summaryrefslogtreecommitdiff
path: root/extensions/libxt_physdev.man
diff options
context:
space:
mode:
authorJinkun Jang <jinkun.jang@samsung.com>2013-03-13 01:42:55 +0900
committerJinkun Jang <jinkun.jang@samsung.com>2013-03-13 01:42:55 +0900
commitcb06be6ecc10920c73293799689ce9803262a922 (patch)
tree5d21c5f26a156067e733c9faa79782ecc26196e9 /extensions/libxt_physdev.man
parentdbc5ef4889caa206f4d47d83345357780ceef73e (diff)
downloadiptables-2.2_release.tar.gz
iptables-2.2_release.tar.bz2
iptables-2.2_release.zip
Diffstat (limited to 'extensions/libxt_physdev.man')
-rw-r--r--extensions/libxt_physdev.man42
1 files changed, 42 insertions, 0 deletions
diff --git a/extensions/libxt_physdev.man b/extensions/libxt_physdev.man
new file mode 100644
index 0000000..53beb2e
--- /dev/null
+++ b/extensions/libxt_physdev.man
@@ -0,0 +1,42 @@
+This module matches on the bridge port input and output devices enslaved
+to a bridge device. This module is a part of the infrastructure that enables
+a transparent bridging IP firewall and is only useful for kernel versions
+above version 2.5.44.
+.TP
+[\fB!\fP] \fB\-\-physdev\-in\fP \fIname\fP
+Name of a bridge port via which a packet is received (only for
+packets entering the
+.BR INPUT ,
+.B FORWARD
+and
+.B PREROUTING
+chains). If the interface name ends in a "+", then any
+interface which begins with this name will match. If the packet didn't arrive
+through a bridge device, this packet won't match this option, unless '!' is used.
+.TP
+[\fB!\fP] \fB\-\-physdev\-out\fP \fIname\fP
+Name of a bridge port via which a packet is going to be sent (for packets
+entering the
+.BR FORWARD ,
+.B OUTPUT
+and
+.B POSTROUTING
+chains). If the interface name ends in a "+", then any
+interface which begins with this name will match. Note that in the
+.BR nat " and " mangle
+.B OUTPUT
+chains one cannot match on the bridge output port, however one can in the
+.B "filter OUTPUT"
+chain. If the packet won't leave by a bridge device or if it is yet unknown what
+the output device will be, then the packet won't match this option,
+unless '!' is used.
+.TP
+[\fB!\fP] \fB\-\-physdev\-is\-in\fP
+Matches if the packet has entered through a bridge interface.
+.TP
+[\fB!\fP] \fB\-\-physdev\-is\-out\fP
+Matches if the packet will leave through a bridge interface.
+.TP
+[\fB!\fP] \fB\-\-physdev\-is\-bridged\fP
+Matches if the packet is being bridged and therefore is not being routed.
+This is only useful in the FORWARD and POSTROUTING chains.