From: Shivani Bhardwaj <shivanib134@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH] doc: Complete the documentation of statements
Date: Wed, 6 Apr 2016 11:39:19 +0530 [thread overview]
Message-ID: <20160406060919.GA2432@shivani> (raw)
Add documentation corresponding to LOG STATEMENT, REJECT STATEMENT,
COUNTER STATEMENT, META STATEMENT, LIMIT STATEMENT, NAT STATEMENT,
QUEUE STATEMENT.
Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
---
doc/nft.xml | 188 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 187 insertions(+), 1 deletion(-)
diff --git a/doc/nft.xml b/doc/nft.xml
index e4d227c..cec4dbf 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -2186,36 +2186,222 @@ filter input iif eth0 drop
<refsect2>
<title>Log statement</title>
<para>
+ A log statement is used to set logging attributes of a packet. Default log level is warn.
+ <table frame="all">
+ <title>LOG statement</title>
+ <tgroup cols='3' align='left' colsep='1' rowsep='1'>
+ <colspec colname='c1'/>
+ <colspec colname='c2'/>
+ <colspec colname='c3'/>
+ <thead>
+ <row>
+ <entry>Keyword</entry>
+ <entry>Description</entry>
+ <entry>Type</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>level</entry>
+ <entry>Level of logging</entry>
+ <entry>unsigned integer (32 bit), emerg, alert, crit, err, warn, notice, info, debug</entry>
+ </row>
+ <row>
+ <entry>prefix</entry>
+ <entry>Prefix log messages</entry>
+ <entry>string</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
</para>
</refsect2>
<refsect2>
<title>Reject statement</title>
<para>
+ A reject statement is used to set an error packet response. The default error packet is port-unreachable.
+ <table frame="all">
+ <title>REJECT statement (ipv4)</title>
+ <tgroup cols='3' align='left' colsep='1' rowsep='1'>
+ <colspec colname='c1'/>
+ <colspec colname='c2'/>
+ <colspec colname='c3'/>
+ <thead>
+ <row>
+ <entry>Keyword</entry>
+ <entry>Description</entry>
+ <entry>Type</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>with icmp type</entry>
+ <entry>ICMP response to be sent to the host</entry>
+ <entry>unsigned integer (8 bit), net-unreachable, host-unreachable, prot-unreachable, port-unreachable, net-prohibited, host-prohibited, admin-prohibited</entry>
+ </row>
+ <row>
+ <entry>with</entry>
+ <entry>Used on rules which only match the TCP</entry>
+ <entry>tcp reset</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+ <table frame="all">
+ <title>REJECT statement (ipv6)</title>
+ <tgroup cols='3' align='left' colsep='1' rowsep='1'>
+ <colspec colname='c1'/>
+ <colspec colname='c2'/>
+ <colspec colname='c3'/>
+ <thead>
+ <row>
+ <entry>Keyword</entry>
+ <entry>Description</entry>
+ <entry>Type</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>with icmpv6 type</entry>
+ <entry>ICMP6 response to be sent to the host</entry>
+ <entry>unsigned integer (8 bit), no-route, admin-prohibited, addr-unreachable, port-unreachable, policy-fail, reject-route</entry>
+ </row>
+ <row>
+ <entry>with</entry>
+ <entry>Used on rules which only match the TCP</entry>
+ <entry>tcp reset</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
</para>
</refsect2>
<refsect2>
<title>Counter statement</title>
<para>
+ A counter statement sets the hit count of packets along with the number of bytes.
</para>
</refsect2>
<refsect2>
<title>Meta statement</title>
<para>
+ A meta statement sets the value of a meta expression.
</para>
</refsect2>
<refsect2>
<title>Limit statement</title>
<para>
+ A limit statement is used to set a specified limit attribute.
+ <table frame="all">
+ <title>Limit statement</title>
+ <tgroup cols='3' align='left' colsep='1' rowsep='1'>
+ <colspec colname='c1'/>
+ <colspec colname='c2'/>
+ <colspec colname='c3'/>
+ <thead>
+ <row>
+ <entry>Keyword</entry>
+ <entry>Description</entry>
+ <entry>Type</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>rate</entry>
+ <entry>Maximum average matching rate</entry>
+ <entry>size (bytes, kbytes, mbytes)/time (second, minute, hour, day, week)</entry>
+ </row>
+ <row>
+ <entry>burst</entry>
+ <entry>Maximum initial number of packets</entry>
+ <entry>packets, size (bytes, kbytes, mbytes)</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
</para>
</refsect2>
- <refsect2>
+ <refsect2>
<title>NAT statement</title>
<para>
+ <cmdsynopsis>
+ <group choice="req">
+ <arg>snat</arg>
+ <arg>dnat</arg>
+ </group>
+ <arg choice="req"><replaceable>flags</replaceable></arg>
+ </cmdsynopsis>
+ </para>
+ <para>
+ <table frame="all">
+ <title>NAT statement</title>
+ <tgroup cols='3' align='left' colsep='1' rowsep='1'>
+ <colspec colname='c1'/>
+ <colspec colname='c2'/>
+ <colspec colname='c3'/>
+ <thead>
+ <row>
+ <entry>Keyword</entry>
+ <entry>Description</entry>
+ <entry>Type</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>snat</entry>
+ <entry>Specifies that the source address of the packet should be modified</entry>
+ <entry>ipv4 address/ipv6 address</entry>
+ </row>
+ <row>
+ <entry>dnat</entry>
+ <entry>Specifies that the destination address of the packet should be modified</entry>
+ <entry>ipv4 address/ipv6 address</entry>
+ </row>
+ <row>
+ <entry>flags</entry>
+ <entry>Flags</entry>
+ <entry>random, fully-random, persistent</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
</para>
</refsect2>
<refsect2>
<title>Queue statement</title>
<para>
+ <table frame="all">
+ <title>Queue statement</title>
+ <tgroup cols='3' align='left' colsep='1' rowsep='1'>
+ <colspec colname='c1'/>
+ <colspec colname='c2'/>
+ <colspec colname='c3'/>
+ <thead>
+ <row>
+ <entry>Keyword</entry>
+ <entry>Description</entry>
+ <entry>Type</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>num</entry>
+ <entry>Sets queue number</entry>
+ <entry>unsigned integer (16 bit)</entry>
+ </row>
+ <row>
+ <entry>flags</entry>
+ <entry>Flags</entry>
+ <entry>bypass, fanout</entry>
+ </row>
+ <row>
+ <entry>total</entry>
+ <entry>Sets total load-balanced queues</entry>
+ <entry>unsigned integer (16 bit)</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
</para>
</refsect2>
</refsect1>
--
1.9.1
next reply other threads:[~2016-04-06 6:10 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-06 6:09 Shivani Bhardwaj [this message]
2016-04-07 17:39 ` [PATCH] doc: Complete the documentation of statements Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160406060919.GA2432@shivani \
--to=shivanib134@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.