1283-msgid ""
1284-"B<iptables> [B<-t> I<table>] B<-I> I<chain> [I<rulenum>] "
1285-"I<rule-specification>"
1286-msgstr ""
1287-
1288-#. type: Plain text
1289-#: original/man8/iptables.8:34
1290-msgid "B<iptables> [B<-t> I<table>] B<-R> I<chain rulenum rule-specification>"
1291-msgstr ""
1292-
1293-#. type: Plain text
1294-#: original/man8/iptables.8:36
1295-msgid "B<iptables> [B<-t> I<table>] B<-D> I<chain rulenum>"
1296-msgstr ""
1297-
1298-#. type: Plain text
1299-#: original/man8/iptables.8:38
1300-msgid "B<iptables> [B<-t> I<table>] B<-S> [I<chain> [I<rulenum>]]"
1301-msgstr ""
1302-
1303-#. type: Plain text
1304-#: original/man8/iptables.8:40
1305-msgid ""
1306-"B<iptables> [B<-t> I<table>] {B<-F>|B<-L>|B<-Z>} [I<chain> [I<rulenum>]] "
1307-"[I<options...>]"
1308-msgstr ""
1309-
1310-#. type: Plain text
1311-#: original/man8/iptables.8:42
1312-msgid "B<iptables> [B<-t> I<table>] B<-N> I<chain>"
1313-msgstr ""
1314-
1315-#. type: Plain text
1316-#: original/man8/iptables.8:44
1317-msgid "B<iptables> [B<-t> I<table>] B<-X> [I<chain>]"
1318-msgstr ""
1319-
1320-#. type: Plain text
1321-#: original/man8/iptables.8:46
1322-msgid "B<iptables> [B<-t> I<table>] B<-P> I<chain target>"
1323-msgstr ""
1324-
1325-#. type: Plain text
1326-#: original/man8/iptables.8:48
1327-msgid "B<iptables> [B<-t> I<table>] B<-E> I<old-chain-name new-chain-name>"
1328-msgstr ""
1329-
1330-#. type: Plain text
1331-#: original/man8/iptables.8:50
1332-msgid "rule-specification = [I<matches...>] [I<target>]"
1333-msgstr ""
1334-
1335-#. type: Plain text
1336-#: original/man8/iptables.8:52
1337-msgid "match = B<-m> I<matchname> [I<per-match-options>]"
1338-msgstr ""
1339-
1340-#. type: Plain text
1341-#: original/man8/iptables.8:54
1342-msgid "target = B<-j> I<targetname> [I<per-target-options>]"
1343-msgstr ""
1344-
1345-#. type: Plain text
1346-#: original/man8/iptables.8:60
1347-msgid ""
1348-"B<Iptables> is used to set up, maintain, and inspect the tables of IPv4 "
1349-"packet filter rules in the Linux kernel. Several different tables may be "
1350-"defined. Each table contains a number of built-in chains and may also "
1351-"contain user-defined chains."
1352-msgstr ""
1353-
1354-#. type: Plain text
1355-#: original/man8/iptables.8:114
1356-msgid ""
1357-"This table is consulted when a packet that creates a new connection is "
1358-"encountered. It consists of three built-ins: B<PREROUTING> (for altering "
1359-"packets as soon as they come in), B<OUTPUT> (for altering locally-generated "
1360-"packets before routing), and B<POSTROUTING> (for altering packets as they "
1361-"are about to go out)."
1362-msgstr ""
1363-
1364-#. type: Plain text
1365-#: original/man8/iptables.8:147
1366-msgid ""
1367-"The options that are recognized by B<iptables> can be divided into several "
1368-"different groups."
1369-msgstr ""
1370-
1371-#. type: Plain text
1372-#: original/man8/iptables.8:153
1373-msgid ""
1374-"These options specify the desired action to perform. Only one of them can be "
1375-"specified on the command line unless otherwise stated below. For long "
1376-"versions of the command and option names, you need to use only enough "
1377-"letters to ensure that B<iptables> can differentiate it from all other "
1378-"options."
1379-msgstr ""
1380-
1381-#. type: Plain text
1382-#: original/man8/iptables.8:188
1383-msgid ""
1384-"List all rules in the selected chain. If no chain is selected, all chains "
1385-"are listed. Like every other iptables command, it applies to the specified "
1386-"table (filter is the default), so NAT rules get listed by"
1387-msgstr ""
1388-
1389-#. type: Plain text
1390-#: original/man8/iptables.8:190
1391-#, no-wrap
1392-msgid " iptables -t nat -n -L\n"
1393-msgstr ""
1394-
1395-#. type: Plain text
1396-#: original/man8/iptables.8:199
1397-#, no-wrap
1398-msgid " iptables -L -v\n"
1399-msgstr ""
1400-
1401-#. type: Plain text
1402-#: original/man8/iptables.8:205
1403-msgid ""
1404-"Print all rules in the selected chain. If no chain is selected, all chains "
1405-"are printed like iptables-save. Like every other iptables command, it "
1406-"applies to the specified table (filter is the default)."
1407-msgstr ""
1408-
1409-#. type: Plain text
1410-#: original/man8/iptables.8:248
1411-msgid "This option has no effect in iptables and iptables-restore."
1412-msgstr ""
1413-
1414-#. type: Plain text
1415-#: original/man8/iptables.8:254
1416-msgid ""
1417-"If a rule using the B<-6> option is inserted with (and only with) "
1418-"iptables-restore, it will be silently ignored. Any other uses will throw an "
1419-"error. This option allows to put both IPv4 and IPv6 rules in a single rule "
1420-"file for use with both iptables-restore and ip6tables-restore."
1421-msgstr ""
1422-
1423-#. type: Plain text
1424-#: original/man8/iptables.8:265
1425-msgid ""
1426-"The protocol of the rule or of the packet to check. The specified protocol "
1427-"can be one of B<tcp>, B<udp>, B<udplite>, B<icmp>, B<esp>, B<ah>, B<sctp> or "
1428-"the special keyword \"B<all>\", or it can be a numeric value, representing "
1429-"one of these protocols or a different one. A protocol name from "
1430-"/etc/protocols is also allowed. A \"!\" argument before the protocol "
1431-"inverts the test. The number zero is equivalent to B<all>. \"B<all>\" will "
1432-"match with all protocols and is taken as default when this option is "
1433-"omitted."
1434-msgstr ""
1435-
1436-#. type: TP
1437-#: original/man8/iptables.8:265
1438-#, no-wrap
1439-msgid "[B<!>] B<-s>, B<--source> I<address>[B</>I<mask>][B<,>I<...>]"
1440-msgstr ""
1441-
1442-#. type: Plain text
1443-#: original/man8/iptables.8:282
1444-msgid ""
1445-"Source specification. I<Address> can be either a network name, a hostname, a "
1446-"network IP address (with B</>I<mask>), or a plain IP address. Hostnames will "
1447-"be resolved once only, before the rule is submitted to the kernel. Please "
1448-"note that specifying any name to be resolved with a remote query such as DNS "
1449-"is a really bad idea. The I<mask> can be either a network mask or a plain "
1450-"number, specifying the number of 1's at the left side of the network mask. "
1451-"Thus, a mask of I<24> is equivalent to I<255.255.255.0>. A \"!\" argument "
1452-"before the address specification inverts the sense of the address. The flag "
1453-"B<--src> is an alias for this option. Multiple addresses can be specified, "
1454-"but this will B<expand to multiple rules> (when adding with -A), or will "
1455-"cause multiple rules to be deleted (with -D)."
1456-msgstr ""
1457-
1458-#. type: TP
1459-#: original/man8/iptables.8:282
1460-#, no-wrap
1461-msgid "[B<!>] B<-d>, B<--destination> I<address>[B</>I<mask>][B<,>I<...>]"
1462-msgstr ""
1463-
1464-#. type: TP
1465-#: original/man8/iptables.8:328
1466-#, no-wrap
1467-msgid "[B<!>] B<-f>, B<--fragment>"
1468-msgstr ""
1469-
1470-#. type: Plain text
1471-#: original/man8/iptables.8:336
1472-msgid ""
1473-"This means that the rule only refers to second and further fragments of "
1474-"fragmented packets. Since there is no way to tell the source or destination "
1475-"ports of such a packet (or ICMP type), such a packet will not match any "
1476-"rules which specify them. When the \"!\" argument precedes the \"-f\" flag, "
1477-"the rule will only match head fragments, or unfragmented packets."
1478-msgstr ""
1479-
1480-#. type: SH
1481-#: original/man8/iptables.8:374
1482-#, no-wrap
1483-msgid "MATCH AND TARGET EXTENSIONS"
1484-msgstr ""
1485-
1486-#. type: Plain text
1487-#: original/man8/iptables.8:386
1488-msgid ""
1489-"Bugs? What's this? ;-) Well, you might want to have a look at "
1490-"http://bugzilla.netfilter.org/"
1491-msgstr ""
1492-
1493-#. type: Plain text
1494-#: original/man8/iptables.8:395
1495-msgid ""
1496-"This B<iptables> is very similar to ipchains by Rusty Russell. The main "
1497-"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for "
1498-"packets coming into the local host and originating from the local host "
1499-"respectively. Hence every packet only passes through one of the three "
1500-"chains (except loopback traffic, which involves both INPUT and OUTPUT "
1501-"chains); previously a forwarded packet would pass through all three."
1502-msgstr ""
1503-
1504-#. type: Plain text
1505-#: original/man8/iptables.8:399
1506-msgid ""
1507-"The other main difference is that B<-i> refers to the input interface; B<-o> "
1508-"refers to the output interface, and both are available for packets entering "
1509-"the B<FORWARD> chain."
1510-msgstr ""
1511-
1512-#. type: Plain text
1513-#: original/man8/iptables.8:405
1514-msgid ""
1515-"The various forms of NAT have been separated out; B<iptables> is a pure "
1516-"packet filter when using the default `filter' table, with optional extension "
1517-"modules. This should simplify much of the previous confusion over the "
1518-"combination of IP masquerading and packet filtering seen previously. So the "
1519-"following options are handled differently:"
1520-msgstr ""
1521-
1522-#. type: Plain text
1523-#: original/man8/iptables.8:409
1524-#, no-wrap
1525-msgid ""
1526-" -j MASQ\n"
1527-" -M -S\n"
1528-" -M -L\n"
1529-msgstr ""
1530-
1531-#. type: Plain text
1532-#: original/man8/iptables.8:411
1533-msgid "There are several other changes in iptables."
1534-msgstr ""
1535-
1536-#. type: Plain text
1537-#: original/man8/iptables.8:420
1538-msgid ""
1539-"B<iptables-apply>(8), B<iptables-save>(8), B<iptables-restore>(8), "
1540-"B<iptables-extensions>(8), B<ip6tables>(8), B<ip6tables-save>(8), "
1541-"B<ip6tables-restore>(8), B<libipq>(3)."
1542-msgstr ""
1543-
1544-#. type: Plain text
1545-#: original/man8/iptables.8:426
1546-msgid ""
1547-"The packet-filtering-HOWTO details iptables usage for packet filtering, the "
1548-"NAT-HOWTO details NAT, the netfilter-extensions-HOWTO details the extensions "
1549-"that are not in the standard distribution, and the netfilter-hacking-HOWTO "
1550-"details the netfilter internals."
1551-msgstr ""
1552-
1553-#. type: Plain text
1554-#: original/man8/iptables.8:432
1555-msgid ""
1556-"Rusty Russell originally wrote iptables, in early consultation with Michael "
1557-"Neuling."
1558-msgstr ""
1559-
1560-#. type: Plain text
1561-#: original/man8/iptables.8:442
1562-msgid ""
1563-"Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as "
1564-"the TTL, DSCP, ECN matches and targets."
1565-msgstr ""
1566-
1567-#. .. and did I mention that we are incredibly cool people?
1568-#. .. sexy, too ..
1569-#. .. witty, charming, powerful ..
1570-#. .. and most of all, modest ..
1571-#. type: Plain text
1572-#: original/man8/iptables.8:452
1573-msgid "Man page originally written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
1574-msgstr ""
1575-
1576-#. type: Plain text
1577-#: original/man8/iptables.8:454
1578-msgid "This manual page applies to iptables 1.4.18."
1579-msgstr ""
1580-
1581-#. type: TH
1582-#: original/man8/iptables-extensions.8:1
1583-#, no-wrap
1584-msgid "iptables-extensions"
1585-msgstr ""
1586-
1587-#. type: Plain text
1588-#: original/man8/iptables-extensions.8:4
1589-msgid ""
1590-"iptables-extensions \\(em list of extensions in the standard iptables "
1591-"distribution"
1592-msgstr ""
1593-
1594-#. type: Plain text
1595-#: original/man8/iptables-extensions.8:7
1596-msgid ""
1597-"B<ip6tables> [B<-m> I<name> [I<module-options>...]] [B<-j> I<target-name> "
1598-"[I<target-options>...]"
1599-msgstr ""
1600-
1601-#. type: Plain text
1602-#: original/man8/iptables-extensions.8:10
1603-msgid ""
1604-"B<iptables> [B<-m> I<name> [I<module-options>...]] [B<-j> I<target-name> "
1605-"[I<target-options>...]"
1606-msgstr ""
1607-
1608-#. type: Plain text
1609-#: original/man8/iptables-extensions.8:20
1610-msgid ""
1611-"iptables can use extended packet matching modules with the B<-m> or "
1612-"B<--match> options, followed by the matching module name; after these, "
1613-"various extra command line options become available, depending on the "
1614-"specific module. You can specify multiple extended match modules in one "
1615-"line, and you can use the B<-h> or B<--help> options after the module has "
1616-"been specified to receive help specific to that module. The extended match "
1617-"modules are evaluated in the order they are specified in the rule."
1618-msgstr ""
1619-
1620-#. @MATCH@
1621-#. type: Plain text
1622-#: original/man8/iptables-extensions.8:25
1623-msgid ""
1624-"If the B<-p> or B<--protocol> was specified and if and only if an unknown "
1625-"option is encountered, iptables will try load a match module of the same "
1626-"name as the protocol, to try making the option available."
1627-msgstr ""
1628-
1629-#. type: SS
1630-#: original/man8/iptables-extensions.8:25
1631-#, no-wrap
1632-msgid "addrtype"
1633-msgstr ""
1634-
1635-#. type: Plain text
1636-#: original/man8/iptables-extensions.8:30
1637-msgid ""
1638-"This module matches packets based on their B<address type.> Address types "
1639-"are used within the kernel networking stack and categorize addresses into "
1640-"various groups. The exact definition of that group depends on the specific "
1641-"layer three protocol."
1642-msgstr ""
1643-
1644-#. type: Plain text
1645-#: original/man8/iptables-extensions.8:32
1646-msgid "The following address types are possible:"
1647-msgstr ""
1648-
1649-#. type: TP
1650-#: original/man8/iptables-extensions.8:32
1651-#, no-wrap
1652-msgid "B<UNSPEC>"
1653-msgstr ""
1654-
1655-#. type: Plain text
1656-#: original/man8/iptables-extensions.8:35
1657-msgid "an unspecified address (i.e. 0.0.0.0)"
1658-msgstr ""
1659-
1660-#. type: TP
1661-#: original/man8/iptables-extensions.8:35
1662-#, no-wrap
1663-msgid "B<UNICAST>"
1664-msgstr ""
1665-
1666-#. type: Plain text
1667-#: original/man8/iptables-extensions.8:38
1668-msgid "an unicast address"
1669-msgstr ""
1670-
1671-#. type: TP
1672-#: original/man8/iptables-extensions.8:38
1673-#, no-wrap
1674-msgid "B<LOCAL>"
1675-msgstr ""
1676-
1677-#. type: Plain text
1678-#: original/man8/iptables-extensions.8:41
1679-msgid "a local address"
1680-msgstr ""
1681-
1682-#. type: TP
1683-#: original/man8/iptables-extensions.8:41
1684-#, no-wrap
1685-msgid "B<BROADCAST>"
1686-msgstr ""
1687-
1688-#. type: Plain text
1689-#: original/man8/iptables-extensions.8:44
1690-msgid "a broadcast address"
1691-msgstr ""
1692-
1693-#. type: TP
1694-#: original/man8/iptables-extensions.8:44
1695-#, no-wrap
1696-msgid "B<ANYCAST>"
1697-msgstr ""
1698-
1699-#. type: Plain text
1700-#: original/man8/iptables-extensions.8:47
1701-msgid "an anycast packet"
1702-msgstr ""
1703-
1704-#. type: TP
1705-#: original/man8/iptables-extensions.8:47
1706-#, no-wrap
1707-msgid "B<MULTICAST>"
1708-msgstr ""
1709-
1710-#. type: Plain text
1711-#: original/man8/iptables-extensions.8:50
1712-msgid "a multicast address"
1713-msgstr ""
1714-
1715-#. type: TP
1716-#: original/man8/iptables-extensions.8:50
1717-#, no-wrap
1718-msgid "B<BLACKHOLE>"
1719-msgstr ""
1720-
1721-#. type: Plain text
1722-#: original/man8/iptables-extensions.8:53
1723-msgid "a blackhole address"
1724-msgstr ""
1725-
1726-#. type: TP
1727-#: original/man8/iptables-extensions.8:53
1728-#, no-wrap
1729-msgid "B<UNREACHABLE>"
1730-msgstr ""
1731-
1732-#. type: Plain text
1733-#: original/man8/iptables-extensions.8:56
1734-msgid "an unreachable address"
1735-msgstr ""
1736-
1737-#. type: TP
1738-#: original/man8/iptables-extensions.8:56
1739-#, no-wrap
1740-msgid "B<PROHIBIT>"
1741-msgstr ""
1742-
1743-#. type: Plain text
1744-#: original/man8/iptables-extensions.8:59
1745-msgid "a prohibited address"
1746-msgstr ""
1747-
1748-#. type: TP
1749-#: original/man8/iptables-extensions.8:59
1750-#, no-wrap
1751-msgid "B<THROW>"
1752-msgstr ""
1753-
1754-#. type: Plain text
1755-#: original/man8/iptables-extensions.8:62 original/man8/iptables-extensions.8:65
1756-msgid "FIXME"
1757-msgstr ""
1758-
1759-#. type: TP
1760-#: original/man8/iptables-extensions.8:62
1761-#, no-wrap
1762-msgid "B<NAT>"
1763-msgstr ""
1764-
1765-#. type: TP
1766-#: original/man8/iptables-extensions.8:65
1767-#, no-wrap
1768-msgid "B<XRESOLVE>"
1769-msgstr ""
1770-
1771-#. type: TP
1772-#: original/man8/iptables-extensions.8:67
1773-#, no-wrap
1774-msgid "[B<!>] B<--src-type> I<type>"
1775-msgstr ""
1776-
1777-#. type: Plain text
1778-#: original/man8/iptables-extensions.8:70
1779-msgid "Matches if the source address is of given type"
1780-msgstr ""
1781-
1782-#. type: TP
1783-#: original/man8/iptables-extensions.8:70
1784-#, no-wrap
1785-msgid "[B<!>] B<--dst-type> I<type>"
1786-msgstr ""
1787-
1788-#. type: Plain text
1789-#: original/man8/iptables-extensions.8:73
1790-msgid "Matches if the destination address is of given type"
1791-msgstr ""
1792-
1793-#. type: TP
1794-#: original/man8/iptables-extensions.8:73
1795-#, no-wrap
1796-msgid "B<--limit-iface-in>"
1797-msgstr ""
1798-
1799-#. type: Plain text
1800-#: original/man8/iptables-extensions.8:84
1801-msgid ""
1802-"The address type checking can be limited to the interface the packet is "
1803-"coming in. This option is only valid in the B<PREROUTING>, B<INPUT> and "
1804-"B<FORWARD> chains. It cannot be specified with the B<--limit-iface-out> "
1805-"option."
1806-msgstr ""
1807-
1808-#. type: TP
1809-#: original/man8/iptables-extensions.8:84
1810-#, no-wrap
1811-msgid "B<--limit-iface-out>"
1812-msgstr ""
1813-
1814-#. type: Plain text
1815-#: original/man8/iptables-extensions.8:95
1816-msgid ""
1817-"The address type checking can be limited to the interface the packet is "
1818-"going out. This option is only valid in the B<POSTROUTING>, B<OUTPUT> and "
1819-"B<FORWARD> chains. It cannot be specified with the B<--limit-iface-in> "
1820-"option."
1821-msgstr ""
1822-
1823-#. type: SS
1824-#: original/man8/iptables-extensions.8:95
1825-#, no-wrap
1826-msgid "ah (IPv6-specific)"
1827-msgstr ""
1828-
1829-#. type: Plain text
1830-#: original/man8/iptables-extensions.8:97
1831-msgid ""
1832-"This module matches the parameters in Authentication header of IPsec "
1833-"packets."
1834-msgstr ""
1835-
1836-#. type: TP
1837-#: original/man8/iptables-extensions.8:97 original/man8/iptables-extensions.8:108
1838-#, no-wrap
1839-msgid "[B<!>] B<--ahspi> I<spi>[B<:>I<spi>]"
1840-msgstr ""
1841-
1842-#. type: Plain text
1843-#: original/man8/iptables-extensions.8:100
1844-msgid "Matches SPI."
1845-msgstr ""
1846-
1847-#. type: TP
1848-#: original/man8/iptables-extensions.8:100
1849-#, no-wrap
1850-msgid "[B<!>] B<--ahlen> I<length>"
1851-msgstr ""
1852-
1853-#. type: Plain text
1854-#: original/man8/iptables-extensions.8:103 original/man8/iptables-extensions.8:407 original/man8/iptables-extensions.8:540
1855-msgid "Total length of this header in octets."
1856-msgstr ""
1857-
1858-#. type: TP
1859-#: original/man8/iptables-extensions.8:103
1860-#, no-wrap
1861-msgid "B<--ahres>"
1862-msgstr ""
1863-
1864-#. type: Plain text
1865-#: original/man8/iptables-extensions.8:106
1866-msgid "Matches if the reserved field is filled with zero."
1867-msgstr ""
1868-
1869-#. type: SS
1870-#: original/man8/iptables-extensions.8:106
1871-#, no-wrap
1872-msgid "ah (IPv4-specific)"
1873-msgstr ""
1874-
1875-#. type: Plain text
1876-#: original/man8/iptables-extensions.8:108
1877-msgid "This module matches the SPIs in Authentication header of IPsec packets."
1878-msgstr ""
1879-
1880-#. type: SS
1881-#: original/man8/iptables-extensions.8:110
1882-#, no-wrap
1883-msgid "cluster"
1884-msgstr ""
1885-
1886-#. type: Plain text
1887-#: original/man8/iptables-extensions.8:113
1888-msgid ""
1889-"Allows you to deploy gateway and back-end load-sharing clusters without the "
1890-"need of load-balancers."
1891-msgstr ""
1892-
1893-#. type: Plain text
1894-#: original/man8/iptables-extensions.8:116
1895-msgid ""
1896-"This match requires that all the nodes see the same packets. Thus, the "
1897-"cluster match decides if this node has to handle a packet given the "
1898-"following options:"
1899-msgstr ""
1900-
1901-#. type: TP
1902-#: original/man8/iptables-extensions.8:116
1903-#, no-wrap
1904-msgid "B<--cluster-total-nodes> I<num>"
1905-msgstr ""
1906-
1907-#. type: Plain text
1908-#: original/man8/iptables-extensions.8:119
1909-msgid "Set number of total nodes in cluster."
1910-msgstr ""
1911-
1912-#. type: TP
1913-#: original/man8/iptables-extensions.8:119
1914-#, no-wrap
1915-msgid "[B<!>] B<--cluster-local-node> I<num>"
1916-msgstr ""
1917-
1918-#. type: Plain text
1919-#: original/man8/iptables-extensions.8:122
1920-msgid "Set the local node number ID."
1921-msgstr ""
1922-
1923-#. type: TP
1924-#: original/man8/iptables-extensions.8:122
1925-#, no-wrap
1926-msgid "[B<!>] B<--cluster-local-nodemask> I<mask>"
1927-msgstr ""
1928-
1929-#. type: Plain text
1930-#: original/man8/iptables-extensions.8:126
1931-msgid ""
1932-"Set the local node number ID mask. You can use this option instead of "
1933-"B<--cluster-local-node>."
1934-msgstr ""
1935-
1936-#. type: TP
1937-#: original/man8/iptables-extensions.8:126
1938-#, no-wrap
1939-msgid "B<--cluster-hash-seed> I<value>"
1940-msgstr ""
1941-
1942-#. type: Plain text
1943-#: original/man8/iptables-extensions.8:129
1944-msgid "Set seed value of the Jenkins hash."
1945-msgstr ""
1946-
1947-#. type: TP
1948-#: original/man8/iptables-extensions.8:131 original/man8/iptables-extensions.8:177 original/man8/iptables-extensions.8:214 original/man8/iptables-extensions.8:362 original/man8/iptables-extensions.8:1588 original/man8/iptables-extensions.8:1636 original/man8/iptables-extensions.8:1685 original/man8/iptables-extensions.8:2016
1949-#, no-wrap
1950-msgid "Example:"
1951-msgstr ""
1952-
1953-#. type: Plain text
1954-#: original/man8/iptables-extensions.8:136
1955-msgid ""
1956-"iptables -A PREROUTING -t mangle -i eth1 -m cluster --cluster-total-nodes 2 "
1957-"--cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark "
1958-"0xffff"
1959-msgstr ""
1960-
1961-#. type: Plain text
1962-#: original/man8/iptables-extensions.8:141
1963-msgid ""
1964-"iptables -A PREROUTING -t mangle -i eth2 -m cluster --cluster-total-nodes 2 "
1965-"--cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark "
1966-"0xffff"
1967-msgstr ""
1968-
1969-#. type: Plain text
1970-#: original/man8/iptables-extensions.8:144
1971-msgid "iptables -A PREROUTING -t mangle -i eth1 -m mark ! --mark 0xffff -j DROP"
1972-msgstr ""
1973-
1974-#. type: Plain text
1975-#: original/man8/iptables-extensions.8:147
1976-msgid "iptables -A PREROUTING -t mangle -i eth2 -m mark ! --mark 0xffff -j DROP"
1977-msgstr ""
1978-
1979-#. type: Plain text
1980-#: original/man8/iptables-extensions.8:149
1981-msgid "And the following commands to make all nodes see the same packets:"
1982-msgstr ""
1983-
1984-#. type: Plain text
1985-#: original/man8/iptables-extensions.8:151
1986-msgid "ip maddr add 01:00:5e:00:01:01 dev eth1"
1987-msgstr ""
1988-
1989-#. type: Plain text
1990-#: original/man8/iptables-extensions.8:153
1991-msgid "ip maddr add 01:00:5e:00:01:02 dev eth2"
1992-msgstr ""
1993-
1994-#. type: Plain text
1995-#: original/man8/iptables-extensions.8:156
1996-msgid ""
1997-"arptables -A OUTPUT -o eth1 --h-length 6 -j mangle --mangle-mac-s "
1998-"01:00:5e:00:01:01"
1999-msgstr ""
2000-
2001-#. type: Plain text
2002-#: original/man8/iptables-extensions.8:160
2003-msgid ""
2004-"arptables -A INPUT -i eth1 --h-length 6 --destination-mac 01:00:5e:00:01:01 "
2005-"-j mangle --mangle-mac-d 00:zz:yy:xx:5a:27"
2006-msgstr ""
2007-
2008-#. type: Plain text
2009-#: original/man8/iptables-extensions.8:163
2010-msgid ""
2011-"arptables -A OUTPUT -o eth2 --h-length 6 -j mangle --mangle-mac-s "
2012-"01:00:5e:00:01:02"
2013-msgstr ""
2014-
2015-#. type: Plain text
2016-#: original/man8/iptables-extensions.8:167
2017-msgid ""
2018-"arptables -A INPUT -i eth2 --h-length 6 --destination-mac 01:00:5e:00:01:02 "
2019-"-j mangle --mangle-mac-d 00:zz:yy:xx:5a:27"
2020-msgstr ""
2021-
2022-#. type: Plain text
2023-#: original/man8/iptables-extensions.8:171
2024-msgid ""
2025-"In the case of TCP connections, pickup facility has to be disabled to avoid "
2026-"marking TCP ACK packets coming in the reply direction as valid."
2027-msgstr ""
2028-
2029-#. type: Plain text
2030-#: original/man8/iptables-extensions.8:173
2031-msgid "echo 0 E<gt> /proc/sys/net/netfilter/nf_conntrack_tcp_loose"
2032-msgstr ""
2033-
2034-#. type: SS
2035-#: original/man8/iptables-extensions.8:173
2036-#, no-wrap
2037-msgid "comment"
2038-msgstr ""
2039-
2040-#. type: Plain text
2041-#: original/man8/iptables-extensions.8:175
2042-msgid "Allows you to add comments (up to 256 characters) to any rule."
2043-msgstr ""
2044-
2045-#. type: TP
2046-#: original/man8/iptables-extensions.8:175
2047-#, no-wrap
2048-msgid "B<--comment> I<comment>"
2049-msgstr ""
2050-
2051-#. type: Plain text
2052-#: original/man8/iptables-extensions.8:180
2053-msgid "iptables -A INPUT -i eth1 -m comment --comment \"my local LAN\""
2054-msgstr ""
2055-
2056-#. type: SS
2057-#: original/man8/iptables-extensions.8:180
2058-#, no-wrap
2059-msgid "connbytes"
2060-msgstr ""
2061-
2062-#. type: Plain text
2063-#: original/man8/iptables-extensions.8:184
2064-msgid ""
2065-"Match by how many bytes or packets a connection (or one of the two flows "
2066-"constituting the connection) has transferred so far, or by average bytes per "
2067-"packet."
2068-msgstr ""
2069-
2070-#. type: Plain text
2071-#: original/man8/iptables-extensions.8:186
2072-msgid "The counters are 64-bit and are thus not expected to overflow ;)"
2073-msgstr ""
2074-
2075-#. type: Plain text
2076-#: original/man8/iptables-extensions.8:189
2077-msgid ""
2078-"The primary use is to detect long-lived downloads and mark them to be "
2079-"scheduled using a lower priority band in traffic control."
2080-msgstr ""
2081-
2082-#. type: Plain text
2083-#: original/man8/iptables-extensions.8:192
2084-msgid ""
2085-"The transferred bytes per connection can also be viewed through `conntrack "
2086-"-L` and accessed via ctnetlink."
2087-msgstr ""
2088-
2089-#. type: Plain text
2090-#: original/man8/iptables-extensions.8:198
2091-msgid ""
2092-"NOTE that for connections which have no accounting information, the match "
2093-"will always return false. The \"net.netfilter.nf_conntrack_acct\" sysctl "
2094-"flag controls whether B<new> connections will be byte/packet "
2095-"counted. Existing connection flows will not be gaining/losing a/the "
2096-"accounting structure when be sysctl flag is flipped."
2097-msgstr ""
2098-
2099-#. type: TP
2100-#: original/man8/iptables-extensions.8:198
2101-#, no-wrap
2102-msgid "[B<!>] B<--connbytes> I<from>[B<:>I<to>]"
2103-msgstr ""
2104-
2105-#. type: Plain text
2106-#: original/man8/iptables-extensions.8:204
2107-msgid ""
2108-"match packets from a connection whose packets/bytes/average packet size is "
2109-"more than FROM and less than TO bytes/packets. if TO is omitted only FROM "
2110-"check is done. \"!\" is used to match packets not falling in the range."
2111-msgstr ""
2112-
2113-#. type: TP
2114-#: original/man8/iptables-extensions.8:204
2115-#, no-wrap
2116-msgid "B<--connbytes-dir> {B<original>|B<reply>|B<both>}"
2117-msgstr ""
2118-
2119-#. type: Plain text
2120-#: original/man8/iptables-extensions.8:207
2121-msgid "which packets to consider"
2122-msgstr ""
2123-
2124-#. type: TP
2125-#: original/man8/iptables-extensions.8:207
2126-#, no-wrap
2127-msgid "B<--connbytes-mode> {B<packets>|B<bytes>|B<avgpkt>}"
2128-msgstr ""
2129-
2130-#. type: Plain text
2131-#: original/man8/iptables-extensions.8:214
2132-msgid ""
2133-"whether to check the amount of packets, number of bytes transferred or the "
2134-"average size (in bytes) of all packets received so far. Note that when "
2135-"\"both\" is used together with \"avgpkt\", and data is going (mainly) only "
2136-"in one direction (for example HTTP), the average packet size will be about "
2137-"half of the actual data packets."
2138-msgstr ""
2139-
2140-#. type: Plain text
2141-#: original/man8/iptables-extensions.8:217
2142-msgid ""
2143-"iptables .. -m connbytes --connbytes 10000:100000 --connbytes-dir both "
2144-"--connbytes-mode bytes ..."
2145-msgstr ""
2146-
2147-#. type: SS
2148-#: original/man8/iptables-extensions.8:217
2149-#, no-wrap
2150-msgid "connlimit"
2151-msgstr ""
2152-
2153-#. type: Plain text
2154-#: original/man8/iptables-extensions.8:220
2155-msgid ""
2156-"Allows you to restrict the number of parallel connections to a server per "
2157-"client IP address (or client address block)."
2158-msgstr ""
2159-
2160-#. type: TP
2161-#: original/man8/iptables-extensions.8:220
2162-#, no-wrap
2163-msgid "B<--connlimit-upto> I<n>"
2164-msgstr ""
2165-
2166-#. type: Plain text
2167-#: original/man8/iptables-extensions.8:223
2168-msgid "Match if the number of existing connections is below or equal I<n>."
2169-msgstr ""
2170-
2171-#. type: TP
2172-#: original/man8/iptables-extensions.8:223
2173-#, no-wrap
2174-msgid "B<--connlimit-above> I<n>"
2175-msgstr ""
2176-
2177-#. type: Plain text
2178-#: original/man8/iptables-extensions.8:226
2179-msgid "Match if the number of existing connections is above I<n>."
2180-msgstr ""
2181-
2182-#. type: TP
2183-#: original/man8/iptables-extensions.8:226
2184-#, no-wrap
2185-msgid "B<--connlimit-mask> I<prefix_length>"
2186-msgstr ""
2187-
2188-#. type: Plain text
2189-#: original/man8/iptables-extensions.8:231
2190-msgid ""
2191-"Group hosts using the prefix length. For IPv4, this must be a number between "
2192-"(including) 0 and 32. For IPv6, between 0 and 128. If not specified, the "
2193-"maximum prefix length for the applicable protocol is used."
2194-msgstr ""
2195-
2196-#. type: TP
2197-#: original/man8/iptables-extensions.8:231
2198-#, no-wrap
2199-msgid "B<--connlimit-saddr>"
2200-msgstr ""
2201-
2202-#. type: Plain text
2203-#: original/man8/iptables-extensions.8:235
2204-msgid ""
2205-"Apply the limit onto the source group. This is the default if "
2206-"--connlimit-daddr is not specified."
2207-msgstr ""
2208-
2209-#. type: TP
2210-#: original/man8/iptables-extensions.8:235
2211-#, no-wrap
2212-msgid "B<--connlimit-daddr>"
2213-msgstr ""
2214-
2215-#. type: Plain text
2216-#: original/man8/iptables-extensions.8:238
2217-msgid "Apply the limit onto the destination group."
2218-msgstr ""
2219-
2220-#. type: Plain text
2221-#: original/man8/iptables-extensions.8:240 original/man8/iptables-extensions.8:514 original/man8/iptables-extensions.8:1127 original/man8/iptables-extensions.8:1252
2222-msgid "Examples:"
2223-msgstr ""
2224-
2225-#. type: TP
2226-#: original/man8/iptables-extensions.8:240
2227-#, no-wrap
2228-msgid "# allow 2 telnet connections per client host"
2229-msgstr ""
2230-
2231-#. type: Plain text
2232-#: original/man8/iptables-extensions.8:243
2233-msgid ""
2234-"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 "
2235-"-j REJECT"
2236-msgstr ""
2237-
2238-#. type: TP
2239-#: original/man8/iptables-extensions.8:243
2240-#, no-wrap
2241-msgid "# you can also match the other way around:"
2242-msgstr ""
2243-
2244-#. type: Plain text
2245-#: original/man8/iptables-extensions.8:246
2246-msgid ""
2247-"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-upto 2 -j "
2248-"ACCEPT"
2249-msgstr ""
2250-
2251-#. type: TP
2252-#: original/man8/iptables-extensions.8:246
2253-#, no-wrap
2254-msgid ""
2255-"# limit the number of parallel HTTP requests to 16 per class C sized source "
2256-"network (24 bit netmask)"
2257-msgstr ""
2258-
2259-#. type: Plain text
2260-#: original/man8/iptables-extensions.8:251
2261-msgid ""
2262-"iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 "
2263-"--connlimit-mask 24 -j REJECT"
2264-msgstr ""
2265-
2266-#. type: TP
2267-#: original/man8/iptables-extensions.8:251
2268-#, no-wrap
2269-msgid ""
2270-"# limit the number of parallel HTTP requests to 16 for the link local "
2271-"network"
2272-msgstr ""
2273-
2274-#. type: Plain text
2275-#: original/man8/iptables-extensions.8:256
2276-msgid ""
2277-"(ipv6) ip6tables -p tcp --syn --dport 80 -s fe80::/64 -m connlimit "
2278-"--connlimit-above 16 --connlimit-mask 64 -j REJECT"
2279-msgstr ""
2280-
2281-#. type: TP
2282-#: original/man8/iptables-extensions.8:256
2283-#, no-wrap
2284-msgid "# Limit the number of connections to a particular host:"
2285-msgstr ""
2286-
2287-#. type: Plain text
2288-#: original/man8/iptables-extensions.8:260
2289-msgid ""
2290-"ip6tables -p tcp --syn --dport 49152:65535 -d 2001:db8::1 -m connlimit "
2291-"--connlimit-above 100 -j REJECT"
2292-msgstr ""
2293-
2294-#. type: SS
2295-#: original/man8/iptables-extensions.8:260
2296-#, no-wrap
2297-msgid "connmark"
2298-msgstr ""
2299-
2300-#. type: Plain text
2301-#: original/man8/iptables-extensions.8:263
2302-msgid ""
2303-"This module matches the netfilter mark field associated with a connection "
2304-"(which can be set using the B<CONNMARK> target below)."
2305-msgstr ""
2306-
2307-#. type: TP
2308-#: original/man8/iptables-extensions.8:263 original/man8/iptables-extensions.8:703
2309-#, no-wrap
2310-msgid "[B<!>] B<--mark> I<value>[B</>I<mask>]"
2311-msgstr ""
2312-
2313-#. type: Plain text
2314-#: original/man8/iptables-extensions.8:267
2315-msgid ""
2316-"Matches packets in connections with the given mark value (if a mask is "
2317-"specified, this is logically ANDed with the mark before the comparison)."
2318-msgstr ""
2319-
2320-#. type: SS
2321-#: original/man8/iptables-extensions.8:267
2322-#, no-wrap
2323-msgid "conntrack"
2324-msgstr ""
2325-
2326-#. type: Plain text
2327-#: original/man8/iptables-extensions.8:270
2328-msgid ""
2329-"This module, when combined with connection tracking, allows access to the "
2330-"connection tracking state for this packet/connection."
2331-msgstr ""
2332-
2333-#. type: TP
2334-#: original/man8/iptables-extensions.8:270
2335-#, no-wrap
2336-msgid "[B<!>] B<--ctstate> I<statelist>"
2337-msgstr ""
2338-
2339-#. type: Plain text
2340-#: original/man8/iptables-extensions.8:274
2341-msgid ""
2342-"I<statelist> is a comma separated list of the connection states to match. "
2343-"Possible states are listed below."
2344-msgstr ""
2345-
2346-#. type: TP
2347-#: original/man8/iptables-extensions.8:274
2348-#, no-wrap
2349-msgid "[B<!>] B<--ctproto> I<l4proto>"
2350-msgstr ""
2351-
2352-#. type: Plain text
2353-#: original/man8/iptables-extensions.8:277
2354-msgid "Layer-4 protocol to match (by number or name)"
2355-msgstr ""
2356-
2357-#. type: TP
2358-#: original/man8/iptables-extensions.8:277
2359-#, no-wrap
2360-msgid "[B<!>] B<--ctorigsrc> I<address>[B</>I<mask>]"
2361-msgstr ""
2362-
2363-#. type: TP
2364-#: original/man8/iptables-extensions.8:279
2365-#, no-wrap
2366-msgid "[B<!>] B<--ctorigdst> I<address>[B</>I<mask>]"
2367-msgstr ""
2368-
2369-#. type: TP
2370-#: original/man8/iptables-extensions.8:281
2371-#, no-wrap
2372-msgid "[B<!>] B<--ctreplsrc> I<address>[B</>I<mask>]"
2373-msgstr ""
2374-
2375-#. type: TP
2376-#: original/man8/iptables-extensions.8:283
2377-#, no-wrap
2378-msgid "[B<!>] B<--ctrepldst> I<address>[B</>I<mask>]"
2379-msgstr ""
2380-
2381-#. type: Plain text
2382-#: original/man8/iptables-extensions.8:286
2383-msgid "Match against original/reply source/destination address"
2384-msgstr ""
2385-
2386-#. type: TP
2387-#: original/man8/iptables-extensions.8:286
2388-#, no-wrap
2389-msgid "[B<!>] B<--ctorigsrcport> I<port>[B<:>I<port>]"
2390-msgstr ""
2391-
2392-#. type: TP
2393-#: original/man8/iptables-extensions.8:288
2394-#, no-wrap
2395-msgid "[B<!>] B<--ctorigdstport> I<port>[B<:>I<port>]"
2396-msgstr ""
2397-
2398-#. type: TP
2399-#: original/man8/iptables-extensions.8:290
2400-#, no-wrap
2401-msgid "[B<!>] B<--ctreplsrcport> I<port>[B<:>I<port>]"
2402-msgstr ""
2403-
2404-#. type: TP
2405-#: original/man8/iptables-extensions.8:292
2406-#, no-wrap
2407-msgid "[B<!>] B<--ctrepldstport> I<port>[B<:>I<port>]"
2408-msgstr ""
2409-
2410-#. type: Plain text
2411-#: original/man8/iptables-extensions.8:296
2412-msgid ""
2413-"Match against original/reply source/destination port (TCP/UDP/etc.) or GRE "
2414-"key. Matching against port ranges is only supported in kernel versions "
2415-"above 2.6.38."
2416-msgstr ""
2417-
2418-#. type: TP
2419-#: original/man8/iptables-extensions.8:296
2420-#, no-wrap
2421-msgid "[B<!>] B<--ctstatus> I<statelist>"
2422-msgstr ""
2423-
2424-#. type: Plain text
2425-#: original/man8/iptables-extensions.8:300
2426-msgid ""
2427-"I<statuslist> is a comma separated list of the connection statuses to "
2428-"match. Possible statuses are listed below."
2429-msgstr ""
2430-
2431-#. type: TP
2432-#: original/man8/iptables-extensions.8:300
2433-#, no-wrap
2434-msgid "[B<!>] B<--ctexpire> I<time>[B<:>I<time>]"
2435-msgstr ""
2436-
2437-#. type: Plain text
2438-#: original/man8/iptables-extensions.8:304
2439-msgid ""
2440-"Match remaining lifetime in seconds against given value or range of values "
2441-"(inclusive)"
2442-msgstr ""
2443-
2444-#. type: TP
2445-#: original/man8/iptables-extensions.8:304
2446-#, no-wrap
2447-msgid "B<--ctdir> {B<ORIGINAL>|B<REPLY>}"
2448-msgstr ""
2449-
2450-#. type: Plain text
2451-#: original/man8/iptables-extensions.8:308
2452-msgid ""
2453-"Match packets that are flowing in the specified direction. If this flag is "
2454-"not specified at all, matches packets in both directions."
2455-msgstr ""
2456-
2457-#. type: Plain text
2458-#: original/man8/iptables-extensions.8:310
2459-msgid "States for B<--ctstate>:"
2460-msgstr ""
2461-
2462-#. type: TP
2463-#: original/man8/iptables-extensions.8:310
2464-#, no-wrap
2465-msgid "B<INVALID>"
2466-msgstr ""
2467-
2468-#. type: Plain text
2469-#: original/man8/iptables-extensions.8:313
2470-msgid "The packet is associated with no known connection."
2471-msgstr ""
2472-
2473-#. type: TP
2474-#: original/man8/iptables-extensions.8:313
2475-#, no-wrap
2476-msgid "B<NEW>"
2477-msgstr ""
2478-
2479-#. type: Plain text
2480-#: original/man8/iptables-extensions.8:317
2481-msgid ""
2482-"The packet has started a new connection, or otherwise associated with a "
2483-"connection which has not seen packets in both directions."
2484-msgstr ""
2485-
2486-#. type: TP
2487-#: original/man8/iptables-extensions.8:317
2488-#, no-wrap
2489-msgid "B<ESTABLISHED>"
2490-msgstr ""
2491-
2492-#. type: Plain text
2493-#: original/man8/iptables-extensions.8:321
2494-msgid ""
2495-"The packet is associated with a connection which has seen packets in both "
2496-"directions."
2497-msgstr ""
2498-
2499-#. type: TP
2500-#: original/man8/iptables-extensions.8:321
2501-#, no-wrap
2502-msgid "B<RELATED>"
2503-msgstr ""
2504-
2505-#. type: Plain text
2506-#: original/man8/iptables-extensions.8:325
2507-msgid ""
2508-"The packet is starting a new connection, but is associated with an existing "
2509-"connection, such as an FTP data transfer, or an ICMP error."
2510-msgstr ""
2511-
2512-#. type: TP
2513-#: original/man8/iptables-extensions.8:325
2514-#, no-wrap
2515-msgid "B<UNTRACKED>"
2516-msgstr ""
2517-
2518-#. type: Plain text
2519-#: original/man8/iptables-extensions.8:329
2520-msgid ""
2521-"The packet is not tracked at all, which happens if you explicitly untrack it "
2522-"by using -j CT --notrack in the raw table."
2523-msgstr ""
2524-
2525-#. type: TP
2526-#: original/man8/iptables-extensions.8:329
2527-#, no-wrap
2528-msgid "B<SNAT>"
2529-msgstr ""
2530-
2531-#. type: Plain text
2532-#: original/man8/iptables-extensions.8:333
2533-msgid ""
2534-"A virtual state, matching if the original source address differs from the "
2535-"reply destination."
2536-msgstr ""
2537-
2538-#. type: TP
2539-#: original/man8/iptables-extensions.8:333
2540-#, no-wrap
2541-msgid "B<DNAT>"
2542-msgstr ""
2543-
2544-#. type: Plain text
2545-#: original/man8/iptables-extensions.8:337
2546-msgid ""
2547-"A virtual state, matching if the original destination differs from the reply "
2548-"source."
2549-msgstr ""
2550-
2551-#. type: Plain text
2552-#: original/man8/iptables-extensions.8:339
2553-msgid "Statuses for B<--ctstatus>:"
2554-msgstr ""
2555-
2556-#. type: TP
2557-#: original/man8/iptables-extensions.8:339
2558-#, no-wrap
2559-msgid "B<NONE>"
2560-msgstr ""
2561-
2562-#. type: Plain text
2563-#: original/man8/iptables-extensions.8:342
2564-msgid "None of the below."
2565-msgstr ""
2566-
2567-#. type: TP
2568-#: original/man8/iptables-extensions.8:342
2569-#, no-wrap
2570-msgid "B<EXPECTED>"
2571-msgstr ""
2572-
2573-#. type: Plain text
2574-#: original/man8/iptables-extensions.8:345
2575-msgid "This is an expected connection (i.e. a conntrack helper set it up)."
2576-msgstr ""
2577-
2578-#. type: TP
2579-#: original/man8/iptables-extensions.8:345
2580-#, no-wrap
2581-msgid "B<SEEN_REPLY>"
2582-msgstr ""
2583-
2584-#. type: Plain text
2585-#: original/man8/iptables-extensions.8:348
2586-msgid "Conntrack has seen packets in both directions."
2587-msgstr ""
2588-
2589-#. type: TP
2590-#: original/man8/iptables-extensions.8:348
2591-#, no-wrap
2592-msgid "B<ASSURED>"
2593-msgstr ""
2594-
2595-#. type: Plain text
2596-#: original/man8/iptables-extensions.8:351
2597-msgid "Conntrack entry should never be early-expired."
2598-msgstr ""
2599-
2600-#. type: TP
2601-#: original/man8/iptables-extensions.8:351
2602-#, no-wrap
2603-msgid "B<CONFIRMED>"
2604-msgstr ""
2605-
2606-#. type: Plain text
2607-#: original/man8/iptables-extensions.8:354
2608-msgid "Connection is confirmed: originating packet has left box."
2609-msgstr ""
2610-
2611-#. type: SS
2612-#: original/man8/iptables-extensions.8:354
2613-#, no-wrap
2614-msgid "cpu"
2615-msgstr ""
2616-
2617-#. type: TP
2618-#: original/man8/iptables-extensions.8:355
2619-#, no-wrap
2620-msgid "[B<!>] B<--cpu> I<number>"
2621-msgstr ""
2622-
2623-#. type: Plain text
2624-#: original/man8/iptables-extensions.8:360
2625-msgid ""
2626-"Match cpu handling this packet. cpus are numbered from 0 to NR_CPUS-1 Can be "
2627-"used in combination with RPS (Remote Packet Steering) or multiqueue NICs to "
2628-"spread network traffic on different queues."
2629-msgstr ""
2630-
2631-#. type: Plain text
2632-#: original/man8/iptables-extensions.8:365
2633-msgid ""
2634-"iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 -j REDIRECT "
2635-"--to-port 8080"
2636-msgstr ""
2637-
2638-#. type: Plain text
2639-#: original/man8/iptables-extensions.8:368
2640-msgid ""
2641-"iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 -j REDIRECT "
2642-"--to-port 8081"
2643-msgstr ""
2644-
2645-#. type: Plain text
2646-#: original/man8/iptables-extensions.8:370
2647-msgid "Available since Linux 2.6.36."
2648-msgstr ""
2649-
2650-#. type: SS
2651-#: original/man8/iptables-extensions.8:370
2652-#, no-wrap
2653-msgid "dccp"
2654-msgstr ""
2655-
2656-#. type: TP
2657-#: original/man8/iptables-extensions.8:371 original/man8/iptables-extensions.8:1230 original/man8/iptables-extensions.8:1354 original/man8/iptables-extensions.8:1657
2658-#, no-wrap
2659-msgid "[B<!>] B<--source-port>,B<--sport> I<port>[B<:>I<port>]"
2660-msgstr ""
2661-
2662-#. type: TP
2663-#: original/man8/iptables-extensions.8:373 original/man8/iptables-extensions.8:1232 original/man8/iptables-extensions.8:1365 original/man8/iptables-extensions.8:1663
2664-#, no-wrap
2665-msgid "[B<!>] B<--destination-port>,B<--dport> I<port>[B<:>I<port>]"
2666-msgstr ""
2667-
2668-#. type: TP
2669-#: original/man8/iptables-extensions.8:375
2670-#, no-wrap
2671-msgid "[B<!>] B<--dccp-types> I<mask>"
2672-msgstr ""
2673-
2674-#. type: Plain text
2675-#: original/man8/iptables-extensions.8:380
2676-msgid ""
2677-"Match when the DCCP packet type is one of 'mask'. 'mask' is a "
2678-"comma-separated list of packet types. Packet types are: B<REQUEST RESPONSE "
2679-"DATA ACK DATAACK CLOSEREQ CLOSE RESET SYNC SYNCACK INVALID>."
2680-msgstr ""
2681-
2682-#. type: TP
2683-#: original/man8/iptables-extensions.8:380
2684-#, no-wrap
2685-msgid "[B<!>] B<--dccp-option> I<number>"
2686-msgstr ""
2687-
2688-#. type: Plain text
2689-#: original/man8/iptables-extensions.8:383
2690-msgid "Match if DCCP option set."
2691-msgstr ""
2692-
2693-#. type: SS
2694-#: original/man8/iptables-extensions.8:383
2695-#, no-wrap
2696-msgid "devgroup"
2697-msgstr ""
2698-
2699-#. type: Plain text
2700-#: original/man8/iptables-extensions.8:385
2701-msgid "Match device group of a packets incoming/outgoing interface."
2702-msgstr ""
2703-
2704-#. type: TP
2705-#: original/man8/iptables-extensions.8:385
2706-#, no-wrap
2707-msgid "[B<!>] B<--src-group> I<name>"
2708-msgstr ""
2709-
2710-#. type: Plain text
2711-#: original/man8/iptables-extensions.8:388
2712-msgid "Match device group of incoming device"
2713-msgstr ""
2714-
2715-#. type: TP
2716-#: original/man8/iptables-extensions.8:388
2717-#, no-wrap
2718-msgid "[B<!>] B<--dst-group> I<name>"
2719-msgstr ""
2720-
2721-#. type: Plain text
2722-#: original/man8/iptables-extensions.8:391
2723-msgid "Match device group of outgoing device"
2724-msgstr ""
2725-
2726-#. type: SS
2727-#: original/man8/iptables-extensions.8:391
2728-#, no-wrap
2729-msgid "dscp"
2730-msgstr ""
2731-
2732-#. type: Plain text
2733-#: original/man8/iptables-extensions.8:394
2734-msgid ""
2735-"This module matches the 6 bit DSCP field within the TOS field in the IP "
2736-"header. DSCP has superseded TOS within the IETF."
2737-msgstr ""
2738-
2739-#. type: TP
2740-#: original/man8/iptables-extensions.8:394
2741-#, no-wrap
2742-msgid "[B<!>] B<--dscp> I<value>"
2743-msgstr ""
2744-
2745-#. type: Plain text
2746-#: original/man8/iptables-extensions.8:397
2747-msgid "Match against a numeric (decimal or hex) value [0-63]."
2748-msgstr ""
2749-
2750-#. type: TP
2751-#: original/man8/iptables-extensions.8:397
2752-#, no-wrap
2753-msgid "[B<!>] B<--dscp-class> I<class>"
2754-msgstr ""
2755-
2756-#. type: Plain text
2757-#: original/man8/iptables-extensions.8:402
2758-msgid ""
2759-"Match the DiffServ class. This value may be any of the BE, EF, AFxx or CSx "
2760-"classes. It will then be converted into its according numeric value."
2761-msgstr ""
2762-
2763-#. type: SS
2764-#: original/man8/iptables-extensions.8:402
2765-#, no-wrap
2766-msgid "dst (IPv6-specific)"
2767-msgstr ""
2768-
2769-#. type: Plain text
2770-#: original/man8/iptables-extensions.8:404
2771-msgid "This module matches the parameters in Destination Options header"
2772-msgstr ""
2773-
2774-#. type: TP
2775-#: original/man8/iptables-extensions.8:404
2776-#, no-wrap
2777-msgid "[B<!>] B<--dst-len> I<length>"
2778-msgstr ""
2779-
2780-#. type: TP
2781-#: original/man8/iptables-extensions.8:407
2782-#, no-wrap
2783-msgid "B<--dst-opts> I<type>[B<:>I<length>][B<,>I<type>[B<:>I<length>]...]"
2784-msgstr ""
2785-
2786-#. type: Plain text
2787-#: original/man8/iptables-extensions.8:410 original/man8/iptables-extensions.8:543
2788-msgid "numeric type of option and the length of the option data in octets."
2789-msgstr ""
2790-
2791-#. type: SS
2792-#: original/man8/iptables-extensions.8:410
2793-#, no-wrap
2794-msgid "ecn"
2795-msgstr ""
2796-
2797-#. type: Plain text
2798-#: original/man8/iptables-extensions.8:412
2799-msgid ""
2800-"This allows you to match the ECN bits of the IPv4/IPv6 and TCP header. ECN "
2801-"is the Explicit Congestion Notification mechanism as specified in RFC3168"
2802-msgstr ""
2803-
2804-#. type: TP
2805-#: original/man8/iptables-extensions.8:412
2806-#, no-wrap
2807-msgid "[B<!>] B<--ecn-tcp-cwr>"
2808-msgstr ""
2809-
2810-#. type: Plain text
2811-#: original/man8/iptables-extensions.8:415
2812-msgid "This matches if the TCP ECN CWR (Congestion Window Received) bit is set."
2813-msgstr ""
2814-
2815-#. type: TP
2816-#: original/man8/iptables-extensions.8:415
2817-#, no-wrap
2818-msgid "[B<!>] B<--ecn-tcp-ece>"
2819-msgstr ""
2820-
2821-#. type: Plain text
2822-#: original/man8/iptables-extensions.8:418
2823-msgid "This matches if the TCP ECN ECE (ECN Echo) bit is set."
2824-msgstr ""
2825-
2826-#. type: TP
2827-#: original/man8/iptables-extensions.8:418
2828-#, no-wrap
2829-msgid "[B<!>] B<--ecn-ip-ect> I<num>"
2830-msgstr ""
2831-
2832-#. type: Plain text
2833-#: original/man8/iptables-extensions.8:422
2834-msgid ""
2835-"This matches a particular IPv4/IPv6 ECT (ECN-Capable Transport). You have to "
2836-"specify a number between `0' and `3'."
2837-msgstr ""
2838-
2839-#. type: SS
2840-#: original/man8/iptables-extensions.8:422
2841-#, no-wrap
2842-msgid "esp"
2843-msgstr ""
2844-
2845-#. type: Plain text
2846-#: original/man8/iptables-extensions.8:424
2847-msgid "This module matches the SPIs in ESP header of IPsec packets."
2848-msgstr ""
2849-
2850-#. type: TP
2851-#: original/man8/iptables-extensions.8:424
2852-#, no-wrap
2853-msgid "[B<!>] B<--espspi> I<spi>[B<:>I<spi>]"
2854-msgstr ""
2855-
2856-#. type: SS
2857-#: original/man8/iptables-extensions.8:426
2858-#, no-wrap
2859-msgid "eui64 (IPv6-specific)"
2860-msgstr ""
2861-
2862-#. type: Plain text
2863-#: original/man8/iptables-extensions.8:437
2864-msgid ""
2865-"This module matches the EUI-64 part of a stateless autoconfigured IPv6 "
2866-"address. It compares the EUI-64 derived from the source MAC address in "
2867-"Ethernet frame with the lower 64 bits of the IPv6 source address. But "
2868-"\"Universal/Local\" bit is not compared. This module doesn't match other "
2869-"link layer frame, and is only valid in the B<PREROUTING>, B<INPUT> and "
2870-"B<FORWARD> chains."
2871-msgstr ""
2872-
2873-#. type: SS
2874-#: original/man8/iptables-extensions.8:437
2875-#, no-wrap
2876-msgid "frag (IPv6-specific)"
2877-msgstr ""
2878-
2879-#. type: Plain text
2880-#: original/man8/iptables-extensions.8:439
2881-msgid "This module matches the parameters in Fragment header."
2882-msgstr ""
2883-
2884-#. type: TP
2885-#: original/man8/iptables-extensions.8:439
2886-#, no-wrap
2887-msgid "[B<!>] B<--fragid> I<id>[B<:>I<id>]"
2888-msgstr ""
2889-
2890-#. type: Plain text
2891-#: original/man8/iptables-extensions.8:442
2892-msgid "Matches the given Identification or range of it."
2893-msgstr ""
2894-
2895-#. type: TP
2896-#: original/man8/iptables-extensions.8:442
2897-#, no-wrap
2898-msgid "[B<!>] B<--fraglen> I<length>"
2899-msgstr ""
2900-
2901-#. type: Plain text
2902-#: original/man8/iptables-extensions.8:446
2903-msgid ""
2904-"This option cannot be used with kernel version 2.6.10 or later. The length "
2905-"of Fragment header is static and this option doesn't make sense."
2906-msgstr ""
2907-
2908-#. type: TP
2909-#: original/man8/iptables-extensions.8:446
2910-#, no-wrap
2911-msgid "B<--fragres>"
2912-msgstr ""
2913-
2914-#. type: Plain text
2915-#: original/man8/iptables-extensions.8:449
2916-msgid "Matches if the reserved fields are filled with zero."
2917-msgstr ""
2918-
2919-#. type: TP
2920-#: original/man8/iptables-extensions.8:449
2921-#, no-wrap
2922-msgid "B<--fragfirst>"
2923-msgstr ""
2924-
2925-#. type: Plain text
2926-#: original/man8/iptables-extensions.8:452
2927-msgid "Matches on the first fragment."
2928-msgstr ""
2929-
2930-#. type: TP
2931-#: original/man8/iptables-extensions.8:452
2932-#, no-wrap
2933-msgid "B<--fragmore>"
2934-msgstr ""
2935-
2936-#. type: Plain text
2937-#: original/man8/iptables-extensions.8:455
2938-msgid "Matches if there are more fragments."
2939-msgstr ""
2940-
2941-#. type: TP
2942-#: original/man8/iptables-extensions.8:455
2943-#, no-wrap
2944-msgid "B<--fraglast>"
2945-msgstr ""
2946-
2947-#. type: Plain text
2948-#: original/man8/iptables-extensions.8:458
2949-msgid "Matches if this is the last fragment."
2950-msgstr ""
2951-
2952-#. type: SS
2953-#: original/man8/iptables-extensions.8:458
2954-#, no-wrap
2955-msgid "hashlimit"
2956-msgstr ""
2957-
2958-#. type: Plain text
2959-#: original/man8/iptables-extensions.8:464
2960-msgid ""
2961-"B<hashlimit> uses hash buckets to express a rate limiting match (like the "
2962-"B<limit> match) for a group of connections using a B<single> iptables "
2963-"rule. Grouping can be done per-hostgroup (source and/or destination address) "
2964-"and/or per-port. It gives you the ability to express \"I<N> packets per time "
2965-"quantum per group\" or \"I<N> bytes per seconds\" (see below for some "
2966-"examples)."
2967-msgstr ""
2968-
2969-#. type: Plain text
2970-#: original/man8/iptables-extensions.8:467
2971-msgid ""
2972-"A hash limit option (B<--hashlimit-upto>, B<--hashlimit-above>) and "
2973-"B<--hashlimit-name> are required."
2974-msgstr ""
2975-
2976-#. type: TP
2977-#: original/man8/iptables-extensions.8:467
2978-#, no-wrap
2979-msgid "B<--hashlimit-upto> I<amount>[B</second>|B</minute>|B</hour>|B</day>]"
2980-msgstr ""
2981-
2982-#. type: Plain text
2983-#: original/man8/iptables-extensions.8:472
2984-msgid ""
2985-"Match if the rate is below or equal to I<amount>/quantum. It is specified "
2986-"either as a number, with an optional time quantum suffix (the default is "
2987-"3/hour), or as I<amount>b/second (number of bytes per second)."
2988-msgstr ""
2989-
2990-#. type: TP
2991-#: original/man8/iptables-extensions.8:472
2992-#, no-wrap
2993-msgid "B<--hashlimit-above> I<amount>[B</second>|B</minute>|B</hour>|B</day>]"
2994-msgstr ""
2995-
2996-#. type: Plain text
2997-#: original/man8/iptables-extensions.8:475
2998-msgid "Match if the rate is above I<amount>/quantum."
2999-msgstr ""
3000-
3001-#. type: TP
3002-#: original/man8/iptables-extensions.8:475
3003-#, no-wrap
3004-msgid "B<--hashlimit-burst> I<amount>"
3005-msgstr ""
3006-
3007-#. type: Plain text
3008-#: original/man8/iptables-extensions.8:482
3009-msgid ""
3010-"Maximum initial number of packets to match: this number gets recharged by "
3011-"one every time the limit specified above is not reached, up to this number; "
3012-"the default is 5. When byte-based rate matching is requested, this option "
3013-"specifies the amount of bytes that can exceed the given rate. This option "
3014-"should be used with caution -- if the entry expires, the burst value is "
3015-"reset too."
3016-msgstr ""
3017-
3018-#. type: TP
3019-#: original/man8/iptables-extensions.8:482
3020-#, no-wrap
3021-msgid "B<--hashlimit-mode> {B<srcip>|B<srcport>|B<dstip>|B<dstport>}B<,>..."
3022-msgstr ""
3023-
3024-#. type: Plain text
3025-#: original/man8/iptables-extensions.8:487
3026-msgid ""
3027-"A comma-separated list of objects to take into consideration. If no "
3028-"--hashlimit-mode option is given, hashlimit acts like limit, but at the "
3029-"expensive of doing the hash housekeeping."
3030-msgstr ""
3031-
3032-#. type: TP
3033-#: original/man8/iptables-extensions.8:487
3034-#, no-wrap
3035-msgid "B<--hashlimit-srcmask> I<prefix>"
3036-msgstr ""
3037-
3038-#. type: Plain text
3039-#: original/man8/iptables-extensions.8:494
3040-msgid ""
3041-"When --hashlimit-mode srcip is used, all source addresses encountered will "
3042-"be grouped according to the given prefix length and the so-created subnet "
3043-"will be subject to hashlimit. I<prefix> must be between (inclusive) 0 and "
3044-"32. Note that --hashlimit-srcmask 0 is basically doing the same thing as not "
3045-"specifying srcip for --hashlimit-mode, but is technically more expensive."
3046-msgstr ""
3047-
3048-#. type: TP
3049-#: original/man8/iptables-extensions.8:494
3050-#, no-wrap
3051-msgid "B<--hashlimit-dstmask> I<prefix>"
3052-msgstr ""
3053-
3054-#. type: Plain text
3055-#: original/man8/iptables-extensions.8:497
3056-msgid "Like --hashlimit-srcmask, but for destination addresses."
3057-msgstr ""
3058-
3059-#. type: TP
3060-#: original/man8/iptables-extensions.8:497
3061-#, no-wrap
3062-msgid "B<--hashlimit-name> I<foo>"
3063-msgstr ""
3064-
3065-#. type: Plain text
3066-#: original/man8/iptables-extensions.8:500
3067-msgid "The name for the /proc/net/ipt_hashlimit/foo entry."
3068-msgstr ""
3069-
3070-#. type: TP
3071-#: original/man8/iptables-extensions.8:500
3072-#, no-wrap
3073-msgid "B<--hashlimit-htable-size> I<buckets>"
3074-msgstr ""
3075-
3076-#. type: Plain text
3077-#: original/man8/iptables-extensions.8:503
3078-msgid "The number of buckets of the hash table"
3079-msgstr ""
3080-
3081-#. type: TP
3082-#: original/man8/iptables-extensions.8:503
3083-#, no-wrap
3084-msgid "B<--hashlimit-htable-max> I<entries>"
3085-msgstr ""
3086-
3087-#. type: Plain text
3088-#: original/man8/iptables-extensions.8:506
3089-msgid "Maximum entries in the hash."
3090-msgstr ""
3091-
3092-#. type: TP
3093-#: original/man8/iptables-extensions.8:506
3094-#, no-wrap
3095-msgid "B<--hashlimit-htable-expire> I<msec>"
3096-msgstr ""
3097-
3098-#. type: Plain text
3099-#: original/man8/iptables-extensions.8:509
3100-msgid "After how many milliseconds do hash entries expire."
3101-msgstr ""
3102-
3103-#. type: TP
3104-#: original/man8/iptables-extensions.8:509
3105-#, no-wrap
3106-msgid "B<--hashlimit-htable-gcinterval> I<msec>"
3107-msgstr ""
3108-
3109-#. type: Plain text
3110-#: original/man8/iptables-extensions.8:512
3111-msgid "How many milliseconds between garbage collection intervals."
3112-msgstr ""
3113-
3114-#. type: TP
3115-#: original/man8/iptables-extensions.8:514
3116-#, no-wrap
3117-msgid "matching on source host"
3118-msgstr ""
3119-
3120-#. type: Plain text
3121-#: original/man8/iptables-extensions.8:518
3122-msgid ""
3123-"\"1000 packets per second for every host in 192.168.0.0/16\" =E<gt> -s "
3124-"192.168.0.0/16 --hashlimit-mode srcip --hashlimit-upto 1000/sec"
3125-msgstr ""
3126-
3127-#. type: TP
3128-#: original/man8/iptables-extensions.8:518
3129-#, no-wrap
3130-msgid "matching on source port"
3131-msgstr ""
3132-
3133-#. type: Plain text
3134-#: original/man8/iptables-extensions.8:522
3135-msgid ""
3136-"\"100 packets per second for every service of 192.168.1.1\" =E<gt> -s "
3137-"192.168.1.1 --hashlimit-mode srcport --hashlimit-upto 100/sec"
3138-msgstr ""
3139-
3140-#. type: TP
3141-#: original/man8/iptables-extensions.8:522
3142-#, no-wrap
3143-msgid "matching on subnet"
3144-msgstr ""
3145-
3146-#. type: Plain text
3147-#: original/man8/iptables-extensions.8:527
3148-msgid ""
3149-"\"10000 packets per minute for every /28 subnet (groups of 8 addresses) in "
3150-"10.0.0.0/8\" =E<gt> -s 10.0.0.8 --hashlimit-mask 28 --hashlimit-upto "
3151-"10000/min"
3152-msgstr ""
3153-
3154-#. type: TP
3155-#: original/man8/iptables-extensions.8:527 original/man8/iptables-extensions.8:531
3156-#, no-wrap
3157-msgid "matching bytes per second"
3158-msgstr ""
3159-
3160-#. type: Plain text
3161-#: original/man8/iptables-extensions.8:531
3162-msgid ""
3163-"\"flows exceeding 512kbyte/s\" =E<gt> --hashlimit-mode "
3164-"srcip,dstip,srcport,dstport --hashlimit-above 512kb/s"
3165-msgstr ""
3166-
3167-#. type: Plain text
3168-#: original/man8/iptables-extensions.8:535
3169-msgid ""
3170-"\"hosts that exceed 512kbyte/s, but permit up to 1Megabytes without "
3171-"matching\" --hashlimit-mode dstip --hashlimit-above 512kb/s "
3172-"--hashlimit-burst 1mb"
3173-msgstr ""
3174-
3175-#. type: SS
3176-#: original/man8/iptables-extensions.8:535
3177-#, no-wrap
3178-msgid "hbh (IPv6-specific)"
3179-msgstr ""
3180-
3181-#. type: Plain text
3182-#: original/man8/iptables-extensions.8:537
3183-msgid "This module matches the parameters in Hop-by-Hop Options header"
3184-msgstr ""
3185-
3186-#. type: TP
3187-#: original/man8/iptables-extensions.8:537
3188-#, no-wrap
3189-msgid "[B<!>] B<--hbh-len> I<length>"
3190-msgstr ""
3191-
3192-#. type: TP
3193-#: original/man8/iptables-extensions.8:540
3194-#, no-wrap
3195-msgid "B<--hbh-opts> I<type>[B<:>I<length>][B<,>I<type>[B<:>I<length>]...]"
3196-msgstr ""
3197-
3198-#. type: SS
3199-#: original/man8/iptables-extensions.8:543
3200-#, no-wrap
3201-msgid "helper"
3202-msgstr ""
3203-
3204-#. type: Plain text
3205-#: original/man8/iptables-extensions.8:545
3206-msgid "This module matches packets related to a specific conntrack-helper."
3207-msgstr ""
3208-
3209-#. type: TP
3210-#: original/man8/iptables-extensions.8:545
3211-#, no-wrap
3212-msgid "[B<!>] B<--helper> I<string>"
3213-msgstr ""
3214-
3215-#. type: Plain text
3216-#: original/man8/iptables-extensions.8:548
3217-msgid "Matches packets related to the specified conntrack-helper."
3218-msgstr ""
3219-
3220-#. type: Plain text
3221-#: original/man8/iptables-extensions.8:552
3222-msgid ""
3223-"string can be \"ftp\" for packets related to a ftp-session on default port. "
3224-"For other ports append -portnr to the value, ie. \"ftp-2121\"."
3225-msgstr ""
3226-
3227-#. type: Plain text
3228-#: original/man8/iptables-extensions.8:554
3229-msgid "Same rules apply for other conntrack-helpers."
3230-msgstr ""
3231-
3232-#. type: SS
3233-#: original/man8/iptables-extensions.8:555
3234-#, no-wrap
3235-msgid "hl (IPv6-specific)"
3236-msgstr ""
3237-
3238-#. type: Plain text
3239-#: original/man8/iptables-extensions.8:557
3240-msgid "This module matches the Hop Limit field in the IPv6 header."
3241-msgstr ""
3242-
3243-#. type: TP
3244-#: original/man8/iptables-extensions.8:557
3245-#, no-wrap
3246-msgid "[B<!>] B<--hl-eq> I<value>"
3247-msgstr ""
3248-
3249-#. type: Plain text
3250-#: original/man8/iptables-extensions.8:560
3251-msgid "Matches if Hop Limit equals I<value>."
3252-msgstr ""
3253-
3254-#. type: TP
3255-#: original/man8/iptables-extensions.8:560
3256-#, no-wrap
3257-msgid "B<--hl-lt> I<value>"
3258-msgstr ""
3259-
3260-#. type: Plain text
3261-#: original/man8/iptables-extensions.8:563
3262-msgid "Matches if Hop Limit is less than I<value>."
3263-msgstr ""
3264-
3265-#. type: TP
3266-#: original/man8/iptables-extensions.8:563
3267-#, no-wrap
3268-msgid "B<--hl-gt> I<value>"
3269-msgstr ""
3270-
3271-#. type: Plain text
3272-#: original/man8/iptables-extensions.8:566
3273-msgid "Matches if Hop Limit is greater than I<value>."
3274-msgstr ""
3275-
3276-#. type: SS
3277-#: original/man8/iptables-extensions.8:566
3278-#, no-wrap
3279-msgid "icmp (IPv4-specific)"
3280-msgstr ""
3281-
3282-#. type: Plain text
3283-#: original/man8/iptables-extensions.8:569
3284-msgid ""
3285-"This extension can be used if `--protocol icmp' is specified. It provides "
3286-"the following option:"
3287-msgstr ""
3288-
3289-#. type: TP
3290-#: original/man8/iptables-extensions.8:569
3291-#, no-wrap
3292-msgid "[B<!>] B<--icmp-type> {I<type>[B</>I<code>]|I<typename>}"
3293-msgstr ""
3294-
3295-#. type: Plain text
3296-#: original/man8/iptables-extensions.8:573
3297-msgid ""
3298-"This allows specification of the ICMP type, which can be a numeric ICMP "
3299-"type, type/code pair, or one of the ICMP type names shown by the command"
3300-msgstr ""
3301-
3302-#. type: Plain text
3303-#: original/man8/iptables-extensions.8:575
3304-#, no-wrap
3305-msgid " iptables -p icmp -h\n"
3306-msgstr ""
3307-
3308-#. type: SS
3309-#: original/man8/iptables-extensions.8:576
3310-#, no-wrap
3311-msgid "icmp6 (IPv6-specific)"
3312-msgstr ""
3313-
3314-#. type: Plain text
3315-#: original/man8/iptables-extensions.8:579
3316-msgid ""
3317-"This extension can be used if `--protocol ipv6-icmp' or `--protocol icmpv6' "
3318-"is specified. It provides the following option:"
3319-msgstr ""
3320-
3321-#. type: TP
3322-#: original/man8/iptables-extensions.8:579
3323-#, no-wrap
3324-msgid "[B<!>] B<--icmpv6-type> I<type>[B</>I<code>]|I<typename>"
3325-msgstr ""
3326-
3327-#. type: Plain text
3328-#: original/man8/iptables-extensions.8:588
3329-msgid ""
3330-"This allows specification of the ICMPv6 type, which can be a numeric ICMPv6 "
3331-"I<type>, I<type> and I<code>, or one of the ICMPv6 type names shown by the "
3332-"command"
3333-msgstr ""
3334-
3335-#. type: Plain text
3336-#: original/man8/iptables-extensions.8:590
3337-#, no-wrap
3338-msgid " ip6tables -p ipv6-icmp -h\n"
3339-msgstr ""
3340-
3341-#. type: SS
3342-#: original/man8/iptables-extensions.8:591
3343-#, no-wrap
3344-msgid "iprange"
3345-msgstr ""
3346-
3347-#. type: Plain text
3348-#: original/man8/iptables-extensions.8:593
3349-msgid "This matches on a given arbitrary range of IP addresses."
3350-msgstr ""
3351-
3352-#. type: TP
3353-#: original/man8/iptables-extensions.8:593
3354-#, no-wrap
3355-msgid "[B<!>] B<--src-range> I<from>[B<->I<to>]"
3356-msgstr ""
3357-
3358-#. type: Plain text
3359-#: original/man8/iptables-extensions.8:596
3360-msgid "Match source IP in the specified range."
3361-msgstr ""
3362-
3363-#. type: TP
3364-#: original/man8/iptables-extensions.8:596
3365-#, no-wrap
3366-msgid "[B<!>] B<--dst-range> I<from>[B<->I<to>]"
3367-msgstr ""
3368-
3369-#. type: Plain text
3370-#: original/man8/iptables-extensions.8:599
3371-msgid "Match destination IP in the specified range."
3372-msgstr ""
3373-
3374-#. type: SS
3375-#: original/man8/iptables-extensions.8:599
3376-#, no-wrap
3377-msgid "ipv6header (IPv6-specific)"
3378-msgstr ""
3379-
3380-#. type: Plain text
3381-#: original/man8/iptables-extensions.8:601
3382-msgid "This module matches IPv6 extension headers and/or upper layer header."
3383-msgstr ""
3384-
3385-#. type: TP
3386-#: original/man8/iptables-extensions.8:601
3387-#, no-wrap
3388-msgid "B<--soft>"
3389-msgstr ""
3390-
3391-#. type: Plain text
3392-#: original/man8/iptables-extensions.8:605
3393-msgid ""
3394-"Matches if the packet includes B<any> of the headers specified with "
3395-"B<--header>."
3396-msgstr ""
3397-
3398-#. type: TP
3399-#: original/man8/iptables-extensions.8:605
3400-#, no-wrap
3401-msgid "[B<!>] B<--header> I<header>[B<,>I<header>...]"
3402-msgstr ""
3403-
3404-#. type: Plain text
3405-#: original/man8/iptables-extensions.8:610
3406-msgid ""
3407-"Matches the packet which EXACTLY includes all specified headers. The headers "
3408-"encapsulated with ESP header are out of scope. Possible I<header> types can "
3409-"be:"
3410-msgstr ""
3411-
3412-#. type: TP
3413-#: original/man8/iptables-extensions.8:610
3414-#, no-wrap
3415-msgid "B<hop>|B<hop-by-hop>"
3416-msgstr ""
3417-
3418-#. type: Plain text
3419-#: original/man8/iptables-extensions.8:613
3420-msgid "Hop-by-Hop Options header"
3421-msgstr ""
3422-
3423-#. type: TP
3424-#: original/man8/iptables-extensions.8:613
3425-#, no-wrap
3426-msgid "B<dst>"
3427-msgstr ""
3428-
3429-#. type: Plain text
3430-#: original/man8/iptables-extensions.8:616
3431-msgid "Destination Options header"
3432-msgstr ""
3433-
3434-#. type: TP
3435-#: original/man8/iptables-extensions.8:616
3436-#, no-wrap
3437-msgid "B<route>"
3438-msgstr ""
3439-
3440-#. type: Plain text
3441-#: original/man8/iptables-extensions.8:619
3442-msgid "Routing header"
3443-msgstr ""
3444-
3445-#. type: TP
3446-#: original/man8/iptables-extensions.8:619
3447-#, no-wrap
3448-msgid "B<frag>"
3449-msgstr ""
3450-
3451-#. type: Plain text
3452-#: original/man8/iptables-extensions.8:622
3453-msgid "Fragment header"
3454-msgstr ""
3455-
3456-#. type: TP
3457-#: original/man8/iptables-extensions.8:622
3458-#, no-wrap
3459-msgid "B<auth>"
3460-msgstr ""
3461-
3462-#. type: Plain text
3463-#: original/man8/iptables-extensions.8:625
3464-msgid "Authentication header"
3465-msgstr ""
3466-
3467-#. type: TP
3468-#: original/man8/iptables-extensions.8:625
3469-#, no-wrap
3470-msgid "B<esp>"
3471-msgstr ""
3472-
3473-#. type: Plain text
3474-#: original/man8/iptables-extensions.8:628
3475-msgid "Encapsulating Security Payload header"
3476-msgstr ""
3477-
3478-#. type: TP
3479-#: original/man8/iptables-extensions.8:628
3480-#, no-wrap
3481-msgid "B<none>"
3482-msgstr ""
3483-
3484-#. type: Plain text
3485-#: original/man8/iptables-extensions.8:632
3486-msgid ""
3487-"No Next header which matches 59 in the 'Next Header field' of IPv6 header or "
3488-"any IPv6 extension headers"
3489-msgstr ""
3490-
3491-#. type: TP
3492-#: original/man8/iptables-extensions.8:632
3493-#, no-wrap
3494-msgid "B<proto>"
3495-msgstr ""
3496-
3497-#. type: Plain text
3498-#: original/man8/iptables-extensions.8:637
3499-msgid ""
3500-"which matches any upper layer protocol header. A protocol name from "
3501-"/etc/protocols and numeric value also allowed. The number 255 is equivalent "
3502-"to B<proto>."
3503-msgstr ""
3504-
3505-#. type: SS
3506-#: original/man8/iptables-extensions.8:637
3507-#, no-wrap
3508-msgid "ipvs"
3509-msgstr ""
3510-
3511-#. type: Plain text
3512-#: original/man8/iptables-extensions.8:639
3513-msgid "Match IPVS connection properties."
3514-msgstr ""
3515-
3516-#. type: TP
3517-#: original/man8/iptables-extensions.8:639
3518-#, no-wrap
3519-msgid "[B<!>] B<--ipvs>"
3520-msgstr ""
3521-
3522-#. type: Plain text
3523-#: original/man8/iptables-extensions.8:642
3524-msgid "packet belongs to an IPVS connection"
3525-msgstr ""
3526-
3527-#. type: TP
3528-#: original/man8/iptables-extensions.8:642
3529-#, no-wrap
3530-msgid "Any of the following options implies --ipvs (even negated)"
3531-msgstr ""
3532-
3533-#. type: TP
3534-#: original/man8/iptables-extensions.8:644
3535-#, no-wrap
3536-msgid "[B<!>] B<--vproto> I<protocol>"
3537-msgstr ""
3538-
3539-#. type: Plain text
3540-#: original/man8/iptables-extensions.8:647
3541-msgid "VIP protocol to match; by number or name, e.g. \"tcp\""
3542-msgstr ""
3543-
3544-#. type: TP
3545-#: original/man8/iptables-extensions.8:647
3546-#, no-wrap
3547-msgid "[B<!>] B<--vaddr> I<address>[B</>I<mask>]"
3548-msgstr ""
3549-
3550-#. type: Plain text
3551-#: original/man8/iptables-extensions.8:650
3552-msgid "VIP address to match"
3553-msgstr ""
3554-
3555-#. type: TP
3556-#: original/man8/iptables-extensions.8:650
3557-#, no-wrap
3558-msgid "[B<!>] B<--vport> I<port>"
3559-msgstr ""
3560-
3561-#. type: Plain text
3562-#: original/man8/iptables-extensions.8:653
3563-msgid "VIP port to match; by number or name, e.g. \"http\""
3564-msgstr ""
3565-
3566-#. type: TP
3567-#: original/man8/iptables-extensions.8:653
3568-#, no-wrap
3569-msgid "B<--vdir> {B<ORIGINAL>|B<REPLY>}"
3570-msgstr ""
3571-
3572-#. type: Plain text
3573-#: original/man8/iptables-extensions.8:656
3574-msgid "flow direction of packet"
3575-msgstr ""
3576-
3577-#. type: TP
3578-#: original/man8/iptables-extensions.8:656
3579-#, no-wrap
3580-msgid "[B<!>] B<--vmethod> {B<GATE>|B<IPIP>|B<MASQ>}"
3581-msgstr ""
3582-
3583-#. type: Plain text
3584-#: original/man8/iptables-extensions.8:659
3585-msgid "IPVS forwarding method used"
3586-msgstr ""
3587-
3588-#. type: TP
3589-#: original/man8/iptables-extensions.8:659
3590-#, no-wrap
3591-msgid "[B<!>] B<--vportctl> I<port>"
3592-msgstr ""
3593-
3594-#. type: Plain text
3595-#: original/man8/iptables-extensions.8:662
3596-msgid "VIP port of the controlling connection to match, e.g. 21 for FTP"
3597-msgstr ""
3598-
3599-#. type: SS
3600-#: original/man8/iptables-extensions.8:662
3601-#, no-wrap
3602-msgid "length"
3603-msgstr ""
3604-
3605-#. type: Plain text
3606-#: original/man8/iptables-extensions.8:666
3607-msgid ""
3608-"This module matches the length of the layer-3 payload (e.g. layer-4 packet) "
3609-"of a packet against a specific value or range of values."
3610-msgstr ""
3611-
3612-#. type: TP
3613-#: original/man8/iptables-extensions.8:666
3614-#, no-wrap
3615-msgid "[B<!>] B<--length> I<length>[B<:>I<length>]"
3616-msgstr ""
3617-
3618-#. type: SS
3619-#: original/man8/iptables-extensions.8:668
3620-#, no-wrap
3621-msgid "limit"
3622-msgstr ""
3623-
3624-#. type: Plain text
3625-#: original/man8/iptables-extensions.8:674
3626-msgid ""
3627-"This module matches at a limited rate using a token bucket filter. A rule "
3628-"using this extension will match until this limit is reached. It can be used "
3629-"in combination with the B<LOG> target to give limited logging, for example."
3630-msgstr ""
3631-
3632-#. type: Plain text
3633-#: original/man8/iptables-extensions.8:677
3634-msgid ""
3635-"xt_limit has no negation support - you will have to use -m hashlimit ! "
3636-"--hashlimit I<rate> in this case whilst omitting --hashlimit-mode."
3637-msgstr ""
3638-
3639-#. type: TP
3640-#: original/man8/iptables-extensions.8:677
3641-#, no-wrap
3642-msgid "B<--limit> I<rate>[B</second>|B</minute>|B</hour>|B</day>]"
3643-msgstr ""
3644-
3645-#. type: Plain text
3646-#: original/man8/iptables-extensions.8:682
3647-msgid ""
3648-"Maximum average matching rate: specified as a number, with an optional "
3649-"`/second', `/minute', `/hour', or `/day' suffix; the default is 3/hour."
3650-msgstr ""
3651-
3652-#. type: TP
3653-#: original/man8/iptables-extensions.8:682
3654-#, no-wrap
3655-msgid "B<--limit-burst> I<number>"
3656-msgstr ""
3657-
3658-#. type: Plain text
3659-#: original/man8/iptables-extensions.8:687
3660-msgid ""
3661-"Maximum initial number of packets to match: this number gets recharged by "
3662-"one every time the limit specified above is not reached, up to this number; "
3663-"the default is 5."
3664-msgstr ""
3665-
3666-#. type: SS
3667-#: original/man8/iptables-extensions.8:687
3668-#, no-wrap
3669-msgid "mac"
3670-msgstr ""
3671-
3672-#. type: TP
3673-#: original/man8/iptables-extensions.8:688
3674-#, no-wrap
3675-msgid "[B<!>] B<--mac-source> I<address>"
3676-msgstr ""
3677-
3678-#. type: Plain text
3679-#: original/man8/iptables-extensions.8:698
3680-msgid ""
3681-"Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note "
3682-"that this only makes sense for packets coming from an Ethernet device and "
3683-"entering the B<PREROUTING>, B<FORWARD> or B<INPUT> chains."
3684-msgstr ""
3685-
3686-#. type: SS
3687-#: original/man8/iptables-extensions.8:698
3688-#, no-wrap
3689-msgid "mark"
3690-msgstr ""
3691-
3692-#. type: Plain text
3693-#: original/man8/iptables-extensions.8:703
3694-msgid ""
3695-"This module matches the netfilter mark field associated with a packet (which "
3696-"can be set using the B<MARK> target below)."
3697-msgstr ""
3698-
3699-#. type: Plain text
3700-#: original/man8/iptables-extensions.8:708
3701-msgid ""
3702-"Matches packets with the given unsigned mark value (if a I<mask> is "
3703-"specified, this is logically ANDed with the I<mask> before the comparison)."
3704-msgstr ""
3705-
3706-#. type: SS
3707-#: original/man8/iptables-extensions.8:708
3708-#, no-wrap
3709-msgid "mh (IPv6-specific)"
3710-msgstr ""
3711-
3712-#. type: Plain text
3713-#: original/man8/iptables-extensions.8:711
3714-msgid ""
3715-"This extension is loaded if `--protocol ipv6-mh' or `--protocol mh' is "
3716-"specified. It provides the following option:"
3717-msgstr ""
3718-
3719-#. type: TP
3720-#: original/man8/iptables-extensions.8:711
3721-#, no-wrap
3722-msgid "[B<!>] B<--mh-type> I<type>[B<:>I<type>]"
3723-msgstr ""
3724-
3725-#. type: Plain text
3726-#: original/man8/iptables-extensions.8:718
3727-msgid ""
3728-"This allows specification of the Mobility Header(MH) type, which can be a "
3729-"numeric MH I<type>, I<type> or one of the MH type names shown by the command"
3730-msgstr ""
3731-
3732-#. type: Plain text
3733-#: original/man8/iptables-extensions.8:720
3734-#, no-wrap
3735-msgid " ip6tables -p ipv6-mh -h\n"
3736-msgstr ""
3737-
3738-#. type: SS
3739-#: original/man8/iptables-extensions.8:721
3740-#, no-wrap
3741-msgid "multiport"
3742-msgstr ""
3743-
3744-#. type: Plain text
3745-#: original/man8/iptables-extensions.8:728
3746-msgid ""
3747-"This module matches a set of source or destination ports. Up to 15 ports "
3748-"can be specified. A port range (port:port) counts as two ports. It can "
3749-"only be used in conjunction with B<-p tcp> or B<-p udp>."
3750-msgstr ""
3751-
3752-#. type: TP
3753-#: original/man8/iptables-extensions.8:728
3754-#, no-wrap
3755-msgid ""
3756-"[B<!>] B<--source-ports>,B<--sports> "
3757-"I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..."
3758-msgstr ""
3759-
3760-#. type: Plain text
3761-#: original/man8/iptables-extensions.8:736
3762-msgid ""
3763-"Match if the source port is one of the given ports. The flag B<--sports> is "
3764-"a convenient alias for this option. Multiple ports or port ranges are "
3765-"separated using a comma, and a port range is specified using a colon. "
3766-"B<53,1024:65535> would therefore match ports 53 and all from 1024 through "
3767-"65535."
3768-msgstr ""
3769-
3770-#. type: TP
3771-#: original/man8/iptables-extensions.8:736
3772-#, no-wrap
3773-msgid ""
3774-"[B<!>] B<--destination-ports>,B<--dports> "
3775-"I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..."
3776-msgstr ""
3777-
3778-#. type: Plain text
3779-#: original/man8/iptables-extensions.8:741
3780-msgid ""
3781-"Match if the destination port is one of the given ports. The flag "
3782-"B<--dports> is a convenient alias for this option."
3783-msgstr ""
3784-
3785-#. type: TP
3786-#: original/man8/iptables-extensions.8:741
3787-#, no-wrap
3788-msgid "[B<!>] B<--ports> I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..."
3789-msgstr ""
3790-
3791-#. type: Plain text
3792-#: original/man8/iptables-extensions.8:745
3793-msgid ""
3794-"Match if either the source or destination ports are equal to one of the "
3795-"given ports."
3796-msgstr ""
3797-
3798-#. type: SS
3799-#: original/man8/iptables-extensions.8:745
3800-#, no-wrap
3801-msgid "nfacct"
3802-msgstr ""
3803-
3804-#. type: Plain text
3805-#: original/man8/iptables-extensions.8:749
3806-msgid ""
3807-"The nfacct match provides the extended accounting infrastructure for "
3808-"iptables. You have to use this match together with the standalone "
3809-"user-space utility B<nfacct(8)>"
3810-msgstr ""
3811-
3812-#. type: Plain text
3813-#: original/man8/iptables-extensions.8:751
3814-msgid "The only option available for this match is the following:"
3815-msgstr ""
3816-
3817-#. type: TP
3818-#: original/man8/iptables-extensions.8:751
3819-#, no-wrap
3820-msgid "B<--nfacct-name> I<name>"
3821-msgstr ""
3822-
3823-#. type: Plain text
3824-#: original/man8/iptables-extensions.8:755
3825-msgid ""
3826-"This allows you to specify the existing object name that will be use for "
3827-"accounting the traffic that this rule-set is matching."
3828-msgstr ""
3829-
3830-#. type: Plain text
3831-#: original/man8/iptables-extensions.8:757
3832-msgid "To use this extension, you have to create an accounting object:"
3833-msgstr ""
3834-
3835-#. type: Plain text
3836-#: original/man8/iptables-extensions.8:759
3837-msgid "nfacct add http-traffic"
3838-msgstr ""
3839-
3840-#. type: Plain text
3841-#: original/man8/iptables-extensions.8:761
3842-msgid "Then, you have to attach it to the accounting object via iptables:"
3843-msgstr ""
3844-
3845-#. type: Plain text
3846-#: original/man8/iptables-extensions.8:763
3847-msgid "iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic"
3848-msgstr ""
3849-
3850-#. type: Plain text
3851-#: original/man8/iptables-extensions.8:765
3852-msgid "iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic"
3853-msgstr ""
3854-
3855-#. type: Plain text
3856-#: original/man8/iptables-extensions.8:767
3857-msgid "Then, you can check for the amount of traffic that the rules match:"
3858-msgstr ""
3859-
3860-#. type: Plain text
3861-#: original/man8/iptables-extensions.8:769
3862-msgid "nfacct get http-traffic"
3863-msgstr ""
3864-
3865-#. type: Plain text
3866-#: original/man8/iptables-extensions.8:771
3867-msgid ""
3868-"{ pkts = 00000000000000000156, bytes = 00000000000000151786 } = "
3869-"http-traffic;"
3870-msgstr ""
3871-
3872-#. type: Plain text
3873-#: original/man8/iptables-extensions.8:776
3874-msgid ""
3875-"You can obtain B<nfacct(8)> from http://www.netfilter.org or, alternatively, "
3876-"from the git.netfilter.org repository."
3877-msgstr ""
3878-
3879-#. type: SS
3880-#: original/man8/iptables-extensions.8:776
3881-#, no-wrap
3882-msgid "osf"
3883-msgstr ""
3884-
3885-#. type: Plain text
3886-#: original/man8/iptables-extensions.8:780
3887-msgid ""
3888-"The osf module does passive operating system fingerprinting. This modules "
3889-"compares some data (Window Size, MSS, options and their order, TTL, DF, and "
3890-"others) from packets with the SYN bit set."
3891-msgstr ""
3892-
3893-#. type: TP
3894-#: original/man8/iptables-extensions.8:780
3895-#, no-wrap
3896-msgid "[B<!>] B<--genre> I<string>"
3897-msgstr ""
3898-
3899-#. type: Plain text
3900-#: original/man8/iptables-extensions.8:783
3901-msgid "Match an operating system genre by using a passive fingerprinting."
3902-msgstr ""
3903-
3904-#. type: TP
3905-#: original/man8/iptables-extensions.8:783
3906-#, no-wrap
3907-msgid "B<--ttl> I<level>"
3908-msgstr ""
3909-
3910-#. type: Plain text
3911-#: original/man8/iptables-extensions.8:787
3912-msgid ""
3913-"Do additional TTL checks on the packet to determine the operating system. "
3914-"I<level> can be one of the following values:"
3915-msgstr ""
3916-
3917-#. type: IP
3918-#: original/man8/iptables-extensions.8:787 original/man8/iptables-extensions.8:790 original/man8/iptables-extensions.8:793 original/man8/iptables-extensions.8:799 original/man8/iptables-extensions.8:801 original/man8/iptables-extensions.8:803 original/man8/iptables-extensions.8:959 original/man8/iptables-extensions.8:961 original/man8/iptables-extensions.8:964 original/man8/iptables-extensions.8:966 original/man8/iptables-extensions.8:969 original/man8/iptables-extensions.8:971 original/man8/iptables-extensions.8:974 original/man8/iptables-extensions.8:977
3919-#, no-wrap
3920-msgid "\\(bu"
3921-msgstr ""
3922-
3923-#. type: Plain text
3924-#: original/man8/iptables-extensions.8:790
3925-msgid ""
3926-"0 - True IP address and fingerprint TTL comparison. This generally works for "
3927-"LANs."
3928-msgstr ""
3929-
3930-#. type: Plain text
3931-#: original/man8/iptables-extensions.8:793
3932-msgid ""
3933-"1 - Check if the IP header's TTL is less than the fingerprint one. Works for "
3934-"globally-routable addresses."
3935-msgstr ""
3936-
3937-#. type: Plain text
3938-#: original/man8/iptables-extensions.8:795
3939-msgid "2 - Do not compare the TTL at all."
3940-msgstr ""
3941-
3942-#. type: TP
3943-#: original/man8/iptables-extensions.8:795
3944-#, no-wrap
3945-msgid "B<--log> I<level>"
3946-msgstr ""
3947-
3948-#. type: Plain text
3949-#: original/man8/iptables-extensions.8:799
3950-msgid ""
3951-"Log determined genres into dmesg even if they do not match the desired one. "
3952-"I<level> can be one of the following values:"
3953-msgstr ""
3954-
3955-#. type: Plain text
3956-#: original/man8/iptables-extensions.8:801
3957-msgid "0 - Log all matched or unknown signatures"
3958-msgstr ""
3959-
3960-#. type: Plain text
3961-#: original/man8/iptables-extensions.8:803
3962-msgid "1 - Log only the first one"
3963-msgstr ""
3964-
3965-#. type: Plain text
3966-#: original/man8/iptables-extensions.8:805
3967-msgid "2 - Log all known matched signatures"
3968-msgstr ""
3969-
3970-#. type: Plain text
3971-#: original/man8/iptables-extensions.8:807
3972-msgid "You may find something like this in syslog:"
3973-msgstr ""
3974-
3975-#. type: Plain text
3976-#: original/man8/iptables-extensions.8:810
3977-msgid ""
3978-"Windows [2000:SP3:Windows XP Pro SP1, 2000 SP3]: 11.22.33.55:4024 -E<gt> "
3979-"11.22.33.44:139 hops=3 Linux [2.5-2.6:] : 1.2.3.4:42624 -E<gt> 1.2.3.5:22 "
3980-"hops=4"
3981-msgstr ""
3982-
3983-#. type: Plain text
3984-#: original/man8/iptables-extensions.8:813
3985-msgid ""
3986-"OS fingerprints are loadable using the B<nfnl_osf> program. To load "
3987-"fingerprints from a file, use:"
3988-msgstr ""
3989-
3990-#. type: Plain text
3991-#: original/man8/iptables-extensions.8:815
3992-msgid "B<nfnl_osf -f /usr/share/xtables/pf.os>"
3993-msgstr ""
3994-
3995-#. type: Plain text
3996-#: original/man8/iptables-extensions.8:817
3997-msgid "To remove them again,"
3998-msgstr ""
3999-
4000-#. type: Plain text
4001-#: original/man8/iptables-extensions.8:819
4002-msgid "B<nfnl_osf -f /usr/share/xtables/pf.os -d>"
4003-msgstr ""
4004-
4005-#. type: Plain text
4006-#: original/man8/iptables-extensions.8:822
4007-msgid ""
4008-"The fingerprint database can be downlaoded from "
4009-"http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os ."
4010-msgstr ""
4011-
4012-#. type: SS
4013-#: original/man8/iptables-extensions.8:822
4014-#, no-wrap
4015-msgid "owner"
4016-msgstr ""
4017-
4018-#. type: Plain text
4019-#: original/man8/iptables-extensions.8:827
4020-msgid ""
4021-"This module attempts to match various characteristics of the packet creator, "
4022-"for locally generated packets. This match is only valid in the OUTPUT and "
4023-"POSTROUTING chains. Forwarded packets do not have any socket associated with "
4024-"them. Packets from kernel threads do have a socket, but usually no owner."
4025-msgstr ""
4026-
4027-#. type: TP
4028-#: original/man8/iptables-extensions.8:827
4029-#, no-wrap
4030-msgid "[B<!>] B<--uid-owner> I<username>"
4031-msgstr ""
4032-
4033-#. type: TP
4034-#: original/man8/iptables-extensions.8:829
4035-#, no-wrap
4036-msgid "[B<!>] B<--uid-owner> I<userid>[B<->I<userid>]"
4037-msgstr ""
4038-
4039-#. type: Plain text
4040-#: original/man8/iptables-extensions.8:833
4041-msgid ""
4042-"Matches if the packet socket's file structure (if it has one) is owned by "
4043-"the given user. You may also specify a numerical UID, or an UID range."
4044-msgstr ""
4045-
4046-#. type: TP
4047-#: original/man8/iptables-extensions.8:833
4048-#, no-wrap
4049-msgid "[B<!>] B<--gid-owner> I<groupname>"
4050-msgstr ""
4051-
4052-#. type: TP
4053-#: original/man8/iptables-extensions.8:835
4054-#, no-wrap
4055-msgid "[B<!>] B<--gid-owner> I<groupid>[B<->I<groupid>]"
4056-msgstr ""
4057-
4058-#. type: Plain text
4059-#: original/man8/iptables-extensions.8:839
4060-msgid ""
4061-"Matches if the packet socket's file structure is owned by the given group. "
4062-"You may also specify a numerical GID, or a GID range."
4063-msgstr ""
4064-
4065-#. type: TP
4066-#: original/man8/iptables-extensions.8:839
4067-#, no-wrap
4068-msgid "[B<!>] B<--socket-exists>"
4069-msgstr ""
4070-
4071-#. type: Plain text
4072-#: original/man8/iptables-extensions.8:842
4073-msgid "Matches if the packet is associated with a socket."
4074-msgstr ""
4075-
4076-#. type: SS
4077-#: original/man8/iptables-extensions.8:842
4078-#, no-wrap
4079-msgid "physdev"
4080-msgstr ""
4081-
4082-#. type: Plain text
4083-#: original/man8/iptables-extensions.8:847
4084-msgid ""
4085-"This module matches on the bridge port input and output devices enslaved to "
4086-"a bridge device. This module is a part of the infrastructure that enables a "
4087-"transparent bridging IP firewall and is only useful for kernel versions "
4088-"above version 2.5.44."
4089-msgstr ""
4090-
4091-#. type: TP
4092-#: original/man8/iptables-extensions.8:847
4093-#, no-wrap
4094-msgid "[B<!>] B<--physdev-in> I<name>"
4095-msgstr ""
4096-
4097-#. type: Plain text
4098-#: original/man8/iptables-extensions.8:858
4099-msgid ""
4100-"Name of a bridge port via which a packet is received (only for packets "
4101-"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). If the "
4102-"interface name ends in a \"+\", then any interface which begins with this "
4103-"name will match. If the packet didn't arrive through a bridge device, this "
4104-"packet won't match this option, unless '!' is used."
4105-msgstr ""
4106-
4107-#. type: TP
4108-#: original/man8/iptables-extensions.8:858
4109-#, no-wrap
4110-msgid "[B<!>] B<--physdev-out> I<name>"
4111-msgstr ""
4112-
4113-#. type: Plain text
4114-#: original/man8/iptables-extensions.8:875
4115-msgid ""
4116-"Name of a bridge port via which a packet is going to be sent (for packets "
4117-"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). If the "
4118-"interface name ends in a \"+\", then any interface which begins with this "
4119-"name will match. Note that in the B<nat> and B<mangle> B<OUTPUT> chains one "
4120-"cannot match on the bridge output port, however one can in the B<filter "
4121-"OUTPUT> chain. If the packet won't leave by a bridge device or if it is yet "
4122-"unknown what the output device will be, then the packet won't match this "
4123-"option, unless '!' is used."
4124-msgstr ""
4125-
4126-#. type: TP
4127-#: original/man8/iptables-extensions.8:875
4128-#, no-wrap
4129-msgid "[B<!>] B<--physdev-is-in>"
4130-msgstr ""
4131-
4132-#. type: Plain text
4133-#: original/man8/iptables-extensions.8:878
4134-msgid "Matches if the packet has entered through a bridge interface."
4135-msgstr ""
4136-
4137-#. type: TP
4138-#: original/man8/iptables-extensions.8:878
4139-#, no-wrap
4140-msgid "[B<!>] B<--physdev-is-out>"
4141-msgstr ""
4142-
4143-#. type: Plain text
4144-#: original/man8/iptables-extensions.8:881
4145-msgid "Matches if the packet will leave through a bridge interface."
4146-msgstr ""
4147-
4148-#. type: TP
4149-#: original/man8/iptables-extensions.8:881
4150-#, no-wrap
4151-msgid "[B<!>] B<--physdev-is-bridged>"
4152-msgstr ""
4153-
4154-#. type: Plain text
4155-#: original/man8/iptables-extensions.8:885
4156-msgid ""
4157-"Matches if the packet is being bridged and therefore is not being routed. "
4158-"This is only useful in the FORWARD and POSTROUTING chains."
4159-msgstr ""
4160-
4161-#. type: SS
4162-#: original/man8/iptables-extensions.8:885
4163-#, no-wrap
4164-msgid "pkttype"
4165-msgstr ""
4166-
4167-#. type: Plain text
4168-#: original/man8/iptables-extensions.8:887
4169-msgid "This module matches the link-layer packet type."
4170-msgstr ""
4171-
4172-#. type: TP
4173-#: original/man8/iptables-extensions.8:887
4174-#, no-wrap
4175-msgid "[B<!>] B<--pkt-type> {B<unicast>|B<broadcast>|B<multicast>}"
4176-msgstr ""
4177-
4178-#. type: SS
4179-#: original/man8/iptables-extensions.8:889
4180-#, no-wrap
4181-msgid "policy"
4182-msgstr ""
4183-
4184-#. type: Plain text
4185-#: original/man8/iptables-extensions.8:891
4186-msgid "This modules matches the policy used by IPsec for handling a packet."
4187-msgstr ""
4188-
4189-#. type: TP
4190-#: original/man8/iptables-extensions.8:891
4191-#, no-wrap
4192-msgid "B<--dir> {B<in>|B<out>}"
4193-msgstr ""
4194-
4195-#. type: Plain text
4196-#: original/man8/iptables-extensions.8:903
4197-msgid ""
4198-"Used to select whether to match the policy used for decapsulation or the "
4199-"policy that will be used for encapsulation. B<in> is valid in the "
4200-"B<PREROUTING, INPUT and FORWARD> chains, B<out> is valid in the "
4201-"B<POSTROUTING, OUTPUT and FORWARD> chains."
4202-msgstr ""
4203-
4204-#. type: TP
4205-#: original/man8/iptables-extensions.8:903
4206-#, no-wrap
4207-msgid "B<--pol> {B<none>|B<ipsec>}"
4208-msgstr ""
4209-
4210-#. type: Plain text
4211-#: original/man8/iptables-extensions.8:907
4212-msgid ""
4213-"Matches if the packet is subject to IPsec processing. B<--pol none> cannot "
4214-"be combined with B<--strict>."
4215-msgstr ""
4216-
4217-#. type: TP
4218-#: original/man8/iptables-extensions.8:907
4219-#, no-wrap
4220-msgid "B<--strict>"
4221-msgstr ""
4222-
4223-#. type: Plain text
4224-#: original/man8/iptables-extensions.8:911
4225-msgid ""
4226-"Selects whether to match the exact policy or match if any rule of the policy "
4227-"matches the given policy."
4228-msgstr ""
4229-
4230-#. type: Plain text
4231-#: original/man8/iptables-extensions.8:915
4232-msgid ""
4233-"For each policy element that is to be described, one can use one or more of "
4234-"the following options. When B<--strict> is in effect, at least one must be "
4235-"used per element."
4236-msgstr ""
4237-
4238-#. type: TP
4239-#: original/man8/iptables-extensions.8:915
4240-#, no-wrap
4241-msgid "[B<!>] B<--reqid> I<id>"
4242-msgstr ""
4243-
4244-#. type: Plain text
4245-#: original/man8/iptables-extensions.8:922
4246-msgid ""
4247-"Matches the reqid of the policy rule. The reqid can be specified with "
4248-"B<setkey(8)> using B<unique:id> as level."
4249-msgstr ""
4250-
4251-#. type: TP
4252-#: original/man8/iptables-extensions.8:922
4253-#, no-wrap
4254-msgid "[B<!>] B<--spi> I<spi>"
4255-msgstr ""
4256-
4257-#. type: Plain text
4258-#: original/man8/iptables-extensions.8:925
4259-msgid "Matches the SPI of the SA."
4260-msgstr ""
4261-
4262-#. type: TP
4263-#: original/man8/iptables-extensions.8:925
4264-#, no-wrap
4265-msgid "[B<!>] B<--proto> {B<ah>|B<esp>|B<ipcomp>}"
4266-msgstr ""
4267-
4268-#. type: Plain text
4269-#: original/man8/iptables-extensions.8:928
4270-msgid "Matches the encapsulation protocol."
4271-msgstr ""
4272-
4273-#. type: TP
4274-#: original/man8/iptables-extensions.8:928
4275-#, no-wrap
4276-msgid "[B<!>] B<--mode> {B<tunnel>|B<transport>}"
4277-msgstr ""
4278-
4279-#. type: Plain text
4280-#: original/man8/iptables-extensions.8:931
4281-msgid "Matches the encapsulation mode."
4282-msgstr ""
4283-
4284-#. type: TP
4285-#: original/man8/iptables-extensions.8:931
4286-#, no-wrap
4287-msgid "[B<!>] B<--tunnel-src> I<addr>[B</>I<mask>]"
4288-msgstr ""
4289-
4290-#. type: Plain text
4291-#: original/man8/iptables-extensions.8:935
4292-msgid ""
4293-"Matches the source end-point address of a tunnel mode SA. Only valid with "
4294-"B<--mode tunnel>."
4295-msgstr ""
4296-
4297-#. type: TP
4298-#: original/man8/iptables-extensions.8:935
4299-#, no-wrap
4300-msgid "[B<!>] B<--tunnel-dst> I<addr>[B</>I<mask>]"
4301-msgstr ""
4302-
4303-#. type: Plain text
4304-#: original/man8/iptables-extensions.8:939
4305-msgid ""
4306-"Matches the destination end-point address of a tunnel mode SA. Only valid "
4307-"with B<--mode tunnel>."
4308-msgstr ""
4309-
4310-#. type: TP
4311-#: original/man8/iptables-extensions.8:939
4312-#, no-wrap
4313-msgid "B<--next>"
4314-msgstr ""
4315-
4316-#. type: Plain text
4317-#: original/man8/iptables-extensions.8:943
4318-msgid ""
4319-"Start the next element in the policy specification. Can only be used with "
4320-"B<--strict>."
4321-msgstr ""
4322-
4323-#. type: SS
4324-#: original/man8/iptables-extensions.8:943
4325-#, no-wrap
4326-msgid "quota"
4327-msgstr ""
4328-
4329-#. type: Plain text
4330-#: original/man8/iptables-extensions.8:948
4331-msgid ""
4332-"Implements network quotas by decrementing a byte counter with each "
4333-"packet. The condition matches until the byte counter reaches zero. Behavior "
4334-"is reversed with negation (i.e. the condition does not match until the byte "
4335-"counter reaches zero)."
4336-msgstr ""
4337-
4338-#. type: TP
4339-#: original/man8/iptables-extensions.8:948
4340-#, no-wrap
4341-msgid "[B<!>] B<--quota> I<bytes>"
4342-msgstr ""
4343-
4344-#. type: Plain text
4345-#: original/man8/iptables-extensions.8:951
4346-msgid "The quota in bytes."
4347-msgstr ""
4348-
4349-#. type: SS
4350-#: original/man8/iptables-extensions.8:951
4351-#, no-wrap
4352-msgid "rateest"
4353-msgstr ""
4354-
4355-#. type: Plain text
4356-#: original/man8/iptables-extensions.8:955
4357-msgid ""
4358-"The rate estimator can match on estimated rates as collected by the RATEEST "
4359-"target. It supports matching on absolute bps/pps values, comparing two rate "
4360-"estimators and matching on the difference between two rate estimators."
4361-msgstr ""
4362-
4363-#. * Absolute:
4364-#. type: Plain text
4365-#: original/man8/iptables-extensions.8:959
4366-msgid ""
4367-"For a better understanding of the available options, these are all possible "
4368-"combinations:"
4369-msgstr ""
4370-
4371-#. type: Plain text
4372-#: original/man8/iptables-extensions.8:961
4373-msgid "B<rateest> I<operator> B<rateest-bps>"
4374-msgstr ""
4375-
4376-#. * Absolute + Delta:
4377-#. type: Plain text
4378-#: original/man8/iptables-extensions.8:964
4379-msgid "B<rateest> I<operator> B<rateest-pps>"
4380-msgstr ""
4381-
4382-#. type: Plain text
4383-#: original/man8/iptables-extensions.8:966
4384-msgid "(B<rateest> minus B<rateest-bps1>) I<operator> B<rateest-bps2>"
4385-msgstr ""
4386-
4387-#. * Relative:
4388-#. type: Plain text
4389-#: original/man8/iptables-extensions.8:969
4390-msgid "(B<rateest> minus B<rateest-pps1>) I<operator> B<rateest-pps2>"
4391-msgstr ""
4392-
4393-#. type: Plain text
4394-#: original/man8/iptables-extensions.8:971
4395-msgid "B<rateest1> I<operator> B<rateest2> B<rateest-bps>(without rate!)"
4396-msgstr ""
4397-
4398-#. * Relative + Delta:
4399-#. type: Plain text
4400-#: original/man8/iptables-extensions.8:974
4401-msgid "B<rateest1> I<operator> B<rateest2> B<rateest-pps>(without rate!)"
4402-msgstr ""
4403-
4404-#. type: Plain text
4405-#: original/man8/iptables-extensions.8:977
4406-msgid ""
4407-"(B<rateest1> minus B<rateest-bps1>) I<operator> (B<rateest2> minus "
4408-"B<rateest-bps2>)"
4409-msgstr ""
4410-
4411-#. type: Plain text
4412-#: original/man8/iptables-extensions.8:980
4413-msgid ""
4414-"(B<rateest1> minus B<rateest-pps1>) I<operator> (B<rateest2> minus "
4415-"B<rateest-pps2>)"
4416-msgstr ""
4417-
4418-#. type: TP
4419-#: original/man8/iptables-extensions.8:980
4420-#, no-wrap
4421-msgid "B<--rateest-delta>"
4422-msgstr ""
4423-
4424-#. type: Plain text
4425-#: original/man8/iptables-extensions.8:987
4426-msgid ""
4427-"For each estimator (either absolute or relative mode), calculate the "
4428-"difference between the estimator-determined flow rate and the static value "
4429-"chosen with the BPS/PPS options. If the flow rate is higher than the "
4430-"specified BPS/PPS, 0 will be used instead of a negative value. In other "
4431-"words, \"max(0, rateest#_rate - rateest#_bps)\" is used."
4432-msgstr ""
4433-
4434-#. type: TP
4435-#: original/man8/iptables-extensions.8:987
4436-#, no-wrap
4437-msgid "[B<!>] B<--rateest-lt>"
4438-msgstr ""
4439-
4440-#. type: Plain text
4441-#: original/man8/iptables-extensions.8:990
4442-msgid "Match if rate is less than given rate/estimator."
4443-msgstr ""
4444-
4445-#. type: TP
4446-#: original/man8/iptables-extensions.8:990
4447-#, no-wrap
4448-msgid "[B<!>] B<--rateest-gt>"
4449-msgstr ""
4450-
4451-#. type: Plain text
4452-#: original/man8/iptables-extensions.8:993
4453-msgid "Match if rate is greater than given rate/estimator."
4454-msgstr ""
4455-
4456-#. type: TP
4457-#: original/man8/iptables-extensions.8:993
4458-#, no-wrap
4459-msgid "[B<!>] B<--rateest-eq>"
4460-msgstr ""
4461-
4462-#. type: Plain text
4463-#: original/man8/iptables-extensions.8:996
4464-msgid "Match if rate is equal to given rate/estimator."
4465-msgstr ""
4466-
4467-#. type: Plain text
4468-#: original/man8/iptables-extensions.8:1000
4469-msgid ""
4470-"In the so-called \"absolute mode\", only one rate estimator is used and "
4471-"compared against a static value, while in \"relative mode\", two rate "
4472-"estimators are compared against another."
4473-msgstr ""
4474-
4475-#. type: TP
4476-#: original/man8/iptables-extensions.8:1000
4477-#, no-wrap
4478-msgid "B<--rateest> I<name>"
4479-msgstr ""
4480-
4481-#. type: Plain text
4482-#: original/man8/iptables-extensions.8:1003
4483-msgid "Name of the one rate estimator for absolute mode."
4484-msgstr ""
4485-
4486-#. type: TP
4487-#: original/man8/iptables-extensions.8:1003
4488-#, no-wrap
4489-msgid "B<--rateest1> I<name>"
4490-msgstr ""
4491-
4492-#. type: TP
4493-#: original/man8/iptables-extensions.8:1005
4494-#, no-wrap
4495-msgid "B<--rateest2> I<name>"
4496-msgstr ""
4497-
4498-#. type: Plain text
4499-#: original/man8/iptables-extensions.8:1008
4500-msgid "The names of the two rate estimators for relative mode."
4501-msgstr ""
4502-
4503-#. type: TP
4504-#: original/man8/iptables-extensions.8:1008
4505-#, no-wrap
4506-msgid "B<--rateest-bps> [I<value>]"
4507-msgstr ""
4508-
4509-#. type: TP
4510-#: original/man8/iptables-extensions.8:1010
4511-#, no-wrap
4512-msgid "B<--rateest-pps> [I<value>]"
4513-msgstr ""
4514-
4515-#. type: TP
4516-#: original/man8/iptables-extensions.8:1012
4517-#, no-wrap
4518-msgid "B<--rateest-bps1> [I<value>]"
4519-msgstr ""
4520-
4521-#. type: TP
4522-#: original/man8/iptables-extensions.8:1014
4523-#, no-wrap
4524-msgid "B<--rateest-bps2> [I<value>]"
4525-msgstr ""
4526-
4527-#. type: TP
4528-#: original/man8/iptables-extensions.8:1016
4529-#, no-wrap
4530-msgid "B<--rateest-pps1> [I<value>]"
4531-msgstr ""
4532-
4533-#. type: TP
4534-#: original/man8/iptables-extensions.8:1018
4535-#, no-wrap
4536-msgid "B<--rateest-pps2> [I<value>]"
4537-msgstr ""
4538-
4539-#. type: Plain text
4540-#: original/man8/iptables-extensions.8:1024
4541-msgid ""
4542-"Compare the estimator(s) by bytes or packets per second, and compare against "
4543-"the chosen value. See the above bullet list for which option is to be used "
4544-"in which case. A unit suffix may be used - available ones are: bit, "
4545-"[kmgt]bit, [KMGT]ibit, Bps, [KMGT]Bps, [KMGT]iBps."
4546-msgstr ""
4547-
4548-#. type: Plain text
4549-#: original/man8/iptables-extensions.8:1028
4550-msgid ""
4551-"Example: This is what can be used to route outgoing data connections from an "
4552-"FTP server over two lines based on the available bandwidth at the time the "
4553-"data connection was started:"
4554-msgstr ""
4555-
4556-#. type: Plain text
4557-#: original/man8/iptables-extensions.8:1030
4558-msgid "# Estimate outgoing rates"
4559-msgstr ""
4560-
4561-#. type: Plain text
4562-#: original/man8/iptables-extensions.8:1033
4563-msgid ""
4564-"iptables -t mangle -A POSTROUTING -o eth0 -j RATEEST --rateest-name eth0 "
4565-"--rateest-interval 250ms --rateest-ewma 0.5s"
4566-msgstr ""
4567-
4568-#. type: Plain text
4569-#: original/man8/iptables-extensions.8:1036
4570-msgid ""
4571-"iptables -t mangle -A POSTROUTING -o ppp0 -j RATEEST --rateest-name ppp0 "
4572-"--rateest-interval 250ms --rateest-ewma 0.5s"
4573-msgstr ""
4574-
4575-#. type: Plain text
4576-#: original/man8/iptables-extensions.8:1038
4577-msgid "# Mark based on available bandwidth"
4578-msgstr ""
4579-
4580-#. type: Plain text
4581-#: original/man8/iptables-extensions.8:1042
4582-msgid ""
4583-"iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper "
4584-"ftp -m rateest --rateest-delta --rateest1 eth0 --rateest-bps1 2.5mbit "
4585-"--rateest-gt --rateest2 ppp0 --rateest-bps2 2mbit -j CONNMARK --set-mark 1"
4586-msgstr ""
4587-
4588-#. type: Plain text
4589-#: original/man8/iptables-extensions.8:1046
4590-msgid ""
4591-"iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper "
4592-"ftp -m rateest --rateest-delta --rateest1 ppp0 --rateest-bps1 2mbit "
4593-"--rateest-gt --rateest2 eth0 --rateest-bps2 2.5mbit -j CONNMARK --set-mark 2"
4594-msgstr ""
4595-
4596-#. type: Plain text
4597-#: original/man8/iptables-extensions.8:1048
4598-msgid "iptables -t mangle -A balance -j CONNMARK --restore-mark"
4599-msgstr ""
4600-
4601-#. type: SS
4602-#: original/man8/iptables-extensions.8:1048
4603-#, no-wrap
4604-msgid "realm (IPv4-specific)"
4605-msgstr ""
4606-
4607-#. type: Plain text
4608-#: original/man8/iptables-extensions.8:1051
4609-msgid ""
4610-"This matches the routing realm. Routing realms are used in complex routing "
4611-"setups involving dynamic routing protocols like BGP."
4612-msgstr ""
4613-
4614-#. type: TP
4615-#: original/man8/iptables-extensions.8:1051
4616-#, no-wrap
4617-msgid "[B<!>] B<--realm> I<value>[B</>I<mask>]"
4618-msgstr ""
4619-
4620-#. type: Plain text
4621-#: original/man8/iptables-extensions.8:1056
4622-msgid ""
4623-"Matches a given realm number (and optionally mask). If not a number, value "
4624-"can be a named realm from /etc/iproute2/rt_realms (mask can not be used in "
4625-"that case)."
4626-msgstr ""
4627-
4628-#. type: SS
4629-#: original/man8/iptables-extensions.8:1056
4630-#, no-wrap
4631-msgid "recent"
4632-msgstr ""
4633-
4634-#. type: Plain text
4635-#: original/man8/iptables-extensions.8:1059
4636-msgid ""
4637-"Allows you to dynamically create a list of IP addresses and then match "
4638-"against that list in a few different ways."
4639-msgstr ""
4640-
4641-#. type: Plain text
4642-#: original/man8/iptables-extensions.8:1063
4643-msgid ""
4644-"For example, you can create a \"badguy\" list out of people attempting to "
4645-"connect to port 139 on your firewall and then DROP all future packets from "
4646-"them without considering them."
4647-msgstr ""
4648-
4649-#. type: Plain text
4650-#: original/man8/iptables-extensions.8:1066
4651-msgid "B<--set>, B<--rcheck>, B<--update> and B<--remove> are mutually exclusive."
4652-msgstr ""
4653-
4654-#. type: TP
4655-#: original/man8/iptables-extensions.8:1066
4656-#, no-wrap
4657-msgid "B<--name> I<name>"
4658-msgstr ""
4659-
4660-#. type: Plain text
4661-#: original/man8/iptables-extensions.8:1070
4662-msgid ""
4663-"Specify the list to use for the commands. If no name is given then "
4664-"B<DEFAULT> will be used."
4665-msgstr ""
4666-
4667-#. type: TP
4668-#: original/man8/iptables-extensions.8:1070
4669-#, no-wrap
4670-msgid "[B<!>] B<--set>"
4671-msgstr ""
4672-
4673-#. type: Plain text
4674-#: original/man8/iptables-extensions.8:1075
4675-msgid ""
4676-"This will add the source address of the packet to the list. If the source "
4677-"address is already in the list, this will update the existing entry. This "
4678-"will always return success (or failure if B<!> is passed in)."
4679-msgstr ""
4680-
4681-#. type: TP
4682-#: original/man8/iptables-extensions.8:1075
4683-#, no-wrap
4684-msgid "B<--rsource>"
4685-msgstr ""
4686-
4687-#. type: Plain text
4688-#: original/man8/iptables-extensions.8:1079
4689-msgid ""
4690-"Match/save the source address of each packet in the recent list table. This "
4691-"is the default."
4692-msgstr ""
4693-
4694-#. type: TP
4695-#: original/man8/iptables-extensions.8:1079
4696-#, no-wrap
4697-msgid "B<--rdest>"
4698-msgstr ""
4699-
4700-#. type: Plain text
4701-#: original/man8/iptables-extensions.8:1082
4702-msgid "Match/save the destination address of each packet in the recent list table."
4703-msgstr ""
4704-
4705-#. type: TP
4706-#: original/man8/iptables-extensions.8:1082
4707-#, no-wrap
4708-msgid "B<--mask>netmask"
4709-msgstr ""
4710-
4711-#. type: Plain text
4712-#: original/man8/iptables-extensions.8:1085
4713-msgid "Netmask that will be applied to this recent list."
4714-msgstr ""
4715-
4716-#. type: TP
4717-#: original/man8/iptables-extensions.8:1085
4718-#, no-wrap
4719-msgid "[B<!>] B<--rcheck>"
4720-msgstr ""
4721-
4722-#. type: Plain text
4723-#: original/man8/iptables-extensions.8:1088
4724-msgid "Check if the source address of the packet is currently in the list."
4725-msgstr ""
4726-
4727-#. type: TP
4728-#: original/man8/iptables-extensions.8:1088
4729-#, no-wrap
4730-msgid "[B<!>] B<--update>"
4731-msgstr ""
4732-
4733-#. type: Plain text
4734-#: original/man8/iptables-extensions.8:1092
4735-msgid ""
4736-"Like B<--rcheck>, except it will update the \"last seen\" timestamp if it "
4737-"matches."
4738-msgstr ""
4739-
4740-#. type: TP
4741-#: original/man8/iptables-extensions.8:1092
4742-#, no-wrap
4743-msgid "[B<!>] B<--remove>"
4744-msgstr ""
4745-
4746-#. type: Plain text
4747-#: original/man8/iptables-extensions.8:1097
4748-msgid ""
4749-"Check if the source address of the packet is currently in the list and if so "
4750-"that address will be removed from the list and the rule will return true. If "
4751-"the address is not found, false is returned."
4752-msgstr ""
4753-
4754-#. type: TP
4755-#: original/man8/iptables-extensions.8:1097
4756-#, no-wrap
4757-msgid "B<--seconds> I<seconds>"
4758-msgstr ""
4759-
4760-#. type: Plain text
4761-#: original/man8/iptables-extensions.8:1102
4762-msgid ""
4763-"This option must be used in conjunction with one of B<--rcheck> or "
4764-"B<--update>. When used, this will narrow the match to only happen when the "
4765-"address is in the list and was seen within the last given number of seconds."
4766-msgstr ""
4767-
4768-#. type: TP
4769-#: original/man8/iptables-extensions.8:1102
4770-#, no-wrap
4771-msgid "B<--reap>"
4772-msgstr ""
4773-
4774-#. type: Plain text
4775-#: original/man8/iptables-extensions.8:1107
4776-msgid ""
4777-"This option can only be used in conjunction with B<--seconds>. When used, "
4778-"this will cause entries older than the last given number of seconds to be "
4779-"purged."
4780-msgstr ""
4781-
4782-#. type: TP
4783-#: original/man8/iptables-extensions.8:1107
4784-#, no-wrap
4785-msgid "B<--hitcount> I<hits>"
4786-msgstr ""
4787-
4788-#. type: Plain text
4789-#: original/man8/iptables-extensions.8:1117
4790-msgid ""
4791-"This option must be used in conjunction with one of B<--rcheck> or "
4792-"B<--update>. When used, this will narrow the match to only happen when the "
4793-"address is in the list and packets had been received greater than or equal "
4794-"to the given value. This option may be used along with B<--seconds> to "
4795-"create an even narrower match requiring a certain number of hits within a "
4796-"specific time frame. The maximum value for the hitcount parameter is given "
4797-"by the \"ip_pkt_list_tot\" parameter of the xt_recent kernel "
4798-"module. Exceeding this value on the command line will cause the rule to be "
4799-"rejected."
4800-msgstr ""
4801-
4802-#. type: TP
4803-#: original/man8/iptables-extensions.8:1117
4804-#, no-wrap
4805-msgid "B<--rttl>"
4806-msgstr ""
4807-
4808-#. type: Plain text
4809-#: original/man8/iptables-extensions.8:1125
4810-msgid ""
4811-"This option may only be used in conjunction with one of B<--rcheck> or "
4812-"B<--update>. When used, this will narrow the match to only happen when the "
4813-"address is in the list and the TTL of the current packet matches that of the "
4814-"packet which hit the B<--set> rule. This may be useful if you have problems "
4815-"with people faking their source address in order to DoS you via this module "
4816-"by disallowing others access to your site by sending bogus packets to you."
4817-msgstr ""
4818-
4819-#. type: Plain text
4820-#: original/man8/iptables-extensions.8:1129
4821-msgid "iptables -A FORWARD -m recent --name badguy --rcheck --seconds 60 -j DROP"
4822-msgstr ""
4823-
4824-#. type: Plain text
4825-#: original/man8/iptables-extensions.8:1131
4826-msgid ""
4827-"iptables -A FORWARD -p tcp -i eth0 --dport 139 -m recent --name badguy --set "
4828-"-j DROP"
4829-msgstr ""
4830-
4831-#. type: Plain text
4832-#: original/man8/iptables-extensions.8:1134
4833-msgid ""
4834-"Steve's ipt_recent website (http://snowman.net/projects/ipt_recent/) also "
4835-"has some examples of usage."
4836-msgstr ""
4837-
4838-#. type: Plain text
4839-#: original/man8/iptables-extensions.8:1137
4840-msgid ""
4841-"B</proc/net/xt_recent/*> are the current lists of addresses and information "
4842-"about each entry of each list."
4843-msgstr ""
4844-
4845-#. type: Plain text
4846-#: original/man8/iptables-extensions.8:1140
4847-msgid ""
4848-"Each file in B</proc/net/xt_recent/> can be read from to see the current "
4849-"list or written two using the following commands to modify the list:"
4850-msgstr ""
4851-
4852-#. type: TP
4853-#: original/man8/iptables-extensions.8:1140
4854-#, no-wrap
4855-msgid "B<echo +>I<addr>B< E<gt>/proc/net/xt_recent/DEFAULT>"
4856-msgstr ""
4857-
4858-#. type: Plain text
4859-#: original/man8/iptables-extensions.8:1143
4860-msgid "to add I<addr> to the DEFAULT list"
4861-msgstr ""
4862-
4863-#. type: TP
4864-#: original/man8/iptables-extensions.8:1143
4865-#, no-wrap
4866-msgid "B<echo ->I<addr>B< E<gt>/proc/net/xt_recent/DEFAULT>"
4867-msgstr ""
4868-
4869-#. type: Plain text
4870-#: original/man8/iptables-extensions.8:1146
4871-msgid "to remove I<addr> from the DEFAULT list"
4872-msgstr ""
4873-
4874-#. type: TP
4875-#: original/man8/iptables-extensions.8:1146
4876-#, no-wrap
4877-msgid "B<echo / E<gt>/proc/net/xt_recent/DEFAULT>"
4878-msgstr ""
4879-
4880-#. type: Plain text
4881-#: original/man8/iptables-extensions.8:1149
4882-msgid "to flush the DEFAULT list (remove all entries)."
4883-msgstr ""
4884-
4885-#. type: Plain text
4886-#: original/man8/iptables-extensions.8:1151
4887-msgid "The module itself accepts parameters, defaults shown:"
4888-msgstr ""
4889-
4890-#. type: TP
4891-#: original/man8/iptables-extensions.8:1151
4892-#, no-wrap
4893-msgid "B<ip_list_tot>=I<100>"
4894-msgstr ""
4895-
4896-#. type: Plain text
4897-#: original/man8/iptables-extensions.8:1154
4898-msgid "Number of addresses remembered per table."
4899-msgstr ""
4900-
4901-#. type: TP
4902-#: original/man8/iptables-extensions.8:1154
4903-#, no-wrap
4904-msgid "B<ip_pkt_list_tot>=I<20>"
4905-msgstr ""
4906-
4907-#. type: Plain text
4908-#: original/man8/iptables-extensions.8:1157
4909-msgid "Number of packets per address remembered."
4910-msgstr ""
4911-
4912-#. type: TP
4913-#: original/man8/iptables-extensions.8:1157
4914-#, no-wrap
4915-msgid "B<ip_list_hash_size>=I<0>"
4916-msgstr ""
4917-
4918-#. type: Plain text
4919-#: original/man8/iptables-extensions.8:1160
4920-msgid "Hash table size. 0 means to calculate it based on ip_list_tot, default: 512."
4921-msgstr ""
4922-
4923-#. type: TP
4924-#: original/man8/iptables-extensions.8:1160
4925-#, no-wrap
4926-msgid "B<ip_list_perms>=I<0644>"
4927-msgstr ""
4928-
4929-#. type: Plain text
4930-#: original/man8/iptables-extensions.8:1163
4931-msgid "Permissions for /proc/net/xt_recent/* files."
4932-msgstr ""
4933-
4934-#. type: TP
4935-#: original/man8/iptables-extensions.8:1163
4936-#, no-wrap
4937-msgid "B<ip_list_uid>=I<0>"
4938-msgstr ""
4939-
4940-#. type: Plain text
4941-#: original/man8/iptables-extensions.8:1166
4942-msgid "Numerical UID for ownership of /proc/net/xt_recent/* files."
4943-msgstr ""
4944-
4945-#. type: TP
4946-#: original/man8/iptables-extensions.8:1166
4947-#, no-wrap
4948-msgid "B<ip_list_gid>=I<0>"
4949-msgstr ""
4950-
4951-#. type: Plain text
4952-#: original/man8/iptables-extensions.8:1169
4953-msgid "Numerical GID for ownership of /proc/net/xt_recent/* files."
4954-msgstr ""
4955-
4956-#. type: SS
4957-#: original/man8/iptables-extensions.8:1169
4958-#, no-wrap
4959-msgid "rpfilter"
4960-msgstr ""
4961-
4962-#. type: Plain text
4963-#: original/man8/iptables-extensions.8:1178
4964-msgid ""
4965-"Performs a reverse path filter test on a packet. If a reply to the packet "
4966-"would be sent via the same interface that the packet arrived on, the packet "
4967-"will match. Note that, unlike the in-kernel rp_filter, packets protected by "
4968-"IPSec are not treated specially. Combine this match with the policy match "
4969-"if you want this. Also, packets arriving via the loopback interface are "
4970-"always permitted. This match can only be used in the PREROUTING chain of "
4971-"the raw or mangle table."
4972-msgstr ""
4973-
4974-#. type: TP
4975-#: original/man8/iptables-extensions.8:1178
4976-#, no-wrap
4977-msgid "B<--loose>"
4978-msgstr ""
4979-
4980-#. type: Plain text
4981-#: original/man8/iptables-extensions.8:1182
4982-msgid ""
4983-"Used to specifiy that the reverse path filter test should match even if the "
4984-"selected output device is not the expected one."
4985-msgstr ""
4986-
4987-#. type: TP
4988-#: original/man8/iptables-extensions.8:1182
4989-#, no-wrap
4990-msgid "B<--validmark>"
4991-msgstr ""
4992-
4993-#. type: Plain text
4994-#: original/man8/iptables-extensions.8:1185
4995-msgid ""
4996-"Also use the packets' nfmark value when performing the reverse path route "
4997-"lookup."
4998-msgstr ""
4999-
5000-#. type: TP
5001-#: original/man8/iptables-extensions.8:1185
5002-#, no-wrap
5003-msgid "B<--accept-local>"
5004-msgstr ""
5005-
5006-#. type: Plain text
5007-#: original/man8/iptables-extensions.8:1189
5008-msgid ""
5009-"This will permit packets arriving from the network with a source address "
5010-"that is also assigned to the local machine."
5011-msgstr ""
5012-
5013-#. type: TP
5014-#: original/man8/iptables-extensions.8:1189
5015-#, no-wrap
5016-msgid "B<--invert>"
5017-msgstr ""
5018-
5019-#. type: Plain text
5020-#: original/man8/iptables-extensions.8:1193
5021-msgid ""
5022-"This will invert the sense of the match. Instead of matching packets that "
5023-"passed the reverse path filter test, match those that have failed it."
5024-msgstr ""
5025-
5026-#. type: Plain text
5027-#: original/man8/iptables-extensions.8:1195
5028-msgid "Example to log and drop packets failing the reverse path filter test:"
5029-msgstr ""
5030-
5031-#. type: Plain text
5032-#: original/man8/iptables-extensions.8:1197
5033-msgid "iptables -t raw -N RPFILTER"
5034-msgstr ""
5035-
5036-#. type: Plain text
5037-#: original/man8/iptables-extensions.8:1199
5038-msgid "iptables -t raw -A RPFILTER -m rpfilter -j RETURN"
5039-msgstr ""
5040-
5041-#. type: Plain text
5042-#: original/man8/iptables-extensions.8:1201
5043-msgid ""
5044-"iptables -t raw -A RPFILTER -m limit --limit 10/minute -j NFLOG "
5045-"--nflog-prefix \"rpfilter drop\""
5046-msgstr ""
5047-
5048-#. type: Plain text
5049-#: original/man8/iptables-extensions.8:1203
5050-msgid "iptables -t raw -A RPFILTER -j DROP"
5051-msgstr ""
5052-
5053-#. type: Plain text
5054-#: original/man8/iptables-extensions.8:1205
5055-msgid "iptables -t raw -A PREROUTING -j RPFILTER"
5056-msgstr ""
5057-
5058-#. type: Plain text
5059-#: original/man8/iptables-extensions.8:1207
5060-msgid "Example to drop failed packets, without logging:"
5061-msgstr ""
5062-
5063-#. type: Plain text
5064-#: original/man8/iptables-extensions.8:1209
5065-msgid "iptables -t raw -A RPFILTER -m rpfilter --invert -j DROP"
5066-msgstr ""
5067-
5068-#. type: SS
5069-#: original/man8/iptables-extensions.8:1209
5070-#, no-wrap
5071-msgid "rt (IPv6-specific)"
5072-msgstr ""
5073-
5074-#. type: Plain text
5075-#: original/man8/iptables-extensions.8:1211
5076-msgid "Match on IPv6 routing header"
5077-msgstr ""
5078-
5079-#. type: TP
5080-#: original/man8/iptables-extensions.8:1211
5081-#, no-wrap
5082-msgid "[B<!>] B<--rt-type> I<type>"
5083-msgstr ""
5084-
5085-#. type: Plain text
5086-#: original/man8/iptables-extensions.8:1214
5087-msgid "Match the type (numeric)."
5088-msgstr ""
5089-
5090-#. type: TP
5091-#: original/man8/iptables-extensions.8:1214
5092-#, no-wrap
5093-msgid "[B<!>] B<--rt-segsleft> I<num>[B<:>I<num>]"
5094-msgstr ""
5095-
5096-#. type: Plain text
5097-#: original/man8/iptables-extensions.8:1217
5098-msgid "Match the `segments left' field (range)."
5099-msgstr ""
5100-
5101-#. type: TP
5102-#: original/man8/iptables-extensions.8:1217
5103-#, no-wrap
5104-msgid "[B<!>] B<--rt-len> I<length>"
5105-msgstr ""
5106-
5107-#. type: Plain text
5108-#: original/man8/iptables-extensions.8:1220
5109-msgid "Match the length of this header."
5110-msgstr ""
5111-
5112-#. type: TP
5113-#: original/man8/iptables-extensions.8:1220
5114-#, no-wrap
5115-msgid "B<--rt-0-res>"
5116-msgstr ""
5117-
5118-#. type: Plain text
5119-#: original/man8/iptables-extensions.8:1223
5120-msgid "Match the reserved field, too (type=0)"
5121-msgstr ""
5122-
5123-#. type: TP
5124-#: original/man8/iptables-extensions.8:1223
5125-#, no-wrap
5126-msgid "B<--rt-0-addrs> I<addr>[B<,>I<addr>...]"
5127-msgstr ""
5128-
5129-#. type: Plain text
5130-#: original/man8/iptables-extensions.8:1226
5131-msgid "Match type=0 addresses (list)."
5132-msgstr ""
5133-
5134-#. type: TP
5135-#: original/man8/iptables-extensions.8:1226
5136-#, no-wrap
5137-msgid "B<--rt-0-not-strict>"
5138-msgstr ""
5139-
5140-#. type: Plain text
5141-#: original/man8/iptables-extensions.8:1229
5142-msgid "List of type=0 addresses is not a strict list."
5143-msgstr ""
5144-
5145-#. type: SS
5146-#: original/man8/iptables-extensions.8:1229
5147-#, no-wrap
5148-msgid "sctp"
5149-msgstr ""
5150-
5151-#. type: TP
5152-#: original/man8/iptables-extensions.8:1234
5153-#, no-wrap
5154-msgid ""
5155-"[B<!>] B<--chunk-types> {B<all>|B<any>|B<only>} I<chunktype>[B<:>I<flags>] "
5156-"[...]"
5157-msgstr ""
5158-
5159-#. type: Plain text
5160-#: original/man8/iptables-extensions.8:1238
5161-msgid ""
5162-"The flag letter in upper case indicates that the flag is to match if set, in "
5163-"the lower case indicates to match if unset."
5164-msgstr ""
5165-
5166-#. type: Plain text
5167-#: original/man8/iptables-extensions.8:1240
5168-msgid ""
5169-"Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN "
5170-"SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE "
5171-"ASCONF ASCONF_ACK FORWARD_TSN"
5172-msgstr ""
5173-
5174-#. type: Plain text
5175-#: original/man8/iptables-extensions.8:1242
5176-msgid "chunk type available flags"
5177-msgstr ""
5178-
5179-#. type: Plain text
5180-#: original/man8/iptables-extensions.8:1244
5181-msgid "DATA I U B E i u b e"
5182-msgstr ""
5183-
5184-#. type: Plain text
5185-#: original/man8/iptables-extensions.8:1246
5186-msgid "ABORT T t"
5187-msgstr ""
5188-
5189-#. type: Plain text
5190-#: original/man8/iptables-extensions.8:1248
5191-msgid "SHUTDOWN_COMPLETE T t"
5192-msgstr ""
5193-
5194-#. type: Plain text
5195-#: original/man8/iptables-extensions.8:1250
5196-msgid "(lowercase means flag should be \"off\", uppercase means \"on\")"
5197-msgstr ""
5198-
5199-#. type: Plain text
5200-#: original/man8/iptables-extensions.8:1254
5201-msgid "iptables -A INPUT -p sctp --dport 80 -j DROP"
5202-msgstr ""
5203-
5204-#. type: Plain text
5205-#: original/man8/iptables-extensions.8:1256
5206-msgid "iptables -A INPUT -p sctp --chunk-types any DATA,INIT -j DROP"
5207-msgstr ""
5208-
5209-#. type: Plain text
5210-#: original/man8/iptables-extensions.8:1258
5211-msgid "iptables -A INPUT -p sctp --chunk-types any DATA:Be -j ACCEPT"
5212-msgstr ""
5213-
5214-#. type: SS
5215-#: original/man8/iptables-extensions.8:1258
5216-#, no-wrap
5217-msgid "set"
5218-msgstr ""
5219-
5220-#. type: Plain text
5221-#: original/man8/iptables-extensions.8:1260
5222-msgid "This module matches IP sets which can be defined by ipset(8)."
5223-msgstr ""
5224-
5225-#. type: TP
5226-#: original/man8/iptables-extensions.8:1260
5227-#, no-wrap
5228-msgid "[B<!>] B<--match-set> I<setname> I<flag>[B<,>I<flag>]..."
5229-msgstr ""
5230-
5231-#. type: Plain text
5232-#: original/man8/iptables-extensions.8:1267
5233-msgid ""
5234-"where flags are the comma separated list of B<src> and/or B<dst> "
5235-"specifications and there can be no more than six of them. Hence the command"
5236-msgstr ""
5237-
5238-#. type: Plain text
5239-#: original/man8/iptables-extensions.8:1269
5240-#, no-wrap
5241-msgid " iptables -A FORWARD -m set --match-set test src,dst\n"
5242-msgstr ""
5243-
5244-#. type: Plain text
5245-#: original/man8/iptables-extensions.8:1275
5246-msgid ""
5247-"will match packets, for which (if the set type is ipportmap) the source "
5248-"address and destination port pair can be found in the specified set. If the "
5249-"set type of the specified set is single dimension (for example ipmap), then "
5250-"the command will match packets for which the source address can be found in "
5251-"the specified set."
5252-msgstr ""
5253-
5254-#. type: TP
5255-#: original/man8/iptables-extensions.8:1275
5256-#, no-wrap
5257-msgid "B<--return--nomatch>"
5258-msgstr ""
5259-
5260-#. type: Plain text
5261-#: original/man8/iptables-extensions.8:1281
5262-msgid ""
5263-"If the B<--return--nomatch> option is specified and the set type supports "
5264-"the B<nomatch> flag, then the matching is reversed: a match with an element "
5265-"flagged with B<nomatch> returns B<true>, while a match with a plain element "
5266-"returns B<false>."
5267-msgstr ""
5268-
5269-#. type: Plain text
5270-#: original/man8/iptables-extensions.8:1284
5271-msgid ""
5272-"The option B<--match-set> can be replaced by B<--set> if that does not clash "
5273-"with an option of other extensions."
5274-msgstr ""
5275-
5276-#. type: Plain text
5277-#: original/man8/iptables-extensions.8:1287
5278-msgid ""
5279-"Use of -m set requires that ipset kernel support is provided, which, for "
5280-"standard kernels, is the case since Linux 2.6.39."
5281-msgstr ""
5282-
5283-#. type: SS
5284-#: original/man8/iptables-extensions.8:1287
5285-#, no-wrap
5286-msgid "socket"
5287-msgstr ""
5288-
5289-#. type: Plain text
5290-#: original/man8/iptables-extensions.8:1290
5291-msgid ""
5292-"This matches if an open socket can be found by doing a socket lookup on the "
5293-"packet."
5294-msgstr ""
5295-
5296-#. type: TP
5297-#: original/man8/iptables-extensions.8:1290
5298-#, no-wrap
5299-msgid "B<--transparent>"
5300-msgstr ""
5301-
5302-#. type: Plain text
5303-#: original/man8/iptables-extensions.8:1293
5304-msgid "Ignore non-transparent sockets."
5305-msgstr ""
5306-
5307-#. type: SS
5308-#: original/man8/iptables-extensions.8:1293
5309-#, no-wrap
5310-msgid "state"
5311-msgstr ""
5312-
5313-#. type: Plain text
5314-#: original/man8/iptables-extensions.8:1296
5315-msgid ""
5316-"The \"state\" extension is a subset of the \"conntrack\" module. \"state\" "
5317-"allows access to the connection tracking state for this packet."
5318-msgstr ""
5319-
5320-#. type: TP
5321-#: original/man8/iptables-extensions.8:1296
5322-#, no-wrap
5323-msgid "[B<!>] B<--state> I<state>"
5324-msgstr ""
5325-
5326-#. type: Plain text
5327-#: original/man8/iptables-extensions.8:1302
5328-msgid ""
5329-"Where state is a comma separated list of the connection states to "
5330-"match. Only a subset of the states unterstood by \"conntrack\" are "
5331-"recognized: B<INVALID>, B<ESTABLISHED>, B<NEW>, B<RELATED> or "
5332-"B<UNTRACKED>. For their description, see the \"conntrack\" heading in this "
5333-"manpage."
5334-msgstr ""
5335-
5336-#. type: SS
5337-#: original/man8/iptables-extensions.8:1302
5338-#, no-wrap
5339-msgid "statistic"
5340-msgstr ""
5341-
5342-#. type: Plain text
5343-#: original/man8/iptables-extensions.8:1307
5344-msgid ""
5345-"This module matches packets based on some statistic condition. It supports "
5346-"two distinct modes settable with the B<--mode> option."
5347-msgstr ""
5348-
5349-#. type: Plain text
5350-#: original/man8/iptables-extensions.8:1309
5351-msgid "Supported options:"
5352-msgstr ""
5353-
5354-#. type: TP
5355-#: original/man8/iptables-extensions.8:1309
5356-#, no-wrap
5357-msgid "B<--mode> I<mode>"
5358-msgstr ""
5359-
5360-#. type: Plain text
5361-#: original/man8/iptables-extensions.8:1315
5362-msgid ""
5363-"Set the matching mode of the matching rule, supported modes are B<random> "
5364-"and B<nth.>"
5365-msgstr ""
5366-
5367-#. type: TP
5368-#: original/man8/iptables-extensions.8:1315
5369-#, no-wrap
5370-msgid "[B<!>] B<--probability> I<p>"
5371-msgstr ""
5372-
5373-#. type: Plain text
5374-#: original/man8/iptables-extensions.8:1320
5375-msgid ""
5376-"Set the probability for a packet to be randomly matched. It only works with "
5377-"the B<random> mode. I<p> must be within 0.0 and 1.0. The supported "
5378-"granularity is in 1/2147483648th increments."
5379-msgstr ""
5380-
5381-#. type: TP
5382-#: original/man8/iptables-extensions.8:1320
5383-#, no-wrap
5384-msgid "[B<!>] B<--every> I<n>"
5385-msgstr ""
5386-
5387-#. type: Plain text
5388-#: original/man8/iptables-extensions.8:1327
5389-msgid ""
5390-"Match one packet every nth packet. It works only with the B<nth> mode (see "
5391-"also the B<--packet> option)."
5392-msgstr ""
5393-
5394-#. type: TP
5395-#: original/man8/iptables-extensions.8:1327
5396-#, no-wrap
5397-msgid "B<--packet> I<p>"
5398-msgstr ""
5399-
5400-#. type: Plain text
5401-#: original/man8/iptables-extensions.8:1332
5402-msgid ""
5403-"Set the initial counter value (0 E<lt>= p E<lt>= n-1, default 0) for the "
5404-"B<nth> mode."
5405-msgstr ""
5406-
5407-#. type: SS
5408-#: original/man8/iptables-extensions.8:1332
5409-#, no-wrap
5410-msgid "string"
5411-msgstr ""
5412-
5413-#. type: Plain text
5414-#: original/man8/iptables-extensions.8:1334
5415-msgid ""
5416-"This modules matches a given string by using some pattern matching "
5417-"strategy. It requires a linux kernel E<gt>= 2.6.14."
5418-msgstr ""
5419-
5420-#. type: TP
5421-#: original/man8/iptables-extensions.8:1334
5422-#, no-wrap
5423-msgid "B<--algo> {B<bm>|B<kmp>}"
5424-msgstr ""
5425-
5426-#. type: Plain text
5427-#: original/man8/iptables-extensions.8:1337
5428-msgid ""
5429-"Select the pattern matching strategy. (bm = Boyer-Moore, kmp = "
5430-"Knuth-Pratt-Morris)"
5431-msgstr ""
5432-
5433-#. type: TP
5434-#: original/man8/iptables-extensions.8:1337
5435-#, no-wrap
5436-msgid "B<--from> I<offset>"
5437-msgstr ""
5438-
5439-#. type: Plain text
5440-#: original/man8/iptables-extensions.8:1340
5441-msgid ""
5442-"Set the offset from which it starts looking for any matching. If not passed, "
5443-"default is 0."
5444-msgstr ""
5445-
5446-#. type: TP
5447-#: original/man8/iptables-extensions.8:1340
5448-#, no-wrap
5449-msgid "B<--to> I<offset>"
5450-msgstr ""
5451-
5452-#. type: Plain text
5453-#: original/man8/iptables-extensions.8:1345
5454-msgid ""
5455-"Set the offset up to which should be scanned. That is, byte I<offset>-1 "
5456-"(counting from 0) is the last one that is scanned. If not passed, default "
5457-"is the packet size."
5458-msgstr ""
5459-
5460-#. type: TP
5461-#: original/man8/iptables-extensions.8:1345
5462-#, no-wrap
5463-msgid "[B<!>] B<--string> I<pattern>"
5464-msgstr ""
5465-
5466-#. type: Plain text
5467-#: original/man8/iptables-extensions.8:1348
5468-msgid "Matches the given pattern."
5469-msgstr ""
5470-
5471-#. type: TP
5472-#: original/man8/iptables-extensions.8:1348
5473-#, no-wrap
5474-msgid "[B<!>] B<--hex-string> I<pattern>"
5475-msgstr ""
5476-
5477-#. type: Plain text
5478-#: original/man8/iptables-extensions.8:1351
5479-msgid "Matches the given pattern in hex notation."
5480-msgstr ""
5481-
5482-#. type: SS
5483-#: original/man8/iptables-extensions.8:1351
5484-#, no-wrap
5485-msgid "tcp"
5486-msgstr ""
5487-
5488-#. type: Plain text
5489-#: original/man8/iptables-extensions.8:1354
5490-msgid ""
5491-"These extensions can be used if `--protocol tcp' is specified. It provides "
5492-"the following options:"
5493-msgstr ""
5494-
5495-#. type: Plain text
5496-#: original/man8/iptables-extensions.8:1365
5497-msgid ""
5498-"Source port or port range specification. This can either be a service name "
5499-"or a port number. An inclusive range can also be specified, using the format "
5500-"I<first>B<:>I<last>. If the first port is omitted, \"0\" is assumed; if the "
5501-"last is omitted, \"65535\" is assumed. If the first port is greater than "
5502-"the second one they will be swapped. The flag B<--sport> is a convenient "
5503-"alias for this option."
5504-msgstr ""
5505-
5506-#. type: Plain text
5507-#: original/man8/iptables-extensions.8:1370
5508-msgid ""
5509-"Destination port or port range specification. The flag B<--dport> is a "
5510-"convenient alias for this option."
5511-msgstr ""
5512-
5513-#. type: TP
5514-#: original/man8/iptables-extensions.8:1370
5515-#, no-wrap
5516-msgid "[B<!>] B<--tcp-flags> I<mask> I<comp>"
5517-msgstr ""
5518-
5519-#. type: Plain text
5520-#: original/man8/iptables-extensions.8:1378
5521-msgid ""
5522-"Match when the TCP flags are as specified. The first argument I<mask> is "
5523-"the flags which we should examine, written as a comma-separated list, and "
5524-"the second argument I<comp> is a comma-separated list of flags which must be "
5525-"set. Flags are: B<SYN ACK FIN RST URG PSH ALL NONE>. Hence the command"
5526-msgstr ""
5527-
5528-#. type: Plain text
5529-#: original/man8/iptables-extensions.8:1380
5530-#, no-wrap
5531-msgid " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
5532-msgstr ""
5533-
5534-#. type: Plain text
5535-#: original/man8/iptables-extensions.8:1383
5536-msgid ""
5537-"will only match packets with the SYN flag set, and the ACK, FIN and RST "
5538-"flags unset."
5539-msgstr ""
5540-
5541-#. type: TP
5542-#: original/man8/iptables-extensions.8:1383
5543-#, no-wrap
5544-msgid "[B<!>] B<--syn>"
5545-msgstr ""
5546-
5547-#. type: Plain text
5548-#: original/man8/iptables-extensions.8:1393
5549-msgid ""
5550-"Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits "
5551-"cleared. Such packets are used to request TCP connection initiation; for "
5552-"example, blocking such packets coming in an interface will prevent incoming "
5553-"TCP connections, but outgoing TCP connections will be unaffected. It is "
5554-"equivalent to B<--tcp-flags SYN,RST,ACK,FIN SYN>. If the \"!\" flag "
5555-"precedes the \"--syn\", the sense of the option is inverted."
5556-msgstr ""
5557-
5558-#. type: TP
5559-#: original/man8/iptables-extensions.8:1393
5560-#, no-wrap
5561-msgid "[B<!>] B<--tcp-option> I<number>"
5562-msgstr ""
5563-
5564-#. type: Plain text
5565-#: original/man8/iptables-extensions.8:1396
5566-msgid "Match if TCP option set."
5567-msgstr ""
5568-
5569-#. type: SS
5570-#: original/man8/iptables-extensions.8:1396
5571-#, no-wrap
5572-msgid "tcpmss"
5573-msgstr ""
5574-
5575-#. type: Plain text
5576-#: original/man8/iptables-extensions.8:1398
5577-msgid ""
5578-"This matches the TCP MSS (maximum segment size) field of the TCP header. "
5579-"You can only use this on TCP SYN or SYN/ACK packets, since the MSS is only "
5580-"negotiated during the TCP handshake at connection startup time."
5581-msgstr ""
5582-
5583-#. type: TP
5584-#: original/man8/iptables-extensions.8:1398
5585-#, no-wrap
5586-msgid "[B<!>] B<--mss> I<value>[B<:>I<value>]"
5587-msgstr ""
5588-
5589-#. type: Plain text
5590-#: original/man8/iptables-extensions.8:1401
5591-msgid "Match a given TCP MSS value or range."
5592-msgstr ""
5593-
5594-#. type: SS
5595-#: original/man8/iptables-extensions.8:1401
5596-#, no-wrap
5597-msgid "time"
5598-msgstr ""
5599-
5600-#. type: Plain text
5601-#: original/man8/iptables-extensions.8:1405
5602-msgid ""
5603-"This matches if the packet arrival time/date is within a given range. All "
5604-"options are optional, but are ANDed when specified. All times are "
5605-"interpreted as UTC by default."
5606-msgstr ""
5607-
5608-#. type: TP
5609-#: original/man8/iptables-extensions.8:1405
5610-#, no-wrap
5611-msgid ""
5612-"B<--datestart> "
5613-"I<YYYY>[B<->I<MM>[B<->I<DD>[B<T>I<hh>[B<:>I<mm>[B<:>I<ss>]]]]]"
5614-msgstr ""
5615-
5616-#. type: TP
5617-#: original/man8/iptables-extensions.8:1407
5618-#, no-wrap
5619-msgid "B<--datestop> I<YYYY>[B<->I<MM>[B<->I<DD>[B<T>I<hh>[B<:>I<mm>[B<:>I<ss>]]]]]"
5620-msgstr ""
5621-
5622-#. type: Plain text
5623-#: original/man8/iptables-extensions.8:1411
5624-msgid ""
5625-"Only match during the given time, which must be in ISO 8601 \"T\" notation. "
5626-"The possible time range is 1970-01-01T00:00:00 to 2038-01-19T04:17:07."
5627-msgstr ""
5628-
5629-#. type: Plain text
5630-#: original/man8/iptables-extensions.8:1414
5631-msgid ""
5632-"If --datestart or --datestop are not specified, it will default to "
5633-"1970-01-01 and 2038-01-19, respectively."
5634-msgstr ""
5635-
5636-#. type: TP
5637-#: original/man8/iptables-extensions.8:1414
5638-#, no-wrap
5639-msgid "B<--timestart> I<hh>B<:>I<mm>[B<:>I<ss>]"
5640-msgstr ""
5641-
5642-#. type: TP
5643-#: original/man8/iptables-extensions.8:1416
5644-#, no-wrap
5645-msgid "B<--timestop> I<hh>B<:>I<mm>[B<:>I<ss>]"
5646-msgstr ""
5647-
5648-#. type: Plain text
5649-#: original/man8/iptables-extensions.8:1421
5650-msgid ""
5651-"Only match during the given daytime. The possible time range is 00:00:00 to "
5652-"23:59:59. Leading zeroes are allowed (e.g. \"06:03\") and correctly "
5653-"interpreted as base-10."
5654-msgstr ""
5655-
5656-#. type: TP
5657-#: original/man8/iptables-extensions.8:1421
5658-#, no-wrap
5659-msgid "[B<!>] B<--monthdays> I<day>[B<,>I<day>...]"
5660-msgstr ""
5661-
5662-#. type: Plain text
5663-#: original/man8/iptables-extensions.8:1427
5664-msgid ""
5665-"Only match on the given days of the month. Possible values are B<1> to "
5666-"B<31>. Note that specifying B<31> will of course not match on months which "
5667-"do not have a 31st day; the same goes for 28- or 29-day February."
5668-msgstr ""
5669-
5670-#. type: TP
5671-#: original/man8/iptables-extensions.8:1427
5672-#, no-wrap
5673-msgid "[B<!>] B<--weekdays> I<day>[B<,>I<day>...]"
5674-msgstr ""
5675-
5676-#. type: Plain text
5677-#: original/man8/iptables-extensions.8:1433
5678-msgid ""
5679-"Only match on the given weekdays. Possible values are B<Mon>, B<Tue>, "
5680-"B<Wed>, B<Thu>, B<Fri>, B<Sat>, B<Sun>, or values from B<1> to B<7>, "
5681-"respectively. You may also use two-character variants (B<Mo>, B<Tu>, etc.)."
5682-msgstr ""
5683-
5684-#. type: TP
5685-#: original/man8/iptables-extensions.8:1433
5686-#, no-wrap
5687-msgid "B<--contiguous>"
5688-msgstr ""
5689-
5690-#. type: Plain text
5691-#: original/man8/iptables-extensions.8:1437
5692-msgid ""
5693-"When B<--timestop> is smaller than B<--timestart> value, match this as a "
5694-"single time period instead distinct intervals. See EXAMPLES."
5695-msgstr ""
5696-
5697-#. type: TP
5698-#: original/man8/iptables-extensions.8:1437
5699-#, no-wrap
5700-msgid "B<--kerneltz>"
5701-msgstr ""
5702-
5703-#. type: Plain text
5704-#: original/man8/iptables-extensions.8:1441
5705-msgid ""
5706-"Use the kernel timezone instead of UTC to determine whether a packet meets "
5707-"the time regulations."
5708-msgstr ""
5709-
5710-#. type: Plain text
5711-#: original/man8/iptables-extensions.8:1447
5712-msgid ""
5713-"About kernel timezones: Linux keeps the system time in UTC, and always does "
5714-"so. On boot, system time is initialized from a referential time "
5715-"source. Where this time source has no timezone information, such as the x86 "
5716-"CMOS RTC, UTC will be assumed. If the time source is however not in UTC, "
5717-"userspace should provide the correct system time and timezone to the kernel "
5718-"once it has the information."
5719-msgstr ""
5720-
5721-#. type: Plain text
5722-#: original/man8/iptables-extensions.8:1458
5723-msgid ""
5724-"Local time is a feature on top of the (timezone independent) system "
5725-"time. Each process has its own idea of local time, specified via the TZ "
5726-"environment variable. The kernel also has its own timezone offset "
5727-"variable. The TZ userspace environment variable specifies how the UTC-based "
5728-"system time is displayed, e.g. when you run date(1), or what you see on your "
5729-"desktop clock. The TZ string may resolve to different offsets at different "
5730-"dates, which is what enables the automatic time-jumping in userspace. when "
5731-"DST changes. The kernel's timezone offset variable is used when it has to "
5732-"convert between non-UTC sources, such as FAT filesystems, to UTC (since the "
5733-"latter is what the rest of the system uses)."
5734-msgstr ""
5735-
5736-#. type: Plain text
5737-#: original/man8/iptables-extensions.8:1467
5738-msgid ""
5739-"The caveat with the kernel timezone is that Linux distributions may ignore "
5740-"to set the kernel timezone, and instead only set the system time. Even if a "
5741-"particular distribution does set the timezone at boot, it is usually does "
5742-"not keep the kernel timezone offset - which is what changes on DST - up to "
5743-"date. ntpd will not touch the kernel timezone, so running it will not "
5744-"resolve the issue. As such, one may encounter a timezone that is always "
5745-"+0000, or one that is wrong half of the time of the year. As such, B<using "
5746-"--kerneltz is highly discouraged.>"
5747-msgstr ""
5748-
5749-#. type: Plain text
5750-#: original/man8/iptables-extensions.8:1469
5751-msgid "EXAMPLES. To match on weekends, use:"
5752-msgstr ""
5753-
5754-#. type: Plain text
5755-#: original/man8/iptables-extensions.8:1471
5756-msgid "-m time --weekdays Sa,Su"
5757-msgstr ""
5758-
5759-#. type: Plain text
5760-#: original/man8/iptables-extensions.8:1473
5761-msgid "Or, to match (once) on a national holiday block:"
5762-msgstr ""
5763-
5764-#. type: Plain text
5765-#: original/man8/iptables-extensions.8:1475
5766-msgid "-m time --datestart 2007-12-24 --datestop 2007-12-27"
5767-msgstr ""
5768-
5769-#. type: Plain text
5770-#: original/man8/iptables-extensions.8:1478
5771-msgid ""
5772-"Since the stop time is actually inclusive, you would need the following stop "
5773-"time to not match the first second of the new day:"
5774-msgstr ""
5775-
5776-#. type: Plain text
5777-#: original/man8/iptables-extensions.8:1480
5778-msgid "-m time --datestart 2007-01-01T17:00 --datestop 2007-01-01T23:59:59"
5779-msgstr ""
5780-
5781-#. type: Plain text
5782-#: original/man8/iptables-extensions.8:1482
5783-msgid "During lunch hour:"
5784-msgstr ""
5785-
5786-#. type: Plain text
5787-#: original/man8/iptables-extensions.8:1484
5788-msgid "-m time --timestart 12:30 --timestop 13:30"
5789-msgstr ""
5790-
5791-#. type: Plain text
5792-#: original/man8/iptables-extensions.8:1486
5793-msgid "The fourth Friday in the month:"
5794-msgstr ""
5795-
5796-#. type: Plain text
5797-#: original/man8/iptables-extensions.8:1488
5798-msgid "-m time --weekdays Fr --monthdays 22,23,24,25,26,27,28"
5799-msgstr ""
5800-
5801-#. type: Plain text
5802-#: original/man8/iptables-extensions.8:1492
5803-msgid ""
5804-"(Note that this exploits a certain mathematical property. It is not possible "
5805-"to say \"fourth Thursday OR fourth Friday\" in one rule. It is possible with "
5806-"multiple rules, though.)"
5807-msgstr ""
5808-
5809-#. type: Plain text
5810-#: original/man8/iptables-extensions.8:1494
5811-msgid "Matching across days might not do what is expected. For instance,"
5812-msgstr ""
5813-
5814-#. type: Plain text
5815-#: original/man8/iptables-extensions.8:1500
5816-msgid ""
5817-"-m time --weekdays Mo --timestart 23:00 --timestop 01:00 Will match Monday, "
5818-"for one hour from midnight to 1 a.m., and then again for another hour from "
5819-"23:00 onwards. If this is unwanted, e.g. if you would like 'match for two "
5820-"hours from Montay 23:00 onwards' you need to also specify the --contiguous "
5821-"option in the example above."
5822-msgstr ""
5823-
5824-#. type: SS
5825-#: original/man8/iptables-extensions.8:1500
5826-#, no-wrap
5827-msgid "tos"
5828-msgstr ""
5829-
5830-#. type: Plain text
5831-#: original/man8/iptables-extensions.8:1504
5832-msgid ""
5833-"This module matches the 8-bit Type of Service field in the IPv4 header "
5834-"(i.e. including the \"Precedence\" bits) or the (also 8-bit) Priority field "
5835-"in the IPv6 header."
5836-msgstr ""
5837-
5838-#. type: TP
5839-#: original/man8/iptables-extensions.8:1504
5840-#, no-wrap
5841-msgid "[B<!>] B<--tos> I<value>[B</>I<mask>]"
5842-msgstr ""
5843-
5844-#. type: Plain text
5845-#: original/man8/iptables-extensions.8:1508
5846-msgid ""
5847-"Matches packets with the given TOS mark value. If a mask is specified, it is "
5848-"logically ANDed with the TOS mark before the comparison."
5849-msgstr ""
5850-
5851-#. type: TP
5852-#: original/man8/iptables-extensions.8:1508
5853-#, no-wrap
5854-msgid "[B<!>] B<--tos> I<symbol>"
5855-msgstr ""
5856-
5857-#. type: Plain text
5858-#: original/man8/iptables-extensions.8:1513
5859-msgid ""
5860-"You can specify a symbolic name when using the tos match for IPv4. The list "
5861-"of recognized TOS names can be obtained by calling iptables with B<-m tos "
5862-"-h>. Note that this implies a mask of 0x3F, i.e. all but the ECN bits."
5863-msgstr ""
5864-
5865-#. type: SS
5866-#: original/man8/iptables-extensions.8:1513
5867-#, no-wrap
5868-msgid "ttl (IPv4-specific)"
5869-msgstr ""
5870-
5871-#. type: Plain text
5872-#: original/man8/iptables-extensions.8:1515
5873-msgid "This module matches the time to live field in the IP header."
5874-msgstr ""
5875-
5876-#. type: TP
5877-#: original/man8/iptables-extensions.8:1515
5878-#, no-wrap
5879-msgid "[B<!>] B<--ttl-eq> I<ttl>"
5880-msgstr ""
5881-
5882-#. type: Plain text
5883-#: original/man8/iptables-extensions.8:1518
5884-msgid "Matches the given TTL value."
5885-msgstr ""
5886-
5887-#. type: TP
5888-#: original/man8/iptables-extensions.8:1518
5889-#, no-wrap
5890-msgid "B<--ttl-gt> I<ttl>"
5891-msgstr ""
5892-
5893-#. type: Plain text
5894-#: original/man8/iptables-extensions.8:1521
5895-msgid "Matches if TTL is greater than the given TTL value."
5896-msgstr ""
5897-
5898-#. type: TP
5899-#: original/man8/iptables-extensions.8:1521
5900-#, no-wrap
5901-msgid "B<--ttl-lt> I<ttl>"
5902-msgstr ""
5903-
5904-#. type: Plain text
5905-#: original/man8/iptables-extensions.8:1524
5906-msgid "Matches if TTL is less than the given TTL value."
5907-msgstr ""
5908-
5909-#. type: SS
5910-#: original/man8/iptables-extensions.8:1524
5911-#, no-wrap
5912-msgid "u32"
5913-msgstr ""
5914-
5915-#. type: Plain text
5916-#: original/man8/iptables-extensions.8:1528
5917-msgid ""
5918-"U32 tests whether quantities of up to 4 bytes extracted from a packet have "
5919-"specified values. The specification of what to extract is general enough to "
5920-"find data at given offsets from tcp headers or payloads."
5921-msgstr ""
5922-
5923-#. type: TP
5924-#: original/man8/iptables-extensions.8:1528
5925-#, no-wrap
5926-msgid "[B<!>] B<--u32> I<tests>"
5927-msgstr ""
5928-
5929-#. type: Plain text
5930-#: original/man8/iptables-extensions.8:1531
5931-msgid "The argument amounts to a program in a small language described below."
5932-msgstr ""
5933-
5934-#. type: Plain text
5935-#: original/man8/iptables-extensions.8:1533
5936-msgid "tests := location \"=\" value | tests \"&&\" location \"=\" value"
5937-msgstr ""
5938-
5939-#. type: Plain text
5940-#: original/man8/iptables-extensions.8:1535
5941-msgid "value := range | value \",\" range"
5942-msgstr ""
5943-
5944-#. type: Plain text
5945-#: original/man8/iptables-extensions.8:1537
5946-msgid "range := number | number \":\" number"
5947-msgstr ""
5948-
5949-#. type: Plain text
5950-#: original/man8/iptables-extensions.8:1540
5951-msgid ""
5952-"a single number, I<n>, is interpreted the same as I<n:n>. I<n:m> is "
5953-"interpreted as the range of numbers B<E<gt>=n> and B<E<lt>=m>."
5954-msgstr ""
5955-
5956-#. type: Plain text
5957-#: original/man8/iptables-extensions.8:1542
5958-msgid "location := number | location operator number"
5959-msgstr ""
5960-
5961-#. type: Plain text
5962-#: original/man8/iptables-extensions.8:1544
5963-msgid "operator := \"&\" | \"E<lt>E<lt>\" | \"E<gt>E<gt>\" | \"@\""
5964-msgstr ""
5965-
5966-#. type: Plain text
5967-#: original/man8/iptables-extensions.8:1549
5968-msgid ""
5969-"The operators B<&>, B<E<lt>E<lt>>, B<E<gt>E<gt>> and B<&&> mean the same as "
5970-"in C. The B<=> is really a set membership operator and the value syntax "
5971-"describes a set. The B<@> operator is what allows moving to the next header "
5972-"and is described further below."
5973-msgstr ""
5974-
5975-#. type: Plain text
5976-#: original/man8/iptables-extensions.8:1552
5977-msgid ""
5978-"There are currently some artificial implementation limits on the size of the "
5979-"tests:"
5980-msgstr ""
5981-
5982-#. type: IP
5983-#: original/man8/iptables-extensions.8:1552 original/man8/iptables-extensions.8:1554 original/man8/iptables-extensions.8:1556
5984-#, no-wrap
5985-msgid " *"
5986-msgstr ""
5987-
5988-#. type: Plain text
5989-#: original/man8/iptables-extensions.8:1554
5990-msgid "no more than 10 of \"B<=>\" (and 9 \"B<&&>\"s) in the u32 argument"
5991-msgstr ""
5992-
5993-#. type: Plain text
5994-#: original/man8/iptables-extensions.8:1556
5995-msgid "no more than 10 ranges (and 9 commas) per value"
5996-msgstr ""
5997-
5998-#. type: Plain text
5999-#: original/man8/iptables-extensions.8:1558
6000-msgid "no more than 10 numbers (and 9 operators) per location"
6001-msgstr ""
6002-
6003-#. type: Plain text
6004-#: original/man8/iptables-extensions.8:1561
6005-msgid ""
6006-"To describe the meaning of location, imagine the following machine that "
6007-"interprets it. There are three registers:"
6008-msgstr ""
6009-
6010-#. type: Plain text
6011-#: original/man8/iptables-extensions.8:1563
6012-msgid "A is of type B<char *>, initially the address of the IP header"
6013-msgstr ""
6014-
6015-#. type: Plain text
6016-#: original/man8/iptables-extensions.8:1565
6017-msgid "B and C are unsigned 32 bit integers, initially zero"
6018-msgstr ""
6019-
6020-#. type: Plain text
6021-#: original/man8/iptables-extensions.8:1567
6022-msgid "The instructions are:"
6023-msgstr ""
6024-
6025-#. type: Plain text
6026-#: original/man8/iptables-extensions.8:1569
6027-msgid "number B = number;"
6028-msgstr ""
6029-
6030-#. type: Plain text
6031-#: original/man8/iptables-extensions.8:1571
6032-msgid ""
6033-"C = (*(A+B)E<lt>E<lt>24) + (*(A+B+1)E<lt>E<lt>16) + (*(A+B+2)E<lt>E<lt>8) + "
6034-"*(A+B+3)"
6035-msgstr ""
6036-
6037-#. type: Plain text
6038-#: original/man8/iptables-extensions.8:1573
6039-msgid "&number C = C & number"
6040-msgstr ""
6041-
6042-#. type: Plain text
6043-#: original/man8/iptables-extensions.8:1575
6044-msgid "E<lt>E<lt> number C = C E<lt>E<lt> number"
6045-msgstr ""
6046-
6047-#. type: Plain text
6048-#: original/man8/iptables-extensions.8:1577
6049-msgid "E<gt>E<gt> number C = C E<gt>E<gt> number"
6050-msgstr ""
6051-
6052-#. type: Plain text
6053-#: original/man8/iptables-extensions.8:1579
6054-msgid "@number A = A + C; then do the instruction number"
6055-msgstr ""
6056-
6057-#. type: Plain text
6058-#: original/man8/iptables-extensions.8:1582
6059-msgid ""
6060-"Any access of memory outside [skb-E<gt>data,skb-E<gt>end] causes the match "
6061-"to fail. Otherwise the result of the computation is the final value of C."
6062-msgstr ""
6063-
6064-#. type: Plain text
6065-#: original/man8/iptables-extensions.8:1586
6066-msgid ""
6067-"Whitespace is allowed but not required in the tests. However, the characters "
6068-"that do occur there are likely to require shell quoting, so it is a good "
6069-"idea to enclose the arguments in quotes."
6070-msgstr ""
6071-
6072-#. type: Plain text
6073-#: original/man8/iptables-extensions.8:1590
6074-msgid "match IP packets with total length E<gt>= 256"
6075-msgstr ""
6076-
6077-#. type: Plain text
6078-#: original/man8/iptables-extensions.8:1592
6079-msgid "The IP header contains a total length field in bytes 2-3."
6080-msgstr ""
6081-
6082-#. type: Plain text
6083-#: original/man8/iptables-extensions.8:1594
6084-msgid "--u32 \"B<0 & 0xFFFF = 0x100:0xFFFF>\""
6085-msgstr ""
6086-
6087-#. type: Plain text
6088-#: original/man8/iptables-extensions.8:1596
6089-msgid "read bytes 0-3"
6090-msgstr ""
6091-
6092-#. type: Plain text
6093-#: original/man8/iptables-extensions.8:1599
6094-msgid ""
6095-"AND that with 0xFFFF (giving bytes 2-3), and test whether that is in the "
6096-"range [0x100:0xFFFF]"
6097-msgstr ""
6098-
6099-#. type: Plain text
6100-#: original/man8/iptables-extensions.8:1601
6101-msgid "Example: (more realistic, hence more complicated)"
6102-msgstr ""
6103-
6104-#. type: Plain text
6105-#: original/man8/iptables-extensions.8:1603
6106-msgid "match ICMP packets with icmp type 0"
6107-msgstr ""
6108-
6109-#. type: Plain text
6110-#: original/man8/iptables-extensions.8:1605
6111-msgid "First test that it is an ICMP packet, true iff byte 9 (protocol) = 1"
6112-msgstr ""
6113-
6114-#. type: Plain text
6115-#: original/man8/iptables-extensions.8:1607
6116-msgid "--u32 \"B<6 & 0xFF = 1 &&> ..."
6117-msgstr ""
6118-
6119-#. type: Plain text
6120-#: original/man8/iptables-extensions.8:1614
6121-msgid ""
6122-"read bytes 6-9, use B<&> to throw away bytes 6-8 and compare the result to "
6123-"1. Next test that it is not a fragment. (If so, it might be part of such a "
6124-"packet but we cannot always tell.) N.B.: This test is generally needed if "
6125-"you want to match anything beyond the IP header. The last 6 bits of byte 6 "
6126-"and all of byte 7 are 0 iff this is a complete packet (not a "
6127-"fragment). Alternatively, you can allow first fragments by only testing the "
6128-"last 5 bits of byte 6."
6129-msgstr ""
6130-
6131-#. type: Plain text
6132-#: original/man8/iptables-extensions.8:1616
6133-msgid "... B<4 & 0x3FFF = 0 &&> ..."
6134-msgstr ""
6135-
6136-#. type: Plain text
6137-#: original/man8/iptables-extensions.8:1620
6138-msgid ""
6139-"Last test: the first byte past the IP header (the type) is 0. This is where "
6140-"we have to use the @syntax. The length of the IP header (IHL) in 32 bit "
6141-"words is stored in the right half of byte 0 of the IP header itself."
6142-msgstr ""
6143-
6144-#. type: Plain text
6145-#: original/man8/iptables-extensions.8:1622
6146-msgid "... B<0 E<gt>E<gt> 22 & 0x3C @ 0 E<gt>E<gt> 24 = 0>\""
6147-msgstr ""
6148-
6149-#. type: Plain text
6150-#: original/man8/iptables-extensions.8:1634
6151-msgid ""
6152-"The first 0 means read bytes 0-3, B<E<gt>E<gt>22> means shift that 22 bits "
6153-"to the right. Shifting 24 bits would give the first byte, so only 22 bits is "
6154-"four times that plus a few more bits. B<&3C> then eliminates the two extra "
6155-"bits on the right and the first four bits of the first byte. For instance, "
6156-"if IHL=5, then the IP header is 20 (4 x 5) bytes long. In this case, bytes "
6157-"0-1 are (in binary) xxxx0101 yyzzzzzz, B<E<gt>E<gt>22> gives the 10 bit "
6158-"value xxxx0101yy and B<&3C> gives 010100. B<@> means to use this number as a "
6159-"new offset into the packet, and read four bytes starting from there. This is "
6160-"the first 4 bytes of the ICMP payload, of which byte 0 is the ICMP "
6161-"type. Therefore, we simply shift the value 24 to the right to throw out all "
6162-"but the first byte and compare the result with 0."
6163-msgstr ""
6164-
6165-#. type: Plain text
6166-#: original/man8/iptables-extensions.8:1638
6167-msgid "TCP payload bytes 8-12 is any of 1, 2, 5 or 8"
6168-msgstr ""
6169-
6170-#. type: Plain text
6171-#: original/man8/iptables-extensions.8:1640
6172-msgid "First we test that the packet is a tcp packet (similar to ICMP)."
6173-msgstr ""
6174-
6175-#. type: Plain text
6176-#: original/man8/iptables-extensions.8:1642
6177-msgid "--u32 \"B<6 & 0xFF = 6 &&> ..."
6178-msgstr ""
6179-
6180-#. type: Plain text
6181-#: original/man8/iptables-extensions.8:1644
6182-msgid "Next, test that it is not a fragment (same as above)."
6183-msgstr ""
6184-
6185-#. type: Plain text
6186-#: original/man8/iptables-extensions.8:1646
6187-msgid "... B<0 E<gt>E<gt> 22 & 0x3C @ 12 E<gt>E<gt> 26 & 0x3C @ 8 = 1,2,5,8>\""
6188-msgstr ""
6189-
6190-#. type: Plain text
6191-#: original/man8/iptables-extensions.8:1654
6192-msgid ""
6193-"B<0E<gt>E<gt>22&3C> as above computes the number of bytes in the IP "
6194-"header. B<@> makes this the new offset into the packet, which is the start "
6195-"of the TCP header. The length of the TCP header (again in 32 bit words) is "
6196-"the left half of byte 12 of the TCP header. The B<12E<gt>E<gt>26&3C> "
6197-"computes this length in bytes (similar to the IP header before). \"@\" makes "
6198-"this the new offset, which is the start of the TCP payload. Finally, 8 reads "
6199-"bytes 8-12 of the payload and B<=> checks whether the result is any of 1, 2, "
6200-"5 or 8."
6201-msgstr ""
6202-
6203-#. type: SS
6204-#: original/man8/iptables-extensions.8:1654
6205-#, no-wrap
6206-msgid "udp"
6207-msgstr ""
6208-
6209-#. type: Plain text
6210-#: original/man8/iptables-extensions.8:1657
6211-msgid ""
6212-"These extensions can be used if `--protocol udp' is specified. It provides "
6213-"the following options:"
6214-msgstr ""
6215-
6216-#. type: Plain text
6217-#: original/man8/iptables-extensions.8:1663
6218-msgid ""
6219-"Source port or port range specification. See the description of the "
6220-"B<--source-port> option of the TCP extension for details."
6221-msgstr ""
6222-
6223-#. type: Plain text
6224-#: original/man8/iptables-extensions.8:1669
6225-msgid ""
6226-"Destination port or port range specification. See the description of the "
6227-"B<--destination-port> option of the TCP extension for details."
6228-msgstr ""
6229-
6230-#. type: SS
6231-#: original/man8/iptables-extensions.8:1669
6232-#, no-wrap
6233-msgid "unclean (IPv4-specific)"
6234-msgstr ""
6235-
6236-#. type: Plain text
6237-#: original/man8/iptables-extensions.8:1672
6238-msgid ""
6239-"This module takes no options, but attempts to match packets which seem "
6240-"malformed or unusual. This is regarded as experimental."
6241-msgstr ""
6242-
6243-#. type: SH
6244-#: original/man8/iptables-extensions.8:1672
6245-#, no-wrap
6246-msgid "TARGET EXTENSIONS"
6247-msgstr ""
6248-
6249-#. @TARGET@
6250-#. type: Plain text
6251-#: original/man8/iptables-extensions.8:1676
6252-msgid ""
6253-"iptables can use extended target modules: the following are included in the "
6254-"standard distribution."
6255-msgstr ""
6256-
6257-#. type: SS
6258-#: original/man8/iptables-extensions.8:1676
6259-#, no-wrap
6260-msgid "AUDIT"
6261-msgstr ""
6262-
6263-#. type: Plain text
6264-#: original/man8/iptables-extensions.8:1680
6265-msgid ""
6266-"This target allows to create audit records for packets hitting the target. "
6267-"It can be used to record accepted, dropped, and rejected packets. See "
6268-"auditd(8) for additional details."
6269-msgstr ""
6270-
6271-#. type: TP
6272-#: original/man8/iptables-extensions.8:1680
6273-#, no-wrap
6274-msgid "B<--type> {B<accept>|B<drop>|B<reject>}"
6275-msgstr ""
6276-
6277-#. type: Plain text
6278-#: original/man8/iptables-extensions.8:1683
6279-msgid "Set type of audit record."
6280-msgstr ""
6281-
6282-#. type: Plain text
6283-#: original/man8/iptables-extensions.8:1687
6284-msgid "iptables -N AUDIT_DROP"
6285-msgstr ""
6286-
6287-#. type: Plain text
6288-#: original/man8/iptables-extensions.8:1689
6289-msgid "iptables -A AUDIT_DROP -j AUDIT --type drop"
6290-msgstr ""
6291-
6292-#. type: Plain text
6293-#: original/man8/iptables-extensions.8:1691
6294-msgid "iptables -A AUDIT_DROP -j DROP"
6295-msgstr ""
6296-
6297-#. type: SS
6298-#: original/man8/iptables-extensions.8:1691
6299-#, no-wrap
6300-msgid "CHECKSUM"
6301-msgstr ""
6302-
6303-#. type: Plain text
6304-#: original/man8/iptables-extensions.8:1694
6305-msgid ""
6306-"This target allows to selectively work around broken/old applications. It "
6307-"can only be used in the mangle table."
6308-msgstr ""
6309-
6310-#. type: TP
6311-#: original/man8/iptables-extensions.8:1694
6312-#, no-wrap
6313-msgid "B<--checksum-fill>"
6314-msgstr ""
6315-
6316-#. type: Plain text
6317-#: original/man8/iptables-extensions.8:1700
6318-msgid ""
6319-"Compute and fill in the checksum in a packet that lacks a checksum. This is "
6320-"particularly useful, if you need to work around old applications such as "
6321-"dhcp clients, that do not work well with checksum offloads, but don't want "
6322-"to disable checksum offload in your device."
6323-msgstr ""
6324-
6325-#. type: SS
6326-#: original/man8/iptables-extensions.8:1700
6327-#, no-wrap
6328-msgid "CLASSIFY"
6329-msgstr ""
6330-
6331-#. type: Plain text
6332-#: original/man8/iptables-extensions.8:1702
6333-msgid ""
6334-"This module allows you to set the skb-E<gt>priority value (and thus classify "
6335-"the packet into a specific CBQ class)."
6336-msgstr ""
6337-
6338-#. type: TP
6339-#: original/man8/iptables-extensions.8:1702
6340-#, no-wrap
6341-msgid "B<--set-class> I<major>B<:>I<minor>"
6342-msgstr ""
6343-
6344-#. type: Plain text
6345-#: original/man8/iptables-extensions.8:1706
6346-msgid ""
6347-"Set the major and minor class value. The values are always interpreted as "
6348-"hexadecimal even if no 0x prefix is given."
6349-msgstr ""
6350-
6351-#. type: SS
6352-#: original/man8/iptables-extensions.8:1706
6353-#, no-wrap
6354-msgid "CLUSTERIP (IPv4-specific)"
6355-msgstr ""
6356-
6357-#. type: Plain text
6358-#: original/man8/iptables-extensions.8:1711
6359-msgid ""
6360-"This module allows you to configure a simple cluster of nodes that share a "
6361-"certain IP and MAC address without an explicit load balancer in front of "
6362-"them. Connections are statically distributed between the nodes in this "
6363-"cluster."
6364-msgstr ""
6365-
6366-#. type: TP
6367-#: original/man8/iptables-extensions.8:1711
6368-#, no-wrap
6369-msgid "B<--new>"
6370-msgstr ""
6371-
6372-#. type: Plain text
6373-#: original/man8/iptables-extensions.8:1715
6374-msgid ""
6375-"Create a new ClusterIP. You always have to set this on the first rule for a "
6376-"given ClusterIP."
6377-msgstr ""
6378-
6379-#. type: TP
6380-#: original/man8/iptables-extensions.8:1715
6381-#, no-wrap
6382-msgid "B<--hashmode> I<mode>"
6383-msgstr ""
6384-
6385-#. type: Plain text
6386-#: original/man8/iptables-extensions.8:1719
6387-msgid ""
6388-"Specify the hashing mode. Has to be one of B<sourceip>, "
6389-"B<sourceip-sourceport>, B<sourceip-sourceport-destport>."
6390-msgstr ""
6391-
6392-#. type: TP
6393-#: original/man8/iptables-extensions.8:1719
6394-#, no-wrap
6395-msgid "B<--clustermac> I<mac>"
6396-msgstr ""
6397-
6398-#. type: Plain text
6399-#: original/man8/iptables-extensions.8:1722
6400-msgid "Specify the ClusterIP MAC address. Has to be a link-layer multicast address"
6401-msgstr ""
6402-
6403-#. type: TP
6404-#: original/man8/iptables-extensions.8:1722
6405-#, no-wrap
6406-msgid "B<--total-nodes> I<num>"
6407-msgstr ""
6408-
6409-#. type: Plain text
6410-#: original/man8/iptables-extensions.8:1725
6411-msgid "Number of total nodes within this cluster."
6412-msgstr ""
6413-
6414-#. type: TP
6415-#: original/man8/iptables-extensions.8:1725
6416-#, no-wrap
6417-msgid "B<--local-node> I<num>"
6418-msgstr ""
6419-
6420-#. type: Plain text
6421-#: original/man8/iptables-extensions.8:1728
6422-msgid "Local node number within this cluster."
6423-msgstr ""
6424-
6425-#. type: TP
6426-#: original/man8/iptables-extensions.8:1728
6427-#, no-wrap
6428-msgid "B<--hash-init> I<rnd>"
6429-msgstr ""
6430-
6431-#. type: Plain text
6432-#: original/man8/iptables-extensions.8:1731
6433-msgid "Specify the random seed used for hash initialization."
6434-msgstr ""
6435-
6436-#. type: SS
6437-#: original/man8/iptables-extensions.8:1731
6438-#, no-wrap
6439-msgid "CONNMARK"
6440-msgstr ""
6441-
6442-#. type: Plain text
6443-#: original/man8/iptables-extensions.8:1734
6444-msgid ""
6445-"This module sets the netfilter mark value associated with a connection. The "
6446-"mark is 32 bits wide."
6447-msgstr ""
6448-
6449-#. type: TP
6450-#: original/man8/iptables-extensions.8:1734 original/man8/iptables-extensions.8:2100
6451-#, no-wrap
6452-msgid "B<--set-xmark> I<value>[B</>I<mask>]"
6453-msgstr ""
6454-
6455-#. type: Plain text
6456-#: original/man8/iptables-extensions.8:1737
6457-msgid "Zero out the bits given by I<mask> and XOR I<value> into the ctmark."
6458-msgstr ""
6459-
6460-#. type: TP
6461-#: original/man8/iptables-extensions.8:1737
6462-#, no-wrap
6463-msgid "B<--save-mark> [B<--nfmask> I<nfmask>] [B<--ctmask> I<ctmask>]"
6464-msgstr ""
6465-
6466-#. type: Plain text
6467-#: original/man8/iptables-extensions.8:1741
6468-msgid ""
6469-"Copy the packet mark (nfmark) to the connection mark (ctmark) using the "
6470-"given masks. The new nfmark value is determined as follows:"
6471-msgstr ""
6472-
6473-#. type: Plain text
6474-#: original/man8/iptables-extensions.8:1743
6475-msgid "ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)"
6476-msgstr ""
6477-
6478-#. type: Plain text
6479-#: original/man8/iptables-extensions.8:1747
6480-msgid ""
6481-"i.e. I<ctmask> defines what bits to clear and I<nfmask> what bits of the "
6482-"nfmark to XOR into the ctmark. I<ctmask> and I<nfmask> default to "
6483-"0xFFFFFFFF."
6484-msgstr ""
6485-
6486-#. type: TP
6487-#: original/man8/iptables-extensions.8:1747
6488-#, no-wrap
6489-msgid "B<--restore-mark> [B<--nfmask> I<nfmask>] [B<--ctmask> I<ctmask>]"
6490-msgstr ""
6491-
6492-#. type: Plain text
6493-#: original/man8/iptables-extensions.8:1751
6494-msgid ""
6495-"Copy the connection mark (ctmark) to the packet mark (nfmark) using the "
6496-"given masks. The new ctmark value is determined as follows:"
6497-msgstr ""
6498-
6499-#. type: Plain text
6500-#: original/man8/iptables-extensions.8:1753
6501-msgid "nfmark = (nfmark & ~I<nfmask>) ^ (ctmark & I<ctmask>);"
6502-msgstr ""
6503-
6504-#. type: Plain text
6505-#: original/man8/iptables-extensions.8:1757
6506-msgid ""
6507-"i.e. I<nfmask> defines what bits to clear and I<ctmask> what bits of the "
6508-"ctmark to XOR into the nfmark. I<ctmask> and I<nfmask> default to "
6509-"0xFFFFFFFF."
6510-msgstr ""
6511-
6512-#. type: Plain text
6513-#: original/man8/iptables-extensions.8:1759
6514-msgid "B<--restore-mark> is only valid in the B<mangle> table."
6515-msgstr ""
6516-
6517-#. type: Plain text
6518-#: original/man8/iptables-extensions.8:1761
6519-msgid "The following mnemonics are available for B<--set-xmark>:"
6520-msgstr ""
6521-
6522-#. type: TP
6523-#: original/man8/iptables-extensions.8:1761 original/man8/iptables-extensions.8:2110
6524-#, no-wrap
6525-msgid "B<--and-mark> I<bits>"
6526-msgstr ""
6527-
6528-#. type: Plain text
6529-#: original/man8/iptables-extensions.8:1765
6530-msgid ""
6531-"Binary AND the ctmark with I<bits>. (Mnemonic for B<--set-xmark "
6532-"0/>I<invbits>, where I<invbits> is the binary negation of I<bits>.)"
6533-msgstr ""
6534-
6535-#. type: TP
6536-#: original/man8/iptables-extensions.8:1765 original/man8/iptables-extensions.8:2114
6537-#, no-wrap
6538-msgid "B<--or-mark> I<bits>"
6539-msgstr ""
6540-
6541-#. type: Plain text
6542-#: original/man8/iptables-extensions.8:1769
6543-msgid ""
6544-"Binary OR the ctmark with I<bits>. (Mnemonic for B<--set-xmark> "
6545-"I<bits>B</>I<bits>.)"
6546-msgstr ""
6547-
6548-#. type: TP
6549-#: original/man8/iptables-extensions.8:1769 original/man8/iptables-extensions.8:2118
6550-#, no-wrap
6551-msgid "B<--xor-mark> I<bits>"
6552-msgstr ""
6553-
6554-#. type: Plain text
6555-#: original/man8/iptables-extensions.8:1773
6556-msgid ""
6557-"Binary XOR the ctmark with I<bits>. (Mnemonic for B<--set-xmark> "
6558-"I<bits>B</0>.)"
6559-msgstr ""
6560-
6561-#. type: TP
6562-#: original/man8/iptables-extensions.8:1773 original/man8/iptables-extensions.8:2104
6563-#, no-wrap
6564-msgid "B<--set-mark> I<value>[B</>I<mask>]"
6565-msgstr ""
6566-
6567-#. type: Plain text
6568-#: original/man8/iptables-extensions.8:1777
6569-msgid ""
6570-"Set the connection mark. If a mask is specified then only those bits set in "
6571-"the mask are modified."
6572-msgstr ""
6573-
6574-#. type: TP
6575-#: original/man8/iptables-extensions.8:1777
6576-#, no-wrap
6577-msgid "B<--save-mark> [B<--mask> I<mask>]"
6578-msgstr ""
6579-
6580-#. type: Plain text
6581-#: original/man8/iptables-extensions.8:1781
6582-msgid ""
6583-"Copy the nfmark to the ctmark. If a mask is specified, only those bits are "
6584-"copied."
6585-msgstr ""
6586-
6587-#. type: TP
6588-#: original/man8/iptables-extensions.8:1781
6589-#, no-wrap
6590-msgid "B<--restore-mark> [B<--mask> I<mask>]"
6591-msgstr ""
6592-
6593-#. type: Plain text
6594-#: original/man8/iptables-extensions.8:1785
6595-msgid ""
6596-"Copy the ctmark to the nfmark. If a mask is specified, only those bits are "
6597-"copied. This is only valid in the B<mangle> table."
6598-msgstr ""
6599-
6600-#. type: SS
6601-#: original/man8/iptables-extensions.8:1785
6602-#, no-wrap
6603-msgid "CONNSECMARK"
6604-msgstr ""
6605-
6606-#. type: Plain text
6607-#: original/man8/iptables-extensions.8:1795
6608-msgid ""
6609-"This module copies security markings from packets to connections (if "
6610-"unlabeled), and from connections back to packets (also only if unlabeled). "
6611-"Typically used in conjunction with SECMARK, it is valid in the B<security> "
6612-"table (for backwards compatibility with older kernels, it is also valid in "
6613-"the B<mangle> table)."
6614-msgstr ""
6615-
6616-#. type: TP
6617-#: original/man8/iptables-extensions.8:1795
6618-#, no-wrap
6619-msgid "B<--save>"
6620-msgstr ""
6621-
6622-#. type: Plain text
6623-#: original/man8/iptables-extensions.8:1799
6624-msgid ""
6625-"If the packet has a security marking, copy it to the connection if the "
6626-"connection is not marked."
6627-msgstr ""
6628-
6629-#. type: TP
6630-#: original/man8/iptables-extensions.8:1799
6631-#, no-wrap
6632-msgid "B<--restore>"
6633-msgstr ""
6634-
6635-#. type: Plain text
6636-#: original/man8/iptables-extensions.8:1803
6637-msgid ""
6638-"If the packet does not have a security marking, and the connection does, "
6639-"copy the security marking from the connection to the packet."
6640-msgstr ""
6641-
6642-#. type: SS
6643-#: original/man8/iptables-extensions.8:1804
6644-#, no-wrap
6645-msgid "CT"
6646-msgstr ""
6647-
6648-#. type: Plain text
6649-#: original/man8/iptables-extensions.8:1809
6650-msgid ""
6651-"The CT target allows to set parameters for a packet or its associated "
6652-"connection. The target attaches a \"template\" connection tracking entry to "
6653-"the packet, which is then used by the conntrack core when initializing a new "
6654-"ct entry. This target is thus only valid in the \"raw\" table."
6655-msgstr ""
6656-
6657-#. type: TP
6658-#: original/man8/iptables-extensions.8:1809
6659-#, no-wrap
6660-msgid "B<--notrack>"
6661-msgstr ""
6662-
6663-#. type: Plain text
6664-#: original/man8/iptables-extensions.8:1812
6665-msgid "Disables connection tracking for this packet."
6666-msgstr ""
6667-
6668-#. type: TP
6669-#: original/man8/iptables-extensions.8:1812
6670-#, no-wrap
6671-msgid "B<--helper> I<name>"
6672-msgstr ""
6673-
6674-#. type: Plain text
6675-#: original/man8/iptables-extensions.8:1816
6676-msgid ""
6677-"Use the helper identified by I<name> for the connection. This is more "
6678-"flexible than loading the conntrack helper modules with preset ports."
6679-msgstr ""
6680-
6681-#. type: TP
6682-#: original/man8/iptables-extensions.8:1816
6683-#, no-wrap
6684-msgid "B<--ctevents> I<event>[B<,>...]"
6685-msgstr ""
6686-
6687-#. type: Plain text
6688-#: original/man8/iptables-extensions.8:1822
6689-msgid ""
6690-"Only generate the specified conntrack events for this connection. Possible "
6691-"event types are: B<new>, B<related>, B<destroy>, B<reply>, B<assured>, "
6692-"B<protoinfo>, B<helper>, B<mark> (this refers to the ctmark, not nfmark), "
6693-"B<natseqinfo>, B<secmark> (ctsecmark)."
6694-msgstr ""
6695-
6696-#. type: TP
6697-#: original/man8/iptables-extensions.8:1822
6698-#, no-wrap
6699-msgid "B<--expevents> I<event>[B<,>...]"
6700-msgstr ""
6701-
6702-#. type: Plain text
6703-#: original/man8/iptables-extensions.8:1826
6704-msgid ""
6705-"Only generate the specified expectation events for this connection. "
6706-"Possible event types are: B<new>."
6707-msgstr ""
6708-
6709-#. type: TP
6710-#: original/man8/iptables-extensions.8:1826
6711-#, no-wrap
6712-msgid "B<--zone> I<id>"
6713-msgstr ""
6714-
6715-#. type: Plain text
6716-#: original/man8/iptables-extensions.8:1830
6717-msgid ""
6718-"Assign this packet to zone I<id> and only have lookups done in that zone. "
6719-"By default, packets have zone 0."
6720-msgstr ""
6721-
6722-#. type: TP
6723-#: original/man8/iptables-extensions.8:1830
6724-#, no-wrap
6725-msgid "B<--timeout> I<name>"
6726-msgstr ""
6727-
6728-#. type: Plain text
6729-#: original/man8/iptables-extensions.8:1835
6730-msgid ""
6731-"Use the timeout policy identified by I<name> for the connection. This is "
6732-"provides more flexible timeout policy definition than global timeout values "
6733-"available at /proc/sys/net/netfilter/nf_conntrack_*_timeout_*."
6734-msgstr ""
6735-
6736-#. type: SS
6737-#: original/man8/iptables-extensions.8:1835
6738-#, no-wrap
6739-msgid "DNAT (IPv4-specific)"
6740-msgstr ""
6741-
6742-#. type: Plain text
6743-#: original/man8/iptables-extensions.8:1847
6744-msgid ""
6745-"This target is only valid in the B<nat> table, in the B<PREROUTING> and "
6746-"B<OUTPUT> chains, and user-defined chains which are only called from those "
6747-"chains. It specifies that the destination address of the packet should be "
6748-"modified (and all future packets in this connection will also be mangled), "
6749-"and rules should cease being examined. It takes one type of option:"
6750-msgstr ""
6751-
6752-#. type: TP
6753-#: original/man8/iptables-extensions.8:1847
6754-#, no-wrap
6755-msgid "B<--to-destination> [I<ipaddr>[B<->I<ipaddr>]][B<:>I<port>[B<->I<port>]]"
6756-msgstr ""
6757-
6758-#. type: Plain text
6759-#: original/man8/iptables-extensions.8:1858
6760-msgid ""
6761-"which can specify a single new destination IP address, an inclusive range of "
6762-"IP addresses, and optionally, a port range (which is only valid if the rule "
6763-"also specifies B<-p tcp> or B<-p udp>). If no port range is specified, then "
6764-"the destination port will never be modified. If no IP address is specified "
6765-"then only the destination port will be modified."
6766-msgstr ""
6767-
6768-#. type: Plain text
6769-#: original/man8/iptables-extensions.8:1865
6770-msgid ""
6771-"In Kernels up to 2.6.10 you can add several --to-destination options. For "
6772-"those kernels, if you specify more than one destination address, either via "
6773-"an address range or multiple --to-destination options, a simple round-robin "
6774-"(one after another in cycle) load balancing takes place between these "
6775-"addresses. Later Kernels (E<gt>= 2.6.11-rc1) don't have the ability to NAT "
6776-"to multiple ranges anymore."
6777-msgstr ""
6778-
6779-#. type: TP
6780-#: original/man8/iptables-extensions.8:1865 original/man8/iptables-extensions.8:2145 original/man8/iptables-extensions.8:2176 original/man8/iptables-extensions.8:2299 original/man8/iptables-extensions.8:2387 original/man8/iptables-extensions.8:2456
6781-#, no-wrap
6782-msgid "B<--random>"
6783-msgstr ""
6784-
6785-#. type: Plain text
6786-#: original/man8/iptables-extensions.8:1870 original/man8/iptables-extensions.8:2304
6787-msgid ""
6788-"If option B<--random> is used then port mapping will be randomized (kernel "
6789-"E<gt>= 2.6.22)."
6790-msgstr ""
6791-
6792-#. type: TP
6793-#: original/man8/iptables-extensions.8:1870 original/man8/iptables-extensions.8:2461
6794-#, no-wrap
6795-msgid "B<--persistent>"
6796-msgstr ""
6797-
6798-#. type: Plain text
6799-#: original/man8/iptables-extensions.8:1875 original/man8/iptables-extensions.8:2466
6800-msgid ""
6801-"Gives a client the same source-/destination-address for each connection. "
6802-"This supersedes the SAME target. Support for persistent mappings is "
6803-"available from 2.6.29-rc2."
6804-msgstr ""
6805-
6806-#. type: SS
6807-#: original/man8/iptables-extensions.8:1875
6808-#, no-wrap
6809-msgid "DSCP"
6810-msgstr ""
6811-
6812-#. type: Plain text
6813-#: original/man8/iptables-extensions.8:1879
6814-msgid ""
6815-"This target allows to alter the value of the DSCP bits within the TOS header "
6816-"of the IPv4 packet. As this manipulates a packet, it can only be used in "
6817-"the mangle table."
6818-msgstr ""
6819-
6820-#. type: TP
6821-#: original/man8/iptables-extensions.8:1879
6822-#, no-wrap
6823-msgid "B<--set-dscp> I<value>"
6824-msgstr ""
6825-
6826-#. type: Plain text
6827-#: original/man8/iptables-extensions.8:1882
6828-msgid "Set the DSCP field to a numerical value (can be decimal or hex)"
6829-msgstr ""
6830-
6831-#. type: TP
6832-#: original/man8/iptables-extensions.8:1882
6833-#, no-wrap
6834-msgid "B<--set-dscp-class> I<class>"
6835-msgstr ""
6836-
6837-#. type: Plain text
6838-#: original/man8/iptables-extensions.8:1885
6839-msgid "Set the DSCP field to a DiffServ class."
6840-msgstr ""
6841-
6842-#. type: SS
6843-#: original/man8/iptables-extensions.8:1885
6844-#, no-wrap
6845-msgid "ECN (IPv4-specific)"
6846-msgstr ""
6847-
6848-#. type: Plain text
6849-#: original/man8/iptables-extensions.8:1888
6850-msgid ""
6851-"This target allows to selectively work around known ECN blackholes. It can "
6852-"only be used in the mangle table."
6853-msgstr ""
6854-
6855-#. type: TP
6856-#: original/man8/iptables-extensions.8:1888
6857-#, no-wrap
6858-msgid "B<--ecn-tcp-remove>"
6859-msgstr ""
6860-
6861-#. type: Plain text
6862-#: original/man8/iptables-extensions.8:1893
6863-msgid ""
6864-"Remove all ECN bits from the TCP header. Of course, it can only be used in "
6865-"conjunction with B<-p tcp>."
6866-msgstr ""
6867-
6868-#. type: SS
6869-#: original/man8/iptables-extensions.8:1893
6870-#, no-wrap
6871-msgid "HL (IPv6-specific)"
6872-msgstr ""
6873-
6874-#. type: Plain text
6875-#: original/man8/iptables-extensions.8:1900
6876-msgid ""
6877-"This is used to modify the Hop Limit field in IPv6 header. The Hop Limit "
6878-"field is similar to what is known as TTL value in IPv4. Setting or "
6879-"incrementing the Hop Limit field can potentially be very dangerous, so it "
6880-"should be avoided at any cost. This target is only valid in B<mangle> table."
6881-msgstr ""
6882-
6883-#. type: Plain text
6884-#: original/man8/iptables-extensions.8:1902 original/man8/iptables-extensions.8:2613
6885-msgid ""
6886-"B<Don't ever set or increment the value on packets that leave your local "
6887-"network!>"
6888-msgstr ""
6889-
6890-#. type: TP
6891-#: original/man8/iptables-extensions.8:1902
6892-#, no-wrap
6893-msgid "B<--hl-set> I<value>"
6894-msgstr ""
6895-
6896-#. type: Plain text
6897-#: original/man8/iptables-extensions.8:1905
6898-msgid "Set the Hop Limit to `value'."
6899-msgstr ""
6900-
6901-#. type: TP
6902-#: original/man8/iptables-extensions.8:1905
6903-#, no-wrap
6904-msgid "B<--hl-dec> I<value>"
6905-msgstr ""
6906-
6907-#. type: Plain text
6908-#: original/man8/iptables-extensions.8:1908
6909-msgid "Decrement the Hop Limit `value' times."
6910-msgstr ""
6911-
6912-#. type: TP
6913-#: original/man8/iptables-extensions.8:1908
6914-#, no-wrap
6915-msgid "B<--hl-inc> I<value>"
6916-msgstr ""
6917-
6918-#. type: Plain text
6919-#: original/man8/iptables-extensions.8:1911
6920-msgid "Increment the Hop Limit `value' times."
6921-msgstr ""
6922-
6923-#. type: SS
6924-#: original/man8/iptables-extensions.8:1911
6925-#, no-wrap
6926-msgid "HMARK"
6927-msgstr ""
6928-
6929-#. type: Plain text
6930-#: original/man8/iptables-extensions.8:1916
6931-msgid ""
6932-"Like MARK, i.e. set the fwmark, but the mark is calculated from hashing "
6933-"packet selector at choice. You have also to specify the mark range and, "
6934-"optionally, the offset to start from. ICMP error messages are inspected and "
6935-"used to calculate the hashing."
6936-msgstr ""
6937-
6938-#. type: Plain text
6939-#: original/man8/iptables-extensions.8:1918
6940-msgid "Existing options are:"
6941-msgstr ""
6942-
6943-#. type: TP
6944-#: original/man8/iptables-extensions.8:1918
6945-#, no-wrap
6946-msgid "B<--hmark-tuple> tuple"
6947-msgstr ""
6948-
6949-#. type: Plain text
6950-#: original/man8/iptables-extensions.8:1933
6951-msgid ""
6952-"Possible tuple members are: B<src> meaning source address (IPv4, IPv6 "
6953-"address), B<dst> meaning destination address (IPv4, IPv6 address), B<sport> "
6954-"meaning source port (TCP, UDP, UDPlite, SCTP, DCCP), B<dport> meaning "
6955-"destination port (TCP, UDP, UDPlite, SCTP, DCCP), B<spi> meaning Security "
6956-"Parameter Index (AH, ESP), and B<ct> meaning the usage of the conntrack "
6957-"tuple instead of the packet selectors."
6958-msgstr ""
6959-
6960-#. type: TP
6961-#: original/man8/iptables-extensions.8:1933
6962-#, no-wrap
6963-msgid "B<--hmark-mod> I<value (must be E<gt> 0)>"
6964-msgstr ""
6965-
6966-#. type: Plain text
6967-#: original/man8/iptables-extensions.8:1936
6968-msgid "Modulus for hash calculation (to limit the range of possible marks)"
6969-msgstr ""
6970-
6971-#. type: TP
6972-#: original/man8/iptables-extensions.8:1936
6973-#, no-wrap
6974-msgid "B<--hmark-offset> I<value>"
6975-msgstr ""
6976-
6977-#. type: Plain text
6978-#: original/man8/iptables-extensions.8:1939
6979-msgid "Offset to start marks from."
6980-msgstr ""
6981-
6982-#. type: TP
6983-#: original/man8/iptables-extensions.8:1939
6984-#, no-wrap
6985-msgid "For advanced usage, instead of using --hmark-tuple, you can specify custom"
6986-msgstr ""
6987-
6988-#. type: Plain text
6989-#: original/man8/iptables-extensions.8:1942
6990-msgid "prefixes and masks:"
6991-msgstr ""
6992-
6993-#. type: TP
6994-#: original/man8/iptables-extensions.8:1942
6995-#, no-wrap
6996-msgid "B<--hmark-src-prefix> I<cidr>"
6997-msgstr ""
6998-
6999-#. type: Plain text
7000-#: original/man8/iptables-extensions.8:1945
7001-msgid "The source address mask in CIDR notation."
7002-msgstr ""
7003-
7004-#. type: TP
7005-#: original/man8/iptables-extensions.8:1945
7006-#, no-wrap
7007-msgid "B<--hmark-dst-prefix> I<cidr>"
7008-msgstr ""
7009-
7010-#. type: Plain text
7011-#: original/man8/iptables-extensions.8:1948
7012-msgid "The destination address mask in CIDR notation."
7013-msgstr ""
7014-
7015-#. type: TP
7016-#: original/man8/iptables-extensions.8:1948
7017-#, no-wrap
7018-msgid "B<--hmark-sport-mask> I<value>"
7019-msgstr ""
7020-
7021-#. type: Plain text
7022-#: original/man8/iptables-extensions.8:1951
7023-msgid "A 16 bit source port mask in hexadecimal."
7024-msgstr ""
7025-
7026-#. type: TP
7027-#: original/man8/iptables-extensions.8:1951
7028-#, no-wrap
7029-msgid "B<--hmark-dport-mask> I<value>"
7030-msgstr ""
7031-
7032-#. type: Plain text
7033-#: original/man8/iptables-extensions.8:1954
7034-msgid "A 16 bit destination port mask in hexadecimal."
7035-msgstr ""
7036-
7037-#. type: TP
7038-#: original/man8/iptables-extensions.8:1954
7039-#, no-wrap
7040-msgid "B<--hmark-spi-mask> I<value>"
7041-msgstr ""
7042-
7043-#. type: Plain text
7044-#: original/man8/iptables-extensions.8:1957
7045-msgid "A 32 bit field with spi mask."
7046-msgstr ""
7047-
7048-#. type: TP
7049-#: original/man8/iptables-extensions.8:1957
7050-#, no-wrap
7051-msgid "B<--hmark-proto-mask> I<value>"
7052-msgstr ""
7053-
7054-#. type: Plain text
7055-#: original/man8/iptables-extensions.8:1960
7056-msgid "An 8 bit field with layer 4 protocol number."
7057-msgstr ""
7058-
7059-#. type: TP
7060-#: original/man8/iptables-extensions.8:1960
7061-#, no-wrap
7062-msgid "B<--hmark-rnd> I<value>"
7063-msgstr ""
7064-
7065-#. type: Plain text
7066-#: original/man8/iptables-extensions.8:1963
7067-msgid "A 32 bit random custom value to feed hash calculation."
7068-msgstr ""
7069-
7070-#. type: Plain text
7071-#: original/man8/iptables-extensions.8:1965
7072-msgid "I<Examples:>"
7073-msgstr ""
7074-
7075-#. type: Plain text
7076-#: original/man8/iptables-extensions.8:1969
7077-#, no-wrap
7078-msgid ""
7079-"iptables -t mangle -A PREROUTING -m conntrack --ctstate NEW\n"
7080-" -j HMARK --hmark-tuple ct,src,dst,proto --hmark-offset 10000\n"
7081-"--hmark-mod 10 --hmark-rnd 0xfeedcafe\n"
7082-msgstr ""
7083-
7084-#. type: Plain text
7085-#: original/man8/iptables-extensions.8:1972
7086-msgid ""
7087-"iptables -t mangle -A PREROUTING -j HMARK --hmark-offset 10000 --hmark-tuple "
7088-"src,dst,proto --hmark-mod 10 --hmark-rnd 0xdeafbeef"
7089-msgstr ""
7090-
7091-#. type: SS
7092-#: original/man8/iptables-extensions.8:1972
7093-#, no-wrap
7094-msgid "IDLETIMER"
7095-msgstr ""
7096-
7097-#. type: Plain text
7098-#: original/man8/iptables-extensions.8:1981
7099-msgid ""
7100-"This target can be used to identify when interfaces have been idle for a "
7101-"certain period of time. Timers are identified by labels and are created "
7102-"when a rule is set with a new label. The rules also take a timeout value "
7103-"(in seconds) as an option. If more than one rule uses the same timer label, "
7104-"the timer will be restarted whenever any of the rules get a hit. One entry "
7105-"for each timer is created in sysfs. This attribute contains the timer "
7106-"remaining for the timer to expire. The attributes are located under the "
7107-"xt_idletimer class:"
7108-msgstr ""
7109-
7110-#. type: Plain text
7111-#: original/man8/iptables-extensions.8:1983
7112-msgid "/sys/class/xt_idletimer/timers/E<lt>labelE<gt>"
7113-msgstr ""
7114-
7115-#. type: Plain text
7116-#: original/man8/iptables-extensions.8:1986
7117-msgid ""
7118-"When the timer expires, the target module sends a sysfs notification to the "
7119-"userspace, which can then decide what to do (eg. disconnect to save power)."
7120-msgstr ""
7121-
7122-#. type: TP
7123-#: original/man8/iptables-extensions.8:1986
7124-#, no-wrap
7125-msgid "B<--timeout> I<amount>"
7126-msgstr ""
7127-
7128-#. type: Plain text
7129-#: original/man8/iptables-extensions.8:1989
7130-msgid "This is the time in seconds that will trigger the notification."
7131-msgstr ""
7132-
7133-#. type: TP
7134-#: original/man8/iptables-extensions.8:1989
7135-#, no-wrap
7136-msgid "B<--label> I<string>"
7137-msgstr ""
7138-
7139-#. type: Plain text
7140-#: original/man8/iptables-extensions.8:1993
7141-msgid ""
7142-"This is a unique identifier for the timer. The maximum length for the label "
7143-"string is 27 characters."
7144-msgstr ""
7145-
7146-#. type: SS
7147-#: original/man8/iptables-extensions.8:1993
7148-#, no-wrap
7149-msgid "LED"
7150-msgstr ""
7151-
7152-#. type: Plain text
7153-#: original/man8/iptables-extensions.8:1999
7154-msgid ""
7155-"This creates an LED-trigger that can then be attached to system indicator "
7156-"lights, to blink or illuminate them when certain packets pass through the "
7157-"system. One example might be to light up an LED for a few minutes every time "
7158-"an SSH connection is made to the local machine. The following options "
7159-"control the trigger behavior:"
7160-msgstr ""
7161-
7162-#. type: TP
7163-#: original/man8/iptables-extensions.8:1999
7164-#, no-wrap
7165-msgid "B<--led-trigger-id> I<name>"
7166-msgstr ""
7167-
7168-#. type: Plain text
7169-#: original/man8/iptables-extensions.8:2003
7170-msgid ""
7171-"This is the name given to the LED trigger. The actual name of the trigger "
7172-"will be prefixed with \"netfilter-\"."
7173-msgstr ""
7174-
7175-#. type: TP
7176-#: original/man8/iptables-extensions.8:2003
7177-#, no-wrap
7178-msgid "B<--led-delay> I<ms>"
7179-msgstr ""
7180-
7181-#. type: Plain text
7182-#: original/man8/iptables-extensions.8:2011
7183-msgid ""
7184-"This indicates how long (in milliseconds) the LED should be left illuminated "
7185-"when a packet arrives before being switched off again. The default is 0 "
7186-"(blink as fast as possible.) The special value I<inf> can be given to leave "
7187-"the LED on permanently once activated. (In this case the trigger will need "
7188-"to be manually detached and reattached to the LED device to switch it off "
7189-"again.)"
7190-msgstr ""
7191-
7192-#. type: TP
7193-#: original/man8/iptables-extensions.8:2011
7194-#, no-wrap
7195-msgid "B<--led-always-blink>"
7196-msgstr ""
7197-
7198-#. type: Plain text
7199-#: original/man8/iptables-extensions.8:2016
7200-msgid ""
7201-"Always make the LED blink on packet arrival, even if the LED is already on. "
7202-"This allows notification of new packets even with long delay values (which "
7203-"otherwise would result in a silent prolonging of the delay time.)"
7204-msgstr ""
7205-
7206-#. type: TP
7207-#: original/man8/iptables-extensions.8:2018
7208-#, no-wrap
7209-msgid "Create an LED trigger for incoming SSH traffic:"
7210-msgstr ""
7211-
7212-#. type: Plain text
7213-#: original/man8/iptables-extensions.8:2021
7214-msgid "iptables -A INPUT -p tcp --dport 22 -j LED --led-trigger-id ssh"
7215-msgstr ""
7216-
7217-#. type: TP
7218-#: original/man8/iptables-extensions.8:2021
7219-#, no-wrap
7220-msgid "Then attach the new trigger to an LED:"
7221-msgstr ""
7222-
7223-#. type: Plain text
7224-#: original/man8/iptables-extensions.8:2024
7225-msgid "echo netfilter-ssh E<gt>/sys/class/leds/I<ledname>/trigger"
7226-msgstr ""
7227-
7228-#. type: SS
7229-#: original/man8/iptables-extensions.8:2024
7230-#, no-wrap
7231-msgid "LOG (IPv6-specific)"
7232-msgstr ""
7233-
7234-#. type: Plain text
7235-#: original/man8/iptables-extensions.8:2036
7236-msgid ""
7237-"Turn on kernel logging of matching packets. When this option is set for a "
7238-"rule, the Linux kernel will print some information on all matching packets "
7239-"(like most IPv6 IPv6-header fields) via the kernel log (where it can be read "
7240-"with I<dmesg> or I<syslogd>(8)). This is a \"non-terminating target\", "
7241-"i.e. rule traversal continues at the next rule. So if you want to LOG the "
7242-"packets you refuse, use two separate rules with the same matching criteria, "
7243-"first using target LOG then DROP (or REJECT)."
7244-msgstr ""
7245-
7246-#. type: TP
7247-#: original/man8/iptables-extensions.8:2036 original/man8/iptables-extensions.8:2071
7248-#, no-wrap
7249-msgid "B<--log-level> I<level>"
7250-msgstr ""
7251-
7252-#. type: Plain text
7253-#: original/man8/iptables-extensions.8:2042 original/man8/iptables-extensions.8:2077
7254-msgid ""
7255-"Level of logging, which can be (system-specific) numeric or a mnemonic. "
7256-"Possible values are (in decreasing order of priority): B<emerg>, B<alert>, "
7257-"B<crit>, B<error>, B<warning>, B<notice>, B<info> or B<debug>."
7258-msgstr ""
7259-
7260-#. type: TP
7261-#: original/man8/iptables-extensions.8:2042 original/man8/iptables-extensions.8:2077
7262-#, no-wrap
7263-msgid "B<--log-prefix> I<prefix>"
7264-msgstr ""
7265-
7266-#. type: Plain text
7267-#: original/man8/iptables-extensions.8:2046 original/man8/iptables-extensions.8:2081
7268-msgid ""
7269-"Prefix log messages with the specified prefix; up to 29 letters long, and "
7270-"useful for distinguishing messages in the logs."
7271-msgstr ""
7272-
7273-#. type: TP
7274-#: original/man8/iptables-extensions.8:2046 original/man8/iptables-extensions.8:2081
7275-#, no-wrap
7276-msgid "B<--log-tcp-sequence>"
7277-msgstr ""
7278-
7279-#. type: Plain text
7280-#: original/man8/iptables-extensions.8:2050 original/man8/iptables-extensions.8:2085
7281-msgid ""
7282-"Log TCP sequence numbers. This is a security risk if the log is readable by "
7283-"users."
7284-msgstr ""
7285-
7286-#. type: TP
7287-#: original/man8/iptables-extensions.8:2050 original/man8/iptables-extensions.8:2085
7288-#, no-wrap
7289-msgid "B<--log-tcp-options>"
7290-msgstr ""
7291-
7292-#. type: Plain text
7293-#: original/man8/iptables-extensions.8:2053 original/man8/iptables-extensions.8:2088
7294-msgid "Log options from the TCP packet header."
7295-msgstr ""
7296-
7297-#. type: TP
7298-#: original/man8/iptables-extensions.8:2053 original/man8/iptables-extensions.8:2088
7299-#, no-wrap
7300-msgid "B<--log-ip-options>"
7301-msgstr ""
7302-
7303-#. type: Plain text
7304-#: original/man8/iptables-extensions.8:2056
7305-msgid "Log options from the IPv6 packet header."
7306-msgstr ""
7307-
7308-#. type: TP
7309-#: original/man8/iptables-extensions.8:2056 original/man8/iptables-extensions.8:2091
7310-#, no-wrap
7311-msgid "B<--log-uid>"
7312-msgstr ""
7313-
7314-#. type: Plain text
7315-#: original/man8/iptables-extensions.8:2059 original/man8/iptables-extensions.8:2094
7316-msgid "Log the userid of the process which generated the packet."
7317-msgstr ""
7318-
7319-#. type: SS
7320-#: original/man8/iptables-extensions.8:2059
7321-#, no-wrap
7322-msgid "LOG (IPv4-specific)"
7323-msgstr ""
7324-
7325-#. type: Plain text
7326-#: original/man8/iptables-extensions.8:2071
7327-msgid ""
7328-"Turn on kernel logging of matching packets. When this option is set for a "
7329-"rule, the Linux kernel will print some information on all matching packets "
7330-"(like most IP header fields) via the kernel log (where it can be read with "
7331-"I<dmesg> or I<syslogd>(8)). This is a \"non-terminating target\", i.e. rule "
7332-"traversal continues at the next rule. So if you want to LOG the packets you "
7333-"refuse, use two separate rules with the same matching criteria, first using "
7334-"target LOG then DROP (or REJECT)."
7335-msgstr ""
7336-
7337-#. type: Plain text
7338-#: original/man8/iptables-extensions.8:2091
7339-msgid "Log options from the IP packet header."
7340-msgstr ""
7341-
7342-#. type: SS
7343-#: original/man8/iptables-extensions.8:2094
7344-#, no-wrap
7345-msgid "MARK"
7346-msgstr ""
7347-
7348-#. type: Plain text
7349-#: original/man8/iptables-extensions.8:2100
7350-msgid ""
7351-"This target is used to set the Netfilter mark value associated with the "
7352-"packet. It can, for example, be used in conjunction with routing based on "
7353-"fwmark (needs iproute2). If you plan on doing so, note that the mark needs "
7354-"to be set in the PREROUTING chain of the mangle table to affect routing. "
7355-"The mark field is 32 bits wide."
7356-msgstr ""
7357-
7358-#. type: Plain text
7359-#: original/man8/iptables-extensions.8:2104
7360-msgid ""
7361-"Zeroes out the bits given by I<mask> and XORs I<value> into the packet mark "
7362-"(\"nfmark\"). If I<mask> is omitted, 0xFFFFFFFF is assumed."
7363-msgstr ""
7364-
7365-#. type: Plain text
7366-#: original/man8/iptables-extensions.8:2108
7367-msgid ""
7368-"Zeroes out the bits given by I<mask> and ORs I<value> into the packet "
7369-"mark. If I<mask> is omitted, 0xFFFFFFFF is assumed."
7370-msgstr ""
7371-
7372-#. type: Plain text
7373-#: original/man8/iptables-extensions.8:2110 original/man8/iptables-extensions.8:2545
7374-msgid "The following mnemonics are available:"
7375-msgstr ""
7376-
7377-#. type: Plain text
7378-#: original/man8/iptables-extensions.8:2114
7379-msgid ""
7380-"Binary AND the nfmark with I<bits>. (Mnemonic for B<--set-xmark "
7381-"0/>I<invbits>, where I<invbits> is the binary negation of I<bits>.)"
7382-msgstr ""
7383-
7384-#. type: Plain text
7385-#: original/man8/iptables-extensions.8:2118
7386-msgid ""
7387-"Binary OR the nfmark with I<bits>. (Mnemonic for B<--set-xmark> "
7388-"I<bits>B</>I<bits>.)"
7389-msgstr ""
7390-
7391-#. type: Plain text
7392-#: original/man8/iptables-extensions.8:2122
7393-msgid ""
7394-"Binary XOR the nfmark with I<bits>. (Mnemonic for B<--set-xmark> "
7395-"I<bits>B</0>.)"
7396-msgstr ""
7397-
7398-#. type: SS
7399-#: original/man8/iptables-extensions.8:2122
7400-#, no-wrap
7401-msgid "MASQUERADE (IPv6-specific)"
7402-msgstr ""
7403-
7404-#. type: Plain text
7405-#: original/man8/iptables-extensions.8:2136
7406-msgid ""
7407-"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. "
7408-"It should only be used with dynamically assigned IPv6 (dialup) connections: "
7409-"if you have a static IP address, you should use the SNAT target. "
7410-"Masquerading is equivalent to specifying a mapping to the IP address of the "
7411-"interface the packet is going out, but also has the effect that connections "
7412-"are I<forgotten> when the interface goes down. This is the correct behavior "
7413-"when the next dialup is unlikely to have the same interface address (and "
7414-"hence any established connections are lost anyway)."
7415-msgstr ""
7416-
7417-#. type: TP
7418-#: original/man8/iptables-extensions.8:2136 original/man8/iptables-extensions.8:2167 original/man8/iptables-extensions.8:2291
7419-#, no-wrap
7420-msgid "B<--to-ports> I<port>[B<->I<port>]"
7421-msgstr ""
7422-
7423-#. type: Plain text
7424-#: original/man8/iptables-extensions.8:2145 original/man8/iptables-extensions.8:2176
7425-msgid ""
7426-"This specifies a range of source ports to use, overriding the default "
7427-"B<SNAT> source port-selection heuristics (see above). This is only valid if "
7428-"the rule also specifies B<-p tcp> or B<-p udp>."
7429-msgstr ""
7430-
7431-#. type: Plain text
7432-#: original/man8/iptables-extensions.8:2151
7433-msgid ""
7434-"Randomize source port mapping If option B<--random> is used then port "
7435-"mapping will be randomized."
7436-msgstr ""
7437-
7438-#. type: SS
7439-#: original/man8/iptables-extensions.8:2153
7440-#, no-wrap
7441-msgid "MASQUERADE (IPv4-specific)"
7442-msgstr ""
7443-
7444-#. type: Plain text
7445-#: original/man8/iptables-extensions.8:2167
7446-msgid ""
7447-"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. "
7448-"It should only be used with dynamically assigned IP (dialup) connections: "
7449-"if you have a static IP address, you should use the SNAT target. "
7450-"Masquerading is equivalent to specifying a mapping to the IP address of the "
7451-"interface the packet is going out, but also has the effect that connections "
7452-"are I<forgotten> when the interface goes down. This is the correct behavior "
7453-"when the next dialup is unlikely to have the same interface address (and "
7454-"hence any established connections are lost anyway)."
7455-msgstr ""
7456-
7457-#. type: Plain text
7458-#: original/man8/iptables-extensions.8:2182
7459-msgid ""
7460-"Randomize source port mapping If option B<--random> is used then port "
7461-"mapping will be randomized (kernel E<gt>= 2.6.21)."
7462-msgstr ""
7463-
7464-#. type: SS
7465-#: original/man8/iptables-extensions.8:2184
7466-#, no-wrap
7467-msgid "MIRROR (IPv4-specific)"
7468-msgstr ""
7469-
7470-#. type: Plain text
7471-#: original/man8/iptables-extensions.8:2197
7472-msgid ""
7473-"This is an experimental demonstration target which inverts the source and "
7474-"destination fields in the IP header and retransmits the packet. It is only "
7475-"valid in the B<INPUT>, B<FORWARD> and B<PREROUTING> chains, and user-defined "
7476-"chains which are only called from those chains. Note that the outgoing "
7477-"packets are B<NOT> seen by any packet filtering chains, connection tracking "
7478-"or NAT, to avoid loops and other problems."
7479-msgstr ""
7480-
7481-#. type: SS
7482-#: original/man8/iptables-extensions.8:2197
7483-#, no-wrap
7484-msgid "NETMAP (IPv4-specific)"
7485-msgstr ""
7486-
7487-#. type: Plain text
7488-#: original/man8/iptables-extensions.8:2202
7489-msgid ""
7490-"This target allows you to statically map a whole network of addresses onto "
7491-"another network of addresses. It can only be used from rules in the B<nat> "
7492-"table."
7493-msgstr ""
7494-
7495-#. type: TP
7496-#: original/man8/iptables-extensions.8:2202
7497-#, no-wrap
7498-msgid "B<--to> I<address>[B</>I<mask>]"
7499-msgstr ""
7500-
7501-#. type: Plain text
7502-#: original/man8/iptables-extensions.8:2207
7503-msgid ""
7504-"Network address to map to. The resulting address will be constructed in the "
7505-"following way: All 'one' bits in the mask are filled in from the new "
7506-"`address'. All bits that are zero in the mask are filled in from the "
7507-"original address."
7508-msgstr ""
7509-
7510-#. type: SS
7511-#: original/man8/iptables-extensions.8:2207
7512-#, no-wrap
7513-msgid "NFLOG"
7514-msgstr ""
7515-
7516-#. type: Plain text
7517-#: original/man8/iptables-extensions.8:2217
7518-msgid ""
7519-"This target provides logging of matching packets. When this target is set "
7520-"for a rule, the Linux kernel will pass the packet to the loaded logging "
7521-"backend to log the packet. This is usually used in combination with "
7522-"nfnetlink_log as logging backend, which will multicast the packet through a "
7523-"I<netlink> socket to the specified multicast group. One or more userspace "
7524-"processes may subscribe to the group to receive the packets. Like LOG, this "
7525-"is a non-terminating target, i.e. rule traversal continues at the next rule."
7526-msgstr ""
7527-
7528-#. type: TP
7529-#: original/man8/iptables-extensions.8:2217
7530-#, no-wrap
7531-msgid "B<--nflog-group> I<nlgroup>"
7532-msgstr ""
7533-
7534-#. type: Plain text
7535-#: original/man8/iptables-extensions.8:2221
7536-msgid ""
7537-"The netlink group (0 - 2^16-1) to which packets are (only applicable for "
7538-"nfnetlink_log). The default value is 0."
7539-msgstr ""
7540-
7541-#. type: TP
7542-#: original/man8/iptables-extensions.8:2221
7543-#, no-wrap
7544-msgid "B<--nflog-prefix> I<prefix>"
7545-msgstr ""
7546-
7547-#. type: Plain text
7548-#: original/man8/iptables-extensions.8:2225
7549-msgid ""
7550-"A prefix string to include in the log message, up to 64 characters long, "
7551-"useful for distinguishing messages in the logs."
7552-msgstr ""
7553-
7554-#. type: TP
7555-#: original/man8/iptables-extensions.8:2225
7556-#, no-wrap
7557-msgid "B<--nflog-range> I<size>"
7558-msgstr ""
7559-
7560-#. type: Plain text
7561-#: original/man8/iptables-extensions.8:2230
7562-msgid ""
7563-"The number of bytes to be copied to userspace (only applicable for "
7564-"nfnetlink_log). nfnetlink_log instances may specify their own range, this "
7565-"option overrides it."
7566-msgstr ""
7567-
7568-#. type: TP
7569-#: original/man8/iptables-extensions.8:2230
7570-#, no-wrap
7571-msgid "B<--nflog-threshold> I<size>"
7572-msgstr ""
7573-
7574-#. type: Plain text
7575-#: original/man8/iptables-extensions.8:2237
7576-msgid ""
7577-"Number of packets to queue inside the kernel before sending them to "
7578-"userspace (only applicable for nfnetlink_log). Higher values result in less "
7579-"overhead per packet, but increase delay until the packets reach "
7580-"userspace. The default value is 1."
7581-msgstr ""
7582-
7583-#. type: SS
7584-#: original/man8/iptables-extensions.8:2237
7585-#, no-wrap
7586-msgid "NFQUEUE"
7587-msgstr ""
7588-
7589-#. type: Plain text
7590-#: original/man8/iptables-extensions.8:2247
7591-msgid ""
7592-"This target is an extension of the QUEUE target. As opposed to QUEUE, it "
7593-"allows you to put a packet into any specific queue, identified by its 16-bit "
7594-"queue number. It can only be used with Kernel versions 2.6.14 or later, "
7595-"since it requires the B<nfnetlink_queue> kernel support. The "
7596-"B<queue-balance> option was added in Linux 2.6.31, B<queue-bypass> in "
7597-"2.6.39."
7598-msgstr ""
7599-
7600-#. type: TP
7601-#: original/man8/iptables-extensions.8:2247
7602-#, no-wrap
7603-msgid "B<--queue-num> I<value>"
7604-msgstr ""
7605-
7606-#. type: Plain text
7607-#: original/man8/iptables-extensions.8:2250
7608-msgid ""
7609-"This specifies the QUEUE number to use. Valid queue numbers are 0 to "
7610-"65535. The default value is 0."
7611-msgstr ""
7612-
7613-#. type: TP
7614-#: original/man8/iptables-extensions.8:2251
7615-#, no-wrap
7616-msgid "B<--queue-balance> I<value>B<:>I<value>"
7617-msgstr ""
7618-
7619-#. type: Plain text
7620-#: original/man8/iptables-extensions.8:2257
7621-msgid ""
7622-"This specifies a range of queues to use. Packets are then balanced across "
7623-"the given queues. This is useful for multicore systems: start multiple "
7624-"instances of the userspace program on queues x, x+1, .. x+n and use "
7625-"\"--queue-balance I<x>B<:>I<x+n>\". Packets belonging to the same "
7626-"connection are put into the same nfqueue."
7627-msgstr ""
7628-
7629-#. type: TP
7630-#: original/man8/iptables-extensions.8:2258
7631-#, no-wrap
7632-msgid "B<--queue-bypass>"
7633-msgstr ""
7634-
7635-#. type: Plain text
7636-#: original/man8/iptables-extensions.8:2263
7637-msgid ""
7638-"By default, if no userspace program is listening on an NFQUEUE, then all "
7639-"packets that are to be queued are dropped. When this option is used, the "
7640-"NFQUEUE rule is silently bypassed instead. The packet will move on to the "
7641-"next rule."
7642-msgstr ""
7643-
7644-#. type: SS
7645-#: original/man8/iptables-extensions.8:2263
7646-#, no-wrap
7647-msgid "NOTRACK"
7648-msgstr ""
7649-
7650-#. type: Plain text
7651-#: original/man8/iptables-extensions.8:2267
7652-msgid ""
7653-"This target disables connection tracking for all packets matching that "
7654-"rule. It is obsoleted by -j CT --notrack. Like CT, NOTRACK can only be used "
7655-"in the B<raw> table."
7656-msgstr ""
7657-
7658-#. type: SS
7659-#: original/man8/iptables-extensions.8:2267
7660-#, no-wrap
7661-msgid "RATEEST"
7662-msgstr ""
7663-
7664-#. type: Plain text
7665-#: original/man8/iptables-extensions.8:2270
7666-msgid ""
7667-"The RATEEST target collects statistics, performs rate estimation calculation "
7668-"and saves the results for later evaluation using the B<rateest> match."
7669-msgstr ""
7670-
7671-#. type: TP
7672-#: original/man8/iptables-extensions.8:2270
7673-#, no-wrap
7674-msgid "B<--rateest-name> I<name>"
7675-msgstr ""
7676-
7677-#. type: Plain text
7678-#: original/man8/iptables-extensions.8:2274
7679-msgid ""
7680-"Count matched packets into the pool referred to by I<name>, which is freely "
7681-"choosable."
7682-msgstr ""
7683-
7684-#. type: TP
7685-#: original/man8/iptables-extensions.8:2274
7686-#, no-wrap
7687-msgid "B<--rateest-interval> I<amount>{B<s>|B<ms>|B<us>}"
7688-msgstr ""
7689-
7690-#. type: Plain text
7691-#: original/man8/iptables-extensions.8:2277
7692-msgid "Rate measurement interval, in seconds, milliseconds or microseconds."
7693-msgstr ""
7694-
7695-#. type: TP
7696-#: original/man8/iptables-extensions.8:2277
7697-#, no-wrap
7698-msgid "B<--rateest-ewmalog> I<value>"
7699-msgstr ""
7700-
7701-#. type: Plain text
7702-#: original/man8/iptables-extensions.8:2280
7703-msgid "Rate measurement averaging time constant."
7704-msgstr ""
7705-
7706-#. type: SS
7707-#: original/man8/iptables-extensions.8:2280
7708-#, no-wrap
7709-msgid "REDIRECT (IPv4-specific)"
7710-msgstr ""
7711-
7712-#. type: Plain text
7713-#: original/man8/iptables-extensions.8:2291
7714-msgid ""
7715-"This target is only valid in the B<nat> table, in the B<PREROUTING> and "
7716-"B<OUTPUT> chains, and user-defined chains which are only called from those "
7717-"chains. It redirects the packet to the machine itself by changing the "
7718-"destination IP to the primary address of the incoming interface "
7719-"(locally-generated packets are mapped to the 127.0.0.1 address)."
7720-msgstr ""
7721-
7722-#. type: Plain text
7723-#: original/man8/iptables-extensions.8:2299
7724-msgid ""
7725-"This specifies a destination port or range of ports to use: without this, "
7726-"the destination port is never altered. This is only valid if the rule also "
7727-"specifies B<-p tcp> or B<-p udp>."
7728-msgstr ""
7729-
7730-#. type: SS
7731-#: original/man8/iptables-extensions.8:2306
7732-#, no-wrap
7733-msgid "REJECT (IPv6-specific)"
7734-msgstr ""
7735-
7736-#. type: Plain text
7737-#: original/man8/iptables-extensions.8:2319 original/man8/iptables-extensions.8:2353
7738-msgid ""
7739-"This is used to send back an error packet in response to the matched packet: "
7740-"otherwise it is equivalent to B<DROP> so it is a terminating TARGET, ending "
7741-"rule traversal. This target is only valid in the B<INPUT>, B<FORWARD> and "
7742-"B<OUTPUT> chains, and user-defined chains which are only called from those "
7743-"chains. The following option controls the nature of the error packet "
7744-"returned:"
7745-msgstr ""
7746-
7747-#. type: TP
7748-#: original/man8/iptables-extensions.8:2319 original/man8/iptables-extensions.8:2353
7749-#, no-wrap
7750-msgid "B<--reject-with> I<type>"
7751-msgstr ""
7752-
7753-#. type: Plain text
7754-#: original/man8/iptables-extensions.8:2340
7755-msgid ""
7756-"The type given can be B<icmp6-no-route>, B<no-route>, "
7757-"B<icmp6-adm-prohibited>, B<adm-prohibited>, B<icmp6-addr-unreachable>, "
7758-"B<addr-unreach>, B<icmp6-port-unreachable> or B<port-unreach> which return "
7759-"the appropriate ICMPv6 error message (B<port-unreach> is the "
7760-"default). Finally, the option B<tcp-reset> can be used on rules which only "
7761-"match the TCP protocol: this causes a TCP RST packet to be sent back. This "
7762-"is mainly useful for blocking I<ident> (113/tcp) probes which frequently "
7763-"occur when sending mail to broken mail hosts (which won't accept your mail "
7764-"otherwise). B<tcp-reset> can only be used with kernel versions 2.6.14 or "
7765-"later."
7766-msgstr ""
7767-
7768-#. type: SS
7769-#: original/man8/iptables-extensions.8:2340
7770-#, no-wrap
7771-msgid "REJECT (IPv4-specific)"
7772-msgstr ""
7773-
7774-#. type: Plain text
7775-#: original/man8/iptables-extensions.8:2371
7776-msgid ""
7777-"The type given can be B<icmp-net-unreachable>, B<icmp-host-unreachable>, "
7778-"B<icmp-port-unreachable>, B<icmp-proto-unreachable>, B<icmp-net-prohibited>, "
7779-"B<icmp-host-prohibited> or B<icmp-admin-prohibited> (*) which return the "
7780-"appropriate ICMP error message (B<port-unreachable> is the default). The "
7781-"option B<tcp-reset> can be used on rules which only match the TCP protocol: "
7782-"this causes a TCP RST packet to be sent back. This is mainly useful for "
7783-"blocking I<ident> (113/tcp) probes which frequently occur when sending mail "
7784-"to broken mail hosts (which won't accept your mail otherwise)."
7785-msgstr ""
7786-
7787-#. type: Plain text
7788-#: original/man8/iptables-extensions.8:2373
7789-msgid ""
7790-"(*) Using icmp-admin-prohibited with kernels that do not support it will "
7791-"result in a plain DROP instead of REJECT"
7792-msgstr ""
7793-
7794-#. type: SS
7795-#: original/man8/iptables-extensions.8:2373
7796-#, no-wrap
7797-msgid "SAME (IPv4-specific)"
7798-msgstr ""
7799-
7800-#. type: Plain text
7801-#: original/man8/iptables-extensions.8:2377
7802-msgid ""
7803-"Similar to SNAT/DNAT depending on chain: it takes a range of addresses "
7804-"(`--to 1.2.3.4-1.2.3.7') and gives a client the same "
7805-"source-/destination-address for each connection."
7806-msgstr ""
7807-
7808-#. type: Plain text
7809-#: original/man8/iptables-extensions.8:2379
7810-msgid "N.B.: The DNAT target's B<--persistent> option replaced the SAME target."
7811-msgstr ""
7812-
7813-#. type: TP
7814-#: original/man8/iptables-extensions.8:2379
7815-#, no-wrap
7816-msgid "B<--to> I<ipaddr>[B<->I<ipaddr>]"
7817-msgstr ""
7818-
7819-#. type: Plain text
7820-#: original/man8/iptables-extensions.8:2383
7821-msgid ""
7822-"Addresses to map source to. May be specified more than once for multiple "
7823-"ranges."
7824-msgstr ""
7825-
7826-#. type: TP
7827-#: original/man8/iptables-extensions.8:2383
7828-#, no-wrap
7829-msgid "B<--nodst>"
7830-msgstr ""
7831-
7832-#. type: Plain text
7833-#: original/man8/iptables-extensions.8:2387
7834-msgid ""
7835-"Don't use the destination-ip in the calculations when selecting the new "
7836-"source-ip"
7837-msgstr ""
7838-
7839-#. type: Plain text
7840-#: original/man8/iptables-extensions.8:2391
7841-msgid ""
7842-"Port mapping will be forcibly randomized to avoid attacks based on port "
7843-"prediction (kernel E<gt>= 2.6.21)."
7844-msgstr ""
7845-
7846-#. type: SS
7847-#: original/man8/iptables-extensions.8:2391
7848-#, no-wrap
7849-msgid "SECMARK"
7850-msgstr ""
7851-
7852-#. type: Plain text
7853-#: original/man8/iptables-extensions.8:2400
7854-msgid ""
7855-"This is used to set the security mark value associated with the packet for "
7856-"use by security subsystems such as SELinux. It is valid in the B<security> "
7857-"table (for backwards compatibility with older kernels, it is also valid in "
7858-"the B<mangle> table). The mark is 32 bits wide."
7859-msgstr ""
7860-
7861-#. type: TP
7862-#: original/man8/iptables-extensions.8:2400
7863-#, no-wrap
7864-msgid "B<--selctx> I<security_context>"
7865-msgstr ""
7866-
7867-#. type: SS
7868-#: original/man8/iptables-extensions.8:2402
7869-#, no-wrap
7870-msgid "SET"
7871-msgstr ""
7872-
7873-#. type: Plain text
7874-#: original/man8/iptables-extensions.8:2405
7875-msgid ""
7876-"This module adds and/or deletes entries from IP sets which can be defined by "
7877-"ipset(8)."
7878-msgstr ""
7879-
7880-#. type: TP
7881-#: original/man8/iptables-extensions.8:2405
7882-#, no-wrap
7883-msgid "B<--add-set> I<setname> I<flag>[B<,>I<flag>...]"
7884-msgstr ""
7885-
7886-#. type: Plain text
7887-#: original/man8/iptables-extensions.8:2408
7888-msgid "add the address(es)/port(s) of the packet to the set"
7889-msgstr ""
7890-
7891-#. type: TP
7892-#: original/man8/iptables-extensions.8:2408
7893-#, no-wrap
7894-msgid "B<--del-set> I<setname> I<flag>[B<,>I<flag>...]"
7895-msgstr ""
7896-
7897-#. type: Plain text
7898-#: original/man8/iptables-extensions.8:2411
7899-msgid "delete the address(es)/port(s) of the packet from the set"
7900-msgstr ""
7901-
7902-#. type: Plain text
7903-#: original/man8/iptables-extensions.8:2417
7904-msgid ""
7905-"where I<flag>(s) are B<src> and/or B<dst> specifications and there can be no "
7906-"more than six of them."
7907-msgstr ""
7908-
7909-#. type: TP
7910-#: original/man8/iptables-extensions.8:2417
7911-#, no-wrap
7912-msgid "B<--timeout> I<value>"
7913-msgstr ""
7914-
7915-#. type: Plain text
7916-#: original/man8/iptables-extensions.8:2421
7917-msgid ""
7918-"when adding an entry, the timeout value to use instead of the default one "
7919-"from the set definition"
7920-msgstr ""
7921-
7922-#. type: TP
7923-#: original/man8/iptables-extensions.8:2421
7924-#, no-wrap
7925-msgid "B<--exist>"
7926-msgstr ""
7927-
7928-#. type: Plain text
7929-#: original/man8/iptables-extensions.8:2425
7930-msgid ""
7931-"when adding an entry if it already exists, reset the timeout value to the "
7932-"specified one or to the default from the set definition"
7933-msgstr ""
7934-
7935-#. type: Plain text
7936-#: original/man8/iptables-extensions.8:2428
7937-msgid ""
7938-"Use of -j SET requires that ipset kernel support is provided, which, for "
7939-"standard kernels, is the case since Linux 2.6.39."
7940-msgstr ""
7941-
7942-#. type: SS
7943-#: original/man8/iptables-extensions.8:2428
7944-#, no-wrap
7945-msgid "SNAT (IPv4-specific)"
7946-msgstr ""
7947-
7948-#. type: Plain text
7949-#: original/man8/iptables-extensions.8:2437
7950-msgid ""
7951-"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. "
7952-"It specifies that the source address of the packet should be modified (and "
7953-"all future packets in this connection will also be mangled), and rules "
7954-"should cease being examined. It takes one type of option:"
7955-msgstr ""
7956-
7957-#. type: TP
7958-#: original/man8/iptables-extensions.8:2437
7959-#, no-wrap
7960-msgid "B<--to-source> [I<ipaddr>[B<->I<ipaddr>]][B<:>I<port>[B<->I<port>]]"
7961-msgstr ""
7962-
7963-#. type: Plain text
7964-#: original/man8/iptables-extensions.8:2449
7965-msgid ""
7966-"which can specify a single new source IP address, an inclusive range of IP "
7967-"addresses, and optionally, a port range (which is only valid if the rule "
7968-"also specifies B<-p tcp> or B<-p udp>). If no port range is specified, then "
7969-"source ports below 512 will be mapped to other ports below 512: those "
7970-"between 512 and 1023 inclusive will be mapped to ports below 1024, and other "
7971-"ports will be mapped to 1024 or above. Where possible, no port alteration "
7972-"will occur."
7973-msgstr ""
7974-
7975-#. type: Plain text
7976-#: original/man8/iptables-extensions.8:2456
7977-msgid ""
7978-"In Kernels up to 2.6.10, you can add several --to-source options. For those "
7979-"kernels, if you specify more than one source address, either via an address "
7980-"range or multiple --to-source options, a simple round-robin (one after "
7981-"another in cycle) takes place between these addresses. Later Kernels "
7982-"(E<gt>= 2.6.11-rc1) don't have the ability to NAT to multiple ranges "
7983-"anymore."
7984-msgstr ""
7985-
7986-#. type: Plain text
7987-#: original/man8/iptables-extensions.8:2461
7988-msgid ""
7989-"If option B<--random> is used then port mapping will be randomized (kernel "
7990-"E<gt>= 2.6.21)."
7991-msgstr ""
7992-
7993-#. type: SS
7994-#: original/man8/iptables-extensions.8:2466
7995-#, no-wrap
7996-msgid "TCPMSS"
7997-msgstr ""
7998-
7999-#. type: Plain text
8000-#: original/man8/iptables-extensions.8:2473
8001-msgid ""
8002-"This target allows to alter the MSS value of TCP SYN packets, to control the "
8003-"maximum size for that connection (usually limiting it to your outgoing "
8004-"interface's MTU minus 40 for IPv4 or 60 for IPv6, respectively). Of course, "
8005-"it can only be used in conjunction with B<-p tcp>."
8006-msgstr ""
8007-
8008-#. type: Plain text
8009-#: original/man8/iptables-extensions.8:2480
8010-msgid ""
8011-"This target is used to overcome criminally braindead ISPs or servers which "
8012-"block \"ICMP Fragmentation Needed\" or \"ICMPv6 Packet Too Big\" packets. "
8013-"The symptoms of this problem are that everything works fine from your Linux "
8014-"firewall/router, but machines behind it can never exchange large packets:"
8015-msgstr ""
8016-
8017-#. type: IP
8018-#: original/man8/iptables-extensions.8:2480
8019-#, no-wrap
8020-msgid "1."
8021-msgstr ""
8022-
8023-#. type: Plain text
8024-#: original/man8/iptables-extensions.8:2482
8025-msgid "Web browsers connect, then hang with no data received."
8026-msgstr ""
8027-
8028-#. type: IP
8029-#: original/man8/iptables-extensions.8:2482
8030-#, no-wrap
8031-msgid "2."
8032-msgstr ""
8033-
8034-#. type: Plain text
8035-#: original/man8/iptables-extensions.8:2484
8036-msgid "Small mail works fine, but large emails hang."
8037-msgstr ""
8038-
8039-#. type: IP
8040-#: original/man8/iptables-extensions.8:2484
8041-#, no-wrap
8042-msgid "3."
8043-msgstr ""
8044-
8045-#. type: Plain text
8046-#: original/man8/iptables-extensions.8:2486
8047-msgid "ssh works fine, but scp hangs after initial handshaking."
8048-msgstr ""
8049-
8050-#. type: Plain text
8051-#: original/man8/iptables-extensions.8:2489
8052-msgid ""
8053-"Workaround: activate this option and add a rule to your firewall "
8054-"configuration like:"
8055-msgstr ""
8056-
8057-#. type: Plain text
8058-#: original/man8/iptables-extensions.8:2492
8059-#, no-wrap
8060-msgid ""
8061-" iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN\n"
8062-" -j TCPMSS --clamp-mss-to-pmtu\n"
8063-msgstr ""
8064-
8065-#. type: TP
8066-#: original/man8/iptables-extensions.8:2492
8067-#, no-wrap
8068-msgid "B<--set-mss> I<value>"
8069-msgstr ""
8070-
8071-#. type: Plain text
8072-#: original/man8/iptables-extensions.8:2497
8073-msgid ""
8074-"Explicitly sets MSS option to specified value. If the MSS of the packet is "
8075-"already lower than I<value>, it will B<not> be increased (from Linux 2.6.25 "
8076-"onwards) to avoid more problems with hosts relying on a proper MSS."
8077-msgstr ""
8078-
8079-#. type: TP
8080-#: original/man8/iptables-extensions.8:2497
8081-#, no-wrap
8082-msgid "B<--clamp-mss-to-pmtu>"
8083-msgstr ""
8084-
8085-#. type: Plain text
8086-#: original/man8/iptables-extensions.8:2506
8087-msgid ""
8088-"Automatically clamp MSS value to (path_MTU - 40 for IPv4; -60 for IPv6). "
8089-"This may not function as desired where asymmetric routes with differing path "
8090-"MTU exist \\(em the kernel uses the path MTU which it would use to send "
8091-"packets from itself to the source and destination IP addresses. Prior to "
8092-"Linux 2.6.25, only the path MTU to the destination IP address was considered "
8093-"by this option; subsequent kernels also consider the path MTU to the source "
8094-"IP address."
8095-msgstr ""
8096-
8097-#. type: Plain text
8098-#: original/man8/iptables-extensions.8:2508
8099-msgid "These options are mutually exclusive."
8100-msgstr ""
8101-
8102-#. type: SS
8103-#: original/man8/iptables-extensions.8:2508
8104-#, no-wrap
8105-msgid "TCPOPTSTRIP"
8106-msgstr ""
8107-
8108-#. type: Plain text
8109-#: original/man8/iptables-extensions.8:2511
8110-msgid ""
8111-"This target will strip TCP options off a TCP packet. (It will actually "
8112-"replace them by NO-OPs.) As such, you will need to add the B<-p tcp> "
8113-"parameters."
8114-msgstr ""
8115-
8116-#. type: TP
8117-#: original/man8/iptables-extensions.8:2511
8118-#, no-wrap
8119-msgid "B<--strip-options> I<option>[B<,>I<option>...]"
8120-msgstr ""
8121-
8122-#. type: Plain text
8123-#: original/man8/iptables-extensions.8:2516
8124-msgid ""
8125-"Strip the given option(s). The options may be specified by TCP option number "
8126-"or by symbolic name. The list of recognized options can be obtained by "
8127-"calling iptables with B<-j TCPOPTSTRIP -h>."
8128-msgstr ""
8129-
8130-#. type: SS
8131-#: original/man8/iptables-extensions.8:2516
8132-#, no-wrap
8133-msgid "TEE"
8134-msgstr ""
8135-
8136-#. type: Plain text
8137-#: original/man8/iptables-extensions.8:2521
8138-msgid ""
8139-"The B<TEE> target will clone a packet and redirect this clone to another "
8140-"machine on the B<local> network segment. In other words, the nexthop must be "
8141-"the target, or you will have to configure the nexthop to forward it further "
8142-"if so desired."
8143-msgstr ""
8144-
8145-#. type: TP
8146-#: original/man8/iptables-extensions.8:2521
8147-#, no-wrap
8148-msgid "B<--gateway> I<ipaddr>"
8149-msgstr ""
8150-
8151-#. type: Plain text
8152-#: original/man8/iptables-extensions.8:2525
8153-msgid ""
8154-"Send the cloned packet to the host reachable at the given IP address. Use "
8155-"of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is invalid."
8156-msgstr ""
8157-
8158-#. type: Plain text
8159-#: original/man8/iptables-extensions.8:2527
8160-msgid "To forward all incoming traffic on eth0 to an Network Layer logging box:"
8161-msgstr ""
8162-
8163-#. type: Plain text
8164-#: original/man8/iptables-extensions.8:2529
8165-msgid "-t mangle -A PREROUTING -i eth0 -j TEE --gateway 2001:db8::1"
8166-msgstr ""
8167-
8168-#. type: SS
8169-#: original/man8/iptables-extensions.8:2529
8170-#, no-wrap
8171-msgid "TOS"
8172-msgstr ""
8173-
8174-#. type: Plain text
8175-#: original/man8/iptables-extensions.8:2534
8176-msgid ""
8177-"This module sets the Type of Service field in the IPv4 header (including the "
8178-"\"precedence\" bits) or the Priority field in the IPv6 header. Note that TOS "
8179-"shares the same bits as DSCP and ECN. The TOS target is only valid in the "
8180-"B<mangle> table."
8181-msgstr ""
8182-
8183-#. type: TP
8184-#: original/man8/iptables-extensions.8:2534
8185-#, no-wrap
8186-msgid "B<--set-tos> I<value>[B</>I<mask>]"
8187-msgstr ""
8188-
8189-#. type: Plain text
8190-#: original/man8/iptables-extensions.8:2538
8191-msgid ""
8192-"Zeroes out the bits given by I<mask> (see NOTE below) and XORs I<value> into "
8193-"the TOS/Priority field. If I<mask> is omitted, 0xFF is assumed."
8194-msgstr ""
8195-
8196-#. type: TP
8197-#: original/man8/iptables-extensions.8:2538
8198-#, no-wrap
8199-msgid "B<--set-tos> I<symbol>"
8200-msgstr ""
8201-
8202-#. type: Plain text
8203-#: original/man8/iptables-extensions.8:2543
8204-msgid ""
8205-"You can specify a symbolic name when using the TOS target for IPv4. It "
8206-"implies a mask of 0xFF (see NOTE below). The list of recognized TOS names "
8207-"can be obtained by calling iptables with B<-j TOS -h>."
8208-msgstr ""
8209-
8210-#. type: TP
8211-#: original/man8/iptables-extensions.8:2545
8212-#, no-wrap
8213-msgid "B<--and-tos> I<bits>"
8214-msgstr ""
8215-
8216-#. type: Plain text
8217-#: original/man8/iptables-extensions.8:2550
8218-msgid ""
8219-"Binary AND the TOS value with I<bits>. (Mnemonic for B<--set-tos "
8220-"0/>I<invbits>, where I<invbits> is the binary negation of I<bits>. See NOTE "
8221-"below.)"
8222-msgstr ""
8223-
8224-#. type: TP
8225-#: original/man8/iptables-extensions.8:2550
8226-#, no-wrap
8227-msgid "B<--or-tos> I<bits>"
8228-msgstr ""
8229-
8230-#. type: Plain text
8231-#: original/man8/iptables-extensions.8:2554
8232-msgid ""
8233-"Binary OR the TOS value with I<bits>. (Mnemonic for B<--set-tos> "
8234-"I<bits>B</>I<bits>. See NOTE below.)"
8235-msgstr ""
8236-
8237-#. type: TP
8238-#: original/man8/iptables-extensions.8:2554
8239-#, no-wrap
8240-msgid "B<--xor-tos> I<bits>"
8241-msgstr ""
8242-
8243-#. type: Plain text
8244-#: original/man8/iptables-extensions.8:2558
8245-msgid ""
8246-"Binary XOR the TOS value with I<bits>. (Mnemonic for B<--set-tos> "
8247-"I<bits>B</0>. See NOTE below.)"
8248-msgstr ""
8249-
8250-#. type: Plain text
8251-#: original/man8/iptables-extensions.8:2566
8252-msgid ""
8253-"NOTE: In Linux kernels up to and including 2.6.38, with the exception of "
8254-"longterm releases 2.6.32 (E<gt>=.42), 2.6.33 (E<gt>=.15), and 2.6.35 "
8255-"(E<gt>=.14), there is a bug whereby IPv6 TOS mangling does not behave as "
8256-"documented and differs from the IPv4 version. The TOS mask indicates the "
8257-"bits one wants to zero out, so it needs to be inverted before applying it to "
8258-"the original TOS field. However, the aformentioned kernels forgo the "
8259-"inversion which breaks --set-tos and its mnemonics."
8260-msgstr ""
8261-
8262-#. type: SS
8263-#: original/man8/iptables-extensions.8:2566
8264-#, no-wrap
8265-msgid "TPROXY"
8266-msgstr ""
8267-
8268-#. type: Plain text
8269-#: original/man8/iptables-extensions.8:2573
8270-msgid ""
8271-"This target is only valid in the B<mangle> table, in the B<PREROUTING> chain "
8272-"and user-defined chains which are only called from this chain. It redirects "
8273-"the packet to a local socket without changing the packet header in any "
8274-"way. It can also change the mark value which can then be used in advanced "
8275-"routing rules. It takes three options:"
8276-msgstr ""
8277-
8278-#. type: TP
8279-#: original/man8/iptables-extensions.8:2573
8280-#, no-wrap
8281-msgid "B<--on-port> I<port>"
8282-msgstr ""
8283-
8284-#. type: Plain text
8285-#: original/man8/iptables-extensions.8:2578
8286-msgid ""
8287-"This specifies a destination port to use. It is a required option, 0 means "
8288-"the new destination port is the same as the original. This is only valid if "
8289-"the rule also specifies B<-p tcp> or B<-p udp>."
8290-msgstr ""
8291-
8292-#. type: TP
8293-#: original/man8/iptables-extensions.8:2578
8294-#, no-wrap
8295-msgid "B<--on-ip> I<address>"
8296-msgstr ""
8297-
8298-#. type: Plain text
8299-#: original/man8/iptables-extensions.8:2583
8300-msgid ""
8301-"This specifies a destination address to use. By default the address is the "
8302-"IP address of the incoming interface. This is only valid if the rule also "
8303-"specifies B<-p tcp> or B<-p udp>."
8304-msgstr ""
8305-
8306-#. type: TP
8307-#: original/man8/iptables-extensions.8:2583
8308-#, no-wrap
8309-msgid "B<--tproxy-mark> I<value>[B</>I<mask>]"
8310-msgstr ""
8311-
8312-#. type: Plain text
8313-#: original/man8/iptables-extensions.8:2588
8314-msgid ""
8315-"Marks packets with the given value/mask. The fwmark value set here can be "
8316-"used by advanced routing. (Required for transparent proxying to work: "
8317-"otherwise these packets will get forwarded, which is probably not what you "
8318-"want.)"
8319-msgstr ""
8320-
8321-#. type: SS
8322-#: original/man8/iptables-extensions.8:2588
8323-#, no-wrap
8324-msgid "TRACE"
8325-msgstr ""
8326-
8327-#. type: Plain text
8328-#: original/man8/iptables-extensions.8:2591
8329-msgid ""
8330-"This target marks packets so that the kernel will log every rule which match "
8331-"the packets as those traverse the tables, chains, rules."
8332-msgstr ""
8333-
8334-#. type: Plain text
8335-#: original/man8/iptables-extensions.8:2598
8336-msgid ""
8337-"A logging backend, such as ip(6)t_LOG or nfnetlink_log, must be loaded for "
8338-"this to be visible. The packets are logged with the string prefix: \"TRACE: "
8339-"tablename:chainname:type:rulenum \" where type can be \"rule\" for plain "
8340-"rule, \"return\" for implicit rule at the end of a user defined chain and "
8341-"\"policy\" for the policy of the built in chains."
8342-msgstr ""
8343-
8344-#. type: Plain text
8345-#: original/man8/iptables-extensions.8:2602
8346-msgid "It can only be used in the B<raw> table."
8347-msgstr ""
8348-
8349-#. type: SS
8350-#: original/man8/iptables-extensions.8:2602
8351-#, no-wrap
8352-msgid "TTL (IPv4-specific)"
8353-msgstr ""
8354-
8355-#. type: Plain text
8356-#: original/man8/iptables-extensions.8:2606
8357-msgid ""
8358-"This is used to modify the IPv4 TTL header field. The TTL field determines "
8359-"how many hops (routers) a packet can traverse until it's time to live is "
8360-"exceeded."
8361-msgstr ""
8362-
8363-#. type: Plain text
8364-#: original/man8/iptables-extensions.8:2611
8365-msgid ""
8366-"Setting or incrementing the TTL field can potentially be very dangerous, so "
8367-"it should be avoided at any cost. This target is only valid in B<mangle> "
8368-"table."
8369-msgstr ""
8370-
8371-#. type: TP
8372-#: original/man8/iptables-extensions.8:2613
8373-#, no-wrap
8374-msgid "B<--ttl-set> I<value>"
8375-msgstr ""
8376-
8377-#. type: Plain text
8378-#: original/man8/iptables-extensions.8:2616
8379-msgid "Set the TTL value to `value'."
8380-msgstr ""
8381-
8382-#. type: TP
8383-#: original/man8/iptables-extensions.8:2616
8384-#, no-wrap
8385-msgid "B<--ttl-dec> I<value>"
8386-msgstr ""
8387-
8388-#. type: Plain text
8389-#: original/man8/iptables-extensions.8:2619
8390-msgid "Decrement the TTL value `value' times."
8391-msgstr ""
8392-
8393-#. type: TP
8394-#: original/man8/iptables-extensions.8:2619
8395-#, no-wrap
8396-msgid "B<--ttl-inc> I<value>"
8397-msgstr ""
8398-
8399-#. type: Plain text
8400-#: original/man8/iptables-extensions.8:2622
8401-msgid "Increment the TTL value `value' times."
8402-msgstr ""
8403-
8404-#. type: SS
8405-#: original/man8/iptables-extensions.8:2622
8406-#, no-wrap
8407-msgid "ULOG (IPv4-specific)"
8408-msgstr ""
8409-
8410-#. type: Plain text
8411-#: original/man8/iptables-extensions.8:2631
8412-msgid ""
8413-"This target provides userspace logging of matching packets. When this "
8414-"target is set for a rule, the Linux kernel will multicast this packet "
8415-"through a I<netlink> socket. One or more userspace processes may then "
8416-"subscribe to various multicast groups and receive the packets. Like LOG, "
8417-"this is a \"non-terminating target\", i.e. rule traversal continues at the "
8418-"next rule."
8419-msgstr ""
8420-
8421-#. type: TP
8422-#: original/man8/iptables-extensions.8:2631
8423-#, no-wrap
8424-msgid "B<--ulog-nlgroup> I<nlgroup>"
8425-msgstr ""
8426-
8427-#. type: Plain text
8428-#: original/man8/iptables-extensions.8:2635
8429-msgid ""
8430-"This specifies the netlink group (1-32) to which the packet is sent. "
8431-"Default value is 1."
8432-msgstr ""
8433-
8434-#. type: TP
8435-#: original/man8/iptables-extensions.8:2635
8436-#, no-wrap
8437-msgid "B<--ulog-prefix> I<prefix>"
8438-msgstr ""
8439-
8440-#. type: Plain text
8441-#: original/man8/iptables-extensions.8:2639
8442-msgid ""
8443-"Prefix log messages with the specified prefix; up to 32 characters long, and "
8444-"useful for distinguishing messages in the logs."
8445-msgstr ""
8446-
8447-#. type: TP
8448-#: original/man8/iptables-extensions.8:2639
8449-#, no-wrap
8450-msgid "B<--ulog-cprange> I<size>"
8451-msgstr ""
8452-
8453-#. type: Plain text
8454-#: original/man8/iptables-extensions.8:2643
8455-msgid ""
8456-"Number of bytes to be copied to userspace. A value of 0 always copies the "
8457-"entire packet, regardless of its size. Default is 0."
8458-msgstr ""
8459-
8460-#. type: TP
8461-#: original/man8/iptables-extensions.8:2643
8462-#, no-wrap
8463-msgid "B<--ulog-qthreshold> I<size>"
8464-msgstr ""
8465-
8466-#. type: Plain text
8467-#: original/man8/iptables-extensions.8:2649
8468-msgid ""
8469-"Number of packet to queue inside kernel. Setting this value to, e.g. 10 "
8470-"accumulates ten packets inside the kernel and transmits them as one netlink "
8471-"multipart message to userspace. Default is 1 (for backwards compatibility)."
8472-msgstr ""
8473-
8474-#. type: TH
8475-#: original/man8/iptables-apply.8:5
8476-#, no-wrap
8477-msgid "iptables-apply"
8478-msgstr ""
8479-
8480-#. type: TH
8481-#: original/man8/iptables-apply.8:5
8482-#, no-wrap
8483-msgid "2006-06-04"
8484-msgstr ""
8485-
8486-#. type: Plain text
8487-#: original/man8/iptables-apply.8:10
8488-msgid "iptables-apply - a safer way to update iptables remotely"
8489-msgstr ""
8490-
8491-#. type: Plain text
8492-#: original/man8/iptables-apply.8:12
8493-msgid "B<iptables-apply> [-B<hV>] [B<-t> I<timeout>] I<ruleset-file>"
8494-msgstr ""
8495-
8496-#. type: Plain text
8497-#: original/man8/iptables-apply.8:20
8498-msgid ""
8499-"iptables-apply will try to apply a new ruleset (as output by "
8500-"iptables-save/read by iptables-restore) to iptables, then prompt the user "
8501-"whether the changes are okay. If the new ruleset cut the existing "
8502-"connection, the user will not be able to answer affirmatively. In this case, "
8503-"the script rolls back to the previous ruleset after the timeout expired. The "
8504-"timeout can be set with B<-t>."
8505-msgstr ""
8506-
8507-#. type: Plain text
8508-#: original/man8/iptables-apply.8:23
8509-msgid ""
8510-"When called as B<ip6tables-apply>, the script will use "
8511-"ip6tables-save/-restore instead."
8512-msgstr ""
8513-
8514-#. type: TP
8515-#: original/man8/iptables-apply.8:24
8516-#, no-wrap
8517-msgid "B<-t> I<seconds>, B<--timeout> I<seconds>"
8518-msgstr ""
8519-
8520-#. type: Plain text
8521-#: original/man8/iptables-apply.8:28
8522-msgid ""
8523-"Sets the timeout after which the script will roll back to the previous "
8524-"ruleset."
8525-msgstr ""
8526-
8527-#. type: Plain text
8528-#: original/man8/iptables-apply.8:31
8529-msgid "Display usage information."
8530-msgstr ""
8531-
8532-#. type: TP
8533-#: original/man8/iptables-apply.8:31
8534-#, no-wrap
8535-msgid "B<-V>, B<--version>"
8536-msgstr ""
8537-
8538-#. type: Plain text
8539-#: original/man8/iptables-apply.8:34
8540-msgid "Display version information."
8541-msgstr ""
8542-
8543-#. type: Plain text
8544-#: original/man8/iptables-apply.8:37
8545-msgid "B<iptables-restore>(8), B<iptables-save>(8), B<iptables>(8)."
8546-msgstr ""
8547-
8548-#. type: SH
8549-#: original/man8/iptables-apply.8:37
8550-#, no-wrap
8551-msgid "LEGALESE"
8552-msgstr ""
8553-
8554-#. type: Plain text
8555-#: original/man8/iptables-apply.8:40
8556-msgid "iptables-apply is copyright by Martin F. Krafft."
8557-msgstr ""
8558-
8559-#. type: Plain text
8560-#: original/man8/iptables-apply.8:42
8561-msgid ""
8562-"This manual page was written by Martin F. Krafft "
8563-"E<lt>madduck@madduck.netE<gt>"
8564-msgstr ""
8565-
8566-#. type: Plain text
8567-#: original/man8/iptables-apply.8:44
8568-msgid ""
8569-"Permission is granted to copy, distribute and/or modify this document under "
8570-"the terms of the Artistic License 2.0."
8571-msgstr ""
8572-
8573-#. type: TH
8574-#: original/man1/iptables-xml.1:1
8575-#, no-wrap
8576-msgid "IPTABLES-XML"
8577-msgstr ""
8578-
8579-#. type: TH
8580-#: original/man1/iptables-xml.1:1
8581-#, no-wrap
8582-msgid "Jul 16, 2007"
8583-msgstr ""
8584-
8585-#. type: Plain text
8586-#: original/man1/iptables-xml.1:23
8587-msgid "iptables-xml \\(em Convert iptables-save format to XML"
8588-msgstr ""
8589-
8590-#. type: Plain text
8591-#: original/man1/iptables-xml.1:25
8592-msgid "B<iptables-xml> [B<-c>] [B<-v>]"
8593-msgstr ""
8594-
8595-#. type: Plain text
8596-#: original/man1/iptables-xml.1:31
8597-msgid ""
8598-"B<iptables-xml> is used to convert the output of iptables-save into an "
8599-"easily manipulatable XML format to STDOUT. Use I/O-redirection provided by "
8600-"your shell to write to a file."
8601-msgstr ""
8602-
8603-#. type: TP
8604-#: original/man1/iptables-xml.1:31
8605-#, no-wrap
8606-msgid "B<-c>, B<--combine>"
8607-msgstr ""
8608-
8609-#. type: Plain text
8610-#: original/man1/iptables-xml.1:38
8611-msgid ""
8612-"combine consecutive rules with the same matches but different "
8613-"targets. iptables does not currently support more than one target per match, "
8614-"so this simulates that by collecting the targets from consecutive iptables "
8615-"rules into one action tag, but only when the rule matches are "
8616-"identical. Terminating actions like RETURN, DROP, ACCEPT and QUEUE are not "
8617-"combined with subsequent targets."
8618-msgstr ""
8619-
8620-#. type: Plain text
8621-#: original/man1/iptables-xml.1:41
8622-msgid ""
8623-"Output xml comments containing the iptables line from which the XML is "
8624-"derived"
8625-msgstr ""
8626-
8627-#. type: Plain text
8628-#: original/man1/iptables-xml.1:48
8629-msgid ""
8630-"iptables-xml does a mechanistic conversion to a very expressive xml format; "
8631-"the only semantic considerations are for -g and -j targets in order to "
8632-"discriminate between E<lt>callE<gt> E<lt>gotoE<gt> and "
8633-"E<lt>nane-of-targetE<gt> as it helps xml processing scripts if they can tell "
8634-"the difference between a target like SNAT and another chain."
8635-msgstr ""
8636-
8637-#. type: Plain text
8638-#: original/man1/iptables-xml.1:50
8639-msgid "Some sample output is:"
8640-msgstr ""
8641-
8642-#. type: Plain text
8643-#: original/man1/iptables-xml.1:74
8644-#, no-wrap
8645-msgid ""
8646-"E<lt>iptables-rulesE<gt>\n"
8647-" E<lt>table name=\"mangle\"E<gt>\n"
8648-" E<lt>chain name=\"PREROUTING\" policy=\"ACCEPT\" "
8649-"packet-count=\"63436\"\n"
8650-"byte-count=\"7137573\"E<gt>\n"
8651-" E<lt>ruleE<gt>\n"
8652-" E<lt>conditionsE<gt>\n"
8653-" E<lt>matchE<gt>\n"
8654-" E<lt>pE<gt>tcpE<lt>/pE<gt>\n"
8655-" E<lt>/matchE<gt>\n"
8656-" E<lt>tcpE<gt>\n"
8657-" E<lt>sportE<gt>8443E<lt>/sportE<gt>\n"
8658-" E<lt>/tcpE<gt>\n"
8659-" E<lt>/conditionsE<gt>\n"
8660-" E<lt>actionsE<gt>\n"
8661-" E<lt>callE<gt>\n"
8662-" E<lt>check_ip/E<gt>\n"
8663-" E<lt>/callE<gt>\n"
8664-" E<lt>ACCEPT/E<gt>\n"
8665-" E<lt>/actionsE<gt>\n"
8666-" E<lt>/ruleE<gt>\n"
8667-" E<lt>/chainE<gt>\n"
8668-" E<lt>/tableE<gt>\n"
8669-"E<lt>/iptables-rulesE<gt>\n"
8670-msgstr ""
8671-
8672-#. type: Plain text
8673-#: original/man1/iptables-xml.1:79
8674-msgid ""
8675-"Conversion from XML to iptables-save format may be done using the "
8676-"iptables.xslt script and xsltproc, or a custom program using libxsltproc or "
8677-"similar; in this fashion:"
8678-msgstr ""
8679-
8680-#. type: Plain text
8681-#: original/man1/iptables-xml.1:81
8682-msgid "xsltproc iptables.xslt my-iptables.xml | iptables-restore"
8683-msgstr ""
8684-
8685-#. type: Plain text
8686-#: original/man1/iptables-xml.1:84
8687-msgid "None known as of iptables-1.3.7 release"
8688-msgstr ""
8689-
8690-#. type: Plain text
8691-#: original/man1/iptables-xml.1:86
8692-msgid "Sam Liddicott E<lt>azez@ufomechanic.netE<gt>"
8693-msgstr ""
8694-
8695-#. type: Plain text
8696-#: original/man1/iptables-xml.1:87
8697-msgid "B<iptables-save>(8), B<iptables-restore>(8), B<iptables>(8)"
8698-msgstr ""
--- a/po4a/cmd/ja.po
+++ /dev/null
@@ -1,10614 +0,0 @@
1-# SOME DESCRIPTIVE TITLE
2-# Copyright (C) YEAR Free Software Foundation, Inc.
3-# This file is distributed under the same license as the PACKAGE package.
4-# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
5-#
6-msgid ""
7-msgstr ""
8-"Project-Id-Version: PACKAGE VERSION\n"
9-"POT-Creation-Date: 2013-04-03 12:09+0900\n"
10-"PO-Revision-Date: 2013-04-03 12:35+0900\n"
11-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
12-"Language-Team: LANGUAGE <LL@li.org>\n"
13-"Language: \n"
14-"MIME-Version: 1.0\n"
15-"Content-Type: text/plain; charset=UTF-8\n"
16-"Content-Transfer-Encoding: 8bit\n"
17-
18-#. type: TH
19-#: original/man8/ip6tables-restore.8:1
20-#, no-wrap
21-msgid "IP6TABLES-RESTORE"
22-msgstr "IP6TABLES-RESTORE"
23-
24-#. type: TH
25-#: original/man8/ip6tables-restore.8:1 original/man8/ip6tables-save.8:1
26-#, no-wrap
27-msgid "Jan 30, 2002"
28-msgstr "Jan 30, 2002"
29-
30-#. Man page written by Sam Liddicott <azez@ufomechanic.net>
31-#. It is based on the iptables-save man page.
32-#. This program is free software; you can redistribute it and/or modify
33-#. it under the terms of the GNU General Public License as published by
34-#. the Free Software Foundation; either version 2 of the License, or
35-#. (at your option) any later version.
36-#. This program is distributed in the hope that it will be useful,
37-#. but WITHOUT ANY WARRANTY; without even the implied warranty of
38-#. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
39-#. GNU General Public License for more details.
40-#. You should have received a copy of the GNU General Public License
41-#. along with this program; if not, write to the Free Software
42-#. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
43-#. type: SH
44-#: original/man8/ip6tables-restore.8:21 original/man8/ip6tables-save.8:21
45-#: original/man8/ip6tables.8:27 original/man8/iptables-restore.8:21
46-#: original/man8/iptables-save.8:21 original/man8/iptables.8:25
47-#: original/man8/iptables-extensions.8:2 original/man8/iptables-apply.8:8
48-#: original/man1/iptables-xml.1:21
49-#, no-wrap
50-msgid "NAME"
51-msgstr "名前"
52-
53-#. type: Plain text
54-#: original/man8/ip6tables-restore.8:23
55-#, fuzzy
56-#| msgid "ip6tables-restore - Restore IPv6 Tables"
57-msgid "ip6tables-restore \\(em Restore IPv6 Tables"
58-msgstr "ip6tables-restore - IPv6 テーブルを復元する"
59-
60-#. type: SH
61-#: original/man8/ip6tables-restore.8:23 original/man8/ip6tables-save.8:23
62-#: original/man8/ip6tables.8:29 original/man8/iptables-restore.8:23
63-#: original/man8/iptables-save.8:23 original/man8/iptables.8:27
64-#: original/man8/iptables-extensions.8:4 original/man8/iptables-apply.8:10
65-#: original/man1/iptables-xml.1:23
66-#, no-wrap
67-msgid "SYNOPSIS"
68-msgstr "書式"
69-
70-#. type: Plain text
71-#: original/man8/ip6tables-restore.8:26
72-#, fuzzy
73-#| msgid "B<iptables-restore >[-c] [-n]"
74-msgid "B<ip6tables-restore> [B<-chntv>] [B<-M> I<modprobe>] [B<-T> I<name>]"
75-msgstr "B<iptables-restore >[-c] [-n]"
76-
77-#. type: SH
78-#: original/man8/ip6tables-restore.8:26 original/man8/ip6tables-save.8:26
79-#: original/man8/ip6tables.8:55 original/man8/iptables-restore.8:26
80-#: original/man8/iptables-save.8:26 original/man8/iptables.8:54
81-#: original/man8/iptables-apply.8:12 original/man1/iptables-xml.1:25
82-#, no-wrap
83-msgid "DESCRIPTION"
84-msgstr "説明"
85-
86-#. type: Plain text
87-#: original/man8/ip6tables-restore.8:31
88-msgid ""
89-"B<ip6tables-restore> is used to restore IPv6 Tables from data specified on "
90-"STDIN. Use I/O redirection provided by your shell to read from a file"
91-msgstr ""
92-"B<ip6tables-restore> は標準入力で指定されたデータから IPv6 テーブルを復元する"
93-"ために使われる。 ファイルから読み込むためには、 シェルで提供されている I/O リ"
94-"ダイレクションを使うこと。"
95-
96-#. type: TP
97-#: original/man8/ip6tables-restore.8:31 original/man8/ip6tables-save.8:35
98-#: original/man8/iptables-restore.8:31 original/man8/iptables-save.8:35
99-#, no-wrap
100-msgid "B<-c>, B<--counters>"
101-msgstr "B<-c>, B<--counters>"
102-
103-#. type: Plain text
104-#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34
105-msgid "restore the values of all packet and byte counters"
106-msgstr "全てのパケットカウンタとバイトカウンタの値を復元する。"
107-
108-#. type: TP
109-#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34
110-#: original/man8/iptables-apply.8:28
111-#, no-wrap
112-msgid "B<-h>, B<--help>"
113-msgstr "B<-h>, B<--help>"
114-
115-#. type: Plain text
116-#: original/man8/ip6tables-restore.8:37 original/man8/iptables-restore.8:37
117-msgid "Print a short option summary."
118-msgstr ""
119-
120-#. type: TP
121-#: original/man8/ip6tables-restore.8:37 original/man8/iptables-restore.8:37
122-#, no-wrap
123-msgid "B<-n>, B<--noflush> "
124-msgstr "B<-n>, B<--noflush> "
125-
126-#. type: Plain text
127-#: original/man8/ip6tables-restore.8:42
128-msgid ""
129-"don't flush the previous contents of the table. If not specified, "
130-"B<ip6tables-restore> flushes (deletes) all previous contents of the "
131-"respective table."
132-msgstr "これまでのテーブルの内容をフラッシュしない。 指定されない場合、 B<ip6tables-restore> は、これまでの各テーブルの内容を全てフラッシュ (削除) する。"
133-
134-#. type: TP
135-#: original/man8/ip6tables-restore.8:42 original/man8/iptables-restore.8:42
136-#, no-wrap
137-msgid "B<-t>, B<--test>"
138-msgstr "B<-t>, B<--test>"
139-
140-#. type: Plain text
141-#: original/man8/ip6tables-restore.8:45 original/man8/iptables-restore.8:45
142-msgid "Only parse and construct the ruleset, but do not commit it."
143-msgstr ""
144-
145-#. type: TP
146-#: original/man8/ip6tables-restore.8:45 original/man8/ip6tables.8:355
147-#: original/man8/iptables-restore.8:45 original/man8/iptables.8:343
148-#: original/man1/iptables-xml.1:38
149-#, no-wrap
150-msgid "B<-v>, B<--verbose>"
151-msgstr "B<-v>, B<--verbose>"
152-
153-#. type: Plain text
154-#: original/man8/ip6tables-restore.8:48 original/man8/iptables-restore.8:48
155-msgid "Print additional debug info during ruleset processing."
156-msgstr ""
157-
158-#. type: TP
159-#: original/man8/ip6tables-restore.8:48 original/man8/iptables-restore.8:48
160-#, no-wrap
161-msgid "B<-M>, B<--modprobe> I<modprobe_program>"
162-msgstr "B<-M>, B<--modprobe> I<modprobe_program>"
163-
164-#. type: Plain text
165-#: original/man8/ip6tables-restore.8:52
166-msgid ""
167-"Specify the path to the modprobe program. By default, ip6tables-restore will "
168-"inspect /proc/sys/kernel/modprobe to determine the executable's path."
169-msgstr ""
170-
171-#. type: TP
172-#: original/man8/ip6tables-restore.8:52 original/man8/iptables-restore.8:52
173-#, no-wrap
174-msgid "B<-T>, B<--table> I<name>"
175-msgstr "B<-T>, B<--table> I<name>"
176-
177-#. type: Plain text
178-#: original/man8/ip6tables-restore.8:57
179-#, fuzzy
180-#| msgid ""
181-#| "don't flush the previous contents of the table. If not specified, "
182-#| "B<ip6tables-restore> flushes (deletes) all previous contents of the "
183-#| "respective IPv6 Table."
184-msgid ""
185-"Restore only the named table even if the input stream contains other ones. "
186-"B<ip6tables-restore> flushes (deletes) all previous contents of the "
187-"respective IPv6 Table."
188-msgstr ""
189-"これまでのテーブルの内容をフラッシュしない。 指定されない場合、 B<ip6tables-"
190-"restore> は、これまでの各 IPv6 テーブルの内容を全てフラッシュ (削除) する。"
191-
192-#. type: SH
193-#: original/man8/ip6tables-restore.8:57 original/man8/ip6tables-save.8:42
194-#: original/man8/ip6tables.8:395 original/man8/iptables-restore.8:55
195-#: original/man8/iptables-save.8:42 original/man8/iptables.8:383
196-#: original/man1/iptables-xml.1:82
197-#, no-wrap
198-msgid "BUGS"
199-msgstr "バグ"
200-
201-#. type: Plain text
202-#: original/man8/ip6tables-restore.8:59 original/man8/ip6tables-save.8:44
203-#: original/man8/iptables-restore.8:57 original/man8/iptables-save.8:44
204-msgid "None known as of iptables-1.2.1 release"
205-msgstr "iptables-1.2.1 リリースでは知られていない。"
206-
207-#. type: SH
208-#: original/man8/ip6tables-restore.8:59 original/man8/ip6tables-save.8:44
209-#: original/man8/ip6tables.8:430 original/man8/iptables.8:429
210-#, no-wrap
211-msgid "AUTHORS"
212-msgstr "作者"
213-
214-#. type: Plain text
215-#: original/man8/ip6tables-restore.8:61 original/man8/ip6tables-save.8:46
216-#: original/man8/iptables-restore.8:59 original/man8/iptables-save.8:46
217-msgid "Harald Welte E<lt>laforge@gnumonks.orgE<gt>"
218-msgstr "Harald Welte E<lt>laforge@gnumonks.orgE<gt>"
219-
220-#. type: Plain text
221-#: original/man8/ip6tables-restore.8:63 original/man8/ip6tables-save.8:48
222-msgid "Andras Kis-Szabo E<lt>kisza@sch.bme.huE<gt>"
223-msgstr "Andras Kis-Szabo E<lt>kisza@sch.bme.huE<gt>"
224-
225-#. type: SH
226-#: original/man8/ip6tables-restore.8:63 original/man8/ip6tables-save.8:48
227-#: original/man8/ip6tables.8:412 original/man8/iptables-restore.8:59
228-#: original/man8/iptables-save.8:46 original/man8/iptables.8:411
229-#: original/man8/iptables-apply.8:34 original/man1/iptables-xml.1:86
230-#, no-wrap
231-msgid "SEE ALSO"
232-msgstr "関連項目"
233-
234-#. type: Plain text
235-#: original/man8/ip6tables-restore.8:65
236-msgid "B<ip6tables-save>(8), B<ip6tables>(8)"
237-msgstr "B<ip6tables-save>(8), B<ip6tables>(8)"
238-
239-#. type: Plain text
240-#: original/man8/ip6tables-restore.8:68 original/man8/ip6tables-save.8:53
241-#: original/man8/iptables-restore.8:64 original/man8/iptables-save.8:51
242-msgid ""
243-"The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which "
244-"details NAT, and the netfilter-hacking-HOWTO which details the internals."
245-msgstr ""
246-"より多くの iptables の使用法について 詳細に説明している iptables-HOWTO。 NAT "
247-"について詳細に説明している NAT-HOWTO。 内部構造について詳細に説明している "
248-"netfilter-hacking-HOWTO。"
249-
250-#. type: TH
251-#: original/man8/ip6tables-save.8:1
252-#, no-wrap
253-msgid "IP6TABLES-SAVE"
254-msgstr "IP6TABLES-SAVE"
255-
256-#. type: Plain text
257-#: original/man8/ip6tables-save.8:23
258-msgid "ip6tables-save \\(em dump iptables rules to stdout"
259-msgstr ""
260-
261-#. type: Plain text
262-#: original/man8/ip6tables-save.8:26
263-msgid "B<ip6tables-save> [B<-M> I<modprobe>] [B<-c>] [B<-t> I<table>"
264-msgstr "B<ip6tables-save> [B<-M> I<modprobe>] [B<-c>] [B<-t> I<table>"
265-
266-#. type: Plain text
267-#: original/man8/ip6tables-save.8:31
268-msgid ""
269-"B<ip6tables-save> is used to dump the contents of an IPv6 Table in easily "
270-"parseable format to STDOUT. Use I/O-redirection provided by your shell to "
271-"write to a file."
272-msgstr ""
273-"B<ip6tables-save> は IPv6 テーブルの内容を簡単に解析できる形式で 標準出力にダ"
274-"ンプするために使われる。 ファイルに書き出すためには、 シェルで提供されている "
275-"I/O リダイレクションを使うこと。"
276-
277-#. type: TP
278-#: original/man8/ip6tables-save.8:31 original/man8/iptables-save.8:31
279-#, no-wrap
280-msgid "B<-M> I<modprobe_program>"
281-msgstr "B<-M> I<modprobe_program>"
282-
283-#. type: Plain text
284-#: original/man8/ip6tables-save.8:35 original/man8/iptables-save.8:35
285-msgid ""
286-"Specify the path to the modprobe program. By default, iptables-save will "
287-"inspect /proc/sys/kernel/modprobe to determine the executable's path."
288-msgstr ""
289-
290-#. type: Plain text
291-#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38
292-msgid ""
293-"include the current values of all packet and byte counters in the output"
294-msgstr "全てのパケットカウンタとバイトカウンタの現在の値を出力する。"
295-
296-#. type: TP
297-#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38
298-#, no-wrap
299-msgid "B<-t>, B<--table> I<tablename>"
300-msgstr "B<-t>, B<--table> I<tablename>"
301-
302-#. type: Plain text
303-#: original/man8/ip6tables-save.8:42 original/man8/iptables-save.8:42
304-msgid ""
305-"restrict output to only one table. If not specified, output includes all "
306-"available tables."
307-msgstr ""
308-"出力を 1 つのテーブルのみに制限する。 指定されない場合、得られた全てのテーブ"
309-"ルを出力する。"
310-
311-#. type: Plain text
312-#: original/man8/ip6tables-save.8:50
313-msgid "B<ip6tables-restore>(8), B<ip6tables>(8)"
314-msgstr "B<ip6tables-restore>(8), B<ip6tables>(8)"
315-
316-#. type: TH
317-#: original/man8/ip6tables.8:1
318-#, no-wrap
319-msgid "IP6TABLES"
320-msgstr "IP6TABLES"
321-
322-#. type: TH
323-#: original/man8/ip6tables.8:1 original/man8/iptables.8:1
324-#: original/man8/iptables-extensions.8:1
325-#, no-wrap
326-msgid "iptables 1.4.18"
327-msgstr ""
328-
329-#. type: Plain text
330-#: original/man8/ip6tables.8:29
331-msgid "ip6tables \\(em IPv6 packet filter administration"
332-msgstr "ip6tables \\(em IPv6 パケットフィルタを管理する"
333-
334-#. type: Plain text
335-#: original/man8/ip6tables.8:32
336-msgid ""
337-"B<ip6tables> [B<-t> I<table>] {B<-A>|B<-C>|B<-D>} I<chain rule-"
338-"specification> [I<options...>]"
339-msgstr "B<ip6tables> [B<-t> I<テーブル>] {B<-A>|B<-C>|B<-D>} I<チェイン ルールの詳細> [I<オプション...>]"
340-
341-#. type: Plain text
342-#: original/man8/ip6tables.8:35
343-msgid ""
344-"B<ip6tables> [B<-t> I<table>] B<-I> I<chain> [I<rulenum>] I<rule-"
345-"specification> [I<options...>]"
346-msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-I> I<チェイン> [I<ルール番号>] I<ルールの詳細> [I<オプション...>]"
347-
348-#. type: Plain text
349-#: original/man8/ip6tables.8:38
350-msgid ""
351-"B<ip6tables> [B<-t> I<table>] B<-R> I<chain rulenum rule-specification> "
352-"[I<options...>]"
353-msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-R> I<チェイン ルール番号 ルールの詳細> [I<オプション...>]"
354-
355-#. type: Plain text
356-#: original/man8/ip6tables.8:41
357-msgid "B<ip6tables> [B<-t> I<table>] B<-D> I<chain rulenum> [I<options...>]"
358-msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-D> I<チェイン ルール番号> [I<オプション...>]"
359-
360-#. type: Plain text
361-#: original/man8/ip6tables.8:43
362-msgid "B<ip6tables> [B<-t> I<table>] B<-S> [I<chain> [I<rulenum>]]"
363-msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-S> [I<チェイン> [I<ルール番号>]]"
364-
365-#. type: Plain text
366-#: original/man8/ip6tables.8:46
367-msgid ""
368-"B<ip6tables> [B<-t> I<table>] {B<-F>|B<-L>|B<-Z>} [I<chain> [I<rulenum>]] "
369-"[I<options...>]"
370-msgstr "B<ip6tables> [B<-t> I<テーブル>] {B<-F>|B<-L>|B<-Z>} [I<チェイン> [I<ルール番号>]] [I<オプション...>]"
371-
372-#. type: Plain text
373-#: original/man8/ip6tables.8:48
374-msgid "B<ip6tables> [B<-t> I<table>] B<-N> I<chain>"
375-msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-N> I<チェイン>"
376-
377-#. type: Plain text
378-#: original/man8/ip6tables.8:50
379-msgid "B<ip6tables> [B<-t> I<table>] B<-X> [I<chain>]"
380-msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-X> [I<チェイン>]"
381-
382-#. type: Plain text
383-#: original/man8/ip6tables.8:53
384-msgid "B<ip6tables> [B<-t> I<table>] B<-P> I<chain target> [I<options...>]"
385-msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-P> I<チェイン ターゲット> [I<オプション...>]"
386-
387-#. type: Plain text
388-#: original/man8/ip6tables.8:55
389-msgid "B<ip6tables> [B<-t> I<table>] B<-E> I<old-chain-name new-chain-name>"
390-msgstr "B<ip6tables> [B<-t> I<テーブル>] B<-E> I<旧チェイン名 新チェイン名>"
391-
392-#. type: Plain text
393-#: original/man8/ip6tables.8:61
394-msgid ""
395-"B<Ip6tables> is used to set up, maintain, and inspect the tables of IPv6 "
396-"packet filter rules in the Linux kernel. Several different tables may be "
397-"defined. Each table contains a number of built-in chains and may also "
398-"contain user-defined chains."
399-msgstr ""
400-"B<ip6tables> は Linux カーネルの IPv6 パケットフィルタルールのテーブルを 設"
401-"定・管理・検査するために使われる。 複数の異なるテーブルが定義される可能性があ"
402-"る。 各テーブルは組み込み済みチェインを含む。 さらにユーザー定義のチェインを"
403-"含むこともできる。"
404-
405-#. type: Plain text
406-#: original/man8/ip6tables.8:66 original/man8/iptables.8:65
407-msgid ""
408-"Each chain is a list of rules which can match a set of packets. Each rule "
409-"specifies what to do with a packet that matches. This is called a `target', "
410-"which may be a jump to a user-defined chain in the same table."
411-msgstr ""
412-"各チェインは、パケット群にマッチするルールのリストである。 各ルールは\n"
413-"マッチしたパケットに対して何をするかを指定する。 これは「ターゲット」と\n"
414-"呼ばれ、 同じテーブル内のユーザー定義チェインにジャンプすることもできる。"
415-
416-#. type: SH
417-#: original/man8/ip6tables.8:66 original/man8/iptables.8:65
418-#, no-wrap
419-msgid "TARGETS"
420-msgstr "ターゲット"
421-
422-#. type: Plain text
423-#: original/man8/ip6tables.8:72 original/man8/iptables.8:71
424-#, fuzzy
425-#| msgid ""
426-#| "A firewall rule specifies criteria for a packet, and a target. If the "
427-#| "packet does not match, the next rule in the chain is the examined; if it "
428-#| "does match, then the next rule is specified by the value of the target, "
429-#| "which can be the name of a user-defined chain or one of the special "
430-#| "values I<ACCEPT>, I<DROP>, I<QUEUE>, or I<RETURN>."
431-msgid ""
432-"A firewall rule specifies criteria for a packet and a target. If the packet "
433-"does not match, the next rule in the chain is the examined; if it does "
434-"match, then the next rule is specified by the value of the target, which can "
435-"be the name of a user-defined chain or one of the special values B<ACCEPT>, "
436-"B<DROP>, B<QUEUE> or B<RETURN>."
437-msgstr ""
438-"ファイアウォールのルールは、パケットを判断する基準とターゲットを指定する。\n"
439-"パケットがマッチしない場合、チェイン内の次のルールが評価される。\n"
440-"パケットがマッチした場合、 ターゲットの値によって次のルールが指定される。\n"
441-"ターゲットの値は、ユーザー定義チェインの名前、または特別な値\n"
442-"I<ACCEPT>, I<DROP>, I<QUEUE>, I<RETURN> のうちの 1 つである。"
443-
444-#. type: Plain text
445-#: original/man8/ip6tables.8:89 original/man8/iptables.8:88
446-#, fuzzy
447-#| msgid ""
448-#| "I<ACCEPT> means to let the packet through. I<DROP> means to drop the "
449-#| "packet on the floor. I<QUEUE> means to pass the packet to userspace (if "
450-#| "supported by the kernel). I<RETURN> means stop traversing this chain and "
451-#| "resume at the next rule in the previous (calling) chain. If the end of a "
452-#| "built-in chain is reached or a rule in a built-in chain with target "
453-#| "I<RETURN> is matched, the target specified by the chain policy determines "
454-#| "the fate of the packet."
455-msgid ""
456-"B<ACCEPT> means to let the packet through. B<DROP> means to drop the packet "
457-"on the floor. B<QUEUE> means to pass the packet to userspace. (How the "
458-"packet can be received by a userspace process differs by the particular "
459-"queue handler. 2.4.x and 2.6.x kernels up to 2.6.13 include the B<ip_queue> "
460-"queue handler. Kernels 2.6.14 and later additionally include the "
461-"B<nfnetlink_queue> queue handler. Packets with a target of QUEUE will be "
462-"sent to queue number '0' in this case. Please also see the B<NFQUEUE> target "
463-"as described later in this man page.) B<RETURN> means stop traversing this "
464-"chain and resume at the next rule in the previous (calling) chain. If the "
465-"end of a built-in chain is reached or a rule in a built-in chain with target "
466-"B<RETURN> is matched, the target specified by the chain policy determines "
467-"the fate of the packet."
468-msgstr ""
469-"I<ACCEPT> はパケットを通すという意味である。 \n"
470-"I<DROP> はパケットを床に落す (捨てる) という意味である。 \n"
471-"I<QUEUE> はパケットをユーザー空間に渡すという意味である \n"
472-"(カーネルがサポートしていればであるが)。\n"
473-"I<RETURN> は、このチェインを辿るのを中止して、\n"
474-"前の (呼び出し元) チェインの次のルールから再開するという意味である。\n"
475-"組み込み済みチェインの最後に到達した場合、 または組み込み済みチェインで\n"
476-"ターゲット I<RETURN> を持つルールにマッチした場合、\n"
477-"チェインポリシーで指定されたターゲットが パケットの行方を決定する。"
478-
479-#. type: SH
480-#: original/man8/ip6tables.8:89 original/man8/iptables.8:88
481-#, no-wrap
482-msgid "TABLES"
483-msgstr "テーブル"
484-
485-#. type: Plain text
486-#: original/man8/ip6tables.8:93 original/man8/iptables.8:92
487-#, fuzzy
488-#| msgid ""
489-#| "There are currently three independent tables (which tables are present at "
490-#| "any time depends on the kernel configuration options and which modules "
491-#| "are present)."
492-msgid ""
493-"There are currently five independent tables (which tables are present at any "
494-"time depends on the kernel configuration options and which modules are "
495-"present)."
496-msgstr ""
497-"現在のところ 3 つの独立なテーブルが存在する (ある時点でどのテーブルが存在する"
498-"かは、 カーネルの設定やどういったモジュールが存在するかに依存する)。"
499-
500-#. type: TP
501-#: original/man8/ip6tables.8:93 original/man8/iptables.8:92
502-#, fuzzy, no-wrap
503-#| msgid "B<-t>, B<--table> B<tablename>"
504-msgid "B<-t>, B<--table> I<table>"
505-msgstr "B<-t>, B<--table> B<tablename>"
506-
507-#. type: Plain text
508-#: original/man8/ip6tables.8:99 original/man8/iptables.8:98
509-msgid ""
510-"This option specifies the packet matching table which the command should "
511-"operate on. If the kernel is configured with automatic module loading, an "
512-"attempt will be made to load the appropriate module for that table if it is "
513-"not already there."
514-msgstr ""
515-"このオプションは、このコマンドが操作するパケットマッチングテーブルを\n"
516-"指定する。 カーネルに自動モジュールローディングが設定されている場合、\n"
517-"そのテーブルに対する適切なモジュールがまだロードされていなければ、\n"
518-"そのモジュールがロードされる。"
519-
520-#. type: Plain text
521-#: original/man8/ip6tables.8:101 original/man8/iptables.8:100
522-msgid "The tables are as follows:"
523-msgstr "テーブルは以下の通りである。"
524-
525-#. type: TP
526-#: original/man8/ip6tables.8:102 original/man8/iptables.8:101
527-#, no-wrap
528-msgid "B<filter>:"
529-msgstr "B<filter>:"
530-
531-#. type: Plain text
532-#: original/man8/ip6tables.8:108 original/man8/iptables.8:107
533-#, fuzzy
534-#| msgid ""
535-#| "This is the default table (if no -t option is passed). It contains the "
536-#| "built-in chains B<INPUT> (for packets coming into the box itself), "
537-#| "B<FORWARD> (for packets being routed through the box), and B<OUTPUT> (for "
538-#| "locally-generated packets)."
539-msgid ""
540-"This is the default table (if no -t option is passed). It contains the built-"
541-"in chains B<INPUT> (for packets destined to local sockets), B<FORWARD> (for "
542-"packets being routed through the box), and B<OUTPUT> (for locally-generated "
543-"packets)."
544-msgstr ""
545-"(-t オプションが指定されていない場合は) これがデフォルトのテーブルである。\n"
546-"これには B<INPUT> (マシン自体に入ってくるパケットに対するチェイン)・\n"
547-"B<FORWARD> (マシンを経由するパケットに対するチェイン)・ \n"
548-"B<OUTPUT> (ローカルマシンで生成されたパケットに対するチェイン) という\n"
549-"組み込み済みチェインが含まれる。"
550-
551-#. type: TP
552-#: original/man8/ip6tables.8:108 original/man8/iptables.8:107
553-#, no-wrap
554-msgid "B<nat>:"
555-msgstr "B<nat>:"
556-
557-#. type: Plain text
558-#: original/man8/ip6tables.8:115
559-#, fuzzy
560-#| msgid ""
561-#| "This table is consulted when a packet that creates a new connection is "
562-#| "encountered. It consists of three built-ins: B<PREROUTING> (for altering "
563-#| "packets as soon as they come in), B<OUTPUT> (for altering locally-"
564-#| "generated packets before routing), and B<POSTROUTING> (for altering "
565-#| "packets as they are about to go out)."
566-msgid ""
567-"This table is consulted when a packet that creates a new connection is "
568-"encountered. It consists of three built-ins: B<PREROUTING> (for altering "
569-"packets as soon as they come in), B<OUTPUT> (for altering locally-generated "
570-"packets before routing), and B<POSTROUTING> (for altering packets as they "
571-"are about to go out). Available since kernel 3.7."
572-msgstr ""
573-"このテーブルは新しい接続を開くようなパケットに対して参照される。 これには "
574-"B<PREROUTING> (パケットが入ってきた場合、すぐにそのパケットを変換するための"
575-"チェイン)・ B<OUTPUT> (ローカルで生成されたパケットをルーティングの前に変換す"
576-"るためのチェイン)・ B<POSTROUTING> (パケットが出て行くときに変換するための"
577-"チェイン) という 3 つの組み込み済みチェインが含まれる。"
578-
579-#. type: TP
580-#: original/man8/ip6tables.8:115 original/man8/iptables.8:114
581-#, no-wrap
582-msgid "B<mangle>:"
583-msgstr "B<mangle>:"
584-
585-#. type: Plain text
586-#: original/man8/ip6tables.8:125 original/man8/iptables.8:124
587-msgid ""
588-"This table is used for specialized packet alteration. Until kernel 2.4.17 "
589-"it had two built-in chains: B<PREROUTING> (for altering incoming packets "
590-"before routing) and B<OUTPUT> (for altering locally-generated packets before "
591-"routing). Since kernel 2.4.18, three other built-in chains are also "
592-"supported: B<INPUT> (for packets coming into the box itself), B<FORWARD> "
593-"(for altering packets being routed through the box), and B<POSTROUTING> (for "
594-"altering packets as they are about to go out)."
595-msgstr ""
596-"このテーブルは特別なパケット変換に使われる。 カーネル 2.4.17 までは、\n"
597-"B<PREROUTING> (パケットが入ってきた場合、 すぐにそのパケットを変換する\n"
598-"ためのチェイン)・ B<OUTPUT> (ローカルで生成されたパケットを ルーティン\n"
599-"グの前に変換するためのチェイン) という 2 つの組み込み済みチェインが含ま\n"
600-"れていた。 カーネル 2.4.18 からは、これらの他に B<INPUT> (マシン自体に\n"
601-"入ってくるパケットに対するチェイン)・ B<FORWARD> (マシンを経由するパケッ\n"
602-"トに対するチェイン)・ B<POSTROUTING> (パケットが出て行くときに変換する\n"
603-"ためのチェイン)・ という 3 つの組み込み済みチェインもサポートされる。"
604-
605-#. type: TP
606-#: original/man8/ip6tables.8:125 original/man8/iptables.8:124
607-#, no-wrap
608-msgid "B<raw>:"
609-msgstr ""
610-
611-#. type: Plain text
612-#: original/man8/ip6tables.8:133 original/man8/iptables.8:132
613-msgid ""
614-"This table is used mainly for configuring exemptions from connection "
615-"tracking in combination with the NOTRACK target. It registers at the "
616-"netfilter hooks with higher priority and is thus called before ip_conntrack, "
617-"or any other IP tables. It provides the following built-in chains: "
618-"B<PREROUTING> (for packets arriving via any network interface) B<OUTPUT> "
619-"(for packets generated by local processes)"
620-msgstr ""
621-
622-#. type: TP
623-#: original/man8/ip6tables.8:133 original/man8/iptables.8:132
624-#, no-wrap
625-msgid "B<security>:"
626-msgstr ""
627-
628-#. type: Plain text
629-#: original/man8/ip6tables.8:144 original/man8/iptables.8:143
630-msgid ""
631-"This table is used for Mandatory Access Control (MAC) networking rules, such "
632-"as those enabled by the B<SECMARK> and B<CONNSECMARK> targets. Mandatory "
633-"Access Control is implemented by Linux Security Modules such as SELinux. "
634-"The security table is called after the filter table, allowing any "
635-"Discretionary Access Control (DAC) rules in the filter table to take effect "
636-"before MAC rules. This table provides the following built-in chains: "
637-"B<INPUT> (for packets coming into the box itself), B<OUTPUT> (for altering "
638-"locally-generated packets before routing), and B<FORWARD> (for altering "
639-"packets being routed through the box)."
640-msgstr ""
641-
642-#. type: SH
643-#: original/man8/ip6tables.8:145 original/man8/iptables.8:144
644-#: original/man8/iptables-apply.8:23
645-#, no-wrap
646-msgid "OPTIONS"
647-msgstr "オプション"
648-
649-#. type: Plain text
650-#: original/man8/ip6tables.8:148
651-msgid ""
652-"The options that are recognized by B<ip6tables> can be divided into several "
653-"different groups."
654-msgstr "B<ip6tables> で使えるオプションは、いくつかのグループに分けられる。"
655-
656-#. type: SS
657-#: original/man8/ip6tables.8:148 original/man8/iptables.8:147
658-#, no-wrap
659-msgid "COMMANDS"
660-msgstr "コマンド"
661-
662-#. type: Plain text
663-#: original/man8/ip6tables.8:154
664-msgid ""
665-"These options specify the specific action to perform. Only one of them can "
666-"be specified on the command line unless otherwise specified below. For all "
667-"the long versions of the command and option names, you need to use only "
668-"enough letters to ensure that B<ip6tables> can differentiate it from all "
669-"other options."
670-msgstr ""
671-"これらのオプションは、実行する特定の動作を指定する。 以下の説明で許可されてい"
672-"ない限り、 この中の 1 つしかコマンドラインで指定することができない。 長いバー"
673-"ジョンのコマンド名とオプション名は、 B<ip6tables> が他のコマンド名やオプショ"
674-"ン名と区別できる範囲で (文字を省略して) 指定することもできる。"
675-
676-#. type: TP
677-#: original/man8/ip6tables.8:154 original/man8/ip6tables.8:237
678-#: original/man8/iptables.8:153
679-#, fuzzy, no-wrap
680-#| msgid "B<-A, --append >I<chain rule-specification>"
681-msgid "B<-A>, B<--append> I<chain rule-specification>"
682-msgstr "B<-A, --append >I<chain rule-specification>"
683-
684-#. type: Plain text
685-#: original/man8/ip6tables.8:159 original/man8/ip6tables.8:242
686-#: original/man8/iptables.8:158
687-msgid ""
688-"Append one or more rules to the end of the selected chain. When the source "
689-"and/or destination names resolve to more than one address, a rule will be "
690-"added for each possible address combination."
691-msgstr ""
692-"選択されたチェインの最後に 1 つ以上のルールを追加する。\n"
693-"送信元や送信先の名前の解決を行って、 1 つ以上のアドレスに展開された\n"
694-"場合は、可能なアドレスの組合せそれぞれに対してルールが追加される。"
695-
696-#. type: TP
697-#: original/man8/ip6tables.8:159 original/man8/iptables.8:158
698-#, fuzzy, no-wrap
699-#| msgid "B<-A, --append >I<chain rule-specification>"
700-msgid "B<-C>, B<--check> I<chain rule-specification>"
701-msgstr "B<-A, --append >I<chain rule-specification>"
702-
703-#. type: Plain text
704-#: original/man8/ip6tables.8:165 original/man8/iptables.8:164
705-msgid ""
706-"Check whether a rule matching the specification does exist in the selected "
707-"chain. This command uses the same logic as B<-D> to find a matching entry, "
708-"but does not alter the existing iptables configuration and uses its exit "
709-"code to indicate success or failure."
710-msgstr ""
711-
712-#. type: TP
713-#: original/man8/ip6tables.8:165 original/man8/iptables.8:164
714-#, fuzzy, no-wrap
715-#| msgid "B<-D, --delete >I<chain rule-specification>"
716-msgid "B<-D>, B<--delete> I<chain rule-specification>"
717-msgstr "B<-D, --delete >I<chain rule-specification>"
718-
719-#. type: TP
720-#: original/man8/ip6tables.8:168 original/man8/iptables.8:167
721-#, fuzzy, no-wrap
722-#| msgid "B<-D, --delete >I<chain rulenum>"
723-msgid "B<-D>, B<--delete> I<chain rulenum>"
724-msgstr "B<-D, --delete >I<chain rulenum>"
725-
726-#. type: Plain text
727-#: original/man8/ip6tables.8:173 original/man8/iptables.8:172
728-msgid ""
729-"Delete one or more rules from the selected chain. There are two versions of "
730-"this command: the rule can be specified as a number in the chain (starting "
731-"at 1 for the first rule) or a rule to match."
732-msgstr ""
733-"選択されたチェインから 1 つ以上のルールを削除する。 このコマンドには 2 つの使"
734-"い方がある: チェインの中の番号 (最初のルールを 1 とする) を指定する場合と、 "
735-"マッチするルールを指定する場合である。"
736-
737-#. type: TP
738-#: original/man8/ip6tables.8:173 original/man8/iptables.8:172
739-#, fuzzy, no-wrap
740-#| msgid "B<-I, --insert >I<chain> [I<rulenum>] I<rule-specification>"
741-msgid "B<-I>, B<--insert> I<chain> [I<rulenum>] I<rule-specification>"
742-msgstr "B<-I, --insert >I<チェイン> [I<ルール番号>] I<ルールの詳細>"
743-
744-#. type: Plain text
745-#: original/man8/ip6tables.8:179 original/man8/iptables.8:178
746-msgid ""
747-"Insert one or more rules in the selected chain as the given rule number. "
748-"So, if the rule number is 1, the rule or rules are inserted at the head of "
749-"the chain. This is also the default if no rule number is specified."
750-msgstr ""
751-"選択されたチェインにルール番号を指定して 1 つ以上のルールを挿入する。 ルール"
752-"番号が 1 の場合、ルールはチェインの先頭に挿入される。 これはルール番号が指定"
753-"されない場合のデフォルトでもある。"
754-
755-#. type: TP
756-#: original/man8/ip6tables.8:179 original/man8/iptables.8:178
757-#, fuzzy, no-wrap
758-#| msgid "B<-R, --replace >I<chain rulenum rule-specification>"
759-msgid "B<-R>, B<--replace> I<chain rulenum rule-specification>"
760-msgstr "B<-R, --replace >I<chain rulenum rule-specification>"
761-
762-#. type: Plain text
763-#: original/man8/ip6tables.8:184 original/man8/iptables.8:183
764-msgid ""
765-"Replace a rule in the selected chain. If the source and/or destination "
766-"names resolve to multiple addresses, the command will fail. Rules are "
767-"numbered starting at 1."
768-msgstr ""
769-"選択されたチェインにあるルールを置き換える。\n"
770-"送信元や送信先の名前が 1 つ以上のアドレスに解決された場合は、\n"
771-"このコマンドは失敗する。ルール番号は 1 からはじまる。"
772-
773-#. type: TP
774-#: original/man8/ip6tables.8:184 original/man8/iptables.8:183
775-#, fuzzy, no-wrap
776-#| msgid "B<-L, --list >[I<chain>]"
777-msgid "B<-L>, B<--list> [I<chain>]"
778-msgstr "B<-L, --list >[I<chain>]"
779-
780-#. type: Plain text
781-#: original/man8/ip6tables.8:189
782-#, fuzzy
783-#| msgid ""
784-#| "List all rules in the selected chain. If no chain is selected, all "
785-#| "chains are listed. As every other iptables command, it applies to the "
786-#| "specified table (filter is the default), so NAT rules get listed by"
787-msgid ""
788-"List all rules in the selected chain. If no chain is selected, all chains "
789-"are listed. Like every other ip6tables command, it applies to the specified "
790-"table (filter is the default)."
791-msgstr ""
792-"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場"
793-"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同"
794-"様に、指定されたテーブル (デフォルトは filter) に対して作用する。 よって NAT "
795-"ルールを表示するには以下のようにする。"
796-
797-#. type: Plain text
798-#: original/man8/ip6tables.8:196 original/man8/iptables.8:197
799-msgid ""
800-"Please note that it is often used with the B<-n> option, in order to avoid "
801-"long reverse DNS lookups. It is legal to specify the B<-Z> (zero) option as "
802-"well, in which case the chain(s) will be atomically listed and zeroed. The "
803-"exact output is affected by the other arguments given. The exact rules are "
804-"suppressed until you use"
805-msgstr ""
806-"DNS の逆引きを避けるために、よく B<-n> オプションと共に使用される。\n"
807-"B<-Z> (ゼロ化) オプションを同時に指定することもできる。この場合、\n"
808-"チェインは要素毎にリストされて、 (訳註: パケットカウンタとバイト\n"
809-"カウンタが) ゼロにされる。出力表示は同時に与えられた他の引き数に\n"
810-"影響される。以下のように、 B<-v> オプションを指定しない限り、\n"
811-"実際のルールそのものは表示されない。"
812-
813-#. type: Plain text
814-#: original/man8/ip6tables.8:198
815-#, no-wrap
816-msgid " ip6tables -L -v\n"
817-msgstr " ip6tables -L -v\n"
818-
819-#. type: TP
820-#: original/man8/ip6tables.8:199 original/man8/iptables.8:200
821-#, fuzzy, no-wrap
822-#| msgid "B<-L, --list >[I<chain>]"
823-msgid "B<-S>, B<--list-rules> [I<chain>]"
824-msgstr "B<-L, --list >[I<chain>]"
825-
826-#. type: Plain text
827-#: original/man8/ip6tables.8:204
828-#, fuzzy
829-#| msgid ""
830-#| "List all rules in the selected chain. If no chain is selected, all "
831-#| "chains are listed. As every other iptables command, it applies to the "
832-#| "specified table (filter is the default), so NAT rules get listed by"
833-msgid ""
834-"Print all rules in the selected chain. If no chain is selected, all chains "
835-"are printed like ip6tables-save. Like every other ip6tables command, it "
836-"applies to the specified table (filter is the default)."
837-msgstr ""
838-"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場"
839-"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同"
840-"様に、指定されたテーブル (デフォルトは filter) に対して作用する。 よって NAT "
841-"ルールを表示するには以下のようにする。"
842-
843-#. type: TP
844-#: original/man8/ip6tables.8:204 original/man8/iptables.8:205
845-#, fuzzy, no-wrap
846-#| msgid "B<-F, --flush >[I<chain>]"
847-msgid "B<-F>, B<--flush> [I<chain>]"
848-msgstr "B<-F, --flush >[I<chain>]"
849-
850-#. type: Plain text
851-#: original/man8/ip6tables.8:208 original/man8/iptables.8:209
852-msgid ""
853-"Flush the selected chain (all the chains in the table if none is given). "
854-"This is equivalent to deleting all the rules one by one."
855-msgstr ""
856-"選択されたチェイン (何も指定されなければテーブル内の全てのチェイン) \n"
857-"の内容を全消去する。これは全てのルールを 1 個ずつ削除するのと\n"
858-"同じである。"
859-
860-#. type: TP
861-#: original/man8/ip6tables.8:208 original/man8/iptables.8:209
862-#, fuzzy, no-wrap
863-#| msgid "B<-Z, --zero >[I<chain>]"
864-msgid "B<-Z>, B<--zero> [I<chain> [I<rulenum>]]"
865-msgstr "B<-Z, --zero >[I<chain>]"
866-
867-#. type: Plain text
868-#: original/man8/ip6tables.8:216 original/man8/iptables.8:217
869-#, fuzzy
870-#| msgid ""
871-#| "Zero the packet and byte counters in all chains. It is legal to specify "
872-#| "the B<-L, --list> (list) option as well, to see the counters immediately "
873-#| "before they are cleared. (See above.)"
874-msgid ""
875-"Zero the packet and byte counters in all chains, or only the given chain, or "
876-"only the given rule in a chain. It is legal to specify the B<-L>, B<--list> "
877-"(list) option as well, to see the counters immediately before they are "
878-"cleared. (See above.)"
879-msgstr ""
880-"すべてのチェインのパケットカウンタとバイトカウンタをゼロにする。 クリアされる"
881-"直前のカウンタを見るために、 B<-L, --list> (一覧表示) オプションと同時に指定"
882-"することもできる (上記を参照)。"
883-
884-#. type: TP
885-#: original/man8/ip6tables.8:216 original/man8/iptables.8:217
886-#, fuzzy, no-wrap
887-#| msgid "B<-N, --new-chain >I<chain>"
888-msgid "B<-N>, B<--new-chain> I<chain>"
889-msgstr "B<-N, --new-chain >I<chain>"
890-
891-#. type: Plain text
892-#: original/man8/ip6tables.8:220 original/man8/iptables.8:221
893-msgid ""
894-"Create a new user-defined chain by the given name. There must be no target "
895-"of that name already."
896-msgstr ""
897-"指定した名前でユーザー定義チェインを作成する。 同じ名前のターゲットが既に存在"
898-"してはならない。"
899-
900-#. type: TP
901-#: original/man8/ip6tables.8:220 original/man8/iptables.8:221
902-#, fuzzy, no-wrap
903-#| msgid "B<-X, --delete-chain >[I<chain>]"
904-msgid "B<-X>, B<--delete-chain> [I<chain>]"
905-msgstr "B<-X, --delete-chain >[I<chain>]"
906-
907-#. type: Plain text
908-#: original/man8/ip6tables.8:227 original/man8/iptables.8:228
909-#, fuzzy
910-#| msgid ""
911-#| "Delete the optional user-defined chain specified. There must be no "
912-#| "references to the chain. If there are, you must delete or replace the "
913-#| "referring rules before the chain can be deleted. If no argument is "
914-#| "given, it will attempt to delete every non-builtin chain in the table."
915-msgid ""
916-"Delete the optional user-defined chain specified. There must be no "
917-"references to the chain. If there are, you must delete or replace the "
918-"referring rules before the chain can be deleted. The chain must be empty, i."
919-"e. not contain any rules. If no argument is given, it will attempt to "
920-"delete every non-builtin chain in the table."
921-msgstr ""
922-"指定したユーザー定義チェインを削除する。 そのチェインが参照されていては\n"
923-"ならない。 チェインを削除する前に、そのチェインを参照しているルールを\n"
924-"削除するか置き換えるかしなければならない。 引き数が与えられない場合、テー\n"
925-"ブルにあるチェインのうち 組み込み済みチェインでないものを全て削除する。"
926-
927-#. type: TP
928-#: original/man8/ip6tables.8:227 original/man8/iptables.8:228
929-#, fuzzy, no-wrap
930-#| msgid "B<-P, --policy >I<chain target>"
931-msgid "B<-P>, B<--policy> I<chain target>"
932-msgstr "B<-P, --policy >I<chain target>"
933-
934-#. type: Plain text
935-#: original/man8/ip6tables.8:233 original/man8/iptables.8:234
936-msgid ""
937-"Set the policy for the chain to the given target. See the section "
938-"B<TARGETS> for the legal targets. Only built-in (non-user-defined) chains "
939-"can have policies, and neither built-in nor user-defined chains can be "
940-"policy targets."
941-msgstr ""
942-"チェインのポリシーを指定したターゲットに設定する。指定可能なターゲット\n"
943-"は「B<ターゲット>」の章を参照すること。 (ユーザー定義ではない) 組み込み\n"
944-"済みチェインにしかポリシーは設定できない。 また、組み込み済みチェインも\n"
945-"ユーザー定義チェインも ポリシーのターゲットに設定することはできない。"
946-
947-#. type: TP
948-#: original/man8/ip6tables.8:233 original/man8/iptables.8:234
949-#, fuzzy, no-wrap
950-#| msgid "B<-E, --rename-chain >I<old-chain new-chain>"
951-msgid "B<-E>, B<--rename-chain> I<old-chain new-chain>"
952-msgstr "B<-E, --rename-chain >I<old-chain new-chain>"
953-
954-#. type: Plain text
955-#: original/man8/ip6tables.8:237 original/man8/iptables.8:238
956-msgid ""
957-"Rename the user specified chain to the user supplied name. This is "
958-"cosmetic, and has no effect on the structure of the table."
959-msgstr ""
960-"ユーザー定義チェインを指定した名前に変更する。 これは見た目だけの変更なので、"
961-"テーブルの構造には何も影響しない。"
962-
963-#. type: TP
964-#: original/man8/ip6tables.8:242 original/man8/iptables.8:238
965-#, no-wrap
966-msgid "B<-h>"
967-msgstr "B<-h>"
968-
969-#. type: Plain text
970-#: original/man8/ip6tables.8:246 original/man8/iptables.8:242
971-msgid "Help. Give a (currently very brief) description of the command syntax."
972-msgstr "ヘルプ。 (今のところはとても簡単な) コマンド書式の説明を表示する。"
973-
974-#. type: SS
975-#: original/man8/ip6tables.8:246 original/man8/iptables.8:242
976-#, no-wrap
977-msgid "PARAMETERS"
978-msgstr "パラメータ"
979-
980-#. type: Plain text
981-#: original/man8/ip6tables.8:249 original/man8/iptables.8:245
982-msgid ""
983-"The following parameters make up a rule specification (as used in the add, "
984-"delete, insert, replace and append commands)."
985-msgstr ""
986-"以下のパラメータは (add, delete, insert, replace, append コマンドで用いられ"
987-"て) ルールの仕様を決める。"
988-
989-#. type: TP
990-#: original/man8/ip6tables.8:249 original/man8/iptables.8:245
991-#, fuzzy, no-wrap
992-#| msgid "B<-c>, B<--counters>"
993-msgid "B<-4>, B<--ipv4>"
994-msgstr "B<-c>, B<--counters>"
995-
996-#. type: Plain text
997-#: original/man8/ip6tables.8:255
998-msgid ""
999-"If a rule using the B<-4> option is inserted with (and only with) ip6tables-"
1000-"restore, it will be silently ignored. Any other uses will throw an error. "
1001-"This option allows to put both IPv4 and IPv6 rules in a single rule file for "
1002-"use with both iptables-restore and ip6tables-restore."
1003-msgstr ""
1004-
1005-#. type: TP
1006-#: original/man8/ip6tables.8:255 original/man8/iptables.8:248
1007-#, fuzzy, no-wrap
1008-#| msgid "B<-c>, B<--counters>"
1009-msgid "B<-6>, B<--ipv6>"
1010-msgstr "B<-c>, B<--counters>"
1011-
1012-#. type: Plain text
1013-#: original/man8/ip6tables.8:258
1014-msgid "This option has no effect in ip6tables and ip6tables-restore."
1015-msgstr ""
1016-
1017-#. type: TP
1018-#: original/man8/ip6tables.8:258 original/man8/iptables.8:254
1019-#, fuzzy, no-wrap
1020-#| msgid "B<-p, --protocol >[!] I<protocol>"
1021-msgid "[B<!>] B<-p>, B<--protocol> I<protocol>"
1022-msgstr "B<-p, --protocol >[!] I<protocol>"
1023-
1024-#. type: Plain text
1025-#: original/man8/ip6tables.8:276
1026-#, fuzzy
1027-#| msgid ""
1028-#| "The protocol of the rule or of the packet to check. The specified "
1029-#| "protocol can be one of I<tcp>, I<udp>, I<icmp>, or I<all>, or it can be a "
1030-#| "numeric value, representing one of these protocols or a different one. A "
1031-#| "protocol name from /etc/protocols is also allowed. A \"!\" argument "
1032-#| "before the protocol inverts the test. The number zero is equivalent to "
1033-#| "I<all>. Protocol I<all> will match with all protocols and is taken as "
1034-#| "default when this option is omitted."
1035-msgid ""
1036-"The protocol of the rule or of the packet to check. The specified protocol "
1037-"can be one of B<tcp>, B<udp>, B<udplite>, B<icmpv6>, B<esp>, B<mh> or the "
1038-"special keyword \"B<all>\", or it can be a numeric value, representing one "
1039-"of these protocols or a different one. A protocol name from /etc/protocols "
1040-"is also allowed. But IPv6 extension headers except B<esp> are not allowed. "
1041-"B<esp> and B<ipv6-nonext> can be used with Kernel version 2.6.11 or later. "
1042-"A \"!\" argument before the protocol inverts the test. The number zero is "
1043-"equivalent to B<all>, which means that you cannot test the protocol field "
1044-"for the value 0 directly. To match on a HBH header, even if it were the "
1045-"last, you cannot use B<-p 0>, but always need B<-m hbh>. \"B<all>\" will "
1046-"match with all protocols and is taken as default when this option is omitted."
1047-msgstr ""
1048-"ルールで使われるプロトコル、またはチェックされるパケットのプロトコル。 指定で"
1049-"きるプロトコルは、 I<tcp>, I<udp>, I<icmp>, I<all> のいずれか 1 つか、数値で"
1050-"ある。 数値には、これらのプロトコルのどれかないし別のプロトコルを表す 数値を"
1051-"指定することができる。 /etc/protocols にあるプロトコル名も指定できる。 プロト"
1052-"コルの前に \"!\" を置くと、そのプロトコルを除外するという意味になる。 数値 0 "
1053-"は I<all> と等しい。 プロトコル I<all> は全てのプロトコルとマッチし、 このオ"
1054-"プションが省略された際のデフォルトである。"
1055-
1056-#. type: TP
1057-#: original/man8/ip6tables.8:276
1058-#, fuzzy, no-wrap
1059-#| msgid "B<-s, --source >[!] I<address>[/I<mask>]"
1060-msgid "[B<!>] B<-s>, B<--source> I<address>[B</>I<mask>]"
1061-msgstr "B<-s, --source >[!] I<address>[/I<mask>]"
1062-
1063-#. type: Plain text
1064-#: original/man8/ip6tables.8:293
1065-#, fuzzy
1066-#| msgid ""
1067-#| "Source specification. I<Address> can be either a network name, a "
1068-#| "hostname (please note that specifying any name to be resolved with a "
1069-#| "remote query such as DNS is a really bad idea), a network IP address "
1070-#| "(with /mask), or a plain IP address. The I<mask> can be either a network "
1071-#| "mask or a plain number, specifying the number of 1's at the left side of "
1072-#| "the network mask. Thus, a mask of I<24> is equivalent to "
1073-#| "I<255.255.255.0>. A \"!\" argument before the address specification "
1074-#| "inverts the sense of the address. The flag B<--src> is an alias for this "
1075-#| "option."
1076-msgid ""
1077-"Source specification. I<Address> can be either be a hostname, a network IP "
1078-"address (with B</>I<mask>), or a plain IP address. Names will be resolved "
1079-"once only, before the rule is submitted to the kernel. Please note that "
1080-"specifying any name to be resolved with a remote query such as DNS is a "
1081-"really bad idea. (Resolving network names is not supported at this time.) "
1082-"The I<mask> is a plain number, specifying the number of 1's at the left side "
1083-"of the network mask. A \"!\" argument before the address specification "
1084-"inverts the sense of the address. The flag B<--src> is an alias for this "
1085-"option. Multiple addresses can be specified, but this will B<expand to "
1086-"multiple rules> (when adding with -A), or will cause multiple rules to be "
1087-"deleted (with -D)."
1088-msgstr ""
1089-"送信元の指定。 I<address> はホスト名 (DNS のようなリモートへの問い合わせで解"
1090-"決する名前を指定するのは非常に良くない) ・ネットワーク IP アドレス (/mask を"
1091-"指定する)・ 通常の IP アドレス、のいずれかである。 I<mask> はネットワークマス"
1092-"クか、 ネットワークマスクの左側にある 1 の数を指定する数値である。 つまり、 "
1093-"I<24> という mask は I<255.255.255.0> に等しい。 アドレス指定の前に \"!\" を"
1094-"置くと、そのアドレスを除外するという意味になる。 フラグ B<--src> は、このオプ"
1095-"ションの別名である。"
1096-
1097-#. type: TP
1098-#: original/man8/ip6tables.8:293
1099-#, fuzzy, no-wrap
1100-#| msgid "B<-d, --destination >[!] I<address>[/I<mask>]"
1101-msgid "[B<!>] B<-d>, B<--destination> I<address>[B</>I<mask>]"
1102-msgstr "B<-d, --destination >[!] I<address>[/I<mask>]"
1103-
1104-#. type: Plain text
1105-#: original/man8/ip6tables.8:299 original/man8/iptables.8:288
1106-msgid ""
1107-"Destination specification. See the description of the B<-s> (source) flag "
1108-"for a detailed description of the syntax. The flag B<--dst> is an alias for "
1109-"this option."
1110-msgstr ""
1111-"送信先の指定。 書式の詳しい説明については、 B<-s> (送信元) フラグの説明を参照"
1112-"すること。 フラグ B<--dst> は、このオプションの別名である。"
1113-
1114-#. type: TP
1115-#: original/man8/ip6tables.8:299 original/man8/iptables.8:288
1116-#, fuzzy, no-wrap
1117-#| msgid "B<-L, --list >[I<chain>]"
1118-msgid "B<-m>, B<--match> I<match>"
1119-msgstr "B<-L, --list >[I<chain>]"
1120-
1121-#. type: Plain text
1122-#: original/man8/ip6tables.8:306 original/man8/iptables.8:295
1123-msgid ""
1124-"Specifies a match to use, that is, an extension module that tests for a "
1125-"specific property. The set of matches make up the condition under which a "
1126-"target is invoked. Matches are evaluated first to last as specified on the "
1127-"command line and work in short-circuit fashion, i.e. if one extension yields "
1128-"false, evaluation will stop."
1129-msgstr ""
1130-
1131-#. type: TP
1132-#: original/man8/ip6tables.8:306 original/man8/iptables.8:295
1133-#, fuzzy, no-wrap
1134-#| msgid "B<-j, --jump >I<target>"
1135-msgid "B<-j>, B<--jump> I<target>"
1136-msgstr "B<-j, --jump >I<target>"
1137-
1138-#. type: Plain text
1139-#: original/man8/ip6tables.8:317 original/man8/iptables.8:306
1140-#, fuzzy
1141-#| msgid ""
1142-#| "This specifies the target of the rule; i.e., what to do if the packet "
1143-#| "matches it. The target can be a user-defined chain (other than the one "
1144-#| "this rule is in), one of the special builtin targets which decide the "
1145-#| "fate of the packet immediately, or an extension (see B<EXTENSIONS> "
1146-#| "below). If this option is omitted in a rule, then matching the rule will "
1147-#| "have no effect on the packet's fate, but the counters on the rule will be "
1148-#| "incremented."
1149-msgid ""
1150-"This specifies the target of the rule; i.e., what to do if the packet "
1151-"matches it. The target can be a user-defined chain (other than the one this "
1152-"rule is in), one of the special builtin targets which decide the fate of the "
1153-"packet immediately, or an extension (see B<EXTENSIONS> below). If this "
1154-"option is omitted in a rule (and B<-g> is not used), then matching the rule "
1155-"will have no effect on the packet's fate, but the counters on the rule will "
1156-"be incremented."
1157-msgstr ""
1158-"ルールのターゲット、つまり、パケットがマッチした場合にどうするかを指定\n"
1159-"する。ターゲットはユーザー定義チェイン (そのルール自身が入っている\n"
1160-"チェイン以外) でも、パケットの行方を即時に決定する特別な組み込み済み\n"
1161-"ターゲットでも、拡張されたターゲット (以下の 「B<ターゲットの拡張>」 を\n"
1162-"参照) でもよい。 このオプションがルールの中で省略された場合、 ルールに\n"
1163-"マッチしてもパケットの行方に何も影響しないが、 ルールのカウンタは 1 つ\n"
1164-"加算される。"
1165-
1166-#. type: TP
1167-#: original/man8/ip6tables.8:317 original/man8/iptables.8:306
1168-#, fuzzy, no-wrap
1169-#| msgid "B<-L, --list >[I<chain>]"
1170-msgid "B<-g>, B<--goto> I<chain>"
1171-msgstr "B<-L, --list >[I<chain>]"
1172-
1173-#. type: Plain text
1174-#: original/man8/ip6tables.8:323 original/man8/iptables.8:312
1175-msgid ""
1176-"This specifies that the processing should continue in a user specified "
1177-"chain. Unlike the --jump option return will not continue processing in this "
1178-"chain but instead in the chain that called us via --jump."
1179-msgstr ""
1180-
1181-#. type: TP
1182-#: original/man8/ip6tables.8:323 original/man8/iptables.8:312
1183-#, fuzzy, no-wrap
1184-#| msgid "B<-i, --in-interface >[!] I<name>"
1185-msgid "[B<!>] B<-i>, B<--in-interface> I<name>"
1186-msgstr "B<-i, --in-interface >[!] I<name>"
1187-
1188-#. type: Plain text
1189-#: original/man8/ip6tables.8:331 original/man8/iptables.8:320
1190-#, fuzzy
1191-#| msgid ""
1192-#| "Name of an interface via which a packet is going to be received (only for "
1193-#| "packets entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). "
1194-#| "When the \"!\" argument is used before the interface name, the sense is "
1195-#| "inverted. If the interface name ends in a \"+\", then any interface "
1196-#| "which begins with this name will match. If this option is omitted, any "
1197-#| "interface name will match."
1198-msgid ""
1199-"Name of an interface via which a packet was received (only for packets "
1200-"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). When the \"!\" "
1201-"argument is used before the interface name, the sense is inverted. If the "
1202-"interface name ends in a \"+\", then any interface which begins with this "
1203-"name will match. If this option is omitted, any interface name will match."
1204-msgstr ""
1205-"パケットを受信することになるインターフェース名 (B<INPUT>, B<FORWARD>,\n"
1206-"B<PREROUTING> チェインに入るパケットのみ)。インターフェース名の前に\n"
1207-"\"!\" を置くと、 そのインターフェースを除外するという意味になる。\n"
1208-"インターフェース名が \"+\" で終っている場合、 その名前で始まる任意の\n"
1209-"インターフェース名にマッチする。このオプションが省略された場合、\n"
1210-"任意のインターフェース名にマッチする。"
1211-
1212-#. type: TP
1213-#: original/man8/ip6tables.8:331 original/man8/iptables.8:320
1214-#, fuzzy, no-wrap
1215-#| msgid "B<-o, --out-interface >[!] I<name>"
1216-msgid "[B<!>] B<-o>, B<--out-interface> I<name>"
1217-msgstr "B<-o, --out-interface >[!] I<name>"
1218-
1219-#. type: Plain text
1220-#: original/man8/ip6tables.8:348 original/man8/iptables.8:328
1221-msgid ""
1222-"Name of an interface via which a packet is going to be sent (for packets "
1223-"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). When the \"!"
1224-"\" argument is used before the interface name, the sense is inverted. If "
1225-"the interface name ends in a \"+\", then any interface which begins with "
1226-"this name will match. If this option is omitted, any interface name will "
1227-"match."
1228-msgstr ""
1229-"パケットを送信することになるインターフェース名 (B<FORWARD>, B<OUTPUT>, "
1230-"B<POSTROUTING> チェインに入るパケットのみ)。 インターフェース名の前に \"!\" "
1231-"を置くと、 そのインターフェースを除外するという意味になる。 インターフェース"
1232-"名が \"+\" で終っている場合、 その名前で始まる任意のインターフェース名にマッ"
1233-"チする。 このオプションが省略された場合、 任意のインターフェース名にマッチす"
1234-"る。"
1235-
1236-#. type: TP
1237-#: original/man8/ip6tables.8:348 original/man8/iptables.8:336
1238-#, fuzzy, no-wrap
1239-#| msgid "B<-c, --set-counters >I<PKTS BYTES>"
1240-msgid "B<-c>, B<--set-counters> I<packets bytes>"
1241-msgstr "B<-c, --set-counters >I<PKTS BYTES>"
1242-
1243-#. type: Plain text
1244-#: original/man8/ip6tables.8:353 original/man8/iptables.8:341
1245-#, fuzzy
1246-#| msgid ""
1247-#| "This enables the administrator to initialize the packet and byte counters "
1248-#| "of a rule (during B<INSERT,> B<APPEND,> B<REPLACE> operations)."
1249-msgid ""
1250-"This enables the administrator to initialize the packet and byte counters of "
1251-"a rule (during B<INSERT>, B<APPEND>, B<REPLACE> operations)."
1252-msgstr ""
1253-"このオプションを使うと、 (B<insert>, B<append>, B<replace> 操作において) 管理"
1254-"者はパケットカウンタとバイトカウンタを 初期化することができる。"
1255-
1256-#. type: SS
1257-#: original/man8/ip6tables.8:353 original/man8/iptables.8:341
1258-#, no-wrap
1259-msgid "OTHER OPTIONS"
1260-msgstr "その他のオプション"
1261-
1262-#. type: Plain text
1263-#: original/man8/ip6tables.8:355 original/man8/iptables.8:343
1264-msgid "The following additional options can be specified:"
1265-msgstr "その他に以下のオプションを指定することができる:"
1266-
1267-#. type: Plain text
1268-#: original/man8/ip6tables.8:365 original/man8/iptables.8:353
1269-#, fuzzy
1270-#| msgid ""
1271-#| "Verbose output. This option makes the list command show the interface "
1272-#| "name, the rule options (if any), and the TOS masks. The packet and byte "
1273-#| "counters are also listed, with the suffix 'K', 'M' or 'G' for 1000, "
1274-#| "1,000,000 and 1,000,000,000 multipliers respectively (but see the B<-x> "
1275-#| "flag to change this). For appending, insertion, deletion and "
1276-#| "replacement, this causes detailed information on the rule or rules to be "
1277-#| "printed."
1278-msgid ""
1279-"Verbose output. This option makes the list command show the interface name, "
1280-"the rule options (if any), and the TOS masks. The packet and byte counters "
1281-"are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and "
1282-"1,000,000,000 multipliers respectively (but see the B<-x> flag to change "
1283-"this). For appending, insertion, deletion and replacement, this causes "
1284-"detailed information on the rule or rules to be printed. B<-v> may be "
1285-"specified multiple times to possibly emit more detailed debug statements."
1286-msgstr ""
1287-"詳細な出力を行う。 list コマンドの際に、インターフェース名・ (もしあれば) "
1288-"ルールのオプション・TOS マスクを表示させる。 パケットとバイトカウンタも表示さ"
1289-"れる。 添字 'K', 'M', 'G' は、 それぞれ 1000, 1,000,000, 1,000,000,000 倍を表"
1290-"す (これを変更する B<-x> フラグも見よ)。 このオプションを append, insert, "
1291-"delete, replace コマンドに適用すると、 ルールについての詳細な情報を表示する。"
1292-
1293-#. type: TP
1294-#: original/man8/ip6tables.8:365 original/man8/iptables.8:353
1295-#, fuzzy, no-wrap
1296-#| msgid "B<-n, --numeric>"
1297-msgid "B<-n>, B<--numeric>"
1298-msgstr "B<-n, --numeric>"
1299-
1300-#. type: Plain text
1301-#: original/man8/ip6tables.8:371 original/man8/iptables.8:359
1302-msgid ""
1303-"Numeric output. IP addresses and port numbers will be printed in numeric "
1304-"format. By default, the program will try to display them as host names, "
1305-"network names, or services (whenever applicable)."
1306-msgstr ""
1307-"数値による出力を行う。 IP アドレスやポート番号を数値によるフォーマット\n"
1308-"で表示する。 デフォルトでは、iptables は (可能であれば) これらの情報を\n"
1309-"ホスト名・ネットワーク名・サービス名で表示しようとする。"
1310-
1311-#. type: TP
1312-#: original/man8/ip6tables.8:371 original/man8/iptables.8:359
1313-#, fuzzy, no-wrap
1314-#| msgid "B<-x, --exact>"
1315-msgid "B<-x>, B<--exact>"
1316-msgstr "B<-x, --exact>"
1317-
1318-#. type: Plain text
1319-#: original/man8/ip6tables.8:378 original/man8/iptables.8:366
1320-msgid ""
1321-"Expand numbers. Display the exact value of the packet and byte counters, "
1322-"instead of only the rounded number in K's (multiples of 1000) M's "
1323-"(multiples of 1000K) or G's (multiples of 1000M). This option is only "
1324-"relevant for the B<-L> command."
1325-msgstr ""
1326-"厳密な数値で表示する。 パケットカウンタとバイトカウンタを、 K (1000 の何倍"
1327-"か)・M (1000K の何倍か)・G (1000M の何倍か) ではなく、 厳密な値で表示する。 "
1328-"このオプションは、 B<-L> コマンドとしか関係しない。"
1329-
1330-#. type: TP
1331-#: original/man8/ip6tables.8:378 original/man8/iptables.8:366
1332-#, no-wrap
1333-msgid "B<--line-numbers>"
1334-msgstr "B<--line-numbers>"
1335-
1336-#. type: Plain text
1337-#: original/man8/ip6tables.8:382 original/man8/iptables.8:370
1338-msgid ""
1339-"When listing rules, add line numbers to the beginning of each rule, "
1340-"corresponding to that rule's position in the chain."
1341-msgstr ""
1342-"ルールを一覧表示する際、そのルールがチェインのどの位置にあるかを表す 行番号を"
1343-"各行の始めに付加する。"
1344-
1345-#. type: TP
1346-#: original/man8/ip6tables.8:382 original/man8/iptables.8:370
1347-#, fuzzy, no-wrap
1348-#| msgid "B<--modprobe=command>"
1349-msgid "B<--modprobe=>I<command>"
1350-msgstr "B<--modprobe=command>"
1351-
1352-#. type: Plain text
1353-#: original/man8/ip6tables.8:386 original/man8/iptables.8:374
1354-#, fuzzy
1355-#| msgid ""
1356-#| "When adding or inserting rules into a chain, use B<command> to load any "
1357-#| "necessary modules (targets, match extensions, etc)."
1358-msgid ""
1359-"When adding or inserting rules into a chain, use I<command> to load any "
1360-"necessary modules (targets, match extensions, etc)."
1361-msgstr ""
1362-"チェインにルールを追加または挿入する際に、 (ターゲットやマッチングの拡張など"
1363-"で) 必要なモジュールをロードするために使う B<command> を指定する。"
1364-
1365-#. type: SH
1366-#: original/man8/ip6tables.8:386 original/man8/iptables-extensions.8:10
1367-#, no-wrap
1368-msgid "MATCH EXTENSIONS"
1369-msgstr "マッチングの拡張"
1370-
1371-#. type: Plain text
1372-#: original/man8/ip6tables.8:390 original/man8/iptables.8:378
1373-msgid ""
1374-"iptables can use extended packet matching and target modules. A list of "
1375-"these is available in the B<iptables-extensions>(8) manpage."
1376-msgstr ""
1377-
1378-#. type: SH
1379-#: original/man8/ip6tables.8:390 original/man8/iptables.8:378
1380-#, no-wrap
1381-msgid "DIAGNOSTICS"
1382-msgstr "返り値"
1383-
1384-#. type: Plain text
1385-#: original/man8/ip6tables.8:395 original/man8/iptables.8:383
1386-msgid ""
1387-"Various error messages are printed to standard error. The exit code is 0 "
1388-"for correct functioning. Errors which appear to be caused by invalid or "
1389-"abused command line parameters cause an exit code of 2, and other errors "
1390-"cause an exit code of 1."
1391-msgstr ""
1392-"いろいろなエラーメッセージが標準エラーに表示される。 正しく機能した場合、終了"
1393-"コードは 0 である。 不正なコマンドラインパラメータによりエラーが発生した場合"
1394-"は、 終了コード 2 が返される。 その他のエラーの場合は、終了コード 1 が返され"
1395-"る。"
1396-
1397-#. type: Plain text
1398-#: original/man8/ip6tables.8:398
1399-msgid ""
1400-"Bugs? What's this? ;-) Well... the counters are not reliable on sparc64."
1401-msgstr ""
1402-"バグ? バグって何? ;-) えーと…、sparc64 ではカウンター値が信頼できない。"
1403-
1404-#. type: SH
1405-#: original/man8/ip6tables.8:398 original/man8/iptables.8:386
1406-#, no-wrap
1407-msgid "COMPATIBILITY WITH IPCHAINS"
1408-msgstr "IPCHAINS との互換性"
1409-
1410-#. type: Plain text
1411-#: original/man8/ip6tables.8:407
1412-msgid ""
1413-"This B<ip6tables> is very similar to ipchains by Rusty Russell. The main "
1414-"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for "
1415-"packets coming into the local host and originating from the local host "
1416-"respectively. Hence every packet only passes through one of the three "
1417-"chains (except loopback traffic, which involves both INPUT and OUTPUT "
1418-"chains); previously a forwarded packet would pass through all three."
1419-msgstr ""
1420-"B<ip6tables> は、Rusty Russell の ipchains と非常によく似ている。 大きな違い"
1421-"は、チェイン B<INPUT> と B<OUTPUT> が、それぞれローカルホストに入ってくるパ"
1422-"ケットと、 ローカルホストから出されるパケットのみしか調べないという点であ"
1423-"る。 よって、全てのパケットは 3 つあるチェインのうち 1 つしか通らない (ループ"
1424-"バックトラフィックは例外で、INPUT と OUTPUT チェインの両方を通る)。 以前は "
1425-"(ipchains では)、 フォワードされるパケットが 3 つのチェイン全てを通っていた。"
1426-
1427-#. type: Plain text
1428-#: original/man8/ip6tables.8:412
1429-msgid ""
1430-"The other main difference is that B<-i> refers to the input interface; B<-o> "
1431-"refers to the output interface, and both are available for packets entering "
1432-"the B<FORWARD> chain. There are several other changes in ip6tables."
1433-msgstr ""
1434-"その他の大きな違いは、 B<-i> で入力インターフェース、 B<-o> で出力インター"
1435-"フェースを指定し、 ともに B<FORWARD> チェインに入るパケットに対して指定可能な"
1436-"点である。 ip6tables では、その他にもいくつかの変更がある。"
1437-
1438-#. type: Plain text
1439-#: original/man8/ip6tables.8:421
1440-#, fuzzy
1441-#| msgid ""
1442-#| "B<ip6tables-save>(8), B<ip6tables-restore(8),> B<iptables>(8), B<iptables-"
1443-#| "save>(8), B<iptables-restore>(8)."
1444-msgid ""
1445-"B<ip6tables-save>(8), B<ip6tables-restore>(8), B<iptables>(8), B<iptables-"
1446-"apply>(8), B<iptables-extensions>(8), B<iptables-save>(8), B<iptables-"
1447-"restore>(8), B<libipq>(3)."
1448-msgstr ""
1449-"B<ip6tables-save>(8), B<ip6tables-restore(8),> B<iptables>(8), B<iptables-"
1450-"save>(8), B<iptables-restore>(8)."
1451-
1452-#. type: Plain text
1453-#: original/man8/ip6tables.8:427
1454-#, fuzzy
1455-#| msgid ""
1456-#| "The packet-filtering-HOWTO details iptables usage for packet filtering, "
1457-#| "the NAT-HOWTO details NAT, the netfilter-extensions-HOWTO details the "
1458-#| "extensions that are not in the standard distribution, and the netfilter-"
1459-#| "hacking-HOWTO details the netfilter internals."
1460-msgid ""
1461-"The packet-filtering-HOWTO details iptables usage for packet filtering, the "
1462-"netfilter-extensions-HOWTO details the extensions that are not in the "
1463-"standard distribution, and the netfilter-hacking-HOWTO details the netfilter "
1464-"internals."
1465-msgstr ""
1466-"パケットフィルタリングについての詳細な iptables の使用法を\n"
1467-"説明している packet-filtering-HOWTO。\n"
1468-"NAT について詳細に説明している NAT-HOWTO。\n"
1469-"標準的な配布には含まれない拡張の詳細を 説明している \n"
1470-"netfilter-extensions-HOWTO。\n"
1471-"内部構造について詳細に説明している netfilter-hacking-HOWTO。"
1472-
1473-#. type: Plain text
1474-#: original/man8/ip6tables.8:430 original/man8/iptables.8:429
1475-msgid "See B<http://www.netfilter.org/>."
1476-msgstr "B<http://www.netfilter.org/> を参照。"
1477-
1478-#. type: Plain text
1479-#: original/man8/ip6tables.8:433
1480-msgid ""
1481-"Rusty Russell wrote iptables, in early consultation with Michael Neuling."
1482-msgstr ""
1483-"Rusty Russell は、初期の段階で Michael Neuling に相談して iptables を書いた。"
1484-
1485-#. type: Plain text
1486-#: original/man8/ip6tables.8:437 original/man8/iptables.8:436
1487-msgid ""
1488-"Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet "
1489-"selection framework in iptables, then wrote the mangle table, the owner "
1490-"match, the mark stuff, and ran around doing cool stuff everywhere."
1491-msgstr ""
1492-"Marc Boucher は Rusty に iptables の一般的なパケット選択の考え方を勧めて、 "
1493-"ipnatctl を止めさせた。 そして、mangle テーブル・所有者マッチング・ mark 機能"
1494-"を書き、いたるところで使われている素晴らしいコードを書いた。"
1495-
1496-#. type: Plain text
1497-#: original/man8/ip6tables.8:439 original/man8/iptables.8:438
1498-msgid "James Morris wrote the TOS target, and tos match."
1499-msgstr "James Morris が TOS ターゲットと tos マッチングを書いた。"
1500-
1501-#. type: Plain text
1502-#: original/man8/ip6tables.8:441 original/man8/iptables.8:440
1503-msgid "Jozsef Kadlecsik wrote the REJECT target."
1504-msgstr "Jozsef Kadlecsik が REJECT ターゲットを書いた。"
1505-
1506-#. type: Plain text
1507-#: original/man8/ip6tables.8:443
1508-#, fuzzy
1509-#| msgid "Harald Welte wrote the ULOG target, TTL match+target and libipulog."
1510-msgid ""
1511-"Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as "
1512-"TTL match+target and libipulog."
1513-msgstr ""
1514-"Harald Welte が ULOG ターゲット・TTL マッチングと TTL ターゲット・ libipulog "
1515-"を書いた。"
1516-
1517-#. type: Plain text
1518-#: original/man8/ip6tables.8:447 original/man8/iptables.8:446
1519-#, fuzzy
1520-#| msgid ""
1521-#| "The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Jozsef "
1522-#| "Kadlecsik, James Morris, Harald Welte and Rusty Russell."
1523-msgid ""
1524-"The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Yasuyuki "
1525-"Kozakai, Jozsef Kadlecsik, Patrick McHardy, James Morris, Pablo Neira Ayuso, "
1526-"Harald Welte and Rusty Russell."
1527-msgstr ""
1528-"Netfilter コアチームは、Marc Boucher, Martin Josefsson, Jozsef Kadlecsik, "
1529-"James Morris, Harald Welte, Rusty Russell である。"
1530-
1531-#. .. and did I mention that we are incredibly cool people?
1532-#. .. sexy, too ..
1533-#. .. witty, charming, powerful ..
1534-#. .. and most of all, modest ..
1535-#. type: Plain text
1536-#: original/man8/ip6tables.8:454
1537-msgid ""
1538-"ip6tables man page created by Andras Kis-Szabo, based on iptables man page "
1539-"written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
1540-msgstr ""
1541-"ip6tables の man ページは、Andras Kis-Szabo によって作成された。 これは "
1542-"Herve Eychenne E<lt>rv@wallfire.orgE<gt> によって書かれた iptables の man "
1543-"ページを元にしている。"
1544-
1545-#. type: SH
1546-#: original/man8/ip6tables.8:454 original/man8/iptables.8:452
1547-#, no-wrap
1548-msgid "VERSION"
1549-msgstr ""
1550-
1551-#. type: Plain text
1552-#: original/man8/ip6tables.8:456
1553-msgid "This manual page applies to ip6tables 1.4.18."
1554-msgstr ""
1555-
1556-#. type: TH
1557-#: original/man8/iptables-restore.8:1
1558-#, no-wrap
1559-msgid "IPTABLES-RESTORE"
1560-msgstr "IPTABLES-RESTORE"
1561-
1562-#. type: TH
1563-#: original/man8/iptables-restore.8:1 original/man8/iptables-save.8:1
1564-#, no-wrap
1565-msgid "Jan 04, 2001"
1566-msgstr "Jan 04, 2001"
1567-
1568-#. type: Plain text
1569-#: original/man8/iptables-restore.8:23
1570-#, fuzzy
1571-#| msgid "iptables-restore - Restore IP Tables"
1572-msgid "iptables-restore \\(em Restore IP Tables"
1573-msgstr "iptables-restore - IP テーブルを復元する"
1574-
1575-#. type: Plain text
1576-#: original/man8/iptables-restore.8:26
1577-#, fuzzy
1578-#| msgid "B<iptables-restore >[-c] [-n]"
1579-msgid "B<iptables-restore> [B<-chntv>] [B<-M> I<modprobe>] [B<-T> I<name>]"
1580-msgstr "B<iptables-restore >[-c] [-n]"
1581-
1582-#. type: Plain text
1583-#: original/man8/iptables-restore.8:31
1584-msgid ""
1585-"B<iptables-restore> is used to restore IP Tables from data specified on "
1586-"STDIN. Use I/O redirection provided by your shell to read from a file"
1587-msgstr ""
1588-"B<iptables-restore> は標準入力で指定されたデータから IP テーブルを復元するた"
1589-"めに使われる。 ファイルから読み込むためには、 シェルで提供されている I/O リダ"
1590-"イレクションを使うこと。"
1591-
1592-#. type: Plain text
1593-#: original/man8/iptables-restore.8:42
1594-#, fuzzy
1595-#| msgid ""
1596-#| "don't flush the previous contents of the table. If not specified, "
1597-#| "B<iptables-restore> flushes (deletes) all previous contents of the "
1598-#| "respective IP Table."
1599-msgid ""
1600-"don't flush the previous contents of the table. If not specified, B<iptables-"
1601-"restore> flushes (deletes) all previous contents of the respective table."
1602-msgstr ""
1603-"これまでのテーブルの内容をフラッシュしない。 指定されない場合、 B<iptables-"
1604-"restore> は、これまでの各 IP テーブルの内容を全てフラッシュ (削除) する。"
1605-
1606-#. type: Plain text
1607-#: original/man8/iptables-restore.8:52
1608-msgid ""
1609-"Specify the path to the modprobe program. By default, iptables-restore will "
1610-"inspect /proc/sys/kernel/modprobe to determine the executable's path."
1611-msgstr ""
1612-
1613-#. type: Plain text
1614-#: original/man8/iptables-restore.8:55
1615-msgid ""
1616-"Restore only the named table even if the input stream contains other ones."
1617-msgstr ""
1618-
1619-#. type: SH
1620-#: original/man8/iptables-restore.8:57 original/man8/iptables-save.8:44
1621-#: original/man1/iptables-xml.1:84
1622-#, no-wrap
1623-msgid "AUTHOR"
1624-msgstr "作者"
1625-
1626-#. type: Plain text
1627-#: original/man8/iptables-restore.8:61
1628-msgid "B<iptables-save>(8), B<iptables>(8)"
1629-msgstr "B<iptables-save>(8), B<iptables>(8)"
1630-
1631-#. type: TH
1632-#: original/man8/iptables-save.8:1
1633-#, no-wrap
1634-msgid "IPTABLES-SAVE"
1635-msgstr "IPTABLES-SAVE"
1636-
1637-#. type: Plain text
1638-#: original/man8/iptables-save.8:23
1639-msgid "iptables-save \\(em dump iptables rules to stdout"
1640-msgstr ""
1641-
1642-#. type: Plain text
1643-#: original/man8/iptables-save.8:26
1644-#, fuzzy
1645-#| msgid "B<iptables-save >[-c] [-t table]"
1646-msgid "B<iptables-save> [B<-M> I<modprobe>] [B<-c>] [B<-t> I<table>]"
1647-msgstr "B<iptables-save >[-c] [-t table]"
1648-
1649-#. type: Plain text
1650-#: original/man8/iptables-save.8:31
1651-msgid ""
1652-"B<iptables-save> is used to dump the contents of an IP Table in easily "
1653-"parseable format to STDOUT. Use I/O-redirection provided by your shell to "
1654-"write to a file."
1655-msgstr ""
1656-"B<iptables-save> は IP テーブルの内容を簡単に解析できる形式で 標準出力にダン"
1657-"プするために使われる。 ファイルに書き出すためには、 シェルで提供されている I/"
1658-"O リダイレクションを使うこと。"
1659-
1660-#. type: Plain text
1661-#: original/man8/iptables-save.8:48
1662-msgid "B<iptables-restore>(8), B<iptables>(8)"
1663-msgstr "B<iptables-restore>(8), B<iptables>(8)"
1664-
1665-#. type: TH
1666-#: original/man8/iptables.8:1
1667-#, no-wrap
1668-msgid "IPTABLES"
1669-msgstr "IPTABLES"
1670-
1671-#. type: Plain text
1672-#: original/man8/iptables.8:27
1673-#, fuzzy
1674-#| msgid "iptables - administration tool for IPv4 packet filtering and NAT"
1675-msgid "iptables \\(em administration tool for IPv4 packet filtering and NAT"
1676-msgstr "iptables - IPv4 のパケットフィルタと NAT を管理するツール"
1677-
1678-#. type: Plain text
1679-#: original/man8/iptables.8:30
1680-#, fuzzy
1681-#| msgid "B<iptables [-t table] -[AD] >chain rule-specification [options]"
1682-msgid ""
1683-"B<iptables> [B<-t> I<table>] {B<-A>|B<-C>|B<-D>} I<chain> I<rule-"
1684-"specification>"
1685-msgstr "B<iptables [-t table] -[AD] >チェイン ルールの詳細 [オプション]"
1686-
1687-#. type: Plain text
1688-#: original/man8/iptables.8:32
1689-#, fuzzy
1690-#| msgid ""
1691-#| "B<iptables [-t table] -I >chain [rulenum] rule-specification [options]"
1692-msgid ""
1693-"B<iptables> [B<-t> I<table>] B<-I> I<chain> [I<rulenum>] I<rule-"
1694-"specification>"
1695-msgstr ""
1696-"B<iptables [-t table] -I >チェイン [ルール番号] ルールの詳細 [オプション]"
1697-
1698-#. type: Plain text
1699-#: original/man8/iptables.8:34
1700-#, fuzzy
1701-#| msgid "B<iptables [-t table] -R >chain rulenum rule-specification [options]"
1702-msgid "B<iptables> [B<-t> I<table>] B<-R> I<chain rulenum rule-specification>"
1703-msgstr ""
1704-"B<iptables [-t table] -R >チェイン ルール番号 ルールの詳細 [オプション]"
1705-
1706-#. type: Plain text
1707-#: original/man8/iptables.8:36
1708-#, fuzzy
1709-#| msgid "B<iptables [-t table] -D >chain rulenum [options]"
1710-msgid "B<iptables> [B<-t> I<table>] B<-D> I<chain rulenum>"
1711-msgstr "B<iptables [-t table] -D >チェイン ルール番号 [オプション]"
1712-
1713-#. type: Plain text
1714-#: original/man8/iptables.8:38
1715-#, fuzzy
1716-#| msgid "B<iptables [-t table] -D >chain rulenum [options]"
1717-msgid "B<iptables> [B<-t> I<table>] B<-S> [I<chain> [I<rulenum>]]"
1718-msgstr "B<iptables [-t table] -D >チェイン ルール番号 [オプション]"
1719-
1720-#. type: Plain text
1721-#: original/man8/iptables.8:40
1722-#, fuzzy
1723-#| msgid "B<iptables [-t table] -D >chain rulenum [options]"
1724-msgid ""
1725-"B<iptables> [B<-t> I<table>] {B<-F>|B<-L>|B<-Z>} [I<chain> [I<rulenum>]] "
1726-"[I<options...>]"
1727-msgstr "B<iptables [-t table] -D >チェイン ルール番号 [オプション]"
1728-
1729-#. type: Plain text
1730-#: original/man8/iptables.8:42
1731-#, fuzzy
1732-#| msgid "B<iptables [-t table] -N >chain"
1733-msgid "B<iptables> [B<-t> I<table>] B<-N> I<chain>"
1734-msgstr "B<iptables [-t table] -N >チェイン"
1735-
1736-#. type: Plain text
1737-#: original/man8/iptables.8:44
1738-#, fuzzy
1739-#| msgid "B<iptables [-t table] -X >[chain]"
1740-msgid "B<iptables> [B<-t> I<table>] B<-X> [I<chain>]"
1741-msgstr "B<iptables [-t table] -X >[チェイン]"
1742-
1743-#. type: Plain text
1744-#: original/man8/iptables.8:46
1745-#, fuzzy
1746-#| msgid "B<iptables [-t table] -P >chain target [options]"
1747-msgid "B<iptables> [B<-t> I<table>] B<-P> I<chain target>"
1748-msgstr "B<iptables [-t table] -P >チェイン ターゲット [オプション]"
1749-
1750-#. type: Plain text
1751-#: original/man8/iptables.8:48
1752-#, fuzzy
1753-#| msgid "B<iptables [-t table] -E >old-chain-name new-chain-name"
1754-msgid "B<iptables> [B<-t> I<table>] B<-E> I<old-chain-name new-chain-name>"
1755-msgstr "B<iptables [-t table] -E >旧チェイン名 新チェイン名"
1756-
1757-#. type: Plain text
1758-#: original/man8/iptables.8:50
1759-msgid "rule-specification = [I<matches...>] [I<target>]"
1760-msgstr ""
1761-
1762-#. type: Plain text
1763-#: original/man8/iptables.8:52
1764-msgid "match = B<-m> I<matchname> [I<per-match-options>]"
1765-msgstr ""
1766-
1767-#. type: Plain text
1768-#: original/man8/iptables.8:54
1769-msgid "target = B<-j> I<targetname> [I<per-target-options>]"
1770-msgstr ""
1771-
1772-#. type: Plain text
1773-#: original/man8/iptables.8:60
1774-#, fuzzy
1775-#| msgid ""
1776-#| "B<Iptables> is used to set up, maintain, and inspect the tables of IP "
1777-#| "packet filter rules in the Linux kernel. Several different tables may be "
1778-#| "defined. Each table contains a number of built-in chains and may also "
1779-#| "contain user-defined chains."
1780-msgid ""
1781-"B<Iptables> is used to set up, maintain, and inspect the tables of IPv4 "
1782-"packet filter rules in the Linux kernel. Several different tables may be "
1783-"defined. Each table contains a number of built-in chains and may also "
1784-"contain user-defined chains."
1785-msgstr ""
1786-"B<iptables> は Linux カーネルの IP パケットフィルタルールのテーブルを 設定・"
1787-"管理・検査するために使われる。 複数の異なるテーブルを定義できる。 各テーブル"
1788-"にはたくさんの組み込み済みチェインが含まれており、 さらにユーザー定義のチェイ"
1789-"ンを加えることもできる。"
1790-
1791-#. type: Plain text
1792-#: original/man8/iptables.8:114
1793-msgid ""
1794-"This table is consulted when a packet that creates a new connection is "
1795-"encountered. It consists of three built-ins: B<PREROUTING> (for altering "
1796-"packets as soon as they come in), B<OUTPUT> (for altering locally-generated "
1797-"packets before routing), and B<POSTROUTING> (for altering packets as they "
1798-"are about to go out)."
1799-msgstr ""
1800-"このテーブルは新しい接続を開くようなパケットに対して参照される。 これには "
1801-"B<PREROUTING> (パケットが入ってきた場合、すぐにそのパケットを変換するための"
1802-"チェイン)・ B<OUTPUT> (ローカルで生成されたパケットをルーティングの前に変換す"
1803-"るためのチェイン)・ B<POSTROUTING> (パケットが出て行くときに変換するための"
1804-"チェイン) という 3 つの組み込み済みチェインが含まれる。"
1805-
1806-#. type: Plain text
1807-#: original/man8/iptables.8:147
1808-msgid ""
1809-"The options that are recognized by B<iptables> can be divided into several "
1810-"different groups."
1811-msgstr "B<iptables> で使えるオプションは、いくつかのグループに分けられる。"
1812-
1813-#. type: Plain text
1814-#: original/man8/iptables.8:153
1815-#, fuzzy
1816-#| msgid ""
1817-#| "These options specify the specific action to perform. Only one of them "
1818-#| "can be specified on the command line unless otherwise specified below. "
1819-#| "For all the long versions of the command and option names, you need to "
1820-#| "use only enough letters to ensure that B<iptables> can differentiate it "
1821-#| "from all other options."
1822-msgid ""
1823-"These options specify the desired action to perform. Only one of them can be "
1824-"specified on the command line unless otherwise stated below. For long "
1825-"versions of the command and option names, you need to use only enough "
1826-"letters to ensure that B<iptables> can differentiate it from all other "
1827-"options."
1828-msgstr ""
1829-"これらのオプションは、実行する特定の動作を指定する。 以下の説明で注記されてい"
1830-"ない限り、 コマンドラインで指定できるのはこの中の 1 つだけである。 長いバー"
1831-"ジョンのコマンド名とオプション名は、 B<iptables> が他のコマンド名やオプション"
1832-"名と区別できる範囲で (文字を省略して) 指定することもできる。"
1833-
1834-#. type: Plain text
1835-#: original/man8/iptables.8:188
1836-#, fuzzy
1837-#| msgid ""
1838-#| "List all rules in the selected chain. If no chain is selected, all "
1839-#| "chains are listed. As every other iptables command, it applies to the "
1840-#| "specified table (filter is the default), so NAT rules get listed by"
1841-msgid ""
1842-"List all rules in the selected chain. If no chain is selected, all chains "
1843-"are listed. Like every other iptables command, it applies to the specified "
1844-"table (filter is the default), so NAT rules get listed by"
1845-msgstr ""
1846-"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場"
1847-"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同"
1848-"様に、指定されたテーブル (デフォルトは filter) に対して作用する。 よって NAT "
1849-"ルールを表示するには以下のようにする。"
1850-
1851-#. type: Plain text
1852-#: original/man8/iptables.8:190
1853-#, no-wrap
1854-msgid " iptables -t nat -n -L\n"
1855-msgstr " iptables -t nat -n -L\n"
1856-
1857-#. type: Plain text
1858-#: original/man8/iptables.8:199
1859-#, no-wrap
1860-msgid " iptables -L -v\n"
1861-msgstr " iptables -L -v\n"
1862-
1863-#. type: Plain text
1864-#: original/man8/iptables.8:205
1865-#, fuzzy
1866-#| msgid ""
1867-#| "List all rules in the selected chain. If no chain is selected, all "
1868-#| "chains are listed. As every other iptables command, it applies to the "
1869-#| "specified table (filter is the default), so NAT rules get listed by"
1870-msgid ""
1871-"Print all rules in the selected chain. If no chain is selected, all chains "
1872-"are printed like iptables-save. Like every other iptables command, it "
1873-"applies to the specified table (filter is the default)."
1874-msgstr ""
1875-"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場"
1876-"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同"
1877-"様に、指定されたテーブル (デフォルトは filter) に対して作用する。 よって NAT "
1878-"ルールを表示するには以下のようにする。"
1879-
1880-#. type: Plain text
1881-#: original/man8/iptables.8:248
1882-msgid "This option has no effect in iptables and iptables-restore."
1883-msgstr ""
1884-
1885-#. type: Plain text
1886-#: original/man8/iptables.8:254
1887-msgid ""
1888-"If a rule using the B<-6> option is inserted with (and only with) iptables-"
1889-"restore, it will be silently ignored. Any other uses will throw an error. "
1890-"This option allows to put both IPv4 and IPv6 rules in a single rule file for "
1891-"use with both iptables-restore and ip6tables-restore."
1892-msgstr ""
1893-
1894-#. type: Plain text
1895-#: original/man8/iptables.8:265
1896-#, fuzzy
1897-#| msgid ""
1898-#| "The protocol of the rule or of the packet to check. The specified "
1899-#| "protocol can be one of I<tcp>, I<udp>, I<icmp>, or I<all>, or it can be a "
1900-#| "numeric value, representing one of these protocols or a different one. A "
1901-#| "protocol name from /etc/protocols is also allowed. A \"!\" argument "
1902-#| "before the protocol inverts the test. The number zero is equivalent to "
1903-#| "I<all>. Protocol I<all> will match with all protocols and is taken as "
1904-#| "default when this option is omitted."
1905-msgid ""
1906-"The protocol of the rule or of the packet to check. The specified protocol "
1907-"can be one of B<tcp>, B<udp>, B<udplite>, B<icmp>, B<esp>, B<ah>, B<sctp> or "
1908-"the special keyword \"B<all>\", or it can be a numeric value, representing "
1909-"one of these protocols or a different one. A protocol name from /etc/"
1910-"protocols is also allowed. A \"!\" argument before the protocol inverts the "
1911-"test. The number zero is equivalent to B<all>. \"B<all>\" will match with "
1912-"all protocols and is taken as default when this option is omitted."
1913-msgstr ""
1914-"ルールで使われるプロトコル、またはチェックされるパケットのプロトコル。 指定で"
1915-"きるプロトコルは、 I<tcp>, I<udp>, I<icmp>, I<all> のいずれか 1 つか、数値で"
1916-"ある。 数値には、これらのプロトコルのどれかないし別のプロトコルを表す 数値を"
1917-"指定することができる。 /etc/protocols にあるプロトコル名も指定できる。 プロト"
1918-"コルの前に \"!\" を置くと、そのプロトコルを除外するという意味になる。 数値 0 "
1919-"は I<all> と等しい。 プロトコル I<all> は全てのプロトコルとマッチし、 このオ"
1920-"プションが省略された際のデフォルトである。"
1921-
1922-#. type: TP
1923-#: original/man8/iptables.8:265
1924-#, fuzzy, no-wrap
1925-#| msgid "B<-s, --source >[!] I<address>[/I<mask>]"
1926-msgid "[B<!>] B<-s>, B<--source> I<address>[B</>I<mask>][B<,>I<...>]"
1927-msgstr "B<-s, --source >[!] I<address>[/I<mask>]"
1928-
1929-#. type: Plain text
1930-#: original/man8/iptables.8:282
1931-#, fuzzy
1932-#| msgid ""
1933-#| "Source specification. I<Address> can be either a network name, a "
1934-#| "hostname (please note that specifying any name to be resolved with a "
1935-#| "remote query such as DNS is a really bad idea), a network IP address "
1936-#| "(with /mask), or a plain IP address. The I<mask> can be either a network "
1937-#| "mask or a plain number, specifying the number of 1's at the left side of "
1938-#| "the network mask. Thus, a mask of I<24> is equivalent to "
1939-#| "I<255.255.255.0>. A \"!\" argument before the address specification "
1940-#| "inverts the sense of the address. The flag B<--src> is an alias for this "
1941-#| "option."
1942-msgid ""
1943-"Source specification. I<Address> can be either a network name, a hostname, a "
1944-"network IP address (with B</>I<mask>), or a plain IP address. Hostnames will "
1945-"be resolved once only, before the rule is submitted to the kernel. Please "
1946-"note that specifying any name to be resolved with a remote query such as DNS "
1947-"is a really bad idea. The I<mask> can be either a network mask or a plain "
1948-"number, specifying the number of 1's at the left side of the network mask. "
1949-"Thus, a mask of I<24> is equivalent to I<255.255.255.0>. A \"!\" argument "
1950-"before the address specification inverts the sense of the address. The flag "
1951-"B<--src> is an alias for this option. Multiple addresses can be specified, "
1952-"but this will B<expand to multiple rules> (when adding with -A), or will "
1953-"cause multiple rules to be deleted (with -D)."
1954-msgstr ""
1955-"送信元の指定。 I<address> はホスト名 (DNS のようなリモートへの問い合わせで解"
1956-"決する名前を指定するのは非常に良くない) ・ネットワーク IP アドレス (/mask を"
1957-"指定する)・ 通常の IP アドレス、のいずれかである。 I<mask> はネットワークマス"
1958-"クか、 ネットワークマスクの左側にある 1 の数を指定する数値である。 つまり、 "
1959-"I<24> という mask は I<255.255.255.0> に等しい。 アドレス指定の前に \"!\" を"
1960-"置くと、そのアドレスを除外するという意味になる。 フラグ B<--src> は、このオプ"
1961-"ションの別名である。"
1962-
1963-#. type: TP
1964-#: original/man8/iptables.8:282
1965-#, fuzzy, no-wrap
1966-#| msgid "B<-d, --destination >[!] I<address>[/I<mask>]"
1967-msgid "[B<!>] B<-d>, B<--destination> I<address>[B</>I<mask>][B<,>I<...>]"
1968-msgstr "B<-d, --destination >[!] I<address>[/I<mask>]"
1969-
1970-#. type: TP
1971-#: original/man8/iptables.8:328
1972-#, fuzzy, no-wrap
1973-#| msgid "B<[!] -f, --fragment>"
1974-msgid "[B<!>] B<-f>, B<--fragment>"
1975-msgstr "B<[!] -f, --fragment>"
1976-
1977-#. type: Plain text
1978-#: original/man8/iptables.8:336
1979-msgid ""
1980-"This means that the rule only refers to second and further fragments of "
1981-"fragmented packets. Since there is no way to tell the source or destination "
1982-"ports of such a packet (or ICMP type), such a packet will not match any "
1983-"rules which specify them. When the \"!\" argument precedes the \"-f\" flag, "
1984-"the rule will only match head fragments, or unfragmented packets."
1985-msgstr ""
1986-"このオプションは、分割されたパケット (fragmented packet) のうち 2 番目以降の"
1987-"パケットだけを参照するルールであることを意味する。 このようなパケット (また"
1988-"は ICMP タイプのパケット) は 送信元・送信先ポートを知る方法がないので、 送信"
1989-"元や送信先を指定するようなルールにはマッチしない。 \"-f\" フラグの前に \"!\" "
1990-"を置くと、 分割されたパケットのうち最初のものか、 分割されていないパケットだ"
1991-"けにマッチする。"
1992-
1993-#. type: SH
1994-#: original/man8/iptables.8:374
1995-#, fuzzy, no-wrap
1996-#| msgid "TARGET EXTENSIONS"
1997-msgid "MATCH AND TARGET EXTENSIONS"
1998-msgstr "ターゲットの拡張"
1999-
2000-#. type: Plain text
2001-#: original/man8/iptables.8:386
2002-msgid ""
2003-"Bugs? What's this? ;-) Well, you might want to have a look at http://"
2004-"bugzilla.netfilter.org/"
2005-msgstr ""
2006-
2007-#. type: Plain text
2008-#: original/man8/iptables.8:395
2009-msgid ""
2010-"This B<iptables> is very similar to ipchains by Rusty Russell. The main "
2011-"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for "
2012-"packets coming into the local host and originating from the local host "
2013-"respectively. Hence every packet only passes through one of the three "
2014-"chains (except loopback traffic, which involves both INPUT and OUTPUT "
2015-"chains); previously a forwarded packet would pass through all three."
2016-msgstr ""
2017-"B<iptables> は、Rusty Russell の ipchains と非常によく似ている。 大きな違い"
2018-"は、チェイン B<INPUT> と B<OUTPUT> が、それぞれローカルホストに入ってくるパ"
2019-"ケットと、 ローカルホストから出されるパケットのみしか調べないという点であ"
2020-"る。 よって、(INPUT と OUTPUT の両方のチェインを起動する ループバックトラ"
2021-"フィックを除く) 全てのパケットは 3 つあるチェインのうち 1 しか通らない。 以"
2022-"前は (ipchains では)、 フォワードされるパケットは 3 つのチェイン全てを通って"
2023-"いた。"
2024-
2025-#. type: Plain text
2026-#: original/man8/iptables.8:399
2027-msgid ""
2028-"The other main difference is that B<-i> refers to the input interface; B<-o> "
2029-"refers to the output interface, and both are available for packets entering "
2030-"the B<FORWARD> chain."
2031-msgstr ""
2032-"その他の大きな違いは、 B<-i> で入力インターフェース、 B<-o> で出力インター"
2033-"フェースを参照すること、 そしてともに B<FORWARD> チェインに入るパケットに対し"
2034-"て指定可能な点である。"
2035-
2036-#. type: Plain text
2037-#: original/man8/iptables.8:405
2038-msgid ""
2039-"The various forms of NAT have been separated out; B<iptables> is a pure "
2040-"packet filter when using the default `filter' table, with optional extension "
2041-"modules. This should simplify much of the previous confusion over the "
2042-"combination of IP masquerading and packet filtering seen previously. So the "
2043-"following options are handled differently:"
2044-msgstr ""
2045-"NAT のいろいろな形式が分割された。 オプションの拡張モジュールとともに デフォ"
2046-"ルトの「フィルタ」テーブルを用いた場合、 B<iptables> は純粋なパケットフィルタ"
2047-"となる。 これは、以前みられた IP マスカレーディングとパケットフィルタリング"
2048-"の 組合せによる混乱を簡略化する。 よって、オプション"
2049-
2050-#. type: Plain text
2051-#: original/man8/iptables.8:409
2052-#, no-wrap
2053-msgid ""
2054-" -j MASQ\n"
2055-" -M -S\n"
2056-" -M -L\n"
2057-msgstr ""
2058-" -j MASQ\n"
2059-" -M -S\n"
2060-" -M -L\n"
2061-
2062-#. type: Plain text
2063-#: original/man8/iptables.8:411
2064-msgid "There are several other changes in iptables."
2065-msgstr ""
2066-"は別のものとして扱われる。 iptables では、その他にもいくつかの変更がある。"
2067-
2068-#. type: Plain text
2069-#: original/man8/iptables.8:420
2070-#, fuzzy
2071-#| msgid ""
2072-#| "B<iptables-save>(8), B<iptables-restore>(8), B<ip6tables>(8), B<ip6tables-"
2073-#| "save>(8), B<ip6tables-restore>(8)."
2074-msgid ""
2075-"B<iptables-apply>(8), B<iptables-save>(8), B<iptables-restore>(8), "
2076-"B<iptables-extensions>(8), B<ip6tables>(8), B<ip6tables-save>(8), "
2077-"B<ip6tables-restore>(8), B<libipq>(3)."
2078-msgstr ""
2079-"B<iptables-save>(8), B<iptables-restore>(8), B<ip6tables>(8), B<ip6tables-"
2080-"save>(8), B<ip6tables-restore>(8)."
2081-
2082-#. type: Plain text
2083-#: original/man8/iptables.8:426
2084-msgid ""
2085-"The packet-filtering-HOWTO details iptables usage for packet filtering, the "
2086-"NAT-HOWTO details NAT, the netfilter-extensions-HOWTO details the extensions "
2087-"that are not in the standard distribution, and the netfilter-hacking-HOWTO "
2088-"details the netfilter internals."
2089-msgstr ""
2090-"パケットフィルタリングについての詳細な iptables の使用法を\n"
2091-"説明している packet-filtering-HOWTO。\n"
2092-"NAT について詳細に説明している NAT-HOWTO。\n"
2093-"標準的な配布には含まれない拡張の詳細を 説明している \n"
2094-"netfilter-extensions-HOWTO。\n"
2095-"内部構造について詳細に説明している netfilter-hacking-HOWTO。"
2096-
2097-#. type: Plain text
2098-#: original/man8/iptables.8:432
2099-#, fuzzy
2100-#| msgid ""
2101-#| "Rusty Russell wrote iptables, in early consultation with Michael Neuling."
2102-msgid ""
2103-"Rusty Russell originally wrote iptables, in early consultation with Michael "
2104-"Neuling."
2105-msgstr ""
2106-"Rusty Russell は、初期の段階で Michael Neuling に相談して iptables を書いた。"
2107-
2108-#. type: Plain text
2109-#: original/man8/iptables.8:442
2110-#, fuzzy
2111-#| msgid ""
2112-#| "Harald Welte wrote the ULOG target, TTL, DSCP, ECN matches and targets."
2113-msgid ""
2114-"Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as "
2115-"the TTL, DSCP, ECN matches and targets."
2116-msgstr ""
2117-"Harald Welte が ULOG ターゲットと、 TTL, DSCP, ECN のマッチ・ターゲットを書い"
2118-"た。"
2119-
2120-#. .. and did I mention that we are incredibly cool people?
2121-#. .. sexy, too ..
2122-#. .. witty, charming, powerful ..
2123-#. .. and most of all, modest ..
2124-#. type: Plain text
2125-#: original/man8/iptables.8:452
2126-#, fuzzy
2127-#| msgid "Man page written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
2128-msgid ""
2129-"Man page originally written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
2130-msgstr "man ページは Herve Eychenne E<lt>rv@wallfire.orgE<gt> が書いた。"
2131-
2132-#. type: Plain text
2133-#: original/man8/iptables.8:454
2134-msgid "This manual page applies to iptables 1.4.18."
2135-msgstr ""
2136-
2137-#. type: TH
2138-#: original/man8/iptables-extensions.8:1
2139-#, fuzzy, no-wrap
2140-#| msgid " iptables -m tos -h\n"
2141-msgid "iptables-extensions"
2142-msgstr " iptables -m tos -h\n"
2143-
2144-#. type: Plain text
2145-#: original/man8/iptables-extensions.8:4
2146-#, fuzzy
2147-#| msgid ""
2148-#| "iptables can use extended target modules: the following are included in "
2149-#| "the standard distribution."
2150-msgid ""
2151-"iptables-extensions \\(em list of extensions in the standard iptables "
2152-"distribution"
2153-msgstr ""
2154-"iptables は拡張ターゲットモジュールを使うことができる: 以下のものが、標準的な"
2155-"ディストリビューションに含まれている。"
2156-
2157-#. type: Plain text
2158-#: original/man8/iptables-extensions.8:7
2159-#, fuzzy
2160-#| msgid "B<ip6tables [-t table] -P >chain target [options]"
2161-msgid ""
2162-"B<ip6tables> [B<-m> I<name> [I<module-options>...]] [B<-j> I<target-name> "
2163-"[I<target-options>...]"
2164-msgstr "B<ip6tables [-t テーブル] -P >チェイン ターゲット [オプション]"
2165-
2166-#. type: Plain text
2167-#: original/man8/iptables-extensions.8:10
2168-#, fuzzy
2169-#| msgid "B<ip6tables [-t table] -P >chain target [options]"
2170-msgid ""
2171-"B<iptables> [B<-m> I<name> [I<module-options>...]] [B<-j> I<target-name> "
2172-"[I<target-options>...]"
2173-msgstr "B<ip6tables [-t テーブル] -P >チェイン ターゲット [オプション]"
2174-
2175-#. type: Plain text
2176-#: original/man8/iptables-extensions.8:20
2177-#, fuzzy
2178-#| msgid ""
2179-#| "iptables can use extended packet matching modules. These are loaded in "
2180-#| "two ways: implicitly, when B<-p> or B<--protocol> is specified, or with "
2181-#| "the B<-m> or B<--match> options, followed by the matching module name; "
2182-#| "after these, various extra command line options become available, "
2183-#| "depending on the specific module. You can specify multiple extended "
2184-#| "match modules in one line, and you can use the B<-h> or B<--help> options "
2185-#| "after the module has been specified to receive help specific to that "
2186-#| "module."
2187-msgid ""
2188-"iptables can use extended packet matching modules with the B<-m> or B<--"
2189-"match> options, followed by the matching module name; after these, various "
2190-"extra command line options become available, depending on the specific "
2191-"module. You can specify multiple extended match modules in one line, and "
2192-"you can use the B<-h> or B<--help> options after the module has been "
2193-"specified to receive help specific to that module. The extended match "
2194-"modules are evaluated in the order they are specified in the rule."
2195-msgstr ""
2196-"iptables は拡張されたパケットマッチングモジュールを使うことができる。 これら"
2197-"のモジュールは 2 種類の方法でロードされる: モジュールは、 B<-p> または B<--"
2198-"protocol> で暗黙のうちに指定されるか、 B<-m> または B<--match> の後にモジュー"
2199-"ル名を続けて指定される。 これらのモジュールの後ろには、モジュールに応じて 他"
2200-"のいろいろなコマンドラインオプションを指定することができる。 複数の拡張マッチ"
2201-"ングモジュールを一行で指定することができる。 また、モジュールに特有のヘルプを"
2202-"表示させるためには、 モジュールを指定した後で B<-h> または B<--help> を指定す"
2203-"ればよい。"
2204-
2205-#. @MATCH@
2206-#. type: Plain text
2207-#: original/man8/iptables-extensions.8:25
2208-msgid ""
2209-"If the B<-p> or B<--protocol> was specified and if and only if an unknown "
2210-"option is encountered, iptables will try load a match module of the same "
2211-"name as the protocol, to try making the option available."
2212-msgstr ""
2213-
2214-#. type: SS
2215-#: original/man8/iptables-extensions.8:25
2216-#, no-wrap
2217-msgid "addrtype"
2218-msgstr ""
2219-
2220-#. type: Plain text
2221-#: original/man8/iptables-extensions.8:30
2222-msgid ""
2223-"This module matches packets based on their B<address type.> Address types "
2224-"are used within the kernel networking stack and categorize addresses into "
2225-"various groups. The exact definition of that group depends on the specific "
2226-"layer three protocol."
2227-msgstr ""
2228-
2229-#. type: Plain text
2230-#: original/man8/iptables-extensions.8:32
2231-#, fuzzy
2232-#| msgid "The following additional options can be specified:"
2233-msgid "The following address types are possible:"
2234-msgstr "その他に以下のオプションを指定することができる:"
2235-
2236-#. type: TP
2237-#: original/man8/iptables-extensions.8:32
2238-#, no-wrap
2239-msgid "B<UNSPEC>"
2240-msgstr ""
2241-
2242-#. type: Plain text
2243-#: original/man8/iptables-extensions.8:35
2244-msgid "an unspecified address (i.e. 0.0.0.0)"
2245-msgstr ""
2246-
2247-#. type: TP
2248-#: original/man8/iptables-extensions.8:35
2249-#, no-wrap
2250-msgid "B<UNICAST>"
2251-msgstr ""
2252-
2253-#. type: Plain text
2254-#: original/man8/iptables-extensions.8:38
2255-msgid "an unicast address"
2256-msgstr ""
2257-
2258-#. type: TP
2259-#: original/man8/iptables-extensions.8:38
2260-#, no-wrap
2261-msgid "B<LOCAL>"
2262-msgstr ""
2263-
2264-#. type: Plain text
2265-#: original/man8/iptables-extensions.8:41
2266-msgid "a local address"
2267-msgstr ""
2268-
2269-#. type: TP
2270-#: original/man8/iptables-extensions.8:41
2271-#, no-wrap
2272-msgid "B<BROADCAST>"
2273-msgstr ""
2274-
2275-#. type: Plain text
2276-#: original/man8/iptables-extensions.8:44
2277-msgid "a broadcast address"
2278-msgstr ""
2279-
2280-#. type: TP
2281-#: original/man8/iptables-extensions.8:44
2282-#, no-wrap
2283-msgid "B<ANYCAST>"
2284-msgstr ""
2285-
2286-#. type: Plain text
2287-#: original/man8/iptables-extensions.8:47
2288-msgid "an anycast packet"
2289-msgstr ""
2290-
2291-#. type: TP
2292-#: original/man8/iptables-extensions.8:47
2293-#, no-wrap
2294-msgid "B<MULTICAST>"
2295-msgstr ""
2296-
2297-#. type: Plain text
2298-#: original/man8/iptables-extensions.8:50
2299-msgid "a multicast address"
2300-msgstr ""
2301-
2302-#. type: TP
2303-#: original/man8/iptables-extensions.8:50
2304-#, no-wrap
2305-msgid "B<BLACKHOLE>"
2306-msgstr ""
2307-
2308-#. type: Plain text
2309-#: original/man8/iptables-extensions.8:53
2310-msgid "a blackhole address"
2311-msgstr ""
2312-
2313-#. type: TP
2314-#: original/man8/iptables-extensions.8:53
2315-#, no-wrap
2316-msgid "B<UNREACHABLE>"
2317-msgstr ""
2318-
2319-#. type: Plain text
2320-#: original/man8/iptables-extensions.8:56
2321-msgid "an unreachable address"
2322-msgstr ""
2323-
2324-#. type: TP
2325-#: original/man8/iptables-extensions.8:56
2326-#, no-wrap
2327-msgid "B<PROHIBIT>"
2328-msgstr ""
2329-
2330-#. type: Plain text
2331-#: original/man8/iptables-extensions.8:59
2332-msgid "a prohibited address"
2333-msgstr ""
2334-
2335-#. type: TP
2336-#: original/man8/iptables-extensions.8:59
2337-#, no-wrap
2338-msgid "B<THROW>"
2339-msgstr ""
2340-
2341-#. type: Plain text
2342-#: original/man8/iptables-extensions.8:62
2343-#: original/man8/iptables-extensions.8:65
2344-msgid "FIXME"
2345-msgstr ""
2346-
2347-#. type: TP
2348-#: original/man8/iptables-extensions.8:62
2349-#, no-wrap
2350-msgid "B<NAT>"
2351-msgstr ""
2352-
2353-#. type: TP
2354-#: original/man8/iptables-extensions.8:65
2355-#, no-wrap
2356-msgid "B<XRESOLVE>"
2357-msgstr ""
2358-
2359-#. type: TP
2360-#: original/man8/iptables-extensions.8:67
2361-#, fuzzy, no-wrap
2362-#| msgid "B<--icmp-type >[!] I<typename>"
2363-msgid "[B<!>] B<--src-type> I<type>"
2364-msgstr "B<--icmp-type >[!] I<typename>"
2365-
2366-#. type: Plain text
2367-#: original/man8/iptables-extensions.8:70
2368-#, fuzzy
2369-#| msgid ""
2370-#| "Matches if the packet was created by a process with the given process id."
2371-msgid "Matches if the source address is of given type"
2372-msgstr ""
2373-"指定されたプロセス ID のプロセスにより パケットが生成されている場合にマッチす"
2374-"る。"
2375-
2376-#. type: TP
2377-#: original/man8/iptables-extensions.8:70
2378-#, fuzzy, no-wrap
2379-#| msgid "B<--icmp-type >[!] I<typename>"
2380-msgid "[B<!>] B<--dst-type> I<type>"
2381-msgstr "B<--icmp-type >[!] I<typename>"
2382-
2383-#. type: Plain text
2384-#: original/man8/iptables-extensions.8:73
2385-#, fuzzy
2386-#| msgid "Match against reply destination address"
2387-msgid "Matches if the destination address is of given type"
2388-msgstr "応答の宛先アドレスにマッチする。"
2389-
2390-#. type: TP
2391-#: original/man8/iptables-extensions.8:73
2392-#, fuzzy, no-wrap
2393-#| msgid "B<--limit >I<rate>"
2394-msgid "B<--limit-iface-in>"
2395-msgstr "B<--limit >I<rate>"
2396-
2397-#. type: Plain text
2398-#: original/man8/iptables-extensions.8:84
2399-msgid ""
2400-"The address type checking can be limited to the interface the packet is "
2401-"coming in. This option is only valid in the B<PREROUTING>, B<INPUT> and "
2402-"B<FORWARD> chains. It cannot be specified with the B<--limit-iface-out> "
2403-"option."
2404-msgstr ""
2405-
2406-#. type: TP
2407-#: original/man8/iptables-extensions.8:84
2408-#, fuzzy, no-wrap
2409-#| msgid "B<--limit >I<rate>"
2410-msgid "B<--limit-iface-out>"
2411-msgstr "B<--limit >I<rate>"
2412-
2413-#. type: Plain text
2414-#: original/man8/iptables-extensions.8:95
2415-msgid ""
2416-"The address type checking can be limited to the interface the packet is "
2417-"going out. This option is only valid in the B<POSTROUTING>, B<OUTPUT> and "
2418-"B<FORWARD> chains. It cannot be specified with the B<--limit-iface-in> "
2419-"option."
2420-msgstr ""
2421-
2422-#. type: SS
2423-#: original/man8/iptables-extensions.8:95
2424-#, no-wrap
2425-msgid "ah (IPv6-specific)"
2426-msgstr ""
2427-
2428-#. type: Plain text
2429-#: original/man8/iptables-extensions.8:97
2430-#, fuzzy
2431-#| msgid "This module matches the SPIs in AH header of IPSec packets."
2432-msgid ""
2433-"This module matches the parameters in Authentication header of IPsec packets."
2434-msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。"
2435-
2436-#. type: TP
2437-#: original/man8/iptables-extensions.8:97
2438-#: original/man8/iptables-extensions.8:108
2439-#, fuzzy, no-wrap
2440-#| msgid "B<--ahspi >[!] I<spi>[:I<spi>]"
2441-msgid "[B<!>] B<--ahspi> I<spi>[B<:>I<spi>]"
2442-msgstr "B<--ahspi >[!] I<spi>[:I<spi>]"
2443-
2444-#. type: Plain text
2445-#: original/man8/iptables-extensions.8:100
2446-msgid "Matches SPI."
2447-msgstr ""
2448-
2449-#. type: TP
2450-#: original/man8/iptables-extensions.8:100
2451-#, fuzzy, no-wrap
2452-#| msgid "B<-t>, B<--table> B<tablename>"
2453-msgid "[B<!>] B<--ahlen> I<length>"
2454-msgstr "B<-t>, B<--table> B<tablename>"
2455-
2456-#. type: Plain text
2457-#: original/man8/iptables-extensions.8:103
2458-#: original/man8/iptables-extensions.8:407
2459-#: original/man8/iptables-extensions.8:540
2460-msgid "Total length of this header in octets."
2461-msgstr ""
2462-
2463-#. type: TP
2464-#: original/man8/iptables-extensions.8:103
2465-#, no-wrap
2466-msgid "B<--ahres>"
2467-msgstr ""
2468-
2469-#. type: Plain text
2470-#: original/man8/iptables-extensions.8:106
2471-msgid "Matches if the reserved field is filled with zero."
2472-msgstr ""
2473-
2474-#. type: SS
2475-#: original/man8/iptables-extensions.8:106
2476-#, no-wrap
2477-msgid "ah (IPv4-specific)"
2478-msgstr ""
2479-
2480-#. type: Plain text
2481-#: original/man8/iptables-extensions.8:108
2482-#, fuzzy
2483-#| msgid "This module matches the SPIs in AH header of IPSec packets."
2484-msgid "This module matches the SPIs in Authentication header of IPsec packets."
2485-msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。"
2486-
2487-#. type: SS
2488-#: original/man8/iptables-extensions.8:110
2489-#, no-wrap
2490-msgid "cluster"
2491-msgstr ""
2492-
2493-#. type: Plain text
2494-#: original/man8/iptables-extensions.8:113
2495-msgid ""
2496-"Allows you to deploy gateway and back-end load-sharing clusters without the "
2497-"need of load-balancers."
2498-msgstr ""
2499-
2500-#. type: Plain text
2501-#: original/man8/iptables-extensions.8:116
2502-msgid ""
2503-"This match requires that all the nodes see the same packets. Thus, the "
2504-"cluster match decides if this node has to handle a packet given the "
2505-"following options:"
2506-msgstr ""
2507-
2508-#. type: TP
2509-#: original/man8/iptables-extensions.8:116
2510-#, no-wrap
2511-msgid "B<--cluster-total-nodes> I<num>"
2512-msgstr ""
2513-
2514-#. type: Plain text
2515-#: original/man8/iptables-extensions.8:119
2516-msgid "Set number of total nodes in cluster."
2517-msgstr ""
2518-
2519-#. type: TP
2520-#: original/man8/iptables-extensions.8:119
2521-#, fuzzy, no-wrap
2522-#| msgid "B<-t>, B<--table> B<tablename>"
2523-msgid "[B<!>] B<--cluster-local-node> I<num>"
2524-msgstr "B<-t>, B<--table> B<tablename>"
2525-
2526-#. type: Plain text
2527-#: original/man8/iptables-extensions.8:122
2528-msgid "Set the local node number ID."
2529-msgstr ""
2530-
2531-#. type: TP
2532-#: original/man8/iptables-extensions.8:122
2533-#, no-wrap
2534-msgid "[B<!>] B<--cluster-local-nodemask> I<mask>"
2535-msgstr ""
2536-
2537-#. type: Plain text
2538-#: original/man8/iptables-extensions.8:126
2539-msgid ""
2540-"Set the local node number ID mask. You can use this option instead of B<--"
2541-"cluster-local-node>."
2542-msgstr ""
2543-
2544-#. type: TP
2545-#: original/man8/iptables-extensions.8:126
2546-#, fuzzy, no-wrap
2547-#| msgid "B<--set-mss >I<value>"
2548-msgid "B<--cluster-hash-seed> I<value>"
2549-msgstr "B<--set-mss >I<value>"
2550-
2551-#. type: Plain text
2552-#: original/man8/iptables-extensions.8:129
2553-msgid "Set seed value of the Jenkins hash."
2554-msgstr ""
2555-
2556-#. type: TP
2557-#: original/man8/iptables-extensions.8:131
2558-#: original/man8/iptables-extensions.8:177
2559-#: original/man8/iptables-extensions.8:214
2560-#: original/man8/iptables-extensions.8:362
2561-#: original/man8/iptables-extensions.8:1588
2562-#: original/man8/iptables-extensions.8:1636
2563-#: original/man8/iptables-extensions.8:1685
2564-#: original/man8/iptables-extensions.8:2016
2565-#, no-wrap
2566-msgid "Example:"
2567-msgstr ""
2568-
2569-#. type: Plain text
2570-#: original/man8/iptables-extensions.8:136
2571-msgid ""
2572-"iptables -A PREROUTING -t mangle -i eth1 -m cluster --cluster-total-nodes 2 "
2573-"--cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark "
2574-"0xffff"
2575-msgstr ""
2576-
2577-#. type: Plain text
2578-#: original/man8/iptables-extensions.8:141
2579-msgid ""
2580-"iptables -A PREROUTING -t mangle -i eth2 -m cluster --cluster-total-nodes 2 "
2581-"--cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark "
2582-"0xffff"
2583-msgstr ""
2584-
2585-#. type: Plain text
2586-#: original/man8/iptables-extensions.8:144
2587-msgid ""
2588-"iptables -A PREROUTING -t mangle -i eth1 -m mark ! --mark 0xffff -j DROP"
2589-msgstr ""
2590-
2591-#. type: Plain text
2592-#: original/man8/iptables-extensions.8:147
2593-msgid ""
2594-"iptables -A PREROUTING -t mangle -i eth2 -m mark ! --mark 0xffff -j DROP"
2595-msgstr ""
2596-
2597-#. type: Plain text
2598-#: original/man8/iptables-extensions.8:149
2599-msgid "And the following commands to make all nodes see the same packets:"
2600-msgstr ""
2601-
2602-#. type: Plain text
2603-#: original/man8/iptables-extensions.8:151
2604-msgid "ip maddr add 01:00:5e:00:01:01 dev eth1"
2605-msgstr ""
2606-
2607-#. type: Plain text
2608-#: original/man8/iptables-extensions.8:153
2609-msgid "ip maddr add 01:00:5e:00:01:02 dev eth2"
2610-msgstr ""
2611-
2612-#. type: Plain text
2613-#: original/man8/iptables-extensions.8:156
2614-msgid ""
2615-"arptables -A OUTPUT -o eth1 --h-length 6 -j mangle --mangle-mac-s "
2616-"01:00:5e:00:01:01"
2617-msgstr ""
2618-
2619-#. type: Plain text
2620-#: original/man8/iptables-extensions.8:160
2621-msgid ""
2622-"arptables -A INPUT -i eth1 --h-length 6 --destination-mac 01:00:5e:00:01:01 -"
2623-"j mangle --mangle-mac-d 00:zz:yy:xx:5a:27"
2624-msgstr ""
2625-
2626-#. type: Plain text
2627-#: original/man8/iptables-extensions.8:163
2628-msgid ""
2629-"arptables -A OUTPUT -o eth2 --h-length 6 -j mangle --mangle-mac-s "
2630-"01:00:5e:00:01:02"
2631-msgstr ""
2632-
2633-#. type: Plain text
2634-#: original/man8/iptables-extensions.8:167
2635-msgid ""
2636-"arptables -A INPUT -i eth2 --h-length 6 --destination-mac 01:00:5e:00:01:02 -"
2637-"j mangle --mangle-mac-d 00:zz:yy:xx:5a:27"
2638-msgstr ""
2639-
2640-#. type: Plain text
2641-#: original/man8/iptables-extensions.8:171
2642-msgid ""
2643-"In the case of TCP connections, pickup facility has to be disabled to avoid "
2644-"marking TCP ACK packets coming in the reply direction as valid."
2645-msgstr ""
2646-
2647-#. type: Plain text
2648-#: original/man8/iptables-extensions.8:173
2649-msgid "echo 0 E<gt> /proc/sys/net/netfilter/nf_conntrack_tcp_loose"
2650-msgstr ""
2651-
2652-#. type: SS
2653-#: original/man8/iptables-extensions.8:173
2654-#, no-wrap
2655-msgid "comment"
2656-msgstr ""
2657-
2658-#. type: Plain text
2659-#: original/man8/iptables-extensions.8:175
2660-msgid "Allows you to add comments (up to 256 characters) to any rule."
2661-msgstr ""
2662-
2663-#. type: TP
2664-#: original/man8/iptables-extensions.8:175
2665-#, no-wrap
2666-msgid "B<--comment> I<comment>"
2667-msgstr ""
2668-
2669-#. type: Plain text
2670-#: original/man8/iptables-extensions.8:180
2671-msgid "iptables -A INPUT -i eth1 -m comment --comment \"my local LAN\""
2672-msgstr ""
2673-
2674-#. type: SS
2675-#: original/man8/iptables-extensions.8:180
2676-#, no-wrap
2677-msgid "connbytes"
2678-msgstr ""
2679-
2680-#. type: Plain text
2681-#: original/man8/iptables-extensions.8:184
2682-msgid ""
2683-"Match by how many bytes or packets a connection (or one of the two flows "
2684-"constituting the connection) has transferred so far, or by average bytes per "
2685-"packet."
2686-msgstr ""
2687-
2688-#. type: Plain text
2689-#: original/man8/iptables-extensions.8:186
2690-msgid "The counters are 64-bit and are thus not expected to overflow ;)"
2691-msgstr ""
2692-
2693-#. type: Plain text
2694-#: original/man8/iptables-extensions.8:189
2695-msgid ""
2696-"The primary use is to detect long-lived downloads and mark them to be "
2697-"scheduled using a lower priority band in traffic control."
2698-msgstr ""
2699-
2700-#. type: Plain text
2701-#: original/man8/iptables-extensions.8:192
2702-msgid ""
2703-"The transferred bytes per connection can also be viewed through `conntrack -"
2704-"L` and accessed via ctnetlink."
2705-msgstr ""
2706-
2707-#. type: Plain text
2708-#: original/man8/iptables-extensions.8:198
2709-msgid ""
2710-"NOTE that for connections which have no accounting information, the match "
2711-"will always return false. The \"net.netfilter.nf_conntrack_acct\" sysctl "
2712-"flag controls whether B<new> connections will be byte/packet counted. "
2713-"Existing connection flows will not be gaining/losing a/the accounting "
2714-"structure when be sysctl flag is flipped."
2715-msgstr ""
2716-
2717-#. type: TP
2718-#: original/man8/iptables-extensions.8:198
2719-#, no-wrap
2720-msgid "[B<!>] B<--connbytes> I<from>[B<:>I<to>]"
2721-msgstr ""
2722-
2723-#. type: Plain text
2724-#: original/man8/iptables-extensions.8:204
2725-msgid ""
2726-"match packets from a connection whose packets/bytes/average packet size is "
2727-"more than FROM and less than TO bytes/packets. if TO is omitted only FROM "
2728-"check is done. \"!\" is used to match packets not falling in the range."
2729-msgstr ""
2730-
2731-#. type: TP
2732-#: original/man8/iptables-extensions.8:204
2733-#, no-wrap
2734-msgid "B<--connbytes-dir> {B<original>|B<reply>|B<both>}"
2735-msgstr ""
2736-
2737-#. type: Plain text
2738-#: original/man8/iptables-extensions.8:207
2739-msgid "which packets to consider"
2740-msgstr ""
2741-
2742-#. type: TP
2743-#: original/man8/iptables-extensions.8:207
2744-#, no-wrap
2745-msgid "B<--connbytes-mode> {B<packets>|B<bytes>|B<avgpkt>}"
2746-msgstr ""
2747-
2748-#. type: Plain text
2749-#: original/man8/iptables-extensions.8:214
2750-msgid ""
2751-"whether to check the amount of packets, number of bytes transferred or the "
2752-"average size (in bytes) of all packets received so far. Note that when \"both"
2753-"\" is used together with \"avgpkt\", and data is going (mainly) only in one "
2754-"direction (for example HTTP), the average packet size will be about half of "
2755-"the actual data packets."
2756-msgstr ""
2757-
2758-#. type: Plain text
2759-#: original/man8/iptables-extensions.8:217
2760-msgid ""
2761-"iptables .. -m connbytes --connbytes 10000:100000 --connbytes-dir both --"
2762-"connbytes-mode bytes ..."
2763-msgstr ""
2764-
2765-#. type: SS
2766-#: original/man8/iptables-extensions.8:217
2767-#, fuzzy, no-wrap
2768-#| msgid "limit"
2769-msgid "connlimit"
2770-msgstr "limit"
2771-
2772-#. type: Plain text
2773-#: original/man8/iptables-extensions.8:220
2774-msgid ""
2775-"Allows you to restrict the number of parallel connections to a server per "
2776-"client IP address (or client address block)."
2777-msgstr ""
2778-
2779-#. type: TP
2780-#: original/man8/iptables-extensions.8:220
2781-#, fuzzy, no-wrap
2782-#| msgid "B<--limit-burst >I<number>"
2783-msgid "B<--connlimit-upto> I<n>"
2784-msgstr "B<--limit-burst >I<number>"
2785-
2786-#. type: Plain text
2787-#: original/man8/iptables-extensions.8:223
2788-msgid "Match if the number of existing connections is below or equal I<n>."
2789-msgstr ""
2790-
2791-#. type: TP
2792-#: original/man8/iptables-extensions.8:223
2793-#, fuzzy, no-wrap
2794-#| msgid "B<--limit-burst >I<number>"
2795-msgid "B<--connlimit-above> I<n>"
2796-msgstr "B<--limit-burst >I<number>"
2797-
2798-#. type: Plain text
2799-#: original/man8/iptables-extensions.8:226
2800-msgid "Match if the number of existing connections is above I<n>."
2801-msgstr ""
2802-
2803-#. type: TP
2804-#: original/man8/iptables-extensions.8:226
2805-#, no-wrap
2806-msgid "B<--connlimit-mask> I<prefix_length>"
2807-msgstr ""
2808-
2809-#. type: Plain text
2810-#: original/man8/iptables-extensions.8:231
2811-msgid ""
2812-"Group hosts using the prefix length. For IPv4, this must be a number between "
2813-"(including) 0 and 32. For IPv6, between 0 and 128. If not specified, the "
2814-"maximum prefix length for the applicable protocol is used."
2815-msgstr ""
2816-
2817-#. type: TP
2818-#: original/man8/iptables-extensions.8:231
2819-#, no-wrap
2820-msgid "B<--connlimit-saddr>"
2821-msgstr ""
2822-
2823-#. type: Plain text
2824-#: original/man8/iptables-extensions.8:235
2825-msgid ""
2826-"Apply the limit onto the source group. This is the default if --connlimit-"
2827-"daddr is not specified."
2828-msgstr ""
2829-
2830-#. type: TP
2831-#: original/man8/iptables-extensions.8:235
2832-#, no-wrap
2833-msgid "B<--connlimit-daddr>"
2834-msgstr ""
2835-
2836-#. type: Plain text
2837-#: original/man8/iptables-extensions.8:238
2838-msgid "Apply the limit onto the destination group."
2839-msgstr ""
2840-
2841-#. type: Plain text
2842-#: original/man8/iptables-extensions.8:240
2843-#: original/man8/iptables-extensions.8:514
2844-#: original/man8/iptables-extensions.8:1127
2845-#: original/man8/iptables-extensions.8:1252
2846-msgid "Examples:"
2847-msgstr ""
2848-
2849-#. type: TP
2850-#: original/man8/iptables-extensions.8:240
2851-#, no-wrap
2852-msgid "# allow 2 telnet connections per client host"
2853-msgstr ""
2854-
2855-#. type: Plain text
2856-#: original/man8/iptables-extensions.8:243
2857-msgid ""
2858-"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -"
2859-"j REJECT"
2860-msgstr ""
2861-
2862-#. type: TP
2863-#: original/man8/iptables-extensions.8:243
2864-#, no-wrap
2865-msgid "# you can also match the other way around:"
2866-msgstr ""
2867-
2868-#. type: Plain text
2869-#: original/man8/iptables-extensions.8:246
2870-msgid ""
2871-"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-upto 2 -j "
2872-"ACCEPT"
2873-msgstr ""
2874-
2875-#. type: TP
2876-#: original/man8/iptables-extensions.8:246
2877-#, no-wrap
2878-msgid "# limit the number of parallel HTTP requests to 16 per class C sized source network (24 bit netmask)"
2879-msgstr ""
2880-
2881-#. type: Plain text
2882-#: original/man8/iptables-extensions.8:251
2883-msgid ""
2884-"iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --"
2885-"connlimit-mask 24 -j REJECT"
2886-msgstr ""
2887-
2888-#. type: TP
2889-#: original/man8/iptables-extensions.8:251
2890-#, no-wrap
2891-msgid "# limit the number of parallel HTTP requests to 16 for the link local network"
2892-msgstr ""
2893-
2894-#. type: Plain text
2895-#: original/man8/iptables-extensions.8:256
2896-msgid ""
2897-"(ipv6) ip6tables -p tcp --syn --dport 80 -s fe80::/64 -m connlimit --"
2898-"connlimit-above 16 --connlimit-mask 64 -j REJECT"
2899-msgstr ""
2900-
2901-#. type: TP
2902-#: original/man8/iptables-extensions.8:256
2903-#, no-wrap
2904-msgid "# Limit the number of connections to a particular host:"
2905-msgstr ""
2906-
2907-#. type: Plain text
2908-#: original/man8/iptables-extensions.8:260
2909-msgid ""
2910-"ip6tables -p tcp --syn --dport 49152:65535 -d 2001:db8::1 -m connlimit --"
2911-"connlimit-above 100 -j REJECT"
2912-msgstr ""
2913-
2914-#. type: SS
2915-#: original/man8/iptables-extensions.8:260
2916-#, fuzzy, no-wrap
2917-#| msgid "conntrack"
2918-msgid "connmark"
2919-msgstr "conntrack"
2920-
2921-#. type: Plain text
2922-#: original/man8/iptables-extensions.8:263
2923-#, fuzzy
2924-#| msgid ""
2925-#| "This module matches the netfilter mark field associated with a packet "
2926-#| "(which can be set using the B<MARK> target below)."
2927-msgid ""
2928-"This module matches the netfilter mark field associated with a connection "
2929-"(which can be set using the B<CONNMARK> target below)."
2930-msgstr ""
2931-"このモジュールはパケットに関連づけられた netfilter の mark フィールドにマッチ"
2932-"する (このフィールドは、以下の B<MARK> ターゲットで設定される)。"
2933-
2934-#. type: TP
2935-#: original/man8/iptables-extensions.8:263
2936-#: original/man8/iptables-extensions.8:703
2937-#, fuzzy, no-wrap
2938-#| msgid "B<--mark >I<value>[/I<mask>]"
2939-msgid "[B<!>] B<--mark> I<value>[B</>I<mask>]"
2940-msgstr "B<--mark >I<value>[/I<mask>]"
2941-
2942-#. type: Plain text
2943-#: original/man8/iptables-extensions.8:267
2944-#, fuzzy
2945-#| msgid ""
2946-#| "Matches packets with the given unsigned mark value (if a mask is "
2947-#| "specified, this is logically ANDed with the mask before the comparison)."
2948-msgid ""
2949-"Matches packets in connections with the given mark value (if a mask is "
2950-"specified, this is logically ANDed with the mark before the comparison)."
2951-msgstr ""
2952-"指定された符号なし mark 値のパケットにマッチする (mask が指定されると、比較の"
2953-"前に mask との論理積 (AND) がとられる)。"
2954-
2955-#. type: SS
2956-#: original/man8/iptables-extensions.8:267
2957-#, no-wrap
2958-msgid "conntrack"
2959-msgstr "conntrack"
2960-
2961-#. type: Plain text
2962-#: original/man8/iptables-extensions.8:270
2963-#, fuzzy
2964-#| msgid ""
2965-#| "This module, when combined with connection tracking, allows access to the "
2966-#| "connection tracking state for this packet."
2967-msgid ""
2968-"This module, when combined with connection tracking, allows access to the "
2969-"connection tracking state for this packet/connection."
2970-msgstr ""
2971-"このモジュールは、接続追跡 (connection tracking) と組み合わせて用いると、 パ"
2972-"ケットについての接続追跡状態を知ることができる。"
2973-
2974-#. type: TP
2975-#: original/man8/iptables-extensions.8:270
2976-#, fuzzy, no-wrap
2977-#| msgid "B<--ctstate >I<state>"
2978-msgid "[B<!>] B<--ctstate> I<statelist>"
2979-msgstr "B<--ctstate >I<state>"
2980-
2981-#. type: Plain text
2982-#: original/man8/iptables-extensions.8:274
2983-msgid ""
2984-"I<statelist> is a comma separated list of the connection states to match. "
2985-"Possible states are listed below."
2986-msgstr ""
2987-
2988-#. type: TP
2989-#: original/man8/iptables-extensions.8:274
2990-#, fuzzy, no-wrap
2991-#| msgid "B<--ctproto >I<proto>"
2992-msgid "[B<!>] B<--ctproto> I<l4proto>"
2993-msgstr "B<--ctproto >I<proto>"
2994-
2995-#. type: Plain text
2996-#: original/man8/iptables-extensions.8:277
2997-#, fuzzy
2998-#| msgid "Protocol to match (by number or name)"
2999-msgid "Layer-4 protocol to match (by number or name)"
3000-msgstr "(名前または数値で) 指定されたプロトコルにマッチする。"
3001-
3002-#. type: TP
3003-#: original/man8/iptables-extensions.8:277
3004-#, fuzzy, no-wrap
3005-#| msgid "B<--ctorigsrc >I<[!] address[/mask]>"
3006-msgid "[B<!>] B<--ctorigsrc> I<address>[B</>I<mask>]"
3007-msgstr "B<--ctorigsrc >I<[!] address[/mask]>"
3008-
3009-#. type: TP
3010-#: original/man8/iptables-extensions.8:279
3011-#, fuzzy, no-wrap
3012-#| msgid "B<--ctorigdst >I<[!] address[/mask]>"
3013-msgid "[B<!>] B<--ctorigdst> I<address>[B</>I<mask>]"
3014-msgstr "B<--ctorigdst >I<[!] address[/mask]>"
3015-
3016-#. type: TP
3017-#: original/man8/iptables-extensions.8:281
3018-#, fuzzy, no-wrap
3019-#| msgid "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
3020-msgid "[B<!>] B<--ctreplsrc> I<address>[B</>I<mask>]"
3021-msgstr "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
3022-
3023-#. type: TP
3024-#: original/man8/iptables-extensions.8:283
3025-#, fuzzy, no-wrap
3026-#| msgid "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
3027-msgid "[B<!>] B<--ctrepldst> I<address>[B</>I<mask>]"
3028-msgstr "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
3029-
3030-#. type: Plain text
3031-#: original/man8/iptables-extensions.8:286
3032-#, fuzzy
3033-#| msgid "Match against original destination address"
3034-msgid "Match against original/reply source/destination address"
3035-msgstr "書き換え前の宛先アドレスにマッチする。"
3036-
3037-#. type: TP
3038-#: original/man8/iptables-extensions.8:286
3039-#, fuzzy, no-wrap
3040-#| msgid "B<--source-port >[!] I<port>[:I<port>]"
3041-msgid "[B<!>] B<--ctorigsrcport> I<port>[B<:>I<port>]"
3042-msgstr "B<--source-port >[!] I<port>[:I<port>]"
3043-
3044-#. type: TP
3045-#: original/man8/iptables-extensions.8:288
3046-#, fuzzy, no-wrap
3047-#| msgid "B<--to-ports >I<port>[-I<port>]"
3048-msgid "[B<!>] B<--ctorigdstport> I<port>[B<:>I<port>]"
3049-msgstr "B<--to-ports >I<port>[-I<port>]"
3050-
3051-#. type: TP
3052-#: original/man8/iptables-extensions.8:290
3053-#, fuzzy, no-wrap
3054-#| msgid "B<--source-port >[!] I<port>[:I<port>]"
3055-msgid "[B<!>] B<--ctreplsrcport> I<port>[B<:>I<port>]"
3056-msgstr "B<--source-port >[!] I<port>[:I<port>]"
3057-
3058-#. type: TP
3059-#: original/man8/iptables-extensions.8:292
3060-#, fuzzy, no-wrap
3061-#| msgid "B<--source-port >[!] I<port>[:I<port>]"
3062-msgid "[B<!>] B<--ctrepldstport> I<port>[B<:>I<port>]"
3063-msgstr "B<--source-port >[!] I<port>[:I<port>]"
3064-
3065-#. type: Plain text
3066-#: original/man8/iptables-extensions.8:296
3067-msgid ""
3068-"Match against original/reply source/destination port (TCP/UDP/etc.) or GRE "
3069-"key. Matching against port ranges is only supported in kernel versions "
3070-"above 2.6.38."
3071-msgstr ""
3072-
3073-#. type: TP
3074-#: original/man8/iptables-extensions.8:296
3075-#, fuzzy, no-wrap
3076-#| msgid "B<--ctstate >I<state>"
3077-msgid "[B<!>] B<--ctstatus> I<statelist>"
3078-msgstr "B<--ctstate >I<state>"
3079-
3080-#. type: Plain text
3081-#: original/man8/iptables-extensions.8:300
3082-msgid ""
3083-"I<statuslist> is a comma separated list of the connection statuses to "
3084-"match. Possible statuses are listed below."
3085-msgstr ""
3086-
3087-#. type: TP
3088-#: original/man8/iptables-extensions.8:300
3089-#, fuzzy, no-wrap
3090-#| msgid "B<--ctexpire >I<time[:time]>"
3091-msgid "[B<!>] B<--ctexpire> I<time>[B<:>I<time>]"
3092-msgstr "B<--ctexpire >I<time[:time]>"
3093-
3094-#. type: Plain text
3095-#: original/man8/iptables-extensions.8:304
3096-msgid ""
3097-"Match remaining lifetime in seconds against given value or range of values "
3098-"(inclusive)"
3099-msgstr "有効期間の残り秒数、またはその範囲(両端を含む)にマッチする。"
3100-
3101-#. type: TP
3102-#: original/man8/iptables-extensions.8:304
3103-#, no-wrap
3104-msgid "B<--ctdir> {B<ORIGINAL>|B<REPLY>}"
3105-msgstr ""
3106-
3107-#. type: Plain text
3108-#: original/man8/iptables-extensions.8:308
3109-msgid ""
3110-"Match packets that are flowing in the specified direction. If this flag is "
3111-"not specified at all, matches packets in both directions."
3112-msgstr ""
3113-
3114-#. type: Plain text
3115-#: original/man8/iptables-extensions.8:310
3116-msgid "States for B<--ctstate>:"
3117-msgstr ""
3118-
3119-#. type: TP
3120-#: original/man8/iptables-extensions.8:310
3121-#, no-wrap
3122-msgid "B<INVALID>"
3123-msgstr ""
3124-
3125-#. type: Plain text
3126-#: original/man8/iptables-extensions.8:313
3127-#, fuzzy
3128-#| msgid ""
3129-#| "Matches if the packet was created by a process with the given process id."
3130-msgid "The packet is associated with no known connection."
3131-msgstr ""
3132-"指定されたプロセス ID のプロセスにより パケットが生成されている場合にマッチす"
3133-"る。"
3134-
3135-#. type: TP
3136-#: original/man8/iptables-extensions.8:313
3137-#, no-wrap
3138-msgid "B<NEW>"
3139-msgstr ""
3140-
3141-#. type: Plain text
3142-#: original/man8/iptables-extensions.8:317
3143-msgid ""
3144-"The packet has started a new connection, or otherwise associated with a "
3145-"connection which has not seen packets in both directions."
3146-msgstr ""
3147-
3148-#. type: TP
3149-#: original/man8/iptables-extensions.8:317
3150-#, no-wrap
3151-msgid "B<ESTABLISHED>"
3152-msgstr ""
3153-
3154-#. type: Plain text
3155-#: original/man8/iptables-extensions.8:321
3156-#, fuzzy
3157-#| msgid ""
3158-#| "This module matches the netfilter mark field associated with a packet "
3159-#| "(which can be set using the B<MARK> target below)."
3160-msgid ""
3161-"The packet is associated with a connection which has seen packets in both "
3162-"directions."
3163-msgstr ""
3164-"このモジュールはパケットに関連づけられた netfilter の mark フィールドにマッチ"
3165-"する (このフィールドは、以下の B<MARK> ターゲットで設定される)。"
3166-
3167-#. type: TP
3168-#: original/man8/iptables-extensions.8:321
3169-#, no-wrap
3170-msgid "B<RELATED>"
3171-msgstr ""
3172-
3173-#. type: Plain text
3174-#: original/man8/iptables-extensions.8:325
3175-msgid ""
3176-"The packet is starting a new connection, but is associated with an existing "
3177-"connection, such as an FTP data transfer, or an ICMP error."
3178-msgstr ""
3179-
3180-#. type: TP
3181-#: original/man8/iptables-extensions.8:325
3182-#, no-wrap
3183-msgid "B<UNTRACKED>"
3184-msgstr ""
3185-
3186-#. type: Plain text
3187-#: original/man8/iptables-extensions.8:329
3188-msgid ""
3189-"The packet is not tracked at all, which happens if you explicitly untrack it "
3190-"by using -j CT --notrack in the raw table."
3191-msgstr ""
3192-
3193-#. type: TP
3194-#: original/man8/iptables-extensions.8:329
3195-#, fuzzy, no-wrap
3196-#| msgid "SNAT"
3197-msgid "B<SNAT>"
3198-msgstr "SNAT"
3199-
3200-#. type: Plain text
3201-#: original/man8/iptables-extensions.8:333
3202-msgid ""
3203-"A virtual state, matching if the original source address differs from the "
3204-"reply destination."
3205-msgstr ""
3206-
3207-#. type: TP
3208-#: original/man8/iptables-extensions.8:333
3209-#, fuzzy, no-wrap
3210-#| msgid "DNAT"
3211-msgid "B<DNAT>"
3212-msgstr "DNAT"
3213-
3214-#. type: Plain text
3215-#: original/man8/iptables-extensions.8:337
3216-msgid ""
3217-"A virtual state, matching if the original destination differs from the reply "
3218-"source."
3219-msgstr ""
3220-
3221-#. type: Plain text
3222-#: original/man8/iptables-extensions.8:339
3223-msgid "Statuses for B<--ctstatus>:"
3224-msgstr ""
3225-
3226-#. type: TP
3227-#: original/man8/iptables-extensions.8:339
3228-#, no-wrap
3229-msgid "B<NONE>"
3230-msgstr ""
3231-
3232-#. type: Plain text
3233-#: original/man8/iptables-extensions.8:342
3234-msgid "None of the below."
3235-msgstr ""
3236-
3237-#. type: TP
3238-#: original/man8/iptables-extensions.8:342
3239-#, no-wrap
3240-msgid "B<EXPECTED>"
3241-msgstr ""
3242-
3243-#. type: Plain text
3244-#: original/man8/iptables-extensions.8:345
3245-msgid "This is an expected connection (i.e. a conntrack helper set it up)."
3246-msgstr ""
3247-
3248-#. type: TP
3249-#: original/man8/iptables-extensions.8:345
3250-#, no-wrap
3251-msgid "B<SEEN_REPLY>"
3252-msgstr ""
3253-
3254-#. type: Plain text
3255-#: original/man8/iptables-extensions.8:348
3256-msgid "Conntrack has seen packets in both directions."
3257-msgstr ""
3258-
3259-#. type: TP
3260-#: original/man8/iptables-extensions.8:348
3261-#, no-wrap
3262-msgid "B<ASSURED>"
3263-msgstr ""
3264-
3265-#. type: Plain text
3266-#: original/man8/iptables-extensions.8:351
3267-msgid "Conntrack entry should never be early-expired."
3268-msgstr ""
3269-
3270-#. type: TP
3271-#: original/man8/iptables-extensions.8:351
3272-#, no-wrap
3273-msgid "B<CONFIRMED>"
3274-msgstr ""
3275-
3276-#. type: Plain text
3277-#: original/man8/iptables-extensions.8:354
3278-msgid "Connection is confirmed: originating packet has left box."
3279-msgstr ""
3280-
3281-#. type: SS
3282-#: original/man8/iptables-extensions.8:354
3283-#, fuzzy, no-wrap
3284-#| msgid "tcp"
3285-msgid "cpu"
3286-msgstr "tcp"
3287-
3288-#. type: TP
3289-#: original/man8/iptables-extensions.8:355
3290-#, fuzzy, no-wrap
3291-#| msgid "B<-t>, B<--table> B<tablename>"
3292-msgid "[B<!>] B<--cpu> I<number>"
3293-msgstr "B<-t>, B<--table> B<tablename>"
3294-
3295-#. type: Plain text
3296-#: original/man8/iptables-extensions.8:360
3297-msgid ""
3298-"Match cpu handling this packet. cpus are numbered from 0 to NR_CPUS-1 Can be "
3299-"used in combination with RPS (Remote Packet Steering) or multiqueue NICs to "
3300-"spread network traffic on different queues."
3301-msgstr ""
3302-
3303-#. type: Plain text
3304-#: original/man8/iptables-extensions.8:365
3305-msgid ""
3306-"iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 -j REDIRECT --"
3307-"to-port 8080"
3308-msgstr ""
3309-
3310-#. type: Plain text
3311-#: original/man8/iptables-extensions.8:368
3312-msgid ""
3313-"iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 -j REDIRECT --"
3314-"to-port 8081"
3315-msgstr ""
3316-
3317-#. type: Plain text
3318-#: original/man8/iptables-extensions.8:370
3319-msgid "Available since Linux 2.6.36."
3320-msgstr ""
3321-
3322-#. type: SS
3323-#: original/man8/iptables-extensions.8:370
3324-#, no-wrap
3325-msgid "dccp"
3326-msgstr ""
3327-
3328-#. type: TP
3329-#: original/man8/iptables-extensions.8:371
3330-#: original/man8/iptables-extensions.8:1230
3331-#: original/man8/iptables-extensions.8:1354
3332-#: original/man8/iptables-extensions.8:1657
3333-#, fuzzy, no-wrap
3334-#| msgid "B<--source-ports >I<port>[,I<port>[,I<port>...]]"
3335-msgid "[B<!>] B<--source-port>,B<--sport> I<port>[B<:>I<port>]"
3336-msgstr "B<--source-ports >I<port>[,I<port>[,I<port>...]]"
3337-
3338-#. type: TP
3339-#: original/man8/iptables-extensions.8:373
3340-#: original/man8/iptables-extensions.8:1232
3341-#: original/man8/iptables-extensions.8:1365
3342-#: original/man8/iptables-extensions.8:1663
3343-#, fuzzy, no-wrap
3344-#| msgid "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
3345-msgid "[B<!>] B<--destination-port>,B<--dport> I<port>[B<:>I<port>]"
3346-msgstr "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
3347-
3348-#. type: TP
3349-#: original/man8/iptables-extensions.8:375
3350-#, no-wrap
3351-msgid "[B<!>] B<--dccp-types> I<mask>"
3352-msgstr ""
3353-
3354-#. type: Plain text
3355-#: original/man8/iptables-extensions.8:380
3356-msgid ""
3357-"Match when the DCCP packet type is one of 'mask'. 'mask' is a comma-"
3358-"separated list of packet types. Packet types are: B<REQUEST RESPONSE DATA "
3359-"ACK DATAACK CLOSEREQ CLOSE RESET SYNC SYNCACK INVALID>."
3360-msgstr ""
3361-
3362-#. type: TP
3363-#: original/man8/iptables-extensions.8:380
3364-#, fuzzy, no-wrap
3365-#| msgid "B<--tcp-option >[!] I<number>"
3366-msgid "[B<!>] B<--dccp-option> I<number>"
3367-msgstr "B<--tcp-option >[!] I<number>"
3368-
3369-#. type: Plain text
3370-#: original/man8/iptables-extensions.8:383
3371-#, fuzzy
3372-#| msgid "Match if TCP option set."
3373-msgid "Match if DCCP option set."
3374-msgstr "TCP オプションが設定されている場合にマッチする。"
3375-
3376-#. type: SS
3377-#: original/man8/iptables-extensions.8:383
3378-#, no-wrap
3379-msgid "devgroup"
3380-msgstr ""
3381-
3382-#. type: Plain text
3383-#: original/man8/iptables-extensions.8:385
3384-msgid "Match device group of a packets incoming/outgoing interface."
3385-msgstr ""
3386-
3387-#. type: TP
3388-#: original/man8/iptables-extensions.8:385
3389-#, fuzzy, no-wrap
3390-#| msgid "B<--physdev-out name>"
3391-msgid "[B<!>] B<--src-group> I<name>"
3392-msgstr "B<--physdev-out name>"
3393-
3394-#. type: Plain text
3395-#: original/man8/iptables-extensions.8:388
3396-msgid "Match device group of incoming device"
3397-msgstr ""
3398-
3399-#. type: TP
3400-#: original/man8/iptables-extensions.8:388
3401-#, fuzzy, no-wrap
3402-#| msgid "B<--physdev-out name>"
3403-msgid "[B<!>] B<--dst-group> I<name>"
3404-msgstr "B<--physdev-out name>"
3405-
3406-#. type: Plain text
3407-#: original/man8/iptables-extensions.8:391
3408-msgid "Match device group of outgoing device"
3409-msgstr ""
3410-
3411-#. type: SS
3412-#: original/man8/iptables-extensions.8:391
3413-#, no-wrap
3414-msgid "dscp"
3415-msgstr "dscp"
3416-
3417-#. type: Plain text
3418-#: original/man8/iptables-extensions.8:394
3419-msgid ""
3420-"This module matches the 6 bit DSCP field within the TOS field in the IP "
3421-"header. DSCP has superseded TOS within the IETF."
3422-msgstr ""
3423-"このモジュールは、IP ヘッダーの TOS フィールド内にある、 6 bit の DSCP フィー"
3424-"ルドにマッチする。 IETF では DSCP が TOS に取って代わった。"
3425-
3426-#. type: TP
3427-#: original/man8/iptables-extensions.8:394
3428-#, fuzzy, no-wrap
3429-#| msgid "B<--dscp >I<value>"
3430-msgid "[B<!>] B<--dscp> I<value>"
3431-msgstr "B<--dscp >I<value>"
3432-
3433-#. type: Plain text
3434-#: original/man8/iptables-extensions.8:397
3435-#, fuzzy
3436-#| msgid "Match against a numeric (decimal or hex) value [0-32]."
3437-msgid "Match against a numeric (decimal or hex) value [0-63]."
3438-msgstr "(10 進または 16 進の) 数値 [0-63] にマッチする。"
3439-
3440-#. type: TP
3441-#: original/man8/iptables-extensions.8:397
3442-#, fuzzy, no-wrap
3443-#| msgid "B<--set-dscp-class >I<class>"
3444-msgid "[B<!>] B<--dscp-class> I<class>"
3445-msgstr "B<--set-dscp-class >I<class>"
3446-
3447-#. type: Plain text
3448-#: original/man8/iptables-extensions.8:402
3449-#, fuzzy
3450-#| msgid ""
3451-#| "Match the DiffServ class. This value may be any of the BE, EF, AFxx or "
3452-#| "CSx classes. It will then be converted into it's according numeric value."
3453-msgid ""
3454-"Match the DiffServ class. This value may be any of the BE, EF, AFxx or CSx "
3455-"classes. It will then be converted into its according numeric value."
3456-msgstr ""
3457-"DiffServ クラスにマッチする。 値は BE, EF, AFxx, CSx クラスのいずれかであ"
3458-"る。 これらは、対応する数値で指定するのと同じである。"
3459-
3460-#. type: SS
3461-#: original/man8/iptables-extensions.8:402
3462-#, no-wrap
3463-msgid "dst (IPv6-specific)"
3464-msgstr ""
3465-
3466-#. type: Plain text
3467-#: original/man8/iptables-extensions.8:404
3468-#, fuzzy
3469-#| msgid "This module matches the time to live field in the IP header."
3470-msgid "This module matches the parameters in Destination Options header"
3471-msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。"
3472-
3473-#. type: TP
3474-#: original/man8/iptables-extensions.8:404
3475-#, fuzzy, no-wrap
3476-#| msgid "B<-t>, B<--table> B<tablename>"
3477-msgid "[B<!>] B<--dst-len> I<length>"
3478-msgstr "B<-t>, B<--table> B<tablename>"
3479-
3480-#. type: TP
3481-#: original/man8/iptables-extensions.8:407
3482-#, no-wrap
3483-msgid "B<--dst-opts> I<type>[B<:>I<length>][B<,>I<type>[B<:>I<length>]...]"
3484-msgstr ""
3485-
3486-#. type: Plain text
3487-#: original/man8/iptables-extensions.8:410
3488-#: original/man8/iptables-extensions.8:543
3489-msgid "numeric type of option and the length of the option data in octets."
3490-msgstr ""
3491-
3492-#. type: SS
3493-#: original/man8/iptables-extensions.8:410
3494-#, no-wrap
3495-msgid "ecn"
3496-msgstr ""
3497-
3498-#. type: Plain text
3499-#: original/man8/iptables-extensions.8:412
3500-msgid ""
3501-"This allows you to match the ECN bits of the IPv4/IPv6 and TCP header. ECN "
3502-"is the Explicit Congestion Notification mechanism as specified in RFC3168"
3503-msgstr ""
3504-
3505-#. type: TP
3506-#: original/man8/iptables-extensions.8:412
3507-#, fuzzy, no-wrap
3508-#| msgid "B<--ecn-tcp-remove>"
3509-msgid "[B<!>] B<--ecn-tcp-cwr>"
3510-msgstr "B<--ecn-tcp-remove>"
3511-
3512-#. type: Plain text
3513-#: original/man8/iptables-extensions.8:415
3514-msgid ""
3515-"This matches if the TCP ECN CWR (Congestion Window Received) bit is set."
3516-msgstr ""
3517-
3518-#. type: TP
3519-#: original/man8/iptables-extensions.8:415
3520-#, fuzzy, no-wrap
3521-#| msgid "B<--ecn-tcp-remove>"
3522-msgid "[B<!>] B<--ecn-tcp-ece>"
3523-msgstr "B<--ecn-tcp-remove>"
3524-
3525-#. type: Plain text
3526-#: original/man8/iptables-extensions.8:418
3527-msgid "This matches if the TCP ECN ECE (ECN Echo) bit is set."
3528-msgstr ""
3529-
3530-#. type: TP
3531-#: original/man8/iptables-extensions.8:418
3532-#, no-wrap
3533-msgid "[B<!>] B<--ecn-ip-ect> I<num>"
3534-msgstr ""
3535-
3536-#. type: Plain text
3537-#: original/man8/iptables-extensions.8:422
3538-msgid ""
3539-"This matches a particular IPv4/IPv6 ECT (ECN-Capable Transport). You have to "
3540-"specify a number between `0' and `3'."
3541-msgstr ""
3542-
3543-#. type: SS
3544-#: original/man8/iptables-extensions.8:422
3545-#, no-wrap
3546-msgid "esp"
3547-msgstr "esp"
3548-
3549-#. type: Plain text
3550-#: original/man8/iptables-extensions.8:424
3551-#, fuzzy
3552-#| msgid "This module matches the SPIs in ESP header of IPSec packets."
3553-msgid "This module matches the SPIs in ESP header of IPsec packets."
3554-msgstr "このモジュールは IPSec パケットの ESP ヘッダーの SPI 値にマッチする。"
3555-
3556-#. type: TP
3557-#: original/man8/iptables-extensions.8:424
3558-#, fuzzy, no-wrap
3559-#| msgid "B<--espspi >[!] I<spi>[:I<spi>]"
3560-msgid "[B<!>] B<--espspi> I<spi>[B<:>I<spi>]"
3561-msgstr "B<--espspi >[!] I<spi>[:I<spi>]"
3562-
3563-#. type: SS
3564-#: original/man8/iptables-extensions.8:426
3565-#, no-wrap
3566-msgid "eui64 (IPv6-specific)"
3567-msgstr ""
3568-
3569-#. type: Plain text
3570-#: original/man8/iptables-extensions.8:437
3571-msgid ""
3572-"This module matches the EUI-64 part of a stateless autoconfigured IPv6 "
3573-"address. It compares the EUI-64 derived from the source MAC address in "
3574-"Ethernet frame with the lower 64 bits of the IPv6 source address. But "
3575-"\"Universal/Local\" bit is not compared. This module doesn't match other "
3576-"link layer frame, and is only valid in the B<PREROUTING>, B<INPUT> and "
3577-"B<FORWARD> chains."
3578-msgstr ""
3579-
3580-#. type: SS
3581-#: original/man8/iptables-extensions.8:437
3582-#, no-wrap
3583-msgid "frag (IPv6-specific)"
3584-msgstr ""
3585-
3586-#. type: Plain text
3587-#: original/man8/iptables-extensions.8:439
3588-#, fuzzy
3589-#| msgid "This module matches the time to live field in the IP header."
3590-msgid "This module matches the parameters in Fragment header."
3591-msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。"
3592-
3593-#. type: TP
3594-#: original/man8/iptables-extensions.8:439
3595-#, no-wrap
3596-msgid "[B<!>] B<--fragid> I<id>[B<:>I<id>]"
3597-msgstr ""
3598-
3599-#. type: Plain text
3600-#: original/man8/iptables-extensions.8:442
3601-msgid "Matches the given Identification or range of it."
3602-msgstr ""
3603-
3604-#. type: TP
3605-#: original/man8/iptables-extensions.8:442
3606-#, fuzzy, no-wrap
3607-#| msgid "B<-t>, B<--table> B<tablename>"
3608-msgid "[B<!>] B<--fraglen> I<length>"
3609-msgstr "B<-t>, B<--table> B<tablename>"
3610-
3611-#. type: Plain text
3612-#: original/man8/iptables-extensions.8:446
3613-msgid ""
3614-"This option cannot be used with kernel version 2.6.10 or later. The length "
3615-"of Fragment header is static and this option doesn't make sense."
3616-msgstr ""
3617-
3618-#. type: TP
3619-#: original/man8/iptables-extensions.8:446
3620-#, no-wrap
3621-msgid "B<--fragres>"
3622-msgstr ""
3623-
3624-#. type: Plain text
3625-#: original/man8/iptables-extensions.8:449
3626-msgid "Matches if the reserved fields are filled with zero."
3627-msgstr ""
3628-
3629-#. type: TP
3630-#: original/man8/iptables-extensions.8:449
3631-#, no-wrap
3632-msgid "B<--fragfirst>"
3633-msgstr ""
3634-
3635-#. type: Plain text
3636-#: original/man8/iptables-extensions.8:452
3637-msgid "Matches on the first fragment."
3638-msgstr ""
3639-
3640-#. type: TP
3641-#: original/man8/iptables-extensions.8:452
3642-#, fuzzy, no-wrap
3643-#| msgid "B<[!] -f, --fragment>"
3644-msgid "B<--fragmore>"
3645-msgstr "B<[!] -f, --fragment>"
3646-
3647-#. type: Plain text
3648-#: original/man8/iptables-extensions.8:455
3649-msgid "Matches if there are more fragments."
3650-msgstr ""
3651-
3652-#. type: TP
3653-#: original/man8/iptables-extensions.8:455
3654-#, no-wrap
3655-msgid "B<--fraglast>"
3656-msgstr ""
3657-
3658-#. type: Plain text
3659-#: original/man8/iptables-extensions.8:458
3660-msgid "Matches if this is the last fragment."
3661-msgstr ""
3662-
3663-#. type: SS
3664-#: original/man8/iptables-extensions.8:458
3665-#, fuzzy, no-wrap
3666-#| msgid "limit"
3667-msgid "hashlimit"
3668-msgstr "limit"
3669-
3670-#. type: Plain text
3671-#: original/man8/iptables-extensions.8:464
3672-msgid ""
3673-"B<hashlimit> uses hash buckets to express a rate limiting match (like the "
3674-"B<limit> match) for a group of connections using a B<single> iptables rule. "
3675-"Grouping can be done per-hostgroup (source and/or destination address) and/"
3676-"or per-port. It gives you the ability to express \"I<N> packets per time "
3677-"quantum per group\" or \"I<N> bytes per seconds\" (see below for some "
3678-"examples)."
3679-msgstr ""
3680-
3681-#. type: Plain text
3682-#: original/man8/iptables-extensions.8:467
3683-msgid ""
3684-"A hash limit option (B<--hashlimit-upto>, B<--hashlimit-above>) and B<--"
3685-"hashlimit-name> are required."
3686-msgstr ""
3687-
3688-#. type: TP
3689-#: original/man8/iptables-extensions.8:467
3690-#, no-wrap
3691-msgid "B<--hashlimit-upto> I<amount>[B</second>|B</minute>|B</hour>|B</day>]"
3692-msgstr ""
3693-
3694-#. type: Plain text
3695-#: original/man8/iptables-extensions.8:472
3696-#, fuzzy
3697-#| msgid ""
3698-#| "Maximum average matching rate: specified as a number, with an optional `/"
3699-#| "second', `/minute', `/hour', or `/day' suffix; the default is 3/hour."
3700-msgid ""
3701-"Match if the rate is below or equal to I<amount>/quantum. It is specified "
3702-"either as a number, with an optional time quantum suffix (the default is 3/"
3703-"hour), or as I<amount>b/second (number of bytes per second)."
3704-msgstr ""
3705-"単位時間あたりの平均マッチ回数の最大値。 数値で指定され、添字 `/second', `/"
3706-"minute', `/hour', `/day' を付けることもできる。 デフォルトは 3/hour である。"
3707-
3708-#. type: TP
3709-#: original/man8/iptables-extensions.8:472
3710-#, no-wrap
3711-msgid "B<--hashlimit-above> I<amount>[B</second>|B</minute>|B</hour>|B</day>]"
3712-msgstr ""
3713-
3714-#. type: Plain text
3715-#: original/man8/iptables-extensions.8:475
3716-msgid "Match if the rate is above I<amount>/quantum."
3717-msgstr ""
3718-
3719-#. type: TP
3720-#: original/man8/iptables-extensions.8:475
3721-#, fuzzy, no-wrap
3722-#| msgid "B<--limit-burst >I<number>"
3723-msgid "B<--hashlimit-burst> I<amount>"
3724-msgstr "B<--limit-burst >I<number>"
3725-
3726-#. type: Plain text
3727-#: original/man8/iptables-extensions.8:482
3728-#, fuzzy
3729-#| msgid ""
3730-#| "Maximum initial number of packets to match: this number gets recharged by "
3731-#| "one every time the limit specified above is not reached, up to this "
3732-#| "number; the default is 5."
3733-msgid ""
3734-"Maximum initial number of packets to match: this number gets recharged by "
3735-"one every time the limit specified above is not reached, up to this number; "
3736-"the default is 5. When byte-based rate matching is requested, this option "
3737-"specifies the amount of bytes that can exceed the given rate. This option "
3738-"should be used with caution -- if the entry expires, the burst value is "
3739-"reset too."
3740-msgstr ""
3741-"パケットがマッチする回数の最大初期値: 上のオプションで指定した制限に\n"
3742-"達しなければ、 その度ごとに、この数値になるまで 1 個ずつ増やされる。\n"
3743-"デフォルトは 5 である。"
3744-
3745-#. type: TP
3746-#: original/man8/iptables-extensions.8:482
3747-#, no-wrap
3748-msgid "B<--hashlimit-mode> {B<srcip>|B<srcport>|B<dstip>|B<dstport>}B<,>..."
3749-msgstr ""
3750-
3751-#. type: Plain text
3752-#: original/man8/iptables-extensions.8:487
3753-msgid ""
3754-"A comma-separated list of objects to take into consideration. If no --"
3755-"hashlimit-mode option is given, hashlimit acts like limit, but at the "
3756-"expensive of doing the hash housekeeping."
3757-msgstr ""
3758-
3759-#. type: TP
3760-#: original/man8/iptables-extensions.8:487
3761-#, fuzzy, no-wrap
3762-#| msgid "B<--limit >I<rate>"
3763-msgid "B<--hashlimit-srcmask> I<prefix>"
3764-msgstr "B<--limit >I<rate>"
3765-
3766-#. type: Plain text
3767-#: original/man8/iptables-extensions.8:494
3768-msgid ""
3769-"When --hashlimit-mode srcip is used, all source addresses encountered will "
3770-"be grouped according to the given prefix length and the so-created subnet "
3771-"will be subject to hashlimit. I<prefix> must be between (inclusive) 0 and "
3772-"32. Note that --hashlimit-srcmask 0 is basically doing the same thing as not "
3773-"specifying srcip for --hashlimit-mode, but is technically more expensive."
3774-msgstr ""
3775-
3776-#. type: TP
3777-#: original/man8/iptables-extensions.8:494
3778-#, fuzzy, no-wrap
3779-#| msgid "B<--limit >I<rate>"
3780-msgid "B<--hashlimit-dstmask> I<prefix>"
3781-msgstr "B<--limit >I<rate>"
3782-
3783-#. type: Plain text
3784-#: original/man8/iptables-extensions.8:497
3785-msgid "Like --hashlimit-srcmask, but for destination addresses."
3786-msgstr ""
3787-
3788-#. type: TP
3789-#: original/man8/iptables-extensions.8:497
3790-#, no-wrap
3791-msgid "B<--hashlimit-name> I<foo>"
3792-msgstr ""
3793-
3794-#. type: Plain text
3795-#: original/man8/iptables-extensions.8:500
3796-msgid "The name for the /proc/net/ipt_hashlimit/foo entry."
3797-msgstr ""
3798-
3799-#. type: TP
3800-#: original/man8/iptables-extensions.8:500
3801-#, no-wrap
3802-msgid "B<--hashlimit-htable-size> I<buckets>"
3803-msgstr ""
3804-
3805-#. type: Plain text
3806-#: original/man8/iptables-extensions.8:503
3807-msgid "The number of buckets of the hash table"
3808-msgstr ""
3809-
3810-#. type: TP
3811-#: original/man8/iptables-extensions.8:503
3812-#, no-wrap
3813-msgid "B<--hashlimit-htable-max> I<entries>"
3814-msgstr ""
3815-
3816-#. type: Plain text
3817-#: original/man8/iptables-extensions.8:506
3818-msgid "Maximum entries in the hash."
3819-msgstr ""
3820-
3821-#. type: TP
3822-#: original/man8/iptables-extensions.8:506
3823-#, no-wrap
3824-msgid "B<--hashlimit-htable-expire> I<msec>"
3825-msgstr ""
3826-
3827-#. type: Plain text
3828-#: original/man8/iptables-extensions.8:509
3829-msgid "After how many milliseconds do hash entries expire."
3830-msgstr ""
3831-
3832-#. type: TP
3833-#: original/man8/iptables-extensions.8:509
3834-#, no-wrap
3835-msgid "B<--hashlimit-htable-gcinterval> I<msec>"
3836-msgstr ""
3837-
3838-#. type: Plain text
3839-#: original/man8/iptables-extensions.8:512
3840-msgid "How many milliseconds between garbage collection intervals."
3841-msgstr ""
3842-
3843-#. type: TP
3844-#: original/man8/iptables-extensions.8:514
3845-#, fuzzy, no-wrap
3846-#| msgid "Match against original source address"
3847-msgid "matching on source host"
3848-msgstr "書き換え前の送信元アドレスにマッチする。"
3849-
3850-#. type: Plain text
3851-#: original/man8/iptables-extensions.8:518
3852-msgid ""
3853-"\"1000 packets per second for every host in 192.168.0.0/16\" =E<gt> -s "
3854-"192.168.0.0/16 --hashlimit-mode srcip --hashlimit-upto 1000/sec"
3855-msgstr ""
3856-
3857-#. type: TP
3858-#: original/man8/iptables-extensions.8:518
3859-#, fuzzy, no-wrap
3860-#| msgid "Match against original source address"
3861-msgid "matching on source port"
3862-msgstr "書き換え前の送信元アドレスにマッチする。"
3863-
3864-#. type: Plain text
3865-#: original/man8/iptables-extensions.8:522
3866-msgid ""
3867-"\"100 packets per second for every service of 192.168.1.1\" =E<gt> -s "
3868-"192.168.1.1 --hashlimit-mode srcport --hashlimit-upto 100/sec"
3869-msgstr ""
3870-
3871-#. type: TP
3872-#: original/man8/iptables-extensions.8:522
3873-#, no-wrap
3874-msgid "matching on subnet"
3875-msgstr ""
3876-
3877-#. type: Plain text
3878-#: original/man8/iptables-extensions.8:527
3879-msgid ""
3880-"\"10000 packets per minute for every /28 subnet (groups of 8 addresses) in "
3881-"10.0.0.0/8\" =E<gt> -s 10.0.0.8 --hashlimit-mask 28 --hashlimit-upto 10000/"
3882-"min"
3883-msgstr ""
3884-
3885-#. type: TP
3886-#: original/man8/iptables-extensions.8:527
3887-#: original/man8/iptables-extensions.8:531
3888-#, no-wrap
3889-msgid "matching bytes per second"
3890-msgstr ""
3891-
3892-#. type: Plain text
3893-#: original/man8/iptables-extensions.8:531
3894-msgid ""
3895-"\"flows exceeding 512kbyte/s\" =E<gt> --hashlimit-mode srcip,dstip,srcport,"
3896-"dstport --hashlimit-above 512kb/s"
3897-msgstr ""
3898-
3899-#. type: Plain text
3900-#: original/man8/iptables-extensions.8:535
3901-msgid ""
3902-"\"hosts that exceed 512kbyte/s, but permit up to 1Megabytes without matching"
3903-"\" --hashlimit-mode dstip --hashlimit-above 512kb/s --hashlimit-burst 1mb"
3904-msgstr ""
3905-
3906-#. type: SS
3907-#: original/man8/iptables-extensions.8:535
3908-#, no-wrap
3909-msgid "hbh (IPv6-specific)"
3910-msgstr ""
3911-
3912-#. type: Plain text
3913-#: original/man8/iptables-extensions.8:537
3914-#, fuzzy
3915-#| msgid "This module matches the time to live field in the IP header."
3916-msgid "This module matches the parameters in Hop-by-Hop Options header"
3917-msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。"
3918-
3919-#. type: TP
3920-#: original/man8/iptables-extensions.8:537
3921-#, fuzzy, no-wrap
3922-#| msgid "B<-t>, B<--table> B<tablename>"
3923-msgid "[B<!>] B<--hbh-len> I<length>"
3924-msgstr "B<-t>, B<--table> B<tablename>"
3925-
3926-#. type: TP
3927-#: original/man8/iptables-extensions.8:540
3928-#, no-wrap
3929-msgid "B<--hbh-opts> I<type>[B<:>I<length>][B<,>I<type>[B<:>I<length>]...]"
3930-msgstr ""
3931-
3932-#. type: SS
3933-#: original/man8/iptables-extensions.8:543
3934-#, no-wrap
3935-msgid "helper"
3936-msgstr "helper"
3937-
3938-#. type: Plain text
3939-#: original/man8/iptables-extensions.8:545
3940-msgid "This module matches packets related to a specific conntrack-helper."
3941-msgstr ""
3942-"このモジュールは、指定された接続追跡ヘルパーモジュールに 関連するパケットに"
3943-"マッチする。"
3944-
3945-#. type: TP
3946-#: original/man8/iptables-extensions.8:545
3947-#, fuzzy, no-wrap
3948-#| msgid "B<--helper >I<string>"
3949-msgid "[B<!>] B<--helper> I<string>"
3950-msgstr "B<--helper >I<string>"
3951-
3952-#. type: Plain text
3953-#: original/man8/iptables-extensions.8:548
3954-msgid "Matches packets related to the specified conntrack-helper."
3955-msgstr "指定された接続追跡ヘルパーモジュールに 関連するパケットにマッチする。"
3956-
3957-#. type: Plain text
3958-#: original/man8/iptables-extensions.8:552
3959-msgid ""
3960-"string can be \"ftp\" for packets related to a ftp-session on default port. "
3961-"For other ports append -portnr to the value, ie. \"ftp-2121\"."
3962-msgstr ""
3963-"デフォルトのポートを使った ftp-セッションに関連するパケットでは、 string に "
3964-"\"ftp\" と書ける。 他のポートでは \"-ポート番号\" を値に付け加える。 すなわ"
3965-"ち \"ftp-2121\" となる。"
3966-
3967-#. type: Plain text
3968-#: original/man8/iptables-extensions.8:554
3969-msgid "Same rules apply for other conntrack-helpers."
3970-msgstr "他の接続追跡ヘルパーでも同じルールが適用される。"
3971-
3972-#. type: SS
3973-#: original/man8/iptables-extensions.8:555
3974-#, no-wrap
3975-msgid "hl (IPv6-specific)"
3976-msgstr ""
3977-
3978-#. type: Plain text
3979-#: original/man8/iptables-extensions.8:557
3980-#, fuzzy
3981-#| msgid "This module matches the time to live field in the IP header."
3982-msgid "This module matches the Hop Limit field in the IPv6 header."
3983-msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。"
3984-
3985-#. type: TP
3986-#: original/man8/iptables-extensions.8:557
3987-#, fuzzy, no-wrap
3988-#| msgid "B<-t>, B<--table> B<tablename>"
3989-msgid "[B<!>] B<--hl-eq> I<value>"
3990-msgstr "B<-t>, B<--table> B<tablename>"
3991-
3992-#. type: Plain text
3993-#: original/man8/iptables-extensions.8:560
3994-msgid "Matches if Hop Limit equals I<value>."
3995-msgstr ""
3996-
3997-#. type: TP
3998-#: original/man8/iptables-extensions.8:560
3999-#, fuzzy, no-wrap
4000-#| msgid "B<--dscp >I<value>"
4001-msgid "B<--hl-lt> I<value>"
4002-msgstr "B<--dscp >I<value>"
4003-
4004-#. type: Plain text
4005-#: original/man8/iptables-extensions.8:563
4006-msgid "Matches if Hop Limit is less than I<value>."
4007-msgstr ""
4008-
4009-#. type: TP
4010-#: original/man8/iptables-extensions.8:563
4011-#, fuzzy, no-wrap
4012-#| msgid "B<--dscp >I<value>"
4013-msgid "B<--hl-gt> I<value>"
4014-msgstr "B<--dscp >I<value>"
4015-
4016-#. type: Plain text
4017-#: original/man8/iptables-extensions.8:566
4018-msgid "Matches if Hop Limit is greater than I<value>."
4019-msgstr ""
4020-
4021-#. type: SS
4022-#: original/man8/iptables-extensions.8:566
4023-#, no-wrap
4024-msgid "icmp (IPv4-specific)"
4025-msgstr ""
4026-
4027-#. type: Plain text
4028-#: original/man8/iptables-extensions.8:569
4029-#, fuzzy
4030-#| msgid ""
4031-#| "This extension is loaded if `--protocol icmp' is specified. It provides "
4032-#| "the following option:"
4033-msgid ""
4034-"This extension can be used if `--protocol icmp' is specified. It provides "
4035-"the following option:"
4036-msgstr ""
4037-"この拡張は `--protocol icmp' が指定された場合にロードされ、 以下のオプション"
4038-"が提供される:"
4039-
4040-#. type: TP
4041-#: original/man8/iptables-extensions.8:569
4042-#, fuzzy, no-wrap
4043-#| msgid "B<--icmp-type >[!] I<typename>"
4044-msgid "[B<!>] B<--icmp-type> {I<type>[B</>I<code>]|I<typename>}"
4045-msgstr "B<--icmp-type >[!] I<typename>"
4046-
4047-#. type: Plain text
4048-#: original/man8/iptables-extensions.8:573
4049-#, fuzzy
4050-#| msgid ""
4051-#| "This allows specification of the ICMP type, which can be a numeric ICMP "
4052-#| "type, or one of the ICMP type names shown by the command"
4053-msgid ""
4054-"This allows specification of the ICMP type, which can be a numeric ICMP "
4055-"type, type/code pair, or one of the ICMP type names shown by the command"
4056-msgstr ""
4057-"ICMP タイプを指定できる。タイプ指定には、 数値の ICMP タイプ、または以下のコ"
4058-"マンド で表示される ICMP タイプ名を指定できる。"
4059-
4060-#. type: Plain text
4061-#: original/man8/iptables-extensions.8:575
4062-#, no-wrap
4063-msgid " iptables -p icmp -h\n"
4064-msgstr " iptables -p icmp -h\n"
4065-
4066-#. type: SS
4067-#: original/man8/iptables-extensions.8:576
4068-#, no-wrap
4069-msgid "icmp6 (IPv6-specific)"
4070-msgstr ""
4071-
4072-#. type: Plain text
4073-#: original/man8/iptables-extensions.8:579
4074-#, fuzzy
4075-#| msgid ""
4076-#| "This extension is loaded if `--protocol ipv6-icmp' or `--protocol icmpv6' "
4077-#| "is specified. It provides the following option:"
4078-msgid ""
4079-"This extension can be used if `--protocol ipv6-icmp' or `--protocol icmpv6' "
4080-"is specified. It provides the following option:"
4081-msgstr ""
4082-"これらの拡張は `--protocol ipv6-icmp' または `--protocol icmpv6' が指定された"
4083-"場合にロードされ、 以下のオプションが提供される:"
4084-
4085-#. type: TP
4086-#: original/man8/iptables-extensions.8:579
4087-#, fuzzy, no-wrap
4088-#| msgid "B<--icmpv6-type >[!] I<typename>"
4089-msgid "[B<!>] B<--icmpv6-type> I<type>[B</>I<code>]|I<typename>"
4090-msgstr "B<--icmpv6-type >[!] I<typename>"
4091-
4092-#. type: Plain text
4093-#: original/man8/iptables-extensions.8:588
4094-#, fuzzy
4095-#| msgid ""
4096-#| "This allows specification of the ICMP type, which can be a numeric ICMP "
4097-#| "type, or one of the ICMP type names shown by the command"
4098-msgid ""
4099-"This allows specification of the ICMPv6 type, which can be a numeric ICMPv6 "
4100-"I<type>, I<type> and I<code>, or one of the ICMPv6 type names shown by the "
4101-"command"
4102-msgstr ""
4103-"ICMP タイプを指定できる。タイプ指定には、 数値の ICMP タイプ、または以下のコ"
4104-"マンド で表示される ICMP タイプ名を指定できる。"
4105-
4106-#. type: Plain text
4107-#: original/man8/iptables-extensions.8:590
4108-#, no-wrap
4109-msgid " ip6tables -p ipv6-icmp -h\n"
4110-msgstr " ip6tables -p ipv6-icmp -h\n"
4111-
4112-#. type: SS
4113-#: original/man8/iptables-extensions.8:591
4114-#, no-wrap
4115-msgid "iprange"
4116-msgstr ""
4117-
4118-#. type: Plain text
4119-#: original/man8/iptables-extensions.8:593
4120-msgid "This matches on a given arbitrary range of IP addresses."
4121-msgstr ""
4122-
4123-#. type: TP
4124-#: original/man8/iptables-extensions.8:593
4125-#, no-wrap
4126-msgid "[B<!>] B<--src-range> I<from>[B<->I<to>]"
4127-msgstr ""
4128-
4129-#. type: Plain text
4130-#: original/man8/iptables-extensions.8:596
4131-msgid "Match source IP in the specified range."
4132-msgstr ""
4133-
4134-#. type: TP
4135-#: original/man8/iptables-extensions.8:596
4136-#, no-wrap
4137-msgid "[B<!>] B<--dst-range> I<from>[B<->I<to>]"
4138-msgstr ""
4139-
4140-#. type: Plain text
4141-#: original/man8/iptables-extensions.8:599
4142-msgid "Match destination IP in the specified range."
4143-msgstr ""
4144-
4145-#. type: SS
4146-#: original/man8/iptables-extensions.8:599
4147-#, no-wrap
4148-msgid "ipv6header (IPv6-specific)"
4149-msgstr ""
4150-
4151-#. type: Plain text
4152-#: original/man8/iptables-extensions.8:601
4153-#, fuzzy
4154-#| msgid "This module matches the SPIs in AH header of IPSec packets."
4155-msgid "This module matches IPv6 extension headers and/or upper layer header."
4156-msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。"
4157-
4158-#. type: TP
4159-#: original/man8/iptables-extensions.8:601
4160-#, no-wrap
4161-msgid "B<--soft>"
4162-msgstr ""
4163-
4164-#. type: Plain text
4165-#: original/man8/iptables-extensions.8:605
4166-msgid ""
4167-"Matches if the packet includes B<any> of the headers specified with B<--"
4168-"header>."
4169-msgstr ""
4170-
4171-#. type: TP
4172-#: original/man8/iptables-extensions.8:605
4173-#, no-wrap
4174-msgid "[B<!>] B<--header> I<header>[B<,>I<header>...]"
4175-msgstr ""
4176-
4177-#. type: Plain text
4178-#: original/man8/iptables-extensions.8:610
4179-msgid ""
4180-"Matches the packet which EXACTLY includes all specified headers. The headers "
4181-"encapsulated with ESP header are out of scope. Possible I<header> types can "
4182-"be:"
4183-msgstr ""
4184-
4185-#. type: TP
4186-#: original/man8/iptables-extensions.8:610
4187-#, no-wrap
4188-msgid "B<hop>|B<hop-by-hop>"
4189-msgstr ""
4190-
4191-#. type: Plain text
4192-#: original/man8/iptables-extensions.8:613
4193-msgid "Hop-by-Hop Options header"
4194-msgstr ""
4195-
4196-#. type: TP
4197-#: original/man8/iptables-extensions.8:613
4198-#, no-wrap
4199-msgid "B<dst>"
4200-msgstr ""
4201-
4202-#. type: Plain text
4203-#: original/man8/iptables-extensions.8:616
4204-msgid "Destination Options header"
4205-msgstr ""
4206-
4207-#. type: TP
4208-#: original/man8/iptables-extensions.8:616
4209-#, no-wrap
4210-msgid "B<route>"
4211-msgstr ""
4212-
4213-#. type: Plain text
4214-#: original/man8/iptables-extensions.8:619
4215-msgid "Routing header"
4216-msgstr ""
4217-
4218-#. type: TP
4219-#: original/man8/iptables-extensions.8:619
4220-#, no-wrap
4221-msgid "B<frag>"
4222-msgstr ""
4223-
4224-#. type: Plain text
4225-#: original/man8/iptables-extensions.8:622
4226-msgid "Fragment header"
4227-msgstr ""
4228-
4229-#. type: TP
4230-#: original/man8/iptables-extensions.8:622
4231-#, no-wrap
4232-msgid "B<auth>"
4233-msgstr ""
4234-
4235-#. type: Plain text
4236-#: original/man8/iptables-extensions.8:625
4237-msgid "Authentication header"
4238-msgstr ""
4239-
4240-#. type: TP
4241-#: original/man8/iptables-extensions.8:625
4242-#, no-wrap
4243-msgid "B<esp>"
4244-msgstr ""
4245-
4246-#. type: Plain text
4247-#: original/man8/iptables-extensions.8:628
4248-msgid "Encapsulating Security Payload header"
4249-msgstr ""
4250-
4251-#. type: TP
4252-#: original/man8/iptables-extensions.8:628
4253-#, no-wrap
4254-msgid "B<none>"
4255-msgstr ""
4256-
4257-#. type: Plain text
4258-#: original/man8/iptables-extensions.8:632
4259-msgid ""
4260-"No Next header which matches 59 in the 'Next Header field' of IPv6 header or "
4261-"any IPv6 extension headers"
4262-msgstr ""
4263-
4264-#. type: TP
4265-#: original/man8/iptables-extensions.8:632
4266-#, no-wrap
4267-msgid "B<proto>"
4268-msgstr ""
4269-
4270-#. type: Plain text
4271-#: original/man8/iptables-extensions.8:637
4272-msgid ""
4273-"which matches any upper layer protocol header. A protocol name from /etc/"
4274-"protocols and numeric value also allowed. The number 255 is equivalent to "
4275-"B<proto>."
4276-msgstr ""
4277-
4278-#. type: SS
4279-#: original/man8/iptables-extensions.8:637
4280-#, no-wrap
4281-msgid "ipvs"
4282-msgstr ""
4283-
4284-#. type: Plain text
4285-#: original/man8/iptables-extensions.8:639
4286-msgid "Match IPVS connection properties."
4287-msgstr ""
4288-
4289-#. type: TP
4290-#: original/man8/iptables-extensions.8:639
4291-#, fuzzy, no-wrap
4292-#| msgid "B<-c>, B<--counters>"
4293-msgid "[B<!>] B<--ipvs>"
4294-msgstr "B<-c>, B<--counters>"
4295-
4296-#. type: Plain text
4297-#: original/man8/iptables-extensions.8:642
4298-msgid "packet belongs to an IPVS connection"
4299-msgstr ""
4300-
4301-#. type: TP
4302-#: original/man8/iptables-extensions.8:642
4303-#, no-wrap
4304-msgid "Any of the following options implies --ipvs (even negated)"
4305-msgstr ""
4306-
4307-#. type: TP
4308-#: original/man8/iptables-extensions.8:644
4309-#, fuzzy, no-wrap
4310-#| msgid "B<-p, --protocol >[!] I<protocol>"
4311-msgid "[B<!>] B<--vproto> I<protocol>"
4312-msgstr "B<-p, --protocol >[!] I<protocol>"
4313-
4314-#. type: Plain text
4315-#: original/man8/iptables-extensions.8:647
4316-#, fuzzy
4317-#| msgid "Protocol to match (by number or name)"
4318-msgid "VIP protocol to match; by number or name, e.g. \"tcp\""
4319-msgstr "(名前または数値で) 指定されたプロトコルにマッチする。"
4320-
4321-#. type: TP
4322-#: original/man8/iptables-extensions.8:647
4323-#, fuzzy, no-wrap
4324-#| msgid "B<-s, --source >[!] I<address>[/I<mask>]"
4325-msgid "[B<!>] B<--vaddr> I<address>[B</>I<mask>]"
4326-msgstr "B<-s, --source >[!] I<address>[/I<mask>]"
4327-
4328-#. type: Plain text
4329-#: original/man8/iptables-extensions.8:650
4330-msgid "VIP address to match"
4331-msgstr ""
4332-
4333-#. type: TP
4334-#: original/man8/iptables-extensions.8:650
4335-#, fuzzy, no-wrap
4336-#| msgid "B<--ctproto >I<proto>"
4337-msgid "[B<!>] B<--vport> I<port>"
4338-msgstr "B<--ctproto >I<proto>"
4339-
4340-#. type: Plain text
4341-#: original/man8/iptables-extensions.8:653
4342-#, fuzzy
4343-#| msgid "Protocol to match (by number or name)"
4344-msgid "VIP port to match; by number or name, e.g. \"http\""
4345-msgstr "(名前または数値で) 指定されたプロトコルにマッチする。"
4346-
4347-#. type: TP
4348-#: original/man8/iptables-extensions.8:653
4349-#, no-wrap
4350-msgid "B<--vdir> {B<ORIGINAL>|B<REPLY>}"
4351-msgstr ""
4352-
4353-#. type: Plain text
4354-#: original/man8/iptables-extensions.8:656
4355-msgid "flow direction of packet"
4356-msgstr ""
4357-
4358-#. type: TP
4359-#: original/man8/iptables-extensions.8:656
4360-#, no-wrap
4361-msgid "[B<!>] B<--vmethod> {B<GATE>|B<IPIP>|B<MASQ>}"
4362-msgstr ""
4363-
4364-#. type: Plain text
4365-#: original/man8/iptables-extensions.8:659
4366-msgid "IPVS forwarding method used"
4367-msgstr ""
4368-
4369-#. type: TP
4370-#: original/man8/iptables-extensions.8:659
4371-#, no-wrap
4372-msgid "[B<!>] B<--vportctl> I<port>"
4373-msgstr ""
4374-
4375-#. type: Plain text
4376-#: original/man8/iptables-extensions.8:662
4377-msgid "VIP port of the controlling connection to match, e.g. 21 for FTP"
4378-msgstr ""
4379-
4380-#. type: SS
4381-#: original/man8/iptables-extensions.8:662
4382-#, no-wrap
4383-msgid "length"
4384-msgstr "length"
4385-
4386-#. type: Plain text
4387-#: original/man8/iptables-extensions.8:666
4388-#, fuzzy
4389-#| msgid ""
4390-#| "This module matches the length of a packet against a specific value or "
4391-#| "range of values."
4392-msgid ""
4393-"This module matches the length of the layer-3 payload (e.g. layer-4 packet) "
4394-"of a packet against a specific value or range of values."
4395-msgstr "このモジュールは、指定されたパケット長、またはその範囲にマッチする。"
4396-
4397-#. type: TP
4398-#: original/man8/iptables-extensions.8:666
4399-#, fuzzy, no-wrap
4400-#| msgid "B<--length >I<length>[:I<length>]"
4401-msgid "[B<!>] B<--length> I<length>[B<:>I<length>]"
4402-msgstr "B<--length >I<length>[:I<length>]"
4403-
4404-#. type: SS
4405-#: original/man8/iptables-extensions.8:668
4406-#, no-wrap
4407-msgid "limit"
4408-msgstr "limit"
4409-
4410-#. type: Plain text
4411-#: original/man8/iptables-extensions.8:674
4412-#, fuzzy
4413-#| msgid ""
4414-#| "This module matches at a limited rate using a token bucket filter. A "
4415-#| "rule using this extension will match until this limit is reached (unless "
4416-#| "the `!' flag is used). It can be used in combination with the B<LOG> "
4417-#| "target to give limited logging, for example."
4418-msgid ""
4419-"This module matches at a limited rate using a token bucket filter. A rule "
4420-"using this extension will match until this limit is reached. It can be used "
4421-"in combination with the B<LOG> target to give limited logging, for example."
4422-msgstr ""
4423-"このモジュールは、トークンバケツフィルタを使い、 単位時間あたり制限され\n"
4424-"た回数だけマッチする。 この拡張を使ったルールは、(`!' フラグが指定され\n"
4425-"ない限り) 制限に達するまでマッチする。 例えば、このモジュールはログ記録\n"
4426-"を制限するために B<LOG> ターゲットと組み合わせて使うことができる。"
4427-
4428-#. type: Plain text
4429-#: original/man8/iptables-extensions.8:677
4430-msgid ""
4431-"xt_limit has no negation support - you will have to use -m hashlimit ! --"
4432-"hashlimit I<rate> in this case whilst omitting --hashlimit-mode."
4433-msgstr ""
4434-
4435-#. type: TP
4436-#: original/man8/iptables-extensions.8:677
4437-#, no-wrap
4438-msgid "B<--limit> I<rate>[B</second>|B</minute>|B</hour>|B</day>]"
4439-msgstr ""
4440-
4441-#. type: Plain text
4442-#: original/man8/iptables-extensions.8:682
4443-msgid ""
4444-"Maximum average matching rate: specified as a number, with an optional `/"
4445-"second', `/minute', `/hour', or `/day' suffix; the default is 3/hour."
4446-msgstr ""
4447-"単位時間あたりの平均マッチ回数の最大値。 数値で指定され、添字 `/second', `/"
4448-"minute', `/hour', `/day' を付けることもできる。 デフォルトは 3/hour である。"
4449-
4450-#. type: TP
4451-#: original/man8/iptables-extensions.8:682
4452-#, fuzzy, no-wrap
4453-#| msgid "B<--limit-burst >I<number>"
4454-msgid "B<--limit-burst> I<number>"
4455-msgstr "B<--limit-burst >I<number>"
4456-
4457-#. type: Plain text
4458-#: original/man8/iptables-extensions.8:687
4459-msgid ""
4460-"Maximum initial number of packets to match: this number gets recharged by "
4461-"one every time the limit specified above is not reached, up to this number; "
4462-"the default is 5."
4463-msgstr ""
4464-"パケットがマッチする回数の最大初期値: 上のオプションで指定した制限に\n"
4465-"達しなければ、 その度ごとに、この数値になるまで 1 個ずつ増やされる。\n"
4466-"デフォルトは 5 である。"
4467-
4468-#. type: SS
4469-#: original/man8/iptables-extensions.8:687
4470-#, no-wrap
4471-msgid "mac"
4472-msgstr "mac"
4473-
4474-#. type: TP
4475-#: original/man8/iptables-extensions.8:688
4476-#, fuzzy, no-wrap
4477-#| msgid "B<--mac-source >[!] I<address>"
4478-msgid "[B<!>] B<--mac-source> I<address>"
4479-msgstr "B<--mac-source >[!] I<address>"
4480-
4481-#. type: Plain text
4482-#: original/man8/iptables-extensions.8:698
4483-msgid ""
4484-"Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note "
4485-"that this only makes sense for packets coming from an Ethernet device and "
4486-"entering the B<PREROUTING>, B<FORWARD> or B<INPUT> chains."
4487-msgstr ""
4488-"送信元 MAC アドレスにマッチする。 I<address> は XX:XX:XX:XX:XX:XX と\n"
4489-"いう形式でなければならない。イーサーネットデバイスから入ってくるパケッ\n"
4490-"トで、 B<PREROUTING>, B<FORWARD>, B<INPUT> チェインに入るパケットにしか\n"
4491-"意味がない。"
4492-
4493-#. type: SS
4494-#: original/man8/iptables-extensions.8:698
4495-#, no-wrap
4496-msgid "mark"
4497-msgstr "mark"
4498-
4499-#. type: Plain text
4500-#: original/man8/iptables-extensions.8:703
4501-msgid ""
4502-"This module matches the netfilter mark field associated with a packet (which "
4503-"can be set using the B<MARK> target below)."
4504-msgstr ""
4505-"このモジュールはパケットに関連づけられた netfilter の mark フィールドにマッチ"
4506-"する (このフィールドは、以下の B<MARK> ターゲットで設定される)。"
4507-
4508-#. type: Plain text
4509-#: original/man8/iptables-extensions.8:708
4510-#, fuzzy
4511-#| msgid ""
4512-#| "Matches packets with the given unsigned mark value (if a mask is "
4513-#| "specified, this is logically ANDed with the mask before the comparison)."
4514-msgid ""
4515-"Matches packets with the given unsigned mark value (if a I<mask> is "
4516-"specified, this is logically ANDed with the I<mask> before the comparison)."
4517-msgstr ""
4518-"指定された符号なし mark 値のパケットにマッチする (mask が指定されると、比較の"
4519-"前に mask との論理積 (AND) がとられる)。"
4520-
4521-#. type: SS
4522-#: original/man8/iptables-extensions.8:708
4523-#, no-wrap
4524-msgid "mh (IPv6-specific)"
4525-msgstr ""
4526-
4527-#. type: Plain text
4528-#: original/man8/iptables-extensions.8:711
4529-#, fuzzy
4530-#| msgid ""
4531-#| "This extension is loaded if `--protocol ipv6-icmp' or `--protocol icmpv6' "
4532-#| "is specified. It provides the following option:"
4533-msgid ""
4534-"This extension is loaded if `--protocol ipv6-mh' or `--protocol mh' is "
4535-"specified. It provides the following option:"
4536-msgstr ""
4537-"これらの拡張は `--protocol ipv6-icmp' または `--protocol icmpv6' が指定された"
4538-"場合にロードされ、 以下のオプションが提供される:"
4539-
4540-#. type: TP
4541-#: original/man8/iptables-extensions.8:711
4542-#, no-wrap
4543-msgid "[B<!>] B<--mh-type> I<type>[B<:>I<type>]"
4544-msgstr ""
4545-
4546-#. type: Plain text
4547-#: original/man8/iptables-extensions.8:718
4548-#, fuzzy
4549-#| msgid ""
4550-#| "This allows specification of the ICMP type, which can be a numeric ICMP "
4551-#| "type, or one of the ICMP type names shown by the command"
4552-msgid ""
4553-"This allows specification of the Mobility Header(MH) type, which can be a "
4554-"numeric MH I<type>, I<type> or one of the MH type names shown by the command"
4555-msgstr ""
4556-"ICMP タイプを指定できる。タイプ指定には、 数値の ICMP タイプ、または以下のコ"
4557-"マンド で表示される ICMP タイプ名を指定できる。"
4558-
4559-#. type: Plain text
4560-#: original/man8/iptables-extensions.8:720
4561-#, fuzzy, no-wrap
4562-#| msgid " ip6tables -p ipv6-icmp -h\n"
4563-msgid " ip6tables -p ipv6-mh -h\n"
4564-msgstr " ip6tables -p ipv6-icmp -h\n"
4565-
4566-#. type: SS
4567-#: original/man8/iptables-extensions.8:721
4568-#, no-wrap
4569-msgid "multiport"
4570-msgstr "multiport"
4571-
4572-#. type: Plain text
4573-#: original/man8/iptables-extensions.8:728
4574-#, fuzzy
4575-#| msgid ""
4576-#| "This module matches a set of source or destination ports. Up to 15 ports "
4577-#| "can be specified. It can only be used in conjunction with B<-p tcp> or "
4578-#| "B<-p udp>."
4579-msgid ""
4580-"This module matches a set of source or destination ports. Up to 15 ports "
4581-"can be specified. A port range (port:port) counts as two ports. It can "
4582-"only be used in conjunction with B<-p tcp> or B<-p udp>."
4583-msgstr ""
4584-"このモジュールは送信元や送信先のポートの集合にマッチする。 ポートは 15 個まで"
4585-"指定できる。 このモジュールは B<-p tcp> または B<-p udp> と組み合わせて使うこ"
4586-"としかできない。"
4587-
4588-#. type: TP
4589-#: original/man8/iptables-extensions.8:728
4590-#, fuzzy, no-wrap
4591-#| msgid "B<--source-ports >I<port>[,I<port>[,I<port>...]]"
4592-msgid "[B<!>] B<--source-ports>,B<--sports> I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..."
4593-msgstr "B<--source-ports >I<port>[,I<port>[,I<port>...]]"
4594-
4595-#. type: Plain text
4596-#: original/man8/iptables-extensions.8:736
4597-msgid ""
4598-"Match if the source port is one of the given ports. The flag B<--sports> is "
4599-"a convenient alias for this option. Multiple ports or port ranges are "
4600-"separated using a comma, and a port range is specified using a colon. "
4601-"B<53,1024:65535> would therefore match ports 53 and all from 1024 through "
4602-"65535."
4603-msgstr ""
4604-
4605-#. type: TP
4606-#: original/man8/iptables-extensions.8:736
4607-#, fuzzy, no-wrap
4608-#| msgid "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
4609-msgid "[B<!>] B<--destination-ports>,B<--dports> I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..."
4610-msgstr "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
4611-
4612-#. type: Plain text
4613-#: original/man8/iptables-extensions.8:741
4614-msgid ""
4615-"Match if the destination port is one of the given ports. The flag B<--"
4616-"dports> is a convenient alias for this option."
4617-msgstr ""
4618-"宛先ポートが指定されたポートのうちのいずれかであればマッチする。\n"
4619-"フラグ B<--dports> は、このオプションの便利な別名である。"
4620-
4621-#. type: TP
4622-#: original/man8/iptables-extensions.8:741
4623-#, fuzzy, no-wrap
4624-#| msgid "B<--ports >I<port>[,I<port>[,I<port>...]]"
4625-msgid "[B<!>] B<--ports> I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..."
4626-msgstr "B<--ports >I<port>[,I<port>[,I<port>...]]"
4627-
4628-#. type: Plain text
4629-#: original/man8/iptables-extensions.8:745
4630-#, fuzzy
4631-#| msgid ""
4632-#| "Match if the both the source and destination ports are equal to each "
4633-#| "other and to one of the given ports."
4634-msgid ""
4635-"Match if either the source or destination ports are equal to one of the "
4636-"given ports."
4637-msgstr ""
4638-"送信元ポートと宛先ポートが等しく、 かつそのポートが指定されたポートの\n"
4639-"うちのいずれかであればマッチする。"
4640-
4641-#. type: SS
4642-#: original/man8/iptables-extensions.8:745
4643-#, no-wrap
4644-msgid "nfacct"
4645-msgstr ""
4646-
4647-#. type: Plain text
4648-#: original/man8/iptables-extensions.8:749
4649-msgid ""
4650-"The nfacct match provides the extended accounting infrastructure for "
4651-"iptables. You have to use this match together with the standalone user-"
4652-"space utility B<nfacct(8)>"
4653-msgstr ""
4654-
4655-#. type: Plain text
4656-#: original/man8/iptables-extensions.8:751
4657-msgid "The only option available for this match is the following:"
4658-msgstr ""
4659-
4660-#. type: TP
4661-#: original/man8/iptables-extensions.8:751
4662-#, fuzzy, no-wrap
4663-#| msgid "B<--cmd-owner >I<name>"
4664-msgid "B<--nfacct-name> I<name>"
4665-msgstr "B<--cmd-owner >I<name>"
4666-
4667-#. type: Plain text
4668-#: original/man8/iptables-extensions.8:755
4669-msgid ""
4670-"This allows you to specify the existing object name that will be use for "
4671-"accounting the traffic that this rule-set is matching."
4672-msgstr ""
4673-
4674-#. type: Plain text
4675-#: original/man8/iptables-extensions.8:757
4676-msgid "To use this extension, you have to create an accounting object:"
4677-msgstr ""
4678-
4679-#. type: Plain text
4680-#: original/man8/iptables-extensions.8:759
4681-msgid "nfacct add http-traffic"
4682-msgstr ""
4683-
4684-#. type: Plain text
4685-#: original/man8/iptables-extensions.8:761
4686-msgid "Then, you have to attach it to the accounting object via iptables:"
4687-msgstr ""
4688-
4689-#. type: Plain text
4690-#: original/man8/iptables-extensions.8:763
4691-msgid ""
4692-"iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic"
4693-msgstr ""
4694-
4695-#. type: Plain text
4696-#: original/man8/iptables-extensions.8:765
4697-msgid ""
4698-"iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic"
4699-msgstr ""
4700-
4701-#. type: Plain text
4702-#: original/man8/iptables-extensions.8:767
4703-msgid "Then, you can check for the amount of traffic that the rules match:"
4704-msgstr ""
4705-
4706-#. type: Plain text
4707-#: original/man8/iptables-extensions.8:769
4708-msgid "nfacct get http-traffic"
4709-msgstr ""
4710-
4711-#. type: Plain text
4712-#: original/man8/iptables-extensions.8:771
4713-msgid ""
4714-"{ pkts = 00000000000000000156, bytes = 00000000000000151786 } = http-traffic;"
4715-msgstr ""
4716-
4717-#. type: Plain text
4718-#: original/man8/iptables-extensions.8:776
4719-msgid ""
4720-"You can obtain B<nfacct(8)> from http://www.netfilter.org or, alternatively, "
4721-"from the git.netfilter.org repository."
4722-msgstr ""
4723-
4724-#. type: SS
4725-#: original/man8/iptables-extensions.8:776
4726-#, fuzzy, no-wrap
4727-#| msgid "tos"
4728-msgid "osf"
4729-msgstr "tos"
4730-
4731-#. type: Plain text
4732-#: original/man8/iptables-extensions.8:780
4733-msgid ""
4734-"The osf module does passive operating system fingerprinting. This modules "
4735-"compares some data (Window Size, MSS, options and their order, TTL, DF, and "
4736-"others) from packets with the SYN bit set."
4737-msgstr ""
4738-
4739-#. type: TP
4740-#: original/man8/iptables-extensions.8:780
4741-#, fuzzy, no-wrap
4742-#| msgid "B<--helper >I<string>"
4743-msgid "[B<!>] B<--genre> I<string>"
4744-msgstr "B<--helper >I<string>"
4745-
4746-#. type: Plain text
4747-#: original/man8/iptables-extensions.8:783
4748-msgid "Match an operating system genre by using a passive fingerprinting."
4749-msgstr ""
4750-
4751-#. type: TP
4752-#: original/man8/iptables-extensions.8:783
4753-#, fuzzy, no-wrap
4754-#| msgid "B<--ttl >I<ttl>"
4755-msgid "B<--ttl> I<level>"
4756-msgstr "B<--ttl >I<ttl>"
4757-
4758-#. type: Plain text
4759-#: original/man8/iptables-extensions.8:787
4760-msgid ""
4761-"Do additional TTL checks on the packet to determine the operating system. "
4762-"I<level> can be one of the following values:"
4763-msgstr ""
4764-
4765-#. type: IP
4766-#: original/man8/iptables-extensions.8:787
4767-#: original/man8/iptables-extensions.8:790
4768-#: original/man8/iptables-extensions.8:793
4769-#: original/man8/iptables-extensions.8:799
4770-#: original/man8/iptables-extensions.8:801
4771-#: original/man8/iptables-extensions.8:803
4772-#: original/man8/iptables-extensions.8:959
4773-#: original/man8/iptables-extensions.8:961
4774-#: original/man8/iptables-extensions.8:964
4775-#: original/man8/iptables-extensions.8:966
4776-#: original/man8/iptables-extensions.8:969
4777-#: original/man8/iptables-extensions.8:971
4778-#: original/man8/iptables-extensions.8:974
4779-#: original/man8/iptables-extensions.8:977
4780-#, no-wrap
4781-msgid "\\(bu"
4782-msgstr ""
4783-
4784-#. type: Plain text
4785-#: original/man8/iptables-extensions.8:790
4786-msgid ""
4787-"0 - True IP address and fingerprint TTL comparison. This generally works for "
4788-"LANs."
4789-msgstr ""
4790-
4791-#. type: Plain text
4792-#: original/man8/iptables-extensions.8:793
4793-msgid ""
4794-"1 - Check if the IP header's TTL is less than the fingerprint one. Works for "
4795-"globally-routable addresses."
4796-msgstr ""
4797-
4798-#. type: Plain text
4799-#: original/man8/iptables-extensions.8:795
4800-msgid "2 - Do not compare the TTL at all."
4801-msgstr ""
4802-
4803-#. type: TP
4804-#: original/man8/iptables-extensions.8:795
4805-#, fuzzy, no-wrap
4806-#| msgid "B<--log-level >I<level>"
4807-msgid "B<--log> I<level>"
4808-msgstr "B<--log-level >I<level>"
4809-
4810-#. type: Plain text
4811-#: original/man8/iptables-extensions.8:799
4812-msgid ""
4813-"Log determined genres into dmesg even if they do not match the desired one. "
4814-"I<level> can be one of the following values:"
4815-msgstr ""
4816-
4817-#. type: Plain text
4818-#: original/man8/iptables-extensions.8:801
4819-msgid "0 - Log all matched or unknown signatures"
4820-msgstr ""
4821-
4822-#. type: Plain text
4823-#: original/man8/iptables-extensions.8:803
4824-msgid "1 - Log only the first one"
4825-msgstr ""
4826-
4827-#. type: Plain text
4828-#: original/man8/iptables-extensions.8:805
4829-msgid "2 - Log all known matched signatures"
4830-msgstr ""
4831-
4832-#. type: Plain text
4833-#: original/man8/iptables-extensions.8:807
4834-msgid "You may find something like this in syslog:"
4835-msgstr ""
4836-
4837-#. type: Plain text
4838-#: original/man8/iptables-extensions.8:810
4839-msgid ""
4840-"Windows [2000:SP3:Windows XP Pro SP1, 2000 SP3]: 11.22.33.55:4024 -E<gt> "
4841-"11.22.33.44:139 hops=3 Linux [2.5-2.6:] : 1.2.3.4:42624 -E<gt> 1.2.3.5:22 "
4842-"hops=4"
4843-msgstr ""
4844-
4845-#. type: Plain text
4846-#: original/man8/iptables-extensions.8:813
4847-msgid ""
4848-"OS fingerprints are loadable using the B<nfnl_osf> program. To load "
4849-"fingerprints from a file, use:"
4850-msgstr ""
4851-
4852-#. type: Plain text
4853-#: original/man8/iptables-extensions.8:815
4854-msgid "B<nfnl_osf -f /usr/share/xtables/pf.os>"
4855-msgstr ""
4856-
4857-#. type: Plain text
4858-#: original/man8/iptables-extensions.8:817
4859-msgid "To remove them again,"
4860-msgstr ""
4861-
4862-#. type: Plain text
4863-#: original/man8/iptables-extensions.8:819
4864-msgid "B<nfnl_osf -f /usr/share/xtables/pf.os -d>"
4865-msgstr ""
4866-
4867-#. type: Plain text
4868-#: original/man8/iptables-extensions.8:822
4869-msgid ""
4870-"The fingerprint database can be downlaoded from http://www.openbsd.org/cgi-"
4871-"bin/cvsweb/src/etc/pf.os ."
4872-msgstr ""
4873-
4874-#. type: SS
4875-#: original/man8/iptables-extensions.8:822
4876-#, no-wrap
4877-msgid "owner"
4878-msgstr "owner"
4879-
4880-#. type: Plain text
4881-#: original/man8/iptables-extensions.8:827
4882-#, fuzzy
4883-#| msgid ""
4884-#| "This module attempts to match various characteristics of the packet "
4885-#| "creator, for locally-generated packets. It is only valid in the "
4886-#| "B<OUTPUT> chain, and even this some packets (such as ICMP ping responses) "
4887-#| "may have no owner, and hence never match."
4888-msgid ""
4889-"This module attempts to match various characteristics of the packet creator, "
4890-"for locally generated packets. This match is only valid in the OUTPUT and "
4891-"POSTROUTING chains. Forwarded packets do not have any socket associated with "
4892-"them. Packets from kernel threads do have a socket, but usually no owner."
4893-msgstr ""
4894-"このモジュールは、ローカルで生成されたパケットに付いて、 パケット生成者のいろ"
4895-"いろな特性に対してマッチを行う。 これは B<OUTPUT> チェインのみでしか有効でな"
4896-"い。 また、(ICMP ping 応答のような) パケットは、 所有者がいないので絶対にマッ"
4897-"チしない。"
4898-
4899-#. type: TP
4900-#: original/man8/iptables-extensions.8:827
4901-#, fuzzy, no-wrap
4902-#| msgid "B<--uid-owner >I<userid>"
4903-msgid "[B<!>] B<--uid-owner> I<username>"
4904-msgstr "B<--uid-owner >I<userid>"
4905-
4906-#. type: TP
4907-#: original/man8/iptables-extensions.8:829
4908-#, fuzzy, no-wrap
4909-#| msgid "B<--uid-owner >I<userid>"
4910-msgid "[B<!>] B<--uid-owner> I<userid>[B<->I<userid>]"
4911-msgstr "B<--uid-owner >I<userid>"
4912-
4913-#. type: Plain text
4914-#: original/man8/iptables-extensions.8:833
4915-msgid ""
4916-"Matches if the packet socket's file structure (if it has one) is owned by "
4917-"the given user. You may also specify a numerical UID, or an UID range."
4918-msgstr ""
4919-
4920-#. type: TP
4921-#: original/man8/iptables-extensions.8:833
4922-#, fuzzy, no-wrap
4923-#| msgid "B<--gid-owner >I<groupid>"
4924-msgid "[B<!>] B<--gid-owner> I<groupname>"
4925-msgstr "B<--gid-owner >I<groupid>"
4926-
4927-#. type: TP
4928-#: original/man8/iptables-extensions.8:835
4929-#, fuzzy, no-wrap
4930-#| msgid "B<--gid-owner >I<groupid>"
4931-msgid "[B<!>] B<--gid-owner> I<groupid>[B<->I<groupid>]"
4932-msgstr "B<--gid-owner >I<groupid>"
4933-
4934-#. type: Plain text
4935-#: original/man8/iptables-extensions.8:839
4936-msgid ""
4937-"Matches if the packet socket's file structure is owned by the given group. "
4938-"You may also specify a numerical GID, or a GID range."
4939-msgstr ""
4940-
4941-#. type: TP
4942-#: original/man8/iptables-extensions.8:839
4943-#, no-wrap
4944-msgid "[B<!>] B<--socket-exists>"
4945-msgstr ""
4946-
4947-#. type: Plain text
4948-#: original/man8/iptables-extensions.8:842
4949-#, fuzzy
4950-#| msgid ""
4951-#| "Matches if the packet was created by a process with the given process id."
4952-msgid "Matches if the packet is associated with a socket."
4953-msgstr ""
4954-"指定されたプロセス ID のプロセスにより パケットが生成されている場合にマッチす"
4955-"る。"
4956-
4957-#. type: SS
4958-#: original/man8/iptables-extensions.8:842
4959-#, no-wrap
4960-msgid "physdev"
4961-msgstr "physdev"
4962-
4963-#. type: Plain text
4964-#: original/man8/iptables-extensions.8:847
4965-msgid ""
4966-"This module matches on the bridge port input and output devices enslaved to "
4967-"a bridge device. This module is a part of the infrastructure that enables a "
4968-"transparent bridging IP firewall and is only useful for kernel versions "
4969-"above version 2.5.44."
4970-msgstr ""
4971-"このモジュールは、ブリッジデバイスのスレーブにされた、 ブリッジポートの入出力"
4972-"デバイスにマッチする。 このモジュールは、ブリッジによる透過的な IP ファイア"
4973-"ウォールの基盤の一部であり、 カーネルバージョン 2.5.44 以降でのみ有効である。"
4974-
4975-#. type: TP
4976-#: original/man8/iptables-extensions.8:847
4977-#, fuzzy, no-wrap
4978-#| msgid "B<--physdev-in name>"
4979-msgid "[B<!>] B<--physdev-in> I<name>"
4980-msgstr "B<--physdev-in name>"
4981-
4982-#. type: Plain text
4983-#: original/man8/iptables-extensions.8:858
4984-msgid ""
4985-"Name of a bridge port via which a packet is received (only for packets "
4986-"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). If the "
4987-"interface name ends in a \"+\", then any interface which begins with this "
4988-"name will match. If the packet didn't arrive through a bridge device, this "
4989-"packet won't match this option, unless '!' is used."
4990-msgstr ""
4991-"パケットが受信されるブリッジのポート名 (B<INPUT>, B<FORWARD>, B<PREROUTING> "
4992-"チェインに入るパケットのみ)。 インターフェース名が \"+\" で終っている場合、 "
4993-"その名前で始まる任意のインターフェース名にマッチする。 ブリッジデバイスを通し"
4994-"て受け取られなかったパケットは、 \\&'!' が指定されていない限り、このオプショ"
4995-"ンにマッチしない。"
4996-
4997-#. type: TP
4998-#: original/man8/iptables-extensions.8:858
4999-#, fuzzy, no-wrap
5000-#| msgid "B<--physdev-out name>"
5001-msgid "[B<!>] B<--physdev-out> I<name>"
5002-msgstr "B<--physdev-out name>"
5003-
5004-#. type: Plain text
5005-#: original/man8/iptables-extensions.8:875
5006-#, fuzzy
5007-#| msgid ""
5008-#| "Name of a bridge port via which a packet is going to be sent (for packets "
5009-#| "entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). If the "
5010-#| "interface name ends in a \"+\", then any interface which begins with this "
5011-#| "name will match. Note that in the B<nat> and B<mangle> B<OUTPUT> chains "
5012-#| "one cannot match on the bridge output port, however one can in the "
5013-#| "B<filter OUTPUT> chain. If the packet won't leave by a bridge device or "
5014-#| "it is yet unknown what the output device will be, then the packet won't "
5015-#| "match this option, unless '!' is used."
5016-msgid ""
5017-"Name of a bridge port via which a packet is going to be sent (for packets "
5018-"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). If the "
5019-"interface name ends in a \"+\", then any interface which begins with this "
5020-"name will match. Note that in the B<nat> and B<mangle> B<OUTPUT> chains one "
5021-"cannot match on the bridge output port, however one can in the B<filter "
5022-"OUTPUT> chain. If the packet won't leave by a bridge device or if it is yet "
5023-"unknown what the output device will be, then the packet won't match this "
5024-"option, unless '!' is used."
5025-msgstr ""
5026-"パケットを送信することになるブリッジのポート名 (B<FORWARD>, B<OUTPUT>, "
5027-"B<POSTROUTING> チェインに入るパケットのみ)。 インターフェース名が \"+\" で"
5028-"終っている場合、 その名前で始まる任意のインターフェース名にマッチする。 "
5029-"B<nat> と B<mangle> テーブルの B<OUTPUT> チェインではブリッジの出力ポートに"
5030-"マッチさせることができないが、 B<filter> テーブルの B<OUPUT> チェインではマッ"
5031-"チ可能である。 パケットがブリッジデバイスから送られなかった場合、 またはパ"
5032-"ケットの出力デバイスが不明であった場合は、 \\&'!' が指定されていない限り、パ"
5033-"ケットはこのオプションにマッチしない。"
5034-
5035-#. type: TP
5036-#: original/man8/iptables-extensions.8:875
5037-#, fuzzy, no-wrap
5038-#| msgid "B<--physdev-is-in>"
5039-msgid "[B<!>] B<--physdev-is-in>"
5040-msgstr "B<--physdev-is-in>"
5041-
5042-#. type: Plain text
5043-#: original/man8/iptables-extensions.8:878
5044-msgid "Matches if the packet has entered through a bridge interface."
5045-msgstr "パケットがブリッジインターフェースに入った場合にマッチする。"
5046-
5047-#. type: TP
5048-#: original/man8/iptables-extensions.8:878
5049-#, fuzzy, no-wrap
5050-#| msgid "B<--physdev-is-out>"
5051-msgid "[B<!>] B<--physdev-is-out>"
5052-msgstr "B<--physdev-is-out>"
5053-
5054-#. type: Plain text
5055-#: original/man8/iptables-extensions.8:881
5056-msgid "Matches if the packet will leave through a bridge interface."
5057-msgstr "パケットがブリッジインターフェースから出ようとした場合にマッチする。"
5058-
5059-#. type: TP
5060-#: original/man8/iptables-extensions.8:881
5061-#, fuzzy, no-wrap
5062-#| msgid "B<--physdev-is-bridged>"
5063-msgid "[B<!>] B<--physdev-is-bridged>"
5064-msgstr "B<--physdev-is-bridged>"
5065-
5066-#. type: Plain text
5067-#: original/man8/iptables-extensions.8:885
5068-msgid ""
5069-"Matches if the packet is being bridged and therefore is not being routed. "
5070-"This is only useful in the FORWARD and POSTROUTING chains."
5071-msgstr ""
5072-"パケットがブリッジされることにより、 ルーティングされなかった場合にマッチす"
5073-"る。 これは FORWARD, POSTROUTING チェインにおいてのみ役立つ。"
5074-
5075-#. type: SS
5076-#: original/man8/iptables-extensions.8:885
5077-#, no-wrap
5078-msgid "pkttype"
5079-msgstr "pkttype"
5080-
5081-#. type: Plain text
5082-#: original/man8/iptables-extensions.8:887
5083-msgid "This module matches the link-layer packet type."
5084-msgstr "このモジュールは、リンク層のパケットタイプにマッチする。"
5085-
5086-#. type: TP
5087-#: original/man8/iptables-extensions.8:887
5088-#, fuzzy, no-wrap
5089-#| msgid "B<--pkt-type >I<[unicast|broadcast|multicast]>"
5090-msgid "[B<!>] B<--pkt-type> {B<unicast>|B<broadcast>|B<multicast>}"
5091-msgstr "B<--pkt-type >I<[unicast|broadcast|multicast]>"
5092-
5093-#. type: SS
5094-#: original/man8/iptables-extensions.8:889
5095-#, no-wrap
5096-msgid "policy"
5097-msgstr ""
5098-
5099-#. type: Plain text
5100-#: original/man8/iptables-extensions.8:891
5101-#, fuzzy
5102-#| msgid "This module matches the SPIs in AH header of IPSec packets."
5103-msgid "This modules matches the policy used by IPsec for handling a packet."
5104-msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。"
5105-
5106-#. type: TP
5107-#: original/man8/iptables-extensions.8:891
5108-#, no-wrap
5109-msgid "B<--dir> {B<in>|B<out>}"
5110-msgstr ""
5111-
5112-#. type: Plain text
5113-#: original/man8/iptables-extensions.8:903
5114-msgid ""
5115-"Used to select whether to match the policy used for decapsulation or the "
5116-"policy that will be used for encapsulation. B<in> is valid in the "
5117-"B<PREROUTING, INPUT and FORWARD> chains, B<out> is valid in the "
5118-"B<POSTROUTING, OUTPUT and FORWARD> chains."
5119-msgstr ""
5120-
5121-#. type: TP
5122-#: original/man8/iptables-extensions.8:903
5123-#, no-wrap
5124-msgid "B<--pol> {B<none>|B<ipsec>}"
5125-msgstr ""
5126-
5127-#. type: Plain text
5128-#: original/man8/iptables-extensions.8:907
5129-msgid ""
5130-"Matches if the packet is subject to IPsec processing. B<--pol none> cannot "
5131-"be combined with B<--strict>."
5132-msgstr ""
5133-
5134-#. type: TP
5135-#: original/man8/iptables-extensions.8:907
5136-#, no-wrap
5137-msgid "B<--strict>"
5138-msgstr ""
5139-
5140-#. type: Plain text
5141-#: original/man8/iptables-extensions.8:911
5142-msgid ""
5143-"Selects whether to match the exact policy or match if any rule of the policy "
5144-"matches the given policy."
5145-msgstr ""
5146-
5147-#. type: Plain text
5148-#: original/man8/iptables-extensions.8:915
5149-msgid ""
5150-"For each policy element that is to be described, one can use one or more of "
5151-"the following options. When B<--strict> is in effect, at least one must be "
5152-"used per element."
5153-msgstr ""
5154-
5155-#. type: TP
5156-#: original/man8/iptables-extensions.8:915
5157-#, no-wrap
5158-msgid "[B<!>] B<--reqid> I<id>"
5159-msgstr ""
5160-
5161-#. type: Plain text
5162-#: original/man8/iptables-extensions.8:922
5163-msgid ""
5164-"Matches the reqid of the policy rule. The reqid can be specified with "
5165-"B<setkey(8)> using B<unique:id> as level."
5166-msgstr ""
5167-
5168-#. type: TP
5169-#: original/man8/iptables-extensions.8:922
5170-#, fuzzy, no-wrap
5171-#| msgid "B<--ahspi >[!] I<spi>[:I<spi>]"
5172-msgid "[B<!>] B<--spi> I<spi>"
5173-msgstr "B<--ahspi >[!] I<spi>[:I<spi>]"
5174-
5175-#. type: Plain text
5176-#: original/man8/iptables-extensions.8:925
5177-msgid "Matches the SPI of the SA."
5178-msgstr ""
5179-
5180-#. type: TP
5181-#: original/man8/iptables-extensions.8:925
5182-#, no-wrap
5183-msgid "[B<!>] B<--proto> {B<ah>|B<esp>|B<ipcomp>}"
5184-msgstr ""
5185-
5186-#. type: Plain text
5187-#: original/man8/iptables-extensions.8:928
5188-msgid "Matches the encapsulation protocol."
5189-msgstr ""
5190-
5191-#. type: TP
5192-#: original/man8/iptables-extensions.8:928
5193-#, no-wrap
5194-msgid "[B<!>] B<--mode> {B<tunnel>|B<transport>}"
5195-msgstr ""
5196-
5197-#. type: Plain text
5198-#: original/man8/iptables-extensions.8:931
5199-#, fuzzy
5200-#| msgid "Matches the given TTL value."
5201-msgid "Matches the encapsulation mode."
5202-msgstr "指定された TTL 値にマッチする。"
5203-
5204-#. type: TP
5205-#: original/man8/iptables-extensions.8:931
5206-#, fuzzy, no-wrap
5207-#| msgid "B<-s, --source >[!] I<address>[/I<mask>]"
5208-msgid "[B<!>] B<--tunnel-src> I<addr>[B</>I<mask>]"
5209-msgstr "B<-s, --source >[!] I<address>[/I<mask>]"
5210-
5211-#. type: Plain text
5212-#: original/man8/iptables-extensions.8:935
5213-msgid ""
5214-"Matches the source end-point address of a tunnel mode SA. Only valid with "
5215-"B<--mode tunnel>."
5216-msgstr ""
5217-
5218-#. type: TP
5219-#: original/man8/iptables-extensions.8:935
5220-#, fuzzy, no-wrap
5221-#| msgid "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
5222-msgid "[B<!>] B<--tunnel-dst> I<addr>[B</>I<mask>]"
5223-msgstr "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
5224-
5225-#. type: Plain text
5226-#: original/man8/iptables-extensions.8:939
5227-msgid ""
5228-"Matches the destination end-point address of a tunnel mode SA. Only valid "
5229-"with B<--mode tunnel>."
5230-msgstr ""
5231-
5232-#. type: TP
5233-#: original/man8/iptables-extensions.8:939
5234-#, no-wrap
5235-msgid "B<--next>"
5236-msgstr ""
5237-
5238-#. type: Plain text
5239-#: original/man8/iptables-extensions.8:943
5240-msgid ""
5241-"Start the next element in the policy specification. Can only be used with "
5242-"B<--strict>."
5243-msgstr ""
5244-
5245-#. type: SS
5246-#: original/man8/iptables-extensions.8:943
5247-#, no-wrap
5248-msgid "quota"
5249-msgstr ""
5250-
5251-#. type: Plain text
5252-#: original/man8/iptables-extensions.8:948
5253-msgid ""
5254-"Implements network quotas by decrementing a byte counter with each packet. "
5255-"The condition matches until the byte counter reaches zero. Behavior is "
5256-"reversed with negation (i.e. the condition does not match until the byte "
5257-"counter reaches zero)."
5258-msgstr ""
5259-
5260-#. type: TP
5261-#: original/man8/iptables-extensions.8:948
5262-#, fuzzy, no-wrap
5263-#| msgid "B<-t>, B<--table> B<tablename>"
5264-msgid "[B<!>] B<--quota> I<bytes>"
5265-msgstr "B<-t>, B<--table> B<tablename>"
5266-
5267-#. type: Plain text
5268-#: original/man8/iptables-extensions.8:951
5269-msgid "The quota in bytes."
5270-msgstr ""
5271-
5272-#. type: SS
5273-#: original/man8/iptables-extensions.8:951
5274-#, no-wrap
5275-msgid "rateest"
5276-msgstr ""
5277-
5278-#. type: Plain text
5279-#: original/man8/iptables-extensions.8:955
5280-msgid ""
5281-"The rate estimator can match on estimated rates as collected by the RATEEST "
5282-"target. It supports matching on absolute bps/pps values, comparing two rate "
5283-"estimators and matching on the difference between two rate estimators."
5284-msgstr ""
5285-
5286-#. * Absolute:
5287-#. type: Plain text
5288-#: original/man8/iptables-extensions.8:959
5289-msgid ""
5290-"For a better understanding of the available options, these are all possible "
5291-"combinations:"
5292-msgstr ""
5293-
5294-#. type: Plain text
5295-#: original/man8/iptables-extensions.8:961
5296-msgid "B<rateest> I<operator> B<rateest-bps>"
5297-msgstr ""
5298-
5299-#. * Absolute + Delta:
5300-#. type: Plain text
5301-#: original/man8/iptables-extensions.8:964
5302-msgid "B<rateest> I<operator> B<rateest-pps>"
5303-msgstr ""
5304-
5305-#. type: Plain text
5306-#: original/man8/iptables-extensions.8:966
5307-msgid "(B<rateest> minus B<rateest-bps1>) I<operator> B<rateest-bps2>"
5308-msgstr ""
5309-
5310-#. * Relative:
5311-#. type: Plain text
5312-#: original/man8/iptables-extensions.8:969
5313-msgid "(B<rateest> minus B<rateest-pps1>) I<operator> B<rateest-pps2>"
5314-msgstr ""
5315-
5316-#. type: Plain text
5317-#: original/man8/iptables-extensions.8:971
5318-msgid "B<rateest1> I<operator> B<rateest2> B<rateest-bps>(without rate!)"
5319-msgstr ""
5320-
5321-#. * Relative + Delta:
5322-#. type: Plain text
5323-#: original/man8/iptables-extensions.8:974
5324-msgid "B<rateest1> I<operator> B<rateest2> B<rateest-pps>(without rate!)"
5325-msgstr ""
5326-
5327-#. type: Plain text
5328-#: original/man8/iptables-extensions.8:977
5329-msgid ""
5330-"(B<rateest1> minus B<rateest-bps1>) I<operator> (B<rateest2> minus B<rateest-"
5331-"bps2>)"
5332-msgstr ""
5333-
5334-#. type: Plain text
5335-#: original/man8/iptables-extensions.8:980
5336-msgid ""
5337-"(B<rateest1> minus B<rateest-pps1>) I<operator> (B<rateest2> minus B<rateest-"
5338-"pps2>)"
5339-msgstr ""
5340-
5341-#. type: TP
5342-#: original/man8/iptables-extensions.8:980
5343-#, no-wrap
5344-msgid "B<--rateest-delta>"
5345-msgstr ""
5346-
5347-#. type: Plain text
5348-#: original/man8/iptables-extensions.8:987
5349-msgid ""
5350-"For each estimator (either absolute or relative mode), calculate the "
5351-"difference between the estimator-determined flow rate and the static value "
5352-"chosen with the BPS/PPS options. If the flow rate is higher than the "
5353-"specified BPS/PPS, 0 will be used instead of a negative value. In other "
5354-"words, \"max(0, rateest#_rate - rateest#_bps)\" is used."
5355-msgstr ""
5356-
5357-#. type: TP
5358-#: original/man8/iptables-extensions.8:987
5359-#, no-wrap
5360-msgid "[B<!>] B<--rateest-lt>"
5361-msgstr ""
5362-
5363-#. type: Plain text
5364-#: original/man8/iptables-extensions.8:990
5365-msgid "Match if rate is less than given rate/estimator."
5366-msgstr ""
5367-
5368-#. type: TP
5369-#: original/man8/iptables-extensions.8:990
5370-#, no-wrap
5371-msgid "[B<!>] B<--rateest-gt>"
5372-msgstr ""
5373-
5374-#. type: Plain text
5375-#: original/man8/iptables-extensions.8:993
5376-msgid "Match if rate is greater than given rate/estimator."
5377-msgstr ""
5378-
5379-#. type: TP
5380-#: original/man8/iptables-extensions.8:993
5381-#, no-wrap
5382-msgid "[B<!>] B<--rateest-eq>"
5383-msgstr ""
5384-
5385-#. type: Plain text
5386-#: original/man8/iptables-extensions.8:996
5387-msgid "Match if rate is equal to given rate/estimator."
5388-msgstr ""
5389-
5390-#. type: Plain text
5391-#: original/man8/iptables-extensions.8:1000
5392-msgid ""
5393-"In the so-called \"absolute mode\", only one rate estimator is used and "
5394-"compared against a static value, while in \"relative mode\", two rate "
5395-"estimators are compared against another."
5396-msgstr ""
5397-
5398-#. type: TP
5399-#: original/man8/iptables-extensions.8:1000
5400-#, fuzzy, no-wrap
5401-#| msgid "B<-t>, B<--table> B<tablename>"
5402-msgid "B<--rateest> I<name>"
5403-msgstr "B<-t>, B<--table> B<tablename>"
5404-
5405-#. type: Plain text
5406-#: original/man8/iptables-extensions.8:1003
5407-msgid "Name of the one rate estimator for absolute mode."
5408-msgstr ""
5409-
5410-#. type: TP
5411-#: original/man8/iptables-extensions.8:1003
5412-#, fuzzy, no-wrap
5413-#| msgid "B<-t>, B<--table> B<tablename>"
5414-msgid "B<--rateest1> I<name>"
5415-msgstr "B<-t>, B<--table> B<tablename>"
5416-
5417-#. type: TP
5418-#: original/man8/iptables-extensions.8:1005
5419-#, fuzzy, no-wrap
5420-#| msgid "B<-t>, B<--table> B<tablename>"
5421-msgid "B<--rateest2> I<name>"
5422-msgstr "B<-t>, B<--table> B<tablename>"
5423-
5424-#. type: Plain text
5425-#: original/man8/iptables-extensions.8:1008
5426-msgid "The names of the two rate estimators for relative mode."
5427-msgstr ""
5428-
5429-#. type: TP
5430-#: original/man8/iptables-extensions.8:1008
5431-#, fuzzy, no-wrap
5432-#| msgid "B<--set-mss >I<value>"
5433-msgid "B<--rateest-bps> [I<value>]"
5434-msgstr "B<--set-mss >I<value>"
5435-
5436-#. type: TP
5437-#: original/man8/iptables-extensions.8:1010
5438-#, fuzzy, no-wrap
5439-#| msgid "B<--set-mss >I<value>"
5440-msgid "B<--rateest-pps> [I<value>]"
5441-msgstr "B<--set-mss >I<value>"
5442-
5443-#. type: TP
5444-#: original/man8/iptables-extensions.8:1012
5445-#, fuzzy, no-wrap
5446-#| msgid "B<--set-mss >I<value>"
5447-msgid "B<--rateest-bps1> [I<value>]"
5448-msgstr "B<--set-mss >I<value>"
5449-
5450-#. type: TP
5451-#: original/man8/iptables-extensions.8:1014
5452-#, fuzzy, no-wrap
5453-#| msgid "B<--set-mss >I<value>"
5454-msgid "B<--rateest-bps2> [I<value>]"
5455-msgstr "B<--set-mss >I<value>"
5456-
5457-#. type: TP
5458-#: original/man8/iptables-extensions.8:1016
5459-#, fuzzy, no-wrap
5460-#| msgid "B<--set-mss >I<value>"
5461-msgid "B<--rateest-pps1> [I<value>]"
5462-msgstr "B<--set-mss >I<value>"
5463-
5464-#. type: TP
5465-#: original/man8/iptables-extensions.8:1018
5466-#, fuzzy, no-wrap
5467-#| msgid "B<--set-mss >I<value>"
5468-msgid "B<--rateest-pps2> [I<value>]"
5469-msgstr "B<--set-mss >I<value>"
5470-
5471-#. type: Plain text
5472-#: original/man8/iptables-extensions.8:1024
5473-msgid ""
5474-"Compare the estimator(s) by bytes or packets per second, and compare against "
5475-"the chosen value. See the above bullet list for which option is to be used "
5476-"in which case. A unit suffix may be used - available ones are: bit, [kmgt]"
5477-"bit, [KMGT]ibit, Bps, [KMGT]Bps, [KMGT]iBps."
5478-msgstr ""
5479-
5480-#. type: Plain text
5481-#: original/man8/iptables-extensions.8:1028
5482-msgid ""
5483-"Example: This is what can be used to route outgoing data connections from an "
5484-"FTP server over two lines based on the available bandwidth at the time the "
5485-"data connection was started:"
5486-msgstr ""
5487-
5488-#. type: Plain text
5489-#: original/man8/iptables-extensions.8:1030
5490-msgid "# Estimate outgoing rates"
5491-msgstr ""
5492-
5493-#. type: Plain text
5494-#: original/man8/iptables-extensions.8:1033
5495-msgid ""
5496-"iptables -t mangle -A POSTROUTING -o eth0 -j RATEEST --rateest-name eth0 --"
5497-"rateest-interval 250ms --rateest-ewma 0.5s"
5498-msgstr ""
5499-
5500-#. type: Plain text
5501-#: original/man8/iptables-extensions.8:1036
5502-msgid ""
5503-"iptables -t mangle -A POSTROUTING -o ppp0 -j RATEEST --rateest-name ppp0 --"
5504-"rateest-interval 250ms --rateest-ewma 0.5s"
5505-msgstr ""
5506-
5507-#. type: Plain text
5508-#: original/man8/iptables-extensions.8:1038
5509-msgid "# Mark based on available bandwidth"
5510-msgstr ""
5511-
5512-#. type: Plain text
5513-#: original/man8/iptables-extensions.8:1042
5514-msgid ""
5515-"iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper "
5516-"ftp -m rateest --rateest-delta --rateest1 eth0 --rateest-bps1 2.5mbit --"
5517-"rateest-gt --rateest2 ppp0 --rateest-bps2 2mbit -j CONNMARK --set-mark 1"
5518-msgstr ""
5519-
5520-#. type: Plain text
5521-#: original/man8/iptables-extensions.8:1046
5522-msgid ""
5523-"iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper "
5524-"ftp -m rateest --rateest-delta --rateest1 ppp0 --rateest-bps1 2mbit --"
5525-"rateest-gt --rateest2 eth0 --rateest-bps2 2.5mbit -j CONNMARK --set-mark 2"
5526-msgstr ""
5527-
5528-#. type: Plain text
5529-#: original/man8/iptables-extensions.8:1048
5530-msgid "iptables -t mangle -A balance -j CONNMARK --restore-mark"
5531-msgstr ""
5532-
5533-#. type: SS
5534-#: original/man8/iptables-extensions.8:1048
5535-#, no-wrap
5536-msgid "realm (IPv4-specific)"
5537-msgstr ""
5538-
5539-#. type: Plain text
5540-#: original/man8/iptables-extensions.8:1051
5541-msgid ""
5542-"This matches the routing realm. Routing realms are used in complex routing "
5543-"setups involving dynamic routing protocols like BGP."
5544-msgstr ""
5545-
5546-#. type: TP
5547-#: original/man8/iptables-extensions.8:1051
5548-#, fuzzy, no-wrap
5549-#| msgid "B<--mark >I<value>[/I<mask>]"
5550-msgid "[B<!>] B<--realm> I<value>[B</>I<mask>]"
5551-msgstr "B<--mark >I<value>[/I<mask>]"
5552-
5553-#. type: Plain text
5554-#: original/man8/iptables-extensions.8:1056
5555-msgid ""
5556-"Matches a given realm number (and optionally mask). If not a number, value "
5557-"can be a named realm from /etc/iproute2/rt_realms (mask can not be used in "
5558-"that case)."
5559-msgstr ""
5560-
5561-#. type: SS
5562-#: original/man8/iptables-extensions.8:1056
5563-#, no-wrap
5564-msgid "recent"
5565-msgstr ""
5566-
5567-#. type: Plain text
5568-#: original/man8/iptables-extensions.8:1059
5569-msgid ""
5570-"Allows you to dynamically create a list of IP addresses and then match "
5571-"against that list in a few different ways."
5572-msgstr ""
5573-
5574-#. type: Plain text
5575-#: original/man8/iptables-extensions.8:1063
5576-msgid ""
5577-"For example, you can create a \"badguy\" list out of people attempting to "
5578-"connect to port 139 on your firewall and then DROP all future packets from "
5579-"them without considering them."
5580-msgstr ""
5581-
5582-#. type: Plain text
5583-#: original/man8/iptables-extensions.8:1066
5584-msgid ""
5585-"B<--set>, B<--rcheck>, B<--update> and B<--remove> are mutually exclusive."
5586-msgstr ""
5587-
5588-#. type: TP
5589-#: original/man8/iptables-extensions.8:1066
5590-#, fuzzy, no-wrap
5591-#| msgid "B<--cmd-owner >I<name>"
5592-msgid "B<--name> I<name>"
5593-msgstr "B<--cmd-owner >I<name>"
5594-
5595-#. type: Plain text
5596-#: original/man8/iptables-extensions.8:1070
5597-msgid ""
5598-"Specify the list to use for the commands. If no name is given then "
5599-"B<DEFAULT> will be used."
5600-msgstr ""
5601-
5602-#. type: TP
5603-#: original/man8/iptables-extensions.8:1070
5604-#, fuzzy, no-wrap
5605-#| msgid "B<-v, --verbose>"
5606-msgid "[B<!>] B<--set>"
5607-msgstr "B<-v, --verbose>"
5608-
5609-#. type: Plain text
5610-#: original/man8/iptables-extensions.8:1075
5611-msgid ""
5612-"This will add the source address of the packet to the list. If the source "
5613-"address is already in the list, this will update the existing entry. This "
5614-"will always return success (or failure if B<!> is passed in)."
5615-msgstr ""
5616-
5617-#. type: TP
5618-#: original/man8/iptables-extensions.8:1075
5619-#, no-wrap
5620-msgid "B<--rsource>"
5621-msgstr ""
5622-
5623-#. type: Plain text
5624-#: original/man8/iptables-extensions.8:1079
5625-msgid ""
5626-"Match/save the source address of each packet in the recent list table. This "
5627-"is the default."
5628-msgstr ""
5629-
5630-#. type: TP
5631-#: original/man8/iptables-extensions.8:1079
5632-#, fuzzy, no-wrap
5633-#| msgid "B<--physdev-is-out>"
5634-msgid "B<--rdest>"
5635-msgstr "B<--physdev-is-out>"
5636-
5637-#. type: Plain text
5638-#: original/man8/iptables-extensions.8:1082
5639-msgid ""
5640-"Match/save the destination address of each packet in the recent list table."
5641-msgstr ""
5642-
5643-#. type: TP
5644-#: original/man8/iptables-extensions.8:1082
5645-#, no-wrap
5646-msgid "B<--mask>netmask"
5647-msgstr ""
5648-
5649-#. type: Plain text
5650-#: original/man8/iptables-extensions.8:1085
5651-msgid "Netmask that will be applied to this recent list."
5652-msgstr ""
5653-
5654-#. type: TP
5655-#: original/man8/iptables-extensions.8:1085
5656-#, fuzzy, no-wrap
5657-#| msgid "B<-c>, B<--counters>"
5658-msgid "[B<!>] B<--rcheck>"
5659-msgstr "B<-c>, B<--counters>"
5660-
5661-#. type: Plain text
5662-#: original/man8/iptables-extensions.8:1088
5663-msgid "Check if the source address of the packet is currently in the list."
5664-msgstr ""
5665-
5666-#. type: TP
5667-#: original/man8/iptables-extensions.8:1088
5668-#, fuzzy, no-wrap
5669-#| msgid "B<-c>, B<--counters>"
5670-msgid "[B<!>] B<--update>"
5671-msgstr "B<-c>, B<--counters>"
5672-
5673-#. type: Plain text
5674-#: original/man8/iptables-extensions.8:1092
5675-msgid ""
5676-"Like B<--rcheck>, except it will update the \"last seen\" timestamp if it "
5677-"matches."
5678-msgstr ""
5679-
5680-#. type: TP
5681-#: original/man8/iptables-extensions.8:1092
5682-#, fuzzy, no-wrap
5683-#| msgid "B<-v, --verbose>"
5684-msgid "[B<!>] B<--remove>"
5685-msgstr "B<-v, --verbose>"
5686-
5687-#. type: Plain text
5688-#: original/man8/iptables-extensions.8:1097
5689-msgid ""
5690-"Check if the source address of the packet is currently in the list and if so "
5691-"that address will be removed from the list and the rule will return true. If "
5692-"the address is not found, false is returned."
5693-msgstr ""
5694-
5695-#. type: TP
5696-#: original/man8/iptables-extensions.8:1097
5697-#, fuzzy, no-wrap
5698-#| msgid "B<--set-tos >I<tos>"
5699-msgid "B<--seconds> I<seconds>"
5700-msgstr "B<--set-tos >I<tos>"
5701-
5702-#. type: Plain text
5703-#: original/man8/iptables-extensions.8:1102
5704-msgid ""
5705-"This option must be used in conjunction with one of B<--rcheck> or B<--"
5706-"update>. When used, this will narrow the match to only happen when the "
5707-"address is in the list and was seen within the last given number of seconds."
5708-msgstr ""
5709-
5710-#. type: TP
5711-#: original/man8/iptables-extensions.8:1102
5712-#, no-wrap
5713-msgid "B<--reap>"
5714-msgstr ""
5715-
5716-#. type: Plain text
5717-#: original/man8/iptables-extensions.8:1107
5718-msgid ""
5719-"This option can only be used in conjunction with B<--seconds>. When used, "
5720-"this will cause entries older than the last given number of seconds to be "
5721-"purged."
5722-msgstr ""
5723-
5724-#. type: TP
5725-#: original/man8/iptables-extensions.8:1107
5726-#, fuzzy, no-wrap
5727-#| msgid "B<--tos >I<tos>"
5728-msgid "B<--hitcount> I<hits>"
5729-msgstr "B<--tos >I<tos>"
5730-
5731-#. type: Plain text
5732-#: original/man8/iptables-extensions.8:1117
5733-msgid ""
5734-"This option must be used in conjunction with one of B<--rcheck> or B<--"
5735-"update>. When used, this will narrow the match to only happen when the "
5736-"address is in the list and packets had been received greater than or equal "
5737-"to the given value. This option may be used along with B<--seconds> to "
5738-"create an even narrower match requiring a certain number of hits within a "
5739-"specific time frame. The maximum value for the hitcount parameter is given "
5740-"by the \"ip_pkt_list_tot\" parameter of the xt_recent kernel module. "
5741-"Exceeding this value on the command line will cause the rule to be rejected."
5742-msgstr ""
5743-
5744-#. type: TP
5745-#: original/man8/iptables-extensions.8:1117
5746-#, fuzzy, no-wrap
5747-#| msgid "B<--ttl >I<ttl>"
5748-msgid "B<--rttl>"
5749-msgstr "B<--ttl >I<ttl>"
5750-
5751-#. type: Plain text
5752-#: original/man8/iptables-extensions.8:1125
5753-msgid ""
5754-"This option may only be used in conjunction with one of B<--rcheck> or B<--"
5755-"update>. When used, this will narrow the match to only happen when the "
5756-"address is in the list and the TTL of the current packet matches that of the "
5757-"packet which hit the B<--set> rule. This may be useful if you have problems "
5758-"with people faking their source address in order to DoS you via this module "
5759-"by disallowing others access to your site by sending bogus packets to you."
5760-msgstr ""
5761-
5762-#. type: Plain text
5763-#: original/man8/iptables-extensions.8:1129
5764-msgid ""
5765-"iptables -A FORWARD -m recent --name badguy --rcheck --seconds 60 -j DROP"
5766-msgstr ""
5767-
5768-#. type: Plain text
5769-#: original/man8/iptables-extensions.8:1131
5770-msgid ""
5771-"iptables -A FORWARD -p tcp -i eth0 --dport 139 -m recent --name badguy --set "
5772-"-j DROP"
5773-msgstr ""
5774-
5775-#. type: Plain text
5776-#: original/man8/iptables-extensions.8:1134
5777-msgid ""
5778-"Steve's ipt_recent website (http://snowman.net/projects/ipt_recent/) also "
5779-"has some examples of usage."
5780-msgstr ""
5781-
5782-#. type: Plain text
5783-#: original/man8/iptables-extensions.8:1137
5784-msgid ""
5785-"B</proc/net/xt_recent/*> are the current lists of addresses and information "
5786-"about each entry of each list."
5787-msgstr ""
5788-
5789-#. type: Plain text
5790-#: original/man8/iptables-extensions.8:1140
5791-msgid ""
5792-"Each file in B</proc/net/xt_recent/> can be read from to see the current "
5793-"list or written two using the following commands to modify the list:"
5794-msgstr ""
5795-
5796-#. type: TP
5797-#: original/man8/iptables-extensions.8:1140
5798-#, no-wrap
5799-msgid "B<echo +>I<addr>B< E<gt>/proc/net/xt_recent/DEFAULT>"
5800-msgstr ""
5801-
5802-#. type: Plain text
5803-#: original/man8/iptables-extensions.8:1143
5804-msgid "to add I<addr> to the DEFAULT list"
5805-msgstr ""
5806-
5807-#. type: TP
5808-#: original/man8/iptables-extensions.8:1143
5809-#, no-wrap
5810-msgid "B<echo ->I<addr>B< E<gt>/proc/net/xt_recent/DEFAULT>"
5811-msgstr ""
5812-
5813-#. type: Plain text
5814-#: original/man8/iptables-extensions.8:1146
5815-msgid "to remove I<addr> from the DEFAULT list"
5816-msgstr ""
5817-
5818-#. type: TP
5819-#: original/man8/iptables-extensions.8:1146
5820-#, no-wrap
5821-msgid "B<echo / E<gt>/proc/net/xt_recent/DEFAULT>"
5822-msgstr ""
5823-
5824-#. type: Plain text
5825-#: original/man8/iptables-extensions.8:1149
5826-msgid "to flush the DEFAULT list (remove all entries)."
5827-msgstr ""
5828-
5829-#. type: Plain text
5830-#: original/man8/iptables-extensions.8:1151
5831-msgid "The module itself accepts parameters, defaults shown:"
5832-msgstr ""
5833-
5834-#. type: TP
5835-#: original/man8/iptables-extensions.8:1151
5836-#, no-wrap
5837-msgid "B<ip_list_tot>=I<100>"
5838-msgstr ""
5839-
5840-#. type: Plain text
5841-#: original/man8/iptables-extensions.8:1154
5842-msgid "Number of addresses remembered per table."
5843-msgstr ""
5844-
5845-#. type: TP
5846-#: original/man8/iptables-extensions.8:1154
5847-#, no-wrap
5848-msgid "B<ip_pkt_list_tot>=I<20>"
5849-msgstr ""
5850-
5851-#. type: Plain text
5852-#: original/man8/iptables-extensions.8:1157
5853-msgid "Number of packets per address remembered."
5854-msgstr ""
5855-
5856-#. type: TP
5857-#: original/man8/iptables-extensions.8:1157
5858-#, no-wrap
5859-msgid "B<ip_list_hash_size>=I<0>"
5860-msgstr ""
5861-
5862-#. type: Plain text
5863-#: original/man8/iptables-extensions.8:1160
5864-msgid ""
5865-"Hash table size. 0 means to calculate it based on ip_list_tot, default: 512."
5866-msgstr ""
5867-
5868-#. type: TP
5869-#: original/man8/iptables-extensions.8:1160
5870-#, no-wrap
5871-msgid "B<ip_list_perms>=I<0644>"
5872-msgstr ""
5873-
5874-#. type: Plain text
5875-#: original/man8/iptables-extensions.8:1163
5876-msgid "Permissions for /proc/net/xt_recent/* files."
5877-msgstr ""
5878-
5879-#. type: TP
5880-#: original/man8/iptables-extensions.8:1163
5881-#, no-wrap
5882-msgid "B<ip_list_uid>=I<0>"
5883-msgstr ""
5884-
5885-#. type: Plain text
5886-#: original/man8/iptables-extensions.8:1166
5887-msgid "Numerical UID for ownership of /proc/net/xt_recent/* files."
5888-msgstr ""
5889-
5890-#. type: TP
5891-#: original/man8/iptables-extensions.8:1166
5892-#, no-wrap
5893-msgid "B<ip_list_gid>=I<0>"
5894-msgstr ""
5895-
5896-#. type: Plain text
5897-#: original/man8/iptables-extensions.8:1169
5898-msgid "Numerical GID for ownership of /proc/net/xt_recent/* files."
5899-msgstr ""
5900-
5901-#. type: SS
5902-#: original/man8/iptables-extensions.8:1169
5903-#, fuzzy, no-wrap
5904-#| msgid "B<filter>:"
5905-msgid "rpfilter"
5906-msgstr "B<filter>:"
5907-
5908-#. type: Plain text
5909-#: original/man8/iptables-extensions.8:1178
5910-msgid ""
5911-"Performs a reverse path filter test on a packet. If a reply to the packet "
5912-"would be sent via the same interface that the packet arrived on, the packet "
5913-"will match. Note that, unlike the in-kernel rp_filter, packets protected by "
5914-"IPSec are not treated specially. Combine this match with the policy match "
5915-"if you want this. Also, packets arriving via the loopback interface are "
5916-"always permitted. This match can only be used in the PREROUTING chain of "
5917-"the raw or mangle table."
5918-msgstr ""
5919-
5920-#. type: TP
5921-#: original/man8/iptables-extensions.8:1178
5922-#, fuzzy, no-wrap
5923-#| msgid "B<--tos >I<tos>"
5924-msgid "B<--loose>"
5925-msgstr "B<--tos >I<tos>"
5926-
5927-#. type: Plain text
5928-#: original/man8/iptables-extensions.8:1182
5929-msgid ""
5930-"Used to specifiy that the reverse path filter test should match even if the "
5931-"selected output device is not the expected one."
5932-msgstr ""
5933-
5934-#. type: TP
5935-#: original/man8/iptables-extensions.8:1182
5936-#, no-wrap
5937-msgid "B<--validmark>"
5938-msgstr ""
5939-
5940-#. type: Plain text
5941-#: original/man8/iptables-extensions.8:1185
5942-msgid ""
5943-"Also use the packets' nfmark value when performing the reverse path route "
5944-"lookup."
5945-msgstr ""
5946-
5947-#. type: TP
5948-#: original/man8/iptables-extensions.8:1185
5949-#, no-wrap
5950-msgid "B<--accept-local>"
5951-msgstr ""
5952-
5953-#. type: Plain text
5954-#: original/man8/iptables-extensions.8:1189
5955-msgid ""
5956-"This will permit packets arriving from the network with a source address "
5957-"that is also assigned to the local machine."
5958-msgstr ""
5959-
5960-#. type: TP
5961-#: original/man8/iptables-extensions.8:1189
5962-#, fuzzy, no-wrap
5963-#| msgid "B<-I, --insert>"
5964-msgid "B<--invert>"
5965-msgstr "B<-I, --insert>"
5966-
5967-#. type: Plain text
5968-#: original/man8/iptables-extensions.8:1193
5969-msgid ""
5970-"This will invert the sense of the match. Instead of matching packets that "
5971-"passed the reverse path filter test, match those that have failed it."
5972-msgstr ""
5973-
5974-#. type: Plain text
5975-#: original/man8/iptables-extensions.8:1195
5976-msgid "Example to log and drop packets failing the reverse path filter test:"
5977-msgstr ""
5978-
5979-#. type: Plain text
5980-#: original/man8/iptables-extensions.8:1197
5981-#, fuzzy
5982-#| msgid " iptables -t nat -n -L\n"
5983-msgid "iptables -t raw -N RPFILTER"
5984-msgstr " iptables -t nat -n -L\n"
5985-
5986-#. type: Plain text
5987-#: original/man8/iptables-extensions.8:1199
5988-msgid "iptables -t raw -A RPFILTER -m rpfilter -j RETURN"
5989-msgstr ""
5990-
5991-#. type: Plain text
5992-#: original/man8/iptables-extensions.8:1201
5993-msgid ""
5994-"iptables -t raw -A RPFILTER -m limit --limit 10/minute -j NFLOG --nflog-"
5995-"prefix \"rpfilter drop\""
5996-msgstr ""
5997-
5998-#. type: Plain text
5999-#: original/man8/iptables-extensions.8:1203
6000-msgid "iptables -t raw -A RPFILTER -j DROP"
6001-msgstr ""
6002-
6003-#. type: Plain text
6004-#: original/man8/iptables-extensions.8:1205
6005-msgid "iptables -t raw -A PREROUTING -j RPFILTER"
6006-msgstr ""
6007-
6008-#. type: Plain text
6009-#: original/man8/iptables-extensions.8:1207
6010-msgid "Example to drop failed packets, without logging:"
6011-msgstr ""
6012-
6013-#. type: Plain text
6014-#: original/man8/iptables-extensions.8:1209
6015-msgid "iptables -t raw -A RPFILTER -m rpfilter --invert -j DROP"
6016-msgstr ""
6017-
6018-#. type: SS
6019-#: original/man8/iptables-extensions.8:1209
6020-#, no-wrap
6021-msgid "rt (IPv6-specific)"
6022-msgstr ""
6023-
6024-#. type: Plain text
6025-#: original/man8/iptables-extensions.8:1211
6026-msgid "Match on IPv6 routing header"
6027-msgstr ""
6028-
6029-#. type: TP
6030-#: original/man8/iptables-extensions.8:1211
6031-#, fuzzy, no-wrap
6032-#| msgid "B<--icmp-type >[!] I<typename>"
6033-msgid "[B<!>] B<--rt-type> I<type>"
6034-msgstr "B<--icmp-type >[!] I<typename>"
6035-
6036-#. type: Plain text
6037-#: original/man8/iptables-extensions.8:1214
6038-msgid "Match the type (numeric)."
6039-msgstr ""
6040-
6041-#. type: TP
6042-#: original/man8/iptables-extensions.8:1214
6043-#, no-wrap
6044-msgid "[B<!>] B<--rt-segsleft> I<num>[B<:>I<num>]"
6045-msgstr ""
6046-
6047-#. type: Plain text
6048-#: original/man8/iptables-extensions.8:1217
6049-msgid "Match the `segments left' field (range)."
6050-msgstr ""
6051-
6052-#. type: TP
6053-#: original/man8/iptables-extensions.8:1217
6054-#, fuzzy, no-wrap
6055-#| msgid "B<-t>, B<--table> B<tablename>"
6056-msgid "[B<!>] B<--rt-len> I<length>"
6057-msgstr "B<-t>, B<--table> B<tablename>"
6058-
6059-#. type: Plain text
6060-#: original/man8/iptables-extensions.8:1220
6061-msgid "Match the length of this header."
6062-msgstr ""
6063-
6064-#. type: TP
6065-#: original/man8/iptables-extensions.8:1220
6066-#, no-wrap
6067-msgid "B<--rt-0-res>"
6068-msgstr ""
6069-
6070-#. type: Plain text
6071-#: original/man8/iptables-extensions.8:1223
6072-msgid "Match the reserved field, too (type=0)"
6073-msgstr ""
6074-
6075-#. type: TP
6076-#: original/man8/iptables-extensions.8:1223
6077-#, no-wrap
6078-msgid "B<--rt-0-addrs> I<addr>[B<,>I<addr>...]"
6079-msgstr ""
6080-
6081-#. type: Plain text
6082-#: original/man8/iptables-extensions.8:1226
6083-msgid "Match type=0 addresses (list)."
6084-msgstr ""
6085-
6086-#. type: TP
6087-#: original/man8/iptables-extensions.8:1226
6088-#, no-wrap
6089-msgid "B<--rt-0-not-strict>"
6090-msgstr ""
6091-
6092-#. type: Plain text
6093-#: original/man8/iptables-extensions.8:1229
6094-msgid "List of type=0 addresses is not a strict list."
6095-msgstr ""
6096-
6097-#. type: SS
6098-#: original/man8/iptables-extensions.8:1229
6099-#, no-wrap
6100-msgid "sctp"
6101-msgstr ""
6102-
6103-#. type: TP
6104-#: original/man8/iptables-extensions.8:1234
6105-#, no-wrap
6106-msgid "[B<!>] B<--chunk-types> {B<all>|B<any>|B<only>} I<chunktype>[B<:>I<flags>] [...]"
6107-msgstr ""
6108-
6109-#. type: Plain text
6110-#: original/man8/iptables-extensions.8:1238
6111-msgid ""
6112-"The flag letter in upper case indicates that the flag is to match if set, in "
6113-"the lower case indicates to match if unset."
6114-msgstr ""
6115-
6116-#. type: Plain text
6117-#: original/man8/iptables-extensions.8:1240
6118-msgid ""
6119-"Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN "
6120-"SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE "
6121-"ASCONF ASCONF_ACK FORWARD_TSN"
6122-msgstr ""
6123-
6124-#. type: Plain text
6125-#: original/man8/iptables-extensions.8:1242
6126-msgid "chunk type available flags"
6127-msgstr ""
6128-
6129-#. type: Plain text
6130-#: original/man8/iptables-extensions.8:1244
6131-msgid "DATA I U B E i u b e"
6132-msgstr ""
6133-
6134-#. type: Plain text
6135-#: original/man8/iptables-extensions.8:1246
6136-msgid "ABORT T t"
6137-msgstr ""
6138-
6139-#. type: Plain text
6140-#: original/man8/iptables-extensions.8:1248
6141-msgid "SHUTDOWN_COMPLETE T t"
6142-msgstr ""
6143-
6144-#. type: Plain text
6145-#: original/man8/iptables-extensions.8:1250
6146-msgid "(lowercase means flag should be \"off\", uppercase means \"on\")"
6147-msgstr ""
6148-
6149-#. type: Plain text
6150-#: original/man8/iptables-extensions.8:1254
6151-msgid "iptables -A INPUT -p sctp --dport 80 -j DROP"
6152-msgstr ""
6153-
6154-#. type: Plain text
6155-#: original/man8/iptables-extensions.8:1256
6156-msgid "iptables -A INPUT -p sctp --chunk-types any DATA,INIT -j DROP"
6157-msgstr ""
6158-
6159-#. type: Plain text
6160-#: original/man8/iptables-extensions.8:1258
6161-msgid "iptables -A INPUT -p sctp --chunk-types any DATA:Be -j ACCEPT"
6162-msgstr ""
6163-
6164-#. type: SS
6165-#: original/man8/iptables-extensions.8:1258
6166-#, no-wrap
6167-msgid "set"
6168-msgstr ""
6169-
6170-#. type: Plain text
6171-#: original/man8/iptables-extensions.8:1260
6172-#, fuzzy
6173-#| msgid "This module matches the SPIs in AH header of IPSec packets."
6174-msgid "This module matches IP sets which can be defined by ipset(8)."
6175-msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。"
6176-
6177-#. type: TP
6178-#: original/man8/iptables-extensions.8:1260
6179-#, no-wrap
6180-msgid "[B<!>] B<--match-set> I<setname> I<flag>[B<,>I<flag>]..."
6181-msgstr ""
6182-
6183-#. type: Plain text
6184-#: original/man8/iptables-extensions.8:1267
6185-msgid ""
6186-"where flags are the comma separated list of B<src> and/or B<dst> "
6187-"specifications and there can be no more than six of them. Hence the command"
6188-msgstr ""
6189-
6190-#. type: Plain text
6191-#: original/man8/iptables-extensions.8:1269
6192-#, fuzzy, no-wrap
6193-#| msgid " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
6194-msgid " iptables -A FORWARD -m set --match-set test src,dst\n"
6195-msgstr " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
6196-
6197-#. type: Plain text
6198-#: original/man8/iptables-extensions.8:1275
6199-msgid ""
6200-"will match packets, for which (if the set type is ipportmap) the source "
6201-"address and destination port pair can be found in the specified set. If the "
6202-"set type of the specified set is single dimension (for example ipmap), then "
6203-"the command will match packets for which the source address can be found in "
6204-"the specified set."
6205-msgstr ""
6206-
6207-#. type: TP
6208-#: original/man8/iptables-extensions.8:1275
6209-#, no-wrap
6210-msgid "B<--return--nomatch>"
6211-msgstr ""
6212-
6213-#. type: Plain text
6214-#: original/man8/iptables-extensions.8:1281
6215-msgid ""
6216-"If the B<--return--nomatch> option is specified and the set type supports "
6217-"the B<nomatch> flag, then the matching is reversed: a match with an element "
6218-"flagged with B<nomatch> returns B<true>, while a match with a plain element "
6219-"returns B<false>."
6220-msgstr ""
6221-
6222-#. type: Plain text
6223-#: original/man8/iptables-extensions.8:1284
6224-msgid ""
6225-"The option B<--match-set> can be replaced by B<--set> if that does not clash "
6226-"with an option of other extensions."
6227-msgstr ""
6228-
6229-#. type: Plain text
6230-#: original/man8/iptables-extensions.8:1287
6231-msgid ""
6232-"Use of -m set requires that ipset kernel support is provided, which, for "
6233-"standard kernels, is the case since Linux 2.6.39."
6234-msgstr ""
6235-
6236-#. type: SS
6237-#: original/man8/iptables-extensions.8:1287
6238-#, no-wrap
6239-msgid "socket"
6240-msgstr ""
6241-
6242-#. type: Plain text
6243-#: original/man8/iptables-extensions.8:1290
6244-msgid ""
6245-"This matches if an open socket can be found by doing a socket lookup on the "
6246-"packet."
6247-msgstr ""
6248-
6249-#. type: TP
6250-#: original/man8/iptables-extensions.8:1290
6251-#, no-wrap
6252-msgid "B<--transparent>"
6253-msgstr ""
6254-
6255-#. type: Plain text
6256-#: original/man8/iptables-extensions.8:1293
6257-msgid "Ignore non-transparent sockets."
6258-msgstr ""
6259-
6260-#. type: SS
6261-#: original/man8/iptables-extensions.8:1293
6262-#, no-wrap
6263-msgid "state"
6264-msgstr "state"
6265-
6266-#. type: Plain text
6267-#: original/man8/iptables-extensions.8:1296
6268-#, fuzzy
6269-#| msgid ""
6270-#| "This module, when combined with connection tracking, allows access to the "
6271-#| "connection tracking state for this packet."
6272-msgid ""
6273-"The \"state\" extension is a subset of the \"conntrack\" module. \"state\" "
6274-"allows access to the connection tracking state for this packet."
6275-msgstr ""
6276-"このモジュールは、接続追跡 (connection tracking) と組み合わせて用いると、 パ"
6277-"ケットについての接続追跡状態を知ることができる。"
6278-
6279-#. type: TP
6280-#: original/man8/iptables-extensions.8:1296
6281-#, fuzzy, no-wrap
6282-#| msgid "B<--state >I<state>"
6283-msgid "[B<!>] B<--state> I<state>"
6284-msgstr "B<--state >I<state>"
6285-
6286-#. type: Plain text
6287-#: original/man8/iptables-extensions.8:1302
6288-msgid ""
6289-"Where state is a comma separated list of the connection states to match. "
6290-"Only a subset of the states unterstood by \"conntrack\" are recognized: "
6291-"B<INVALID>, B<ESTABLISHED>, B<NEW>, B<RELATED> or B<UNTRACKED>. For their "
6292-"description, see the \"conntrack\" heading in this manpage."
6293-msgstr ""
6294-
6295-#. type: SS
6296-#: original/man8/iptables-extensions.8:1302
6297-#, no-wrap
6298-msgid "statistic"
6299-msgstr ""
6300-
6301-#. type: Plain text
6302-#: original/man8/iptables-extensions.8:1307
6303-msgid ""
6304-"This module matches packets based on some statistic condition. It supports "
6305-"two distinct modes settable with the B<--mode> option."
6306-msgstr ""
6307-
6308-#. type: Plain text
6309-#: original/man8/iptables-extensions.8:1309
6310-msgid "Supported options:"
6311-msgstr ""
6312-
6313-#. type: TP
6314-#: original/man8/iptables-extensions.8:1309
6315-#, fuzzy, no-wrap
6316-#| msgid "B<--cmd-owner >I<name>"
6317-msgid "B<--mode> I<mode>"
6318-msgstr "B<--cmd-owner >I<name>"
6319-
6320-#. type: Plain text
6321-#: original/man8/iptables-extensions.8:1315
6322-msgid ""
6323-"Set the matching mode of the matching rule, supported modes are B<random> "
6324-"and B<nth.>"
6325-msgstr ""
6326-
6327-#. type: TP
6328-#: original/man8/iptables-extensions.8:1315
6329-#, fuzzy, no-wrap
6330-#| msgid "B<-t>, B<--table> B<tablename>"
6331-msgid "[B<!>] B<--probability> I<p>"
6332-msgstr "B<-t>, B<--table> B<tablename>"
6333-
6334-#. type: Plain text
6335-#: original/man8/iptables-extensions.8:1320
6336-msgid ""
6337-"Set the probability for a packet to be randomly matched. It only works with "
6338-"the B<random> mode. I<p> must be within 0.0 and 1.0. The supported "
6339-"granularity is in 1/2147483648th increments."
6340-msgstr ""
6341-
6342-#. type: TP
6343-#: original/man8/iptables-extensions.8:1320
6344-#, fuzzy, no-wrap
6345-#| msgid "B<-t>, B<--table> B<tablename>"
6346-msgid "[B<!>] B<--every> I<n>"
6347-msgstr "B<-t>, B<--table> B<tablename>"
6348-
6349-#. type: Plain text
6350-#: original/man8/iptables-extensions.8:1327
6351-msgid ""
6352-"Match one packet every nth packet. It works only with the B<nth> mode (see "
6353-"also the B<--packet> option)."
6354-msgstr ""
6355-
6356-#. type: TP
6357-#: original/man8/iptables-extensions.8:1327
6358-#, no-wrap
6359-msgid "B<--packet> I<p>"
6360-msgstr ""
6361-
6362-#. type: Plain text
6363-#: original/man8/iptables-extensions.8:1332
6364-msgid ""
6365-"Set the initial counter value (0 E<lt>= p E<lt>= n-1, default 0) for the "
6366-"B<nth> mode."
6367-msgstr ""
6368-
6369-#. type: SS
6370-#: original/man8/iptables-extensions.8:1332
6371-#, no-wrap
6372-msgid "string"
6373-msgstr ""
6374-
6375-#. type: Plain text
6376-#: original/man8/iptables-extensions.8:1334
6377-msgid ""
6378-"This modules matches a given string by using some pattern matching strategy. "
6379-"It requires a linux kernel E<gt>= 2.6.14."
6380-msgstr ""
6381-
6382-#. type: TP
6383-#: original/man8/iptables-extensions.8:1334
6384-#, no-wrap
6385-msgid "B<--algo> {B<bm>|B<kmp>}"
6386-msgstr ""
6387-
6388-#. type: Plain text
6389-#: original/man8/iptables-extensions.8:1337
6390-msgid ""
6391-"Select the pattern matching strategy. (bm = Boyer-Moore, kmp = Knuth-Pratt-"
6392-"Morris)"
6393-msgstr ""
6394-
6395-#. type: TP
6396-#: original/man8/iptables-extensions.8:1337
6397-#, fuzzy, no-wrap
6398-#| msgid "B<--tos >I<tos>"
6399-msgid "B<--from> I<offset>"
6400-msgstr "B<--tos >I<tos>"
6401-
6402-#. type: Plain text
6403-#: original/man8/iptables-extensions.8:1340
6404-msgid ""
6405-"Set the offset from which it starts looking for any matching. If not passed, "
6406-"default is 0."
6407-msgstr ""
6408-
6409-#. type: TP
6410-#: original/man8/iptables-extensions.8:1340
6411-#, fuzzy, no-wrap
6412-#| msgid "B<--tos >I<tos>"
6413-msgid "B<--to> I<offset>"
6414-msgstr "B<--tos >I<tos>"
6415-
6416-#. type: Plain text
6417-#: original/man8/iptables-extensions.8:1345
6418-msgid ""
6419-"Set the offset up to which should be scanned. That is, byte I<offset>-1 "
6420-"(counting from 0) is the last one that is scanned. If not passed, default "
6421-"is the packet size."
6422-msgstr ""
6423-
6424-#. type: TP
6425-#: original/man8/iptables-extensions.8:1345
6426-#, no-wrap
6427-msgid "[B<!>] B<--string> I<pattern>"
6428-msgstr ""
6429-
6430-#. type: Plain text
6431-#: original/man8/iptables-extensions.8:1348
6432-#, fuzzy
6433-#| msgid "Matches the given TTL value."
6434-msgid "Matches the given pattern."
6435-msgstr "指定された TTL 値にマッチする。"
6436-
6437-#. type: TP
6438-#: original/man8/iptables-extensions.8:1348
6439-#, no-wrap
6440-msgid "[B<!>] B<--hex-string> I<pattern>"
6441-msgstr ""
6442-
6443-#. type: Plain text
6444-#: original/man8/iptables-extensions.8:1351
6445-#, fuzzy
6446-#| msgid "Matches the given TTL value."
6447-msgid "Matches the given pattern in hex notation."
6448-msgstr "指定された TTL 値にマッチする。"
6449-
6450-#. type: SS
6451-#: original/man8/iptables-extensions.8:1351
6452-#, no-wrap
6453-msgid "tcp"
6454-msgstr "tcp"
6455-
6456-#. type: Plain text
6457-#: original/man8/iptables-extensions.8:1354
6458-#, fuzzy
6459-#| msgid ""
6460-#| "These extensions are loaded if `--protocol tcp' is specified. It provides "
6461-#| "the following options:"
6462-msgid ""
6463-"These extensions can be used if `--protocol tcp' is specified. It provides "
6464-"the following options:"
6465-msgstr ""
6466-"これらの拡張は `--protocol tcp' が指定され場合にロードされ、 以下のオプション"
6467-"が提供される:"
6468-
6469-#. type: Plain text
6470-#: original/man8/iptables-extensions.8:1365
6471-#, fuzzy
6472-#| msgid ""
6473-#| "Source port or port range specification. This can either be a service "
6474-#| "name or a port number. An inclusive range can also be specified, using "
6475-#| "the format I<port>:I<port>. If the first port is omitted, \"0\" is "
6476-#| "assumed; if the last is omitted, \"65535\" is assumed. If the second "
6477-#| "port greater then the first they will be swapped. The flag B<--sport> is "
6478-#| "a convenient alias for this option."
6479-msgid ""
6480-"Source port or port range specification. This can either be a service name "
6481-"or a port number. An inclusive range can also be specified, using the format "
6482-"I<first>B<:>I<last>. If the first port is omitted, \"0\" is assumed; if the "
6483-"last is omitted, \"65535\" is assumed. If the first port is greater than "
6484-"the second one they will be swapped. The flag B<--sport> is a convenient "
6485-"alias for this option."
6486-msgstr ""
6487-"送信元ポートまたはポート範囲の指定。 サービス名またはポート番号を指定で\n"
6488-"きる。 I<port>:I<port> という形式で、2 つの番号を含む範囲を指定すること\n"
6489-"もできる。 最初のポートを省略した場合、\"0\" を仮定する。 最後のポートを\n"
6490-"省略した場合、\"65535\" を仮定する。 最初のポートが最後のポートより大きい\n"
6491-"場合、2 つは入れ換えられる。 フラグ B<--sport> は、このオプションの便利\n"
6492-"な別名である。"
6493-
6494-#. type: Plain text
6495-#: original/man8/iptables-extensions.8:1370
6496-msgid ""
6497-"Destination port or port range specification. The flag B<--dport> is a "
6498-"convenient alias for this option."
6499-msgstr ""
6500-"送信先ポートまたはポート範囲の指定。 フラグ B<--dport> は、このオプションの便"
6501-"利な別名である。"
6502-
6503-#. type: TP
6504-#: original/man8/iptables-extensions.8:1370
6505-#, fuzzy, no-wrap
6506-#| msgid "B<--tcp-flags >[!] I<mask> I<comp>"
6507-msgid "[B<!>] B<--tcp-flags> I<mask> I<comp>"
6508-msgstr "B<--tcp-flags >[!] I<mask> I<comp>"
6509-
6510-#. type: Plain text
6511-#: original/man8/iptables-extensions.8:1378
6512-#, fuzzy
6513-#| msgid ""
6514-#| "Match when the TCP flags are as specified. The first argument is the "
6515-#| "flags which we should examine, written as a comma-separated list, and the "
6516-#| "second argument is a comma-separated list of flags which must be set. "
6517-#| "Flags are: B<SYN ACK FIN RST URG PSH ALL NONE>. Hence the command"
6518-msgid ""
6519-"Match when the TCP flags are as specified. The first argument I<mask> is "
6520-"the flags which we should examine, written as a comma-separated list, and "
6521-"the second argument I<comp> is a comma-separated list of flags which must be "
6522-"set. Flags are: B<SYN ACK FIN RST URG PSH ALL NONE>. Hence the command"
6523-msgstr ""
6524-"TCP フラグが指定されたものと等しい場合にマッチする。 第 1 引き数は評価\n"
6525-"対象とするフラグで、コンマ区切りのリストである。 第 2 引き数は必ず設定\n"
6526-"しなければならないフラグで、コンマ区切りのリストである。 指定できるフラ\n"
6527-"グは B<SYN ACK FIN RST URG PSH ALL NONE> である。 よって、コマンド"
6528-
6529-#. type: Plain text
6530-#: original/man8/iptables-extensions.8:1380
6531-#, no-wrap
6532-msgid " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
6533-msgstr " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
6534-
6535-#. type: Plain text
6536-#: original/man8/iptables-extensions.8:1383
6537-msgid ""
6538-"will only match packets with the SYN flag set, and the ACK, FIN and RST "
6539-"flags unset."
6540-msgstr ""
6541-"は、SYN フラグが設定され ACK, FIN, RST フラグが設定されていない パケットにの"
6542-"みマッチする。"
6543-
6544-#. type: TP
6545-#: original/man8/iptables-extensions.8:1383
6546-#, fuzzy, no-wrap
6547-#| msgid "B<[!] --syn>"
6548-msgid "[B<!>] B<--syn>"
6549-msgstr "B<[!] --syn>"
6550-
6551-#. type: Plain text
6552-#: original/man8/iptables-extensions.8:1393
6553-#, fuzzy
6554-#| msgid ""
6555-#| "Only match TCP packets with the SYN bit set and the ACK and RST bits "
6556-#| "cleared. Such packets are used to request TCP connection initiation; for "
6557-#| "example, blocking such packets coming in an interface will prevent "
6558-#| "incoming TCP connections, but outgoing TCP connections will be "
6559-#| "unaffected. It is equivalent to B<--tcp-flags SYN,RST,ACK SYN>. If the "
6560-#| "\"!\" flag precedes the \"--syn\", the sense of the option is inverted."
6561-msgid ""
6562-"Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits "
6563-"cleared. Such packets are used to request TCP connection initiation; for "
6564-"example, blocking such packets coming in an interface will prevent incoming "
6565-"TCP connections, but outgoing TCP connections will be unaffected. It is "
6566-"equivalent to B<--tcp-flags SYN,RST,ACK,FIN SYN>. If the \"!\" flag "
6567-"precedes the \"--syn\", the sense of the option is inverted."
6568-msgstr ""
6569-"SYN ビットが設定され ACK と RST ビットがクリアされている TCP パケットに\n"
6570-"のみマッチする。このようなパケットは TCP 接続の開始要求に使われる。例え\n"
6571-"ば、あるインターフェースに入ってくるこのようなパケットをブロックすれば、\n"
6572-"内側への TCP 接続は禁止されるが、外側への TCP 接続には影響しない。 これ\n"
6573-"は B<--tcp-flags SYN,RST,ACK SYN> と等しい。 \"--syn\" の前に \"!\" フラグ\n"
6574-"を置くと、 SYN ビットがクリアされ ACK と RST ビットが設定されている\n"
6575-"TCP パケットにのみマッチする。"
6576-
6577-#. type: TP
6578-#: original/man8/iptables-extensions.8:1393
6579-#, fuzzy, no-wrap
6580-#| msgid "B<--tcp-option >[!] I<number>"
6581-msgid "[B<!>] B<--tcp-option> I<number>"
6582-msgstr "B<--tcp-option >[!] I<number>"
6583-
6584-#. type: Plain text
6585-#: original/man8/iptables-extensions.8:1396
6586-msgid "Match if TCP option set."
6587-msgstr "TCP オプションが設定されている場合にマッチする。"
6588-
6589-#. type: SS
6590-#: original/man8/iptables-extensions.8:1396
6591-#, no-wrap
6592-msgid "tcpmss"
6593-msgstr ""
6594-
6595-#. type: Plain text
6596-#: original/man8/iptables-extensions.8:1398
6597-msgid ""
6598-"This matches the TCP MSS (maximum segment size) field of the TCP header. "
6599-"You can only use this on TCP SYN or SYN/ACK packets, since the MSS is only "
6600-"negotiated during the TCP handshake at connection startup time."
6601-msgstr ""
6602-
6603-#. type: TP
6604-#: original/man8/iptables-extensions.8:1398
6605-#, fuzzy, no-wrap
6606-#| msgid "B<--mss >I<value>[:I<value>]"
6607-msgid "[B<!>] B<--mss> I<value>[B<:>I<value>]"
6608-msgstr "B<--mss >I<value>[:I<value>]"
6609-
6610-#. type: Plain text
6611-#: original/man8/iptables-extensions.8:1401
6612-#, fuzzy
6613-#| msgid "Matches the given TTL value."
6614-msgid "Match a given TCP MSS value or range."
6615-msgstr "指定された TTL 値にマッチする。"
6616-
6617-#. type: SS
6618-#: original/man8/iptables-extensions.8:1401
6619-#, no-wrap
6620-msgid "time"
6621-msgstr ""
6622-
6623-#. type: Plain text
6624-#: original/man8/iptables-extensions.8:1405
6625-msgid ""
6626-"This matches if the packet arrival time/date is within a given range. All "
6627-"options are optional, but are ANDed when specified. All times are "
6628-"interpreted as UTC by default."
6629-msgstr ""
6630-
6631-#. type: TP
6632-#: original/man8/iptables-extensions.8:1405
6633-#, no-wrap
6634-msgid "B<--datestart> I<YYYY>[B<->I<MM>[B<->I<DD>[B<T>I<hh>[B<:>I<mm>[B<:>I<ss>]]]]]"
6635-msgstr ""
6636-
6637-#. type: TP
6638-#: original/man8/iptables-extensions.8:1407
6639-#, no-wrap
6640-msgid "B<--datestop> I<YYYY>[B<->I<MM>[B<->I<DD>[B<T>I<hh>[B<:>I<mm>[B<:>I<ss>]]]]]"
6641-msgstr ""
6642-
6643-#. type: Plain text
6644-#: original/man8/iptables-extensions.8:1411
6645-msgid ""
6646-"Only match during the given time, which must be in ISO 8601 \"T\" notation. "
6647-"The possible time range is 1970-01-01T00:00:00 to 2038-01-19T04:17:07."
6648-msgstr ""
6649-
6650-#. type: Plain text
6651-#: original/man8/iptables-extensions.8:1414
6652-msgid ""
6653-"If --datestart or --datestop are not specified, it will default to "
6654-"1970-01-01 and 2038-01-19, respectively."
6655-msgstr ""
6656-
6657-#. type: TP
6658-#: original/man8/iptables-extensions.8:1414
6659-#, no-wrap
6660-msgid "B<--timestart> I<hh>B<:>I<mm>[B<:>I<ss>]"
6661-msgstr ""
6662-
6663-#. type: TP
6664-#: original/man8/iptables-extensions.8:1416
6665-#, no-wrap
6666-msgid "B<--timestop> I<hh>B<:>I<mm>[B<:>I<ss>]"
6667-msgstr ""
6668-
6669-#. type: Plain text
6670-#: original/man8/iptables-extensions.8:1421
6671-msgid ""
6672-"Only match during the given daytime. The possible time range is 00:00:00 to "
6673-"23:59:59. Leading zeroes are allowed (e.g. \"06:03\") and correctly "
6674-"interpreted as base-10."
6675-msgstr ""
6676-
6677-#. type: TP
6678-#: original/man8/iptables-extensions.8:1421
6679-#, no-wrap
6680-msgid "[B<!>] B<--monthdays> I<day>[B<,>I<day>...]"
6681-msgstr ""
6682-
6683-#. type: Plain text
6684-#: original/man8/iptables-extensions.8:1427
6685-msgid ""
6686-"Only match on the given days of the month. Possible values are B<1> to "
6687-"B<31>. Note that specifying B<31> will of course not match on months which "
6688-"do not have a 31st day; the same goes for 28- or 29-day February."
6689-msgstr ""
6690-
6691-#. type: TP
6692-#: original/man8/iptables-extensions.8:1427
6693-#, no-wrap
6694-msgid "[B<!>] B<--weekdays> I<day>[B<,>I<day>...]"
6695-msgstr ""
6696-
6697-#. type: Plain text
6698-#: original/man8/iptables-extensions.8:1433
6699-msgid ""
6700-"Only match on the given weekdays. Possible values are B<Mon>, B<Tue>, "
6701-"B<Wed>, B<Thu>, B<Fri>, B<Sat>, B<Sun>, or values from B<1> to B<7>, "
6702-"respectively. You may also use two-character variants (B<Mo>, B<Tu>, etc.)."
6703-msgstr ""
6704-
6705-#. type: TP
6706-#: original/man8/iptables-extensions.8:1433
6707-#, fuzzy, no-wrap
6708-#| msgid "B<--tos >I<tos>"
6709-msgid "B<--contiguous>"
6710-msgstr "B<--tos >I<tos>"
6711-
6712-#. type: Plain text
6713-#: original/man8/iptables-extensions.8:1437
6714-msgid ""
6715-"When B<--timestop> is smaller than B<--timestart> value, match this as a "
6716-"single time period instead distinct intervals. See EXAMPLES."
6717-msgstr ""
6718-
6719-#. type: TP
6720-#: original/man8/iptables-extensions.8:1437
6721-#, no-wrap
6722-msgid "B<--kerneltz>"
6723-msgstr ""
6724-
6725-#. type: Plain text
6726-#: original/man8/iptables-extensions.8:1441
6727-msgid ""
6728-"Use the kernel timezone instead of UTC to determine whether a packet meets "
6729-"the time regulations."
6730-msgstr ""
6731-
6732-#. type: Plain text
6733-#: original/man8/iptables-extensions.8:1447
6734-msgid ""
6735-"About kernel timezones: Linux keeps the system time in UTC, and always does "
6736-"so. On boot, system time is initialized from a referential time source. "
6737-"Where this time source has no timezone information, such as the x86 CMOS "
6738-"RTC, UTC will be assumed. If the time source is however not in UTC, "
6739-"userspace should provide the correct system time and timezone to the kernel "
6740-"once it has the information."
6741-msgstr ""
6742-
6743-#. type: Plain text
6744-#: original/man8/iptables-extensions.8:1458
6745-msgid ""
6746-"Local time is a feature on top of the (timezone independent) system time. "
6747-"Each process has its own idea of local time, specified via the TZ "
6748-"environment variable. The kernel also has its own timezone offset variable. "
6749-"The TZ userspace environment variable specifies how the UTC-based system "
6750-"time is displayed, e.g. when you run date(1), or what you see on your "
6751-"desktop clock. The TZ string may resolve to different offsets at different "
6752-"dates, which is what enables the automatic time-jumping in userspace. when "
6753-"DST changes. The kernel's timezone offset variable is used when it has to "
6754-"convert between non-UTC sources, such as FAT filesystems, to UTC (since the "
6755-"latter is what the rest of the system uses)."
6756-msgstr ""
6757-
6758-#. type: Plain text
6759-#: original/man8/iptables-extensions.8:1467
6760-msgid ""
6761-"The caveat with the kernel timezone is that Linux distributions may ignore "
6762-"to set the kernel timezone, and instead only set the system time. Even if a "
6763-"particular distribution does set the timezone at boot, it is usually does "
6764-"not keep the kernel timezone offset - which is what changes on DST - up to "
6765-"date. ntpd will not touch the kernel timezone, so running it will not "
6766-"resolve the issue. As such, one may encounter a timezone that is always "
6767-"+0000, or one that is wrong half of the time of the year. As such, B<using --"
6768-"kerneltz is highly discouraged.>"
6769-msgstr ""
6770-
6771-#. type: Plain text
6772-#: original/man8/iptables-extensions.8:1469
6773-msgid "EXAMPLES. To match on weekends, use:"
6774-msgstr ""
6775-
6776-#. type: Plain text
6777-#: original/man8/iptables-extensions.8:1471
6778-msgid "-m time --weekdays Sa,Su"
6779-msgstr ""
6780-
6781-#. type: Plain text
6782-#: original/man8/iptables-extensions.8:1473
6783-msgid "Or, to match (once) on a national holiday block:"
6784-msgstr ""
6785-
6786-#. type: Plain text
6787-#: original/man8/iptables-extensions.8:1475
6788-msgid "-m time --datestart 2007-12-24 --datestop 2007-12-27"
6789-msgstr ""
6790-
6791-#. type: Plain text
6792-#: original/man8/iptables-extensions.8:1478
6793-msgid ""
6794-"Since the stop time is actually inclusive, you would need the following stop "
6795-"time to not match the first second of the new day:"
6796-msgstr ""
6797-
6798-#. type: Plain text
6799-#: original/man8/iptables-extensions.8:1480
6800-msgid "-m time --datestart 2007-01-01T17:00 --datestop 2007-01-01T23:59:59"
6801-msgstr ""
6802-
6803-#. type: Plain text
6804-#: original/man8/iptables-extensions.8:1482
6805-msgid "During lunch hour:"
6806-msgstr ""
6807-
6808-#. type: Plain text
6809-#: original/man8/iptables-extensions.8:1484
6810-msgid "-m time --timestart 12:30 --timestop 13:30"
6811-msgstr ""
6812-
6813-#. type: Plain text
6814-#: original/man8/iptables-extensions.8:1486
6815-msgid "The fourth Friday in the month:"
6816-msgstr ""
6817-
6818-#. type: Plain text
6819-#: original/man8/iptables-extensions.8:1488
6820-msgid "-m time --weekdays Fr --monthdays 22,23,24,25,26,27,28"
6821-msgstr ""
6822-
6823-#. type: Plain text
6824-#: original/man8/iptables-extensions.8:1492
6825-msgid ""
6826-"(Note that this exploits a certain mathematical property. It is not possible "
6827-"to say \"fourth Thursday OR fourth Friday\" in one rule. It is possible with "
6828-"multiple rules, though.)"
6829-msgstr ""
6830-
6831-#. type: Plain text
6832-#: original/man8/iptables-extensions.8:1494
6833-msgid "Matching across days might not do what is expected. For instance,"
6834-msgstr ""
6835-
6836-#. type: Plain text
6837-#: original/man8/iptables-extensions.8:1500
6838-msgid ""
6839-"-m time --weekdays Mo --timestart 23:00 --timestop 01:00 Will match Monday, "
6840-"for one hour from midnight to 1 a.m., and then again for another hour from "
6841-"23:00 onwards. If this is unwanted, e.g. if you would like 'match for two "
6842-"hours from Montay 23:00 onwards' you need to also specify the --contiguous "
6843-"option in the example above."
6844-msgstr ""
6845-
6846-#. type: SS
6847-#: original/man8/iptables-extensions.8:1500
6848-#, no-wrap
6849-msgid "tos"
6850-msgstr "tos"
6851-
6852-#. type: Plain text
6853-#: original/man8/iptables-extensions.8:1504
6854-#, fuzzy
6855-#| msgid ""
6856-#| "This module matches the 8 bits of Type of Service field in the IP header "
6857-#| "(ie. including the precedence bits)."
6858-msgid ""
6859-"This module matches the 8-bit Type of Service field in the IPv4 header (i."
6860-"e. including the \"Precedence\" bits) or the (also 8-bit) Priority field in "
6861-"the IPv6 header."
6862-msgstr ""
6863-"このモジュールは IP ヘッダーの 8 ビットの (つまり上位ビットを含む) Type of "
6864-"Service フィールドにマッチする。"
6865-
6866-#. type: TP
6867-#: original/man8/iptables-extensions.8:1504
6868-#, fuzzy, no-wrap
6869-#| msgid "B<--mark >I<value>[/I<mask>]"
6870-msgid "[B<!>] B<--tos> I<value>[B</>I<mask>]"
6871-msgstr "B<--mark >I<value>[/I<mask>]"
6872-
6873-#. type: Plain text
6874-#: original/man8/iptables-extensions.8:1508
6875-#, fuzzy
6876-#| msgid ""
6877-#| "Matches packets with the given unsigned mark value (if a mask is "
6878-#| "specified, this is logically ANDed with the mask before the comparison)."
6879-msgid ""
6880-"Matches packets with the given TOS mark value. If a mask is specified, it is "
6881-"logically ANDed with the TOS mark before the comparison."
6882-msgstr ""
6883-"指定された符号なし mark 値のパケットにマッチする (mask が指定されると、比較の"
6884-"前に mask との論理積 (AND) がとられる)。"
6885-
6886-#. type: TP
6887-#: original/man8/iptables-extensions.8:1508
6888-#, fuzzy, no-wrap
6889-#| msgid "B<--tos >I<tos>"
6890-msgid "[B<!>] B<--tos> I<symbol>"
6891-msgstr "B<--tos >I<tos>"
6892-
6893-#. type: Plain text
6894-#: original/man8/iptables-extensions.8:1513
6895-msgid ""
6896-"You can specify a symbolic name when using the tos match for IPv4. The list "
6897-"of recognized TOS names can be obtained by calling iptables with B<-m tos -"
6898-"h>. Note that this implies a mask of 0x3F, i.e. all but the ECN bits."
6899-msgstr ""
6900-
6901-#. type: SS
6902-#: original/man8/iptables-extensions.8:1513
6903-#, no-wrap
6904-msgid "ttl (IPv4-specific)"
6905-msgstr ""
6906-
6907-#. type: Plain text
6908-#: original/man8/iptables-extensions.8:1515
6909-msgid "This module matches the time to live field in the IP header."
6910-msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。"
6911-
6912-#. type: TP
6913-#: original/man8/iptables-extensions.8:1515
6914-#, fuzzy, no-wrap
6915-#| msgid "B<--ttl >I<ttl>"
6916-msgid "[B<!>] B<--ttl-eq> I<ttl>"
6917-msgstr "B<--ttl >I<ttl>"
6918-
6919-#. type: Plain text
6920-#: original/man8/iptables-extensions.8:1518
6921-msgid "Matches the given TTL value."
6922-msgstr "指定された TTL 値にマッチする。"
6923-
6924-#. type: TP
6925-#: original/man8/iptables-extensions.8:1518
6926-#, fuzzy, no-wrap
6927-#| msgid "B<--ttl >I<ttl>"
6928-msgid "B<--ttl-gt> I<ttl>"
6929-msgstr "B<--ttl >I<ttl>"
6930-
6931-#. type: Plain text
6932-#: original/man8/iptables-extensions.8:1521
6933-#, fuzzy
6934-#| msgid "Matches the given TTL value."
6935-msgid "Matches if TTL is greater than the given TTL value."
6936-msgstr "指定された TTL 値にマッチする。"
6937-
6938-#. type: TP
6939-#: original/man8/iptables-extensions.8:1521
6940-#, fuzzy, no-wrap
6941-#| msgid "B<--ttl >I<ttl>"
6942-msgid "B<--ttl-lt> I<ttl>"
6943-msgstr "B<--ttl >I<ttl>"
6944-
6945-#. type: Plain text
6946-#: original/man8/iptables-extensions.8:1524
6947-#, fuzzy
6948-#| msgid "Matches the given TTL value."
6949-msgid "Matches if TTL is less than the given TTL value."
6950-msgstr "指定された TTL 値にマッチする。"
6951-
6952-#. type: SS
6953-#: original/man8/iptables-extensions.8:1524
6954-#, no-wrap
6955-msgid "u32"
6956-msgstr ""
6957-
6958-#. type: Plain text
6959-#: original/man8/iptables-extensions.8:1528
6960-msgid ""
6961-"U32 tests whether quantities of up to 4 bytes extracted from a packet have "
6962-"specified values. The specification of what to extract is general enough to "
6963-"find data at given offsets from tcp headers or payloads."
6964-msgstr ""
6965-
6966-#. type: TP
6967-#: original/man8/iptables-extensions.8:1528
6968-#, no-wrap
6969-msgid "[B<!>] B<--u32> I<tests>"
6970-msgstr ""
6971-
6972-#. type: Plain text
6973-#: original/man8/iptables-extensions.8:1531
6974-msgid "The argument amounts to a program in a small language described below."
6975-msgstr ""
6976-
6977-#. type: Plain text
6978-#: original/man8/iptables-extensions.8:1533
6979-msgid "tests := location \"=\" value | tests \"&&\" location \"=\" value"
6980-msgstr ""
6981-
6982-#. type: Plain text
6983-#: original/man8/iptables-extensions.8:1535
6984-msgid "value := range | value \",\" range"
6985-msgstr ""
6986-
6987-#. type: Plain text
6988-#: original/man8/iptables-extensions.8:1537
6989-msgid "range := number | number \":\" number"
6990-msgstr ""
6991-
6992-#. type: Plain text
6993-#: original/man8/iptables-extensions.8:1540
6994-msgid ""
6995-"a single number, I<n>, is interpreted the same as I<n:n>. I<n:m> is "
6996-"interpreted as the range of numbers B<E<gt>=n> and B<E<lt>=m>."
6997-msgstr ""
6998-
6999-#. type: Plain text
7000-#: original/man8/iptables-extensions.8:1542
7001-msgid "location := number | location operator number"
7002-msgstr ""
7003-
7004-#. type: Plain text
7005-#: original/man8/iptables-extensions.8:1544
7006-msgid "operator := \"&\" | \"E<lt>E<lt>\" | \"E<gt>E<gt>\" | \"@\""
7007-msgstr ""
7008-
7009-#. type: Plain text
7010-#: original/man8/iptables-extensions.8:1549
7011-msgid ""
7012-"The operators B<&>, B<E<lt>E<lt>>, B<E<gt>E<gt>> and B<&&> mean the same as "
7013-"in C. The B<=> is really a set membership operator and the value syntax "
7014-"describes a set. The B<@> operator is what allows moving to the next header "
7015-"and is described further below."
7016-msgstr ""
7017-
7018-#. type: Plain text
7019-#: original/man8/iptables-extensions.8:1552
7020-msgid ""
7021-"There are currently some artificial implementation limits on the size of the "
7022-"tests:"
7023-msgstr ""
7024-
7025-#. type: IP
7026-#: original/man8/iptables-extensions.8:1552
7027-#: original/man8/iptables-extensions.8:1554
7028-#: original/man8/iptables-extensions.8:1556
7029-#, no-wrap
7030-msgid " *"
7031-msgstr ""
7032-
7033-#. type: Plain text
7034-#: original/man8/iptables-extensions.8:1554
7035-msgid "no more than 10 of \"B<=>\" (and 9 \"B<&&>\"s) in the u32 argument"
7036-msgstr ""
7037-
7038-#. type: Plain text
7039-#: original/man8/iptables-extensions.8:1556
7040-msgid "no more than 10 ranges (and 9 commas) per value"
7041-msgstr ""
7042-
7043-#. type: Plain text
7044-#: original/man8/iptables-extensions.8:1558
7045-msgid "no more than 10 numbers (and 9 operators) per location"
7046-msgstr ""
7047-
7048-#. type: Plain text
7049-#: original/man8/iptables-extensions.8:1561
7050-msgid ""
7051-"To describe the meaning of location, imagine the following machine that "
7052-"interprets it. There are three registers:"
7053-msgstr ""
7054-
7055-#. type: Plain text
7056-#: original/man8/iptables-extensions.8:1563
7057-msgid "A is of type B<char *>, initially the address of the IP header"
7058-msgstr ""
7059-
7060-#. type: Plain text
7061-#: original/man8/iptables-extensions.8:1565
7062-msgid "B and C are unsigned 32 bit integers, initially zero"
7063-msgstr ""
7064-
7065-#. type: Plain text
7066-#: original/man8/iptables-extensions.8:1567
7067-msgid "The instructions are:"
7068-msgstr ""
7069-
7070-#. type: Plain text
7071-#: original/man8/iptables-extensions.8:1569
7072-msgid "number B = number;"
7073-msgstr ""
7074-
7075-#. type: Plain text
7076-#: original/man8/iptables-extensions.8:1571
7077-msgid ""
7078-"C = (*(A+B)E<lt>E<lt>24) + (*(A+B+1)E<lt>E<lt>16) + (*(A+B+2)E<lt>E<lt>8) + *"
7079-"(A+B+3)"
7080-msgstr ""
7081-
7082-#. type: Plain text
7083-#: original/man8/iptables-extensions.8:1573
7084-msgid "&number C = C & number"
7085-msgstr ""
7086-
7087-#. type: Plain text
7088-#: original/man8/iptables-extensions.8:1575
7089-msgid "E<lt>E<lt> number C = C E<lt>E<lt> number"
7090-msgstr ""
7091-
7092-#. type: Plain text
7093-#: original/man8/iptables-extensions.8:1577
7094-msgid "E<gt>E<gt> number C = C E<gt>E<gt> number"
7095-msgstr ""
7096-
7097-#. type: Plain text
7098-#: original/man8/iptables-extensions.8:1579
7099-msgid "@number A = A + C; then do the instruction number"
7100-msgstr ""
7101-
7102-#. type: Plain text
7103-#: original/man8/iptables-extensions.8:1582
7104-msgid ""
7105-"Any access of memory outside [skb-E<gt>data,skb-E<gt>end] causes the match "
7106-"to fail. Otherwise the result of the computation is the final value of C."
7107-msgstr ""
7108-
7109-#. type: Plain text
7110-#: original/man8/iptables-extensions.8:1586
7111-msgid ""
7112-"Whitespace is allowed but not required in the tests. However, the characters "
7113-"that do occur there are likely to require shell quoting, so it is a good "
7114-"idea to enclose the arguments in quotes."
7115-msgstr ""
7116-
7117-#. type: Plain text
7118-#: original/man8/iptables-extensions.8:1590
7119-msgid "match IP packets with total length E<gt>= 256"
7120-msgstr ""
7121-
7122-#. type: Plain text
7123-#: original/man8/iptables-extensions.8:1592
7124-msgid "The IP header contains a total length field in bytes 2-3."
7125-msgstr ""
7126-
7127-#. type: Plain text
7128-#: original/man8/iptables-extensions.8:1594
7129-msgid "--u32 \"B<0 & 0xFFFF = 0x100:0xFFFF>\""
7130-msgstr ""
7131-
7132-#. type: Plain text
7133-#: original/man8/iptables-extensions.8:1596
7134-msgid "read bytes 0-3"
7135-msgstr ""
7136-
7137-#. type: Plain text
7138-#: original/man8/iptables-extensions.8:1599
7139-msgid ""
7140-"AND that with 0xFFFF (giving bytes 2-3), and test whether that is in the "
7141-"range [0x100:0xFFFF]"
7142-msgstr ""
7143-
7144-#. type: Plain text
7145-#: original/man8/iptables-extensions.8:1601
7146-msgid "Example: (more realistic, hence more complicated)"
7147-msgstr ""
7148-
7149-#. type: Plain text
7150-#: original/man8/iptables-extensions.8:1603
7151-msgid "match ICMP packets with icmp type 0"
7152-msgstr ""
7153-
7154-#. type: Plain text
7155-#: original/man8/iptables-extensions.8:1605
7156-msgid "First test that it is an ICMP packet, true iff byte 9 (protocol) = 1"
7157-msgstr ""
7158-
7159-#. type: Plain text
7160-#: original/man8/iptables-extensions.8:1607
7161-msgid "--u32 \"B<6 & 0xFF = 1 &&> ..."
7162-msgstr ""
7163-
7164-#. type: Plain text
7165-#: original/man8/iptables-extensions.8:1614
7166-msgid ""
7167-"read bytes 6-9, use B<&> to throw away bytes 6-8 and compare the result to "
7168-"1. Next test that it is not a fragment. (If so, it might be part of such a "
7169-"packet but we cannot always tell.) N.B.: This test is generally needed if "
7170-"you want to match anything beyond the IP header. The last 6 bits of byte 6 "
7171-"and all of byte 7 are 0 iff this is a complete packet (not a fragment). "
7172-"Alternatively, you can allow first fragments by only testing the last 5 bits "
7173-"of byte 6."
7174-msgstr ""
7175-
7176-#. type: Plain text
7177-#: original/man8/iptables-extensions.8:1616
7178-msgid "... B<4 & 0x3FFF = 0 &&> ..."
7179-msgstr ""
7180-
7181-#. type: Plain text
7182-#: original/man8/iptables-extensions.8:1620
7183-msgid ""
7184-"Last test: the first byte past the IP header (the type) is 0. This is where "
7185-"we have to use the @syntax. The length of the IP header (IHL) in 32 bit "
7186-"words is stored in the right half of byte 0 of the IP header itself."
7187-msgstr ""
7188-
7189-#. type: Plain text
7190-#: original/man8/iptables-extensions.8:1622
7191-msgid "... B<0 E<gt>E<gt> 22 & 0x3C @ 0 E<gt>E<gt> 24 = 0>\""
7192-msgstr ""
7193-
7194-#. type: Plain text
7195-#: original/man8/iptables-extensions.8:1634
7196-msgid ""
7197-"The first 0 means read bytes 0-3, B<E<gt>E<gt>22> means shift that 22 bits "
7198-"to the right. Shifting 24 bits would give the first byte, so only 22 bits is "
7199-"four times that plus a few more bits. B<&3C> then eliminates the two extra "
7200-"bits on the right and the first four bits of the first byte. For instance, "
7201-"if IHL=5, then the IP header is 20 (4 x 5) bytes long. In this case, bytes "
7202-"0-1 are (in binary) xxxx0101 yyzzzzzz, B<E<gt>E<gt>22> gives the 10 bit "
7203-"value xxxx0101yy and B<&3C> gives 010100. B<@> means to use this number as a "
7204-"new offset into the packet, and read four bytes starting from there. This is "
7205-"the first 4 bytes of the ICMP payload, of which byte 0 is the ICMP type. "
7206-"Therefore, we simply shift the value 24 to the right to throw out all but "
7207-"the first byte and compare the result with 0."
7208-msgstr ""
7209-
7210-#. type: Plain text
7211-#: original/man8/iptables-extensions.8:1638
7212-msgid "TCP payload bytes 8-12 is any of 1, 2, 5 or 8"
7213-msgstr ""
7214-
7215-#. type: Plain text
7216-#: original/man8/iptables-extensions.8:1640
7217-msgid "First we test that the packet is a tcp packet (similar to ICMP)."
7218-msgstr ""
7219-
7220-#. type: Plain text
7221-#: original/man8/iptables-extensions.8:1642
7222-msgid "--u32 \"B<6 & 0xFF = 6 &&> ..."
7223-msgstr ""
7224-
7225-#. type: Plain text
7226-#: original/man8/iptables-extensions.8:1644
7227-msgid "Next, test that it is not a fragment (same as above)."
7228-msgstr ""
7229-
7230-#. type: Plain text
7231-#: original/man8/iptables-extensions.8:1646
7232-msgid "... B<0 E<gt>E<gt> 22 & 0x3C @ 12 E<gt>E<gt> 26 & 0x3C @ 8 = 1,2,5,8>\""
7233-msgstr ""
7234-
7235-#. type: Plain text
7236-#: original/man8/iptables-extensions.8:1654
7237-msgid ""
7238-"B<0E<gt>E<gt>22&3C> as above computes the number of bytes in the IP header. "
7239-"B<@> makes this the new offset into the packet, which is the start of the "
7240-"TCP header. The length of the TCP header (again in 32 bit words) is the left "
7241-"half of byte 12 of the TCP header. The B<12E<gt>E<gt>26&3C> computes this "
7242-"length in bytes (similar to the IP header before). \"@\" makes this the new "
7243-"offset, which is the start of the TCP payload. Finally, 8 reads bytes 8-12 "
7244-"of the payload and B<=> checks whether the result is any of 1, 2, 5 or 8."
7245-msgstr ""
7246-
7247-#. type: SS
7248-#: original/man8/iptables-extensions.8:1654
7249-#, no-wrap
7250-msgid "udp"
7251-msgstr "udp"
7252-
7253-#. type: Plain text
7254-#: original/man8/iptables-extensions.8:1657
7255-#, fuzzy
7256-#| msgid ""
7257-#| "These extensions are loaded if `--protocol udp' is specified. It "
7258-#| "provides the following options:"
7259-msgid ""
7260-"These extensions can be used if `--protocol udp' is specified. It provides "
7261-"the following options:"
7262-msgstr ""
7263-"これらの拡張は `--protocol udp' が指定された場合にロードされ、 以下のオプショ"
7264-"ンが提供される:"
7265-
7266-#. type: Plain text
7267-#: original/man8/iptables-extensions.8:1663
7268-msgid ""
7269-"Source port or port range specification. See the description of the B<--"
7270-"source-port> option of the TCP extension for details."
7271-msgstr ""
7272-"送信元ポートまたはポート範囲の指定。 詳細は TCP 拡張の B<--source-port> オプ"
7273-"ションの説明を参照すること。"
7274-
7275-#. type: Plain text
7276-#: original/man8/iptables-extensions.8:1669
7277-msgid ""
7278-"Destination port or port range specification. See the description of the "
7279-"B<--destination-port> option of the TCP extension for details."
7280-msgstr ""
7281-"送信先ポートまたはポート範囲の指定。 詳細は TCP 拡張の B<--destination-port> "
7282-"オプションの説明を参照すること。"
7283-
7284-#. type: SS
7285-#: original/man8/iptables-extensions.8:1669
7286-#, no-wrap
7287-msgid "unclean (IPv4-specific)"
7288-msgstr ""
7289-
7290-#. type: Plain text
7291-#: original/man8/iptables-extensions.8:1672
7292-msgid ""
7293-"This module takes no options, but attempts to match packets which seem "
7294-"malformed or unusual. This is regarded as experimental."
7295-msgstr ""
7296-"このモジュールにはオプションがないが、 おかしく正常でないように見えるパケット"
7297-"にマッチする。 これは実験的なものとして扱われている。"
7298-
7299-#. type: SH
7300-#: original/man8/iptables-extensions.8:1672
7301-#, no-wrap
7302-msgid "TARGET EXTENSIONS"
7303-msgstr "ターゲットの拡張"
7304-
7305-#. @TARGET@
7306-#. type: Plain text
7307-#: original/man8/iptables-extensions.8:1676
7308-msgid ""
7309-"iptables can use extended target modules: the following are included in the "
7310-"standard distribution."
7311-msgstr ""
7312-"iptables は拡張ターゲットモジュールを使うことができる: 以下のものが、標準的な"
7313-"ディストリビューションに含まれている。"
7314-
7315-#. type: SS
7316-#: original/man8/iptables-extensions.8:1676
7317-#, no-wrap
7318-msgid "AUDIT"
7319-msgstr ""
7320-
7321-#. type: Plain text
7322-#: original/man8/iptables-extensions.8:1680
7323-msgid ""
7324-"This target allows to create audit records for packets hitting the target. "
7325-"It can be used to record accepted, dropped, and rejected packets. See auditd"
7326-"(8) for additional details."
7327-msgstr ""
7328-
7329-#. type: TP
7330-#: original/man8/iptables-extensions.8:1680
7331-#, no-wrap
7332-msgid "B<--type> {B<accept>|B<drop>|B<reject>}"
7333-msgstr ""
7334-
7335-#. type: Plain text
7336-#: original/man8/iptables-extensions.8:1683
7337-msgid "Set type of audit record."
7338-msgstr ""
7339-
7340-#. type: Plain text
7341-#: original/man8/iptables-extensions.8:1687
7342-#, fuzzy
7343-#| msgid " iptables -j TOS -h\n"
7344-msgid "iptables -N AUDIT_DROP"
7345-msgstr " iptables -j TOS -h\n"
7346-
7347-#. type: Plain text
7348-#: original/man8/iptables-extensions.8:1689
7349-msgid "iptables -A AUDIT_DROP -j AUDIT --type drop"
7350-msgstr ""
7351-
7352-#. type: Plain text
7353-#: original/man8/iptables-extensions.8:1691
7354-#, fuzzy
7355-#| msgid " iptables -j TOS -h\n"
7356-msgid "iptables -A AUDIT_DROP -j DROP"
7357-msgstr " iptables -j TOS -h\n"
7358-
7359-#. type: SS
7360-#: original/man8/iptables-extensions.8:1691
7361-#, no-wrap
7362-msgid "CHECKSUM"
7363-msgstr ""
7364-
7365-#. type: Plain text
7366-#: original/man8/iptables-extensions.8:1694
7367-#, fuzzy
7368-#| msgid ""
7369-#| "This target allows to selectively work around known ECN blackholes. It "
7370-#| "can only be used in the mangle table."
7371-msgid ""
7372-"This target allows to selectively work around broken/old applications. It "
7373-"can only be used in the mangle table."
7374-msgstr ""
7375-"このターゲットは ECN ブラックホール問題への対処を可能にする。 mangle テーブル"
7376-"でのみ使用できる。"
7377-
7378-#. type: TP
7379-#: original/man8/iptables-extensions.8:1694
7380-#, no-wrap
7381-msgid "B<--checksum-fill>"
7382-msgstr ""
7383-
7384-#. type: Plain text
7385-#: original/man8/iptables-extensions.8:1700
7386-msgid ""
7387-"Compute and fill in the checksum in a packet that lacks a checksum. This is "
7388-"particularly useful, if you need to work around old applications such as "
7389-"dhcp clients, that do not work well with checksum offloads, but don't want "
7390-"to disable checksum offload in your device."
7391-msgstr ""
7392-
7393-#. type: SS
7394-#: original/man8/iptables-extensions.8:1700
7395-#, no-wrap
7396-msgid "CLASSIFY"
7397-msgstr ""
7398-
7399-#. type: Plain text
7400-#: original/man8/iptables-extensions.8:1702
7401-msgid ""
7402-"This module allows you to set the skb-E<gt>priority value (and thus classify "
7403-"the packet into a specific CBQ class)."
7404-msgstr ""
7405-
7406-#. type: TP
7407-#: original/man8/iptables-extensions.8:1702
7408-#, fuzzy, no-wrap
7409-#| msgid "B<--set-mark >I<mark>"
7410-msgid "B<--set-class> I<major>B<:>I<minor>"
7411-msgstr "B<--set-mark >I<mark>"
7412-
7413-#. type: Plain text
7414-#: original/man8/iptables-extensions.8:1706
7415-msgid ""
7416-"Set the major and minor class value. The values are always interpreted as "
7417-"hexadecimal even if no 0x prefix is given."
7418-msgstr ""
7419-
7420-#. type: SS
7421-#: original/man8/iptables-extensions.8:1706
7422-#, no-wrap
7423-msgid "CLUSTERIP (IPv4-specific)"
7424-msgstr ""
7425-
7426-#. type: Plain text
7427-#: original/man8/iptables-extensions.8:1711
7428-msgid ""
7429-"This module allows you to configure a simple cluster of nodes that share a "
7430-"certain IP and MAC address without an explicit load balancer in front of "
7431-"them. Connections are statically distributed between the nodes in this "
7432-"cluster."
7433-msgstr ""
7434-
7435-#. type: TP
7436-#: original/man8/iptables-extensions.8:1711
7437-#, no-wrap
7438-msgid "B<--new>"
7439-msgstr ""
7440-
7441-#. type: Plain text
7442-#: original/man8/iptables-extensions.8:1715
7443-msgid ""
7444-"Create a new ClusterIP. You always have to set this on the first rule for a "
7445-"given ClusterIP."
7446-msgstr ""
7447-
7448-#. type: TP
7449-#: original/man8/iptables-extensions.8:1715
7450-#, fuzzy, no-wrap
7451-#| msgid "B<--cmd-owner >I<name>"
7452-msgid "B<--hashmode> I<mode>"
7453-msgstr "B<--cmd-owner >I<name>"
7454-
7455-#. type: Plain text
7456-#: original/man8/iptables-extensions.8:1719
7457-msgid ""
7458-"Specify the hashing mode. Has to be one of B<sourceip>, B<sourceip-"
7459-"sourceport>, B<sourceip-sourceport-destport>."
7460-msgstr ""
7461-
7462-#. type: TP
7463-#: original/man8/iptables-extensions.8:1719
7464-#, fuzzy, no-wrap
7465-#| msgid "B<--set-mark >I<mark>"
7466-msgid "B<--clustermac> I<mac>"
7467-msgstr "B<--set-mark >I<mark>"
7468-
7469-#. type: Plain text
7470-#: original/man8/iptables-extensions.8:1722
7471-msgid ""
7472-"Specify the ClusterIP MAC address. Has to be a link-layer multicast address"
7473-msgstr ""
7474-
7475-#. type: TP
7476-#: original/man8/iptables-extensions.8:1722
7477-#, fuzzy, no-wrap
7478-#| msgid "B<-t>, B<--table> B<tablename>"
7479-msgid "B<--total-nodes> I<num>"
7480-msgstr "B<-t>, B<--table> B<tablename>"
7481-
7482-#. type: Plain text
7483-#: original/man8/iptables-extensions.8:1725
7484-msgid "Number of total nodes within this cluster."
7485-msgstr ""
7486-
7487-#. type: TP
7488-#: original/man8/iptables-extensions.8:1725
7489-#, fuzzy, no-wrap
7490-#| msgid "B<--cmd-owner >I<name>"
7491-msgid "B<--local-node> I<num>"
7492-msgstr "B<--cmd-owner >I<name>"
7493-
7494-#. type: Plain text
7495-#: original/man8/iptables-extensions.8:1728
7496-msgid "Local node number within this cluster."
7497-msgstr ""
7498-
7499-#. type: TP
7500-#: original/man8/iptables-extensions.8:1728
7501-#, fuzzy, no-wrap
7502-#| msgid "B<--limit >I<rate>"
7503-msgid "B<--hash-init> I<rnd>"
7504-msgstr "B<--limit >I<rate>"
7505-
7506-#. type: Plain text
7507-#: original/man8/iptables-extensions.8:1731
7508-msgid "Specify the random seed used for hash initialization."
7509-msgstr ""
7510-
7511-#. type: SS
7512-#: original/man8/iptables-extensions.8:1731
7513-#, fuzzy, no-wrap
7514-#| msgid "MARK"
7515-msgid "CONNMARK"
7516-msgstr "MARK"
7517-
7518-#. type: Plain text
7519-#: original/man8/iptables-extensions.8:1734
7520-#, fuzzy
7521-#| msgid ""
7522-#| "This is used to set the netfilter mark value associated with the packet. "
7523-#| "It is only valid in the B<mangle> table."
7524-msgid ""
7525-"This module sets the netfilter mark value associated with a connection. The "
7526-"mark is 32 bits wide."
7527-msgstr ""
7528-"パケットに関連づけられた netfilter の mark 値を指定する。 B<mangle> テーブル"
7529-"のみで有効である。"
7530-
7531-#. type: TP
7532-#: original/man8/iptables-extensions.8:1734
7533-#: original/man8/iptables-extensions.8:2100
7534-#, fuzzy, no-wrap
7535-#| msgid "B<--mark >I<value>[/I<mask>]"
7536-msgid "B<--set-xmark> I<value>[B</>I<mask>]"
7537-msgstr "B<--mark >I<value>[/I<mask>]"
7538-
7539-#. type: Plain text
7540-#: original/man8/iptables-extensions.8:1737
7541-msgid "Zero out the bits given by I<mask> and XOR I<value> into the ctmark."
7542-msgstr ""
7543-
7544-#. type: TP
7545-#: original/man8/iptables-extensions.8:1737
7546-#, no-wrap
7547-msgid "B<--save-mark> [B<--nfmask> I<nfmask>] [B<--ctmask> I<ctmask>]"
7548-msgstr ""
7549-
7550-#. type: Plain text
7551-#: original/man8/iptables-extensions.8:1741
7552-msgid ""
7553-"Copy the packet mark (nfmark) to the connection mark (ctmark) using the "
7554-"given masks. The new nfmark value is determined as follows:"
7555-msgstr ""
7556-
7557-#. type: Plain text
7558-#: original/man8/iptables-extensions.8:1743
7559-msgid "ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)"
7560-msgstr ""
7561-
7562-#. type: Plain text
7563-#: original/man8/iptables-extensions.8:1747
7564-msgid ""
7565-"i.e. I<ctmask> defines what bits to clear and I<nfmask> what bits of the "
7566-"nfmark to XOR into the ctmark. I<ctmask> and I<nfmask> default to 0xFFFFFFFF."
7567-msgstr ""
7568-
7569-#. type: TP
7570-#: original/man8/iptables-extensions.8:1747
7571-#, no-wrap
7572-msgid "B<--restore-mark> [B<--nfmask> I<nfmask>] [B<--ctmask> I<ctmask>]"
7573-msgstr ""
7574-
7575-#. type: Plain text
7576-#: original/man8/iptables-extensions.8:1751
7577-msgid ""
7578-"Copy the connection mark (ctmark) to the packet mark (nfmark) using the "
7579-"given masks. The new ctmark value is determined as follows:"
7580-msgstr ""
7581-
7582-#. type: Plain text
7583-#: original/man8/iptables-extensions.8:1753
7584-msgid "nfmark = (nfmark & ~I<nfmask>) ^ (ctmark & I<ctmask>);"
7585-msgstr ""
7586-
7587-#. type: Plain text
7588-#: original/man8/iptables-extensions.8:1757
7589-msgid ""
7590-"i.e. I<nfmask> defines what bits to clear and I<ctmask> what bits of the "
7591-"ctmark to XOR into the nfmark. I<ctmask> and I<nfmask> default to 0xFFFFFFFF."
7592-msgstr ""
7593-
7594-#. type: Plain text
7595-#: original/man8/iptables-extensions.8:1759
7596-msgid "B<--restore-mark> is only valid in the B<mangle> table."
7597-msgstr ""
7598-
7599-#. type: Plain text
7600-#: original/man8/iptables-extensions.8:1761
7601-msgid "The following mnemonics are available for B<--set-xmark>:"
7602-msgstr ""
7603-
7604-#. type: TP
7605-#: original/man8/iptables-extensions.8:1761
7606-#: original/man8/iptables-extensions.8:2110
7607-#, fuzzy, no-wrap
7608-#| msgid "B<--set-mark >I<mark>"
7609-msgid "B<--and-mark> I<bits>"
7610-msgstr "B<--set-mark >I<mark>"
7611-
7612-#. type: Plain text
7613-#: original/man8/iptables-extensions.8:1765
7614-msgid ""
7615-"Binary AND the ctmark with I<bits>. (Mnemonic for B<--set-xmark 0/"
7616-">I<invbits>, where I<invbits> is the binary negation of I<bits>.)"
7617-msgstr ""
7618-
7619-#. type: TP
7620-#: original/man8/iptables-extensions.8:1765
7621-#: original/man8/iptables-extensions.8:2114
7622-#, fuzzy, no-wrap
7623-#| msgid "B<--set-mark >I<mark>"
7624-msgid "B<--or-mark> I<bits>"
7625-msgstr "B<--set-mark >I<mark>"
7626-
7627-#. type: Plain text
7628-#: original/man8/iptables-extensions.8:1769
7629-msgid ""
7630-"Binary OR the ctmark with I<bits>. (Mnemonic for B<--set-xmark> I<bits>B</"
7631-">I<bits>.)"
7632-msgstr ""
7633-
7634-#. type: TP
7635-#: original/man8/iptables-extensions.8:1769
7636-#: original/man8/iptables-extensions.8:2118
7637-#, fuzzy, no-wrap
7638-#| msgid "B<--set-mark >I<mark>"
7639-msgid "B<--xor-mark> I<bits>"
7640-msgstr "B<--set-mark >I<mark>"
7641-
7642-#. type: Plain text
7643-#: original/man8/iptables-extensions.8:1773
7644-msgid ""
7645-"Binary XOR the ctmark with I<bits>. (Mnemonic for B<--set-xmark> "
7646-"I<bits>B</0>.)"
7647-msgstr ""
7648-
7649-#. type: TP
7650-#: original/man8/iptables-extensions.8:1773
7651-#: original/man8/iptables-extensions.8:2104
7652-#, fuzzy, no-wrap
7653-#| msgid "B<--mark >I<value>[/I<mask>]"
7654-msgid "B<--set-mark> I<value>[B</>I<mask>]"
7655-msgstr "B<--mark >I<value>[/I<mask>]"
7656-
7657-#. type: Plain text
7658-#: original/man8/iptables-extensions.8:1777
7659-msgid ""
7660-"Set the connection mark. If a mask is specified then only those bits set in "
7661-"the mask are modified."
7662-msgstr ""
7663-
7664-#. type: TP
7665-#: original/man8/iptables-extensions.8:1777
7666-#, fuzzy, no-wrap
7667-#| msgid "B<--set-mark >I<mark>"
7668-msgid "B<--save-mark> [B<--mask> I<mask>]"
7669-msgstr "B<--set-mark >I<mark>"
7670-
7671-#. type: Plain text
7672-#: original/man8/iptables-extensions.8:1781
7673-msgid ""
7674-"Copy the nfmark to the ctmark. If a mask is specified, only those bits are "
7675-"copied."
7676-msgstr ""
7677-
7678-#. type: TP
7679-#: original/man8/iptables-extensions.8:1781
7680-#, fuzzy, no-wrap
7681-#| msgid "B<--set-mark >I<mark>"
7682-msgid "B<--restore-mark> [B<--mask> I<mask>]"
7683-msgstr "B<--set-mark >I<mark>"
7684-
7685-#. type: Plain text
7686-#: original/man8/iptables-extensions.8:1785
7687-#, fuzzy
7688-#| msgid ""
7689-#| "This is used to set the netfilter mark value associated with the packet. "
7690-#| "It is only valid in the B<mangle> table."
7691-msgid ""
7692-"Copy the ctmark to the nfmark. If a mask is specified, only those bits are "
7693-"copied. This is only valid in the B<mangle> table."
7694-msgstr ""
7695-"パケットに関連づけられた netfilter の mark 値を指定する。 B<mangle> テーブル"
7696-"のみで有効である。"
7697-
7698-#. type: SS
7699-#: original/man8/iptables-extensions.8:1785
7700-#, no-wrap
7701-msgid "CONNSECMARK"
7702-msgstr ""
7703-
7704-#. type: Plain text
7705-#: original/man8/iptables-extensions.8:1795
7706-msgid ""
7707-"This module copies security markings from packets to connections (if "
7708-"unlabeled), and from connections back to packets (also only if unlabeled). "
7709-"Typically used in conjunction with SECMARK, it is valid in the B<security> "
7710-"table (for backwards compatibility with older kernels, it is also valid in "
7711-"the B<mangle> table)."
7712-msgstr ""
7713-
7714-#. type: TP
7715-#: original/man8/iptables-extensions.8:1795
7716-#, no-wrap
7717-msgid "B<--save>"
7718-msgstr ""
7719-
7720-#. type: Plain text
7721-#: original/man8/iptables-extensions.8:1799
7722-msgid ""
7723-"If the packet has a security marking, copy it to the connection if the "
7724-"connection is not marked."
7725-msgstr ""
7726-
7727-#. type: TP
7728-#: original/man8/iptables-extensions.8:1799
7729-#, no-wrap
7730-msgid "B<--restore>"
7731-msgstr ""
7732-
7733-#. type: Plain text
7734-#: original/man8/iptables-extensions.8:1803
7735-msgid ""
7736-"If the packet does not have a security marking, and the connection does, "
7737-"copy the security marking from the connection to the packet."
7738-msgstr ""
7739-
7740-#. type: SS
7741-#: original/man8/iptables-extensions.8:1804
7742-#, no-wrap
7743-msgid "CT"
7744-msgstr ""
7745-
7746-#. type: Plain text
7747-#: original/man8/iptables-extensions.8:1809
7748-msgid ""
7749-"The CT target allows to set parameters for a packet or its associated "
7750-"connection. The target attaches a \"template\" connection tracking entry to "
7751-"the packet, which is then used by the conntrack core when initializing a new "
7752-"ct entry. This target is thus only valid in the \"raw\" table."
7753-msgstr ""
7754-
7755-#. type: TP
7756-#: original/man8/iptables-extensions.8:1809
7757-#, no-wrap
7758-msgid "B<--notrack>"
7759-msgstr ""
7760-
7761-#. type: Plain text
7762-#: original/man8/iptables-extensions.8:1812
7763-msgid "Disables connection tracking for this packet."
7764-msgstr ""
7765-
7766-#. type: TP
7767-#: original/man8/iptables-extensions.8:1812
7768-#, fuzzy, no-wrap
7769-#| msgid "B<--helper >I<string>"
7770-msgid "B<--helper> I<name>"
7771-msgstr "B<--helper >I<string>"
7772-
7773-#. type: Plain text
7774-#: original/man8/iptables-extensions.8:1816
7775-msgid ""
7776-"Use the helper identified by I<name> for the connection. This is more "
7777-"flexible than loading the conntrack helper modules with preset ports."
7778-msgstr ""
7779-
7780-#. type: TP
7781-#: original/man8/iptables-extensions.8:1816
7782-#, no-wrap
7783-msgid "B<--ctevents> I<event>[B<,>...]"
7784-msgstr ""
7785-
7786-#. type: Plain text
7787-#: original/man8/iptables-extensions.8:1822
7788-msgid ""
7789-"Only generate the specified conntrack events for this connection. Possible "
7790-"event types are: B<new>, B<related>, B<destroy>, B<reply>, B<assured>, "
7791-"B<protoinfo>, B<helper>, B<mark> (this refers to the ctmark, not nfmark), "
7792-"B<natseqinfo>, B<secmark> (ctsecmark)."
7793-msgstr ""
7794-
7795-#. type: TP
7796-#: original/man8/iptables-extensions.8:1822
7797-#, no-wrap
7798-msgid "B<--expevents> I<event>[B<,>...]"
7799-msgstr ""
7800-
7801-#. type: Plain text
7802-#: original/man8/iptables-extensions.8:1826
7803-msgid ""
7804-"Only generate the specified expectation events for this connection. "
7805-"Possible event types are: B<new>."
7806-msgstr ""
7807-
7808-#. type: TP
7809-#: original/man8/iptables-extensions.8:1826
7810-#, fuzzy, no-wrap
7811-#| msgid "B<--uid-owner >I<userid>"
7812-msgid "B<--zone> I<id>"
7813-msgstr "B<--uid-owner >I<userid>"
7814-
7815-#. type: Plain text
7816-#: original/man8/iptables-extensions.8:1830
7817-msgid ""
7818-"Assign this packet to zone I<id> and only have lookups done in that zone. "
7819-"By default, packets have zone 0."
7820-msgstr ""
7821-
7822-#. type: TP
7823-#: original/man8/iptables-extensions.8:1830
7824-#, fuzzy, no-wrap
7825-#| msgid "B<--set-mss >I<value>"
7826-msgid "B<--timeout> I<name>"
7827-msgstr "B<--set-mss >I<value>"
7828-
7829-#. type: Plain text
7830-#: original/man8/iptables-extensions.8:1835
7831-msgid ""
7832-"Use the timeout policy identified by I<name> for the connection. This is "
7833-"provides more flexible timeout policy definition than global timeout values "
7834-"available at /proc/sys/net/netfilter/nf_conntrack_*_timeout_*."
7835-msgstr ""
7836-
7837-#. type: SS
7838-#: original/man8/iptables-extensions.8:1835
7839-#, no-wrap
7840-msgid "DNAT (IPv4-specific)"
7841-msgstr ""
7842-
7843-#. type: Plain text
7844-#: original/man8/iptables-extensions.8:1847
7845-msgid ""
7846-"This target is only valid in the B<nat> table, in the B<PREROUTING> and "
7847-"B<OUTPUT> chains, and user-defined chains which are only called from those "
7848-"chains. It specifies that the destination address of the packet should be "
7849-"modified (and all future packets in this connection will also be mangled), "
7850-"and rules should cease being examined. It takes one type of option:"
7851-msgstr ""
7852-"このターゲットは B<nat> テーブルの B<PREROUTING>, B<OUTPUT> チェイン、これら"
7853-"のチェインから呼び出される ユーザー定義チェインのみで有効である。 このター"
7854-"ゲットはパケットの送信先アドレスを修正する (この接続の以降のパケットも修正し"
7855-"て分からなく (mangle) する)。 さらに、ルールによるチェックを止めさせる。 この"
7856-"ターゲットにはオプションが 1 種類ある:"
7857-
7858-#. type: TP
7859-#: original/man8/iptables-extensions.8:1847
7860-#, fuzzy, no-wrap
7861-#| msgid "B<--to-destination >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
7862-msgid "B<--to-destination> [I<ipaddr>[B<->I<ipaddr>]][B<:>I<port>[B<->I<port>]]"
7863-msgstr "B

Part of diff was cut off due to size limit. Use your local client to view the full diff.

Show on old repository browser