Skip to content

Commit

Permalink
docs: tproxy: ignore non-transparent sockets in iptables
Browse files Browse the repository at this point in the history 
The iptables example was added in commit d2f2603 (netfilter: Add
documentation for tproxy, 2008-10-08), but xt_socket 'transparent'
option was added in commit a31e1ff (netfilter: xt_socket: added new
revision of the 'socket' match supporting flags, 2009-06-09).

Now add the 'transparent' option to the iptables example to ignore
non-transparent sockets, which is also consistent with the nft example.

Signed-off-by: 谢致邦 (XIE Zhibang) <Yeking@Red54.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
谢致邦 (XIE Zhibang) authored and Pablo Neira Ayuso committed Sep 26, 2024
1 parent 2cadd3b commit aa75876
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Documentation/networking/tproxy.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ The idea is that you identify packets with destination address matching a local
socket on your box, set the packet mark to a certain value::

# iptables -t mangle -N DIVERT
# iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
# iptables -t mangle -A PREROUTING -p tcp -m socket --transparent -j DIVERT
# iptables -t mangle -A DIVERT -j MARK --set-mark 1
# iptables -t mangle -A DIVERT -j ACCEPT

Expand Down

0 comments on commit aa75876

Please sign in to comment.