1*a71a9546SAutomerger Merge WorkerThe CT target sets parameters for a packet or its associated 2*a71a9546SAutomerger Merge Workerconnection. The target attaches a "template" connection tracking entry to 3*a71a9546SAutomerger Merge Workerthe packet, which is then used by the conntrack core when initializing 4*a71a9546SAutomerger Merge Workera new ct entry. This target is thus only valid in the "raw" table. 5*a71a9546SAutomerger Merge Worker.TP 6*a71a9546SAutomerger Merge Worker\fB\-\-notrack\fP 7*a71a9546SAutomerger Merge WorkerDisables connection tracking for this packet. 8*a71a9546SAutomerger Merge Worker.TP 9*a71a9546SAutomerger Merge Worker\fB\-\-helper\fP \fIname\fP 10*a71a9546SAutomerger Merge WorkerUse the helper identified by \fIname\fP for the connection. This is more 11*a71a9546SAutomerger Merge Workerflexible than loading the conntrack helper modules with preset ports. 12*a71a9546SAutomerger Merge Worker.TP 13*a71a9546SAutomerger Merge Worker\fB\-\-ctevents\fP \fIevent\fP[\fB,\fP...] 14*a71a9546SAutomerger Merge WorkerOnly generate the specified conntrack events for this connection. Possible 15*a71a9546SAutomerger Merge Workerevent types are: \fBnew\fP, \fBrelated\fP, \fBdestroy\fP, \fBreply\fP, 16*a71a9546SAutomerger Merge Worker\fBassured\fP, \fBprotoinfo\fP, \fBhelper\fP, \fBmark\fP (this refers to 17*a71a9546SAutomerger Merge Workerthe ctmark, not nfmark), \fBnatseqinfo\fP, \fBsecmark\fP (ctsecmark). 18*a71a9546SAutomerger Merge Worker.TP 19*a71a9546SAutomerger Merge Worker\fB\-\-expevents\fP \fIevent\fP[\fB,\fP...] 20*a71a9546SAutomerger Merge WorkerOnly generate the specified expectation events for this connection. 21*a71a9546SAutomerger Merge WorkerPossible event types are: \fBnew\fP. 22*a71a9546SAutomerger Merge Worker.TP 23*a71a9546SAutomerger Merge Worker\fB\-\-zone-orig\fP {\fIid\fP|\fBmark\fP} 24*a71a9546SAutomerger Merge WorkerFor traffic coming from ORIGINAL direction, assign this packet to zone 25*a71a9546SAutomerger Merge Worker\fIid\fP and only have lookups done in that zone. If \fBmark\fP is used 26*a71a9546SAutomerger Merge Workerinstead of \fIid\fP, the zone is derived from the packet nfmark. 27*a71a9546SAutomerger Merge Worker.TP 28*a71a9546SAutomerger Merge Worker\fB\-\-zone-reply\fP {\fIid\fP|\fBmark\fP} 29*a71a9546SAutomerger Merge WorkerFor traffic coming from REPLY direction, assign this packet to zone 30*a71a9546SAutomerger Merge Worker\fIid\fP and only have lookups done in that zone. If \fBmark\fP is used 31*a71a9546SAutomerger Merge Workerinstead of \fIid\fP, the zone is derived from the packet nfmark. 32*a71a9546SAutomerger Merge Worker.TP 33*a71a9546SAutomerger Merge Worker\fB\-\-zone\fP {\fIid\fP|\fBmark\fP} 34*a71a9546SAutomerger Merge WorkerAssign this packet to zone \fIid\fP and only have lookups done in that zone. 35*a71a9546SAutomerger Merge WorkerIf \fBmark\fP is used instead of \fIid\fP, the zone is derived from the 36*a71a9546SAutomerger Merge Workerpacket nfmark. By default, packets have zone 0. This option applies to both 37*a71a9546SAutomerger Merge Workerdirections. 38*a71a9546SAutomerger Merge Worker.TP 39*a71a9546SAutomerger Merge Worker\fB\-\-timeout\fP \fIname\fP 40*a71a9546SAutomerger Merge WorkerUse the timeout policy identified by \fIname\fP for the connection. This is 41*a71a9546SAutomerger Merge Workerprovides more flexible timeout policy definition than global timeout values 42*a71a9546SAutomerger Merge Workeravailable at /proc/sys/net/netfilter/nf_conntrack_*_timeout_*. 43