bert hubert's Corrects missing spaces in iptables.8
bert hubert's Migrated some documentation from iptables.8 to packet-filtering-HOWTo
diff --git a/iptables.8 b/iptables.8
index b6c6b74..8422711 100644
--- a/iptables.8
+++ b/iptables.8
@@ -434,26 +434,26 @@
OUTPUT chain, and even this some packets (such as ICMP ping responses)
may have no owner, and hence never match.
.TP
-.BI "--uid-owner" "userid"
+.BI "--uid-owner " "userid"
Matches if the packet was created by a process with the given
effective user id.
.TP
-.BI "--gid-owner" "groupid"
+.BI "--gid-owner " "groupid"
Matches if the packet was created by a process with the given
effective group id.
.TP
-.BI "--pid-owner" "processid"
+.BI "--pid-owner " "processid"
Matches if the packet was created by a process with the given
process id.
.TP
-.BI "--sid-owner" "sessionid"
+.BI "--sid-owner " "sessionid"
Matches if the packet was created by a process in the given session
group.
.SS state
This module, when combined with connection tracking, allows access to
the connection tracking state for this packet.
.TP
-.BI "--state" "state"
+.BI "--state " "state"
Where state is a comma separated list of the connection states to
match. Possible states are
.B INVALID
@@ -476,7 +476,7 @@
This module matches the 8 bits of Type of Service field in the IP
header (ie. including the precedence bits).
.TP
-.BI "--tos" "tos"
+.BI "--tos " "tos"
The argument is either a standard name, (use
.br
iptables -m tos -h
@@ -513,7 +513,7 @@
.B mangle
table.
.TP
-.BI "--set-mark" "mark"
+.BI "--set-mark " "mark"
.SS REJECT
This is used to send back an error packet in response to the matched
packet: otherwise it is equivalent to
@@ -526,7 +526,7 @@
chains. Several options control the nature of the error packet
returned:
.TP
-.BI "--reject-with" "type"
+.BI "--reject-with " "type"
The type given can be
.BR icmp-net-unreachable ,
.BR icmp-host-unreachable ,
@@ -549,7 +549,7 @@
.B mangle
table.
.TP
-.BI "--set-tos" "tos"
+.BI "--set-tos " "tos"
You can use a numeric TOS values, or use
.br
iptables -j TOS -h
@@ -573,7 +573,7 @@
modified (and all future packets in this connection will also be
mangled), and rules should cease being examined. It takes one option:
.TP
-.BI "--to-source" "<ipaddr>[-<ipaddr>][:port-port]"
+.BI "--to-source " "<ipaddr>[-<ipaddr>][:port-port]"
which can specify a single new source IP address, an inclusive range
of IP addresses, and optionally, a port range (which is only valid if
the rule also specifies
@@ -596,7 +596,7 @@
also be mangled), and rules should cease being examined. It takes one
option:
.TP
-.BI "--to-destination" "<ipaddr>[-<ipaddr>][:port-port]"
+.BI "--to-destination " "<ipaddr>[-<ipaddr>][:port-port]"
which can specify a single new destination IP address, an inclusive
range of IP addresses, and optionally, a port range (which is only
valid if the rule also specifies
@@ -620,7 +620,7 @@
next dialup is unlikely to have the same interface address (and hence
any established connections are lost anyway). It takes one option:
.TP
-.BI "--to-ports" "<port>[-<port>]"
+.BI "--to-ports " "<port>[-<port>]"
This specifies a range of source ports to use, overriding the default
.B SNAT
source port-selection heuristics (see above). This is only valid with
@@ -640,7 +640,7 @@
127.0.0.1 address).
It takes one option:
.TP
-.BI "--to-ports" "<port>[-<port>]"
+.BI "--to-ports " "<port>[-<port>]"
This specifies a destination port or range or ports to use: without
this, the destination port is never altered. This is only valid with
if the rule also specifies