diff options
author | Jinkun Jang <jinkun.jang@samsung.com> | 2013-03-13 01:42:55 +0900 |
---|---|---|
committer | Jinkun Jang <jinkun.jang@samsung.com> | 2013-03-13 01:42:55 +0900 |
commit | cb06be6ecc10920c73293799689ce9803262a922 (patch) | |
tree | 5d21c5f26a156067e733c9faa79782ecc26196e9 /extensions/libxt_physdev.man | |
parent | dbc5ef4889caa206f4d47d83345357780ceef73e (diff) | |
download | iptables-2.2_release.tar.gz iptables-2.2_release.tar.bz2 iptables-2.2_release.zip |
Tizen 2.1 basesubmit/tizen_2.2/20130714.145952submit/tizen_2.1/20130424.225212accepted/tizen_2.1/20130425.0251492.2_release2.1b_releasetizen_2.1
Diffstat (limited to 'extensions/libxt_physdev.man')
-rw-r--r-- | extensions/libxt_physdev.man | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/extensions/libxt_physdev.man b/extensions/libxt_physdev.man new file mode 100644 index 0000000..53beb2e --- /dev/null +++ b/extensions/libxt_physdev.man @@ -0,0 +1,42 @@ +This module matches on the bridge port input and output devices enslaved +to a bridge device. This module is a part of the infrastructure that enables +a transparent bridging IP firewall and is only useful for kernel versions +above version 2.5.44. +.TP +[\fB!\fP] \fB\-\-physdev\-in\fP \fIname\fP +Name of a bridge port via which a packet is received (only for +packets entering the +.BR INPUT , +.B FORWARD +and +.B PREROUTING +chains). If the interface name ends in a "+", then any +interface which begins with this name will match. If the packet didn't arrive +through a bridge device, this packet won't match this option, unless '!' is used. +.TP +[\fB!\fP] \fB\-\-physdev\-out\fP \fIname\fP +Name of a bridge port via which a packet is going to be sent (for packets +entering the +.BR FORWARD , +.B OUTPUT +and +.B POSTROUTING +chains). If the interface name ends in a "+", then any +interface which begins with this name will match. Note that in the +.BR nat " and " mangle +.B OUTPUT +chains one cannot match on the bridge output port, however one can in the +.B "filter OUTPUT" +chain. If the packet won't leave by a bridge device or if it is yet unknown what +the output device will be, then the packet won't match this option, +unless '!' is used. +.TP +[\fB!\fP] \fB\-\-physdev\-is\-in\fP +Matches if the packet has entered through a bridge interface. +.TP +[\fB!\fP] \fB\-\-physdev\-is\-out\fP +Matches if the packet will leave through a bridge interface. +.TP +[\fB!\fP] \fB\-\-physdev\-is\-bridged\fP +Matches if the packet is being bridged and therefore is not being routed. +This is only useful in the FORWARD and POSTROUTING chains. |