Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

321

322

323

324

325

326

327

328

329

330

connbytes

Matches by how many bytes/packets a connection has transferred.

[!] --connbytes from:[to]

--connbytes-dir {original|reply|both}

--connbytes-mode {packets|bytes|avgpkt}

Example:

ip6tables .. -m connbytes --connbytes 10000:100000

--connbytes-dir both --connbytes-mode bytes ...

connlimit

Allows you to restrict the number of parallel TCP connections to a server per client IP address

(or address block).

[!] --connlimit-above n

--connlimit-mask prefix_length

Examples:

# allow 2 telnet connections per client host

ip6tables -p tcp --syn --dport 80 -s fe80::/64

-m connlimit

--connlimit-above 16 --connlimit-mask 64 -j REJECT

connmark *

Matches packets in connections with value set by CONNMARK target.

Not supported because it is valid only in the mangle table.

conntrack

Matches additional connection tracking information.

[!] --ctstate statelist

statelist is a comma-separated list of the connection states to match.

[!] --ctproto l4proto

[!] --ctorigsrc address[/mask]

[!] --ctorigdst address[/mask]

[!] --ctreplsrc address[/mask]

[!] --ctrepldst address[/mask]

Matches against original/reply source/destination address.

[!] --ctorigsrcport port

[!] --ctorigdstport port

[!] --ctreplsrcport port

[!] --ctrepldstport port

Matches against original/reply source/destination port (TCP/UDP/etc.) or GRE key.

[!] --ctstatus [NONE|EXPECTED|SEEN_REPLY|ASSURED|CONFIRMED][,...]

[!] --ctexpire time[:time]

--ctdir {ORIGINAL|REPLY}

dccp *

Matches DCCP-specific fields and types.

Not supported because CIP does not support Datagram Congestion Control Protocol.

dscp *

Matches the 6-bit DSCP field within the TOS field in the IP header.

327