From mboxrd@z Thu Jan 1 00:00:00 1970 From: Shivani Bhardwaj Subject: [PATCH] doc: Complete the documentation of statements Date: Wed, 6 Apr 2016 11:39:19 +0530 Message-ID: <20160406060919.GA2432@shivani> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii To: netfilter-devel@vger.kernel.org Return-path: Received: from mail-pf0-f193.google.com ([209.85.192.193]:36833 "EHLO mail-pf0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751222AbcDFGKG (ORCPT ); Wed, 6 Apr 2016 02:10:06 -0400 Received: by mail-pf0-f193.google.com with SMTP id q129so3306690pfb.3 for ; Tue, 05 Apr 2016 23:10:06 -0700 (PDT) Received: from shivani ([116.202.38.137]) by smtp.gmail.com with ESMTPSA id wh9sm1789574pab.8.2016.04.05.23.09.59 for (version=TLS1_2 cipher=AES128-SHA bits=128/128); Tue, 05 Apr 2016 23:10:04 -0700 (PDT) Content-Disposition: inline Sender: netfilter-devel-owner@vger.kernel.org List-ID: Add documentation corresponding to LOG STATEMENT, REJECT STATEMENT, COUNTER STATEMENT, META STATEMENT, LIMIT STATEMENT, NAT STATEMENT, QUEUE STATEMENT. Signed-off-by: Shivani Bhardwaj --- doc/nft.xml | 188 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 187 insertions(+), 1 deletion(-) diff --git a/doc/nft.xml b/doc/nft.xml index e4d227c..cec4dbf 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -2186,36 +2186,222 @@ filter input iif eth0 drop Log statement + A log statement is used to set logging attributes of a packet. Default log level is warn. + + LOG statement + + + + + + + Keyword + Description + Type + + + + + level + Level of logging + unsigned integer (32 bit), emerg, alert, crit, err, warn, notice, info, debug + + + prefix + Prefix log messages + string + + + +
Reject statement + A reject statement is used to set an error packet response. The default error packet is port-unreachable. + + REJECT statement (ipv4) + + + + + + + Keyword + Description + Type + + + + + with icmp type + ICMP response to be sent to the host + unsigned integer (8 bit), net-unreachable, host-unreachable, prot-unreachable, port-unreachable, net-prohibited, host-prohibited, admin-prohibited + + + with + Used on rules which only match the TCP + tcp reset + + + +
+ + REJECT statement (ipv6) + + + + + + + Keyword + Description + Type + + + + + with icmpv6 type + ICMP6 response to be sent to the host + unsigned integer (8 bit), no-route, admin-prohibited, addr-unreachable, port-unreachable, policy-fail, reject-route + + + with + Used on rules which only match the TCP + tcp reset + + + +
Counter statement + A counter statement sets the hit count of packets along with the number of bytes. Meta statement + A meta statement sets the value of a meta expression. Limit statement + A limit statement is used to set a specified limit attribute. + + Limit statement + + + + + + + Keyword + Description + Type + + + + + rate + Maximum average matching rate + size (bytes, kbytes, mbytes)/time (second, minute, hour, day, week) + + + burst + Maximum initial number of packets + packets, size (bytes, kbytes, mbytes) + + + +
- + NAT statement + + + snat + dnat + + flags + + + + + NAT statement + + + + + + + Keyword + Description + Type + + + + + snat + Specifies that the source address of the packet should be modified + ipv4 address/ipv6 address + + + dnat + Specifies that the destination address of the packet should be modified + ipv4 address/ipv6 address + + + flags + Flags + random, fully-random, persistent + + + +
Queue statement + + Queue statement + + + + + + + Keyword + Description + Type + + + + + num + Sets queue number + unsigned integer (16 bit) + + + flags + Flags + bypass, fanout + + + total + Sets total load-balanced queues + unsigned integer (16 bit) + + + +
-- 1.9.1