Lines Matching +full:ipv6 +full:- +full:single +full:- +full:target

27 ebtables \- Ethernet bridge frame table administration (nft-based)
58 There are three ebtables tables with built-in chains in the
64 called a 'target'. However, if the frame does not match the current
66 The user can create new (user-defined) chains that can be used as the 'target'
67 of a rule. User-defined chains are very useful to get better performance
69 the filtering rules into well-organized and maintainable sets of rules.
72 processing specification called a target.  When a frame matches a rule,
73 then the next action performed by the kernel is specified by the target.
74 The target can be one of these values:
79 an 'extension' (see below) or a jump to a user-defined chain.
96 .B "TARGET EXTENSIONS"
104 the -t argument.  Moreover, the -t argument must be the
107 .B "-t, --table"
110 is the default table and contains three built-in chains:
114 (for locally-generated or (b)routed frames) and
120 is mostly used to change the mac addresses and contains three built-in chains:
136 is used to make a brouter, it has one built-in chain:
141 compatibility reasons with ebtables-legacy).
151 After the initial ebtables '-t table' command line argument, the remaining
154 watcher extensions and target extensions.
157 defined with the -t argument.  If you do not use the -t argument to name
166 .B "-A, --append"
169 .B "-D, --delete"
175 .B -L --Ln
179 .B -I
185 .B "-C, --change-counters"
191 .B -L --Ln
202 If the specified counters start with a '-', the counter values are decreased from the respective
203 current counter values. No bounds checking is done. If the counters don't start with '+' or '-',
206 .B "-I, --insert"
213 .IR -N " and " N+1 .
217 .IR i " and " i-N-1
225 .B "-P, --policy"
226 Set the policy for the chain to the given target. The policy can be
229 .B "-F, --flush"
234 .B "-Z, --zero"
237 .B "-Z"
239 .B "-L"
242 .B "-Z"
244 .B "-L"
248 .B "-L, --list"
253 .B "-L"
256 .B "--Ln"
261 .B "--Lc"
264 .B "-L"
271 .B "--Lx"
276 table are given, including commands for creating the user-defined chains (if any).
280 .B "--Lx"
282 .B "--Ln"
287 .B "--Lmac2"
292 .B "-N, --new-chain"
293 Create a new user-defined chain with the given name. The number of
294 user-defined chains is limited only by the number of possible chain names.
295 A user-defined chain name has a maximum
296 length of 31 characters. The standard policy of the user-defined chain is
298 target by using the
299 .B -P
301 .B -N
303 .B -P
306 .B "-X, --delete-chain"
307 Delete the specified user-defined chain. There must be no remaining references (jumps)
309 specified, all user-defined chains that aren't referenced will be removed.
311 .B "-E, --rename-chain"
312 Rename the specified chain to a new name.  Besides renaming a user-defined
315 then you can use the -E command to rename the PREROUTING chain. If you do
322 .B "--init-table"
326 .B "-v, --verbose"
329 detailed information on the rule or rules to be printed. \fB\-v\fP may be
332 .B "-V, --version"
339 .IR "ebtables -h snat log ip arp" .
346 The target of the rule. This is one of the following values:
351 a target extension (see
353 or a user-defined chain name.
355 .B -M, --modprobe "\fIprogram\fP"
360 .B --concurrent
402 .B --proto
413 .B --in-if
434 .B --out-if
459 .B --src
464 .B -s
466 .B --dst
485 .IR "LENGTH " "(see the option " " -p " above).
568 .B --ip-src
574 .B --ip-dst
584 .B --ip-proto
590 .B --ip-protocol
596 .B --ip-sport
602 .B --ip-protocol
608 .B --ip-dport
611 Specify IPv6 fields. The protocol must be specified as
612 .IR IPv6 .
615 The source IPv6 address.
617 .B --ip6-src
621 The destination IPv6 address.
623 .B --ip6-dst
627 The IPv6 traffic class, in hexadecimal numbers.
632 .B --ip6-proto
636 The source port or port range for the IPv6 protocols 6 (TCP), 17
638 .B --ip6-protocol
644 .B --ip6-sport
648 The destination port or port range for IPv6 protocols 6 (TCP), 17
650 .B --ip6-protocol
656 .B --ip6-dport
660 Specify ipv6\-icmp type and code to match.
663 To match a single type including all valid codes, symbolic names can
666   ebtables \-\-help ip6
668 This option is only valid for \-\-ip6-prococol ipv6-icmp.
673 .B --log
691 the user-specified
693 user-specified mark
696 only matches when the mark value of the frame equals the user-specified
701 AND of the mark value of the frame and the user-specified
703 non-zero. Only specifying a
725 The BPDU type (0-255), recognized non-numerical types are
730 The BPDU flag (0-255), recognized non-numerical flags are
731 .IR topology-change ", denoting the topology change flag (=1), and"
732 .IR topology-change-ack ", denoting the topology change acknowledgement flag (=128)."
735 The root priority (0-65535) range.
742 The root path cost (0-4294967295) range.
745 The BPDU's sender priority (0-65535) range.
752 The port identifier (0-65535) range.
755 The message age timer (0-65535) range.
758 The max age timer (0-65535) range.
761 The hello time timer (0-65535) range.
764 The forward delay timer (0-65535) range.
768 .\" .BR "--string-algo " "\fIalgorithm\fP"
769 .\" The pattern matching strategy. (bm = Boyer-Moore, kmp = Knuth-Pratt-Morris)
771 .\" .BR "--string-from " "\fIoffset\fP"
774 .\" .BR "--string-to " "\fIoffset\fP"
777 .\" .BR "--string " "[!] \fIpattern\fP"
780 .\" .BR "--string-hex " "[!] \fIpattern\fP"
783 .\" .BR "--string-icase"
809 target is executed.
813 .B "--log"
815 Log with the default loggin options: log-level=
817 log-prefix="", no ip logging, no arp logging.
819 .B --log-level "\fIlevel\fP"
832 .B --log-ip 
837 .B --log-ip6 
839 Will log the ipv6 information when a frame made by the ipv6 protocol matches 
840 the rule. The default is no ipv6 information logging.
842 .B --log-arp
855 .B "--nflog"
859 .B --nflog-group "\fInlgroup\fP"
861 The netlink group (1 - 2^32-1) to which packets are (only applicable for
864 .B --nflog-prefix "\fIprefix\fP"
869 .B --nflog-range "\fIsize\fP"
875 .B --nflog-threshold "\fIsize\fP"
905 .B "--ulog"
907 Use the default settings: ulog-prefix="", ulog-nlgroup=1,
908 ulog-cprange=4096, ulog-qthreshold=1.
910 .B --ulog-prefix "\fItext\fP"
918 target differ from those used for the ebtables ulog watcher.
940 .SS TARGET EXTENSIONS
944 target can be used in the
946 If this target sees an ARP request it will automatically reply
951 for an IP address on an Ethernet network, it is ignored by this target
961 Specifies the standard target. After sending the ARP reply, the rule still
962 has to give a standard target so ebtables knows what to do with the ARP request.
963 The default target
968 target can only be used in the
977 .B --to-dst
982 Specifies the standard target. After doing the dnat, the rule still has to
983 give a standard target so ebtables knows what to do with the dnated frame.
984 The default target is
988 multiple target extensions on the same frame. Making it
996 if the bridge-nf code is compiled into the kernel. Both put the marking at the
1001 Mark the frame with the specified non-negative
1006 Or the frame with the specified non-negative
1011 And the frame with the specified non-negative
1016 Xor the frame with the specified non-negative
1021 Specifies the standard target. After marking the frame, the rule
1022 still has to give a standard target so ebtables knows what to do.
1023 The default target is
1029 target will change the MAC target address to that of the bridge device the
1030 frame arrived on. This target can only be used in the
1036 Specifies the standard target. After doing the MAC redirect, the rule
1037 still has to give a standard target so ebtables knows what to do.
1038 The default target is
1040 multiple target extensions on the same frame. Making it
1046 target can only be used in the
1054 .B --to-src
1059 Specifies the standard target. After doing the snat, the rule still has 
1060 to give a standard target so ebtables knows what to do.
1079 match. Further, support for atomic-options
1080 .RB ( --atomic-file ", " --atomic-init ", " --atomic-save ", " --atomic-commit )