51c612a0d8
- New upstream version 1.8.2 - Integrate ebtables and arptables save/restore scripts with alternatives - Add nft-specific ebtables and arptables man pages - Move /etc/sysconfig/ip*tables-config files into services sub-package
193 lines
6.2 KiB
Diff
193 lines
6.2 KiB
Diff
From 2efbd30ed9f1db90b32b556d0e3df16d05281bc7 Mon Sep 17 00:00:00 2001
|
|
From: Phil Sutter <phil@nwl.cc>
|
|
Date: Wed, 13 Mar 2019 20:46:13 +0100
|
|
Subject: [PATCH] doc: Adjust arptables man pages
|
|
|
|
Change content to suit the shipped nft-based variant. Most relevant
|
|
changes:
|
|
|
|
* FORWARD chain is not supported
|
|
* arptables-nft-save supports a few parameters
|
|
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
(cherry picked from commit 1a0cd997d601794c7031346063b8b77f4af2a13e)
|
|
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
---
|
|
iptables/arptables-nft-restore.8 | 6 ++--
|
|
iptables/arptables-nft-save.8 | 20 +++++++++----
|
|
iptables/arptables-nft.8 | 48 +++++++++++++++-----------------
|
|
3 files changed, 39 insertions(+), 35 deletions(-)
|
|
|
|
diff --git a/iptables/arptables-nft-restore.8 b/iptables/arptables-nft-restore.8
|
|
index 4f2f623673415..09d9082cf9fd3 100644
|
|
--- a/iptables/arptables-nft-restore.8
|
|
+++ b/iptables/arptables-nft-restore.8
|
|
@@ -1,4 +1,4 @@
|
|
-.TH ARPTABLES-RESTORE 8 "Nov 07, 2013" "" ""
|
|
+.TH ARPTABLES-RESTORE 8 "March 2019" "" ""
|
|
.\"
|
|
.\" Man page written by Jesper Dangaard Brouer <brouer@redhat.com> based on a
|
|
.\" Man page written by Harald Welte <laforge@gnumonks.org>
|
|
@@ -20,7 +20,7 @@
|
|
.\"
|
|
.\"
|
|
.SH NAME
|
|
-arptables-restore \(em Restore ARP Tables
|
|
+arptables-restore \- Restore ARP Tables (nft-based)
|
|
.SH SYNOPSIS
|
|
\fBarptables\-restore
|
|
.SH DESCRIPTION
|
|
@@ -32,8 +32,6 @@ Use I/O redirection provided by your shell to read from a file
|
|
.TP
|
|
.B arptables-restore
|
|
flushes (deletes) all previous contents of the respective ARP Table.
|
|
-.SH BUGS
|
|
-None known as of arptables-0.0.4 release
|
|
.SH AUTHOR
|
|
Jesper Dangaard Brouer <brouer@redhat.com>
|
|
.SH SEE ALSO
|
|
diff --git a/iptables/arptables-nft-save.8 b/iptables/arptables-nft-save.8
|
|
index 34791a9c087f0..905e59854cc28 100644
|
|
--- a/iptables/arptables-nft-save.8
|
|
+++ b/iptables/arptables-nft-save.8
|
|
@@ -1,4 +1,4 @@
|
|
-.TH ARPTABLES-SAVE 8 "Nov 07, 2013" "" ""
|
|
+.TH ARPTABLES-SAVE 8 "March 2019" "" ""
|
|
.\"
|
|
.\" Man page written by Jesper Dangaard Brouer <brouer@redhat.com> based on a
|
|
.\" Man page written by Harald Welte <laforge@gnumonks.org>
|
|
@@ -20,16 +20,26 @@
|
|
.\"
|
|
.\"
|
|
.SH NAME
|
|
-arptables-save \(em dump arptables rules to stdout
|
|
+arptables-save \- dump arptables rules to stdout (nft-based)
|
|
.SH SYNOPSIS
|
|
-\fBarptables\-save
|
|
+\fBarptables\-save\fP [\fB\-M\fP \fImodprobe\fP] [\fB\-c\fP]
|
|
+.P
|
|
+\fBarptables\-save\fP [\fB\-V\fP]
|
|
.SH DESCRIPTION
|
|
.PP
|
|
.B arptables-save
|
|
is used to dump the contents of an ARP Table in easily parseable format
|
|
to STDOUT. Use I/O-redirection provided by your shell to write to a file.
|
|
-.SH BUGS
|
|
-None known as of arptables-0.0.4 release
|
|
+.TP
|
|
+\fB\-M\fR, \fB\-\-modprobe\fR \fImodprobe_program\fP
|
|
+Specify the path to the modprobe program. By default, arptables-save will
|
|
+inspect /proc/sys/kernel/modprobe to determine the executable's path.
|
|
+.TP
|
|
+\fB\-c\fR, \fB\-\-counters\fR
|
|
+Include the current values of all packet and byte counters in the output.
|
|
+.TP
|
|
+\fB\-V\fR, \fB\-\-version\fR
|
|
+Print version information and exit.
|
|
.SH AUTHOR
|
|
Jesper Dangaard Brouer <brouer@redhat.com>
|
|
.SH SEE ALSO
|
|
diff --git a/iptables/arptables-nft.8 b/iptables/arptables-nft.8
|
|
index 3ce99e3757004..ea31e0842acd4 100644
|
|
--- a/iptables/arptables-nft.8
|
|
+++ b/iptables/arptables-nft.8
|
|
@@ -1,4 +1,4 @@
|
|
-.TH ARPTABLES 8 "June 2018"
|
|
+.TH ARPTABLES 8 "March 2019"
|
|
.\"
|
|
.\" Man page originally written by Jochen Friedrich <jochen@scram.de>,
|
|
.\" maintained by Bart De Schuymer.
|
|
@@ -22,7 +22,7 @@
|
|
.\"
|
|
.\"
|
|
.SH NAME
|
|
-arptables \- ARP table administration (legacy)
|
|
+arptables \- ARP table administration (nft-based)
|
|
.SH SYNOPSIS
|
|
.BR "arptables " [ "-t table" ] " -" [ AD ] " chain rule-specification " [ options ]
|
|
.br
|
|
@@ -38,17 +38,6 @@ arptables \- ARP table administration (legacy)
|
|
.br
|
|
.BR "arptables " [ "-t table" ] " -P chain target " [ options ]
|
|
|
|
-.SH LEGACY
|
|
-This tool uses the old xtables/setsockopt framework, and is a legacy version
|
|
-of arptables. That means that a new, more modern tool exists with the same
|
|
-functionality using the nf_tables framework and you are encouraged to migrate now.
|
|
-The new binaries (formerly known as -compat) uses the same syntax and
|
|
-semantics than this legacy one.
|
|
-
|
|
-You can still use this legacy tool. You should probably get some specific
|
|
-information from your Linux distribution or vendor.
|
|
-More docs are available at https://wiki.nftables.org
|
|
-
|
|
.SH DESCRIPTION
|
|
.B arptables
|
|
is a user space tool, it is used to set up and maintain the
|
|
@@ -106,15 +95,11 @@ first argument on the arptables command line, if used.
|
|
.B "-t, --table"
|
|
.br
|
|
.BR filter ,
|
|
-is the only table and contains two (Linux kernels 2.4.X) or three (Linux kernels 2.6.0 and later) built-in chains:
|
|
+is the only table and contains two built-in chains:
|
|
.B INPUT
|
|
-(for frames destined for the host),
|
|
+(for frames destined for the host) and
|
|
.B OUTPUT
|
|
-(for locally-generated frames) and
|
|
-.B FORWARD
|
|
-(for frames being forwarded by the bridge code). The
|
|
-.B FORWARD
|
|
-chain doesn't exist in Linux 2.4.X kernels.
|
|
+(for locally-generated frames).
|
|
.br
|
|
.br
|
|
.SH ARPTABLES COMMAND LINE ARGUMENTS
|
|
@@ -258,15 +243,15 @@ numbers separated by colons.
|
|
.TP
|
|
.BR "-i, --in-interface " "[!] \fIname\fP"
|
|
The interface via which a frame is received (for the
|
|
-.BR INPUT " and " FORWARD
|
|
-chains). The flag
|
|
+.B INPUT
|
|
+chain). The flag
|
|
.B --in-if
|
|
is an alias for this option.
|
|
.TP
|
|
.BR "-o, --out-interface " "[!] \fIname\fP"
|
|
The interface via which a frame is going to be sent (for the
|
|
-.BR OUTPUT " and " FORWARD
|
|
-chains). The flag
|
|
+.B OUTPUT
|
|
+chain). The flag
|
|
.B --out-if
|
|
is an alias for this option.
|
|
.TP
|
|
@@ -344,9 +329,20 @@ Binary AND the mark with bits.
|
|
.BR "--or-mark mark"
|
|
Binary OR the mark with bits.
|
|
|
|
+.SH NOTES
|
|
+In this nft-based version of
|
|
+.BR arptables ,
|
|
+support for
|
|
+.B FORWARD
|
|
+chain has not been implemented. Since ARP packets are "forwarded" only by Linux
|
|
+bridges, the same may be achieved using
|
|
+.B FORWARD
|
|
+chain in
|
|
+.BR ebtables .
|
|
+
|
|
.SH MAILINGLISTS
|
|
.BR "" "See " http://netfilter.org/mailinglists.html
|
|
.SH SEE ALSO
|
|
-.BR iptables "(8), " ebtables "(8), " arp "(8), " rarp "(8), " ifconfig "(8), " route (8)
|
|
+.BR xtables-nft "(8), " iptables "(8), " ebtables "(8), " ip (8)
|
|
.PP
|
|
-.BR "" "See " http://ebtables.sf.net
|
|
+.BR "" "See " https://wiki.nftables.org
|
|
--
|
|
2.21.0
|
|
|