Yasuyuki KOZAKAI | 28e5b79 | 2006-01-30 08:50:09 +0000 | [diff] [blame] | 1 | .TH IP6TABLES 8 "Jan 22, 2006" "" "" |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 2 | .\" |
| 3 | .\" Man page written by Andras Kis-Szabo <kisza@sch.bme.hu> |
| 4 | .\" It is based on iptables man page. |
| 5 | .\" |
| 6 | .\" iptables page by Herve Eychenne <rv@wallfire.org> |
| 7 | .\" It is based on ipchains man page. |
| 8 | .\" |
| 9 | .\" ipchains page by Paul ``Rusty'' Russell March 1997 |
| 10 | .\" Based on the original ipfwadm man page by Jos Vos <jos@xos.nl> |
| 11 | .\" |
| 12 | .\" This program is free software; you can redistribute it and/or modify |
| 13 | .\" it under the terms of the GNU General Public License as published by |
| 14 | .\" the Free Software Foundation; either version 2 of the License, or |
| 15 | .\" (at your option) any later version. |
| 16 | .\" |
| 17 | .\" This program is distributed in the hope that it will be useful, |
| 18 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 19 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 20 | .\" GNU General Public License for more details. |
| 21 | .\" |
| 22 | .\" You should have received a copy of the GNU General Public License |
| 23 | .\" along with this program; if not, write to the Free Software |
| 24 | .\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| 25 | .\" |
| 26 | .\" |
| 27 | .SH NAME |
| 28 | ip6tables \- IPv6 packet filter administration |
| 29 | .SH SYNOPSIS |
| 30 | .BR "ip6tables [-t table] -[AD] " "chain rule-specification [options]" |
| 31 | .br |
| 32 | .BR "ip6tables [-t table] -I " "chain [rulenum] rule-specification [options]" |
| 33 | .br |
| 34 | .BR "ip6tables [-t table] -R " "chain rulenum rule-specification [options]" |
| 35 | .br |
| 36 | .BR "ip6tables [-t table] -D " "chain rulenum [options]" |
| 37 | .br |
| 38 | .BR "ip6tables [-t table] -[LFZ] " "[chain] [options]" |
| 39 | .br |
| 40 | .BR "ip6tables [-t table] -N " "chain" |
| 41 | .br |
| 42 | .BR "ip6tables [-t table] -X " "[chain]" |
| 43 | .br |
| 44 | .BR "ip6tables [-t table] -P " "chain target [options]" |
| 45 | .br |
| 46 | .BR "ip6tables [-t table] -E " "old-chain-name new-chain-name" |
| 47 | .SH DESCRIPTION |
| 48 | .B Ip6tables |
| 49 | is used to set up, maintain, and inspect the tables of IPv6 packet |
| 50 | filter rules in the Linux kernel. Several different tables |
| 51 | may be defined. Each table contains a number of built-in |
| 52 | chains and may also contain user-defined chains. |
| 53 | |
| 54 | Each chain is a list of rules which can match a set of packets. Each |
| 55 | rule specifies what to do with a packet that matches. This is called |
| 56 | a `target', which may be a jump to a user-defined chain in the same |
| 57 | table. |
| 58 | |
| 59 | .SH TARGETS |
| 60 | A firewall rule specifies criteria for a packet, and a target. If the |
| 61 | packet does not match, the next rule in the chain is the examined; if |
| 62 | it does match, then the next rule is specified by the value of the |
| 63 | target, which can be the name of a user-defined chain or one of the |
| 64 | special values |
| 65 | .IR ACCEPT , |
| 66 | .IR DROP , |
| 67 | .IR QUEUE , |
| 68 | or |
| 69 | .IR RETURN . |
| 70 | .PP |
| 71 | .I ACCEPT |
| 72 | means to let the packet through. |
| 73 | .I DROP |
| 74 | means to drop the packet on the floor. |
| 75 | .I QUEUE |
Harald Welte | 7bdfca4 | 2005-07-28 15:24:02 +0000 | [diff] [blame] | 76 | means to pass the packet to userspace. (How the packet can be received |
| 77 | by a userspace process differs by the particular queue handler. 2.4.x |
| 78 | and 2.6.x kernels up to 2.6.13 include the |
| 79 | .B |
| 80 | ip_queue |
| 81 | queue handler. Kernels 2.6.14 and later additionally include the |
| 82 | .B |
| 83 | nfnetlink_queue |
| 84 | queue handler. Packets with a target of QUEUE will be sent to queue number '0' |
| 85 | in this case. Please also see the |
| 86 | .B |
| 87 | NFQUEUE |
| 88 | target as described later in this man page.) |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 89 | .I RETURN |
| 90 | means stop traversing this chain and resume at the next rule in the |
| 91 | previous (calling) chain. If the end of a built-in chain is reached |
| 92 | or a rule in a built-in chain with target |
| 93 | .I RETURN |
| 94 | is matched, the target specified by the chain policy determines the |
| 95 | fate of the packet. |
| 96 | .SH TABLES |
| 97 | There are currently two independent tables (which tables are present |
| 98 | at any time depends on the kernel configuration options and which |
| 99 | modules are present), as nat table has not been implemented yet. |
| 100 | .TP |
| 101 | .BI "-t, --table " "table" |
| 102 | This option specifies the packet matching table which the command |
| 103 | should operate on. If the kernel is configured with automatic module |
| 104 | loading, an attempt will be made to load the appropriate module for |
| 105 | that table if it is not already there. |
| 106 | |
| 107 | The tables are as follows: |
| 108 | .RS |
| 109 | .TP .4i |
| 110 | .BR "filter" : |
| 111 | This is the default table (if no -t option is passed). It contains |
| 112 | the built-in chains |
| 113 | .B INPUT |
| 114 | (for packets coming into the box itself), |
| 115 | .B FORWARD |
| 116 | (for packets being routed through the box), and |
| 117 | .B OUTPUT |
| 118 | (for locally-generated packets). |
| 119 | .TP |
| 120 | .BR "mangle" : |
| 121 | This table is used for specialized packet alteration. Until kernel |
| 122 | 2.4.17 it had two built-in chains: |
| 123 | .B PREROUTING |
| 124 | (for altering incoming packets before routing) and |
| 125 | .B OUTPUT |
| 126 | (for altering locally-generated packets before routing). |
| 127 | Since kernel 2.4.18, three other built-in chains are also supported: |
| 128 | .B INPUT |
| 129 | (for packets coming into the box itself), |
| 130 | .B FORWARD |
| 131 | (for altering packets being routed through the box), and |
| 132 | .B POSTROUTING |
| 133 | (for altering packets as they are about to go out). |
Yasuyuki KOZAKAI | 28e5b79 | 2006-01-30 08:50:09 +0000 | [diff] [blame] | 134 | .TP |
| 135 | .BR "raw" : |
| 136 | This table is used mainly for configuring exemptions from connection |
| 137 | tracking in combination with the NOTRACK target. It registers at the netfilter |
| 138 | hooks with higher priority and is thus called before nf_conntrack, or any other |
| 139 | IP6 tables. It provides the following built-in chains: |
| 140 | .B PREROUTING |
| 141 | (for packets arriving via any network interface) |
| 142 | .B OUTPUT |
| 143 | (for packets generated by local processes) |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 144 | .RE |
| 145 | .SH OPTIONS |
| 146 | The options that are recognized by |
| 147 | .B ip6tables |
| 148 | can be divided into several different groups. |
| 149 | .SS COMMANDS |
| 150 | These options specify the specific action to perform. Only one of them |
| 151 | can be specified on the command line unless otherwise specified |
| 152 | below. For all the long versions of the command and option names, you |
| 153 | need to use only enough letters to ensure that |
| 154 | .B ip6tables |
| 155 | can differentiate it from all other options. |
| 156 | .TP |
| 157 | .BI "-A, --append " "chain rule-specification" |
| 158 | Append one or more rules to the end of the selected chain. |
| 159 | When the source and/or destination names resolve to more than one |
| 160 | address, a rule will be added for each possible address combination. |
| 161 | .TP |
| 162 | .BI "-D, --delete " "chain rule-specification" |
| 163 | .ns |
| 164 | .TP |
| 165 | .BI "-D, --delete " "chain rulenum" |
| 166 | Delete one or more rules from the selected chain. There are two |
| 167 | versions of this command: the rule can be specified as a number in the |
| 168 | chain (starting at 1 for the first rule) or a rule to match. |
| 169 | .TP |
| 170 | .B "-I, --insert" |
| 171 | Insert one or more rules in the selected chain as the given rule |
| 172 | number. So, if the rule number is 1, the rule or rules are inserted |
| 173 | at the head of the chain. This is also the default if no rule number |
| 174 | is specified. |
| 175 | .TP |
| 176 | .BI "-R, --replace " "chain rulenum rule-specification" |
| 177 | Replace a rule in the selected chain. If the source and/or |
| 178 | destination names resolve to multiple addresses, the command will |
| 179 | fail. Rules are numbered starting at 1. |
| 180 | .TP |
| 181 | .BR "-L, --list " "[\fIchain\fP]" |
| 182 | List all rules in the selected chain. If no chain is selected, all |
| 183 | chains are listed. As every other iptables command, it applies to the |
| 184 | specified table (filter is the default), so mangle rules get listed by |
| 185 | .nf |
| 186 | ip6tables -t mangle -n -L |
| 187 | .fi |
| 188 | Please note that it is often used with the |
| 189 | .B -n |
| 190 | option, in order to avoid long reverse DNS lookups. |
| 191 | It is legal to specify the |
| 192 | .B -Z |
| 193 | (zero) option as well, in which case the chain(s) will be atomically |
| 194 | listed and zeroed. The exact output is affected by the other |
| 195 | arguments given. The exact rules are suppressed until you use |
| 196 | .nf |
| 197 | ip6tables -L -v |
| 198 | .fi |
| 199 | .TP |
Henrik Nordstrom | 96296cf | 2008-05-13 13:08:26 +0200 | [diff] [blame^] | 200 | .BR "-S, --list-rules " "[\fIchain\fP]" |
| 201 | Print all rules in the selected chain. If no chain is selected, all |
| 202 | chains are printed like iptables-save. Like every other iptables command, |
| 203 | it applies to the specified table (filter is the default). |
| 204 | .TP |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 205 | .BR "-F, --flush " "[\fIchain\fP]" |
| 206 | Flush the selected chain (all the chains in the table if none is given). |
| 207 | This is equivalent to deleting all the rules one by one. |
| 208 | .TP |
| 209 | .BR "-Z, --zero " "[\fIchain\fP]" |
| 210 | Zero the packet and byte counters in all chains. It is legal to |
| 211 | specify the |
| 212 | .B "-L, --list" |
| 213 | (list) option as well, to see the counters immediately before they are |
| 214 | cleared. (See above.) |
| 215 | .TP |
| 216 | .BI "-N, --new-chain " "chain" |
| 217 | Create a new user-defined chain by the given name. There must be no |
| 218 | target of that name already. |
| 219 | .TP |
| 220 | .BR "-X, --delete-chain " "[\fIchain\fP]" |
| 221 | Delete the optional user-defined chain specified. There must be no references |
| 222 | to the chain. If there are, you must delete or replace the referring |
| 223 | rules before the chain can be deleted. If no argument is given, it |
| 224 | will attempt to delete every non-builtin chain in the table. |
| 225 | .TP |
| 226 | .BI "-P, --policy " "chain target" |
| 227 | Set the policy for the chain to the given target. See the section |
| 228 | .B TARGETS |
| 229 | for the legal targets. Only built-in (non-user-defined) chains can have |
| 230 | policies, and neither built-in nor user-defined chains can be policy |
| 231 | targets. |
| 232 | .TP |
| 233 | .BI "-E, --rename-chain " "old-chain new-chain" |
| 234 | Rename the user specified chain to the user supplied name. This is |
| 235 | cosmetic, and has no effect on the structure of the table. |
| 236 | .TP |
| 237 | .B -h |
| 238 | Help. |
| 239 | Give a (currently very brief) description of the command syntax. |
| 240 | .SS PARAMETERS |
| 241 | The following parameters make up a rule specification (as used in the |
| 242 | add, delete, insert, replace and append commands). |
| 243 | .TP |
| 244 | .BR "-p, --protocol " "[!] \fIprotocol\fP" |
| 245 | The protocol of the rule or of the packet to check. |
| 246 | The specified protocol can be one of |
| 247 | .IR tcp , |
| 248 | .IR udp , |
Yasuyuki KOZAKAI | 28e5b79 | 2006-01-30 08:50:09 +0000 | [diff] [blame] | 249 | .IR icmpv6 , |
| 250 | .IR esp , |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 251 | .IR all , |
| 252 | or it can be a numeric value, representing one of these protocols or a |
Yasuyuki KOZAKAI | 28e5b79 | 2006-01-30 08:50:09 +0000 | [diff] [blame] | 253 | different one. A protocol name from /etc/protocols is also allowed. |
| 254 | But IPv6 extension headers except |
| 255 | .IR esp |
| 256 | are not allowed. |
| 257 | .IR esp , |
| 258 | and |
| 259 | .IR ipv6-nonext |
| 260 | can be used with Kernel version 2.6.11 or later. |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 261 | A "!" argument before the protocol inverts the |
| 262 | test. The number zero is equivalent to |
| 263 | .IR all . |
| 264 | Protocol |
| 265 | .I all |
| 266 | will match with all protocols and is taken as default when this |
| 267 | option is omitted. |
| 268 | .TP |
| 269 | .BR "-s, --source " "[!] \fIaddress\fP[/\fImask\fP]" |
| 270 | Source specification. |
| 271 | .I Address |
| 272 | can be either a hostname (please note that specifying |
| 273 | any name to be resolved with a remote query such as DNS is a really bad idea), |
| 274 | a network IPv6 address (with /mask), or a plain IPv6 address. |
| 275 | (the network name isn't supported now). |
| 276 | The |
| 277 | .I mask |
| 278 | can be either a network mask or a plain number, |
| 279 | specifying the number of 1's at the left side of the network mask. |
| 280 | Thus, a mask of |
| 281 | .I 64 |
| 282 | is equivalent to |
| 283 | .IR ffff:ffff:ffff:ffff:0000:0000:0000:0000 . |
| 284 | A "!" argument before the address specification inverts the sense of |
| 285 | the address. The flag |
| 286 | .B --src |
| 287 | is an alias for this option. |
| 288 | .TP |
| 289 | .BR "-d, --destination " "[!] \fIaddress\fP[/\fImask\fP]" |
| 290 | Destination specification. |
| 291 | See the description of the |
| 292 | .B -s |
| 293 | (source) flag for a detailed description of the syntax. The flag |
| 294 | .B --dst |
| 295 | is an alias for this option. |
| 296 | .TP |
| 297 | .BI "-j, --jump " "target" |
| 298 | This specifies the target of the rule; i.e., what to do if the packet |
| 299 | matches it. The target can be a user-defined chain (other than the |
| 300 | one this rule is in), one of the special builtin targets which decide |
| 301 | the fate of the packet immediately, or an extension (see |
| 302 | .B EXTENSIONS |
| 303 | below). If this |
| 304 | option is omitted in a rule, then matching the rule will have no |
| 305 | effect on the packet's fate, but the counters on the rule will be |
| 306 | incremented. |
| 307 | .TP |
| 308 | .BR "-i, --in-interface " "[!] \fIname\fP" |
| 309 | Name of an interface via which a packet is going to be received (only for |
| 310 | packets entering the |
| 311 | .BR INPUT , |
| 312 | .B FORWARD |
| 313 | and |
| 314 | .B PREROUTING |
| 315 | chains). When the "!" argument is used before the interface name, the |
| 316 | sense is inverted. If the interface name ends in a "+", then any |
| 317 | interface which begins with this name will match. If this option is |
| 318 | omitted, any interface name will match. |
| 319 | .TP |
| 320 | .BR "-o, --out-interface " "[!] \fIname\fP" |
| 321 | Name of an interface via which a packet is going to be sent (for packets |
| 322 | entering the |
| 323 | .BR FORWARD |
| 324 | and |
| 325 | .B OUTPUT |
| 326 | chains). When the "!" argument is used before the interface name, the |
| 327 | sense is inverted. If the interface name ends in a "+", then any |
| 328 | interface which begins with this name will match. If this option is |
| 329 | omitted, any interface name will match. |
| 330 | .TP |
| 331 | .\" Currently not supported (header-based) |
| 332 | .\" |
| 333 | .\" .B "[!] " "-f, --fragment" |
| 334 | .\" This means that the rule only refers to second and further fragments |
| 335 | .\" of fragmented packets. Since there is no way to tell the source or |
| 336 | .\" destination ports of such a packet (or ICMP type), such a packet will |
| 337 | .\" not match any rules which specify them. When the "!" argument |
| 338 | .\" precedes the "-f" flag, the rule will only match head fragments, or |
| 339 | .\" unfragmented packets. |
| 340 | .\" .TP |
| 341 | .B "-c, --set-counters " "PKTS BYTES" |
| 342 | This enables the administrator to initialize the packet and byte |
| 343 | counters of a rule (during |
| 344 | .B INSERT, |
| 345 | .B APPEND, |
| 346 | .B REPLACE |
| 347 | operations). |
| 348 | .SS "OTHER OPTIONS" |
| 349 | The following additional options can be specified: |
| 350 | .TP |
| 351 | .B "-v, --verbose" |
| 352 | Verbose output. This option makes the list command show the interface |
| 353 | name, the rule options (if any), and the TOS masks. The packet and |
| 354 | byte counters are also listed, with the suffix 'K', 'M' or 'G' for |
| 355 | 1000, 1,000,000 and 1,000,000,000 multipliers respectively (but see |
| 356 | the |
| 357 | .B -x |
| 358 | flag to change this). |
| 359 | For appending, insertion, deletion and replacement, this causes |
| 360 | detailed information on the rule or rules to be printed. |
| 361 | .TP |
| 362 | .B "-n, --numeric" |
| 363 | Numeric output. |
| 364 | IP addresses and port numbers will be printed in numeric format. |
| 365 | By default, the program will try to display them as host names, |
| 366 | network names, or services (whenever applicable). |
| 367 | .TP |
| 368 | .B "-x, --exact" |
| 369 | Expand numbers. |
| 370 | Display the exact value of the packet and byte counters, |
| 371 | instead of only the rounded number in K's (multiples of 1000) |
| 372 | M's (multiples of 1000K) or G's (multiples of 1000M). This option is |
| 373 | only relevant for the |
| 374 | .B -L |
| 375 | command. |
| 376 | .TP |
| 377 | .B "--line-numbers" |
| 378 | When listing rules, add line numbers to the beginning of each rule, |
| 379 | corresponding to that rule's position in the chain. |
| 380 | .TP |
| 381 | .B "--modprobe=command" |
| 382 | When adding or inserting rules into a chain, use |
| 383 | .B command |
| 384 | to load any necessary modules (targets, match extensions, etc). |
| 385 | .SH MATCH EXTENSIONS |
| 386 | ip6tables can use extended packet matching modules. These are loaded |
| 387 | in two ways: implicitly, when |
| 388 | .B -p |
| 389 | or |
| 390 | .B --protocol |
| 391 | is specified, or with the |
| 392 | .B -m |
| 393 | or |
| 394 | .B --match |
| 395 | options, followed by the matching module name; after these, various |
| 396 | extra command line options become available, depending on the specific |
| 397 | module. You can specify multiple extended match modules in one line, |
| 398 | and you can use the |
| 399 | .B -h |
| 400 | or |
| 401 | .B --help |
| 402 | options after the module has been specified to receive help specific |
| 403 | to that module. |
| 404 | |
| 405 | The following are included in the base package, and most of these can |
| 406 | be preceded by a |
| 407 | .B ! |
| 408 | to invert the sense of the match. |
| 409 | .\" @MATCH@ |
| 410 | .SH TARGET EXTENSIONS |
| 411 | ip6tables can use extended target modules: the following are included |
| 412 | in the standard distribution. |
| 413 | .\" @TARGET@ |
| 414 | .SH DIAGNOSTICS |
| 415 | Various error messages are printed to standard error. The exit code |
| 416 | is 0 for correct functioning. Errors which appear to be caused by |
| 417 | invalid or abused command line parameters cause an exit code of 2, and |
| 418 | other errors cause an exit code of 1. |
| 419 | .SH BUGS |
| 420 | Bugs? What's this? ;-) |
| 421 | Well... the counters are not reliable on sparc64. |
| 422 | .SH COMPATIBILITY WITH IPCHAINS |
| 423 | This |
| 424 | .B ip6tables |
| 425 | is very similar to ipchains by Rusty Russell. The main difference is |
| 426 | that the chains |
| 427 | .B INPUT |
| 428 | and |
| 429 | .B OUTPUT |
| 430 | are only traversed for packets coming into the local host and |
| 431 | originating from the local host respectively. Hence every packet only |
| 432 | passes through one of the three chains (except loopback traffic, which |
| 433 | involves both INPUT and OUTPUT chains); previously a forwarded packet |
| 434 | would pass through all three. |
| 435 | .PP |
| 436 | The other main difference is that |
| 437 | .B -i |
| 438 | refers to the input interface; |
| 439 | .B -o |
| 440 | refers to the output interface, and both are available for packets |
| 441 | entering the |
| 442 | .B FORWARD |
| 443 | chain. |
| 444 | .\" .PP The various forms of NAT have been separated out; |
| 445 | .\" .B iptables |
| 446 | .\" is a pure packet filter when using the default `filter' table, with |
| 447 | .\" optional extension modules. This should simplify much of the previous |
| 448 | .\" confusion over the combination of IP masquerading and packet filtering |
| 449 | .\" seen previously. So the following options are handled differently: |
| 450 | .\" .br |
| 451 | .\" -j MASQ |
| 452 | .\" .br |
| 453 | .\" -M -S |
| 454 | .\" .br |
| 455 | .\" -M -L |
| 456 | .\" .br |
| 457 | There are several other changes in ip6tables. |
| 458 | .SH SEE ALSO |
| 459 | .BR ip6tables-save (8), |
| 460 | .BR ip6tables-restore(8), |
| 461 | .BR iptables (8), |
| 462 | .BR iptables-save (8), |
Harald Welte | 7bdfca4 | 2005-07-28 15:24:02 +0000 | [diff] [blame] | 463 | .BR iptables-restore (8), |
| 464 | .BR libipq (3). |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 465 | .P |
| 466 | The packet-filtering-HOWTO details iptables usage for |
| 467 | packet filtering, the NAT-HOWTO details NAT, |
| 468 | the netfilter-extensions-HOWTO details the extensions that are |
| 469 | not in the standard distribution, |
| 470 | and the netfilter-hacking-HOWTO details the netfilter internals. |
| 471 | .br |
| 472 | See |
| 473 | .BR "http://www.netfilter.org/" . |
| 474 | .SH AUTHORS |
| 475 | Rusty Russell wrote iptables, in early consultation with Michael |
| 476 | Neuling. |
| 477 | .PP |
| 478 | Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet |
| 479 | selection framework in iptables, then wrote the mangle table, the owner match, |
| 480 | the mark stuff, and ran around doing cool stuff everywhere. |
| 481 | .PP |
| 482 | James Morris wrote the TOS target, and tos match. |
| 483 | .PP |
| 484 | Jozsef Kadlecsik wrote the REJECT target. |
| 485 | .PP |
Jan Engelhardt | 6cf172e | 2008-03-10 17:48:59 +0100 | [diff] [blame] | 486 | Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as TTL match+target and libipulog. |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 487 | .PP |
Patrick McHardy | 110a89a | 2007-01-28 01:24:55 +0000 | [diff] [blame] | 488 | The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Yasuyuki Kozakai, |
Yasuyuki KOZAKAI | e605d76 | 2007-02-15 06:41:58 +0000 | [diff] [blame] | 489 | Jozsef Kadlecsik, Patrick McHardy, James Morris, Pablo Neira Ayuso, |
| 490 | Harald Welte and Rusty Russell. |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 491 | .PP |
| 492 | ip6tables man page created by Andras Kis-Szabo, based on |
| 493 | iptables man page written by Herve Eychenne <rv@wallfire.org>. |
| 494 | .\" .. and did I mention that we are incredibly cool people? |
| 495 | .\" .. sexy, too .. |
| 496 | .\" .. witty, charming, powerful .. |
| 497 | .\" .. and most of all, modest .. |