Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

331

332

333

334

335

336

337

338

339

340

[!] --ctreplsrcport port

[!] --ctrepldstport port

Matches against original/reply source/destination port (TCP/UDP/etc.) or GRE key.

[!] --ctstatus [NONE|EXPECTED|SEEN_REPLY|ASSURED|CONFIRMED][,...]

[!] --ctexpire time[:time]

--ctdir {ORIGINAL|REPLY}

dccp *

Matches DCCP-specific fields and types.

Not supported because CIP does not support Datagram Congestion Control Protocol.

dscp *

Matches the 6-bit DSCP field within the TOS field in the IP header.

Not supported because Differentiated Services Code Point is QoS related.

ecn

Matches different ECN fields in the TCP and IPv4 headers.

[!] --ecn-tcp-cwr

[!] --ecn-tcp-ece

[!] --ecn-ip-ect num

esp

Matches the SPIs in ESP header of IPsec packets.

[!] --espspi spi[:spi]

hashlimit

Hashlimit for something like per destination-ip or per (destip,destport) tuple. It gives you the

ability to express:

'1000 packets per second for every host in 192.168.0.0/16'

'100 packets per second for every service of 192.168.1.1'

with a single iptables rule.

--hashlimit-upto amount[/second|/minute|/hour|/day]

--hashlimit-above amount[/second|/minute|/hour|/day]

--hashlimit-burst amount

--hashlimit-mode {srcip|srcport|dstip|dstport},...

--hashlimit-srcmask prefix

--hashlimit-dstmask prefix

--hashlimit-name foo

--hashlimit-htable-size buckets

--hashlimit-htable-max entries

--hashlimit-htable-expire msec

--hashlimit-htable-gcinterval msec

helper

Specifies the conntrack-helper module.

[!] --helper string

icmp

This extension is loaded if '--protocol icmp' is specified. It provides the following option:

[!] --icmp-type {type[/code]|typename}

340