logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

nfct - command line tool to configure with the connection tracking system

Contents

Authors

       Pablo Neira Ayuso wrote and maintains the nfct tool.

       Man page written by Pablo Neira Ayuso <pablo@netfilter.org>.

                                                  Feb 29, 2012                                           NFCT(8)

Bugs

       Please,   report   them  to  netfilter-devel@vger.kernel.org  or  file  a  bug  in  Netfilter's  bugzilla
       (https://bugzilla.netfilter.org).

Commands

list   List the existing objects.

       add    Add new object.

       delete Delete an object.

       get    Get an existing object.

       flush  Flush the accounting object table.

       disable
              This command is for the helper subsystem. It allows you to disable enqueueing packets to userspace
              for helper inspection.

       default-set
              This command is for the timeout subsystem. It allows you to set default protocol timeouts.

       default-get
              This command is for the timeout subsystem. It allows you to get the default protocol timeouts.

Description

nfct is the command line tool that allows you to configure the Connection Tracking System.

Example

nfctaddtimeouttest-tcpinettcpestablished100close10close_wait10

       This creates a timeout policy for tcp using 100 seconds for the ESTABLISHED state, 10 seconds for CLOSE
       state and 10 seconds for the CLOSE_WAIT state.

       Then, you can attach the timeout policy with the iptables CT target:

       iptables-IPREROUTING-traw-ptcp-jCT--timeouttest-tcpiptables-IOUTPUT-traw-ptcp-jCT--timeouttest-tcp

       You can test that the timeout policy with:

       conntrack-E-ptcp

       It should display:

       [UPDATE]tcp6100ESTABLISHEDsrc=192.168.39.100dst=57.126.1.20sport=56463dport=80src=57.126.1.20dst=192.168.39.100sport=80dport=56463[ASSURED]

Name

       nfct - command line tool to configure with the connection tracking system

See Also

iptables(8),conntrack(8)

Subsys

       By the time this manpage has been written, the supported subsystems are timeout and helper.timeout
              The timeout subsystem allows you to define fine-grain timeout policies.

       helper The helper subsystem allows you to configure userspace helpers.

       version
              Displays the version information.

       help   Displays the help message.

Synopsis

nfctcommandsubsystem[parameters]

See Also

Man Pages
timeout Man Pages
MCP
Mailchimp-mcp Mcp
Command
Command PNG Icons
Man Pages
exca Man Pages
Man Pages
ocf_heartbeat_nvmet Man Pages
Man Pages
defaults Man Pages
Man Pages
object Man Pages
Man Pages
Configure Man Pages
← View System admin Category← Back to Network configuration🙏  Credits & Acknowledgments