msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2012-05-09 02:21+0900\n"
+"POT-Creation-Date: 2012-05-10 06:40+0900\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
msgstr ""
#
-#. Man page written by Herve Eychenne <rv@wallfire.org> (May 1999)
-#. It is based on ipchains page.
-#. TODO: add a word for protocol helpers (FTP, IRC, SNMP-ALG)
-#
-#. ipchains page by Paul ``Rusty'' Russell March 1997
-#. Based on the original ipfwadm man page by Jos Vos <jos@xos.nl>
+#. Man page written by Sam Liddicott <azez@ufomechanic.net>
+#. It is based on the iptables-save man page.
#
#. This program is free software; you can redistribute it and/or modify
#. it under the terms of the GNU General Public License as published by
#. along with this program; if not, write to the Free Software
#. Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#. type: SH
-#: original/man8/ip6tables-restore.8:21 original/man8/ip6tables-save.8:21 original/man8/ip6tables.8:27 original/man8/iptables-restore.8:21 original/man8/iptables-save.8:21 original/man8/iptables.8:25
+#: original/man8/ip6tables-restore.8:21 original/man8/ip6tables-save.8:21 original/man8/ip6tables.8:27 original/man8/iptables-restore.8:21 original/man8/iptables-save.8:21 original/man8/iptables.8:25 original/man8/iptables-apply.8:8 original/man1/iptables-xml.1:21
#, no-wrap
msgid "NAME"
msgstr ""
#. type: Plain text
#: original/man8/ip6tables-restore.8:23
-msgid "ip6tables-restore - Restore IPv6 Tables"
+msgid "ip6tables-restore \\(em Restore IPv6 Tables"
msgstr ""
#. type: SH
-#: original/man8/ip6tables-restore.8:23 original/man8/ip6tables-save.8:23 original/man8/ip6tables.8:29 original/man8/iptables-restore.8:23 original/man8/iptables-save.8:23 original/man8/iptables.8:27
+#: original/man8/ip6tables-restore.8:23 original/man8/ip6tables-save.8:23 original/man8/ip6tables.8:29 original/man8/iptables-restore.8:23 original/man8/iptables-save.8:23 original/man8/iptables.8:27 original/man8/iptables-apply.8:10 original/man1/iptables-xml.1:23
#, no-wrap
msgid "SYNOPSIS"
msgstr ""
#. type: Plain text
#: original/man8/ip6tables-restore.8:25
-msgid "B<ip6tables-restore >[-c] [-n]"
+msgid "B<ip6tables-restore> [B<-c>] [B<-n>]"
msgstr ""
#. type: SH
-#: original/man8/ip6tables-restore.8:26 original/man8/ip6tables-save.8:26 original/man8/ip6tables.8:47 original/man8/iptables-restore.8:26 original/man8/iptables-save.8:26 original/man8/iptables.8:45
+#: original/man8/ip6tables-restore.8:25 original/man8/ip6tables-save.8:26 original/man8/ip6tables.8:55 original/man8/iptables-restore.8:25 original/man8/iptables-save.8:26 original/man8/iptables.8:54 original/man8/iptables-apply.8:12 original/man1/iptables-xml.1:25
#, no-wrap
msgid "DESCRIPTION"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables-restore.8:31
+#: original/man8/ip6tables-restore.8:30
msgid ""
"B<ip6tables-restore> is used to restore IPv6 Tables from data specified on "
"STDIN. Use I/O redirection provided by your shell to read from a file"
msgstr ""
#. type: TP
-#: original/man8/ip6tables-restore.8:31 original/man8/ip6tables-save.8:31 original/man8/iptables-restore.8:31 original/man8/iptables-save.8:31
+#: original/man8/ip6tables-restore.8:30 original/man8/ip6tables-save.8:35 original/man8/iptables-restore.8:30 original/man8/iptables-save.8:35
#, no-wrap
msgid "B<-c>, B<--counters>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34
+#: original/man8/ip6tables-restore.8:33 original/man8/iptables-restore.8:33
msgid "restore the values of all packet and byte counters"
msgstr ""
#. type: TP
-#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34
+#: original/man8/ip6tables-restore.8:33 original/man8/iptables-restore.8:33
#, no-wrap
msgid "B<-n>, B<--noflush> "
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables-restore.8:39
+#: original/man8/ip6tables-restore.8:36
+msgid "don't flush the previous contents of the table. If not specified,"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables-restore.8:36 original/man8/iptables-restore.8:38
+#, no-wrap
+msgid "B<-T>, B<--table> I<name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:41
msgid ""
-"don't flush the previous contents of the table. If not specified, "
+"Restore only the named table even if the input stream contains other ones. "
"B<ip6tables-restore> flushes (deletes) all previous contents of the "
"respective IPv6 Table."
msgstr ""
#. type: SH
-#: original/man8/ip6tables-restore.8:39 original/man8/ip6tables-save.8:38 original/man8/ip6tables.8:745 original/man8/iptables-restore.8:39 original/man8/iptables-save.8:38 original/man8/iptables.8:1000
+#: original/man8/ip6tables-restore.8:41 original/man8/ip6tables-save.8:42 original/man8/ip6tables.8:2447 original/man8/iptables-restore.8:41 original/man8/iptables-save.8:42 original/man8/iptables.8:2606 original/man1/iptables-xml.1:82
#, no-wrap
msgid "BUGS"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables-restore.8:41 original/man8/ip6tables-save.8:40 original/man8/iptables-restore.8:41 original/man8/iptables-save.8:40
+#: original/man8/ip6tables-restore.8:43 original/man8/ip6tables-save.8:44 original/man8/iptables-restore.8:43 original/man8/iptables-save.8:44
msgid "None known as of iptables-1.2.1 release"
msgstr ""
#. type: SH
-#: original/man8/ip6tables-restore.8:41 original/man8/ip6tables-save.8:40 original/man8/ip6tables.8:799 original/man8/iptables.8:1053
+#: original/man8/ip6tables-restore.8:43 original/man8/ip6tables-save.8:44 original/man8/ip6tables.8:2480 original/man8/iptables.8:2650
#, no-wrap
msgid "AUTHORS"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables-restore.8:43 original/man8/ip6tables-save.8:42 original/man8/iptables-restore.8:43 original/man8/iptables-save.8:42
+#: original/man8/ip6tables-restore.8:45 original/man8/ip6tables-save.8:46 original/man8/iptables-restore.8:45 original/man8/iptables-save.8:46
msgid "Harald Welte E<lt>laforge@gnumonks.orgE<gt>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables-restore.8:45 original/man8/ip6tables-save.8:44
+#: original/man8/ip6tables-restore.8:47 original/man8/ip6tables-save.8:48
msgid "Andras Kis-Szabo E<lt>kisza@sch.bme.huE<gt>"
msgstr ""
#. type: SH
-#: original/man8/ip6tables-restore.8:45 original/man8/ip6tables-save.8:44 original/man8/ip6tables.8:784 original/man8/iptables-restore.8:43 original/man8/iptables-save.8:42 original/man8/iptables.8:1038
+#: original/man8/ip6tables-restore.8:47 original/man8/ip6tables-save.8:48 original/man8/ip6tables.8:2464 original/man8/iptables-restore.8:45 original/man8/iptables-save.8:46 original/man8/iptables.8:2634 original/man8/iptables-apply.8:34 original/man1/iptables-xml.1:86
#, no-wrap
msgid "SEE ALSO"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables-restore.8:47
+#: original/man8/ip6tables-restore.8:49
msgid "B<ip6tables-save>(8), B<ip6tables>(8)"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables-restore.8:50 original/man8/ip6tables-save.8:49 original/man8/iptables-restore.8:48 original/man8/iptables-save.8:47
+#: original/man8/ip6tables-restore.8:52 original/man8/ip6tables-save.8:53 original/man8/iptables-restore.8:50 original/man8/iptables-save.8:51
msgid ""
"The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which "
"details NAT, and the netfilter-hacking-HOWTO which details the internals."
#. type: Plain text
#: original/man8/ip6tables-save.8:23
-msgid "ip6tables-save - Save IPv6 Tables"
+msgid "ip6tables-save \\(em dump iptables rules to stdout"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables-save.8:25
-msgid "B<ip6tables-save >[-c] [-t table]"
+#: original/man8/ip6tables-save.8:26
+msgid "B<ip6tables-save> [B<-M> I<modprobe>] [B<-c>] [B<-t> I<table>"
msgstr ""
#. type: Plain text
"write to a file."
msgstr ""
+#. type: TP
+#: original/man8/ip6tables-save.8:31 original/man8/iptables-save.8:31
+#, no-wrap
+msgid "B<-M> I<modprobe_program>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables-save.8:35 original/man8/iptables-save.8:35
+msgid ""
+"Specify the path to the modprobe program. By default, iptables-save will "
+"inspect /proc/sys/kernel/modprobe to determine the executable's path."
+msgstr ""
+
#. type: Plain text
-#: original/man8/ip6tables-save.8:34 original/man8/iptables-save.8:34
+#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38
msgid "include the current values of all packet and byte counters in the output"
msgstr ""
#. type: TP
-#: original/man8/ip6tables-save.8:34 original/man8/iptables-save.8:34
+#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38
#, no-wrap
-msgid "B<-t>, B<--table> B<tablename>"
+msgid "B<-t>, B<--table> I<tablename>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38
+#: original/man8/ip6tables-save.8:42 original/man8/iptables-save.8:42
msgid ""
"restrict output to only one table. If not specified, output includes all "
"available tables."
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables-save.8:46
+#: original/man8/ip6tables-save.8:50
msgid "B<ip6tables-restore>(8), B<ip6tables>(8)"
msgstr ""
msgstr ""
#. type: TH
-#: original/man8/ip6tables.8:1 original/man8/iptables.8:1
+#: original/man8/ip6tables.8:1 original/man8/ip6tables.8:1 original/man8/iptables.8:1 original/man8/iptables.8:1
#, no-wrap
-msgid "Mar 09, 2002"
+msgid "iptables 1.4.13"
msgstr ""
#. type: Plain text
#: original/man8/ip6tables.8:29
-msgid "ip6tables - IPv6 packet filter administration"
+msgid "ip6tables \\(em IPv6 packet filter administration"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:31
-msgid "B<ip6tables [-t table] -[AD] >chain rule-specification [options]"
+#: original/man8/ip6tables.8:32
+msgid ""
+"B<ip6tables> [B<-t> I<table>] {B<-A>|B<-C>|B<-D>} I<chain "
+"rule-specification> [I<options...>]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:33
-msgid "B<ip6tables [-t table] -I >chain [rulenum] rule-specification [options]"
+#: original/man8/ip6tables.8:35
+msgid ""
+"B<ip6tables> [B<-t> I<table>] B<-I> I<chain> [I<rulenum>] "
+"I<rule-specification> [I<options...>]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:35
-msgid "B<ip6tables [-t table] -R >chain rulenum rule-specification [options]"
+#: original/man8/ip6tables.8:38
+msgid ""
+"B<ip6tables> [B<-t> I<table>] B<-R> I<chain rulenum rule-specification> "
+"[I<options...>]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:37
-msgid "B<ip6tables [-t table] -D >chain rulenum [options]"
+#: original/man8/ip6tables.8:41
+msgid "B<ip6tables> [B<-t> I<table>] B<-D> I<chain rulenum> [I<options...>]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:39
-msgid "B<ip6tables [-t table] -[LFZ] >[chain] [options]"
+#: original/man8/ip6tables.8:43
+msgid "B<ip6tables> [B<-t> I<table>] B<-S> [I<chain> [I<rulenum>]]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:41
-msgid "B<ip6tables [-t table] -N >chain"
+#: original/man8/ip6tables.8:46
+msgid ""
+"B<ip6tables> [B<-t> I<table>] {B<-F>|B<-L>|B<-Z>} [I<chain> [I<rulenum>]] "
+"[I<options...>]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:43
-msgid "B<ip6tables [-t table] -X >[chain]"
+#: original/man8/ip6tables.8:48
+msgid "B<ip6tables> [B<-t> I<table>] B<-N> I<chain>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:45
-msgid "B<ip6tables [-t table] -P >chain target [options]"
+#: original/man8/ip6tables.8:50
+msgid "B<ip6tables> [B<-t> I<table>] B<-X> [I<chain>]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:47
-msgid "B<ip6tables [-t table] -E >old-chain-name new-chain-name"
+#: original/man8/ip6tables.8:53
+msgid "B<ip6tables> [B<-t> I<table>] B<-P> I<chain target> [I<options...>]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:53
+#: original/man8/ip6tables.8:55
+msgid "B<ip6tables> [B<-t> I<table>] B<-E> I<old-chain-name new-chain-name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:61
msgid ""
"B<Ip6tables> is used to set up, maintain, and inspect the tables of IPv6 "
"packet filter rules in the Linux kernel. Several different tables may be "
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:58 original/man8/iptables.8:56
+#: original/man8/ip6tables.8:66 original/man8/iptables.8:65
msgid ""
"Each chain is a list of rules which can match a set of packets. Each rule "
"specifies what to do with a packet that matches. This is called a `target', "
msgstr ""
#. type: SH
-#: original/man8/ip6tables.8:59 original/man8/iptables.8:57
+#: original/man8/ip6tables.8:66 original/man8/iptables.8:65
#, no-wrap
msgid "TARGETS"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:70 original/man8/iptables.8:68
+#: original/man8/ip6tables.8:72 original/man8/iptables.8:71
msgid ""
-"A firewall rule specifies criteria for a packet, and a target. If the "
-"packet does not match, the next rule in the chain is the examined; if it "
-"does match, then the next rule is specified by the value of the target, "
-"which can be the name of a user-defined chain or one of the special values "
-"I<ACCEPT>, I<DROP>, I<QUEUE>, or I<RETURN>."
+"A firewall rule specifies criteria for a packet and a target. If the packet "
+"does not match, the next rule in the chain is the examined; if it does "
+"match, then the next rule is specified by the value of the target, which can "
+"be the name of a user-defined chain or one of the special values B<ACCEPT>, "
+"B<DROP>, B<QUEUE> or B<RETURN>."
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:84 original/man8/iptables.8:82
+#: original/man8/ip6tables.8:89 original/man8/iptables.8:88
msgid ""
-"I<ACCEPT> means to let the packet through. I<DROP> means to drop the packet "
-"on the floor. I<QUEUE> means to pass the packet to userspace (if supported "
-"by the kernel). I<RETURN> means stop traversing this chain and resume at "
-"the next rule in the previous (calling) chain. If the end of a built-in "
-"chain is reached or a rule in a built-in chain with target I<RETURN> is "
-"matched, the target specified by the chain policy determines the fate of the "
-"packet."
+"B<ACCEPT> means to let the packet through. B<DROP> means to drop the packet "
+"on the floor. B<QUEUE> means to pass the packet to userspace. (How the "
+"packet can be received by a userspace process differs by the particular "
+"queue handler. 2.4.x and 2.6.x kernels up to 2.6.13 include the B<ip_queue> "
+"queue handler. Kernels 2.6.14 and later additionally include the "
+"B<nfnetlink_queue> queue handler. Packets with a target of QUEUE will be "
+"sent to queue number '0' in this case. Please also see the B<NFQUEUE> target "
+"as described later in this man page.) B<RETURN> means stop traversing this "
+"chain and resume at the next rule in the previous (calling) chain. If the "
+"end of a built-in chain is reached or a rule in a built-in chain with target "
+"B<RETURN> is matched, the target specified by the chain policy determines "
+"the fate of the packet."
msgstr ""
#. type: SH
-#: original/man8/ip6tables.8:84 original/man8/iptables.8:82
+#: original/man8/ip6tables.8:89 original/man8/iptables.8:88
#, no-wrap
msgid "TABLES"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:88
+#: original/man8/ip6tables.8:93 original/man8/iptables.8:92
msgid ""
-"There are currently two independent tables (which tables are present at any "
-"time depends on the kernel configuration options and which modules are "
-"present), as nat table has not been implemented yet."
+"There are currently three independent tables (which tables are present at "
+"any time depends on the kernel configuration options and which modules are "
+"present)."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:88 original/man8/iptables.8:86
+#: original/man8/ip6tables.8:93 original/man8/iptables.8:92
#, no-wrap
-msgid "B<-t, --table >I<table>"
+msgid "B<-t>, B<--table> I<table>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:94 original/man8/iptables.8:92
+#: original/man8/ip6tables.8:99 original/man8/iptables.8:98
msgid ""
"This option specifies the packet matching table which the command should "
"operate on. If the kernel is configured with automatic module loading, an "
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:96 original/man8/iptables.8:94
+#: original/man8/ip6tables.8:101 original/man8/iptables.8:100
msgid "The tables are as follows:"
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:97 original/man8/iptables.8:95
+#: original/man8/ip6tables.8:102 original/man8/iptables.8:101
#, no-wrap
msgid "B<filter>:"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:107 original/man8/iptables.8:105
+#: original/man8/ip6tables.8:108 original/man8/iptables.8:107
msgid ""
-"This is the default table (if no -t option is passed). It contains the "
-"built-in chains B<INPUT> (for packets coming into the box itself), "
-"B<FORWARD> (for packets being routed through the box), and B<OUTPUT> (for "
+"This is the default table (if no -t option is passed). It contains the "
+"built-in chains B<INPUT> (for packets destined to local sockets), B<FORWARD> "
+"(for packets being routed through the box), and B<OUTPUT> (for "
"locally-generated packets)."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:107 original/man8/iptables.8:115
+#: original/man8/ip6tables.8:108 original/man8/iptables.8:114
#, no-wrap
msgid "B<mangle>:"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:122 original/man8/iptables.8:130
+#: original/man8/ip6tables.8:118 original/man8/iptables.8:124
msgid ""
"This table is used for specialized packet alteration. Until kernel 2.4.17 "
"it had two built-in chains: B<PREROUTING> (for altering incoming packets "
"altering packets as they are about to go out)."
msgstr ""
+#. type: TP
+#: original/man8/ip6tables.8:118 original/man8/iptables.8:124
+#, no-wrap
+msgid "B<raw>:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:126 original/man8/iptables.8:132
+msgid ""
+"This table is used mainly for configuring exemptions from connection "
+"tracking in combination with the NOTRACK target. It registers at the "
+"netfilter hooks with higher priority and is thus called before ip_conntrack, "
+"or any other IP tables. It provides the following built-in chains: "
+"B<PREROUTING> (for packets arriving via any network interface) B<OUTPUT> "
+"(for packets generated by local processes)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:126 original/man8/iptables.8:132
+#, no-wrap
+msgid "B<security>:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:137 original/man8/iptables.8:143
+msgid ""
+"This table is used for Mandatory Access Control (MAC) networking rules, such "
+"as those enabled by the B<SECMARK> and B<CONNSECMARK> targets. Mandatory "
+"Access Control is implemented by Linux Security Modules such as SELinux. "
+"The security table is called after the filter table, allowing any "
+"Discretionary Access Control (DAC) rules in the filter table to take effect "
+"before MAC rules. This table provides the following built-in chains: "
+"B<INPUT> (for packets coming into the box itself), B<OUTPUT> (for altering "
+"locally-generated packets before routing), and B<FORWARD> (for altering "
+"packets being routed through the box)."
+msgstr ""
+
#. type: SH
-#: original/man8/ip6tables.8:123 original/man8/iptables.8:131
+#: original/man8/ip6tables.8:138 original/man8/iptables.8:144 original/man8/iptables-apply.8:23
#, no-wrap
msgid "OPTIONS"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:127
+#: original/man8/ip6tables.8:141
msgid ""
"The options that are recognized by B<ip6tables> can be divided into several "
"different groups."
msgstr ""
#. type: SS
-#: original/man8/ip6tables.8:127 original/man8/iptables.8:135
+#: original/man8/ip6tables.8:141 original/man8/iptables.8:147
#, no-wrap
msgid "COMMANDS"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:134
+#: original/man8/ip6tables.8:147
msgid ""
"These options specify the specific action to perform. Only one of them can "
"be specified on the command line unless otherwise specified below. For all "
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:134 original/man8/iptables.8:142
+#: original/man8/ip6tables.8:147 original/man8/ip6tables.8:230 original/man8/iptables.8:153
#, no-wrap
-msgid "B<-A, --append >I<chain rule-specification>"
+msgid "B<-A>, B<--append> I<chain rule-specification>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:139 original/man8/iptables.8:147
+#: original/man8/ip6tables.8:152 original/man8/ip6tables.8:235 original/man8/iptables.8:158
msgid ""
"Append one or more rules to the end of the selected chain. When the source "
"and/or destination names resolve to more than one address, a rule will be "
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:139 original/man8/iptables.8:147
+#: original/man8/ip6tables.8:152 original/man8/iptables.8:158
+#, no-wrap
+msgid "B<-C>, B<--check> I<chain rule-specification>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:158 original/man8/iptables.8:164
+msgid ""
+"Check whether a rule matching the specification does exist in the selected "
+"chain. This command uses the same logic as B<-D> to find a matching entry, "
+"but does not alter the existing iptables configuration and uses its exit "
+"code to indicate success or failure."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:158 original/man8/iptables.8:164
#, no-wrap
-msgid "B<-D, --delete >I<chain rule-specification>"
+msgid "B<-D>, B<--delete> I<chain rule-specification>"
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:142 original/man8/iptables.8:150
+#: original/man8/ip6tables.8:161 original/man8/iptables.8:167
#, no-wrap
-msgid "B<-D, --delete >I<chain rulenum>"
+msgid "B<-D>, B<--delete> I<chain rulenum>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:147 original/man8/iptables.8:155
+#: original/man8/ip6tables.8:166 original/man8/iptables.8:172
msgid ""
"Delete one or more rules from the selected chain. There are two versions of "
"this command: the rule can be specified as a number in the chain (starting "
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:147
+#: original/man8/ip6tables.8:166 original/man8/iptables.8:172
#, no-wrap
-msgid "B<-I, --insert>"
+msgid "B<-I>, B<--insert> I<chain> [I<rulenum>] I<rule-specification>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:153 original/man8/iptables.8:161
+#: original/man8/ip6tables.8:172 original/man8/iptables.8:178
msgid ""
"Insert one or more rules in the selected chain as the given rule number. "
"So, if the rule number is 1, the rule or rules are inserted at the head of "
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:153 original/man8/iptables.8:161
+#: original/man8/ip6tables.8:172 original/man8/iptables.8:178
#, no-wrap
-msgid "B<-R, --replace >I<chain rulenum rule-specification>"
+msgid "B<-R>, B<--replace> I<chain rulenum rule-specification>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:158 original/man8/iptables.8:166
+#: original/man8/ip6tables.8:177 original/man8/iptables.8:183
msgid ""
"Replace a rule in the selected chain. If the source and/or destination "
"names resolve to multiple addresses, the command will fail. Rules are "
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:158 original/man8/iptables.8:166
+#: original/man8/ip6tables.8:177 original/man8/iptables.8:183
#, no-wrap
-msgid "B<-L, --list >[I<chain>]"
+msgid "B<-L>, B<--list> [I<chain>]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:163
+#: original/man8/ip6tables.8:182
msgid ""
"List all rules in the selected chain. If no chain is selected, all chains "
-"are listed. As every other iptables command, it applies to the specified "
-"table (filter is the default), so mangle rules get listed by"
-msgstr ""
-
-#. type: Plain text
-#: original/man8/ip6tables.8:165
-#, no-wrap
-msgid " ip6tables -t mangle -n -L\n"
+"are listed. Like every other ip6tables command, it applies to the specified "
+"table (filter is the default)."
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:174 original/man8/iptables.8:182
+#: original/man8/ip6tables.8:189 original/man8/iptables.8:197
msgid ""
"Please note that it is often used with the B<-n> option, in order to avoid "
"long reverse DNS lookups. It is legal to specify the B<-Z> (zero) option as "
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:176
+#: original/man8/ip6tables.8:191
#, no-wrap
msgid " ip6tables -L -v\n"
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:177 original/man8/iptables.8:185
+#: original/man8/ip6tables.8:192 original/man8/iptables.8:200
+#, no-wrap
+msgid "B<-S>, B<--list-rules> [I<chain>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:197
+msgid ""
+"Print all rules in the selected chain. If no chain is selected, all chains "
+"are printed like ip6tables-save. Like every other ip6tables command, it "
+"applies to the specified table (filter is the default)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:197 original/man8/iptables.8:205
#, no-wrap
-msgid "B<-F, --flush >[I<chain>]"
+msgid "B<-F>, B<--flush> [I<chain>]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:181 original/man8/iptables.8:189
+#: original/man8/ip6tables.8:201 original/man8/iptables.8:209
msgid ""
"Flush the selected chain (all the chains in the table if none is given). "
"This is equivalent to deleting all the rules one by one."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:181 original/man8/iptables.8:189
+#: original/man8/ip6tables.8:201 original/man8/iptables.8:209
#, no-wrap
-msgid "B<-Z, --zero >[I<chain>]"
+msgid "B<-Z>, B<--zero> [I<chain> [I<rulenum>]]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:188 original/man8/iptables.8:196
+#: original/man8/ip6tables.8:209 original/man8/iptables.8:217
msgid ""
-"Zero the packet and byte counters in all chains. It is legal to specify the "
-"B<-L, --list> (list) option as well, to see the counters immediately before "
-"they are cleared. (See above.)"
+"Zero the packet and byte counters in all chains, or only the given chain, or "
+"only the given rule in a chain. It is legal to specify the B<-L>, B<--list> "
+"(list) option as well, to see the counters immediately before they are "
+"cleared. (See above.)"
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:188 original/man8/iptables.8:196
+#: original/man8/ip6tables.8:209 original/man8/iptables.8:217
#, no-wrap
-msgid "B<-N, --new-chain >I<chain>"
+msgid "B<-N>, B<--new-chain> I<chain>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:192 original/man8/iptables.8:200
+#: original/man8/ip6tables.8:213 original/man8/iptables.8:221
msgid ""
"Create a new user-defined chain by the given name. There must be no target "
"of that name already."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:192 original/man8/iptables.8:200
+#: original/man8/ip6tables.8:213 original/man8/iptables.8:221
#, no-wrap
-msgid "B<-X, --delete-chain >[I<chain>]"
+msgid "B<-X>, B<--delete-chain> [I<chain>]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:198 original/man8/iptables.8:206
+#: original/man8/ip6tables.8:220 original/man8/iptables.8:228
msgid ""
"Delete the optional user-defined chain specified. There must be no "
"references to the chain. If there are, you must delete or replace the "
-"referring rules before the chain can be deleted. If no argument is given, "
-"it will attempt to delete every non-builtin chain in the table."
+"referring rules before the chain can be deleted. The chain must be empty, "
+"i.e. not contain any rules. If no argument is given, it will attempt to "
+"delete every non-builtin chain in the table."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:198 original/man8/iptables.8:206
+#: original/man8/ip6tables.8:220 original/man8/iptables.8:228
#, no-wrap
-msgid "B<-P, --policy >I<chain target>"
+msgid "B<-P>, B<--policy> I<chain target>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:205 original/man8/iptables.8:213
+#: original/man8/ip6tables.8:226 original/man8/iptables.8:234
msgid ""
"Set the policy for the chain to the given target. See the section "
"B<TARGETS> for the legal targets. Only built-in (non-user-defined) chains "
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:205 original/man8/iptables.8:213
+#: original/man8/ip6tables.8:226 original/man8/iptables.8:234
#, no-wrap
-msgid "B<-E, --rename-chain >I<old-chain new-chain>"
+msgid "B<-E>, B<--rename-chain> I<old-chain new-chain>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:209 original/man8/iptables.8:217
+#: original/man8/ip6tables.8:230 original/man8/iptables.8:238
msgid ""
"Rename the user specified chain to the user supplied name. This is "
"cosmetic, and has no effect on the structure of the table."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:209 original/man8/iptables.8:217
+#: original/man8/ip6tables.8:235 original/man8/iptables.8:238
#, no-wrap
msgid "B<-h>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:213 original/man8/iptables.8:221
+#: original/man8/ip6tables.8:239 original/man8/iptables.8:242
msgid "Help. Give a (currently very brief) description of the command syntax."
msgstr ""
#. type: SS
-#: original/man8/ip6tables.8:213 original/man8/iptables.8:221
+#: original/man8/ip6tables.8:239 original/man8/iptables.8:242
#, no-wrap
msgid "PARAMETERS"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:216 original/man8/iptables.8:224
+#: original/man8/ip6tables.8:242 original/man8/iptables.8:245
msgid ""
"The following parameters make up a rule specification (as used in the add, "
"delete, insert, replace and append commands)."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:216 original/man8/iptables.8:224
+#: original/man8/ip6tables.8:242 original/man8/iptables.8:245
#, no-wrap
-msgid "B<-p, --protocol >[!] I<protocol>"
+msgid "[B<!>] B<-p>, B<--protocol> I<protocol>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:234
+#: original/man8/ip6tables.8:260
msgid ""
"The protocol of the rule or of the packet to check. The specified protocol "
-"can be one of I<tcp>, I<udp>, I<ipv6-icmp|icmpv6>, or I<all>, or it can be a "
-"numeric value, representing one of these protocols or a different one. A "
-"protocol name from /etc/protocols is also allowed. A \"!\" argument before "
-"the protocol inverts the test. The number zero is equivalent to I<all>. "
-"Protocol I<all> will match with all protocols and is taken as default when "
-"this option is omitted."
+"can be one of B<tcp>, B<udp>, B<udplite>, B<icmpv6>, B<esp>, B<mh> or the "
+"special keyword \"B<all>\", or it can be a numeric value, representing one "
+"of these protocols or a different one. A protocol name from /etc/protocols "
+"is also allowed. But IPv6 extension headers except B<esp> are not allowed. "
+"B<esp> and B<ipv6-nonext> can be used with Kernel version 2.6.11 or later. "
+"A \"!\" argument before the protocol inverts the test. The number zero is "
+"equivalent to B<all>, which means that you cannot test the protocol field "
+"for the value 0 directly. To match on a HBH header, even if it were the "
+"last, you cannot use B<-p 0>, but always need B<-m hbh>. \"B<all>\" will "
+"match with all protocols and is taken as default when this option is "
+"omitted."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:234 original/man8/iptables.8:242
+#: original/man8/ip6tables.8:260
#, no-wrap
-msgid "B<-s, --source >[!] I<address>[/I<mask>]"
+msgid "[B<!>] B<-s>, B<--source> I<address>[B</>I<mask>]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:254
+#: original/man8/ip6tables.8:277
msgid ""
-"Source specification. I<Address> can be either a hostname (please note that "
+"Source specification. I<Address> can be either be a hostname, a network IP "
+"address (with B</>I<mask>), or a plain IP address. Names will be resolved "
+"once only, before the rule is submitted to the kernel. Please note that "
"specifying any name to be resolved with a remote query such as DNS is a "
-"really bad idea), a network IPv6 address (with /mask), or a plain IPv6 "
-"address. (the network name isn't supported now). The I<mask> can be either "
-"a network mask or a plain number, specifying the number of 1's at the left "
-"side of the network mask. Thus, a mask of I<64> is equivalent to "
-"I<ffff:ffff:ffff:ffff:0000:0000:0000:0000>. A \"!\" argument before the "
-"address specification inverts the sense of the address. The flag B<--src> is "
-"an alias for this option."
+"really bad idea. (Resolving network names is not supported at this time.) "
+"The I<mask> is a plain number, specifying the number of 1's at the left side "
+"of the network mask. A \"!\" argument before the address specification "
+"inverts the sense of the address. The flag B<--src> is an alias for this "
+"option. Multiple addresses can be specified, but this will B<expand to "
+"multiple rules> (when adding with -A), or will cause multiple rules to be "
+"deleted (with -D)."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:254 original/man8/iptables.8:261
+#: original/man8/ip6tables.8:277
#, no-wrap
-msgid "B<-d, --destination >[!] I<address>[/I<mask>]"
+msgid "[B<!>] B<-d>, B<--destination> I<address>[B</>I<mask>]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:262 original/man8/iptables.8:269
+#: original/man8/ip6tables.8:283 original/man8/iptables.8:279
msgid ""
"Destination specification. See the description of the B<-s> (source) flag "
"for a detailed description of the syntax. The flag B<--dst> is an alias for "
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:262 original/man8/iptables.8:269
+#: original/man8/ip6tables.8:283 original/man8/iptables.8:279
#, no-wrap
-msgid "B<-j, --jump >I<target>"
+msgid "B<-j>, B<--jump> I<target>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:273 original/man8/iptables.8:280
+#: original/man8/ip6tables.8:294 original/man8/iptables.8:290
msgid ""
"This specifies the target of the rule; i.e., what to do if the packet "
"matches it. The target can be a user-defined chain (other than the one this "
"rule is in), one of the special builtin targets which decide the fate of the "
"packet immediately, or an extension (see B<EXTENSIONS> below). If this "
-"option is omitted in a rule, then matching the rule will have no effect on "
-"the packet's fate, but the counters on the rule will be incremented."
+"option is omitted in a rule (and B<-g> is not used), then matching the rule "
+"will have no effect on the packet's fate, but the counters on the rule will "
+"be incremented."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:294 original/man8/iptables.8:290
+#, no-wrap
+msgid "B<-g>, B<--goto> I<chain>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:300 original/man8/iptables.8:296
+msgid ""
+"This specifies that the processing should continue in a user specified "
+"chain. Unlike the --jump option return will not continue processing in this "
+"chain but instead in the chain that called us via --jump."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:273 original/man8/iptables.8:280
+#: original/man8/ip6tables.8:300 original/man8/iptables.8:296
#, no-wrap
-msgid "B<-i, --in-interface >[!] I<name>"
+msgid "[B<!>] B<-i>, B<--in-interface> I<name>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:285 original/man8/iptables.8:292
+#: original/man8/ip6tables.8:308 original/man8/iptables.8:304
msgid ""
-"Name of an interface via which a packet is going to be received (only for "
-"packets entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). When "
-"the \"!\" argument is used before the interface name, the sense is "
-"inverted. If the interface name ends in a \"+\", then any interface which "
-"begins with this name will match. If this option is omitted, any interface "
-"name will match."
+"Name of an interface via which a packet was received (only for packets "
+"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). When the \"!\" "
+"argument is used before the interface name, the sense is inverted. If the "
+"interface name ends in a \"+\", then any interface which begins with this "
+"name will match. If this option is omitted, any interface name will match."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:285 original/man8/iptables.8:292
+#: original/man8/ip6tables.8:308 original/man8/iptables.8:304
#, no-wrap
-msgid "B<-o, --out-interface >[!] I<name>"
+msgid "[B<!>] B<-o>, B<--out-interface> I<name>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:296
+#: original/man8/ip6tables.8:325 original/man8/iptables.8:312
msgid ""
"Name of an interface via which a packet is going to be sent (for packets "
-"entering the B<FORWARD> and B<OUTPUT> chains). When the \"!\" argument is "
-"used before the interface name, the sense is inverted. If the interface "
-"name ends in a \"+\", then any interface which begins with this name will "
-"match. If this option is omitted, any interface name will match."
+"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). When the "
+"\"!\" argument is used before the interface name, the sense is inverted. If "
+"the interface name ends in a \"+\", then any interface which begins with "
+"this name will match. If this option is omitted, any interface name will "
+"match."
msgstr ""
-#. Currently not supported (header-based)
-#. .B "[!] " "-f, --fragment"
-#. This means that the rule only refers to second and further fragments
-#. of fragmented packets. Since there is no way to tell the source or
-#. destination ports of such a packet (or ICMP type), such a packet will
-#. not match any rules which specify them. When the "!" argument
-#. precedes the "-f" flag, the rule will only match head fragments, or
-#. unfragmented packets.
-#. .TP
#. type: TP
-#: original/man8/ip6tables.8:296
+#: original/man8/ip6tables.8:325 original/man8/iptables.8:320
#, no-wrap
-msgid "B<-c, --set-counters PKTS BYTES>"
+msgid "B<-c>, B<--set-counters> I<packets bytes>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:314 original/man8/iptables.8:320
+#: original/man8/ip6tables.8:330 original/man8/iptables.8:325
msgid ""
"This enables the administrator to initialize the packet and byte counters of "
-"a rule (during B<INSERT,> B<APPEND,> B<REPLACE> operations)."
+"a rule (during B<INSERT>, B<APPEND>, B<REPLACE> operations)."
msgstr ""
#. type: SS
-#: original/man8/ip6tables.8:314 original/man8/iptables.8:320
+#: original/man8/ip6tables.8:330 original/man8/iptables.8:325
#, no-wrap
msgid "OTHER OPTIONS"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:316 original/man8/iptables.8:322
+#: original/man8/ip6tables.8:332 original/man8/iptables.8:327
msgid "The following additional options can be specified:"
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:316 original/man8/iptables.8:322
+#: original/man8/ip6tables.8:332 original/man8/iptables.8:327 original/man1/iptables-xml.1:38
#, no-wrap
-msgid "B<-v, --verbose>"
+msgid "B<-v>, B<--verbose>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:327 original/man8/iptables.8:333
+#: original/man8/ip6tables.8:342 original/man8/iptables.8:337
msgid ""
"Verbose output. This option makes the list command show the interface name, "
"the rule options (if any), and the TOS masks. The packet and byte counters "
"are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and "
"1,000,000,000 multipliers respectively (but see the B<-x> flag to change "
"this). For appending, insertion, deletion and replacement, this causes "
-"detailed information on the rule or rules to be printed."
+"detailed information on the rule or rules to be printed. B<-v> may be "
+"specified multiple times to possibly emit more detailed debug statements."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:327 original/man8/iptables.8:333
+#: original/man8/ip6tables.8:342 original/man8/iptables.8:337
#, no-wrap
-msgid "B<-n, --numeric>"
+msgid "B<-n>, B<--numeric>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:333 original/man8/iptables.8:339
+#: original/man8/ip6tables.8:348 original/man8/iptables.8:343
msgid ""
"Numeric output. IP addresses and port numbers will be printed in numeric "
"format. By default, the program will try to display them as host names, "
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:333 original/man8/iptables.8:339
+#: original/man8/ip6tables.8:348 original/man8/iptables.8:343
#, no-wrap
-msgid "B<-x, --exact>"
+msgid "B<-x>, B<--exact>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:342 original/man8/iptables.8:348
+#: original/man8/ip6tables.8:355 original/man8/iptables.8:350
msgid ""
"Expand numbers. Display the exact value of the packet and byte counters, "
"instead of only the rounded number in K's (multiples of 1000) M's "
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:342 original/man8/iptables.8:348
+#: original/man8/ip6tables.8:355 original/man8/iptables.8:350
#, no-wrap
msgid "B<--line-numbers>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:346 original/man8/iptables.8:352
+#: original/man8/ip6tables.8:359 original/man8/iptables.8:354
msgid ""
"When listing rules, add line numbers to the beginning of each rule, "
"corresponding to that rule's position in the chain."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:346 original/man8/iptables.8:352
+#: original/man8/ip6tables.8:359 original/man8/iptables.8:354
#, no-wrap
-msgid "B<--modprobe=command>"
+msgid "B<--modprobe=>I<command>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:351 original/man8/iptables.8:357
+#: original/man8/ip6tables.8:363 original/man8/iptables.8:358
msgid ""
-"When adding or inserting rules into a chain, use B<command> to load any "
+"When adding or inserting rules into a chain, use I<command> to load any "
"necessary modules (targets, match extensions, etc)."
msgstr ""
#. type: SH
-#: original/man8/ip6tables.8:351 original/man8/iptables.8:357
+#: original/man8/ip6tables.8:363 original/man8/iptables.8:358
#, no-wrap
msgid "MATCH EXTENSIONS"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:370
+#: original/man8/ip6tables.8:373
msgid ""
-"ip6tables can use extended packet matching modules. These are loaded in two "
-"ways: implicitly, when B<-p> or B<--protocol> is specified, or with the "
-"B<-m> or B<--match> options, followed by the matching module name; after "
-"these, various extra command line options become available, depending on the "
+"ip6tables can use extended packet matching modules with the B<-m> or "
+"B<--match> options, followed by the matching module name; after these, "
+"various extra command line options become available, depending on the "
"specific module. You can specify multiple extended match modules in one "
"line, and you can use the B<-h> or B<--help> options after the module has "
"been specified to receive help specific to that module."
msgstr ""
+#. @MATCH@
#. type: Plain text
-#: original/man8/ip6tables.8:375 original/man8/iptables.8:381
+#: original/man8/ip6tables.8:378
msgid ""
-"The following are included in the base package, and most of these can be "
-"preceded by a B<!> to invert the sense of the match."
+"If the B<-p> or B<--protocol> was specified and if and only if an unknown "
+"option is encountered, ip6tables will try load a match module of the same "
+"name as the protocol, to try making the option available."
msgstr ""
#. type: SS
-#: original/man8/ip6tables.8:375 original/man8/iptables.8:630
+#: original/man8/ip6tables.8:378 original/man8/iptables.8:373
#, no-wrap
-msgid "tcp"
+msgid "addrtype"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:378 original/man8/iptables.8:633
+#: original/man8/ip6tables.8:383 original/man8/iptables.8:378
msgid ""
-"These extensions are loaded if `--protocol tcp' is specified. It provides "
-"the following options:"
+"This module matches packets based on their B<address type.> Address types "
+"are used within the kernel networking stack and categorize addresses into "
+"various groups. The exact definition of that group depends on the specific "
+"layer three protocol."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:385 original/man8/iptables.8:380
+msgid "The following address types are possible:"
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:378 original/man8/ip6tables.8:424 original/man8/iptables.8:633 original/man8/iptables.8:698
+#: original/man8/ip6tables.8:385 original/man8/iptables.8:380
#, no-wrap
-msgid "B<--source-port >[!] I<port>[:I<port>]"
+msgid "B<UNSPEC>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:390 original/man8/iptables.8:645
-msgid ""
-"Source port or port range specification. This can either be a service name "
-"or a port number. An inclusive range can also be specified, using the format "
-"I<port>:I<port>. If the first port is omitted, \"0\" is assumed; if the "
-"last is omitted, \"65535\" is assumed. If the second port greater then the "
-"first they will be swapped. The flag B<--sport> is a convenient alias for "
-"this option."
+#: original/man8/ip6tables.8:388 original/man8/iptables.8:383
+msgid "an unspecified address (i.e. 0.0.0.0)"
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:390 original/man8/ip6tables.8:430 original/man8/iptables.8:645 original/man8/iptables.8:704
+#: original/man8/ip6tables.8:388 original/man8/iptables.8:383
#, no-wrap
-msgid "B<--destination-port >[!] I<port>[:I<port>]"
+msgid "B<UNICAST>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:395 original/man8/iptables.8:650
-msgid ""
-"Destination port or port range specification. The flag B<--dport> is a "
-"convenient alias for this option."
+#: original/man8/ip6tables.8:391 original/man8/iptables.8:386
+msgid "an unicast address"
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:395 original/man8/iptables.8:650
+#: original/man8/ip6tables.8:391 original/man8/iptables.8:386
#, no-wrap
-msgid "B<--tcp-flags >[!] I<mask> I<comp>"
+msgid "B<LOCAL>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:403 original/man8/iptables.8:658
-msgid ""
-"Match when the TCP flags are as specified. The first argument is the flags "
-"which we should examine, written as a comma-separated list, and the second "
-"argument is a comma-separated list of flags which must be set. Flags are: "
-"B<SYN ACK FIN RST URG PSH ALL NONE>. Hence the command"
+#: original/man8/ip6tables.8:394 original/man8/iptables.8:389
+msgid "a local address"
msgstr ""
-#. type: Plain text
-#: original/man8/ip6tables.8:405
+#. type: TP
+#: original/man8/ip6tables.8:394 original/man8/iptables.8:389
#, no-wrap
-msgid " ip6tables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+msgid "B<BROADCAST>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:408 original/man8/iptables.8:663
-msgid ""
-"will only match packets with the SYN flag set, and the ACK, FIN and RST "
-"flags unset."
+#: original/man8/ip6tables.8:397 original/man8/iptables.8:392
+msgid "a broadcast address"
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:408 original/man8/iptables.8:663
+#: original/man8/ip6tables.8:397 original/man8/iptables.8:392
#, no-wrap
-msgid "B<[!] --syn>"
+msgid "B<ANYCAST>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:418 original/man8/iptables.8:673
-msgid ""
-"Only match TCP packets with the SYN bit set and the ACK and RST bits "
-"cleared. Such packets are used to request TCP connection initiation; for "
-"example, blocking such packets coming in an interface will prevent incoming "
-"TCP connections, but outgoing TCP connections will be unaffected. It is "
-"equivalent to B<--tcp-flags SYN,RST,ACK SYN>. If the \"!\" flag precedes "
-"the \"--syn\", the sense of the option is inverted."
+#: original/man8/ip6tables.8:400 original/man8/iptables.8:395
+msgid "an anycast packet"
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:418 original/man8/iptables.8:673
+#: original/man8/ip6tables.8:400 original/man8/iptables.8:395
#, no-wrap
-msgid "B<--tcp-option >[!] I<number>"
+msgid "B<MULTICAST>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:421 original/man8/iptables.8:676
-msgid "Match if TCP option set."
+#: original/man8/ip6tables.8:403 original/man8/iptables.8:398
+msgid "a multicast address"
msgstr ""
-#. type: SS
-#: original/man8/ip6tables.8:421 original/man8/iptables.8:695
+#. type: TP
+#: original/man8/ip6tables.8:403 original/man8/iptables.8:398
#, no-wrap
-msgid "udp"
+msgid "B<BLACKHOLE>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:424 original/man8/iptables.8:698
-msgid ""
-"These extensions are loaded if `--protocol udp' is specified. It provides "
-"the following options:"
+#: original/man8/ip6tables.8:406 original/man8/iptables.8:401
+msgid "a blackhole address"
msgstr ""
-#. type: Plain text
-#: original/man8/ip6tables.8:430 original/man8/iptables.8:704
-msgid ""
-"Source port or port range specification. See the description of the "
-"B<--source-port> option of the TCP extension for details."
+#. type: TP
+#: original/man8/ip6tables.8:406 original/man8/iptables.8:401
+#, no-wrap
+msgid "B<UNREACHABLE>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:436 original/man8/iptables.8:710
-msgid ""
-"Destination port or port range specification. See the description of the "
-"B<--destination-port> option of the TCP extension for details."
+#: original/man8/ip6tables.8:409 original/man8/iptables.8:404
+msgid "an unreachable address"
msgstr ""
-#. type: SS
-#: original/man8/ip6tables.8:436
+#. type: TP
+#: original/man8/ip6tables.8:409 original/man8/iptables.8:404
#, no-wrap
-msgid "ipv6-icmp"
+msgid "B<PROHIBIT>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:439
-msgid ""
-"This extension is loaded if `--protocol ipv6-icmp' or `--protocol icmpv6' is "
-"specified. It provides the following option:"
+#: original/man8/ip6tables.8:412 original/man8/iptables.8:407
+msgid "a prohibited address"
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:439
+#: original/man8/ip6tables.8:412 original/man8/iptables.8:407
#, no-wrap
-msgid "B<--icmpv6-type >[!] I<typename>"
+msgid "B<THROW>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:443
-msgid ""
-"This allows specification of the ICMP type, which can be a numeric IPv6-ICMP "
-"type, or one of the IPv6-ICMP type names shown by the command"
+#: original/man8/ip6tables.8:415 original/man8/ip6tables.8:418 original/man8/iptables.8:410 original/man8/iptables.8:413
+msgid "FIXME"
msgstr ""
-#. type: Plain text
-#: original/man8/ip6tables.8:445
+#. type: TP
+#: original/man8/ip6tables.8:415 original/man8/iptables.8:410
#, no-wrap
-msgid " ip6tables -p ipv6-icmp -h\n"
+msgid "B<NAT>"
msgstr ""
-#. type: SS
-#: original/man8/ip6tables.8:446 original/man8/iptables.8:493
+#. type: TP
+#: original/man8/ip6tables.8:418 original/man8/iptables.8:413
#, no-wrap
-msgid "mac"
+msgid "B<XRESOLVE>"
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:447 original/man8/iptables.8:494
+#: original/man8/ip6tables.8:420 original/man8/iptables.8:415
#, no-wrap
-msgid "B<--mac-source >[!] I<address>"
+msgid "[B<!>] B<--src-type> I<type>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:457 original/man8/iptables.8:504
-msgid ""
-"Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note "
-"that this only makes sense for packets coming from an Ethernet device and "
-"entering the B<PREROUTING>, B<FORWARD> or B<INPUT> chains."
+#: original/man8/ip6tables.8:423 original/man8/iptables.8:418
+msgid "Matches if the source address is of given type"
msgstr ""
-#. type: SS
-#: original/man8/ip6tables.8:457 original/man8/iptables.8:477
+#. type: TP
+#: original/man8/ip6tables.8:423 original/man8/iptables.8:418
#, no-wrap
-msgid "limit"
+msgid "[B<!>] B<--dst-type> I<type>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:463 original/man8/iptables.8:483
-msgid ""
-"This module matches at a limited rate using a token bucket filter. A rule "
-"using this extension will match until this limit is reached (unless the `!' "
-"flag is used). It can be used in combination with the B<LOG> target to give "
-"limited logging, for example."
+#: original/man8/ip6tables.8:426 original/man8/iptables.8:421
+msgid "Matches if the destination address is of given type"
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:463 original/man8/iptables.8:483
+#: original/man8/ip6tables.8:426 original/man8/iptables.8:421
#, no-wrap
-msgid "B<--limit >I<rate>"
+msgid "B<--limit-iface-in>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:468 original/man8/iptables.8:488
+#: original/man8/ip6tables.8:437 original/man8/iptables.8:432
msgid ""
-"Maximum average matching rate: specified as a number, with an optional "
-"`/second', `/minute', `/hour', or `/day' suffix; the default is 3/hour."
+"The address type checking can be limited to the interface the packet is "
+"coming in. This option is only valid in the B<PREROUTING>, B<INPUT> and "
+"B<FORWARD> chains. It cannot be specified with the B<--limit-iface-out> "
+"option."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:468 original/man8/iptables.8:488
+#: original/man8/ip6tables.8:437 original/man8/iptables.8:432
#, no-wrap
-msgid "B<--limit-burst >I<number>"
+msgid "B<--limit-iface-out>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:473 original/man8/iptables.8:493
+#: original/man8/ip6tables.8:448 original/man8/iptables.8:443
msgid ""
-"Maximum initial number of packets to match: this number gets recharged by "
-"one every time the limit specified above is not reached, up to this number; "
-"the default is 5."
+"The address type checking can be limited to the interface the packet is "
+"going out. This option is only valid in the B<POSTROUTING>, B<OUTPUT> and "
+"B<FORWARD> chains. It cannot be specified with the B<--limit-iface-in> "
+"option."
msgstr ""
#. type: SS
-#: original/man8/ip6tables.8:473 original/man8/iptables.8:514
+#: original/man8/ip6tables.8:448 original/man8/iptables.8:443
#, no-wrap
-msgid "multiport"
+msgid "ah"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:479 original/man8/iptables.8:520
+#: original/man8/ip6tables.8:450
msgid ""
-"This module matches a set of source or destination ports. Up to 15 ports "
-"can be specified. It can only be used in conjunction with B<-p tcp> or B<-p "
-"udp>."
+"This module matches the parameters in Authentication header of IPsec "
+"packets."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:479 original/man8/iptables.8:520
+#: original/man8/ip6tables.8:450 original/man8/iptables.8:445
#, no-wrap
-msgid "B<--source-ports >I<port>[,I<port>[,I<port>...]]"
+msgid "[B<!>] B<--ahspi> I<spi>[B<:>I<spi>]"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:484 original/man8/iptables.8:525
-msgid ""
-"Match if the source port is one of the given ports. The flag B<--sports> is "
-"a convenient alias for this option."
+#: original/man8/ip6tables.8:453
+msgid "Matches SPI."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:484 original/man8/iptables.8:525
+#: original/man8/ip6tables.8:453
#, no-wrap
-msgid "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
+msgid "[B<!>] B<--ahlen> I<length>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:489 original/man8/iptables.8:530
-msgid ""
-"Match if the destination port is one of the given ports. The flag "
-"B<--dports> is a convenient alias for this option."
+#: original/man8/ip6tables.8:456 original/man8/ip6tables.8:748 original/man8/ip6tables.8:870
+msgid "Total length of this header in octets."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:489 original/man8/iptables.8:530
+#: original/man8/ip6tables.8:456
#, no-wrap
-msgid "B<--ports >I<port>[,I<port>[,I<port>...]]"
+msgid "B<--ahres>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:493 original/man8/iptables.8:534
-msgid ""
-"Match if the both the source and destination ports are equal to each other "
-"and to one of the given ports."
+#: original/man8/ip6tables.8:459
+msgid "Matches if the reserved field is filled with zero."
msgstr ""
#. type: SS
-#: original/man8/ip6tables.8:493 original/man8/iptables.8:504
+#: original/man8/ip6tables.8:459 original/man8/iptables.8:447
#, no-wrap
-msgid "mark"
+msgid "cluster"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:498 original/man8/iptables.8:509
+#: original/man8/ip6tables.8:462 original/man8/iptables.8:450
msgid ""
-"This module matches the netfilter mark field associated with a packet (which "
-"can be set using the B<MARK> target below)."
-msgstr ""
-
-#. type: TP
-#: original/man8/ip6tables.8:498 original/man8/iptables.8:509
-#, no-wrap
-msgid "B<--mark >I<value>[/I<mask>]"
+"Allows you to deploy gateway and back-end load-sharing clusters without the "
+"need of load-balancers."
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:503 original/man8/iptables.8:514
+#: original/man8/ip6tables.8:465 original/man8/iptables.8:453
msgid ""
-"Matches packets with the given unsigned mark value (if a mask is specified, "
-"this is logically ANDed with the mask before the comparison)."
+"This match requires that all the nodes see the same packets. Thus, the "
+"cluster match decides if this node has to handle a packet given the "
+"following options:"
msgstr ""
-#. type: SS
-#: original/man8/ip6tables.8:503 original/man8/iptables.8:534
+#. type: TP
+#: original/man8/ip6tables.8:465 original/man8/iptables.8:453
#, no-wrap
-msgid "owner"
+msgid "B<--cluster-total-nodes> I<num>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:509
-msgid ""
-"This module attempts to match various characteristics of the packet creator, "
-"for locally-generated packets. It is only valid in the B<OUTPUT> chain, and "
-"even this some packets (such as ICMP ping responses) may have no owner, and "
-"hence never match. This is regarded as experimental."
+#: original/man8/ip6tables.8:468 original/man8/iptables.8:456
+msgid "Set number of total nodes in cluster."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:509 original/man8/iptables.8:540
+#: original/man8/ip6tables.8:468 original/man8/iptables.8:456
#, no-wrap
-msgid "B<--uid-owner >I<userid>"
+msgid "[B<!>] B<--cluster-local-node> I<num>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:513 original/man8/iptables.8:544
-msgid ""
-"Matches if the packet was created by a process with the given effective user "
-"id."
+#: original/man8/ip6tables.8:471 original/man8/iptables.8:459
+msgid "Set the local node number ID."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:513 original/man8/iptables.8:544
+#: original/man8/ip6tables.8:471 original/man8/iptables.8:459
#, no-wrap
-msgid "B<--gid-owner >I<groupid>"
+msgid "[B<!>] B<--cluster-local-nodemask> I<mask>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:517 original/man8/iptables.8:548
+#: original/man8/ip6tables.8:475 original/man8/iptables.8:463
msgid ""
-"Matches if the packet was created by a process with the given effective "
-"group id."
+"Set the local node number ID mask. You can use this option instead of "
+"B<--cluster-local-node>."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:517 original/man8/iptables.8:548
+#: original/man8/ip6tables.8:475 original/man8/iptables.8:463
#, no-wrap
-msgid "B<--pid-owner >I<processid>"
+msgid "B<--cluster-hash-seed> I<value>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:521 original/man8/iptables.8:552
-msgid "Matches if the packet was created by a process with the given process id."
+#: original/man8/ip6tables.8:478 original/man8/iptables.8:466
+msgid "Set seed value of the Jenkins hash."
msgstr ""
-#. type: TP
-#: original/man8/ip6tables.8:521 original/man8/iptables.8:552
+#. type: Plain text
+#: original/man8/ip6tables.8:480 original/man8/ip6tables.8:526 original/man8/ip6tables.8:563 original/man8/ip6tables.8:711 original/man8/ip6tables.8:1837 original/man8/ip6tables.8:1885 original/man8/ip6tables.8:1931 original/man8/iptables.8:468 original/man8/iptables.8:514 original/man8/iptables.8:551 original/man8/iptables.8:699 original/man8/iptables.8:1755 original/man8/iptables.8:1803 original/man8/iptables.8:1852
#, no-wrap
-msgid "B<--sid-owner >I<sessionid>"
+msgid "Example:"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:558 original/man8/iptables.8:556
-msgid "Matches if the packet was created by a process in the given session group."
+#: original/man8/ip6tables.8:485 original/man8/iptables.8:473
+msgid ""
+"iptables -A PREROUTING -t mangle -i eth1 -m cluster --cluster-total-nodes 2 "
+"--cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark "
+"0xffff"
msgstr ""
-#. type: SH
-#: original/man8/ip6tables.8:558 original/man8/iptables.8:713
-#, no-wrap
-msgid "TARGET EXTENSIONS"
+#. type: Plain text
+#: original/man8/ip6tables.8:490 original/man8/iptables.8:478
+msgid ""
+"iptables -A PREROUTING -t mangle -i eth2 -m cluster --cluster-total-nodes 2 "
+"--cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark "
+"0xffff"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:561
-msgid ""
-"ip6tables can use extended target modules: the following are included in the "
-"standard distribution."
+#: original/man8/ip6tables.8:493 original/man8/iptables.8:481
+msgid "iptables -A PREROUTING -t mangle -i eth1 -m mark ! --mark 0xffff -j DROP"
msgstr ""
-#. type: SS
-#: original/man8/ip6tables.8:561 original/man8/iptables.8:762
-#, no-wrap
-msgid "LOG"
+#. type: Plain text
+#: original/man8/ip6tables.8:496 original/man8/iptables.8:484
+msgid "iptables -A PREROUTING -t mangle -i eth2 -m mark ! --mark 0xffff -j DROP"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:573
-msgid ""
-"Turn on kernel logging of matching packets. When this option is set for a "
-"rule, the Linux kernel will print some information on all matching packets "
-"(like most IPv6 IPv6-header fields) via the kernel log (where it can be read "
-"with I<dmesg> or I<syslogd>(8)). This is a \"non-terminating target\", "
-"i.e. rule traversal continues at the next rule. So if you want to LOG the "
-"packets you refuse, use two separate rules with the same matching criteria, "
-"first using target LOG then DROP (or REJECT)."
+#: original/man8/ip6tables.8:498 original/man8/iptables.8:486
+msgid "And the following commands to make all nodes see the same packets:"
msgstr ""
-#. type: TP
-#: original/man8/ip6tables.8:573 original/man8/iptables.8:774
-#, no-wrap
-msgid "B<--log-level >I<level>"
+#. type: Plain text
+#: original/man8/ip6tables.8:500 original/man8/iptables.8:488
+msgid "ip maddr add 01:00:5e:00:01:01 dev eth1"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:576 original/man8/iptables.8:777
-msgid "Level of logging (numeric or see I<syslog.conf>(5))."
+#: original/man8/ip6tables.8:502 original/man8/iptables.8:490
+msgid "ip maddr add 01:00:5e:00:01:02 dev eth2"
msgstr ""
-#. type: TP
-#: original/man8/ip6tables.8:576 original/man8/iptables.8:777
-#, no-wrap
-msgid "B<--log-prefix >I<prefix>"
+#. type: Plain text
+#: original/man8/ip6tables.8:505 original/man8/iptables.8:493
+msgid ""
+"arptables -A OUTPUT -o eth1 --h-length 6 -j mangle --mangle-mac-s "
+"01:00:5e:00:01:01"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:580 original/man8/iptables.8:781
+#: original/man8/ip6tables.8:509 original/man8/iptables.8:497
msgid ""
-"Prefix log messages with the specified prefix; up to 29 letters long, and "
-"useful for distinguishing messages in the logs."
+"arptables -A INPUT -i eth1 --h-length 6 --destination-mac 01:00:5e:00:01:01 "
+"-j mangle --mangle-mac-d 00:zz:yy:xx:5a:27"
msgstr ""
-#. type: TP
-#: original/man8/ip6tables.8:580 original/man8/iptables.8:781
-#, no-wrap
-msgid "B<--log-tcp-sequence>"
+#. type: Plain text
+#: original/man8/ip6tables.8:512 original/man8/iptables.8:500
+msgid ""
+"arptables -A OUTPUT -o eth2 --h-length 6 -j mangle --mangle-mac-s "
+"01:00:5e:00:01:02"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:584 original/man8/iptables.8:785
+#: original/man8/ip6tables.8:516 original/man8/iptables.8:504
msgid ""
-"Log TCP sequence numbers. This is a security risk if the log is readable by "
-"users."
+"arptables -A INPUT -i eth2 --h-length 6 --destination-mac 01:00:5e:00:01:02 "
+"-j mangle --mangle-mac-d 00:zz:yy:xx:5a:27"
msgstr ""
-#. type: TP
-#: original/man8/ip6tables.8:584 original/man8/iptables.8:785
+#. type: Plain text
+#: original/man8/ip6tables.8:520 original/man8/iptables.8:508
+msgid ""
+"In the case of TCP connections, pickup facility has to be disabled to avoid "
+"marking TCP ACK packets coming in the reply direction as valid."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:522 original/man8/iptables.8:510
+msgid "echo 0 E<gt> /proc/sys/net/netfilter/nf_conntrack_tcp_loose"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:522 original/man8/iptables.8:510
#, no-wrap
-msgid "B<--log-tcp-options>"
+msgid "comment"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:587 original/man8/iptables.8:788
-msgid "Log options from the TCP packet header."
+#: original/man8/ip6tables.8:524 original/man8/iptables.8:512
+msgid "Allows you to add comments (up to 256 characters) to any rule."
msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:587 original/man8/iptables.8:788
+#: original/man8/ip6tables.8:524 original/man8/iptables.8:512
#, no-wrap
-msgid "B<--log-ip-options>"
+msgid "B<--comment> I<comment>"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:590
-msgid "Log options from the IPv6 packet header."
+#: original/man8/ip6tables.8:529 original/man8/iptables.8:517
+msgid "iptables -A INPUT -i eth1 -m comment --comment \"my local LAN\""
msgstr ""
#. type: SS
-#: original/man8/ip6tables.8:590 original/man8/iptables.8:791
+#: original/man8/ip6tables.8:529 original/man8/iptables.8:517
#, no-wrap
-msgid "MARK"
+msgid "connbytes"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:595
+#: original/man8/ip6tables.8:533 original/man8/iptables.8:521
msgid ""
-"This is used to set the netfilter mark value associated with the packet. It "
-"is only valid in the B<mangle> table."
+"Match by how many bytes or packets a connection (or one of the two flows "
+"constituting the connection) has transferred so far, or by average bytes per "
+"packet."
msgstr ""
-#. type: TP
-#: original/man8/ip6tables.8:595 original/man8/iptables.8:796
-#, no-wrap
-msgid "B<--set-mark >I<mark>"
+#. type: Plain text
+#: original/man8/ip6tables.8:535 original/man8/iptables.8:523
+msgid "The counters are 64-bit and are thus not expected to overflow ;)"
msgstr ""
-#. type: SS
-#: original/man8/ip6tables.8:597 original/man8/iptables.8:853
-#, no-wrap
-msgid "REJECT"
+#. type: Plain text
+#: original/man8/ip6tables.8:538 original/man8/iptables.8:526
+msgid ""
+"The primary use is to detect long-lived downloads and mark them to be "
+"scheduled using a lower priority band in traffic control."
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:610 original/man8/iptables.8:866
+#: original/man8/ip6tables.8:541 original/man8/iptables.8:529
msgid ""
-"This is used to send back an error packet in response to the matched packet: "
-"otherwise it is equivalent to B<DROP> so it is a terminating TARGET, ending "
-"rule traversal. This target is only valid in the B<INPUT>, B<FORWARD> and "
-"B<OUTPUT> chains, and user-defined chains which are only called from those "
-"chains. The following option controls the nature of the error packet "
-"returned:"
+"The transferred bytes per connection can also be viewed through `conntrack "
+"-L` and accessed via ctnetlink."
msgstr ""
-#. type: TP
-#: original/man8/ip6tables.8:610 original/man8/iptables.8:866
-#, no-wrap
-msgid "B<--reject-with >I<type>"
-msgstr ""
-
-#. type: Plain text
-#: original/man8/ip6tables.8:613 original/man8/iptables.8:869
-msgid "The type given can be"
-msgstr ""
-
-#. type: Plain text
-#: original/man8/ip6tables.8:622
-#, no-wrap
-msgid ""
-"B<icmp6-no-route>\n"
-"B<no-route>\n"
-"B<icmp6-adm-prohibited>\n"
-"B<adm-prohibited>\n"
-"B<icmp6-addr-unreachable>\n"
-"B<addr-unreach>\n"
-"B<icmp6-port-unreachable>\n"
-"B<port-unreach>\n"
-msgstr ""
-
-#. .SS TOS
-#. This is used to set the 8-bit Type of Service field in the IP header.
-#. It is only valid in the
-#. .B mangle
-#. table.
-#. .TP
-#. .BI "--set-tos " "tos"
-#. You can use a numeric TOS values, or use
-#. .br
-#. iptables -j TOS -h
-#. .br
-#. to see the list of valid TOS names.
-#. .SS MIRROR
-#. This is an experimental demonstration target which inverts the source
-#. and destination fields in the IP header and retransmits the packet.
-#. It is only valid in the
-#. .BR INPUT ,
-#. .B FORWARD
-#. and
-#. .B PREROUTING
-#. chains, and user-defined chains which are only called from those
-#. chains. Note that the outgoing packets are
-#. .B NOT
-#. seen by any packet filtering chains, connection tracking or NAT, to
-#. avoid loops and other problems.
-#. .SS SNAT
-#. This target is only valid in the
-#. .B nat
-#. table, in the
-#. .B POSTROUTING
-#. chain. It specifies that the source address of the packet should be
-#. modified (and all future packets in this connection will also be
-#. mangled), and rules should cease being examined. It takes one option:
-#. .TP
-#. .BR "--to-source " "\fIipaddr\fP[-\fIipaddr\fP][:\fIport\fP-\fIport\fP]"
-#. which can specify a single new source IP address, an inclusive range
-#. of IP addresses, and optionally, a port range (which is only valid if
-#. the rule also specifies
-#. .B "-p tcp"
-#. or
-#. .BR "-p udp" ).
-#. If no port range is specified, then source ports below 512 will be
-#. mapped to other ports below 512: those between 512 and 1023 inclusive
-#. will be mapped to ports below 1024, and other ports will be mapped to
-#. 1024 or above. Where possible, no port alteration will occur.
-#. .SS DNAT
-#. This target is only valid in the
-#. .B nat
-#. table, in the
-#. .B PREROUTING
-#. and
-#. .B OUTPUT
-#. chains, and user-defined chains which are only called from those
-#. chains. It specifies that the destination address of the packet
-#. should be modified (and all future packets in this connection will
-#. also be mangled), and rules should cease being examined. It takes one
-#. option:
-#. .TP
-#. .BR "--to-destination " "\fIipaddr\fP[-\fIipaddr\fP][:\fIport\fP-\fIport\fP]"
-#. which can specify a single new destination IP address, an inclusive
-#. range of IP addresses, and optionally, a port range (which is only
-#. valid if the rule also specifies
-#. .B "-p tcp"
-#. or
-#. .BR "-p udp" ).
-#. If no port range is specified, then the destination port will never be
-#. modified.
-#. .SS MASQUERADE
-#. This target is only valid in the
-#. .B nat
-#. table, in the
-#. .B POSTROUTING
-#. chain. It should only be used with dynamically assigned IP (dialup)
-#. connections: if you have a static IP address, you should use the SNAT
-#. target. Masquerading is equivalent to specifying a mapping to the IP
-#. address of the interface the packet is going out, but also has the
-#. effect that connections are
-#. .I forgotten
-#. when the interface goes down. This is the correct behavior when the
-#. next dialup is unlikely to have the same interface address (and hence
-#. any established connections are lost anyway). It takes one option:
-#. .TP
-#. .BR "--to-ports " "\fIport\fP[-\fIport\fP]"
-#. This specifies a range of source ports to use, overriding the default
-#. .B SNAT
-#. source port-selection heuristics (see above). This is only valid
-#. if the rule also specifies
-#. .B "-p tcp"
-#. or
-#. .BR "-p udp" .
-#. .SS REDIRECT
-#. This target is only valid in the
-#. .B nat
-#. table, in the
-#. .B PREROUTING
-#. and
-#. .B OUTPUT
-#. chains, and user-defined chains which are only called from those
-#. chains. It alters the destination IP address to send the packet to
-#. the machine itself (locally-generated packets are mapped to the
-#. 127.0.0.1 address). It takes one option:
-#. .TP
-#. .BR "--to-ports " "\fIport\fP[-\fIport\fP]"
-#. This specifies a destination port or range of ports to use: without
-#. this, the destination port is never altered. This is only valid
-#. if the rule also specifies
-#. .B "-p tcp"
-#. or
-#. .BR "-p udp" .
-#. type: Plain text
-#: original/man8/ip6tables.8:740
-msgid ""
-"which return the appropriate IPv6-ICMP error message (B<port-unreach> is the "
+#. type: Plain text
+#: original/man8/ip6tables.8:547 original/man8/iptables.8:535
+msgid ""
+"NOTE that for connections which have no accounting information, the match "
+"will always return false. The \"net.netfilter.nf_conntrack_acct\" sysctl "
+"flag controls whether B<new> connections will be byte/packet "
+"counted. Existing connection flows will not be gaining/losing a/the "
+"accounting structure when be sysctl flag is flipped."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:547 original/man8/iptables.8:535
+#, no-wrap
+msgid "[B<!>] B<--connbytes> I<from>[B<:>I<to>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:553 original/man8/iptables.8:541
+msgid ""
+"match packets from a connection whose packets/bytes/average packet size is "
+"more than FROM and less than TO bytes/packets. if TO is omitted only FROM "
+"check is done. \"!\" is used to match packets not falling in the range."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:553 original/man8/iptables.8:541
+#, no-wrap
+msgid "B<--connbytes-dir> {B<original>|B<reply>|B<both>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:556 original/man8/iptables.8:544
+msgid "which packets to consider"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:556 original/man8/iptables.8:544
+#, no-wrap
+msgid "B<--connbytes-mode> {B<packets>|B<bytes>|B<avgpkt>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:563 original/man8/iptables.8:551
+msgid ""
+"whether to check the amount of packets, number of bytes transferred or the "
+"average size (in bytes) of all packets received so far. Note that when "
+"\"both\" is used together with \"avgpkt\", and data is going (mainly) only "
+"in one direction (for example HTTP), the average packet size will be about "
+"half of the actual data packets."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:566 original/man8/iptables.8:554
+msgid ""
+"iptables .. -m connbytes --connbytes 10000:100000 --connbytes-dir both "
+"--connbytes-mode bytes ..."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:566 original/man8/iptables.8:554
+#, no-wrap
+msgid "connlimit"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:569 original/man8/iptables.8:557
+msgid ""
+"Allows you to restrict the number of parallel connections to a server per "
+"client IP address (or client address block)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:569 original/man8/iptables.8:557
+#, no-wrap
+msgid "B<--connlimit-upto> I<n>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:572 original/man8/iptables.8:560
+msgid "Match if the number of existing connections is below or equal I<n>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:572 original/man8/iptables.8:560
+#, no-wrap
+msgid "B<--connlimit-above> I<n>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:575 original/man8/iptables.8:563
+msgid "Match if the number of existing connections is above I<n>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:575 original/man8/iptables.8:563
+#, no-wrap
+msgid "B<--connlimit-mask> I<prefix_length>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:580 original/man8/iptables.8:568
+msgid ""
+"Group hosts using the prefix length. For IPv4, this must be a number between "
+"(including) 0 and 32. For IPv6, between 0 and 128. If not specified, the "
+"maximum prefix length for the applicable protocol is used."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:580 original/man8/iptables.8:568
+#, no-wrap
+msgid "B<--connlimit-saddr>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:584 original/man8/iptables.8:572
+msgid ""
+"Apply the limit onto the source group. This is the default if "
+"--connlimit-daddr is not specified."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:584 original/man8/iptables.8:572
+#, no-wrap
+msgid "B<--connlimit-daddr>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:587 original/man8/iptables.8:575
+msgid "Apply the limit onto the destination group."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:589 original/man8/ip6tables.8:852 original/man8/ip6tables.8:1390 original/man8/ip6tables.8:1514 original/man8/iptables.8:577 original/man8/iptables.8:800 original/man8/iptables.8:1317 original/man8/iptables.8:1421
+msgid "Examples:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:589 original/man8/iptables.8:577
+#, no-wrap
+msgid "# allow 2 telnet connections per client host"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:592 original/man8/iptables.8:580
+msgid ""
+"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 "
+"-j REJECT"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:592 original/man8/iptables.8:580
+#, no-wrap
+msgid "# you can also match the other way around:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:595 original/man8/iptables.8:583
+msgid ""
+"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-upto 2 -j "
+"ACCEPT"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:595 original/man8/iptables.8:583
+#, no-wrap
+msgid ""
+"# limit the number of parallel HTTP requests to 16 per class C sized source "
+"network (24 bit netmask)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:600 original/man8/iptables.8:588
+msgid ""
+"iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 "
+"--connlimit-mask 24 -j REJECT"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:600 original/man8/iptables.8:588
+#, no-wrap
+msgid ""
+"# limit the number of parallel HTTP requests to 16 for the link local "
+"network"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:605 original/man8/iptables.8:593
+msgid ""
+"(ipv6) ip6tables -p tcp --syn --dport 80 -s fe80::/64 -m connlimit "
+"--connlimit-above 16 --connlimit-mask 64 -j REJECT"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:605 original/man8/iptables.8:593
+#, no-wrap
+msgid "# Limit the number of connections to a particular host:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:609 original/man8/iptables.8:597
+msgid ""
+"ip6tables -p tcp --syn --dport 49152:65535 -d 2001:db8::1 -m connlimit "
+"--connlimit-above 100 -j REJECT"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:609 original/man8/iptables.8:597
+#, no-wrap
+msgid "connmark"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:612 original/man8/iptables.8:600
+msgid ""
+"This module matches the netfilter mark field associated with a connection "
+"(which can be set using the B<CONNMARK> target below)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:612 original/man8/ip6tables.8:1023 original/man8/iptables.8:600 original/man8/iptables.8:909
+#, no-wrap
+msgid "[B<!>] B<--mark> I<value>[B</>I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:616 original/man8/iptables.8:604
+msgid ""
+"Matches packets in connections with the given mark value (if a mask is "
+"specified, this is logically ANDed with the mark before the comparison)."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:616 original/man8/iptables.8:604
+#, no-wrap
+msgid "conntrack"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:619 original/man8/iptables.8:607
+msgid ""
+"This module, when combined with connection tracking, allows access to the "
+"connection tracking state for this packet/connection."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:619 original/man8/iptables.8:607
+#, no-wrap
+msgid "[B<!>] B<--ctstate> I<statelist>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:623 original/man8/iptables.8:611
+msgid ""
+"I<statelist> is a comma separated list of the connection states to match. "
+"Possible states are listed below."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:623 original/man8/iptables.8:611
+#, no-wrap
+msgid "[B<!>] B<--ctproto> I<l4proto>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:626 original/man8/iptables.8:614
+msgid "Layer-4 protocol to match (by number or name)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:626 original/man8/iptables.8:614
+#, no-wrap
+msgid "[B<!>] B<--ctorigsrc> I<address>[B</>I<mask>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:628 original/man8/iptables.8:616
+#, no-wrap
+msgid "[B<!>] B<--ctorigdst> I<address>[B</>I<mask>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:630 original/man8/iptables.8:618
+#, no-wrap
+msgid "[B<!>] B<--ctreplsrc> I<address>[B</>I<mask>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:632 original/man8/iptables.8:620
+#, no-wrap
+msgid "[B<!>] B<--ctrepldst> I<address>[B</>I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:635 original/man8/iptables.8:623
+msgid "Match against original/reply source/destination address"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:635 original/man8/iptables.8:623
+#, no-wrap
+msgid "[B<!>] B<--ctorigsrcport> I<port>[B<:>I<port>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:637 original/man8/iptables.8:625
+#, no-wrap
+msgid "[B<!>] B<--ctorigdstport> I<port>[B<:>I<port>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:639 original/man8/iptables.8:627
+#, no-wrap
+msgid "[B<!>] B<--ctreplsrcport> I<port>[B<:>I<port>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:641 original/man8/iptables.8:629
+#, no-wrap
+msgid "[B<!>] B<--ctrepldstport> I<port>[B<:>I<port>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:645 original/man8/iptables.8:633
+msgid ""
+"Match against original/reply source/destination port (TCP/UDP/etc.) or GRE "
+"key. Matching against port ranges is only supported in kernel versions "
+"above 2.6.38."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:645 original/man8/iptables.8:633
+#, no-wrap
+msgid "[B<!>] B<--ctstatus> I<statelist>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:649 original/man8/iptables.8:637
+msgid ""
+"I<statuslist> is a comma separated list of the connection statuses to "
+"match. Possible statuses are listed below."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:649 original/man8/iptables.8:637
+#, no-wrap
+msgid "[B<!>] B<--ctexpire> I<time>[B<:>I<time>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:653 original/man8/iptables.8:641
+msgid ""
+"Match remaining lifetime in seconds against given value or range of values "
+"(inclusive)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:653 original/man8/iptables.8:641
+#, no-wrap
+msgid "B<--ctdir> {B<ORIGINAL>|B<REPLY>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:657 original/man8/iptables.8:645
+msgid ""
+"Match packets that are flowing in the specified direction. If this flag is "
+"not specified at all, matches packets in both directions."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:659 original/man8/iptables.8:647
+msgid "States for B<--ctstate>:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:659 original/man8/iptables.8:647
+#, no-wrap
+msgid "B<INVALID>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:662 original/man8/iptables.8:650
+msgid "meaning that the packet is associated with no known connection"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:662 original/man8/iptables.8:650
+#, no-wrap
+msgid "B<NEW>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:666 original/man8/iptables.8:654
+msgid ""
+"meaning that the packet has started a new connection, or otherwise "
+"associated with a connection which has not seen packets in both directions, "
+"and"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:666 original/man8/iptables.8:654
+#, no-wrap
+msgid "B<ESTABLISHED>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:670 original/man8/iptables.8:658
+msgid ""
+"meaning that the packet is associated with a connection which has seen "
+"packets in both directions,"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:670 original/man8/iptables.8:658
+#, no-wrap
+msgid "B<RELATED>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:674 original/man8/iptables.8:662
+msgid ""
+"meaning that the packet is starting a new connection, but is associated with "
+"an existing connection, such as an FTP data transfer, or an ICMP error."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:674 original/man8/iptables.8:662
+#, no-wrap
+msgid "B<UNTRACKED>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:678 original/man8/iptables.8:666
+msgid ""
+"meaning that the packet is not tracked at all, which happens if you use the "
+"NOTRACK target in raw table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:678 original/man8/iptables.8:666
+#, no-wrap
+msgid "B<SNAT>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:682 original/man8/iptables.8:670
+msgid ""
+"A virtual state, matching if the original source address differs from the "
+"reply destination."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:682 original/man8/iptables.8:670
+#, no-wrap
+msgid "B<DNAT>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:686 original/man8/iptables.8:674
+msgid ""
+"A virtual state, matching if the original destination differs from the reply "
+"source."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:688 original/man8/iptables.8:676
+msgid "Statuses for B<--ctstatus>:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:688 original/man8/iptables.8:676
+#, no-wrap
+msgid "B<NONE>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:691 original/man8/iptables.8:679
+msgid "None of the below."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:691 original/man8/iptables.8:679
+#, no-wrap
+msgid "B<EXPECTED>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:694 original/man8/iptables.8:682
+msgid "This is an expected connection (i.e. a conntrack helper set it up)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:694 original/man8/iptables.8:682
+#, no-wrap
+msgid "B<SEEN_REPLY>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:697 original/man8/iptables.8:685
+msgid "Conntrack has seen packets in both directions."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:697 original/man8/iptables.8:685
+#, no-wrap
+msgid "B<ASSURED>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:700 original/man8/iptables.8:688
+msgid "Conntrack entry should never be early-expired."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:700 original/man8/iptables.8:688
+#, no-wrap
+msgid "B<CONFIRMED>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:703 original/man8/iptables.8:691
+msgid "Connection is confirmed: originating packet has left box."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:703 original/man8/iptables.8:691
+#, no-wrap
+msgid "cpu"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:704 original/man8/iptables.8:692
+#, no-wrap
+msgid "[B<!>] B<--cpu> I<number>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:709 original/man8/iptables.8:697
+msgid ""
+"Match cpu handling this packet. cpus are numbered from 0 to NR_CPUS-1 Can be "
+"used in combination with RPS (Remote Packet Steering) or multiqueue NICs to "
+"spread network traffic on different queues."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:714 original/man8/iptables.8:702
+msgid ""
+"iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 -j REDIRECT "
+"--to-port 8080"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:717 original/man8/iptables.8:705
+msgid ""
+"iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 -j REDIRECT "
+"--to-port 8081"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:719 original/man8/iptables.8:707
+msgid "Available since Linux 2.6.36."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:719 original/man8/iptables.8:707
+#, no-wrap
+msgid "dccp"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:720 original/man8/ip6tables.8:1492 original/man8/ip6tables.8:1626 original/man8/ip6tables.8:1906 original/man8/iptables.8:708 original/man8/iptables.8:1399 original/man8/iptables.8:1533 original/man8/iptables.8:1824
+#, no-wrap
+msgid "[B<!>] B<--source-port>,B<--sport> I<port>[B<:>I<port>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:722 original/man8/ip6tables.8:1494 original/man8/ip6tables.8:1637 original/man8/ip6tables.8:1912 original/man8/iptables.8:710 original/man8/iptables.8:1401 original/man8/iptables.8:1544 original/man8/iptables.8:1830
+#, no-wrap
+msgid "[B<!>] B<--destination-port>,B<--dport> I<port>[B<:>I<port>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:724 original/man8/iptables.8:712
+#, no-wrap
+msgid "[B<!>] B<--dccp-types> I<mask>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:729 original/man8/iptables.8:717
+msgid ""
+"Match when the DCCP packet type is one of 'mask'. 'mask' is a "
+"comma-separated list of packet types. Packet types are: B<REQUEST RESPONSE "
+"DATA ACK DATAACK CLOSEREQ CLOSE RESET SYNC SYNCACK INVALID>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:729 original/man8/iptables.8:717
+#, no-wrap
+msgid "[B<!>] B<--dccp-option> I<number>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:732 original/man8/iptables.8:720
+msgid "Match if DCCP option set."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:732 original/man8/iptables.8:720
+#, no-wrap
+msgid "dscp"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:735 original/man8/iptables.8:723
+msgid ""
+"This module matches the 6 bit DSCP field within the TOS field in the IP "
+"header. DSCP has superseded TOS within the IETF."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:735 original/man8/iptables.8:723
+#, no-wrap
+msgid "[B<!>] B<--dscp> I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:738 original/man8/iptables.8:726
+msgid "Match against a numeric (decimal or hex) value [0-63]."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:738 original/man8/iptables.8:726
+#, no-wrap
+msgid "[B<!>] B<--dscp-class> I<class>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:743 original/man8/iptables.8:731
+msgid ""
+"Match the DiffServ class. This value may be any of the BE, EF, AFxx or CSx "
+"classes. It will then be converted into its according numeric value."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:743
+#, no-wrap
+msgid "dst"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:745
+msgid "This module matches the parameters in Destination Options header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:745
+#, no-wrap
+msgid "[B<!>] B<--dst-len> I<length>"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:748
+#, no-wrap
+msgid "B<--dst-opts> I<type>[B<:>I<length>][B<,>I<type>[B<:>I<length>]...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:751 original/man8/ip6tables.8:873
+msgid "numeric type of option and the length of the option data in octets."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:751 original/man8/iptables.8:731
+#, no-wrap
+msgid "ecn"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:753 original/man8/iptables.8:733
+msgid ""
+"This allows you to match the ECN bits of the IPv4/IPv6 and TCP header. ECN "
+"is the Explicit Congestion Notification mechanism as specified in RFC3168"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:753 original/man8/iptables.8:733
+#, no-wrap
+msgid "[B<!>] B<--ecn-tcp-cwr>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:756 original/man8/iptables.8:736
+msgid "This matches if the TCP ECN CWR (Congestion Window Received) bit is set."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:756 original/man8/iptables.8:736
+#, no-wrap
+msgid "[B<!>] B<--ecn-tcp-ece>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:759 original/man8/iptables.8:739
+msgid "This matches if the TCP ECN ECE (ECN Echo) bit is set."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:759 original/man8/iptables.8:739
+#, no-wrap
+msgid "[B<!>] B<--ecn-ip-ect> I<num>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:763 original/man8/iptables.8:743
+msgid ""
+"This matches a particular IPv4/IPv6 ECT (ECN-Capable Transport). You have to "
+"specify a number between `0' and `3'."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:763 original/man8/iptables.8:743
+#, no-wrap
+msgid "esp"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:765 original/man8/iptables.8:745
+msgid "This module matches the SPIs in ESP header of IPsec packets."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:765 original/man8/iptables.8:745
+#, no-wrap
+msgid "[B<!>] B<--espspi> I<spi>[B<:>I<spi>]"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:767
+#, no-wrap
+msgid "eui64"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:778
+msgid ""
+"This module matches the EUI-64 part of a stateless autoconfigured IPv6 "
+"address. It compares the EUI-64 derived from the source MAC address in "
+"Ethernet frame with the lower 64 bits of the IPv6 source address. But "
+"\"Universal/Local\" bit is not compared. This module doesn't match other "
+"link layer frame, and is only valid in the B<PREROUTING>, B<INPUT> and "
+"B<FORWARD> chains."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:778
+#, no-wrap
+msgid "frag"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:780
+msgid "This module matches the parameters in Fragment header."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:780
+#, no-wrap
+msgid "[B<!>] B<--fragid> I<id>[B<:>I<id>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:783
+msgid "Matches the given Identification or range of it."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:783
+#, no-wrap
+msgid "[B<!>] B<--fraglen> I<length>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:787
+msgid ""
+"This option cannot be used with kernel version 2.6.10 or later. The length "
+"of Fragment header is static and this option doesn't make sense."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:787
+#, no-wrap
+msgid "B<--fragres>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:790
+msgid "Matches if the reserved fields are filled with zero."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:790
+#, no-wrap
+msgid "B<--fragfirst>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:793
+msgid "Matches on the first fragment."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:793
+#, no-wrap
+msgid "B<--fragmore>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:796
+msgid "Matches if there are more fragments."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:796
+#, no-wrap
+msgid "B<--fraglast>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:799
+msgid "Matches if this is the last fragment."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:799 original/man8/iptables.8:747
+#, no-wrap
+msgid "hashlimit"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:805 original/man8/iptables.8:753
+msgid ""
+"B<hashlimit> uses hash buckets to express a rate limiting match (like the "
+"B<limit> match) for a group of connections using a B<single> iptables "
+"rule. Grouping can be done per-hostgroup (source and/or destination address) "
+"and/or per-port. It gives you the ability to express \"I<N> packets per time "
+"quantum per group\" (see below for some examples)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:808 original/man8/iptables.8:756
+msgid ""
+"A hash limit option (B<--hashlimit-upto>, B<--hashlimit-above>) and "
+"B<--hashlimit-name> are required."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:808 original/man8/iptables.8:756
+#, no-wrap
+msgid "B<--hashlimit-upto> I<amount>[B</second>|B</minute>|B</hour>|B</day>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:812 original/man8/iptables.8:760
+msgid ""
+"Match if the rate is below or equal to I<amount>/quantum. It is specified as "
+"a number, with an optional time quantum suffix; the default is 3/hour."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:812 original/man8/iptables.8:760
+#, no-wrap
+msgid "B<--hashlimit-above> I<amount>[B</second>|B</minute>|B</hour>|B</day>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:815 original/man8/iptables.8:763
+msgid "Match if the rate is above I<amount>/quantum."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:815 original/man8/iptables.8:763
+#, no-wrap
+msgid "B<--hashlimit-burst> I<amount>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:820 original/man8/ip6tables.8:1007 original/man8/iptables.8:768 original/man8/iptables.8:893
+msgid ""
+"Maximum initial number of packets to match: this number gets recharged by "
+"one every time the limit specified above is not reached, up to this number; "
+"the default is 5."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:820 original/man8/iptables.8:768
+#, no-wrap
+msgid "B<--hashlimit-mode> {B<srcip>|B<srcport>|B<dstip>|B<dstport>}B<,>..."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:825 original/man8/iptables.8:773
+msgid ""
+"A comma-separated list of objects to take into consideration. If no "
+"--hashlimit-mode option is given, hashlimit acts like limit, but at the "
+"expensive of doing the hash housekeeping."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:825 original/man8/iptables.8:773
+#, no-wrap
+msgid "B<--hashlimit-srcmask> I<prefix>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:832 original/man8/iptables.8:780
+msgid ""
+"When --hashlimit-mode srcip is used, all source addresses encountered will "
+"be grouped according to the given prefix length and the so-created subnet "
+"will be subject to hashlimit. I<prefix> must be between (inclusive) 0 and "
+"32. Note that --hashlimit-srcmask 0 is basically doing the same thing as not "
+"specifying srcip for --hashlimit-mode, but is technically more expensive."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:832 original/man8/iptables.8:780
+#, no-wrap
+msgid "B<--hashlimit-dstmask> I<prefix>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:835 original/man8/iptables.8:783
+msgid "Like --hashlimit-srcmask, but for destination addresses."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:835 original/man8/iptables.8:783
+#, no-wrap
+msgid "B<--hashlimit-name> I<foo>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:838 original/man8/iptables.8:786
+msgid "The name for the /proc/net/ipt_hashlimit/foo entry."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:838 original/man8/iptables.8:786
+#, no-wrap
+msgid "B<--hashlimit-htable-size> I<buckets>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:841 original/man8/iptables.8:789
+msgid "The number of buckets of the hash table"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:841 original/man8/iptables.8:789
+#, no-wrap
+msgid "B<--hashlimit-htable-max> I<entries>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:844 original/man8/iptables.8:792
+msgid "Maximum entries in the hash."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:844 original/man8/iptables.8:792
+#, no-wrap
+msgid "B<--hashlimit-htable-expire> I<msec>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:847 original/man8/iptables.8:795
+msgid "After how many milliseconds do hash entries expire."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:847 original/man8/iptables.8:795
+#, no-wrap
+msgid "B<--hashlimit-htable-gcinterval> I<msec>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:850 original/man8/iptables.8:798
+msgid "How many milliseconds between garbage collection intervals."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:852 original/man8/iptables.8:800
+#, no-wrap
+msgid "matching on source host"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:856 original/man8/iptables.8:804
+msgid ""
+"\"1000 packets per second for every host in 192.168.0.0/16\" =E<gt> -s "
+"192.168.0.0/16 --hashlimit-mode srcip --hashlimit-upto 1000/sec"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:856 original/man8/iptables.8:804
+#, no-wrap
+msgid "matching on source port"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:860 original/man8/iptables.8:808
+msgid ""
+"\"100 packets per second for every service of 192.168.1.1\" =E<gt> -s "
+"192.168.1.1 --hashlimit-mode srcport --hashlimit-upto 100/sec"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:860 original/man8/iptables.8:808
+#, no-wrap
+msgid "matching on subnet"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:865 original/man8/iptables.8:813
+msgid ""
+"\"10000 packets per minute for every /28 subnet (groups of 8 addresses) in "
+"10.0.0.0/8\" =E<gt> -s 10.0.0.8 --hashlimit-mask 28 --hashlimit-upto "
+"10000/min"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:865
+#, no-wrap
+msgid "hbh"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:867
+msgid "This module matches the parameters in Hop-by-Hop Options header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:867
+#, no-wrap
+msgid "[B<!>] B<--hbh-len> I<length>"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:870
+#, no-wrap
+msgid "B<--hbh-opts> I<type>[B<:>I<length>][B<,>I<type>[B<:>I<length>]...]"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:873 original/man8/iptables.8:813
+#, no-wrap
+msgid "helper"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:875 original/man8/iptables.8:815
+msgid "This module matches packets related to a specific conntrack-helper."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:875 original/man8/iptables.8:815
+#, no-wrap
+msgid "[B<!>] B<--helper> I<string>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:878 original/man8/iptables.8:818
+msgid "Matches packets related to the specified conntrack-helper."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:882 original/man8/iptables.8:822
+msgid ""
+"string can be \"ftp\" for packets related to a ftp-session on default port. "
+"For other ports append -portnr to the value, ie. \"ftp-2121\"."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:884 original/man8/iptables.8:824
+msgid "Same rules apply for other conntrack-helpers."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:885
+#, no-wrap
+msgid "hl"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:887
+msgid "This module matches the Hop Limit field in the IPv6 header."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:887
+#, no-wrap
+msgid "[B<!>] B<--hl-eq> I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:890
+msgid "Matches if Hop Limit equals I<value>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:890
+#, no-wrap
+msgid "B<--hl-lt> I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:893
+msgid "Matches if Hop Limit is less than I<value>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:893
+#, no-wrap
+msgid "B<--hl-gt> I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:896
+msgid "Matches if Hop Limit is greater than I<value>."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:896
+#, no-wrap
+msgid "icmp6"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:899
+msgid ""
+"This extension can be used if `--protocol ipv6-icmp' or `--protocol icmpv6' "
+"is specified. It provides the following option:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:899
+#, no-wrap
+msgid "[B<!>] B<--icmpv6-type> I<type>[B</>I<code>]|I<typename>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:908
+msgid ""
+"This allows specification of the ICMPv6 type, which can be a numeric ICMPv6 "
+"I<type>, I<type> and I<code>, or one of the ICMPv6 type names shown by the "
+"command"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:910
+#, no-wrap
+msgid " ip6tables -p ipv6-icmp -h\n"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:911 original/man8/iptables.8:835
+#, no-wrap
+msgid "iprange"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:913 original/man8/iptables.8:837
+msgid "This matches on a given arbitrary range of IP addresses."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:913 original/man8/iptables.8:837
+#, no-wrap
+msgid "[B<!>] B<--src-range> I<from>[B<->I<to>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:916 original/man8/iptables.8:840
+msgid "Match source IP in the specified range."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:916 original/man8/iptables.8:840
+#, no-wrap
+msgid "[B<!>] B<--dst-range> I<from>[B<->I<to>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:919 original/man8/iptables.8:843
+msgid "Match destination IP in the specified range."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:919
+#, no-wrap
+msgid "ipv6header"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:921
+msgid "This module matches IPv6 extension headers and/or upper layer header."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:921
+#, no-wrap
+msgid "B<--soft>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:925
+msgid ""
+"Matches if the packet includes B<any> of the headers specified with "
+"B<--header>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:925
+#, no-wrap
+msgid "[B<!>] B<--header> I<header>[B<,>I<header>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:930
+msgid ""
+"Matches the packet which EXACTLY includes all specified headers. The headers "
+"encapsulated with ESP header are out of scope. Possible I<header> types can "
+"be:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:930
+#, no-wrap
+msgid "B<hop>|B<hop-by-hop>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:933
+msgid "Hop-by-Hop Options header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:933
+#, no-wrap
+msgid "B<dst>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:936
+msgid "Destination Options header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:936
+#, no-wrap
+msgid "B<route>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:939
+msgid "Routing header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:939
+#, no-wrap
+msgid "B<frag>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:942
+msgid "Fragment header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:942
+#, no-wrap
+msgid "B<auth>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:945
+msgid "Authentication header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:945
+#, no-wrap
+msgid "B<esp>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:948
+msgid "Encapsulating Security Payload header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:948
+#, no-wrap
+msgid "B<none>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:952
+msgid ""
+"No Next header which matches 59 in the 'Next Header field' of IPv6 header or "
+"any IPv6 extension headers"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:952
+#, no-wrap
+msgid "B<proto>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:957
+msgid ""
+"which matches any upper layer protocol header. A protocol name from "
+"/etc/protocols and numeric value also allowed. The number 255 is equivalent "
+"to B<proto>."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:957 original/man8/iptables.8:843
+#, no-wrap
+msgid "ipvs"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:959 original/man8/iptables.8:845
+msgid "Match IPVS connection properties."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:959 original/man8/iptables.8:845
+#, no-wrap
+msgid "[B<!>] B<--ipvs>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:962 original/man8/iptables.8:848
+msgid "packet belongs to an IPVS connection"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:962 original/man8/iptables.8:848
+#, no-wrap
+msgid "Any of the following options implies --ipvs (even negated)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:964 original/man8/iptables.8:850
+#, no-wrap
+msgid "[B<!>] B<--vproto> I<protocol>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:967 original/man8/iptables.8:853
+msgid "VIP protocol to match; by number or name, e.g. \"tcp\""
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:967 original/man8/iptables.8:853
+#, no-wrap
+msgid "[B<!>] B<--vaddr> I<address>[B</>I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:970 original/man8/iptables.8:856
+msgid "VIP address to match"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:970 original/man8/iptables.8:856
+#, no-wrap
+msgid "[B<!>] B<--vport> I<port>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:973 original/man8/iptables.8:859
+msgid "VIP port to match; by number or name, e.g. \"http\""
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:973 original/man8/iptables.8:859
+#, no-wrap
+msgid "B<--vdir> {B<ORIGINAL>|B<REPLY>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:976 original/man8/iptables.8:862
+msgid "flow direction of packet"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:976 original/man8/iptables.8:862
+#, no-wrap
+msgid "[B<!>] B<--vmethod> {B<GATE>|B<IPIP>|B<MASQ>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:979 original/man8/iptables.8:865
+msgid "IPVS forwarding method used"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:979 original/man8/iptables.8:865
+#, no-wrap
+msgid "[B<!>] B<--vportctl> I<port>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:982 original/man8/iptables.8:868
+msgid "VIP port of the controlling connection to match, e.g. 21 for FTP"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:982 original/man8/iptables.8:868
+#, no-wrap
+msgid "length"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:986 original/man8/iptables.8:872
+msgid ""
+"This module matches the length of the layer-3 payload (e.g. layer-4 packet) "
+"of a packet against a specific value or range of values."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:986 original/man8/iptables.8:872
+#, no-wrap
+msgid "[B<!>] B<--length> I<length>[B<:>I<length>]"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:988 original/man8/iptables.8:874
+#, no-wrap
+msgid "limit"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:994 original/man8/iptables.8:880
+msgid ""
+"This module matches at a limited rate using a token bucket filter. A rule "
+"using this extension will match until this limit is reached. It can be used "
+"in combination with the B<LOG> target to give limited logging, for example."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:997 original/man8/iptables.8:883
+msgid ""
+"xt_limit has no negation support - you will have to use -m hashlimit ! "
+"--hashlimit I<rate> in this case whilst omitting --hashlimit-mode."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:997 original/man8/iptables.8:883
+#, no-wrap
+msgid "B<--limit> I<rate>[B</second>|B</minute>|B</hour>|B</day>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1002 original/man8/iptables.8:888
+msgid ""
+"Maximum average matching rate: specified as a number, with an optional "
+"`/second', `/minute', `/hour', or `/day' suffix; the default is 3/hour."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1002 original/man8/iptables.8:888
+#, no-wrap
+msgid "B<--limit-burst> I<number>"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1007 original/man8/iptables.8:893
+#, no-wrap
+msgid "mac"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1008 original/man8/iptables.8:894
+#, no-wrap
+msgid "[B<!>] B<--mac-source> I<address>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1018 original/man8/iptables.8:904
+msgid ""
+"Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note "
+"that this only makes sense for packets coming from an Ethernet device and "
+"entering the B<PREROUTING>, B<FORWARD> or B<INPUT> chains."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1018 original/man8/iptables.8:904
+#, no-wrap
+msgid "mark"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1023 original/man8/iptables.8:909
+msgid ""
+"This module matches the netfilter mark field associated with a packet (which "
+"can be set using the B<MARK> target below)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1028 original/man8/iptables.8:914
+msgid ""
+"Matches packets with the given unsigned mark value (if a I<mask> is "
+"specified, this is logically ANDed with the I<mask> before the comparison)."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1028
+#, no-wrap
+msgid "mh"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1031
+msgid ""
+"This extension is loaded if `--protocol ipv6-mh' or `--protocol mh' is "
+"specified. It provides the following option:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1031
+#, no-wrap
+msgid "[B<!>] B<--mh-type> I<type>[B<:>I<type>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1038
+msgid ""
+"This allows specification of the Mobility Header(MH) type, which can be a "
+"numeric MH I<type>, I<type> or one of the MH type names shown by the command"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1040
+#, no-wrap
+msgid " ip6tables -p ipv6-mh -h\n"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1041 original/man8/iptables.8:914
+#, no-wrap
+msgid "multiport"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1048 original/man8/iptables.8:921
+msgid ""
+"This module matches a set of source or destination ports. Up to 15 ports "
+"can be specified. A port range (port:port) counts as two ports. It can "
+"only be used in conjunction with B<-p tcp> or B<-p udp>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1048 original/man8/iptables.8:921
+#, no-wrap
+msgid ""
+"[B<!>] B<--source-ports>,B<--sports> "
+"I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1056 original/man8/iptables.8:929
+msgid ""
+"Match if the source port is one of the given ports. The flag B<--sports> is "
+"a convenient alias for this option. Multiple ports or port ranges are "
+"separated using a comma, and a port range is specified using a colon. "
+"B<53,1024:65535> would therefore match ports 53 and all from 1024 through "
+"65535."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1056 original/man8/iptables.8:929
+#, no-wrap
+msgid ""
+"[B<!>] B<--destination-ports>,B<--dports> "
+"I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1061 original/man8/iptables.8:934
+msgid ""
+"Match if the destination port is one of the given ports. The flag "
+"B<--dports> is a convenient alias for this option."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1061 original/man8/iptables.8:934
+#, no-wrap
+msgid "[B<!>] B<--ports> I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1065 original/man8/iptables.8:938
+msgid ""
+"Match if either the source or destination ports are equal to one of the "
+"given ports."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1065 original/man8/iptables.8:938
+#, no-wrap
+msgid "nfacct"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1069 original/man8/iptables.8:942
+msgid ""
+"The nfacct match provides the extended accounting infrastructure for "
+"iptables. You have to use this match together with the standalone "
+"user-space utility B<nfacct(8)>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1071 original/man8/iptables.8:944
+msgid "The only option available for this match is the following:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1071 original/man8/iptables.8:944
+#, no-wrap
+msgid "B<--nfacct-name> I<name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1075 original/man8/iptables.8:948
+msgid ""
+"This allows you to specify the existing object name that will be use for "
+"accounting the traffic that this rule-set is matching."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1077 original/man8/iptables.8:950
+msgid "To use this extension, you have to create an accounting object:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1079 original/man8/iptables.8:952
+msgid "nfacct add http-traffic"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1081 original/man8/iptables.8:954
+msgid "Then, you have to attach it to the accounting object via iptables:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1083 original/man8/iptables.8:956
+msgid "iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1085 original/man8/iptables.8:958
+msgid "iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1087 original/man8/iptables.8:960
+msgid "Then, you can check for the amount of traffic that the rules match:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1089 original/man8/iptables.8:962
+msgid "nfacct get http-traffic"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1091 original/man8/iptables.8:964
+msgid ""
+"{ pkts = 00000000000000000156, bytes = 00000000000000151786 } = "
+"http-traffic;"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1096 original/man8/iptables.8:969
+msgid ""
+"You can obtain B<nfacct(8)> from http://www.netfilter.org or, alternatively, "
+"from the git.netfilter.org repository."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1096 original/man8/iptables.8:1015
+#, no-wrap
+msgid "owner"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1101 original/man8/iptables.8:1020
+msgid ""
+"This module attempts to match various characteristics of the packet creator, "
+"for locally generated packets. This match is only valid in the OUTPUT and "
+"POSTROUTING chains. Forwarded packets do not have any socket associated with "
+"them. Packets from kernel threads do have a socket, but usually no owner."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1101 original/man8/iptables.8:1020
+#, no-wrap
+msgid "[B<!>] B<--uid-owner> I<username>"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1103 original/man8/iptables.8:1022
+#, no-wrap
+msgid "[B<!>] B<--uid-owner> I<userid>[B<->I<userid>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1107 original/man8/iptables.8:1026
+msgid ""
+"Matches if the packet socket's file structure (if it has one) is owned by "
+"the given user. You may also specify a numerical UID, or an UID range."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1107 original/man8/iptables.8:1026
+#, no-wrap
+msgid "[B<!>] B<--gid-owner> I<groupname>"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1109 original/man8/iptables.8:1028
+#, no-wrap
+msgid "[B<!>] B<--gid-owner> I<groupid>[B<->I<groupid>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1113 original/man8/iptables.8:1032
+msgid ""
+"Matches if the packet socket's file structure is owned by the given group. "
+"You may also specify a numerical GID, or a GID range."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1113 original/man8/iptables.8:1032
+#, no-wrap
+msgid "[B<!>] B<--socket-exists>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1116 original/man8/iptables.8:1035
+msgid "Matches if the packet is associated with a socket."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1116 original/man8/iptables.8:1035
+#, no-wrap
+msgid "physdev"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1121 original/man8/iptables.8:1040
+msgid ""
+"This module matches on the bridge port input and output devices enslaved to "
+"a bridge device. This module is a part of the infrastructure that enables a "
+"transparent bridging IP firewall and is only useful for kernel versions "
+"above version 2.5.44."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1121 original/man8/iptables.8:1040
+#, no-wrap
+msgid "[B<!>] B<--physdev-in> I<name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1132 original/man8/iptables.8:1051
+msgid ""
+"Name of a bridge port via which a packet is received (only for packets "
+"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). If the "
+"interface name ends in a \"+\", then any interface which begins with this "
+"name will match. If the packet didn't arrive through a bridge device, this "
+"packet won't match this option, unless '!' is used."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1132 original/man8/iptables.8:1051
+#, no-wrap
+msgid "[B<!>] B<--physdev-out> I<name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1149 original/man8/iptables.8:1068
+msgid ""
+"Name of a bridge port via which a packet is going to be sent (for packets "
+"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). If the "
+"interface name ends in a \"+\", then any interface which begins with this "
+"name will match. Note that in the B<nat> and B<mangle> B<OUTPUT> chains one "
+"cannot match on the bridge output port, however one can in the B<filter "
+"OUTPUT> chain. If the packet won't leave by a bridge device or if it is yet "
+"unknown what the output device will be, then the packet won't match this "
+"option, unless '!' is used."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1149 original/man8/iptables.8:1068
+#, no-wrap
+msgid "[B<!>] B<--physdev-is-in>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1152 original/man8/iptables.8:1071
+msgid "Matches if the packet has entered through a bridge interface."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1152 original/man8/iptables.8:1071
+#, no-wrap
+msgid "[B<!>] B<--physdev-is-out>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1155 original/man8/iptables.8:1074
+msgid "Matches if the packet will leave through a bridge interface."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1155 original/man8/iptables.8:1074
+#, no-wrap
+msgid "[B<!>] B<--physdev-is-bridged>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1159 original/man8/iptables.8:1078
+msgid ""
+"Matches if the packet is being bridged and therefore is not being routed. "
+"This is only useful in the FORWARD and POSTROUTING chains."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1159 original/man8/iptables.8:1078
+#, no-wrap
+msgid "pkttype"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1161 original/man8/iptables.8:1080
+msgid "This module matches the link-layer packet type."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1161 original/man8/iptables.8:1080
+#, no-wrap
+msgid "[B<!>] B<--pkt-type> {B<unicast>|B<broadcast>|B<multicast>}"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1163 original/man8/iptables.8:1082
+#, no-wrap
+msgid "policy"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1165 original/man8/iptables.8:1084
+msgid "This modules matches the policy used by IPsec for handling a packet."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1165 original/man8/iptables.8:1084
+#, no-wrap
+msgid "B<--dir> {B<in>|B<out>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1177 original/man8/iptables.8:1096
+msgid ""
+"Used to select whether to match the policy used for decapsulation or the "
+"policy that will be used for encapsulation. B<in> is valid in the "
+"B<PREROUTING, INPUT and FORWARD> chains, B<out> is valid in the "
+"B<POSTROUTING, OUTPUT and FORWARD> chains."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1177 original/man8/iptables.8:1096
+#, no-wrap
+msgid "B<--pol> {B<none>|B<ipsec>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1181 original/man8/iptables.8:1100
+msgid ""
+"Matches if the packet is subject to IPsec processing. B<--pol none> cannot "
+"be combined with B<--strict>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1181 original/man8/iptables.8:1100
+#, no-wrap
+msgid "B<--strict>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1185 original/man8/iptables.8:1104
+msgid ""
+"Selects whether to match the exact policy or match if any rule of the policy "
+"matches the given policy."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1189 original/man8/iptables.8:1108
+msgid ""
+"For each policy element that is to be described, one can use one or more of "
+"the following options. When B<--strict> is in effect, at least one must be "
+"used per element."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1189 original/man8/iptables.8:1108
+#, no-wrap
+msgid "[B<!>] B<--reqid> I<id>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1196 original/man8/iptables.8:1115
+msgid ""
+"Matches the reqid of the policy rule. The reqid can be specified with "
+"B<setkey(8)> using B<unique:id> as level."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1196 original/man8/iptables.8:1115
+#, no-wrap
+msgid "[B<!>] B<--spi> I<spi>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1199 original/man8/iptables.8:1118
+msgid "Matches the SPI of the SA."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1199 original/man8/iptables.8:1118
+#, no-wrap
+msgid "[B<!>] B<--proto> {B<ah>|B<esp>|B<ipcomp>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1202 original/man8/iptables.8:1121
+msgid "Matches the encapsulation protocol."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1202 original/man8/iptables.8:1121
+#, no-wrap
+msgid "[B<!>] B<--mode> {B<tunnel>|B<transport>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1205 original/man8/iptables.8:1124
+msgid "Matches the encapsulation mode."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1205 original/man8/iptables.8:1124
+#, no-wrap
+msgid "[B<!>] B<--tunnel-src> I<addr>[B</>I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1209 original/man8/iptables.8:1128
+msgid ""
+"Matches the source end-point address of a tunnel mode SA. Only valid with "
+"B<--mode tunnel>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1209 original/man8/iptables.8:1128
+#, no-wrap
+msgid "[B<!>] B<--tunnel-dst> I<addr>[B</>I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1213 original/man8/iptables.8:1132
+msgid ""
+"Matches the destination end-point address of a tunnel mode SA. Only valid "
+"with B<--mode tunnel>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1213 original/man8/iptables.8:1132
+#, no-wrap
+msgid "B<--next>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1217 original/man8/iptables.8:1136
+msgid ""
+"Start the next element in the policy specification. Can only be used with "
+"B<--strict>."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1217 original/man8/iptables.8:1136
+#, no-wrap
+msgid "quota"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1222 original/man8/iptables.8:1141
+msgid ""
+"Implements network quotas by decrementing a byte counter with each "
+"packet. The condition matches until the byte counter reaches zero. Behavior "
+"is reversed with negation (i.e. the condition does not match until the byte "
+"counter reaches zero)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1222 original/man8/iptables.8:1141
+#, no-wrap
+msgid "[B<!>] B<--quota> I<bytes>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1225 original/man8/iptables.8:1144
+msgid "The quota in bytes."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1225 original/man8/iptables.8:1144
+#, no-wrap
+msgid "rateest"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1229 original/man8/iptables.8:1148
+msgid ""
+"The rate estimator can match on estimated rates as collected by the RATEEST "
+"target. It supports matching on absolute bps/pps values, comparing two rate "
+"estimators and matching on the difference between two rate estimators."
+msgstr ""
+
+#. * Absolute:
+#. type: Plain text
+#: original/man8/ip6tables.8:1233 original/man8/iptables.8:1152
+msgid ""
+"For a better understanding of the available options, these are all possible "
+"combinations:"
+msgstr ""
+
+#. type: IP
+#: original/man8/ip6tables.8:1233 original/man8/ip6tables.8:1235 original/man8/ip6tables.8:1238 original/man8/ip6tables.8:1240 original/man8/ip6tables.8:1243 original/man8/ip6tables.8:1245 original/man8/ip6tables.8:1248 original/man8/ip6tables.8:1251 original/man8/iptables.8:980 original/man8/iptables.8:983 original/man8/iptables.8:986 original/man8/iptables.8:992 original/man8/iptables.8:994 original/man8/iptables.8:996 original/man8/iptables.8:1152 original/man8/iptables.8:1154 original/man8/iptables.8:1157 original/man8/iptables.8:1159 original/man8/iptables.8:1162 original/man8/iptables.8:1164 original/man8/iptables.8:1167 original/man8/iptables.8:1170
+#, no-wrap
+msgid "\\(bu"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1235 original/man8/iptables.8:1154
+msgid "B<rateest> I<operator> B<rateest-bps>"
+msgstr ""
+
+#. * Absolute + Delta:
+#. type: Plain text
+#: original/man8/ip6tables.8:1238 original/man8/iptables.8:1157
+msgid "B<rateest> I<operator> B<rateest-pps>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1240 original/man8/iptables.8:1159
+msgid "(B<rateest> minus B<rateest-bps1>) I<operator> B<rateest-bps2>"
+msgstr ""
+
+#. * Relative:
+#. type: Plain text
+#: original/man8/ip6tables.8:1243 original/man8/iptables.8:1162
+msgid "(B<rateest> minus B<rateest-pps1>) I<operator> B<rateest-pps2>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1245 original/man8/iptables.8:1164
+msgid "B<rateest1> I<operator> B<rateest2> B<rateest-bps>(without rate!)"
+msgstr ""
+
+#. * Relative + Delta:
+#. type: Plain text
+#: original/man8/ip6tables.8:1248 original/man8/iptables.8:1167
+msgid "B<rateest1> I<operator> B<rateest2> B<rateest-pps>(without rate!)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1251 original/man8/iptables.8:1170
+msgid ""
+"(B<rateest1> minus B<rateest-bps1>) I<operator> (B<rateest2> minus "
+"B<rateest-bps2>)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1254 original/man8/iptables.8:1173
+msgid ""
+"(B<rateest1> minus B<rateest-pps1>) I<operator> (B<rateest2> minus "
+"B<rateest-pps2>)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1254 original/man8/iptables.8:1173
+#, no-wrap
+msgid "B<--rateest-delta>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1261 original/man8/iptables.8:1180
+msgid ""
+"For each estimator (either absolute or relative mode), calculate the "
+"difference between the estimator-determined flow rate and the static value "
+"chosen with the BPS/PPS options. If the flow rate is higher than the "
+"specified BPS/PPS, 0 will be used instead of a negative value. In other "
+"words, \"max(0, rateest#_rate - rateest#_bps)\" is used."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1261 original/man8/iptables.8:1180
+#, no-wrap
+msgid "[B<!>] B<--rateest-lt>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1264 original/man8/iptables.8:1183
+msgid "Match if rate is less than given rate/estimator."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1264 original/man8/iptables.8:1183
+#, no-wrap
+msgid "[B<!>] B<--rateest-gt>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1267 original/man8/iptables.8:1186
+msgid "Match if rate is greater than given rate/estimator."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1267 original/man8/iptables.8:1186
+#, no-wrap
+msgid "[B<!>] B<--rateest-eq>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1270 original/man8/iptables.8:1189
+msgid "Match if rate is equal to given rate/estimator."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1274 original/man8/iptables.8:1193
+msgid ""
+"In the so-called \"absolute mode\", only one rate estimator is used and "
+"compared against a static value, while in \"relative mode\", two rate "
+"estimators are compared against another."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1274 original/man8/iptables.8:1193
+#, no-wrap
+msgid "B<--rateest> I<name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1277 original/man8/iptables.8:1196
+msgid "Name of the one rate estimator for absolute mode."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1277 original/man8/iptables.8:1196
+#, no-wrap
+msgid "B<--rateest1> I<name>"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1279 original/man8/iptables.8:1198
+#, no-wrap
+msgid "B<--rateest2> I<name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1282 original/man8/iptables.8:1201
+msgid "The names of the two rate estimators for relative mode."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1282 original/man8/iptables.8:1201
+#, no-wrap
+msgid "B<--rateest-bps> [I<value>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1284 original/man8/iptables.8:1203
+#, no-wrap
+msgid "B<--rateest-pps> [I<value>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1286 original/man8/iptables.8:1205
+#, no-wrap
+msgid "B<--rateest-bps1> [I<value>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1288 original/man8/iptables.8:1207
+#, no-wrap
+msgid "B<--rateest-bps2> [I<value>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1290 original/man8/iptables.8:1209
+#, no-wrap
+msgid "B<--rateest-pps1> [I<value>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1292 original/man8/iptables.8:1211
+#, no-wrap
+msgid "B<--rateest-pps2> [I<value>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1298 original/man8/iptables.8:1217
+msgid ""
+"Compare the estimator(s) by bytes or packets per second, and compare against "
+"the chosen value. See the above bullet list for which option is to be used "
+"in which case. A unit suffix may be used - available ones are: bit, "
+"[kmgt]bit, [KMGT]ibit, Bps, [KMGT]Bps, [KMGT]iBps."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1302 original/man8/iptables.8:1221
+msgid ""
+"Example: This is what can be used to route outgoing data connections from an "
+"FTP server over two lines based on the available bandwidth at the time the "
+"data connection was started:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1304 original/man8/iptables.8:1223
+msgid "# Estimate outgoing rates"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1307 original/man8/iptables.8:1226
+msgid ""
+"iptables -t mangle -A POSTROUTING -o eth0 -j RATEEST --rateest-name eth0 "
+"--rateest-interval 250ms --rateest-ewma 0.5s"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1310 original/man8/iptables.8:1229
+msgid ""
+"iptables -t mangle -A POSTROUTING -o ppp0 -j RATEEST --rateest-name ppp0 "
+"--rateest-interval 250ms --rateest-ewma 0.5s"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1312 original/man8/iptables.8:1231
+msgid "# Mark based on available bandwidth"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1316 original/man8/iptables.8:1235
+msgid ""
+"iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper "
+"ftp -m rateest --rateest-delta --rateest1 eth0 --rateest-bps1 2.5mbit "
+"--rateest-gt --rateest2 ppp0 --rateest-bps2 2mbit -j CONNMARK --set-mark 1"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1320 original/man8/iptables.8:1239
+msgid ""
+"iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper "
+"ftp -m rateest --rateest-delta --rateest1 ppp0 --rateest-bps1 2mbit "
+"--rateest-gt --rateest2 eth0 --rateest-bps2 2.5mbit -j CONNMARK --set-mark 2"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1322 original/man8/iptables.8:1241
+msgid "iptables -t mangle -A balance -j CONNMARK --restore-mark"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1322 original/man8/iptables.8:1249
+#, no-wrap
+msgid "recent"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1325 original/man8/iptables.8:1252
+msgid ""
+"Allows you to dynamically create a list of IP addresses and then match "
+"against that list in a few different ways."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1329 original/man8/iptables.8:1256
+msgid ""
+"For example, you can create a \"badguy\" list out of people attempting to "
+"connect to port 139 on your firewall and then DROP all future packets from "
+"them without considering them."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1332 original/man8/iptables.8:1259
+msgid "B<--set>, B<--rcheck>, B<--update> and B<--remove> are mutually exclusive."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1332 original/man8/iptables.8:1259
+#, no-wrap
+msgid "B<--name> I<name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1336 original/man8/iptables.8:1263
+msgid ""
+"Specify the list to use for the commands. If no name is given then "
+"B<DEFAULT> will be used."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1336 original/man8/iptables.8:1263
+#, no-wrap
+msgid "[B<!>] B<--set>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1341 original/man8/iptables.8:1268
+msgid ""
+"This will add the source address of the packet to the list. If the source "
+"address is already in the list, this will update the existing entry. This "
+"will always return success (or failure if B<!> is passed in)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1341 original/man8/iptables.8:1268
+#, no-wrap
+msgid "B<--rsource>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1345 original/man8/iptables.8:1272
+msgid ""
+"Match/save the source address of each packet in the recent list table. This "
+"is the default."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1345 original/man8/iptables.8:1272
+#, no-wrap
+msgid "B<--rdest>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1348 original/man8/iptables.8:1275
+msgid "Match/save the destination address of each packet in the recent list table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1348 original/man8/iptables.8:1275
+#, no-wrap
+msgid "[B<!>] B<--rcheck>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1351 original/man8/iptables.8:1278
+msgid "Check if the source address of the packet is currently in the list."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1351 original/man8/iptables.8:1278
+#, no-wrap
+msgid "[B<!>] B<--update>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1355 original/man8/iptables.8:1282
+msgid ""
+"Like B<--rcheck>, except it will update the \"last seen\" timestamp if it "
+"matches."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1355 original/man8/iptables.8:1282
+#, no-wrap
+msgid "[B<!>] B<--remove>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1360 original/man8/iptables.8:1287
+msgid ""
+"Check if the source address of the packet is currently in the list and if so "
+"that address will be removed from the list and the rule will return true. If "
+"the address is not found, false is returned."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1360 original/man8/iptables.8:1287
+#, no-wrap
+msgid "B<--seconds> I<seconds>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1365 original/man8/iptables.8:1292
+msgid ""
+"This option must be used in conjunction with one of B<--rcheck> or "
+"B<--update>. When used, this will narrow the match to only happen when the "
+"address is in the list and was seen within the last given number of seconds."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1365 original/man8/iptables.8:1292
+#, no-wrap
+msgid "B<--reap>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1370 original/man8/iptables.8:1297
+msgid ""
+"This option can only be used in conjunction with B<--seconds>. When used, "
+"this will cause entries older than the last given number of seconds to be "
+"purged."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1370 original/man8/iptables.8:1297
+#, no-wrap
+msgid "B<--hitcount> I<hits>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1380 original/man8/iptables.8:1307
+msgid ""
+"This option must be used in conjunction with one of B<--rcheck> or "
+"B<--update>. When used, this will narrow the match to only happen when the "
+"address is in the list and packets had been received greater than or equal "
+"to the given value. This option may be used along with B<--seconds> to "
+"create an even narrower match requiring a certain number of hits within a "
+"specific time frame. The maximum value for the hitcount parameter is given "
+"by the \"ip_pkt_list_tot\" parameter of the xt_recent kernel "
+"module. Exceeding this value on the command line will cause the rule to be "
+"rejected."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1380 original/man8/iptables.8:1307
+#, no-wrap
+msgid "B<--rttl>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1388 original/man8/iptables.8:1315
+msgid ""
+"This option may only be used in conjunction with one of B<--rcheck> or "
+"B<--update>. When used, this will narrow the match to only happen when the "
+"address is in the list and the TTL of the current packet matches that of the "
+"packet which hit the B<--set> rule. This may be useful if you have problems "
+"with people faking their source address in order to DoS you via this module "
+"by disallowing others access to your site by sending bogus packets to you."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1392 original/man8/iptables.8:1319
+msgid "iptables -A FORWARD -m recent --name badguy --rcheck --seconds 60 -j DROP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1394 original/man8/iptables.8:1321
+msgid ""
+"iptables -A FORWARD -p tcp -i eth0 --dport 139 -m recent --name badguy --set "
+"-j DROP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1397 original/man8/iptables.8:1324
+msgid ""
+"Steve's ipt_recent website (http://snowman.net/projects/ipt_recent/) also "
+"has some examples of usage."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1400 original/man8/iptables.8:1327
+msgid ""
+"B</proc/net/xt_recent/*> are the current lists of addresses and information "
+"about each entry of each list."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1403 original/man8/iptables.8:1330
+msgid ""
+"Each file in B</proc/net/xt_recent/> can be read from to see the current "
+"list or written two using the following commands to modify the list:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1403 original/man8/iptables.8:1330
+#, no-wrap
+msgid "B<echo +>I<addr>B< E<gt>/proc/net/xt_recent/DEFAULT>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1406 original/man8/iptables.8:1333
+msgid "to add I<addr> to the DEFAULT list"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1406 original/man8/iptables.8:1333
+#, no-wrap
+msgid "B<echo ->I<addr>B< E<gt>/proc/net/xt_recent/DEFAULT>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1409 original/man8/iptables.8:1336
+msgid "to remove I<addr> from the DEFAULT list"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1409 original/man8/iptables.8:1336
+#, no-wrap
+msgid "B<echo / E<gt>/proc/net/xt_recent/DEFAULT>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1412 original/man8/iptables.8:1339
+msgid "to flush the DEFAULT list (remove all entries)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1414 original/man8/iptables.8:1341
+msgid "The module itself accepts parameters, defaults shown:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1414 original/man8/iptables.8:1341
+#, no-wrap
+msgid "B<ip_list_tot>=I<100>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1417 original/man8/iptables.8:1344
+msgid "Number of addresses remembered per table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1417 original/man8/iptables.8:1344
+#, no-wrap
+msgid "B<ip_pkt_list_tot>=I<20>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1420 original/man8/iptables.8:1347
+msgid "Number of packets per address remembered."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1420 original/man8/iptables.8:1347
+#, no-wrap
+msgid "B<ip_list_hash_size>=I<0>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1423 original/man8/iptables.8:1350
+msgid "Hash table size. 0 means to calculate it based on ip_list_tot, default: 512."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1423 original/man8/iptables.8:1350
+#, no-wrap
+msgid "B<ip_list_perms>=I<0644>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1426 original/man8/iptables.8:1353
+msgid "Permissions for /proc/net/xt_recent/* files."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1426 original/man8/iptables.8:1353
+#, no-wrap
+msgid "B<ip_list_uid>=I<0>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1429 original/man8/iptables.8:1356
+msgid "Numerical UID for ownership of /proc/net/xt_recent/* files."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1429 original/man8/iptables.8:1356
+#, no-wrap
+msgid "B<ip_list_gid>=I<0>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1432 original/man8/iptables.8:1359
+msgid "Numerical GID for ownership of /proc/net/xt_recent/* files."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1432 original/man8/iptables.8:1359
+#, no-wrap
+msgid "rpfilter"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1441 original/man8/iptables.8:1368
+msgid ""
+"Performs a reverse path filter test on a packet. If a reply to the packet "
+"would be sent via the same interface that the packet arrived on, the packet "
+"will match. Note that, unlike the in-kernel rp_filter, packets protected by "
+"IPSec are not treated specially. Combine this match with the policy match "
+"if you want this. Also, packets arriving via the loopback interface are "
+"always permitted. This match can only be used in the PREROUTING chain of "
+"the raw or mangle table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1441 original/man8/iptables.8:1368
+#, no-wrap
+msgid "B<--loose>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1445 original/man8/iptables.8:1372
+msgid ""
+"Used to specifiy that the reverse path filter test should match even if the "
+"selected output device is not the expected one."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1445 original/man8/iptables.8:1372
+#, no-wrap
+msgid "B<--validmark>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1448 original/man8/iptables.8:1375
+msgid ""
+"Also use the packets' nfmark value when performing the reverse path route "
+"lookup."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1448 original/man8/iptables.8:1375
+#, no-wrap
+msgid "B<--accept-local>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1455 original/man8/iptables.8:1382
+msgid ""
+"This will permit packets arriving from the network with a source address "
+"that is also assigned to the local machine. B<--invert> This will invert "
+"the sense of the match. Instead of matching packets that passed the reverse "
+"path filter test, match those that have failed it."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1457 original/man8/iptables.8:1384
+msgid "Example to log and drop packets failing the reverse path filter test:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1459 original/man8/iptables.8:1386
+msgid "iptables -t raw -N RPFILTER"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1461 original/man8/iptables.8:1388
+msgid "iptables -t raw -A RPFILTER -m rpfilter -j RETURN"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1463 original/man8/iptables.8:1390
+msgid ""
+"iptables -t raw -A RPFILTER -m limit --limit 10/minute -j NFLOG "
+"--nflog-prefix \"rpfilter drop\""
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1465 original/man8/iptables.8:1392
+msgid "iptables -t raw -A RPFILTER -j DROP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1467 original/man8/iptables.8:1394
+msgid "iptables -t raw -A PREROUTING -j RPFILTER"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1469 original/man8/iptables.8:1396
+msgid "Example to drop failed packets, without logging:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1471 original/man8/iptables.8:1398
+msgid "iptables -t raw -A RPFILTER -m rpfilter --invert -j DROP"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1471
+#, no-wrap
+msgid "rt"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1473
+msgid "Match on IPv6 routing header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1473
+#, no-wrap
+msgid "[B<!>] B<--rt-type> I<type>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1476
+msgid "Match the type (numeric)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1476
+#, no-wrap
+msgid "[B<!>] B<--rt-segsleft> I<num>[B<:>I<num>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1479
+msgid "Match the `segments left' field (range)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1479
+#, no-wrap
+msgid "[B<!>] B<--rt-len> I<length>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1482
+msgid "Match the length of this header."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1482
+#, no-wrap
+msgid "B<--rt-0-res>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1485
+msgid "Match the reserved field, too (type=0)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1485
+#, no-wrap
+msgid "B<--rt-0-addrs> I<addr>[B<,>I<addr>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1488
+msgid "Match type=0 addresses (list)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1488
+#, no-wrap
+msgid "B<--rt-0-not-strict>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1491
+msgid "List of type=0 addresses is not a strict list."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1491 original/man8/iptables.8:1398
+#, no-wrap
+msgid "sctp"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1496 original/man8/iptables.8:1403
+#, no-wrap
+msgid ""
+"[B<!>] B<--chunk-types> {B<all>|B<any>|B<only>} I<chunktype>[B<:>I<flags>] "
+"[...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1500 original/man8/iptables.8:1407
+msgid ""
+"The flag letter in upper case indicates that the flag is to match if set, in "
+"the lower case indicates to match if unset."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1502 original/man8/iptables.8:1409
+msgid ""
+"Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN "
+"SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE "
+"ASCONF ASCONF_ACK FORWARD_TSN"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1504 original/man8/iptables.8:1411
+msgid "chunk type available flags"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1506 original/man8/iptables.8:1413
+msgid "DATA I U B E i u b e"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1508 original/man8/iptables.8:1415
+msgid "ABORT T t"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1510 original/man8/iptables.8:1417
+msgid "SHUTDOWN_COMPLETE T t"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1512 original/man8/iptables.8:1419
+msgid "(lowercase means flag should be \"off\", uppercase means \"on\")"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1516 original/man8/iptables.8:1423
+msgid "iptables -A INPUT -p sctp --dport 80 -j DROP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1518 original/man8/iptables.8:1425
+msgid "iptables -A INPUT -p sctp --chunk-types any DATA,INIT -j DROP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1520 original/man8/iptables.8:1427
+msgid "iptables -A INPUT -p sctp --chunk-types any DATA:Be -j ACCEPT"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1520 original/man8/iptables.8:1427
+#, no-wrap
+msgid "set"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1522 original/man8/iptables.8:1429
+msgid "This module matches IP sets which can be defined by ipset(8)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1522 original/man8/iptables.8:1429
+#, no-wrap
+msgid "[B<!>] B<--match-set> I<setname> I<flag>[B<,>I<flag>]..."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1529 original/man8/iptables.8:1436
+msgid ""
+"where flags are the comma separated list of B<src> and/or B<dst> "
+"specifications and there can be no more than six of them. Hence the command"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1531 original/man8/iptables.8:1438
+#, no-wrap
+msgid " iptables -A FORWARD -m set --match-set test src,dst\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1537 original/man8/iptables.8:1444
+msgid ""
+"will match packets, for which (if the set type is ipportmap) the source "
+"address and destination port pair can be found in the specified set. If the "
+"set type of the specified set is single dimension (for example ipmap), then "
+"the command will match packets for which the source address can be found in "
+"the specified set."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1540 original/man8/iptables.8:1447
+msgid ""
+"The option B<--match-set> can be replaced by B<--set> if that does not clash "
+"with an option of other extensions."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1543 original/man8/iptables.8:1450
+msgid ""
+"Use of -m set requires that ipset kernel support is provided, which, for "
+"standard kernels, is the case since Linux 2.6.39."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1543 original/man8/iptables.8:1450
+#, no-wrap
+msgid "socket"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1546 original/man8/iptables.8:1453
+msgid ""
+"This matches if an open socket can be found by doing a socket lookup on the "
+"packet."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1546 original/man8/iptables.8:1453
+#, no-wrap
+msgid "B<--transparent>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1549 original/man8/iptables.8:1456
+msgid "Ignore non-transparent sockets."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1549 original/man8/iptables.8:1456
+#, no-wrap
+msgid "state"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1552 original/man8/iptables.8:1459
+msgid ""
+"This module, when combined with connection tracking, allows access to the "
+"connection tracking state for this packet."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1552 original/man8/iptables.8:1459
+#, no-wrap
+msgid "[B<!>] B<--state> I<state>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1574 original/man8/iptables.8:1481
+msgid ""
+"Where state is a comma separated list of the connection states to match. "
+"Possible states are B<INVALID> meaning that the packet could not be "
+"identified for some reason which includes running out of memory and ICMP "
+"errors which don't correspond to any known connection, B<ESTABLISHED> "
+"meaning that the packet is associated with a connection which has seen "
+"packets in both directions, B<NEW> meaning that the packet has started a new "
+"connection, or otherwise associated with a connection which has not seen "
+"packets in both directions, and B<RELATED> meaning that the packet is "
+"starting a new connection, but is associated with an existing connection, "
+"such as an FTP data transfer, or an ICMP error. B<UNTRACKED> meaning that "
+"the packet is not tracked at all, which happens if you use the NOTRACK "
+"target in raw table."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1574 original/man8/iptables.8:1481
+#, no-wrap
+msgid "statistic"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1579 original/man8/iptables.8:1486
+msgid ""
+"This module matches packets based on some statistic condition. It supports "
+"two distinct modes settable with the B<--mode> option."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1581 original/man8/iptables.8:1488
+msgid "Supported options:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1581 original/man8/iptables.8:1488
+#, no-wrap
+msgid "B<--mode> I<mode>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1587 original/man8/iptables.8:1494
+msgid ""
+"Set the matching mode of the matching rule, supported modes are B<random> "
+"and B<nth.>"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1587 original/man8/iptables.8:1494
+#, no-wrap
+msgid "[B<!>] B<--probability> I<p>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1592 original/man8/iptables.8:1499
+msgid ""
+"Set the probability for a packet to be randomly matched. It only works with "
+"the B<random> mode. I<p> must be within 0.0 and 1.0. The supported "
+"granularity is in 1/2147483648th increments."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1592 original/man8/iptables.8:1499
+#, no-wrap
+msgid "[B<!>] B<--every> I<n>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1599 original/man8/iptables.8:1506
+msgid ""
+"Match one packet every nth packet. It works only with the B<nth> mode (see "
+"also the B<--packet> option)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1599 original/man8/iptables.8:1506
+#, no-wrap
+msgid "B<--packet> I<p>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1604 original/man8/iptables.8:1511
+msgid ""
+"Set the initial counter value (0 E<lt>= p E<lt>= n-1, default 0) for the "
+"B<nth> mode."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1604 original/man8/iptables.8:1511
+#, no-wrap
+msgid "string"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1606 original/man8/iptables.8:1513
+msgid ""
+"This modules matches a given string by using some pattern matching "
+"strategy. It requires a linux kernel E<gt>= 2.6.14."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1606 original/man8/iptables.8:1513
+#, no-wrap
+msgid "B<--algo> {B<bm>|B<kmp>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1609 original/man8/iptables.8:1516
+msgid ""
+"Select the pattern matching strategy. (bm = Boyer-Moore, kmp = "
+"Knuth-Pratt-Morris)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1609 original/man8/iptables.8:1516
+#, no-wrap
+msgid "B<--from> I<offset>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1612 original/man8/iptables.8:1519
+msgid ""
+"Set the offset from which it starts looking for any matching. If not passed, "
+"default is 0."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1612 original/man8/iptables.8:1519
+#, no-wrap
+msgid "B<--to> I<offset>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1617 original/man8/iptables.8:1524
+msgid ""
+"Set the offset up to which should be scanned. That is, byte I<offset>-1 "
+"(counting from 0) is the last one that is scanned. If not passed, default "
+"is the packet size."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1617 original/man8/iptables.8:1524
+#, no-wrap
+msgid "[B<!>] B<--string> I<pattern>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1620 original/man8/iptables.8:1527
+msgid "Matches the given pattern."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1620 original/man8/iptables.8:1527
+#, no-wrap
+msgid "[B<!>] B<--hex-string> I<pattern>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1623 original/man8/iptables.8:1530
+msgid "Matches the given pattern in hex notation."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1623 original/man8/iptables.8:1530
+#, no-wrap
+msgid "tcp"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1626 original/man8/iptables.8:1533
+msgid ""
+"These extensions can be used if `--protocol tcp' is specified. It provides "
+"the following options:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1637 original/man8/iptables.8:1544
+msgid ""
+"Source port or port range specification. This can either be a service name "
+"or a port number. An inclusive range can also be specified, using the format "
+"I<first>B<:>I<last>. If the first port is omitted, \"0\" is assumed; if the "
+"last is omitted, \"65535\" is assumed. If the first port is greater than "
+"the second one they will be swapped. The flag B<--sport> is a convenient "
+"alias for this option."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1642 original/man8/iptables.8:1549
+msgid ""
+"Destination port or port range specification. The flag B<--dport> is a "
+"convenient alias for this option."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1642 original/man8/iptables.8:1549
+#, no-wrap
+msgid "[B<!>] B<--tcp-flags> I<mask> I<comp>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1650 original/man8/iptables.8:1557
+msgid ""
+"Match when the TCP flags are as specified. The first argument I<mask> is "
+"the flags which we should examine, written as a comma-separated list, and "
+"the second argument I<comp> is a comma-separated list of flags which must be "
+"set. Flags are: B<SYN ACK FIN RST URG PSH ALL NONE>. Hence the command"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1652 original/man8/iptables.8:1559
+#, no-wrap
+msgid " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1655 original/man8/iptables.8:1562
+msgid ""
+"will only match packets with the SYN flag set, and the ACK, FIN and RST "
+"flags unset."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1655 original/man8/iptables.8:1562
+#, no-wrap
+msgid "[B<!>] B<--syn>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1665 original/man8/iptables.8:1572
+msgid ""
+"Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits "
+"cleared. Such packets are used to request TCP connection initiation; for "
+"example, blocking such packets coming in an interface will prevent incoming "
+"TCP connections, but outgoing TCP connections will be unaffected. It is "
+"equivalent to B<--tcp-flags SYN,RST,ACK,FIN SYN>. If the \"!\" flag "
+"precedes the \"--syn\", the sense of the option is inverted."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1665 original/man8/iptables.8:1572
+#, no-wrap
+msgid "[B<!>] B<--tcp-option> I<number>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1668 original/man8/iptables.8:1575
+msgid "Match if TCP option set."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1668 original/man8/iptables.8:1575
+#, no-wrap
+msgid "tcpmss"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1670 original/man8/iptables.8:1577
+msgid ""
+"This matches the TCP MSS (maximum segment size) field of the TCP header. "
+"You can only use this on TCP SYN or SYN/ACK packets, since the MSS is only "
+"negotiated during the TCP handshake at connection startup time."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1670 original/man8/iptables.8:1577
+#, no-wrap
+msgid "[B<!>] B<--mss> I<value>[B<:>I<value>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1673 original/man8/iptables.8:1580
+msgid "Match a given TCP MSS value or range."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1673 original/man8/iptables.8:1580
+#, no-wrap
+msgid "time"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1677 original/man8/iptables.8:1584
+msgid ""
+"This matches if the packet arrival time/date is within a given range. All "
+"options are optional, but are ANDed when specified. All times are "
+"interpreted as UTC by default."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1677 original/man8/iptables.8:1584
+#, no-wrap
+msgid ""
+"B<--datestart> "
+"I<YYYY>[B<->I<MM>[B<->I<DD>[B<T>I<hh>[B<:>I<mm>[B<:>I<ss>]]]]]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1679 original/man8/iptables.8:1586
+#, no-wrap
+msgid "B<--datestop> I<YYYY>[B<->I<MM>[B<->I<DD>[B<T>I<hh>[B<:>I<mm>[B<:>I<ss>]]]]]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1683 original/man8/iptables.8:1590
+msgid ""
+"Only match during the given time, which must be in ISO 8601 \"T\" notation. "
+"The possible time range is 1970-01-01T00:00:00 to 2038-01-19T04:17:07."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1686 original/man8/iptables.8:1593
+msgid ""
+"If --datestart or --datestop are not specified, it will default to "
+"1970-01-01 and 2038-01-19, respectively."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1686 original/man8/iptables.8:1593
+#, no-wrap
+msgid "B<--timestart> I<hh>B<:>I<mm>[B<:>I<ss>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1688 original/man8/iptables.8:1595
+#, no-wrap
+msgid "B<--timestop> I<hh>B<:>I<mm>[B<:>I<ss>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1693 original/man8/iptables.8:1600
+msgid ""
+"Only match during the given daytime. The possible time range is 00:00:00 to "
+"23:59:59. Leading zeroes are allowed (e.g. \"06:03\") and correctly "
+"interpreted as base-10."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1693 original/man8/iptables.8:1600
+#, no-wrap
+msgid "[B<!>] B<--monthdays> I<day>[B<,>I<day>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1699 original/man8/iptables.8:1606
+msgid ""
+"Only match on the given days of the month. Possible values are B<1> to "
+"B<31>. Note that specifying B<31> will of course not match on months which "
+"do not have a 31st day; the same goes for 28- or 29-day February."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1699 original/man8/iptables.8:1606
+#, no-wrap
+msgid "[B<!>] B<--weekdays> I<day>[B<,>I<day>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1705 original/man8/iptables.8:1612
+msgid ""
+"Only match on the given weekdays. Possible values are B<Mon>, B<Tue>, "
+"B<Wed>, B<Thu>, B<Fri>, B<Sat>, B<Sun>, or values from B<1> to B<7>, "
+"respectively. You may also use two-character variants (B<Mo>, B<Tu>, etc.)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1705 original/man8/iptables.8:1612
+#, no-wrap
+msgid "B<--kerneltz>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1709 original/man8/iptables.8:1616
+msgid ""
+"Use the kernel timezone instead of UTC to determine whether a packet meets "
+"the time regulations."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1715 original/man8/iptables.8:1622
+msgid ""
+"About kernel timezones: Linux keeps the system time in UTC, and always does "
+"so. On boot, system time is initialized from a referential time "
+"source. Where this time source has no timezone information, such as the x86 "
+"CMOS RTC, UTC will be assumed. If the time source is however not in UTC, "
+"userspace should provide the correct system time and timezone to the kernel "
+"once it has the information."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1726 original/man8/iptables.8:1633
+msgid ""
+"Local time is a feature on top of the (timezone independent) system "
+"time. Each process has its own idea of local time, specified via the TZ "
+"environment variable. The kernel also has its own timezone offset "
+"variable. The TZ userspace environment variable specifies how the UTC-based "
+"system time is displayed, e.g. when you run date(1), or what you see on your "
+"desktop clock. The TZ string may resolve to different offsets at different "
+"dates, which is what enables the automatic time-jumping in userspace. when "
+"DST changes. The kernel's timezone offset variable is used when it has to "
+"convert between non-UTC sources, such as FAT filesystems, to UTC (since the "
+"latter is what the rest of the system uses)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1735 original/man8/iptables.8:1642
+msgid ""
+"The caveat with the kernel timezone is that Linux distributions may ignore "
+"to set the kernel timezone, and instead only set the system time. Even if a "
+"particular distribution does set the timezone at boot, it is usually does "
+"not keep the kernel timezone offset - which is what changes on DST - up to "
+"date. ntpd will not touch the kernel timezone, so running it will not "
+"resolve the issue. As such, one may encounter a timezone that is always "
+"+0000, or one that is wrong half of the time of the year. As such, B<using "
+"--kerneltz is highly discouraged.>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1737 original/man8/iptables.8:1644
+msgid "EXAMPLES. To match on weekends, use:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1739 original/man8/iptables.8:1646
+msgid "-m time --weekdays Sa,Su"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1741 original/man8/iptables.8:1648
+msgid "Or, to match (once) on a national holiday block:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1743 original/man8/iptables.8:1650
+msgid "-m time --datestart 2007-12-24 --datestop 2007-12-27"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1746 original/man8/iptables.8:1653
+msgid ""
+"Since the stop time is actually inclusive, you would need the following stop "
+"time to not match the first second of the new day:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1748 original/man8/iptables.8:1655
+msgid "-m time --datestart 2007-01-01T17:00 --datestop 2007-01-01T23:59:59"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1750 original/man8/iptables.8:1657
+msgid "During lunch hour:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1752 original/man8/iptables.8:1659
+msgid "-m time --timestart 12:30 --timestop 13:30"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1754 original/man8/iptables.8:1661
+msgid "The fourth Friday in the month:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1756 original/man8/iptables.8:1663
+msgid "-m time --weekdays Fr --monthdays 22,23,24,25,26,27,28"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1760 original/man8/iptables.8:1667
+msgid ""
+"(Note that this exploits a certain mathematical property. It is not possible "
+"to say \"fourth Thursday OR fourth Friday\" in one rule. It is possible with "
+"multiple rules, though.)"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1760 original/man8/iptables.8:1667
+#, no-wrap
+msgid "tos"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1764 original/man8/iptables.8:1671
+msgid ""
+"This module matches the 8-bit Type of Service field in the IPv4 header "
+"(i.e. including the \"Precedence\" bits) or the (also 8-bit) Priority field "
+"in the IPv6 header."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1764 original/man8/iptables.8:1671
+#, no-wrap
+msgid "[B<!>] B<--tos> I<value>[B</>I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1768 original/man8/iptables.8:1675
+msgid ""
+"Matches packets with the given TOS mark value. If a mask is specified, it is "
+"logically ANDed with the TOS mark before the comparison."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1768 original/man8/iptables.8:1675
+#, no-wrap
+msgid "[B<!>] B<--tos> I<symbol>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1773 original/man8/iptables.8:1680
+msgid ""
+"You can specify a symbolic name when using the tos match for IPv4. The list "
+"of recognized TOS names can be obtained by calling iptables with B<-m tos "
+"-h>. Note that this implies a mask of 0x3F, i.e. all but the ECN bits."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1773 original/man8/iptables.8:1691
+#, no-wrap
+msgid "u32"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1777 original/man8/iptables.8:1695
+msgid ""
+"U32 tests whether quantities of up to 4 bytes extracted from a packet have "
+"specified values. The specification of what to extract is general enough to "
+"find data at given offsets from tcp headers or payloads."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1777 original/man8/iptables.8:1695
+#, no-wrap
+msgid "[B<!>] B<--u32> I<tests>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1780 original/man8/iptables.8:1698
+msgid "The argument amounts to a program in a small language described below."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1782 original/man8/iptables.8:1700
+msgid "tests := location \"=\" value | tests \"&&\" location \"=\" value"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1784 original/man8/iptables.8:1702
+msgid "value := range | value \",\" range"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1786 original/man8/iptables.8:1704
+msgid "range := number | number \":\" number"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1789 original/man8/iptables.8:1707
+msgid ""
+"a single number, I<n>, is interpreted the same as I<n:n>. I<n:m> is "
+"interpreted as the range of numbers B<E<gt>=n> and B<E<lt>=m>."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1791 original/man8/iptables.8:1709
+msgid "location := number | location operator number"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1793 original/man8/iptables.8:1711
+msgid "operator := \"&\" | \"E<lt>E<lt>\" | \"E<gt>E<gt>\" | \"@\""
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1798 original/man8/iptables.8:1716
+msgid ""
+"The operators B<&>, B<E<lt>E<lt>>, B<E<gt>E<gt>> and B<&&> mean the same as "
+"in C. The B<=> is really a set membership operator and the value syntax "
+"describes a set. The B<@> operator is what allows moving to the next header "
+"and is described further below."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1801 original/man8/iptables.8:1719
+msgid ""
+"There are currently some artificial implementation limits on the size of the "
+"tests:"
+msgstr ""
+
+#. type: IP
+#: original/man8/ip6tables.8:1801 original/man8/ip6tables.8:1803 original/man8/ip6tables.8:1805 original/man8/iptables.8:1719 original/man8/iptables.8:1721 original/man8/iptables.8:1723
+#, no-wrap
+msgid " *"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1803 original/man8/iptables.8:1721
+msgid "no more than 10 of \"B<=>\" (and 9 \"B<&&>\"s) in the u32 argument"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1805 original/man8/iptables.8:1723
+msgid "no more than 10 ranges (and 9 commas) per value"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1807 original/man8/iptables.8:1725
+msgid "no more than 10 numbers (and 9 operators) per location"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1810 original/man8/iptables.8:1728
+msgid ""
+"To describe the meaning of location, imagine the following machine that "
+"interprets it. There are three registers:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1812 original/man8/iptables.8:1730
+msgid "A is of type B<char *>, initially the address of the IP header"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1814 original/man8/iptables.8:1732
+msgid "B and C are unsigned 32 bit integers, initially zero"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1816 original/man8/iptables.8:1734
+msgid "The instructions are:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1818 original/man8/iptables.8:1736
+msgid "number B = number;"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1820 original/man8/iptables.8:1738
+msgid ""
+"C = (*(A+B)E<lt>E<lt>24) + (*(A+B+1)E<lt>E<lt>16) + (*(A+B+2)E<lt>E<lt>8) + "
+"*(A+B+3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1822 original/man8/iptables.8:1740
+msgid "&number C = C & number"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1824 original/man8/iptables.8:1742
+msgid "E<lt>E<lt> number C = C E<lt>E<lt> number"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1826 original/man8/iptables.8:1744
+msgid "E<gt>E<gt> number C = C E<gt>E<gt> number"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1828 original/man8/iptables.8:1746
+msgid "@number A = A + C; then do the instruction number"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1831 original/man8/iptables.8:1749
+msgid ""
+"Any access of memory outside [skb-E<gt>data,skb-E<gt>end] causes the match "
+"to fail. Otherwise the result of the computation is the final value of C."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1835 original/man8/iptables.8:1753
+msgid ""
+"Whitespace is allowed but not required in the tests. However, the characters "
+"that do occur there are likely to require shell quoting, so it is a good "
+"idea to enclose the arguments in quotes."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1839 original/man8/iptables.8:1757
+msgid "match IP packets with total length E<gt>= 256"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1841 original/man8/iptables.8:1759
+msgid "The IP header contains a total length field in bytes 2-3."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1843 original/man8/iptables.8:1761
+msgid "--u32 \"B<0 & 0xFFFF = 0x100:0xFFFF>\""
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1845 original/man8/iptables.8:1763
+msgid "read bytes 0-3"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1848 original/man8/iptables.8:1766
+msgid ""
+"AND that with 0xFFFF (giving bytes 2-3), and test whether that is in the "
+"range [0x100:0xFFFF]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1850 original/man8/iptables.8:1768
+msgid "Example: (more realistic, hence more complicated)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1852 original/man8/iptables.8:1770
+msgid "match ICMP packets with icmp type 0"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1854 original/man8/iptables.8:1772
+msgid "First test that it is an ICMP packet, true iff byte 9 (protocol) = 1"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1856 original/man8/iptables.8:1774
+msgid "--u32 \"B<6 & 0xFF = 1 &&> ..."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1863 original/man8/iptables.8:1781
+msgid ""
+"read bytes 6-9, use B<&> to throw away bytes 6-8 and compare the result to "
+"1. Next test that it is not a fragment. (If so, it might be part of such a "
+"packet but we cannot always tell.) N.B.: This test is generally needed if "
+"you want to match anything beyond the IP header. The last 6 bits of byte 6 "
+"and all of byte 7 are 0 iff this is a complete packet (not a "
+"fragment). Alternatively, you can allow first fragments by only testing the "
+"last 5 bits of byte 6."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1865 original/man8/iptables.8:1783
+msgid "... B<4 & 0x3FFF = 0 &&> ..."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1869 original/man8/iptables.8:1787
+msgid ""
+"Last test: the first byte past the IP header (the type) is 0. This is where "
+"we have to use the @syntax. The length of the IP header (IHL) in 32 bit "
+"words is stored in the right half of byte 0 of the IP header itself."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1871 original/man8/iptables.8:1789
+msgid "... B<0 E<gt>E<gt> 22 & 0x3C @ 0 E<gt>E<gt> 24 = 0>\""
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1883 original/man8/iptables.8:1801
+msgid ""
+"The first 0 means read bytes 0-3, B<E<gt>E<gt>22> means shift that 22 bits "
+"to the right. Shifting 24 bits would give the first byte, so only 22 bits is "
+"four times that plus a few more bits. B<&3C> then eliminates the two extra "
+"bits on the right and the first four bits of the first byte. For instance, "
+"if IHL=5, then the IP header is 20 (4 x 5) bytes long. In this case, bytes "
+"0-1 are (in binary) xxxx0101 yyzzzzzz, B<E<gt>E<gt>22> gives the 10 bit "
+"value xxxx0101yy and B<&3C> gives 010100. B<@> means to use this number as a "
+"new offset into the packet, and read four bytes starting from there. This is "
+"the first 4 bytes of the ICMP payload, of which byte 0 is the ICMP "
+"type. Therefore, we simply shift the value 24 to the right to throw out all "
+"but the first byte and compare the result with 0."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1887 original/man8/iptables.8:1805
+msgid "TCP payload bytes 8-12 is any of 1, 2, 5 or 8"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1889 original/man8/iptables.8:1807
+msgid "First we test that the packet is a tcp packet (similar to ICMP)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1891 original/man8/iptables.8:1809
+msgid "--u32 \"B<6 & 0xFF = 6 &&> ..."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1893 original/man8/iptables.8:1811
+msgid "Next, test that it is not a fragment (same as above)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1895 original/man8/iptables.8:1813
+msgid "... B<0 E<gt>E<gt> 22 & 0x3C @ 12 E<gt>E<gt> 26 & 0x3C @ 8 = 1,2,5,8>\""
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1903 original/man8/iptables.8:1821
+msgid ""
+"B<0E<gt>E<gt>22&3C> as above computes the number of bytes in the IP "
+"header. B<@> makes this the new offset into the packet, which is the start "
+"of the TCP header. The length of the TCP header (again in 32 bit words) is "
+"the left half of byte 12 of the TCP header. The B<12E<gt>E<gt>26&3C> "
+"computes this length in bytes (similar to the IP header before). \"@\" makes "
+"this the new offset, which is the start of the TCP payload. Finally, 8 reads "
+"bytes 8-12 of the payload and B<=> checks whether the result is any of 1, 2, "
+"5 or 8."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1903 original/man8/iptables.8:1821
+#, no-wrap
+msgid "udp"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1906 original/man8/iptables.8:1824
+msgid ""
+"These extensions can be used if `--protocol udp' is specified. It provides "
+"the following options:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1912 original/man8/iptables.8:1830
+msgid ""
+"Source port or port range specification. See the description of the "
+"B<--source-port> option of the TCP extension for details."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1918 original/man8/iptables.8:1836
+msgid ""
+"Destination port or port range specification. See the description of the "
+"B<--destination-port> option of the TCP extension for details."
+msgstr ""
+
+#. type: SH
+#: original/man8/ip6tables.8:1918 original/man8/iptables.8:1839
+#, no-wrap
+msgid "TARGET EXTENSIONS"
+msgstr ""
+
+#. @TARGET@
+#. type: Plain text
+#: original/man8/ip6tables.8:1922
+msgid ""
+"ip6tables can use extended target modules: the following are included in the "
+"standard distribution."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1922 original/man8/iptables.8:1843
+#, no-wrap
+msgid "AUDIT"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1926 original/man8/iptables.8:1847
+msgid ""
+"This target allows to create audit records for packets hitting the target. "
+"It can be used to record accepted, dropped, and rejected packets. See "
+"auditd(8) for additional details."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1926 original/man8/iptables.8:1847
+#, no-wrap
+msgid "B<--type> {B<accept>|B<drop>|B<reject>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1929 original/man8/iptables.8:1850
+msgid "Set type of audit record."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1933 original/man8/iptables.8:1854
+msgid "iptables -N AUDIT_DROP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1935 original/man8/iptables.8:1856
+msgid "iptables -A AUDIT_DROP -j AUDIT --type drop"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1937 original/man8/iptables.8:1858
+msgid "iptables -A AUDIT_DROP -j DROP"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1937 original/man8/iptables.8:1858
+#, no-wrap
+msgid "CHECKSUM"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1940 original/man8/iptables.8:1861
+msgid ""
+"This target allows to selectively work around broken/old applications. It "
+"can only be used in the mangle table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1940 original/man8/iptables.8:1861
+#, no-wrap
+msgid "B<--checksum-fill>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1946 original/man8/iptables.8:1867
+msgid ""
+"Compute and fill in the checksum in a packet that lacks a checksum. This is "
+"particularly useful, if you need to work around old applications such as "
+"dhcp clients, that do not work well with checksum offloads, but don't want "
+"to disable checksum offload in your device."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1946 original/man8/iptables.8:1867
+#, no-wrap
+msgid "CLASSIFY"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1948 original/man8/iptables.8:1869
+msgid ""
+"This module allows you to set the skb-E<gt>priority value (and thus classify "
+"the packet into a specific CBQ class)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1948 original/man8/iptables.8:1869
+#, no-wrap
+msgid "B<--set-class> I<major>B<:>I<minor>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1952 original/man8/iptables.8:1873
+msgid ""
+"Set the major and minor class value. The values are always interpreted as "
+"hexadecimal even if no 0x prefix is given."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1952 original/man8/iptables.8:1898
+#, no-wrap
+msgid "CONNMARK"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1955 original/man8/iptables.8:1901
+msgid ""
+"This module sets the netfilter mark value associated with a connection. The "
+"mark is 32 bits wide."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1955 original/man8/ip6tables.8:2138 original/man8/iptables.8:1901 original/man8/iptables.8:2114
+#, no-wrap
+msgid "B<--set-xmark> I<value>[B</>I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1958 original/man8/iptables.8:1904
+msgid "Zero out the bits given by I<mask> and XOR I<value> into the ctmark."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1958 original/man8/iptables.8:1904
+#, no-wrap
+msgid "B<--save-mark> [B<--nfmask> I<nfmask>] [B<--ctmask> I<ctmask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1962 original/man8/iptables.8:1908
+msgid ""
+"Copy the packet mark (nfmark) to the connection mark (ctmark) using the "
+"given masks. The new nfmark value is determined as follows:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1964 original/man8/iptables.8:1910
+msgid "ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1968 original/man8/iptables.8:1914
+msgid ""
+"i.e. I<ctmask> defines what bits to clear and I<nfmask> what bits of the "
+"nfmark to XOR into the ctmark. I<ctmask> and I<nfmask> default to "
+"0xFFFFFFFF."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1968 original/man8/iptables.8:1914
+#, no-wrap
+msgid "B<--restore-mark> [B<--nfmask> I<nfmask>] [B<--ctmask> I<ctmask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1972 original/man8/iptables.8:1918
+msgid ""
+"Copy the connection mark (ctmark) to the packet mark (nfmark) using the "
+"given masks. The new ctmark value is determined as follows:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1974 original/man8/iptables.8:1920
+msgid "nfmark = (nfmark & ~I<nfmask>) ^ (ctmark & I<ctmask>);"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1978 original/man8/iptables.8:1924
+msgid ""
+"i.e. I<nfmask> defines what bits to clear and I<ctmask> what bits of the "
+"ctmark to XOR into the nfmark. I<ctmask> and I<nfmask> default to "
+"0xFFFFFFFF."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1980 original/man8/iptables.8:1926
+msgid "B<--restore-mark> is only valid in the B<mangle> table."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1982 original/man8/iptables.8:1928
+msgid "The following mnemonics are available for B<--set-xmark>:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1982 original/man8/ip6tables.8:2148 original/man8/iptables.8:1928 original/man8/iptables.8:2124
+#, no-wrap
+msgid "B<--and-mark> I<bits>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1986 original/man8/iptables.8:1932
+msgid ""
+"Binary AND the ctmark with I<bits>. (Mnemonic for B<--set-xmark "
+"0/>I<invbits>, where I<invbits> is the binary negation of I<bits>.)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1986 original/man8/ip6tables.8:2152 original/man8/iptables.8:1932 original/man8/iptables.8:2128
+#, no-wrap
+msgid "B<--or-mark> I<bits>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1990 original/man8/iptables.8:1936
+msgid ""
+"Binary OR the ctmark with I<bits>. (Mnemonic for B<--set-xmark> "
+"I<bits>B</>I<bits>.)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1990 original/man8/ip6tables.8:2156 original/man8/iptables.8:1936 original/man8/iptables.8:2132
+#, no-wrap
+msgid "B<--xor-mark> I<bits>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1994 original/man8/iptables.8:1940
+msgid ""
+"Binary XOR the ctmark with I<bits>. (Mnemonic for B<--set-xmark> "
+"I<bits>B</0>.)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1994 original/man8/ip6tables.8:2142 original/man8/iptables.8:1940 original/man8/iptables.8:2118
+#, no-wrap
+msgid "B<--set-mark> I<value>[B</>I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1998 original/man8/iptables.8:1944
+msgid ""
+"Set the connection mark. If a mask is specified then only those bits set in "
+"the mask are modified."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1998 original/man8/iptables.8:1944
+#, no-wrap
+msgid "B<--save-mark> [B<--mask> I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2002 original/man8/iptables.8:1948
+msgid ""
+"Copy the nfmark to the ctmark. If a mask is specified, only those bits are "
+"copied."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2002 original/man8/iptables.8:1948
+#, no-wrap
+msgid "B<--restore-mark> [B<--mask> I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2006 original/man8/iptables.8:1952
+msgid ""
+"Copy the ctmark to the nfmark. If a mask is specified, only those bits are "
+"copied. This is only valid in the B<mangle> table."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2006 original/man8/iptables.8:1952
+#, no-wrap
+msgid "CONNSECMARK"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2016 original/man8/iptables.8:1962
+msgid ""
+"This module copies security markings from packets to connections (if "
+"unlabeled), and from connections back to packets (also only if unlabeled). "
+"Typically used in conjunction with SECMARK, it is valid in the B<security> "
+"table (for backwards compatibility with older kernels, it is also valid in "
+"the B<mangle> table)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2016 original/man8/iptables.8:1962
+#, no-wrap
+msgid "B<--save>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2020 original/man8/iptables.8:1966
+msgid ""
+"If the packet has a security marking, copy it to the connection if the "
+"connection is not marked."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2020 original/man8/iptables.8:1966
+#, no-wrap
+msgid "B<--restore>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2024 original/man8/iptables.8:1970
+msgid ""
+"If the packet does not have a security marking, and the connection does, "
+"copy the security marking from the connection to the packet."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2025 original/man8/iptables.8:1971
+#, no-wrap
+msgid "CT"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2030 original/man8/iptables.8:1976
+msgid ""
+"The CT target allows to set parameters for a packet or its associated "
+"connection. The target attaches a \"template\" connection tracking entry to "
+"the packet, which is then used by the conntrack core when initializing a new "
+"ct entry. This target is thus only valid in the \"raw\" table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2030 original/man8/iptables.8:1976
+#, no-wrap
+msgid "B<--notrack>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2033 original/man8/iptables.8:1979
+msgid "Disables connection tracking for this packet."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2033 original/man8/iptables.8:1979
+#, no-wrap
+msgid "B<--helper> I<name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2037 original/man8/iptables.8:1983
+msgid ""
+"Use the helper identified by I<name> for the connection. This is more "
+"flexible than loading the conntrack helper modules with preset ports."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2037 original/man8/iptables.8:1983
+#, no-wrap
+msgid "B<--ctevents> I<event>[B<,>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2043 original/man8/iptables.8:1989
+msgid ""
+"Only generate the specified conntrack events for this connection. Possible "
+"event types are: B<new>, B<related>, B<destroy>, B<reply>, B<assured>, "
+"B<protoinfo>, B<helper>, B<mark> (this refers to the ctmark, not nfmark), "
+"B<natseqinfo>, B<secmark> (ctsecmark)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2043 original/man8/iptables.8:1989
+#, no-wrap
+msgid "B<--expevents> I<event>[B<,>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2047 original/man8/iptables.8:1993
+msgid ""
+"Only generate the specified expectation events for this connection. "
+"Possible event types are: B<new>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2047 original/man8/iptables.8:1993
+#, no-wrap
+msgid "B<--zone> I<id>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2051 original/man8/iptables.8:1997
+msgid ""
+"Assign this packet to zone I<id> and only have lookups done in that zone. "
+"By default, packets have zone 0."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2051 original/man8/iptables.8:2037
+#, no-wrap
+msgid "DSCP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2055 original/man8/iptables.8:2041
+msgid ""
+"This target allows to alter the value of the DSCP bits within the TOS header "
+"of the IPv4 packet. As this manipulates a packet, it can only be used in "
+"the mangle table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2055 original/man8/iptables.8:2041
+#, no-wrap
+msgid "B<--set-dscp> I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2058 original/man8/iptables.8:2044
+msgid "Set the DSCP field to a numerical value (can be decimal or hex)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2058 original/man8/iptables.8:2044
+#, no-wrap
+msgid "B<--set-dscp-class> I<class>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2061 original/man8/iptables.8:2047
+msgid "Set the DSCP field to a DiffServ class."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2061
+#, no-wrap
+msgid "HL"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2068
+msgid ""
+"This is used to modify the Hop Limit field in IPv6 header. The Hop Limit "
+"field is similar to what is known as TTL value in IPv4. Setting or "
+"incrementing the Hop Limit field can potentially be very dangerous, so it "
+"should be avoided at any cost. This target is only valid in B<mangle> table."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2070 original/man8/iptables.8:2564
+msgid ""
+"B<Don't ever set or increment the value on packets that leave your local "
+"network!>"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2070
+#, no-wrap
+msgid "B<--hl-set> I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2073
+msgid "Set the Hop Limit to `value'."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2073
+#, no-wrap
+msgid "B<--hl-dec> I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2076
+msgid "Decrement the Hop Limit `value' times."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2076
+#, no-wrap
+msgid "B<--hl-inc> I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2079
+msgid "Increment the Hop Limit `value' times."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2079 original/man8/iptables.8:2055
+#, no-wrap
+msgid "IDLETIMER"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2088 original/man8/iptables.8:2064
+msgid ""
+"This target can be used to identify when interfaces have been idle for a "
+"certain period of time. Timers are identified by labels and are created "
+"when a rule is set with a new label. The rules also take a timeout value "
+"(in seconds) as an option. If more than one rule uses the same timer label, "
+"the timer will be restarted whenever any of the rules get a hit. One entry "
+"for each timer is created in sysfs. This attribute contains the timer "
+"remaining for the timer to expire. The attributes are located under the "
+"xt_idletimer class:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2090 original/man8/iptables.8:2066
+msgid "/sys/class/xt_idletimer/timers/E<lt>labelE<gt>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2093 original/man8/iptables.8:2069
+msgid ""
+"When the timer expires, the target module sends a sysfs notification to the "
+"userspace, which can then decide what to do (eg. disconnect to save power)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2093 original/man8/iptables.8:2069
+#, no-wrap
+msgid "B<--timeout> I<amount>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2096 original/man8/iptables.8:2072
+msgid "This is the time in seconds that will trigger the notification."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2096 original/man8/iptables.8:2072
+#, no-wrap
+msgid "B<--label> I<string>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2100 original/man8/iptables.8:2076
+msgid ""
+"This is a unique identifier for the timer. The maximum length for the label "
+"string is 27 characters."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2100 original/man8/iptables.8:2076
+#, no-wrap
+msgid "LOG"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2112
+msgid ""
+"Turn on kernel logging of matching packets. When this option is set for a "
+"rule, the Linux kernel will print some information on all matching packets "
+"(like most IPv6 IPv6-header fields) via the kernel log (where it can be read "
+"with I<dmesg> or I<syslogd>(8)). This is a \"non-terminating target\", "
+"i.e. rule traversal continues at the next rule. So if you want to LOG the "
+"packets you refuse, use two separate rules with the same matching criteria, "
+"first using target LOG then DROP (or REJECT)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2112 original/man8/iptables.8:2088
+#, no-wrap
+msgid "B<--log-level> I<level>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2115 original/man8/iptables.8:2091
+msgid "Level of logging (numeric or see I<syslog.conf>(5))."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2115 original/man8/iptables.8:2091
+#, no-wrap
+msgid "B<--log-prefix> I<prefix>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2119 original/man8/iptables.8:2095
+msgid ""
+"Prefix log messages with the specified prefix; up to 29 letters long, and "
+"useful for distinguishing messages in the logs."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2119 original/man8/iptables.8:2095
+#, no-wrap
+msgid "B<--log-tcp-sequence>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2123 original/man8/iptables.8:2099
+msgid ""
+"Log TCP sequence numbers. This is a security risk if the log is readable by "
+"users."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2123 original/man8/iptables.8:2099
+#, no-wrap
+msgid "B<--log-tcp-options>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2126 original/man8/iptables.8:2102
+msgid "Log options from the TCP packet header."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2126 original/man8/iptables.8:2102
+#, no-wrap
+msgid "B<--log-ip-options>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2129
+msgid "Log options from the IPv6 packet header."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2129 original/man8/iptables.8:2105
+#, no-wrap
+msgid "B<--log-uid>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2132 original/man8/iptables.8:2108
+msgid "Log the userid of the process which generated the packet."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2132 original/man8/iptables.8:2108
+#, no-wrap
+msgid "MARK"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2138 original/man8/iptables.8:2114
+msgid ""
+"This target is used to set the Netfilter mark value associated with the "
+"packet. It can, for example, be used in conjunction with routing based on "
+"fwmark (needs iproute2). If you plan on doing so, note that the mark needs "
+"to be set in the PREROUTING chain of the mangle table to affect routing. "
+"The mark field is 32 bits wide."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2142 original/man8/iptables.8:2118
+msgid ""
+"Zeroes out the bits given by I<mask> and XORs I<value> into the packet mark "
+"(\"nfmark\"). If I<mask> is omitted, 0xFFFFFFFF is assumed."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2146 original/man8/iptables.8:2122
+msgid ""
+"Zeroes out the bits given by I<mask> and ORs I<value> into the packet "
+"mark. If I<mask> is omitted, 0xFFFFFFFF is assumed."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2148 original/man8/ip6tables.8:2385 original/man8/iptables.8:2124 original/man8/iptables.8:2496
+msgid "The following mnemonics are available:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2152 original/man8/iptables.8:2128
+msgid ""
+"Binary AND the nfmark with I<bits>. (Mnemonic for B<--set-xmark "
+"0/>I<invbits>, where I<invbits> is the binary negation of I<bits>.)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2156 original/man8/iptables.8:2132
+msgid ""
+"Binary OR the nfmark with I<bits>. (Mnemonic for B<--set-xmark> "
+"I<bits>B</>I<bits>.)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2160 original/man8/iptables.8:2136
+msgid ""
+"Binary XOR the nfmark with I<bits>. (Mnemonic for B<--set-xmark> "
+"I<bits>B</0>.)"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2160 original/man8/iptables.8:2190
+#, no-wrap
+msgid "NFLOG"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2170 original/man8/iptables.8:2200
+msgid ""
+"This target provides logging of matching packets. When this target is set "
+"for a rule, the Linux kernel will pass the packet to the loaded logging "
+"backend to log the packet. This is usually used in combination with "
+"nfnetlink_log as logging backend, which will multicast the packet through a "
+"I<netlink> socket to the specified multicast group. One or more userspace "
+"processes may subscribe to the group to receive the packets. Like LOG, this "
+"is a non-terminating target, i.e. rule traversal continues at the next rule."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2170 original/man8/iptables.8:2200
+#, no-wrap
+msgid "B<--nflog-group> I<nlgroup>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2174 original/man8/iptables.8:2204
+msgid ""
+"The netlink group (0 - 2^16-1) to which packets are (only applicable for "
+"nfnetlink_log). The default value is 0."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2174 original/man8/iptables.8:2204
+#, no-wrap
+msgid "B<--nflog-prefix> I<prefix>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2178 original/man8/iptables.8:2208
+msgid ""
+"A prefix string to include in the log message, up to 64 characters long, "
+"useful for distinguishing messages in the logs."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2178 original/man8/iptables.8:2208
+#, no-wrap
+msgid "B<--nflog-range> I<size>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2183 original/man8/iptables.8:2213
+msgid ""
+"The number of bytes to be copied to userspace (only applicable for "
+"nfnetlink_log). nfnetlink_log instances may specify their own range, this "
+"option overrides it."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2183 original/man8/iptables.8:2213
+#, no-wrap
+msgid "B<--nflog-threshold> I<size>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2190 original/man8/iptables.8:2220
+msgid ""
+"Number of packets to queue inside the kernel before sending them to "
+"userspace (only applicable for nfnetlink_log). Higher values result in less "
+"overhead per packet, but increase delay until the packets reach "
+"userspace. The default value is 1."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2190 original/man8/iptables.8:2220
+#, no-wrap
+msgid "NFQUEUE"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2200 original/man8/iptables.8:2230
+msgid ""
+"This target is an extension of the QUEUE target. As opposed to QUEUE, it "
+"allows you to put a packet into any specific queue, identified by its 16-bit "
+"queue number. It can only be used with Kernel versions 2.6.14 or later, "
+"since it requires the B<nfnetlink_queue> kernel support. The "
+"B<queue-balance> option was added in Linux 2.6.31, B<queue-bypass> in "
+"2.6.39."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2200 original/man8/iptables.8:2230
+#, no-wrap
+msgid "B<--queue-num> I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2203 original/man8/iptables.8:2233
+msgid ""
+"This specifies the QUEUE number to use. Valid queue numbers are 0 to "
+"65535. The default value is 0."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2204 original/man8/iptables.8:2234
+#, no-wrap
+msgid "B<--queue-balance> I<value>B<:>I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2210 original/man8/iptables.8:2240
+msgid ""
+"This specifies a range of queues to use. Packets are then balanced across "
+"the given queues. This is useful for multicore systems: start multiple "
+"instances of the userspace program on queues x, x+1, .. x+n and use "
+"\"--queue-balance I<x>B<:>I<x+n>\". Packets belonging to the same "
+"connection are put into the same nfqueue."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2211 original/man8/iptables.8:2241
+#, no-wrap
+msgid "B<--queue-bypass>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2216 original/man8/iptables.8:2246
+msgid ""
+"By default, if no userspace program is listening on an NFQUEUE, then all "
+"packets that are to be queued are dropped. When this option is used, the "
+"NFQUEUE rule is silently bypassed instead. The packet will move on to the "
+"next rule."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2216 original/man8/iptables.8:2246
+#, no-wrap
+msgid "NOTRACK"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2218 original/man8/iptables.8:2248
+msgid "This target disables connection tracking for all packets matching that rule."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2222 original/man8/ip6tables.8:2442 original/man8/iptables.8:2252 original/man8/iptables.8:2553
+msgid "It can only be used in the B<raw> table."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2222 original/man8/iptables.8:2252
+#, no-wrap
+msgid "RATEEST"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2225 original/man8/iptables.8:2255
+msgid ""
+"The RATEEST target collects statistics, performs rate estimation calculation "
+"and saves the results for later evaluation using the B<rateest> match."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2225 original/man8/iptables.8:2255
+#, no-wrap
+msgid "B<--rateest-name> I<name>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2229 original/man8/iptables.8:2259
+msgid ""
+"Count matched packets into the pool referred to by I<name>, which is freely "
+"choosable."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2229 original/man8/iptables.8:2259
+#, no-wrap
+msgid "B<--rateest-interval> I<amount>{B<s>|B<ms>|B<us>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2232 original/man8/iptables.8:2262
+msgid "Rate measurement interval, in seconds, milliseconds or microseconds."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2232 original/man8/iptables.8:2262
+#, no-wrap
+msgid "B<--rateest-ewmalog> I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2235 original/man8/iptables.8:2265
+msgid "Rate measurement averaging time constant."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2235 original/man8/iptables.8:2291
+#, no-wrap
+msgid "REJECT"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2248 original/man8/iptables.8:2304
+msgid ""
+"This is used to send back an error packet in response to the matched packet: "
+"otherwise it is equivalent to B<DROP> so it is a terminating TARGET, ending "
+"rule traversal. This target is only valid in the B<INPUT>, B<FORWARD> and "
+"B<OUTPUT> chains, and user-defined chains which are only called from those "
+"chains. The following option controls the nature of the error packet "
+"returned:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2248 original/man8/iptables.8:2304
+#, no-wrap
+msgid "B<--reject-with> I<type>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2269
+msgid ""
+"The type given can be B<icmp6-no-route>, B<no-route>, "
+"B<icmp6-adm-prohibited>, B<adm-prohibited>, B<icmp6-addr-unreachable>, "
+"B<addr-unreach>, B<icmp6-port-unreachable> or B<port-unreach> which return "
+"the appropriate ICMPv6 error message (B<port-unreach> is the "
"default). Finally, the option B<tcp-reset> can be used on rules which only "
"match the TCP protocol: this causes a TCP RST packet to be sent back. This "
"is mainly useful for blocking I<ident> (113/tcp) probes which frequently "
"occur when sending mail to broken mail hosts (which won't accept your mail "
-"otherwise)."
+"otherwise). B<tcp-reset> can only be used with kernel versions 2.6.14 or "
+"later."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2269 original/man8/iptables.8:2342
+#, no-wrap
+msgid "SECMARK"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2278 original/man8/iptables.8:2351
+msgid ""
+"This is used to set the security mark value associated with the packet for "
+"use by security subsystems such as SELinux. It is valid in the B<security> "
+"table (for backwards compatibility with older kernels, it is also valid in "
+"the B<mangle> table). The mark is 32 bits wide."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2278 original/man8/iptables.8:2351
+#, no-wrap
+msgid "B<--selctx> I<security_context>"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2280 original/man8/iptables.8:2353
+#, no-wrap
+msgid "SET"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2283 original/man8/iptables.8:2356
+msgid ""
+"This modules adds and/or deletes entries from IP sets which can be defined "
+"by ipset(8)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2283 original/man8/iptables.8:2356
+#, no-wrap
+msgid "B<--add-set> I<setname> I<flag>[B<,>I<flag>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2286 original/man8/iptables.8:2359
+msgid "add the address(es)/port(s) of the packet to the sets"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2286 original/man8/iptables.8:2359
+#, no-wrap
+msgid "B<--del-set> I<setname> I<flag>[B<,>I<flag>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2289 original/man8/iptables.8:2362
+msgid "delete the address(es)/port(s) of the packet from the sets"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2295 original/man8/iptables.8:2368
+msgid ""
+"where flags are B<src> and/or B<dst> specifications and there can be no more "
+"than six of them."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2295 original/man8/iptables.8:2368
+#, no-wrap
+msgid "B<--timeout> I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2299 original/man8/iptables.8:2372
+msgid ""
+"when adding entry, the timeout value to use instead of the default one from "
+"the set definition"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2299 original/man8/iptables.8:2372
+#, no-wrap
+msgid "B<--exist>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2303 original/man8/iptables.8:2376
+msgid ""
+"when adding entry if it already exists, reset the timeout value to the "
+"specified one or to the default from the set definition"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2306 original/man8/iptables.8:2379
+msgid ""
+"Use of -j SET requires that ipset kernel support is provided, which, for "
+"standard kernels, is the case since Linux 2.6.39."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2306 original/man8/iptables.8:2417
+#, no-wrap
+msgid "TCPMSS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2313 original/man8/iptables.8:2424
+msgid ""
+"This target allows to alter the MSS value of TCP SYN packets, to control the "
+"maximum size for that connection (usually limiting it to your outgoing "
+"interface's MTU minus 40 for IPv4 or 60 for IPv6, respectively). Of course, "
+"it can only be used in conjunction with B<-p tcp>."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2320 original/man8/iptables.8:2431
+msgid ""
+"This target is used to overcome criminally braindead ISPs or servers which "
+"block \"ICMP Fragmentation Needed\" or \"ICMPv6 Packet Too Big\" packets. "
+"The symptoms of this problem are that everything works fine from your Linux "
+"firewall/router, but machines behind it can never exchange large packets:"
+msgstr ""
+
+#. type: IP
+#: original/man8/ip6tables.8:2320 original/man8/iptables.8:2431
+#, no-wrap
+msgid "1."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2322 original/man8/iptables.8:2433
+msgid "Web browsers connect, then hang with no data received."
+msgstr ""
+
+#. type: IP
+#: original/man8/ip6tables.8:2322 original/man8/iptables.8:2433
+#, no-wrap
+msgid "2."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2324 original/man8/iptables.8:2435
+msgid "Small mail works fine, but large emails hang."
+msgstr ""
+
+#. type: IP
+#: original/man8/ip6tables.8:2324 original/man8/iptables.8:2435
+#, no-wrap
+msgid "3."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2326 original/man8/iptables.8:2437
+msgid "ssh works fine, but scp hangs after initial handshaking."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2329 original/man8/iptables.8:2440
+msgid ""
+"Workaround: activate this option and add a rule to your firewall "
+"configuration like:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2332 original/man8/iptables.8:2443
+#, no-wrap
+msgid ""
+" iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN\n"
+" -j TCPMSS --clamp-mss-to-pmtu\n"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2332 original/man8/iptables.8:2443
+#, no-wrap
+msgid "B<--set-mss> I<value>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2337 original/man8/iptables.8:2448
+msgid ""
+"Explicitly sets MSS option to specified value. If the MSS of the packet is "
+"already lower than I<value>, it will B<not> be increased (from Linux 2.6.25 "
+"onwards) to avoid more problems with hosts relying on a proper MSS."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2337 original/man8/iptables.8:2448
+#, no-wrap
+msgid "B<--clamp-mss-to-pmtu>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2346 original/man8/iptables.8:2457
+msgid ""
+"Automatically clamp MSS value to (path_MTU - 40 for IPv4; -60 for IPv6). "
+"This may not function as desired where asymmetric routes with differing path "
+"MTU exist \\(em the kernel uses the path MTU which it would use to send "
+"packets from itself to the source and destination IP addresses. Prior to "
+"Linux 2.6.25, only the path MTU to the destination IP address was considered "
+"by this option; subsequent kernels also consider the path MTU to the source "
+"IP address."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2348 original/man8/iptables.8:2459
+msgid "These options are mutually exclusive."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2348 original/man8/iptables.8:2459
+#, no-wrap
+msgid "TCPOPTSTRIP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2351 original/man8/iptables.8:2462
+msgid ""
+"This target will strip TCP options off a TCP packet. (It will actually "
+"replace them by NO-OPs.) As such, you will need to add the B<-p tcp> "
+"parameters."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2351 original/man8/iptables.8:2462
+#, no-wrap
+msgid "B<--strip-options> I<option>[B<,>I<option>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2356 original/man8/iptables.8:2467
+msgid ""
+"Strip the given option(s). The options may be specified by TCP option number "
+"or by symbolic name. The list of recognized options can be obtained by "
+"calling iptables with B<-j TCPOPTSTRIP -h>."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2356 original/man8/iptables.8:2467
+#, no-wrap
+msgid "TEE"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2361 original/man8/iptables.8:2472
+msgid ""
+"The B<TEE> target will clone a packet and redirect this clone to another "
+"machine on the B<local> network segment. In other words, the nexthop must be "
+"the target, or you will have to configure the nexthop to forward it further "
+"if so desired."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2361 original/man8/iptables.8:2472
+#, no-wrap
+msgid "B<--gateway> I<ipaddr>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2365 original/man8/iptables.8:2476
+msgid ""
+"Send the cloned packet to the host reachable at the given IP address. Use "
+"of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is invalid."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2367 original/man8/iptables.8:2478
+msgid "To forward all incoming traffic on eth0 to an Network Layer logging box:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2369 original/man8/iptables.8:2480
+msgid "-t mangle -A PREROUTING -i eth0 -j TEE --gateway 2001:db8::1"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2369 original/man8/iptables.8:2480
+#, no-wrap
+msgid "TOS"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2374 original/man8/iptables.8:2485
+msgid ""
+"This module sets the Type of Service field in the IPv4 header (including the "
+"\"precedence\" bits) or the Priority field in the IPv6 header. Note that TOS "
+"shares the same bits as DSCP and ECN. The TOS target is only valid in the "
+"B<mangle> table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2374 original/man8/iptables.8:2485
+#, no-wrap
+msgid "B<--set-tos> I<value>[B</>I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2378 original/man8/iptables.8:2489
+msgid ""
+"Zeroes out the bits given by I<mask> (see NOTE below) and XORs I<value> into "
+"the TOS/Priority field. If I<mask> is omitted, 0xFF is assumed."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2378 original/man8/iptables.8:2489
+#, no-wrap
+msgid "B<--set-tos> I<symbol>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2383 original/man8/iptables.8:2494
+msgid ""
+"You can specify a symbolic name when using the TOS target for IPv4. It "
+"implies a mask of 0xFF (see NOTE below). The list of recognized TOS names "
+"can be obtained by calling iptables with B<-j TOS -h>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2385 original/man8/iptables.8:2496
+#, no-wrap
+msgid "B<--and-tos> I<bits>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2390 original/man8/iptables.8:2501
+msgid ""
+"Binary AND the TOS value with I<bits>. (Mnemonic for B<--set-tos "
+"0/>I<invbits>, where I<invbits> is the binary negation of I<bits>. See NOTE "
+"below.)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2390 original/man8/iptables.8:2501
+#, no-wrap
+msgid "B<--or-tos> I<bits>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2394 original/man8/iptables.8:2505
+msgid ""
+"Binary OR the TOS value with I<bits>. (Mnemonic for B<--set-tos> "
+"I<bits>B</>I<bits>. See NOTE below.)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2394 original/man8/iptables.8:2505
+#, no-wrap
+msgid "B<--xor-tos> I<bits>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2398 original/man8/iptables.8:2509
+msgid ""
+"Binary XOR the TOS value with I<bits>. (Mnemonic for B<--set-tos> "
+"I<bits>B</0>. See NOTE below.)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2406 original/man8/iptables.8:2517
+msgid ""
+"NOTE: In Linux kernels up to and including 2.6.38, with the exception of "
+"longterm releases 2.6.32 (E<gt>=.42), 2.6.33 (E<gt>=.15), and 2.6.35 "
+"(E<gt>=.14), there is a bug whereby IPv6 TOS mangling does not behave as "
+"documented and differs from the IPv4 version. The TOS mask indicates the "
+"bits one wants to zero out, so it needs to be inverted before applying it to "
+"the original TOS field. However, the aformentioned kernels forgo the "
+"inversion which breaks --set-tos and its mnemonics."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2406 original/man8/iptables.8:2517
+#, no-wrap
+msgid "TPROXY"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2413 original/man8/iptables.8:2524
+msgid ""
+"This target is only valid in the B<mangle> table, in the B<PREROUTING> chain "
+"and user-defined chains which are only called from this chain. It redirects "
+"the packet to a local socket without changing the packet header in any "
+"way. It can also change the mark value which can then be used in advanced "
+"routing rules. It takes three options:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2413 original/man8/iptables.8:2524
+#, no-wrap
+msgid "B<--on-port> I<port>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2418 original/man8/iptables.8:2529
+msgid ""
+"This specifies a destination port to use. It is a required option, 0 means "
+"the new destination port is the same as the original. This is only valid if "
+"the rule also specifies B<-p tcp> or B<-p udp>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2418 original/man8/iptables.8:2529
+#, no-wrap
+msgid "B<--on-ip> I<address>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2423 original/man8/iptables.8:2534
+msgid ""
+"This specifies a destination address to use. By default the address is the "
+"IP address of the incoming interface. This is only valid if the rule also "
+"specifies B<-p tcp> or B<-p udp>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2423 original/man8/iptables.8:2534
+#, no-wrap
+msgid "B<--tproxy-mark> I<value>[B</>I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2428 original/man8/iptables.8:2539
+msgid ""
+"Marks packets with the given value/mask. The fwmark value set here can be "
+"used by advanced routing. (Required for transparent proxying to work: "
+"otherwise these packets will get forwarded, which is probably not what you "
+"want.)"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2428 original/man8/iptables.8:2539
+#, no-wrap
+msgid "TRACE"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2431 original/man8/iptables.8:2542
+msgid ""
+"This target marks packets so that the kernel will log every rule which match "
+"the packets as those traverse the tables, chains, rules."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2438 original/man8/iptables.8:2549
+msgid ""
+"A logging backend, such as ip(6)t_LOG or nfnetlink_log, must be loaded for "
+"this to be visible. The packets are logged with the string prefix: \"TRACE: "
+"tablename:chainname:type:rulenum \" where type can be \"rule\" for plain "
+"rule, \"return\" for implicit rule at the end of a user defined chain and "
+"\"policy\" for the policy of the built in chains."
msgstr ""
#. type: SH
-#: original/man8/ip6tables.8:740 original/man8/iptables.8:995
+#: original/man8/ip6tables.8:2442 original/man8/iptables.8:2601
#, no-wrap
msgid "DIAGNOSTICS"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:745 original/man8/iptables.8:1000
+#: original/man8/ip6tables.8:2447 original/man8/iptables.8:2606
msgid ""
"Various error messages are printed to standard error. The exit code is 0 "
"for correct functioning. Errors which appear to be caused by invalid or "
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:748 original/man8/iptables.8:1003
+#: original/man8/ip6tables.8:2450
msgid "Bugs? What's this? ;-) Well... the counters are not reliable on sparc64."
msgstr ""
#. type: SH
-#: original/man8/ip6tables.8:748 original/man8/iptables.8:1003
+#: original/man8/ip6tables.8:2450 original/man8/iptables.8:2609
#, no-wrap
msgid "COMPATIBILITY WITH IPCHAINS"
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:761
+#: original/man8/ip6tables.8:2459
msgid ""
"This B<ip6tables> is very similar to ipchains by Rusty Russell. The main "
"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for "
"chains); previously a forwarded packet would pass through all three."
msgstr ""
-#. .PP The various forms of NAT have been separated out;
-#. .B iptables
-#. is a pure packet filter when using the default `filter' table, with
-#. optional extension modules. This should simplify much of the previous
-#. confusion over the combination of IP masquerading and packet filtering
-#. seen previously. So the following options are handled differently:
-#. .br
-#. -j MASQ
-#. .br
-#. -M -S
-#. .br
-#. -M -L
-#. .br
#. type: Plain text
-#: original/man8/ip6tables.8:784
+#: original/man8/ip6tables.8:2464
msgid ""
"The other main difference is that B<-i> refers to the input interface; B<-o> "
"refers to the output interface, and both are available for packets entering "
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:790
+#: original/man8/ip6tables.8:2471
msgid ""
-"B<ip6tables-save>(8), B<ip6tables-restore(8),> B<iptables>(8), "
-"B<iptables-save>(8), B<iptables-restore>(8)."
+"B<ip6tables-save>(8), B<ip6tables-restore>(8), B<iptables>(8), "
+"B<iptables-save>(8), B<iptables-restore>(8), B<libipq>(3)."
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:796 original/man8/iptables.8:1050
+#: original/man8/ip6tables.8:2477
msgid ""
"The packet-filtering-HOWTO details iptables usage for packet filtering, the "
-"NAT-HOWTO details NAT, the netfilter-extensions-HOWTO details the extensions "
-"that are not in the standard distribution, and the netfilter-hacking-HOWTO "
-"details the netfilter internals."
+"netfilter-extensions-HOWTO details the extensions that are not in the "
+"standard distribution, and the netfilter-hacking-HOWTO details the netfilter "
+"internals."
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:799 original/man8/iptables.8:1053
+#: original/man8/ip6tables.8:2480 original/man8/iptables.8:2650
msgid "See B<http://www.netfilter.org/>."
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:802 original/man8/iptables.8:1056
+#: original/man8/ip6tables.8:2483
msgid "Rusty Russell wrote iptables, in early consultation with Michael Neuling."
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:806 original/man8/iptables.8:1060
+#: original/man8/ip6tables.8:2487 original/man8/iptables.8:2657
msgid ""
"Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet "
"selection framework in iptables, then wrote the mangle table, the owner "
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:808 original/man8/iptables.8:1062
+#: original/man8/ip6tables.8:2489 original/man8/iptables.8:2659
msgid "James Morris wrote the TOS target, and tos match."
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:810 original/man8/iptables.8:1064
+#: original/man8/ip6tables.8:2491 original/man8/iptables.8:2661
msgid "Jozsef Kadlecsik wrote the REJECT target."
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:812
-msgid "Harald Welte wrote the ULOG target, TTL match+target and libipulog."
+#: original/man8/ip6tables.8:2493
+msgid ""
+"Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as "
+"TTL match+target and libipulog."
msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:815 original/man8/iptables.8:1069
+#: original/man8/ip6tables.8:2497 original/man8/iptables.8:2667
msgid ""
-"The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Jozsef "
-"Kadlecsik, James Morris, Harald Welte and Rusty Russell."
+"The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Yasuyuki "
+"Kozakai, Jozsef Kadlecsik, Patrick McHardy, James Morris, Pablo Neira Ayuso, "
+"Harald Welte and Rusty Russell."
msgstr ""
+#. .. and did I mention that we are incredibly cool people?
+#. .. sexy, too ..
+#. .. witty, charming, powerful ..
+#. .. and most of all, modest ..
#. type: Plain text
-#: original/man8/ip6tables.8:817
+#: original/man8/ip6tables.8:2504
msgid ""
"ip6tables man page created by Andras Kis-Szabo, based on iptables man page "
"written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
msgstr ""
+#. type: SH
+#: original/man8/ip6tables.8:2504 original/man8/iptables.8:2673
+#, no-wrap
+msgid "VERSION"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2506
+msgid "This manual page applies to ip6tables @PACKAGE_VERSION@."
+msgstr ""
+
#. type: TH
#: original/man8/iptables-restore.8:1
#, no-wrap
#. type: Plain text
#: original/man8/iptables-restore.8:23
-msgid "iptables-restore - Restore IP Tables"
+msgid "iptables-restore \\(em Restore IP Tables"
msgstr ""
#. type: Plain text
#: original/man8/iptables-restore.8:25
-msgid "B<iptables-restore >[-c] [-n]"
+msgid "B<iptables-restore> [B<-c>] [B<-n>] [B<-T> I<name>]"
msgstr ""
#. type: Plain text
-#: original/man8/iptables-restore.8:31
+#: original/man8/iptables-restore.8:30
msgid ""
"B<iptables-restore> is used to restore IP Tables from data specified on "
"STDIN. Use I/O redirection provided by your shell to read from a file"
msgstr ""
#. type: Plain text
-#: original/man8/iptables-restore.8:39
+#: original/man8/iptables-restore.8:38
msgid ""
"don't flush the previous contents of the table. If not specified, "
"B<iptables-restore> flushes (deletes) all previous contents of the "
"respective IP Table."
msgstr ""
+#. type: Plain text
+#: original/man8/iptables-restore.8:41
+msgid "Restore only the named table even if the input stream contains other ones."
+msgstr ""
+
#. type: SH
-#: original/man8/iptables-restore.8:41 original/man8/iptables-save.8:40
+#: original/man8/iptables-restore.8:43 original/man8/iptables-save.8:44 original/man1/iptables-xml.1:84
#, no-wrap
msgid "AUTHOR"
msgstr ""
#. type: Plain text
-#: original/man8/iptables-restore.8:45
+#: original/man8/iptables-restore.8:47
msgid "B<iptables-save>(8), B<iptables>(8)"
msgstr ""
#. type: Plain text
#: original/man8/iptables-save.8:23
-msgid "iptables-save - Save IP Tables"
+msgid "iptables-save \\(em dump iptables rules to stdout"
msgstr ""
#. type: Plain text
-#: original/man8/iptables-save.8:25
-msgid "B<iptables-save >[-c] [-t table]"
+#: original/man8/iptables-save.8:26
+msgid "B<iptables-save> [B<-M> I<modprobe>] [B<-c>] [B<-t> I<table>]"
msgstr ""
#. type: Plain text
msgstr ""
#. type: Plain text
-#: original/man8/iptables-save.8:44
+#: original/man8/iptables-save.8:48
msgid "B<iptables-restore>(8), B<iptables>(8)"
msgstr ""
#. type: Plain text
#: original/man8/iptables.8:27
-msgid "iptables - administration tool for IPv4 packet filtering and NAT"
+msgid "iptables \\(em administration tool for IPv4 packet filtering and NAT"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:30
+msgid ""
+"B<iptables> [B<-t> I<table>] {B<-A>|B<-C>|B<-D>} I<chain> "
+"I<rule-specification>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:29
-msgid "B<iptables [-t table] -[AD] >chain rule-specification [options]"
+#: original/man8/iptables.8:32
+msgid ""
+"B<iptables> [B<-t> I<table>] B<-I> I<chain> [I<rulenum>] "
+"I<rule-specification>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:31
-msgid "B<iptables [-t table] -I >chain [rulenum] rule-specification [options]"
+#: original/man8/iptables.8:34
+msgid "B<iptables> [B<-t> I<table>] B<-R> I<chain rulenum rule-specification>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:33
-msgid "B<iptables [-t table] -R >chain rulenum rule-specification [options]"
+#: original/man8/iptables.8:36
+msgid "B<iptables> [B<-t> I<table>] B<-D> I<chain rulenum>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:35
-msgid "B<iptables [-t table] -D >chain rulenum [options]"
+#: original/man8/iptables.8:38
+msgid "B<iptables> [B<-t> I<table>] B<-S> [I<chain> [I<rulenum>]]"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:37
-msgid "B<iptables [-t table] -[LFZ] >[chain] [options]"
+#: original/man8/iptables.8:40
+msgid ""
+"B<iptables> [B<-t> I<table>] {B<-F>|B<-L>|B<-Z>} [I<chain> [I<rulenum>]] "
+"[I<options...>]"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:39
-msgid "B<iptables [-t table] -N >chain"
+#: original/man8/iptables.8:42
+msgid "B<iptables> [B<-t> I<table>] B<-N> I<chain>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:41
-msgid "B<iptables [-t table] -X >[chain]"
+#: original/man8/iptables.8:44
+msgid "B<iptables> [B<-t> I<table>] B<-X> [I<chain>]"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:43
-msgid "B<iptables [-t table] -P >chain target [options]"
+#: original/man8/iptables.8:46
+msgid "B<iptables> [B<-t> I<table>] B<-P> I<chain target>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:45
-msgid "B<iptables [-t table] -E >old-chain-name new-chain-name"
+#: original/man8/iptables.8:48
+msgid "B<iptables> [B<-t> I<table>] B<-E> I<old-chain-name new-chain-name>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:51
-msgid ""
-"B<Iptables> is used to set up, maintain, and inspect the tables of IP packet "
-"filter rules in the Linux kernel. Several different tables may be defined. "
-"Each table contains a number of built-in chains and may also contain "
-"user-defined chains."
+#: original/man8/iptables.8:50
+msgid "rule-specification = [I<matches...>] [I<target>]"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:86
-msgid ""
-"There are currently three independent tables (which tables are present at "
-"any time depends on the kernel configuration options and which modules are "
-"present)."
+#: original/man8/iptables.8:52
+msgid "match = B<-m> I<matchname> [I<per-match-options>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:54
+msgid "target = B<-j> I<targetname> [I<per-target-options>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:60
+msgid ""
+"B<Iptables> is used to set up, maintain, and inspect the tables of IPv4 "
+"packet filter rules in the Linux kernel. Several different tables may be "
+"defined. Each table contains a number of built-in chains and may also "
+"contain user-defined chains."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:105
+#: original/man8/iptables.8:107
#, no-wrap
msgid "B<nat>:"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:115
+#: original/man8/iptables.8:114
msgid ""
"This table is consulted when a packet that creates a new connection is "
"encountered. It consists of three built-ins: B<PREROUTING> (for altering "
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:135
+#: original/man8/iptables.8:147
msgid ""
"The options that are recognized by B<iptables> can be divided into several "
"different groups."
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:142
+#: original/man8/iptables.8:153
msgid ""
-"These options specify the specific action to perform. Only one of them can "
-"be specified on the command line unless otherwise specified below. For all "
-"the long versions of the command and option names, you need to use only "
-"enough letters to ensure that B<iptables> can differentiate it from all "
-"other options."
-msgstr ""
-
-#. type: TP
-#: original/man8/iptables.8:155
-#, no-wrap
-msgid "B<-I, --insert >I<chain> [I<rulenum>] I<rule-specification>"
+"These options specify the desired action to perform. Only one of them can be "
+"specified on the command line unless otherwise stated below. For long "
+"versions of the command and option names, you need to use only enough "
+"letters to ensure that B<iptables> can differentiate it from all other "
+"options."
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:171
+#: original/man8/iptables.8:188
msgid ""
"List all rules in the selected chain. If no chain is selected, all chains "
-"are listed. As every other iptables command, it applies to the specified "
+"are listed. Like every other iptables command, it applies to the specified "
"table (filter is the default), so NAT rules get listed by"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:173
+#: original/man8/iptables.8:190
#, no-wrap
msgid " iptables -t nat -n -L\n"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:184
+#: original/man8/iptables.8:199
#, no-wrap
msgid " iptables -L -v\n"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:242
+#: original/man8/iptables.8:205
+msgid ""
+"Print all rules in the selected chain. If no chain is selected, all chains "
+"are printed like iptables-save. Like every other iptables command, it "
+"applies to the specified table (filter is the default)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:256
msgid ""
"The protocol of the rule or of the packet to check. The specified protocol "
-"can be one of I<tcp>, I<udp>, I<icmp>, or I<all>, or it can be a numeric "
-"value, representing one of these protocols or a different one. A protocol "
-"name from /etc/protocols is also allowed. A \"!\" argument before the "
-"protocol inverts the test. The number zero is equivalent to I<all>. "
-"Protocol I<all> will match with all protocols and is taken as default when "
-"this option is omitted."
+"can be one of B<tcp>, B<udp>, B<udplite>, B<icmp>, B<esp>, B<ah>, B<sctp> or "
+"the special keyword \"B<all>\", or it can be a numeric value, representing "
+"one of these protocols or a different one. A protocol name from "
+"/etc/protocols is also allowed. A \"!\" argument before the protocol "
+"inverts the test. The number zero is equivalent to B<all>. \"B<all>\" will "
+"match with all protocols and is taken as default when this option is "
+"omitted."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:256
+#, no-wrap
+msgid "[B<!>] B<-s>, B<--source> I<address>[B</>I<mask>][B<,>I<...>]"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:261
+#: original/man8/iptables.8:273
msgid ""
-"Source specification. I<Address> can be either a network name, a hostname "
-"(please note that specifying any name to be resolved with a remote query "
-"such as DNS is a really bad idea), a network IP address (with /mask), or a "
-"plain IP address. The I<mask> can be either a network mask or a plain "
+"Source specification. I<Address> can be either a network name, a hostname, a "
+"network IP address (with B</>I<mask>), or a plain IP address. Hostnames will "
+"be resolved once only, before the rule is submitted to the kernel. Please "
+"note that specifying any name to be resolved with a remote query such as DNS "
+"is a really bad idea. The I<mask> can be either a network mask or a plain "
"number, specifying the number of 1's at the left side of the network mask. "
"Thus, a mask of I<24> is equivalent to I<255.255.255.0>. A \"!\" argument "
"before the address specification inverts the sense of the address. The flag "
-"B<--src> is an alias for this option."
+"B<--src> is an alias for this option. Multiple addresses can be specified, "
+"but this will B<expand to multiple rules> (when adding with -A), or will "
+"cause multiple rules to be deleted (with -D)."
msgstr ""
-#. type: Plain text
-#: original/man8/iptables.8:304
-msgid ""
-"Name of an interface via which a packet is going to be sent (for packets "
-"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). When the "
-"\"!\" argument is used before the interface name, the sense is inverted. If "
-"the interface name ends in a \"+\", then any interface which begins with "
-"this name will match. If this option is omitted, any interface name will "
-"match."
+#. type: TP
+#: original/man8/iptables.8:273
+#, no-wrap
+msgid "[B<!>] B<-d>, B<--destination> I<address>[B</>I<mask>][B<,>I<...>]"
msgstr ""
#. type: TP
-#: original/man8/iptables.8:304
+#: original/man8/iptables.8:312
#, no-wrap
-msgid "B<[!] -f, --fragment>"
+msgid "[B<!>] B<-f>, B<--fragment>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:312
+#: original/man8/iptables.8:320
msgid ""
"This means that the rule only refers to second and further fragments of "
"fragmented packets. Since there is no way to tell the source or destination "
"the rule will only match head fragments, or unfragmented packets."
msgstr ""
-#. type: TP
-#: original/man8/iptables.8:312
-#, no-wrap
-msgid "B<-c, --set-counters >I<PKTS BYTES>"
-msgstr ""
-
#. type: Plain text
-#: original/man8/iptables.8:376
+#: original/man8/iptables.8:368
msgid ""
-"iptables can use extended packet matching modules. These are loaded in two "
-"ways: implicitly, when B<-p> or B<--protocol> is specified, or with the "
-"B<-m> or B<--match> options, followed by the matching module name; after "
-"these, various extra command line options become available, depending on the "
+"iptables can use extended packet matching modules with the B<-m> or "
+"B<--match> options, followed by the matching module name; after these, "
+"various extra command line options become available, depending on the "
"specific module. You can specify multiple extended match modules in one "
"line, and you can use the B<-h> or B<--help> options after the module has "
"been specified to receive help specific to that module."
msgstr ""
-#. type: SS
-#: original/man8/iptables.8:381
-#, no-wrap
-msgid "ah"
-msgstr ""
-
+#. @MATCH@
#. type: Plain text
-#: original/man8/iptables.8:383
-msgid "This module matches the SPIs in AH header of IPSec packets."
+#: original/man8/iptables.8:373
+msgid ""
+"If the B<-p> or B<--protocol> was specified and if and only if an unknown "
+"option is encountered, iptables will try load a match module of the same "
+"name as the protocol, to try making the option available."
msgstr ""
-#. type: TP
-#: original/man8/iptables.8:383
-#, no-wrap
-msgid "B<--ahspi >[!] I<spi>[:I<spi>]"
+#. type: Plain text
+#: original/man8/iptables.8:445
+msgid "This module matches the SPIs in Authentication header of IPsec packets."
msgstr ""
#. type: SS
-#: original/man8/iptables.8:385
+#: original/man8/iptables.8:825
#, no-wrap
-msgid "conntrack"
+msgid "icmp"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:390
+#: original/man8/iptables.8:828
msgid ""
-"This module, when combined with connection tracking, allows access to more "
-"connection tracking information than the \"state\" match. (this module is "
-"present only if iptables was compiled under a kernel supporting this "
-"feature)"
+"This extension can be used if `--protocol icmp' is specified. It provides "
+"the following option:"
msgstr ""
#. type: TP
-#: original/man8/iptables.8:390
+#: original/man8/iptables.8:828
#, no-wrap
-msgid "B<--ctstate >I<state>"
+msgid "[B<!>] B<--icmp-type> {I<type>[B</>I<code>]|I<typename>}"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:413
+#: original/man8/iptables.8:832
msgid ""
-"Where state is a comma separated list of the connection states to match. "
-"Possible states are B<INVALID> meaning that the packet is associated with no "
-"known connection, B<ESTABLISHED> meaning that the packet is associated with "
-"a connection which has seen packets in both directions, B<NEW> meaning that "
-"the packet has started a new connection, or otherwise associated with a "
-"connection which has not seen packets in both directions, and B<RELATED> "
-"meaning that the packet is starting a new connection, but is associated with "
-"an existing connection, such as an FTP data transfer, or an ICMP error. "
-"B<SNAT> A virtual state, matching if the original source address differs "
-"from the reply destination. B<DNAT> A virtual state, matching if the "
-"original destination differs from the reply source."
-msgstr ""
-
-#. type: TP
-#: original/man8/iptables.8:413
-#, no-wrap
-msgid "B<--ctproto >I<proto>"
-msgstr ""
-
-#. type: Plain text
-#: original/man8/iptables.8:416
-msgid "Protocol to match (by number or name)"
-msgstr ""
-
-#. type: TP
-#: original/man8/iptables.8:416
-#, no-wrap
-msgid "B<--ctorigsrc >I<[!] address[/mask]>"
+"This allows specification of the ICMP type, which can be a numeric ICMP "
+"type, type/code pair, or one of the ICMP type names shown by the command"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:419
-msgid "Match against original source address"
-msgstr ""
-
-#. type: TP
-#: original/man8/iptables.8:419
+#: original/man8/iptables.8:834
#, no-wrap
-msgid "B<--ctorigdst >I<[!] address[/mask]>"
-msgstr ""
-
-#. type: Plain text
-#: original/man8/iptables.8:422
-msgid "Match against original destination address"
+msgid " iptables -p icmp -h\n"
msgstr ""
-#. type: TP
-#: original/man8/iptables.8:422
+#. type: SS
+#: original/man8/iptables.8:969
#, no-wrap
-msgid "B<--ctreplsrc >I<[!] address[/mask]>"
+msgid "osf"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:425
-msgid "Match against reply source address"
+#: original/man8/iptables.8:973
+msgid ""
+"The osf module does passive operating system fingerprinting. This modules "
+"compares some data (Window Size, MSS, options and their order, TTL, DF, and "
+"others) from packets with the SYN bit set."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:425
+#: original/man8/iptables.8:973
#, no-wrap
-msgid "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
+msgid "[B<!>] B<--genre> I<string>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:428
-msgid "Match against reply destination address"
+#: original/man8/iptables.8:976
+msgid "Match an operating system genre by using a passive fingerprinting."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:428
+#: original/man8/iptables.8:976
#, no-wrap
-msgid "B<--ctstatus >I<[NONE|EXPECTED|SEEN_REPLY|ASSURED][,...]>"
+msgid "B<--ttl> I<level>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:431
-msgid "Match against internal conntrack states"
-msgstr ""
-
-#. type: TP
-#: original/man8/iptables.8:431
-#, no-wrap
-msgid "B<--ctexpire >I<time[:time]>"
+#: original/man8/iptables.8:980
+msgid ""
+"Do additional TTL checks on the packet to determine the operating system. "
+"I<level> can be one of the following values:"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:435
+#: original/man8/iptables.8:983
msgid ""
-"Match remaining lifetime in seconds against given value or range of values "
-"(inclusive)"
-msgstr ""
-
-#. type: SS
-#: original/man8/iptables.8:435
-#, no-wrap
-msgid "dscp"
+"0 - True IP address and fingerprint TTL comparison. This generally works for "
+"LANs."
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:438
+#: original/man8/iptables.8:986
msgid ""
-"This module matches the 6 bit DSCP field within the TOS field in the IP "
-"header. DSCP has superseded TOS within the IETF."
-msgstr ""
-
-#. type: TP
-#: original/man8/iptables.8:438
-#, no-wrap
-msgid "B<--dscp >I<value>"
+"1 - Check if the IP header's TTL is less than the fingerprint one. Works for "
+"globally-routable addresses."
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:441
-msgid "Match against a numeric (decimal or hex) value [0-32]."
+#: original/man8/iptables.8:988
+msgid "2 - Do not compare the TTL at all."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:441
+#: original/man8/iptables.8:988
#, no-wrap
-msgid "B<--dscp-class >I<DiffServ Class>"
+msgid "B<--log> I<level>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:446
+#: original/man8/iptables.8:992
msgid ""
-"Match the DiffServ class. This value may be any of the BE, EF, AFxx or CSx "
-"classes. It will then be converted into it's according numeric value."
-msgstr ""
-
-#. type: SS
-#: original/man8/iptables.8:446
-#, no-wrap
-msgid "esp"
-msgstr ""
-
-#. type: Plain text
-#: original/man8/iptables.8:448
-msgid "This module matches the SPIs in ESP header of IPSec packets."
-msgstr ""
-
-#. type: TP
-#: original/man8/iptables.8:448
-#, no-wrap
-msgid "B<--espspi >[!] I<spi>[:I<spi>]"
-msgstr ""
-
-#. type: SS
-#: original/man8/iptables.8:450
-#, no-wrap
-msgid "helper"
+"Log determined genres into dmesg even if they do not match the desired one. "
+"I<level> can be one of the following values:"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:452
-msgid "This module matches packets related to a specific conntrack-helper."
-msgstr ""
-
-#. type: TP
-#: original/man8/iptables.8:452
-#, no-wrap
-msgid "B<--helper >I<string>"
+#: original/man8/iptables.8:994
+msgid "0 - Log all matched or unknown signatures"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:455
-msgid "Matches packets related to the specified conntrack-helper."
+#: original/man8/iptables.8:996
+msgid "1 - Log only the first one"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:459
-msgid ""
-"string can be \"ftp\" for packets related to a ftp-session on default port. "
-"For other ports append -portnr to the value, ie. \"ftp-2121\"."
+#: original/man8/iptables.8:998
+msgid "2 - Log all known matched signatures"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:461
-msgid "Same rules apply for other conntrack-helpers."
-msgstr ""
-
-#. type: SS
-#: original/man8/iptables.8:462
-#, no-wrap
-msgid "icmp"
+#: original/man8/iptables.8:1000
+msgid "You may find something like this in syslog:"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:465
+#: original/man8/iptables.8:1003
msgid ""
-"This extension is loaded if `--protocol icmp' is specified. It provides the "
-"following option:"
-msgstr ""
-
-#. type: TP
-#: original/man8/iptables.8:465
-#, no-wrap
-msgid "B<--icmp-type >[!] I<typename>"
+"Windows [2000:SP3:Windows XP Pro SP1, 2000 SP3]: 11.22.33.55:4024 -E<gt> "
+"11.22.33.44:139 hops=3 Linux [2.5-2.6:] : 1.2.3.4:42624 -E<gt> 1.2.3.5:22 "
+"hops=4"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:469
+#: original/man8/iptables.8:1006
msgid ""
-"This allows specification of the ICMP type, which can be a numeric ICMP "
-"type, or one of the ICMP type names shown by the command"
+"OS fingerprints are loadable using the B<nfnl_osf> program. To load "
+"fingerprints from a file, use:"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:471
-#, no-wrap
-msgid " iptables -p icmp -h\n"
-msgstr ""
-
-#. type: SS
-#: original/man8/iptables.8:472
-#, no-wrap
-msgid "length"
+#: original/man8/iptables.8:1008
+msgid "B<nfnl_osf -f /usr/share/xtables/pf.os>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:475
-msgid ""
-"This module matches the length of a packet against a specific value or range "
-"of values."
-msgstr ""
-
-#. type: TP
-#: original/man8/iptables.8:475
-#, no-wrap
-msgid "B<--length >I<length>[:I<length>]"
+#: original/man8/iptables.8:1010
+msgid "To remove them again,"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:540
-msgid ""
-"This module attempts to match various characteristics of the packet creator, "
-"for locally-generated packets. It is only valid in the B<OUTPUT> chain, and "
-"even this some packets (such as ICMP ping responses) may have no owner, and "
-"hence never match."
-msgstr ""
-
-#. type: TP
-#: original/man8/iptables.8:556
-#, no-wrap
-msgid "B<--cmd-owner >I<name>"
+#: original/man8/iptables.8:1012
+msgid "B<nfnl_osf -f /usr/share/xtables/pf.os -d>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:561
+#: original/man8/iptables.8:1015
msgid ""
-"Matches if the packet was created by a process with the given command name. "
-"(this option is present only if iptables was compiled under a kernel "
-"supporting this feature)"
+"The fingerprint database can be downlaoded from "
+"http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os ."
msgstr ""
#. type: SS
-#: original/man8/iptables.8:561
+#: original/man8/iptables.8:1241
#, no-wrap
-msgid "physdev"
+msgid "realm"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:566
+#: original/man8/iptables.8:1244
msgid ""
-"This module matches on the bridge port input and output devices enslaved to "
-"a bridge device. This module is a part of the infrastructure that enables a "
-"transparent bridging IP firewall and is only useful for kernel versions "
-"above version 2.5.44."
+"This matches the routing realm. Routing realms are used in complex routing "
+"setups involving dynamic routing protocols like BGP."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:566
+#: original/man8/iptables.8:1244
#, no-wrap
-msgid "B<--physdev-in name>"
+msgid "[B<!>] B<--realm> I<value>[B</>I<mask>]"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:577
+#: original/man8/iptables.8:1249
msgid ""
-"Name of a bridge port via which a packet is received (only for packets "
-"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). If the "
-"interface name ends in a \"+\", then any interface which begins with this "
-"name will match. If the packet didn't arrive through a bridge device, this "
-"packet won't match this option, unless '!' is used."
+"Matches a given realm number (and optionally mask). If not a number, value "
+"can be a named realm from /etc/iproute2/rt_realms (mask can not be used in "
+"that case)."
msgstr ""
-#. type: TP
-#: original/man8/iptables.8:577
+#. type: SS
+#: original/man8/iptables.8:1680
#, no-wrap
-msgid "B<--physdev-out name>"
+msgid "ttl"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:594
-msgid ""
-"Name of a bridge port via which a packet is going to be sent (for packets "
-"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). If the "
-"interface name ends in a \"+\", then any interface which begins with this "
-"name will match. Note that in the B<nat> and B<mangle> B<OUTPUT> chains one "
-"cannot match on the bridge output port, however one can in the B<filter "
-"OUTPUT> chain. If the packet won't leave by a bridge device or it is yet "
-"unknown what the output device will be, then the packet won't match this "
-"option, unless '!' is used."
+#: original/man8/iptables.8:1682
+msgid "This module matches the time to live field in the IP header."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:594
+#: original/man8/iptables.8:1682
#, no-wrap
-msgid "B<--physdev-is-in>"
+msgid "[B<!>] B<--ttl-eq> I<ttl>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:597
-msgid "Matches if the packet has entered through a bridge interface."
+#: original/man8/iptables.8:1685
+msgid "Matches the given TTL value."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:597
+#: original/man8/iptables.8:1685
#, no-wrap
-msgid "B<--physdev-is-out>"
+msgid "B<--ttl-gt> I<ttl>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:600
-msgid "Matches if the packet will leave through a bridge interface."
+#: original/man8/iptables.8:1688
+msgid "Matches if TTL is greater than the given TTL value."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:600
+#: original/man8/iptables.8:1688
#, no-wrap
-msgid "B<--physdev-is-bridged>"
+msgid "B<--ttl-lt> I<ttl>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:604
-msgid ""
-"Matches if the packet is being bridged and therefore is not being routed. "
-"This is only useful in the FORWARD and POSTROUTING chains."
+#: original/man8/iptables.8:1691
+msgid "Matches if TTL is less than the given TTL value."
msgstr ""
#. type: SS
-#: original/man8/iptables.8:604
+#: original/man8/iptables.8:1836
#, no-wrap
-msgid "pkttype"
+msgid "unclean"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:606
-msgid "This module matches the link-layer packet type."
-msgstr ""
-
-#. type: TP
-#: original/man8/iptables.8:606
-#, no-wrap
-msgid "B<--pkt-type >I<[unicast|broadcast|multicast]>"
-msgstr ""
-
-#. type: SS
-#: original/man8/iptables.8:608
-#, no-wrap
-msgid "state"
+#: original/man8/iptables.8:1839
+msgid ""
+"This module takes no options, but attempts to match packets which seem "
+"malformed or unusual. This is regarded as experimental."
msgstr ""
+#. @TARGET@
#. type: Plain text
-#: original/man8/iptables.8:611
+#: original/man8/iptables.8:1843
msgid ""
-"This module, when combined with connection tracking, allows access to the "
-"connection tracking state for this packet."
+"iptables can use extended target modules: the following are included in the "
+"standard distribution."
msgstr ""
-#. type: TP
-#: original/man8/iptables.8:611
+#. type: SS
+#: original/man8/iptables.8:1873
#, no-wrap
-msgid "B<--state >I<state>"
+msgid "CLUSTERIP"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:630
+#: original/man8/iptables.8:1878
msgid ""
-"Where state is a comma separated list of the connection states to match. "
-"Possible states are B<INVALID> meaning that the packet could not be "
-"identified for some reason which includes running out of memory and ICMP "
-"errors which don't correspond to any known connection, B<ESTABLISHED> "
-"meaning that the packet is associated with a connection which has seen "
-"packets in both directions, B<NEW> meaning that the packet has started a new "
-"connection, or otherwise associated with a connection which has not seen "
-"packets in both directions, and B<RELATED> meaning that the packet is "
-"starting a new connection, but is associated with an existing connection, "
-"such as an FTP data transfer, or an ICMP error."
-msgstr ""
-
-#. type: Plain text
-#: original/man8/iptables.8:660
-#, no-wrap
-msgid " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+"This module allows you to configure a simple cluster of nodes that share a "
+"certain IP and MAC address without an explicit load balancer in front of "
+"them. Connections are statically distributed between the nodes in this "
+"cluster."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:676
+#: original/man8/iptables.8:1878
#, no-wrap
-msgid "B<--mss >I<value>[:I<value>]"
+msgid "B<--new>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:680
+#: original/man8/iptables.8:1882
msgid ""
-"Match TCP SYN or SYN/ACK packets with the specified MSS value (or range), "
-"which control the maximum packet size for that connection."
+"Create a new ClusterIP. You always have to set this on the first rule for a "
+"given ClusterIP."
msgstr ""
-#. type: SS
-#: original/man8/iptables.8:680
+#. type: TP
+#: original/man8/iptables.8:1882
#, no-wrap
-msgid "tos"
+msgid "B<--hashmode> I<mode>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:683
+#: original/man8/iptables.8:1886
msgid ""
-"This module matches the 8 bits of Type of Service field in the IP header "
-"(ie. including the precedence bits)."
+"Specify the hashing mode. Has to be one of B<sourceip>, "
+"B<sourceip-sourceport>, B<sourceip-sourceport-destport>."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:683
-#, no-wrap
-msgid "B<--tos >I<tos>"
-msgstr ""
-
-#. type: Plain text
-#: original/man8/iptables.8:686
-msgid "The argument is either a standard name, (use"
-msgstr ""
-
-#. type: Plain text
-#: original/man8/iptables.8:688
+#: original/man8/iptables.8:1886
#, no-wrap
-msgid " iptables -m tos -h\n"
+msgid "B<--clustermac> I<mac>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:690
-msgid "to see the list), or a numeric value to match."
+#: original/man8/iptables.8:1889
+msgid "Specify the ClusterIP MAC address. Has to be a link-layer multicast address"
msgstr ""
-#. type: SS
-#: original/man8/iptables.8:690
+#. type: TP
+#: original/man8/iptables.8:1889
#, no-wrap
-msgid "ttl"
+msgid "B<--total-nodes> I<num>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:692
-msgid "This module matches the time to live field in the IP header."
+#: original/man8/iptables.8:1892
+msgid "Number of total nodes within this cluster."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:692
+#: original/man8/iptables.8:1892
#, no-wrap
-msgid "B<--ttl >I<ttl>"
+msgid "B<--local-node> I<num>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:695
-msgid "Matches the given TTL value."
+#: original/man8/iptables.8:1895
+msgid "Local node number within this cluster."
msgstr ""
-#. type: SS
-#: original/man8/iptables.8:710
+#. type: TP
+#: original/man8/iptables.8:1895
#, no-wrap
-msgid "unclean"
-msgstr ""
-
-#. type: Plain text
-#: original/man8/iptables.8:713
-msgid ""
-"This module takes no options, but attempts to match packets which seem "
-"malformed or unusual. This is regarded as experimental."
+msgid "B<--hash-init> I<rnd>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:716
-msgid ""
-"iptables can use extended target modules: the following are included in the "
-"standard distribution."
+#: original/man8/iptables.8:1898
+msgid "Specify the random seed used for hash initialization."
msgstr ""
#. type: SS
-#: original/man8/iptables.8:716
+#: original/man8/iptables.8:1997
#, no-wrap
msgid "DNAT"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:728
+#: original/man8/iptables.8:2009
msgid ""
"This target is only valid in the B<nat> table, in the B<PREROUTING> and "
"B<OUTPUT> chains, and user-defined chains which are only called from those "
msgstr ""
#. type: TP
-#: original/man8/iptables.8:728
+#: original/man8/iptables.8:2009
#, no-wrap
-msgid "B<--to-destination >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
+msgid "B<--to-destination> [I<ipaddr>[B<->I<ipaddr>]][B<:>I<port>[B<->I<port>]]"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:738
+#: original/man8/iptables.8:2020
msgid ""
"which can specify a single new destination IP address, an inclusive range of "
"IP addresses, and optionally, a port range (which is only valid if the rule "
"also specifies B<-p tcp> or B<-p udp>). If no port range is specified, then "
-"the destination port will never be modified."
-msgstr ""
-
-#. type: Plain text
-#: original/man8/iptables.8:744
-msgid ""
-"You can add several --to-destination options. If you specify more than one "
-"destination address, either via an address range or multiple "
-"--to-destination options, a simple round-robin (one after another in cycle) "
-"load balancing takes place between these adresses."
-msgstr ""
-
-#. type: SS
-#: original/man8/iptables.8:744
-#, no-wrap
-msgid "DSCP"
+"the destination port will never be modified. If no IP address is specified "
+"then only the destination port will be modified."
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:748
-msgid ""
-"This target allows to alter the value of the DSCP bits within the TOS header "
-"of the IPv4 packet. As this manipulates a packet, it can only be used in "
-"the mangle table."
+#: original/man8/iptables.8:2027
+msgid ""
+"In Kernels up to 2.6.10 you can add several --to-destination options. For "
+"those kernels, if you specify more than one destination address, either via "
+"an address range or multiple --to-destination options, a simple round-robin "
+"(one after another in cycle) load balancing takes place between these "
+"addresses. Later Kernels (E<gt>= 2.6.11-rc1) don't have the ability to NAT "
+"to multiple ranges anymore."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:748
+#: original/man8/iptables.8:2027 original/man8/iptables.8:2159 original/man8/iptables.8:2284 original/man8/iptables.8:2338 original/man8/iptables.8:2407
#, no-wrap
-msgid "B<--set-dscp >I<value>"
+msgid "B<--random>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:751
-msgid "Set the DSCP field to a numerical value (can be decimal or hex)"
+#: original/man8/iptables.8:2032 original/man8/iptables.8:2289
+msgid ""
+"If option B<--random> is used then port mapping will be randomized (kernel "
+"E<gt>= 2.6.22)."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:751
+#: original/man8/iptables.8:2032 original/man8/iptables.8:2412
#, no-wrap
-msgid "B<--set-dscp-class >I<class>"
+msgid "B<--persistent>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:754
-msgid "Set the DSCP field to a DiffServ class."
+#: original/man8/iptables.8:2037 original/man8/iptables.8:2417
+msgid ""
+"Gives a client the same source-/destination-address for each connection. "
+"This supersedes the SAME target. Support for persistent mappings is "
+"available from 2.6.29-rc2."
msgstr ""
#. type: SS
-#: original/man8/iptables.8:754
+#: original/man8/iptables.8:2047
#, no-wrap
msgid "ECN"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:757
+#: original/man8/iptables.8:2050
msgid ""
"This target allows to selectively work around known ECN blackholes. It can "
"only be used in the mangle table."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:757
+#: original/man8/iptables.8:2050
#, no-wrap
msgid "B<--ecn-tcp-remove>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:762
+#: original/man8/iptables.8:2055
msgid ""
"Remove all ECN bits from the TCP header. Of course, it can only be used in "
"conjunction with B<-p tcp>."
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:774
+#: original/man8/iptables.8:2088
msgid ""
"Turn on kernel logging of matching packets. When this option is set for a "
"rule, the Linux kernel will print some information on all matching packets "
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:791
+#: original/man8/iptables.8:2105
msgid "Log options from the IP packet header."
msgstr ""
-#. type: Plain text
-#: original/man8/iptables.8:796
-msgid ""
-"This is used to set the netfilter mark value associated with the packet. It "
-"is only valid in the B<mangle> table. It can for example be used in "
-"conjunction with iproute2."
-msgstr ""
-
#. type: SS
-#: original/man8/iptables.8:798
+#: original/man8/iptables.8:2136
#, no-wrap
msgid "MASQUERADE"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:812
+#: original/man8/iptables.8:2150
msgid ""
"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. "
"It should only be used with dynamically assigned IP (dialup) connections: "
"interface the packet is going out, but also has the effect that connections "
"are I<forgotten> when the interface goes down. This is the correct behavior "
"when the next dialup is unlikely to have the same interface address (and "
-"hence any established connections are lost anyway). It takes one option:"
+"hence any established connections are lost anyway)."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:812 original/man8/iptables.8:845
+#: original/man8/iptables.8:2150 original/man8/iptables.8:2276
#, no-wrap
-msgid "B<--to-ports >I<port>[-I<port>]"
+msgid "B<--to-ports> I<port>[B<->I<port>]"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:821
+#: original/man8/iptables.8:2159
msgid ""
"This specifies a range of source ports to use, overriding the default "
"B<SNAT> source port-selection heuristics (see above). This is only valid if "
"the rule also specifies B<-p tcp> or B<-p udp>."
msgstr ""
+#. type: Plain text
+#: original/man8/iptables.8:2165
+msgid ""
+"Randomize source port mapping If option B<--random> is used then port "
+"mapping will be randomized (kernel E<gt>= 2.6.21)."
+msgstr ""
+
#. type: SS
-#: original/man8/iptables.8:821
+#: original/man8/iptables.8:2167
#, no-wrap
msgid "MIRROR"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:834
+#: original/man8/iptables.8:2180
msgid ""
"This is an experimental demonstration target which inverts the source and "
"destination fields in the IP header and retransmits the packet. It is only "
msgstr ""
#. type: SS
-#: original/man8/iptables.8:834
+#: original/man8/iptables.8:2180
+#, no-wrap
+msgid "NETMAP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:2185
+msgid ""
+"This target allows you to statically map a whole network of addresses onto "
+"another network of addresses. It can only be used from rules in the B<nat> "
+"table."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:2185
+#, no-wrap
+msgid "B<--to> I<address>[B</>I<mask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:2190
+msgid ""
+"Network address to map to. The resulting address will be constructed in the "
+"following way: All 'one' bits in the mask are filled in from the new "
+"`address'. All bits that are zero in the mask are filled in from the "
+"original address."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:2265
#, no-wrap
msgid "REDIRECT"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:845
+#: original/man8/iptables.8:2276
msgid ""
"This target is only valid in the B<nat> table, in the B<PREROUTING> and "
"B<OUTPUT> chains, and user-defined chains which are only called from those "
-"chains. It alters the destination IP address to send the packet to the "
-"machine itself (locally-generated packets are mapped to the 127.0.0.1 "
-"address). It takes one option:"
+"chains. It redirects the packet to the machine itself by changing the "
+"destination IP to the primary address of the incoming interface "
+"(locally-generated packets are mapped to the 127.0.0.1 address)."
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:853
+#: original/man8/iptables.8:2284
msgid ""
"This specifies a destination port or range of ports to use: without this, "
"the destination port is never altered. This is only valid if the rule also "
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:877
-#, no-wrap
-msgid ""
-"B<icmp-net-unreachable>\n"
-"B<icmp-host-unreachable>\n"
-"B<icmp-port-unreachable>\n"
-"B<icmp-proto-unreachable>\n"
-"B<icmp-net-prohibited>\n"
-"B<icmp-host-prohibited or>\n"
-"B<icmp-admin-prohibited (*)>\n"
-msgstr ""
-
-#. type: Plain text
-#: original/man8/iptables.8:886
+#: original/man8/iptables.8:2322
msgid ""
-"which return the appropriate ICMP error message (B<port-unreachable> is the "
-"default). The option B<tcp-reset> can be used on rules which only match the "
-"TCP protocol: this causes a TCP RST packet to be sent back. This is mainly "
-"useful for blocking I<ident> (113/tcp) probes which frequently occur when "
-"sending mail to broken mail hosts (which won't accept your mail otherwise)."
+"The type given can be B<icmp-net-unreachable>, B<icmp-host-unreachable>, "
+"B<icmp-port-unreachable>, B<icmp-proto-unreachable>, B<icmp-net-prohibited>, "
+"B<icmp-host-prohibited> or B<icmp-admin-prohibited> (*) which return the "
+"appropriate ICMP error message (B<port-unreachable> is the default). The "
+"option B<tcp-reset> can be used on rules which only match the TCP protocol: "
+"this causes a TCP RST packet to be sent back. This is mainly useful for "
+"blocking I<ident> (113/tcp) probes which frequently occur when sending mail "
+"to broken mail hosts (which won't accept your mail otherwise)."
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:889
+#: original/man8/iptables.8:2324
msgid ""
"(*) Using icmp-admin-prohibited with kernels that do not support it will "
"result in a plain DROP instead of REJECT"
msgstr ""
#. type: SS
-#: original/man8/iptables.8:889
+#: original/man8/iptables.8:2324
#, no-wrap
-msgid "SNAT"
+msgid "SAME"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:898
+#: original/man8/iptables.8:2328
msgid ""
-"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. "
-"It specifies that the source address of the packet should be modified (and "
-"all future packets in this connection will also be mangled), and rules "
-"should cease being examined. It takes one type of option:"
+"Similar to SNAT/DNAT depending on chain: it takes a range of addresses "
+"(`--to 1.2.3.4-1.2.3.7') and gives a client the same "
+"source-/destination-address for each connection."
msgstr ""
-#. type: TP
-#: original/man8/iptables.8:898
-#, no-wrap
-msgid "B<--to-source >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
+#. type: Plain text
+#: original/man8/iptables.8:2330
+msgid "N.B.: The DNAT target's B<--persistent> option replaced the SAME target."
msgstr ""
-#. type: Plain text
-#: original/man8/iptables.8:910
-msgid ""
-"which can specify a single new source IP address, an inclusive range of IP "
-"addresses, and optionally, a port range (which is only valid if the rule "
-"also specifies B<-p tcp> or B<-p udp>). If no port range is specified, then "
-"source ports below 512 will be mapped to other ports below 512: those "
-"between 512 and 1023 inclusive will be mapped to ports below 1024, and other "
-"ports will be mapped to 1024 or above. Where possible, no port alteration "
-"will occur."
+#. type: TP
+#: original/man8/iptables.8:2330
+#, no-wrap
+msgid "B<--to> I<ipaddr>[B<->I<ipaddr>]"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:916
+#: original/man8/iptables.8:2334
msgid ""
-"You can add several --to-source options. If you specify more than one "
-"source address, either via an address range or multiple --to-source options, "
-"a simple round-robin (one after another in cycle) takes place between these "
-"adresses."
+"Addresses to map source to. May be specified more than once for multiple "
+"ranges."
msgstr ""
-#. type: SS
-#: original/man8/iptables.8:916
+#. type: TP
+#: original/man8/iptables.8:2334
#, no-wrap
-msgid "TCPMSS"
+msgid "B<--nodst>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:922
+#: original/man8/iptables.8:2338
msgid ""
-"This target allows to alter the MSS value of TCP SYN packets, to control the "
-"maximum size for that connection (usually limiting it to your outgoing "
-"interface's MTU minus 40). Of course, it can only be used in conjunction "
-"with B<-p tcp>."
+"Don't use the destination-ip in the calculations when selecting the new "
+"source-ip"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:928
+#: original/man8/iptables.8:2342
msgid ""
-"This target is used to overcome criminally braindead ISPs or servers which "
-"block ICMP Fragmentation Needed packets. The symptoms of this problem are "
-"that everything works fine from your Linux firewall/router, but machines "
-"behind it can never exchange large packets:"
-msgstr ""
-
-#. type: TP
-#: original/man8/iptables.8:930
-#, no-wrap
-msgid "1)"
-msgstr ""
-
-#. type: Plain text
-#: original/man8/iptables.8:933
-msgid "Web browsers connect, then hang with no data received."
+"Port mapping will be forcibly randomized to avoid attacks based on port "
+"prediction (kernel E<gt>= 2.6.21)."
msgstr ""
-#. type: TP
-#: original/man8/iptables.8:933
+#. type: SS
+#: original/man8/iptables.8:2379
#, no-wrap
-msgid "2)"
+msgid "SNAT"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:936
-msgid "Small mail works fine, but large emails hang."
+#: original/man8/iptables.8:2388
+msgid ""
+"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. "
+"It specifies that the source address of the packet should be modified (and "
+"all future packets in this connection will also be mangled), and rules "
+"should cease being examined. It takes one type of option:"
msgstr ""
#. type: TP
-#: original/man8/iptables.8:936
+#: original/man8/iptables.8:2388
#, no-wrap
-msgid "3)"
+msgid "B<--to-source> [I<ipaddr>[B<->I<ipaddr>]][B<:>I<port>[B<->I<port>]]"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:939
-msgid "ssh works fine, but scp hangs after initial handshaking."
+#: original/man8/iptables.8:2400
+msgid ""
+"which can specify a single new source IP address, an inclusive range of IP "
+"addresses, and optionally, a port range (which is only valid if the rule "
+"also specifies B<-p tcp> or B<-p udp>). If no port range is specified, then "
+"source ports below 512 will be mapped to other ports below 512: those "
+"between 512 and 1023 inclusive will be mapped to ports below 1024, and other "
+"ports will be mapped to 1024 or above. Where possible, no port alteration "
+"will occur."
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:943
+#: original/man8/iptables.8:2407
msgid ""
-"Workaround: activate this option and add a rule to your firewall "
-"configuration like:"
+"In Kernels up to 2.6.10, you can add several --to-source options. For those "
+"kernels, if you specify more than one source address, either via an address "
+"range or multiple --to-source options, a simple round-robin (one after "
+"another in cycle) takes place between these addresses. Later Kernels "
+"(E<gt>= 2.6.11-rc1) don't have the ability to NAT to multiple ranges "
+"anymore."
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:946
-#, no-wrap
+#: original/man8/iptables.8:2412
msgid ""
-" iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\e\n"
-" -j TCPMSS --clamp-mss-to-pmtu\n"
+"If option B<--random> is used then port mapping will be randomized (kernel "
+"E<gt>= 2.6.21)."
msgstr ""
-#. type: TP
-#: original/man8/iptables.8:947
+#. type: SS
+#: original/man8/iptables.8:2553
#, no-wrap
-msgid "B<--set-mss >I<value>"
+msgid "TTL"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:950
-msgid "Explicitly set MSS option to specified value."
-msgstr ""
-
-#. type: TP
-#: original/man8/iptables.8:950
-#, no-wrap
-msgid "B<--clamp-mss-to-pmtu>"
+#: original/man8/iptables.8:2557
+msgid ""
+"This is used to modify the IPv4 TTL header field. The TTL field determines "
+"how many hops (routers) a packet can traverse until it's time to live is "
+"exceeded."
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:953
-msgid "Automatically clamp MSS value to (path_MTU - 40)."
+#: original/man8/iptables.8:2562
+msgid ""
+"Setting or incrementing the TTL field can potentially be very dangerous, so "
+"it should be avoided at any cost. This target is only valid in B<mangle> "
+"table."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:953
-#, no-wrap
-msgid "These options are mutually exclusive."
-msgstr ""
-
-#. type: SS
-#: original/man8/iptables.8:955
+#: original/man8/iptables.8:2564
#, no-wrap
-msgid "TOS"
+msgid "B<--ttl-set> I<value>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:960
-msgid ""
-"This is used to set the 8-bit Type of Service field in the IP header. It is "
-"only valid in the B<mangle> table."
+#: original/man8/iptables.8:2567
+msgid "Set the TTL value to `value'."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:960
+#: original/man8/iptables.8:2567
#, no-wrap
-msgid "B<--set-tos >I<tos>"
+msgid "B<--ttl-dec> I<value>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:963
-msgid "You can use a numeric TOS values, or use"
+#: original/man8/iptables.8:2570
+msgid "Decrement the TTL value `value' times."
msgstr ""
-#. type: Plain text
-#: original/man8/iptables.8:965
+#. type: TP
+#: original/man8/iptables.8:2570
#, no-wrap
-msgid " iptables -j TOS -h\n"
+msgid "B<--ttl-inc> I<value>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:967
-msgid "to see the list of valid TOS names."
+#: original/man8/iptables.8:2573
+msgid "Increment the TTL value `value' times."
msgstr ""
#. type: SS
-#: original/man8/iptables.8:967
+#: original/man8/iptables.8:2573
#, no-wrap
msgid "ULOG"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:976
+#: original/man8/iptables.8:2582
msgid ""
"This target provides userspace logging of matching packets. When this "
"target is set for a rule, the Linux kernel will multicast this packet "
msgstr ""
#. type: TP
-#: original/man8/iptables.8:976
+#: original/man8/iptables.8:2582
#, no-wrap
-msgid "B<--ulog-nlgroup >I<nlgroup>"
+msgid "B<--ulog-nlgroup> I<nlgroup>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:980
+#: original/man8/iptables.8:2586
msgid ""
"This specifies the netlink group (1-32) to which the packet is sent. "
"Default value is 1."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:980
+#: original/man8/iptables.8:2586
#, no-wrap
-msgid "B<--ulog-prefix >I<prefix>"
+msgid "B<--ulog-prefix> I<prefix>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:984
+#: original/man8/iptables.8:2590
msgid ""
"Prefix log messages with the specified prefix; up to 32 characters long, and "
"useful for distinguishing messages in the logs."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:984
+#: original/man8/iptables.8:2590
#, no-wrap
-msgid "B<--ulog-cprange >I<size>"
+msgid "B<--ulog-cprange> I<size>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:988
+#: original/man8/iptables.8:2594
msgid ""
"Number of bytes to be copied to userspace. A value of 0 always copies the "
"entire packet, regardless of its size. Default is 0."
msgstr ""
#. type: TP
-#: original/man8/iptables.8:988
+#: original/man8/iptables.8:2594
#, no-wrap
-msgid "B<--ulog-qthreshold >I<size>"
+msgid "B<--ulog-qthreshold> I<size>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:994
+#: original/man8/iptables.8:2600
msgid ""
"Number of packet to queue inside kernel. Setting this value to, e.g. 10 "
"accumulates ten packets inside the kernel and transmits them as one netlink "
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:1016
+#: original/man8/iptables.8:2609
+msgid ""
+"Bugs? What's this? ;-) Well, you might want to have a look at "
+"http://bugzilla.netfilter.org/"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:2618
msgid ""
"This B<iptables> is very similar to ipchains by Rusty Russell. The main "
"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for "
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:1025
+#: original/man8/iptables.8:2622
msgid ""
"The other main difference is that B<-i> refers to the input interface; B<-o> "
"refers to the output interface, and both are available for packets entering "
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:1032
+#: original/man8/iptables.8:2628
msgid ""
"The various forms of NAT have been separated out; B<iptables> is a pure "
"packet filter when using the default `filter' table, with optional extension "
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:1036
+#: original/man8/iptables.8:2632
#, no-wrap
msgid ""
" -j MASQ\n"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:1038
+#: original/man8/iptables.8:2634
msgid "There are several other changes in iptables."
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:1044
+#: original/man8/iptables.8:2641
msgid ""
"B<iptables-save>(8), B<iptables-restore>(8), B<ip6tables>(8), "
-"B<ip6tables-save>(8), B<ip6tables-restore>(8)."
+"B<ip6tables-save>(8), B<ip6tables-restore>(8), B<libipq>(3)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:2647
+msgid ""
+"The packet-filtering-HOWTO details iptables usage for packet filtering, the "
+"NAT-HOWTO details NAT, the netfilter-extensions-HOWTO details the extensions "
+"that are not in the standard distribution, and the netfilter-hacking-HOWTO "
+"details the netfilter internals."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:2653
+msgid ""
+"Rusty Russell originally wrote iptables, in early consultation with Michael "
+"Neuling."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:2663
+msgid ""
+"Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as "
+"the TTL, DSCP, ECN matches and targets."
+msgstr ""
+
+#. .. and did I mention that we are incredibly cool people?
+#. .. sexy, too ..
+#. .. witty, charming, powerful ..
+#. .. and most of all, modest ..
+#. type: Plain text
+#: original/man8/iptables.8:2673
+msgid "Man page originally written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:2675
+msgid "This manual page applies to iptables @PACKAGE_VERSION@."
+msgstr ""
+
+#. type: TH
+#: original/man8/iptables-apply.8:5
+#, no-wrap
+msgid "iptables-apply"
+msgstr ""
+
+#. type: TH
+#: original/man8/iptables-apply.8:5
+#, no-wrap
+msgid "2006-06-04"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:10
+msgid "iptables-apply - a safer way to update iptables remotely"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:12
+msgid "B<iptables-apply> [-B<hV>] [B<-t> I<timeout>] I<ruleset-file>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:20
+msgid ""
+"iptables-apply will try to apply a new ruleset (as output by "
+"iptables-save/read by iptables-restore) to iptables, then prompt the user "
+"whether the changes are okay. If the new ruleset cut the existing "
+"connection, the user will not be able to answer affirmatively. In this case, "
+"the script rolls back to the previous ruleset after the timeout expired. The "
+"timeout can be set with B<-t>."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:23
+msgid ""
+"When called as ip6tables-apply, the script will use ip6tables-save/-restore "
+"instead."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables-apply.8:24
+#, no-wrap
+msgid "B<-t> I<seconds>, B<--timeout> I<seconds>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:28
+msgid ""
+"Sets the timeout after which the script will roll back to the previous "
+"ruleset."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables-apply.8:28
+#, no-wrap
+msgid "B<-h>, B<--help>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:31
+msgid "Display usage information."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables-apply.8:31
+#, no-wrap
+msgid "B<-V>, B<--version>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:34
+msgid "Display version information."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:37
+msgid "B<iptables-restore>(8), B<iptables-save>(8), B<iptables>(8)."
+msgstr ""
+
+#. type: SH
+#: original/man8/iptables-apply.8:37
+#, no-wrap
+msgid "LEGALESE"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:40
+msgid "iptables-apply is copyright by Martin F. Krafft."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:42
+msgid ""
+"This manual page was written by Martin F. Krafft "
+"E<lt>madduck@madduck.netE<gt>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:44
+msgid ""
+"Permission is granted to copy, distribute and/or modify this document under "
+"the terms of the Artistic License 2.0."
+msgstr ""
+
+#. type: TH
+#: original/man1/iptables-xml.1:1
+#, no-wrap
+msgid "IPTABLES-XML"
+msgstr ""
+
+#. type: TH
+#: original/man1/iptables-xml.1:1
+#, no-wrap
+msgid "Jul 16, 2007"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:23
+msgid "iptables-xml \\(em Convert iptables-save format to XML"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:25
+msgid "B<iptables-xml> [B<-c>] [B<-v>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:31
+msgid ""
+"B<iptables-xml> is used to convert the output of iptables-save into an "
+"easily manipulatable XML format to STDOUT. Use I/O-redirection provided by "
+"your shell to write to a file."
+msgstr ""
+
+#. type: TP
+#: original/man1/iptables-xml.1:31
+#, no-wrap
+msgid "B<-c>, B<--combine>"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:38
+msgid ""
+"combine consecutive rules with the same matches but different "
+"targets. iptables does not currently support more than one target per match, "
+"so this simulates that by collecting the targets from consecutive iptables "
+"rules into one action tag, but only when the rule matches are "
+"identical. Terminating actions like RETURN, DROP, ACCEPT and QUEUE are not "
+"combined with subsequent targets."
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:41
+msgid ""
+"Output xml comments containing the iptables line from which the XML is "
+"derived"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:48
+msgid ""
+"iptables-xml does a mechanistic conversion to a very expressive xml format; "
+"the only semantic considerations are for -g and -j targets in order to "
+"discriminate between E<lt>callE<gt> E<lt>gotoE<gt> and "
+"E<lt>nane-of-targetE<gt> as it helps xml processing scripts if they can tell "
+"the difference between a target like SNAT and another chain."
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:50
+msgid "Some sample output is:"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:74
+#, no-wrap
+msgid ""
+"E<lt>iptables-rulesE<gt>\n"
+" E<lt>table name=\"mangle\"E<gt>\n"
+" E<lt>chain name=\"PREROUTING\" policy=\"ACCEPT\" "
+"packet-count=\"63436\"\n"
+"byte-count=\"7137573\"E<gt>\n"
+" E<lt>ruleE<gt>\n"
+" E<lt>conditionsE<gt>\n"
+" E<lt>matchE<gt>\n"
+" E<lt>pE<gt>tcpE<lt>/pE<gt>\n"
+" E<lt>/matchE<gt>\n"
+" E<lt>tcpE<gt>\n"
+" E<lt>sportE<gt>8443E<lt>/sportE<gt>\n"
+" E<lt>/tcpE<gt>\n"
+" E<lt>/conditionsE<gt>\n"
+" E<lt>actionsE<gt>\n"
+" E<lt>callE<gt>\n"
+" E<lt>check_ip/E<gt>\n"
+" E<lt>/callE<gt>\n"
+" E<lt>ACCEPT/E<gt>\n"
+" E<lt>/actionsE<gt>\n"
+" E<lt>/ruleE<gt>\n"
+" E<lt>/chainE<gt>\n"
+" E<lt>/tableE<gt>\n"
+"E<lt>/iptables-rulesE<gt>\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:79
+msgid ""
+"Conversion from XML to iptables-save format may be done using the "
+"iptables.xslt script and xsltproc, or a custom program using libxsltproc or "
+"similar; in this fashion:"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:81
+msgid "xsltproc iptables.xslt my-iptables.xml | iptables-restore"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:84
+msgid "None known as of iptables-1.3.7 release"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:1066
-msgid "Harald Welte wrote the ULOG target, TTL, DSCP, ECN matches and targets."
+#: original/man1/iptables-xml.1:86
+msgid "Sam Liddicott E<lt>azez@ufomechanic.netE<gt>"
msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:1070
-msgid "Man page written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
+#: original/man1/iptables-xml.1:87
+msgid "B<iptables-save>(8), B<iptables-restore>(8), B<iptables>(8)"
msgstr ""
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2012-05-09 02:21+0900\n"
+"POT-Creation-Date: 2012-05-10 06:40+0900\n"
"PO-Revision-Date: 2012-05-09 03:09+0900\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
msgid "Jan 30, 2002"
msgstr "Jan 30, 2002"
-#. Man page written by Herve Eychenne <rv@wallfire.org> (May 1999)
-#. It is based on ipchains page.
-#. TODO: add a word for protocol helpers (FTP, IRC, SNMP-ALG)
-#. ipchains page by Paul ``Rusty'' Russell March 1997
-#. Based on the original ipfwadm man page by Jos Vos <jos@xos.nl>
+#. Man page written by Sam Liddicott <azez@ufomechanic.net>
+#. It is based on the iptables-save man page.
#. This program is free software; you can redistribute it and/or modify
#. it under the terms of the GNU General Public License as published by
#. the Free Software Foundation; either version 2 of the License, or
#: original/man8/ip6tables-restore.8:21 original/man8/ip6tables-save.8:21
#: original/man8/ip6tables.8:27 original/man8/iptables-restore.8:21
#: original/man8/iptables-save.8:21 original/man8/iptables.8:25
+#: original/man8/iptables-apply.8:8 original/man1/iptables-xml.1:21
#, no-wrap
msgid "NAME"
msgstr "名前"
#. type: Plain text
#: original/man8/ip6tables-restore.8:23
-msgid "ip6tables-restore - Restore IPv6 Tables"
+#, fuzzy
+#| msgid "ip6tables-restore - Restore IPv6 Tables"
+msgid "ip6tables-restore \\(em Restore IPv6 Tables"
msgstr "ip6tables-restore - IPv6 テーブルを復元する"
#. type: SH
#: original/man8/ip6tables-restore.8:23 original/man8/ip6tables-save.8:23
#: original/man8/ip6tables.8:29 original/man8/iptables-restore.8:23
#: original/man8/iptables-save.8:23 original/man8/iptables.8:27
+#: original/man8/iptables-apply.8:10 original/man1/iptables-xml.1:23
#, no-wrap
msgid "SYNOPSIS"
msgstr "書式"
#. type: Plain text
#: original/man8/ip6tables-restore.8:25
-msgid "B<ip6tables-restore >[-c] [-n]"
+#, fuzzy
+#| msgid "B<ip6tables-restore >[-c] [-n]"
+msgid "B<ip6tables-restore> [B<-c>] [B<-n>]"
msgstr "B<ip6tables-restore >[-c] [-n]"
#. type: SH
-#: original/man8/ip6tables-restore.8:26 original/man8/ip6tables-save.8:26
-#: original/man8/ip6tables.8:47 original/man8/iptables-restore.8:26
-#: original/man8/iptables-save.8:26 original/man8/iptables.8:45
+#: original/man8/ip6tables-restore.8:25 original/man8/ip6tables-save.8:26
+#: original/man8/ip6tables.8:55 original/man8/iptables-restore.8:25
+#: original/man8/iptables-save.8:26 original/man8/iptables.8:54
+#: original/man8/iptables-apply.8:12 original/man1/iptables-xml.1:25
#, no-wrap
msgid "DESCRIPTION"
msgstr "説明"
#. type: Plain text
-#: original/man8/ip6tables-restore.8:31
+#: original/man8/ip6tables-restore.8:30
msgid ""
"B<ip6tables-restore> is used to restore IPv6 Tables from data specified on "
"STDIN. Use I/O redirection provided by your shell to read from a file"
"ダイレクションを使うこと。"
#. type: TP
-#: original/man8/ip6tables-restore.8:31 original/man8/ip6tables-save.8:31
-#: original/man8/iptables-restore.8:31 original/man8/iptables-save.8:31
+#: original/man8/ip6tables-restore.8:30 original/man8/ip6tables-save.8:35
+#: original/man8/iptables-restore.8:30 original/man8/iptables-save.8:35
#, no-wrap
msgid "B<-c>, B<--counters>"
msgstr "B<-c>, B<--counters>"
#. type: Plain text
-#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34
+#: original/man8/ip6tables-restore.8:33 original/man8/iptables-restore.8:33
msgid "restore the values of all packet and byte counters"
msgstr "全てのパケットカウンタとバイトカウンタの値を復元する。"
#. type: TP
-#: original/man8/ip6tables-restore.8:34 original/man8/iptables-restore.8:34
+#: original/man8/ip6tables-restore.8:33 original/man8/iptables-restore.8:33
#, no-wrap
msgid "B<-n>, B<--noflush> "
msgstr "B<-n>, B<--noflush> "
#. type: Plain text
-#: original/man8/ip6tables-restore.8:39
+#: original/man8/ip6tables-restore.8:36
+msgid "don't flush the previous contents of the table. If not specified,"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables-restore.8:36 original/man8/iptables-restore.8:38
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "B<-T>, B<--table> I<name>"
+msgstr "B<-t>, B<--table> B<tablename>"
+
+#. type: Plain text
+#: original/man8/ip6tables-restore.8:41
+#, fuzzy
+#| msgid ""
+#| "don't flush the previous contents of the table. If not specified, "
+#| "B<ip6tables-restore> flushes (deletes) all previous contents of the "
+#| "respective IPv6 Table."
msgid ""
-"don't flush the previous contents of the table. If not specified, "
+"Restore only the named table even if the input stream contains other ones. "
"B<ip6tables-restore> flushes (deletes) all previous contents of the "
"respective IPv6 Table."
msgstr ""
"restore> は、これまでの各 IPv6 テーブルの内容を全てフラッシュ (削除) する。"
#. type: SH
-#: original/man8/ip6tables-restore.8:39 original/man8/ip6tables-save.8:38
-#: original/man8/ip6tables.8:745 original/man8/iptables-restore.8:39
-#: original/man8/iptables-save.8:38 original/man8/iptables.8:1000
+#: original/man8/ip6tables-restore.8:41 original/man8/ip6tables-save.8:42
+#: original/man8/ip6tables.8:2447 original/man8/iptables-restore.8:41
+#: original/man8/iptables-save.8:42 original/man8/iptables.8:2606
+#: original/man1/iptables-xml.1:82
#, no-wrap
msgid "BUGS"
msgstr "バグ"
#. type: Plain text
-#: original/man8/ip6tables-restore.8:41 original/man8/ip6tables-save.8:40
-#: original/man8/iptables-restore.8:41 original/man8/iptables-save.8:40
+#: original/man8/ip6tables-restore.8:43 original/man8/ip6tables-save.8:44
+#: original/man8/iptables-restore.8:43 original/man8/iptables-save.8:44
msgid "None known as of iptables-1.2.1 release"
msgstr "iptables-1.2.1 リリースでは知られていない。"
#. type: SH
-#: original/man8/ip6tables-restore.8:41 original/man8/ip6tables-save.8:40
-#: original/man8/ip6tables.8:799 original/man8/iptables.8:1053
+#: original/man8/ip6tables-restore.8:43 original/man8/ip6tables-save.8:44
+#: original/man8/ip6tables.8:2480 original/man8/iptables.8:2650
#, no-wrap
msgid "AUTHORS"
msgstr "作者"
#. type: Plain text
-#: original/man8/ip6tables-restore.8:43 original/man8/ip6tables-save.8:42
-#: original/man8/iptables-restore.8:43 original/man8/iptables-save.8:42
+#: original/man8/ip6tables-restore.8:45 original/man8/ip6tables-save.8:46
+#: original/man8/iptables-restore.8:45 original/man8/iptables-save.8:46
msgid "Harald Welte E<lt>laforge@gnumonks.orgE<gt>"
msgstr "Harald Welte E<lt>laforge@gnumonks.orgE<gt>"
#. type: Plain text
-#: original/man8/ip6tables-restore.8:45 original/man8/ip6tables-save.8:44
+#: original/man8/ip6tables-restore.8:47 original/man8/ip6tables-save.8:48
msgid "Andras Kis-Szabo E<lt>kisza@sch.bme.huE<gt>"
msgstr "Andras Kis-Szabo E<lt>kisza@sch.bme.huE<gt>"
#. type: SH
-#: original/man8/ip6tables-restore.8:45 original/man8/ip6tables-save.8:44
-#: original/man8/ip6tables.8:784 original/man8/iptables-restore.8:43
-#: original/man8/iptables-save.8:42 original/man8/iptables.8:1038
+#: original/man8/ip6tables-restore.8:47 original/man8/ip6tables-save.8:48
+#: original/man8/ip6tables.8:2464 original/man8/iptables-restore.8:45
+#: original/man8/iptables-save.8:46 original/man8/iptables.8:2634
+#: original/man8/iptables-apply.8:34 original/man1/iptables-xml.1:86
#, no-wrap
msgid "SEE ALSO"
msgstr "関連項目"
#. type: Plain text
-#: original/man8/ip6tables-restore.8:47
+#: original/man8/ip6tables-restore.8:49
msgid "B<ip6tables-save>(8), B<ip6tables>(8)"
msgstr "B<ip6tables-save>(8), B<ip6tables>(8)"
#. type: Plain text
-#: original/man8/ip6tables-restore.8:50 original/man8/ip6tables-save.8:49
-#: original/man8/iptables-restore.8:48 original/man8/iptables-save.8:47
+#: original/man8/ip6tables-restore.8:52 original/man8/ip6tables-save.8:53
+#: original/man8/iptables-restore.8:50 original/man8/iptables-save.8:51
msgid ""
"The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO, which "
"details NAT, and the netfilter-hacking-HOWTO which details the internals."
#. type: Plain text
#: original/man8/ip6tables-save.8:23
-msgid "ip6tables-save - Save IPv6 Tables"
-msgstr "ip6tables-save - IPv6 テーブルを保存する"
+msgid "ip6tables-save \\(em dump iptables rules to stdout"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables-save.8:25
-msgid "B<ip6tables-save >[-c] [-t table]"
+#: original/man8/ip6tables-save.8:26
+#, fuzzy
+#| msgid "B<ip6tables-save >[-c] [-t table]"
+msgid "B<ip6tables-save> [B<-M> I<modprobe>] [B<-c>] [B<-t> I<table>"
msgstr "B<ip6tables-save >[-c] [-t table]"
#. type: Plain text
"ンプするために使われる。 ファイルに書き出すためには、 シェルで提供されている "
"I/O リダイレクションを使うこと。"
+#. type: TP
+#: original/man8/ip6tables-save.8:31 original/man8/iptables-save.8:31
+#, fuzzy, no-wrap
+#| msgid "B<--modprobe=command>"
+msgid "B<-M> I<modprobe_program>"
+msgstr "B<--modprobe=command>"
+
+#. type: Plain text
+#: original/man8/ip6tables-save.8:35 original/man8/iptables-save.8:35
+msgid ""
+"Specify the path to the modprobe program. By default, iptables-save will "
+"inspect /proc/sys/kernel/modprobe to determine the executable's path."
+msgstr ""
+
#. type: Plain text
-#: original/man8/ip6tables-save.8:34 original/man8/iptables-save.8:34
+#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38
msgid ""
"include the current values of all packet and byte counters in the output"
msgstr "全てのパケットカウンタとバイトカウンタの現在の値を出力する。"
#. type: TP
-#: original/man8/ip6tables-save.8:34 original/man8/iptables-save.8:34
-#, no-wrap
-msgid "B<-t>, B<--table> B<tablename>"
+#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "B<-t>, B<--table> I<tablename>"
msgstr "B<-t>, B<--table> B<tablename>"
#. type: Plain text
-#: original/man8/ip6tables-save.8:38 original/man8/iptables-save.8:38
+#: original/man8/ip6tables-save.8:42 original/man8/iptables-save.8:42
msgid ""
"restrict output to only one table. If not specified, output includes all "
"available tables."
"ルを出力する。"
#. type: Plain text
-#: original/man8/ip6tables-save.8:46
+#: original/man8/ip6tables-save.8:50
msgid "B<ip6tables-restore>(8), B<ip6tables>(8)"
msgstr "B<ip6tables-restore>(8), B<ip6tables>(8)"
#. type: TH
#: original/man8/ip6tables.8:1 original/man8/iptables.8:1
#, no-wrap
-msgid "Mar 09, 2002"
-msgstr "Mar 09, 2002"
+msgid "iptables 1.4.13"
+msgstr ""
#. type: Plain text
#: original/man8/ip6tables.8:29
-msgid "ip6tables - IPv6 packet filter administration"
+#, fuzzy
+#| msgid "ip6tables - IPv6 packet filter administration"
+msgid "ip6tables \\(em IPv6 packet filter administration"
msgstr "ip6tables - IPv6 パケットフィルタを管理する"
#. type: Plain text
-#: original/man8/ip6tables.8:31
-msgid "B<ip6tables [-t table] -[AD] >chain rule-specification [options]"
+#: original/man8/ip6tables.8:32
+#, fuzzy
+#| msgid "B<ip6tables [-t table] -[AD] >chain rule-specification [options]"
+msgid ""
+"B<ip6tables> [B<-t> I<table>] {B<-A>|B<-C>|B<-D>} I<chain rule-"
+"specification> [I<options...>]"
msgstr "B<ip6tables [-t テーブル] -[AD] >チェイン ルールの詳細 [オプション]"
#. type: Plain text
-#: original/man8/ip6tables.8:33
-msgid "B<ip6tables [-t table] -I >chain [rulenum] rule-specification [options]"
+#: original/man8/ip6tables.8:35
+#, fuzzy
+#| msgid ""
+#| "B<ip6tables [-t table] -I >chain [rulenum] rule-specification [options]"
+msgid ""
+"B<ip6tables> [B<-t> I<table>] B<-I> I<chain> [I<rulenum>] I<rule-"
+"specification> [I<options...>]"
msgstr ""
"B<ip6tables [-t テーブル] -I >チェイン [ルール番号] ルールの詳細 [オプション]"
#. type: Plain text
-#: original/man8/ip6tables.8:35
-msgid "B<ip6tables [-t table] -R >chain rulenum rule-specification [options]"
+#: original/man8/ip6tables.8:38
+#, fuzzy
+#| msgid ""
+#| "B<ip6tables [-t table] -R >chain rulenum rule-specification [options]"
+msgid ""
+"B<ip6tables> [B<-t> I<table>] B<-R> I<chain rulenum rule-specification> "
+"[I<options...>]"
msgstr ""
"B<ip6tables [-t テーブル] -R >チェイン ルール番号 ルールの詳細 [オプション]"
#. type: Plain text
-#: original/man8/ip6tables.8:37
-msgid "B<ip6tables [-t table] -D >chain rulenum [options]"
+#: original/man8/ip6tables.8:41
+#, fuzzy
+#| msgid "B<ip6tables [-t table] -D >chain rulenum [options]"
+msgid "B<ip6tables> [B<-t> I<table>] B<-D> I<chain rulenum> [I<options...>]"
msgstr "B<ip6tables [-t テーブル] -D >チェイン ルール番号 [オプション]"
#. type: Plain text
-#: original/man8/ip6tables.8:39
-msgid "B<ip6tables [-t table] -[LFZ] >[chain] [options]"
-msgstr "B<ip6tables [-t テーブル] -[LFZ] >[チェイン] [オプション]"
+#: original/man8/ip6tables.8:43
+#, fuzzy
+#| msgid "B<ip6tables [-t table] -D >chain rulenum [options]"
+msgid "B<ip6tables> [B<-t> I<table>] B<-S> [I<chain> [I<rulenum>]]"
+msgstr "B<ip6tables [-t テーブル] -D >チェイン ルール番号 [オプション]"
#. type: Plain text
-#: original/man8/ip6tables.8:41
-msgid "B<ip6tables [-t table] -N >chain"
+#: original/man8/ip6tables.8:46
+#, fuzzy
+#| msgid "B<ip6tables [-t table] -D >chain rulenum [options]"
+msgid ""
+"B<ip6tables> [B<-t> I<table>] {B<-F>|B<-L>|B<-Z>} [I<chain> [I<rulenum>]] "
+"[I<options...>]"
+msgstr "B<ip6tables [-t テーブル] -D >チェイン ルール番号 [オプション]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:48
+#, fuzzy
+#| msgid "B<ip6tables [-t table] -N >chain"
+msgid "B<ip6tables> [B<-t> I<table>] B<-N> I<chain>"
msgstr "B<ip6tables [-t テーブル] -N >チェイン"
#. type: Plain text
-#: original/man8/ip6tables.8:43
-msgid "B<ip6tables [-t table] -X >[chain]"
+#: original/man8/ip6tables.8:50
+#, fuzzy
+#| msgid "B<ip6tables [-t table] -X >[chain]"
+msgid "B<ip6tables> [B<-t> I<table>] B<-X> [I<chain>]"
msgstr "B<ip6tables [-t テーブル] -X >[チェイン]"
#. type: Plain text
-#: original/man8/ip6tables.8:45
-msgid "B<ip6tables [-t table] -P >chain target [options]"
+#: original/man8/ip6tables.8:53
+#, fuzzy
+#| msgid "B<ip6tables [-t table] -P >chain target [options]"
+msgid "B<ip6tables> [B<-t> I<table>] B<-P> I<chain target> [I<options...>]"
msgstr "B<ip6tables [-t テーブル] -P >チェイン ターゲット [オプション]"
#. type: Plain text
-#: original/man8/ip6tables.8:47
-msgid "B<ip6tables [-t table] -E >old-chain-name new-chain-name"
+#: original/man8/ip6tables.8:55
+#, fuzzy
+#| msgid "B<ip6tables [-t table] -E >old-chain-name new-chain-name"
+msgid "B<ip6tables> [B<-t> I<table>] B<-E> I<old-chain-name new-chain-name>"
msgstr "B<ip6tables [-t テーブル] -E >旧チェイン名 新チェイン名"
#. type: Plain text
-#: original/man8/ip6tables.8:53
+#: original/man8/ip6tables.8:61
msgid ""
"B<Ip6tables> is used to set up, maintain, and inspect the tables of IPv6 "
"packet filter rules in the Linux kernel. Several different tables may be "
"含むこともできる。"
#. type: Plain text
-#: original/man8/ip6tables.8:58 original/man8/iptables.8:56
+#: original/man8/ip6tables.8:66 original/man8/iptables.8:65
msgid ""
"Each chain is a list of rules which can match a set of packets. Each rule "
"specifies what to do with a packet that matches. This is called a `target', "
"呼ばれ、 同じテーブル内のユーザー定義チェインにジャンプすることもできる。"
#. type: SH
-#: original/man8/ip6tables.8:59 original/man8/iptables.8:57
+#: original/man8/ip6tables.8:66 original/man8/iptables.8:65
#, no-wrap
msgid "TARGETS"
msgstr "ターゲット"
#. type: Plain text
-#: original/man8/ip6tables.8:70 original/man8/iptables.8:68
+#: original/man8/ip6tables.8:72 original/man8/iptables.8:71
+#, fuzzy
+#| msgid ""
+#| "A firewall rule specifies criteria for a packet, and a target. If the "
+#| "packet does not match, the next rule in the chain is the examined; if it "
+#| "does match, then the next rule is specified by the value of the target, "
+#| "which can be the name of a user-defined chain or one of the special "
+#| "values I<ACCEPT>, I<DROP>, I<QUEUE>, or I<RETURN>."
msgid ""
-"A firewall rule specifies criteria for a packet, and a target. If the "
-"packet does not match, the next rule in the chain is the examined; if it "
-"does match, then the next rule is specified by the value of the target, "
-"which can be the name of a user-defined chain or one of the special values "
-"I<ACCEPT>, I<DROP>, I<QUEUE>, or I<RETURN>."
+"A firewall rule specifies criteria for a packet and a target. If the packet "
+"does not match, the next rule in the chain is the examined; if it does "
+"match, then the next rule is specified by the value of the target, which can "
+"be the name of a user-defined chain or one of the special values B<ACCEPT>, "
+"B<DROP>, B<QUEUE> or B<RETURN>."
msgstr ""
"ファイアウォールのルールは、パケットを判断する基準とターゲットを指定する。\n"
"パケットがマッチしない場合、チェイン内の次のルールが評価される。\n"
"I<ACCEPT>, I<DROP>, I<QUEUE>, I<RETURN> のうちの 1 つである。"
#. type: Plain text
-#: original/man8/ip6tables.8:84 original/man8/iptables.8:82
-msgid ""
-"I<ACCEPT> means to let the packet through. I<DROP> means to drop the packet "
-"on the floor. I<QUEUE> means to pass the packet to userspace (if supported "
-"by the kernel). I<RETURN> means stop traversing this chain and resume at "
-"the next rule in the previous (calling) chain. If the end of a built-in "
-"chain is reached or a rule in a built-in chain with target I<RETURN> is "
-"matched, the target specified by the chain policy determines the fate of the "
-"packet."
+#: original/man8/ip6tables.8:89 original/man8/iptables.8:88
+#, fuzzy
+#| msgid ""
+#| "I<ACCEPT> means to let the packet through. I<DROP> means to drop the "
+#| "packet on the floor. I<QUEUE> means to pass the packet to userspace (if "
+#| "supported by the kernel). I<RETURN> means stop traversing this chain and "
+#| "resume at the next rule in the previous (calling) chain. If the end of a "
+#| "built-in chain is reached or a rule in a built-in chain with target "
+#| "I<RETURN> is matched, the target specified by the chain policy determines "
+#| "the fate of the packet."
+msgid ""
+"B<ACCEPT> means to let the packet through. B<DROP> means to drop the packet "
+"on the floor. B<QUEUE> means to pass the packet to userspace. (How the "
+"packet can be received by a userspace process differs by the particular "
+"queue handler. 2.4.x and 2.6.x kernels up to 2.6.13 include the B<ip_queue> "
+"queue handler. Kernels 2.6.14 and later additionally include the "
+"B<nfnetlink_queue> queue handler. Packets with a target of QUEUE will be "
+"sent to queue number '0' in this case. Please also see the B<NFQUEUE> target "
+"as described later in this man page.) B<RETURN> means stop traversing this "
+"chain and resume at the next rule in the previous (calling) chain. If the "
+"end of a built-in chain is reached or a rule in a built-in chain with target "
+"B<RETURN> is matched, the target specified by the chain policy determines "
+"the fate of the packet."
msgstr ""
"I<ACCEPT> はパケットを通すという意味である。 \n"
"I<DROP> はパケットを床に落す (捨てる) という意味である。 \n"
"チェインポリシーで指定されたターゲットが パケットの行方を決定する。"
#. type: SH
-#: original/man8/ip6tables.8:84 original/man8/iptables.8:82
+#: original/man8/ip6tables.8:89 original/man8/iptables.8:88
#, no-wrap
msgid "TABLES"
msgstr "テーブル"
#. type: Plain text
-#: original/man8/ip6tables.8:88
+#: original/man8/ip6tables.8:93 original/man8/iptables.8:92
msgid ""
-"There are currently two independent tables (which tables are present at any "
-"time depends on the kernel configuration options and which modules are "
-"present), as nat table has not been implemented yet."
+"There are currently three independent tables (which tables are present at "
+"any time depends on the kernel configuration options and which modules are "
+"present)."
msgstr ""
-"現在のところ 2 つの独立なテーブルが存在する (どのテーブルがどの時点で現れるか"
-"は、 カーネルの設定やどういったモジュールが存在するかに依存する)。 nat テーブ"
-"ルは、まだ実装されていない。"
+"現在のところ 3 つの独立なテーブルが存在する (ある時点でどのテーブルが存在する"
+"かは、 カーネルの設定やどういったモジュールが存在するかに依存する)。"
#. type: TP
-#: original/man8/ip6tables.8:88 original/man8/iptables.8:86
-#, no-wrap
-msgid "B<-t, --table >I<table>"
-msgstr "B<-t, --table >I<table>"
+#: original/man8/ip6tables.8:93 original/man8/iptables.8:92
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "B<-t>, B<--table> I<table>"
+msgstr "B<-t>, B<--table> B<tablename>"
#. type: Plain text
-#: original/man8/ip6tables.8:94 original/man8/iptables.8:92
+#: original/man8/ip6tables.8:99 original/man8/iptables.8:98
msgid ""
"This option specifies the packet matching table which the command should "
"operate on. If the kernel is configured with automatic module loading, an "
"そのモジュールがロードされる。"
#. type: Plain text
-#: original/man8/ip6tables.8:96 original/man8/iptables.8:94
+#: original/man8/ip6tables.8:101 original/man8/iptables.8:100
msgid "The tables are as follows:"
msgstr "テーブルは以下の通りである。"
#. type: TP
-#: original/man8/ip6tables.8:97 original/man8/iptables.8:95
+#: original/man8/ip6tables.8:102 original/man8/iptables.8:101
#, no-wrap
msgid "B<filter>:"
msgstr "B<filter>:"
#. type: Plain text
-#: original/man8/ip6tables.8:107 original/man8/iptables.8:105
+#: original/man8/ip6tables.8:108 original/man8/iptables.8:107
+#, fuzzy
+#| msgid ""
+#| "This is the default table (if no -t option is passed). It contains the "
+#| "built-in chains B<INPUT> (for packets coming into the box itself), "
+#| "B<FORWARD> (for packets being routed through the box), and B<OUTPUT> (for "
+#| "locally-generated packets)."
msgid ""
-"This is the default table (if no -t option is passed). It contains the "
-"built-in chains B<INPUT> (for packets coming into the box itself), "
-"B<FORWARD> (for packets being routed through the box), and B<OUTPUT> (for "
-"locally-generated packets)."
+"This is the default table (if no -t option is passed). It contains the built-"
+"in chains B<INPUT> (for packets destined to local sockets), B<FORWARD> (for "
+"packets being routed through the box), and B<OUTPUT> (for locally-generated "
+"packets)."
msgstr ""
"(-t オプションが指定されていない場合は) これがデフォルトのテーブルである。\n"
"これには B<INPUT> (マシン自体に入ってくるパケットに対するチェイン)・\n"
"組み込み済みチェインが含まれる。"
#. type: TP
-#: original/man8/ip6tables.8:107 original/man8/iptables.8:115
+#: original/man8/ip6tables.8:108 original/man8/iptables.8:114
#, no-wrap
msgid "B<mangle>:"
msgstr "B<mangle>:"
#. type: Plain text
-#: original/man8/ip6tables.8:122 original/man8/iptables.8:130
+#: original/man8/ip6tables.8:118 original/man8/iptables.8:124
msgid ""
"This table is used for specialized packet alteration. Until kernel 2.4.17 "
"it had two built-in chains: B<PREROUTING> (for altering incoming packets "
"トに対するチェイン)・ B<POSTROUTING> (パケットが出て行くときに変換する\n"
"ためのチェイン)・ という 3 つの組み込み済みチェインもサポートされる。"
+#. type: TP
+#: original/man8/ip6tables.8:118 original/man8/iptables.8:124
+#, no-wrap
+msgid "B<raw>:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:126 original/man8/iptables.8:132
+msgid ""
+"This table is used mainly for configuring exemptions from connection "
+"tracking in combination with the NOTRACK target. It registers at the "
+"netfilter hooks with higher priority and is thus called before ip_conntrack, "
+"or any other IP tables. It provides the following built-in chains: "
+"B<PREROUTING> (for packets arriving via any network interface) B<OUTPUT> "
+"(for packets generated by local processes)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:126 original/man8/iptables.8:132
+#, no-wrap
+msgid "B<security>:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:137 original/man8/iptables.8:143
+msgid ""
+"This table is used for Mandatory Access Control (MAC) networking rules, such "
+"as those enabled by the B<SECMARK> and B<CONNSECMARK> targets. Mandatory "
+"Access Control is implemented by Linux Security Modules such as SELinux. "
+"The security table is called after the filter table, allowing any "
+"Discretionary Access Control (DAC) rules in the filter table to take effect "
+"before MAC rules. This table provides the following built-in chains: "
+"B<INPUT> (for packets coming into the box itself), B<OUTPUT> (for altering "
+"locally-generated packets before routing), and B<FORWARD> (for altering "
+"packets being routed through the box)."
+msgstr ""
+
#. type: SH
-#: original/man8/ip6tables.8:123 original/man8/iptables.8:131
+#: original/man8/ip6tables.8:138 original/man8/iptables.8:144
+#: original/man8/iptables-apply.8:23
#, no-wrap
msgid "OPTIONS"
msgstr "オプション"
#. type: Plain text
-#: original/man8/ip6tables.8:127
+#: original/man8/ip6tables.8:141
msgid ""
"The options that are recognized by B<ip6tables> can be divided into several "
"different groups."
msgstr "B<ip6tables> で使えるオプションは、いくつかのグループに分けられる。"
#. type: SS
-#: original/man8/ip6tables.8:127 original/man8/iptables.8:135
+#: original/man8/ip6tables.8:141 original/man8/iptables.8:147
#, no-wrap
msgid "COMMANDS"
msgstr "コマンド"
#. type: Plain text
-#: original/man8/ip6tables.8:134
+#: original/man8/ip6tables.8:147
msgid ""
"These options specify the specific action to perform. Only one of them can "
"be specified on the command line unless otherwise specified below. For all "
"ン名と区別できる範囲で (文字を省略して) 指定することもできる。"
#. type: TP
-#: original/man8/ip6tables.8:134 original/man8/iptables.8:142
-#, no-wrap
-msgid "B<-A, --append >I<chain rule-specification>"
+#: original/man8/ip6tables.8:147 original/man8/ip6tables.8:230
+#: original/man8/iptables.8:153
+#, fuzzy, no-wrap
+#| msgid "B<-A, --append >I<chain rule-specification>"
+msgid "B<-A>, B<--append> I<chain rule-specification>"
msgstr "B<-A, --append >I<chain rule-specification>"
#. type: Plain text
-#: original/man8/ip6tables.8:139 original/man8/iptables.8:147
+#: original/man8/ip6tables.8:152 original/man8/ip6tables.8:235
+#: original/man8/iptables.8:158
msgid ""
"Append one or more rules to the end of the selected chain. When the source "
"and/or destination names resolve to more than one address, a rule will be "
"場合は、可能なアドレスの組合せそれぞれに対してルールが追加される。"
#. type: TP
-#: original/man8/ip6tables.8:139 original/man8/iptables.8:147
-#, no-wrap
-msgid "B<-D, --delete >I<chain rule-specification>"
+#: original/man8/ip6tables.8:152 original/man8/iptables.8:158
+#, fuzzy, no-wrap
+#| msgid "B<-A, --append >I<chain rule-specification>"
+msgid "B<-C>, B<--check> I<chain rule-specification>"
+msgstr "B<-A, --append >I<chain rule-specification>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:158 original/man8/iptables.8:164
+msgid ""
+"Check whether a rule matching the specification does exist in the selected "
+"chain. This command uses the same logic as B<-D> to find a matching entry, "
+"but does not alter the existing iptables configuration and uses its exit "
+"code to indicate success or failure."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:158 original/man8/iptables.8:164
+#, fuzzy, no-wrap
+#| msgid "B<-D, --delete >I<chain rule-specification>"
+msgid "B<-D>, B<--delete> I<chain rule-specification>"
msgstr "B<-D, --delete >I<chain rule-specification>"
#. type: TP
-#: original/man8/ip6tables.8:142 original/man8/iptables.8:150
-#, no-wrap
-msgid "B<-D, --delete >I<chain rulenum>"
+#: original/man8/ip6tables.8:161 original/man8/iptables.8:167
+#, fuzzy, no-wrap
+#| msgid "B<-D, --delete >I<chain rulenum>"
+msgid "B<-D>, B<--delete> I<chain rulenum>"
msgstr "B<-D, --delete >I<chain rulenum>"
#. type: Plain text
-#: original/man8/ip6tables.8:147 original/man8/iptables.8:155
+#: original/man8/ip6tables.8:166 original/man8/iptables.8:172
msgid ""
"Delete one or more rules from the selected chain. There are two versions of "
"this command: the rule can be specified as a number in the chain (starting "
"マッチするルールを指定する場合である。"
#. type: TP
-#: original/man8/ip6tables.8:147
-#, no-wrap
-msgid "B<-I, --insert>"
-msgstr "B<-I, --insert>"
+#: original/man8/ip6tables.8:166 original/man8/iptables.8:172
+#, fuzzy, no-wrap
+#| msgid "B<-I, --insert >I<chain> [I<rulenum>] I<rule-specification>"
+msgid "B<-I>, B<--insert> I<chain> [I<rulenum>] I<rule-specification>"
+msgstr "B<-I, --insert >I<チェイン> [I<ルール番号>] I<ルールの詳細>"
#. type: Plain text
-#: original/man8/ip6tables.8:153 original/man8/iptables.8:161
+#: original/man8/ip6tables.8:172 original/man8/iptables.8:178
msgid ""
"Insert one or more rules in the selected chain as the given rule number. "
"So, if the rule number is 1, the rule or rules are inserted at the head of "
"されない場合のデフォルトでもある。"
#. type: TP
-#: original/man8/ip6tables.8:153 original/man8/iptables.8:161
-#, no-wrap
-msgid "B<-R, --replace >I<chain rulenum rule-specification>"
+#: original/man8/ip6tables.8:172 original/man8/iptables.8:178
+#, fuzzy, no-wrap
+#| msgid "B<-R, --replace >I<chain rulenum rule-specification>"
+msgid "B<-R>, B<--replace> I<chain rulenum rule-specification>"
msgstr "B<-R, --replace >I<chain rulenum rule-specification>"
#. type: Plain text
-#: original/man8/ip6tables.8:158 original/man8/iptables.8:166
+#: original/man8/ip6tables.8:177 original/man8/iptables.8:183
msgid ""
"Replace a rule in the selected chain. If the source and/or destination "
"names resolve to multiple addresses, the command will fail. Rules are "
"このコマンドは失敗する。ルール番号は 1 からはじまる。"
#. type: TP
-#: original/man8/ip6tables.8:158 original/man8/iptables.8:166
-#, no-wrap
-msgid "B<-L, --list >[I<chain>]"
+#: original/man8/ip6tables.8:177 original/man8/iptables.8:183
+#, fuzzy, no-wrap
+#| msgid "B<-L, --list >[I<chain>]"
+msgid "B<-L>, B<--list> [I<chain>]"
msgstr "B<-L, --list >[I<chain>]"
#. type: Plain text
-#: original/man8/ip6tables.8:163
+#: original/man8/ip6tables.8:182
+#, fuzzy
+#| msgid ""
+#| "List all rules in the selected chain. If no chain is selected, all "
+#| "chains are listed. As every other iptables command, it applies to the "
+#| "specified table (filter is the default), so NAT rules get listed by"
msgid ""
"List all rules in the selected chain. If no chain is selected, all chains "
-"are listed. As every other iptables command, it applies to the specified "
-"table (filter is the default), so mangle rules get listed by"
+"are listed. Like every other ip6tables command, it applies to the specified "
+"table (filter is the default)."
msgstr ""
"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場"
"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同"
-"様に、 指定されたテーブル (デフォルトは filter) に対して作用する。 よって "
-"mangle ルールを表示するには以下のようにする。"
-
-#. type: Plain text
-#: original/man8/ip6tables.8:165
-#, no-wrap
-msgid " ip6tables -t mangle -n -L\n"
-msgstr " ip6tables -t mangle -n -L\n"
+"様に、指定されたテーブル (デフォルトは filter) に対して作用する。 よって NAT "
+"ルールを表示するには以下のようにする。"
#. type: Plain text
-#: original/man8/ip6tables.8:174 original/man8/iptables.8:182
+#: original/man8/ip6tables.8:189 original/man8/iptables.8:197
msgid ""
"Please note that it is often used with the B<-n> option, in order to avoid "
"long reverse DNS lookups. It is legal to specify the B<-Z> (zero) option as "
"実際のルールそのものは表示されない。"
#. type: Plain text
-#: original/man8/ip6tables.8:176
+#: original/man8/ip6tables.8:191
#, no-wrap
msgid " ip6tables -L -v\n"
msgstr " ip6tables -L -v\n"
#. type: TP
-#: original/man8/ip6tables.8:177 original/man8/iptables.8:185
-#, no-wrap
-msgid "B<-F, --flush >[I<chain>]"
+#: original/man8/ip6tables.8:192 original/man8/iptables.8:200
+#, fuzzy, no-wrap
+#| msgid "B<-L, --list >[I<chain>]"
+msgid "B<-S>, B<--list-rules> [I<chain>]"
+msgstr "B<-L, --list >[I<chain>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:197
+#, fuzzy
+#| msgid ""
+#| "List all rules in the selected chain. If no chain is selected, all "
+#| "chains are listed. As every other iptables command, it applies to the "
+#| "specified table (filter is the default), so NAT rules get listed by"
+msgid ""
+"Print all rules in the selected chain. If no chain is selected, all chains "
+"are printed like ip6tables-save. Like every other ip6tables command, it "
+"applies to the specified table (filter is the default)."
+msgstr ""
+"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場"
+"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同"
+"様に、指定されたテーブル (デフォルトは filter) に対して作用する。 よって NAT "
+"ルールを表示するには以下のようにする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:197 original/man8/iptables.8:205
+#, fuzzy, no-wrap
+#| msgid "B<-F, --flush >[I<chain>]"
+msgid "B<-F>, B<--flush> [I<chain>]"
msgstr "B<-F, --flush >[I<chain>]"
#. type: Plain text
-#: original/man8/ip6tables.8:181 original/man8/iptables.8:189
+#: original/man8/ip6tables.8:201 original/man8/iptables.8:209
msgid ""
"Flush the selected chain (all the chains in the table if none is given). "
"This is equivalent to deleting all the rules one by one."
"同じである。"
#. type: TP
-#: original/man8/ip6tables.8:181 original/man8/iptables.8:189
-#, no-wrap
-msgid "B<-Z, --zero >[I<chain>]"
+#: original/man8/ip6tables.8:201 original/man8/iptables.8:209
+#, fuzzy, no-wrap
+#| msgid "B<-Z, --zero >[I<chain>]"
+msgid "B<-Z>, B<--zero> [I<chain> [I<rulenum>]]"
msgstr "B<-Z, --zero >[I<chain>]"
#. type: Plain text
-#: original/man8/ip6tables.8:188 original/man8/iptables.8:196
+#: original/man8/ip6tables.8:209 original/man8/iptables.8:217
+#, fuzzy
+#| msgid ""
+#| "Zero the packet and byte counters in all chains. It is legal to specify "
+#| "the B<-L, --list> (list) option as well, to see the counters immediately "
+#| "before they are cleared. (See above.)"
msgid ""
-"Zero the packet and byte counters in all chains. It is legal to specify the "
-"B<-L, --list> (list) option as well, to see the counters immediately before "
-"they are cleared. (See above.)"
+"Zero the packet and byte counters in all chains, or only the given chain, or "
+"only the given rule in a chain. It is legal to specify the B<-L>, B<--list> "
+"(list) option as well, to see the counters immediately before they are "
+"cleared. (See above.)"
msgstr ""
"すべてのチェインのパケットカウンタとバイトカウンタをゼロにする。 クリアされる"
"直前のカウンタを見るために、 B<-L, --list> (一覧表示) オプションと同時に指定"
"することもできる (上記を参照)。"
#. type: TP
-#: original/man8/ip6tables.8:188 original/man8/iptables.8:196
-#, no-wrap
-msgid "B<-N, --new-chain >I<chain>"
+#: original/man8/ip6tables.8:209 original/man8/iptables.8:217
+#, fuzzy, no-wrap
+#| msgid "B<-N, --new-chain >I<chain>"
+msgid "B<-N>, B<--new-chain> I<chain>"
msgstr "B<-N, --new-chain >I<chain>"
#. type: Plain text
-#: original/man8/ip6tables.8:192 original/man8/iptables.8:200
+#: original/man8/ip6tables.8:213 original/man8/iptables.8:221
msgid ""
"Create a new user-defined chain by the given name. There must be no target "
"of that name already."
"してはならない。"
#. type: TP
-#: original/man8/ip6tables.8:192 original/man8/iptables.8:200
-#, no-wrap
-msgid "B<-X, --delete-chain >[I<chain>]"
+#: original/man8/ip6tables.8:213 original/man8/iptables.8:221
+#, fuzzy, no-wrap
+#| msgid "B<-X, --delete-chain >[I<chain>]"
+msgid "B<-X>, B<--delete-chain> [I<chain>]"
msgstr "B<-X, --delete-chain >[I<chain>]"
#. type: Plain text
-#: original/man8/ip6tables.8:198 original/man8/iptables.8:206
+#: original/man8/ip6tables.8:220 original/man8/iptables.8:228
+#, fuzzy
+#| msgid ""
+#| "Delete the optional user-defined chain specified. There must be no "
+#| "references to the chain. If there are, you must delete or replace the "
+#| "referring rules before the chain can be deleted. If no argument is "
+#| "given, it will attempt to delete every non-builtin chain in the table."
msgid ""
"Delete the optional user-defined chain specified. There must be no "
"references to the chain. If there are, you must delete or replace the "
-"referring rules before the chain can be deleted. If no argument is given, "
-"it will attempt to delete every non-builtin chain in the table."
+"referring rules before the chain can be deleted. The chain must be empty, i."
+"e. not contain any rules. If no argument is given, it will attempt to "
+"delete every non-builtin chain in the table."
msgstr ""
"指定したユーザー定義チェインを削除する。 そのチェインが参照されていては\n"
"ならない。 チェインを削除する前に、そのチェインを参照しているルールを\n"
"ブルにあるチェインのうち 組み込み済みチェインでないものを全て削除する。"
#. type: TP
-#: original/man8/ip6tables.8:198 original/man8/iptables.8:206
-#, no-wrap
-msgid "B<-P, --policy >I<chain target>"
+#: original/man8/ip6tables.8:220 original/man8/iptables.8:228
+#, fuzzy, no-wrap
+#| msgid "B<-P, --policy >I<chain target>"
+msgid "B<-P>, B<--policy> I<chain target>"
msgstr "B<-P, --policy >I<chain target>"
#. type: Plain text
-#: original/man8/ip6tables.8:205 original/man8/iptables.8:213
+#: original/man8/ip6tables.8:226 original/man8/iptables.8:234
msgid ""
"Set the policy for the chain to the given target. See the section "
"B<TARGETS> for the legal targets. Only built-in (non-user-defined) chains "
"ユーザー定義チェインも ポリシーのターゲットに設定することはできない。"
#. type: TP
-#: original/man8/ip6tables.8:205 original/man8/iptables.8:213
-#, no-wrap
-msgid "B<-E, --rename-chain >I<old-chain new-chain>"
+#: original/man8/ip6tables.8:226 original/man8/iptables.8:234
+#, fuzzy, no-wrap
+#| msgid "B<-E, --rename-chain >I<old-chain new-chain>"
+msgid "B<-E>, B<--rename-chain> I<old-chain new-chain>"
msgstr "B<-E, --rename-chain >I<old-chain new-chain>"
#. type: Plain text
-#: original/man8/ip6tables.8:209 original/man8/iptables.8:217
+#: original/man8/ip6tables.8:230 original/man8/iptables.8:238
msgid ""
"Rename the user specified chain to the user supplied name. This is "
"cosmetic, and has no effect on the structure of the table."
"テーブルの構造には何も影響しない。"
#. type: TP
-#: original/man8/ip6tables.8:209 original/man8/iptables.8:217
+#: original/man8/ip6tables.8:235 original/man8/iptables.8:238
#, no-wrap
msgid "B<-h>"
msgstr "B<-h>"
#. type: Plain text
-#: original/man8/ip6tables.8:213 original/man8/iptables.8:221
+#: original/man8/ip6tables.8:239 original/man8/iptables.8:242
msgid "Help. Give a (currently very brief) description of the command syntax."
msgstr "ヘルプ。 (今のところはとても簡単な) コマンド書式の説明を表示する。"
#. type: SS
-#: original/man8/ip6tables.8:213 original/man8/iptables.8:221
+#: original/man8/ip6tables.8:239 original/man8/iptables.8:242
#, no-wrap
msgid "PARAMETERS"
msgstr "パラメータ"
#. type: Plain text
-#: original/man8/ip6tables.8:216 original/man8/iptables.8:224
+#: original/man8/ip6tables.8:242 original/man8/iptables.8:245
msgid ""
"The following parameters make up a rule specification (as used in the add, "
"delete, insert, replace and append commands)."
"て) ルールの仕様を決める。"
#. type: TP
-#: original/man8/ip6tables.8:216 original/man8/iptables.8:224
-#, no-wrap
-msgid "B<-p, --protocol >[!] I<protocol>"
+#: original/man8/ip6tables.8:242 original/man8/iptables.8:245
+#, fuzzy, no-wrap
+#| msgid "B<-p, --protocol >[!] I<protocol>"
+msgid "[B<!>] B<-p>, B<--protocol> I<protocol>"
msgstr "B<-p, --protocol >[!] I<protocol>"
#. type: Plain text
-#: original/man8/ip6tables.8:234
+#: original/man8/ip6tables.8:260
+#, fuzzy
+#| msgid ""
+#| "The protocol of the rule or of the packet to check. The specified "
+#| "protocol can be one of I<tcp>, I<udp>, I<icmp>, or I<all>, or it can be a "
+#| "numeric value, representing one of these protocols or a different one. A "
+#| "protocol name from /etc/protocols is also allowed. A \"!\" argument "
+#| "before the protocol inverts the test. The number zero is equivalent to "
+#| "I<all>. Protocol I<all> will match with all protocols and is taken as "
+#| "default when this option is omitted."
msgid ""
"The protocol of the rule or of the packet to check. The specified protocol "
-"can be one of I<tcp>, I<udp>, I<ipv6-icmp|icmpv6>, or I<all>, or it can be a "
-"numeric value, representing one of these protocols or a different one. A "
-"protocol name from /etc/protocols is also allowed. A \"!\" argument before "
-"the protocol inverts the test. The number zero is equivalent to I<all>. "
-"Protocol I<all> will match with all protocols and is taken as default when "
-"this option is omitted."
+"can be one of B<tcp>, B<udp>, B<udplite>, B<icmpv6>, B<esp>, B<mh> or the "
+"special keyword \"B<all>\", or it can be a numeric value, representing one "
+"of these protocols or a different one. A protocol name from /etc/protocols "
+"is also allowed. But IPv6 extension headers except B<esp> are not allowed. "
+"B<esp> and B<ipv6-nonext> can be used with Kernel version 2.6.11 or later. "
+"A \"!\" argument before the protocol inverts the test. The number zero is "
+"equivalent to B<all>, which means that you cannot test the protocol field "
+"for the value 0 directly. To match on a HBH header, even if it were the "
+"last, you cannot use B<-p 0>, but always need B<-m hbh>. \"B<all>\" will "
+"match with all protocols and is taken as default when this option is omitted."
msgstr ""
"ルールで使われるプロトコル、またはチェックされるパケットのプロトコル。 指定で"
-"きるプロトコルは、 I<tcp>, I<udp>, I<ipv6-icmp|icmpv6>, I<all> のいずれか 1 "
-"ã\81¤ã\81\8bã\80\81æ\95°å\80¤ã\81§ã\81\82ã\82\8bã\80\82 æ\95°å\80¤ã\81¯ã\80\81ã\81\93ã\82\8cã\82\89ã\81®ã\83\97ã\83ã\83\88ã\82³ã\83«ã\81® 1 ã\81¤ã\80\81ã\82\82ã\81\97ã\81\8fã\81¯å\88¥ã\81®ã\83\97ã\83ã\83\88ã\82³ã\83«"
-"を表す。 /etc/protocols にあるプロトコル名も指定できる。 プロトコルの前に \"!"
-"\" を置くと、そのプロトコルを指定しないという意味になる。 数値 0 は I<all> と"
-"等しい。 プロトコル I<all> は全てのプロトコルとマッチし、 このオプションが省"
-"略された際のデフォルトである。"
+"きるプロトコルは、 I<tcp>, I<udp>, I<icmp>, I<all> のいずれか 1 つか、数値で"
+"ã\81\82ã\82\8bã\80\82 æ\95°å\80¤ã\81«ã\81¯ã\80\81ã\81\93ã\82\8cã\82\89ã\81®ã\83\97ã\83ã\83\88ã\82³ã\83«ã\81®ã\81©ã\82\8cã\81\8bã\81ªã\81\84ã\81\97å\88¥ã\81®ã\83\97ã\83ã\83\88ã\82³ã\83«ã\82\92表ã\81\99 æ\95°å\80¤ã\82\92"
+"指定することができる。 /etc/protocols にあるプロトコル名も指定できる。 プロト"
+"コルの前に \"!\" を置くと、そのプロトコルを除外するという意味になる。 数値 0 "
+"は I<all> と等しい。 プロトコル I<all> は全てのプロトコルとマッチし、 このオ"
+"プションが省略された際のデフォルトである。"
#. type: TP
-#: original/man8/ip6tables.8:234 original/man8/iptables.8:242
-#, no-wrap
-msgid "B<-s, --source >[!] I<address>[/I<mask>]"
+#: original/man8/ip6tables.8:260
+#, fuzzy, no-wrap
+#| msgid "B<-s, --source >[!] I<address>[/I<mask>]"
+msgid "[B<!>] B<-s>, B<--source> I<address>[B</>I<mask>]"
msgstr "B<-s, --source >[!] I<address>[/I<mask>]"
#. type: Plain text
-#: original/man8/ip6tables.8:254
-msgid ""
-"Source specification. I<Address> can be either a hostname (please note that "
+#: original/man8/ip6tables.8:277
+#, fuzzy
+#| msgid ""
+#| "Source specification. I<Address> can be either a network name, a "
+#| "hostname (please note that specifying any name to be resolved with a "
+#| "remote query such as DNS is a really bad idea), a network IP address "
+#| "(with /mask), or a plain IP address. The I<mask> can be either a network "
+#| "mask or a plain number, specifying the number of 1's at the left side of "
+#| "the network mask. Thus, a mask of I<24> is equivalent to "
+#| "I<255.255.255.0>. A \"!\" argument before the address specification "
+#| "inverts the sense of the address. The flag B<--src> is an alias for this "
+#| "option."
+msgid ""
+"Source specification. I<Address> can be either be a hostname, a network IP "
+"address (with B</>I<mask>), or a plain IP address. Names will be resolved "
+"once only, before the rule is submitted to the kernel. Please note that "
"specifying any name to be resolved with a remote query such as DNS is a "
-"really bad idea), a network IPv6 address (with /mask), or a plain IPv6 "
-"address. (the network name isn't supported now). The I<mask> can be either "
-"a network mask or a plain number, specifying the number of 1's at the left "
-"side of the network mask. Thus, a mask of I<64> is equivalent to I<ffff:"
-"ffff:ffff:ffff:0000:0000:0000:0000>. A \"!\" argument before the address "
-"specification inverts the sense of the address. The flag B<--src> is an "
-"alias for this option."
+"really bad idea. (Resolving network names is not supported at this time.) "
+"The I<mask> is a plain number, specifying the number of 1's at the left side "
+"of the network mask. A \"!\" argument before the address specification "
+"inverts the sense of the address. The flag B<--src> is an alias for this "
+"option. Multiple addresses can be specified, but this will B<expand to "
+"multiple rules> (when adding with -A), or will cause multiple rules to be "
+"deleted (with -D)."
msgstr ""
"送信元の指定。 I<address> はホスト名 (DNS のようなリモートへの問い合わせで解"
-"決する名前を指定するのは 非常に良くない)・ ネットワーク IPv6 アドレス (/mask "
-"を指定する)・ 通常の IPv6 アドレス (今のところ、ネットワーク名はサポートされ"
-"ていない)、のいずれかである。 I<mask> はネットワークマスクか、 ネットワークマ"
-"スクの左側にある 1 の数を指定する数値である。 つまり、 I<64> という mask は "
-"I<ffff:ffff:ffff:ffff:0000:0000:0000:0000> に等しい。 アドレス指定の前に \"!"
-"\" を置くと、そのアドレスを除外するという意味になる。 フラグ B<--src> は、こ"
-"のオプションの別名である。"
+"決する名前を指定するのは非常に良くない) ・ネットワーク IP アドレス (/mask を"
+"指定する)・ 通常の IP アドレス、のいずれかである。 I<mask> はネットワークマス"
+"クか、 ネットワークマスクの左側にある 1 の数を指定する数値である。 つまり、 "
+"I<24> という mask は I<255.255.255.0> に等しい。 アドレス指定の前に \"!\" を"
+"置くと、そのアドレスを除外するという意味になる。 フラグ B<--src> は、このオプ"
+"ションの別名である。"
#. type: TP
-#: original/man8/ip6tables.8:254 original/man8/iptables.8:261
-#, no-wrap
-msgid "B<-d, --destination >[!] I<address>[/I<mask>]"
+#: original/man8/ip6tables.8:277
+#, fuzzy, no-wrap
+#| msgid "B<-d, --destination >[!] I<address>[/I<mask>]"
+msgid "[B<!>] B<-d>, B<--destination> I<address>[B</>I<mask>]"
msgstr "B<-d, --destination >[!] I<address>[/I<mask>]"
#. type: Plain text
-#: original/man8/ip6tables.8:262 original/man8/iptables.8:269
+#: original/man8/ip6tables.8:283 original/man8/iptables.8:279
msgid ""
"Destination specification. See the description of the B<-s> (source) flag "
"for a detailed description of the syntax. The flag B<--dst> is an alias for "
"すること。 フラグ B<--dst> は、このオプションの別名である。"
#. type: TP
-#: original/man8/ip6tables.8:262 original/man8/iptables.8:269
-#, no-wrap
-msgid "B<-j, --jump >I<target>"
+#: original/man8/ip6tables.8:283 original/man8/iptables.8:279
+#, fuzzy, no-wrap
+#| msgid "B<-j, --jump >I<target>"
+msgid "B<-j>, B<--jump> I<target>"
msgstr "B<-j, --jump >I<target>"
#. type: Plain text
-#: original/man8/ip6tables.8:273 original/man8/iptables.8:280
+#: original/man8/ip6tables.8:294 original/man8/iptables.8:290
+#, fuzzy
+#| msgid ""
+#| "This specifies the target of the rule; i.e., what to do if the packet "
+#| "matches it. The target can be a user-defined chain (other than the one "
+#| "this rule is in), one of the special builtin targets which decide the "
+#| "fate of the packet immediately, or an extension (see B<EXTENSIONS> "
+#| "below). If this option is omitted in a rule, then matching the rule will "
+#| "have no effect on the packet's fate, but the counters on the rule will be "
+#| "incremented."
msgid ""
"This specifies the target of the rule; i.e., what to do if the packet "
"matches it. The target can be a user-defined chain (other than the one this "
"rule is in), one of the special builtin targets which decide the fate of the "
"packet immediately, or an extension (see B<EXTENSIONS> below). If this "
-"option is omitted in a rule, then matching the rule will have no effect on "
-"the packet's fate, but the counters on the rule will be incremented."
+"option is omitted in a rule (and B<-g> is not used), then matching the rule "
+"will have no effect on the packet's fate, but the counters on the rule will "
+"be incremented."
msgstr ""
"ルールのターゲット、つまり、パケットがマッチした場合にどうするかを指定\n"
"する。ターゲットはユーザー定義チェイン (そのルール自身が入っている\n"
"加算される。"
#. type: TP
-#: original/man8/ip6tables.8:273 original/man8/iptables.8:280
-#, no-wrap
-msgid "B<-i, --in-interface >[!] I<name>"
+#: original/man8/ip6tables.8:294 original/man8/iptables.8:290
+#, fuzzy, no-wrap
+#| msgid "B<-L, --list >[I<chain>]"
+msgid "B<-g>, B<--goto> I<chain>"
+msgstr "B<-L, --list >[I<chain>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:300 original/man8/iptables.8:296
+msgid ""
+"This specifies that the processing should continue in a user specified "
+"chain. Unlike the --jump option return will not continue processing in this "
+"chain but instead in the chain that called us via --jump."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:300 original/man8/iptables.8:296
+#, fuzzy, no-wrap
+#| msgid "B<-i, --in-interface >[!] I<name>"
+msgid "[B<!>] B<-i>, B<--in-interface> I<name>"
msgstr "B<-i, --in-interface >[!] I<name>"
#. type: Plain text
-#: original/man8/ip6tables.8:285 original/man8/iptables.8:292
+#: original/man8/ip6tables.8:308 original/man8/iptables.8:304
+#, fuzzy
+#| msgid ""
+#| "Name of an interface via which a packet is going to be received (only for "
+#| "packets entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). "
+#| "When the \"!\" argument is used before the interface name, the sense is "
+#| "inverted. If the interface name ends in a \"+\", then any interface "
+#| "which begins with this name will match. If this option is omitted, any "
+#| "interface name will match."
msgid ""
-"Name of an interface via which a packet is going to be received (only for "
-"packets entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). When "
-"the \"!\" argument is used before the interface name, the sense is "
-"inverted. If the interface name ends in a \"+\", then any interface which "
-"begins with this name will match. If this option is omitted, any interface "
-"name will match."
+"Name of an interface via which a packet was received (only for packets "
+"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). When the \"!\" "
+"argument is used before the interface name, the sense is inverted. If the "
+"interface name ends in a \"+\", then any interface which begins with this "
+"name will match. If this option is omitted, any interface name will match."
msgstr ""
"パケットを受信することになるインターフェース名 (B<INPUT>, B<FORWARD>,\n"
"B<PREROUTING> チェインに入るパケットのみ)。インターフェース名の前に\n"
"任意のインターフェース名にマッチする。"
#. type: TP
-#: original/man8/ip6tables.8:285 original/man8/iptables.8:292
-#, no-wrap
-msgid "B<-o, --out-interface >[!] I<name>"
+#: original/man8/ip6tables.8:308 original/man8/iptables.8:304
+#, fuzzy, no-wrap
+#| msgid "B<-o, --out-interface >[!] I<name>"
+msgid "[B<!>] B<-o>, B<--out-interface> I<name>"
msgstr "B<-o, --out-interface >[!] I<name>"
#. type: Plain text
-#: original/man8/ip6tables.8:296
+#: original/man8/ip6tables.8:325 original/man8/iptables.8:312
msgid ""
"Name of an interface via which a packet is going to be sent (for packets "
-"entering the B<FORWARD> and B<OUTPUT> chains). When the \"!\" argument is "
-"used before the interface name, the sense is inverted. If the interface "
-"name ends in a \"+\", then any interface which begins with this name will "
-"match. If this option is omitted, any interface name will match."
-msgstr ""
-"(B<FORWARD>, B<OUTPUT> チェインに入る) パケットを送信するインターフェース"
-"名。 インターフェース名の前に \"!\" を置くと、 そのインターフェースを除外する"
-"という意味になる。 インターフェース名が \"+\" で終っている場合、 その名前で始"
-"まる任意のインターフェース名にマッチする。 このオプションが省略された場合、 "
-"任意のインターフェース名にマッチする。"
+"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). When the \"!"
+"\" argument is used before the interface name, the sense is inverted. If "
+"the interface name ends in a \"+\", then any interface which begins with "
+"this name will match. If this option is omitted, any interface name will "
+"match."
+msgstr ""
+"パケットを送信することになるインターフェース名 (B<FORWARD>, B<OUTPUT>, "
+"B<POSTROUTING> チェインに入るパケットのみ)。 インターフェース名の前に \"!\" "
+"を置くと、 そのインターフェースを除外するという意味になる。 インターフェース"
+"名が \"+\" で終っている場合、 その名前で始まる任意のインターフェース名にマッ"
+"チする。 このオプションが省略された場合、 任意のインターフェース名にマッチす"
+"る。"
-#. Currently not supported (header-based)
-#. .B "[!] " "-f, --fragment"
-#. This means that the rule only refers to second and further fragments
-#. of fragmented packets. Since there is no way to tell the source or
-#. destination ports of such a packet (or ICMP type), such a packet will
-#. not match any rules which specify them. When the "!" argument
-#. precedes the "-f" flag, the rule will only match head fragments, or
-#. unfragmented packets.
-#. .TP
#. type: TP
-#: original/man8/ip6tables.8:296
-#, no-wrap
-msgid "B<-c, --set-counters PKTS BYTES>"
-msgstr "B<-c, --set-counters PKTS BYTES>"
+#: original/man8/ip6tables.8:325 original/man8/iptables.8:320
+#, fuzzy, no-wrap
+#| msgid "B<-c, --set-counters >I<PKTS BYTES>"
+msgid "B<-c>, B<--set-counters> I<packets bytes>"
+msgstr "B<-c, --set-counters >I<PKTS BYTES>"
#. type: Plain text
-#: original/man8/ip6tables.8:314 original/man8/iptables.8:320
+#: original/man8/ip6tables.8:330 original/man8/iptables.8:325
+#, fuzzy
+#| msgid ""
+#| "This enables the administrator to initialize the packet and byte counters "
+#| "of a rule (during B<INSERT,> B<APPEND,> B<REPLACE> operations)."
msgid ""
"This enables the administrator to initialize the packet and byte counters of "
-"a rule (during B<INSERT,> B<APPEND,> B<REPLACE> operations)."
+"a rule (during B<INSERT>, B<APPEND>, B<REPLACE> operations)."
msgstr ""
"このオプションを使うと、 (B<insert>, B<append>, B<replace> 操作において) 管理"
"者はパケットカウンタとバイトカウンタを 初期化することができる。"
#. type: SS
-#: original/man8/ip6tables.8:314 original/man8/iptables.8:320
+#: original/man8/ip6tables.8:330 original/man8/iptables.8:325
#, no-wrap
msgid "OTHER OPTIONS"
msgstr "その他のオプション"
#. type: Plain text
-#: original/man8/ip6tables.8:316 original/man8/iptables.8:322
+#: original/man8/ip6tables.8:332 original/man8/iptables.8:327
msgid "The following additional options can be specified:"
msgstr "その他に以下のオプションを指定することができる:"
#. type: TP
-#: original/man8/ip6tables.8:316 original/man8/iptables.8:322
-#, no-wrap
-msgid "B<-v, --verbose>"
+#: original/man8/ip6tables.8:332 original/man8/iptables.8:327
+#: original/man1/iptables-xml.1:38
+#, fuzzy, no-wrap
+#| msgid "B<-v, --verbose>"
+msgid "B<-v>, B<--verbose>"
msgstr "B<-v, --verbose>"
#. type: Plain text
-#: original/man8/ip6tables.8:327 original/man8/iptables.8:333
+#: original/man8/ip6tables.8:342 original/man8/iptables.8:337
+#, fuzzy
+#| msgid ""
+#| "Verbose output. This option makes the list command show the interface "
+#| "name, the rule options (if any), and the TOS masks. The packet and byte "
+#| "counters are also listed, with the suffix 'K', 'M' or 'G' for 1000, "
+#| "1,000,000 and 1,000,000,000 multipliers respectively (but see the B<-x> "
+#| "flag to change this). For appending, insertion, deletion and "
+#| "replacement, this causes detailed information on the rule or rules to be "
+#| "printed."
msgid ""
"Verbose output. This option makes the list command show the interface name, "
"the rule options (if any), and the TOS masks. The packet and byte counters "
"are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and "
"1,000,000,000 multipliers respectively (but see the B<-x> flag to change "
"this). For appending, insertion, deletion and replacement, this causes "
-"detailed information on the rule or rules to be printed."
+"detailed information on the rule or rules to be printed. B<-v> may be "
+"specified multiple times to possibly emit more detailed debug statements."
msgstr ""
"詳細な出力を行う。 list コマンドの際に、インターフェース名・ (もしあれば) "
"ルールのオプション・TOS マスクを表示させる。 パケットとバイトカウンタも表示さ"
"delete, replace コマンドに適用すると、 ルールについての詳細な情報を表示する。"
#. type: TP
-#: original/man8/ip6tables.8:327 original/man8/iptables.8:333
-#, no-wrap
-msgid "B<-n, --numeric>"
+#: original/man8/ip6tables.8:342 original/man8/iptables.8:337
+#, fuzzy, no-wrap
+#| msgid "B<-n, --numeric>"
+msgid "B<-n>, B<--numeric>"
msgstr "B<-n, --numeric>"
#. type: Plain text
-#: original/man8/ip6tables.8:333 original/man8/iptables.8:339
+#: original/man8/ip6tables.8:348 original/man8/iptables.8:343
msgid ""
"Numeric output. IP addresses and port numbers will be printed in numeric "
"format. By default, the program will try to display them as host names, "
"ホスト名・ネットワーク名・サービス名で表示しようとする。"
#. type: TP
-#: original/man8/ip6tables.8:333 original/man8/iptables.8:339
-#, no-wrap
-msgid "B<-x, --exact>"
+#: original/man8/ip6tables.8:348 original/man8/iptables.8:343
+#, fuzzy, no-wrap
+#| msgid "B<-x, --exact>"
+msgid "B<-x>, B<--exact>"
msgstr "B<-x, --exact>"
#. type: Plain text
-#: original/man8/ip6tables.8:342 original/man8/iptables.8:348
+#: original/man8/ip6tables.8:355 original/man8/iptables.8:350
msgid ""
"Expand numbers. Display the exact value of the packet and byte counters, "
"instead of only the rounded number in K's (multiples of 1000) M's "
"このオプションは、 B<-L> コマンドとしか関係しない。"
#. type: TP
-#: original/man8/ip6tables.8:342 original/man8/iptables.8:348
+#: original/man8/ip6tables.8:355 original/man8/iptables.8:350
#, no-wrap
msgid "B<--line-numbers>"
msgstr "B<--line-numbers>"
#. type: Plain text
-#: original/man8/ip6tables.8:346 original/man8/iptables.8:352
+#: original/man8/ip6tables.8:359 original/man8/iptables.8:354
msgid ""
"When listing rules, add line numbers to the beginning of each rule, "
"corresponding to that rule's position in the chain."
"各行の始めに付加する。"
#. type: TP
-#: original/man8/ip6tables.8:346 original/man8/iptables.8:352
-#, no-wrap
-msgid "B<--modprobe=command>"
+#: original/man8/ip6tables.8:359 original/man8/iptables.8:354
+#, fuzzy, no-wrap
+#| msgid "B<--modprobe=command>"
+msgid "B<--modprobe=>I<command>"
msgstr "B<--modprobe=command>"
#. type: Plain text
-#: original/man8/ip6tables.8:351 original/man8/iptables.8:357
+#: original/man8/ip6tables.8:363 original/man8/iptables.8:358
+#, fuzzy
+#| msgid ""
+#| "When adding or inserting rules into a chain, use B<command> to load any "
+#| "necessary modules (targets, match extensions, etc)."
msgid ""
-"When adding or inserting rules into a chain, use B<command> to load any "
+"When adding or inserting rules into a chain, use I<command> to load any "
"necessary modules (targets, match extensions, etc)."
msgstr ""
"チェインにルールを追加または挿入する際に、 (ターゲットやマッチングの拡張など"
"で) 必要なモジュールをロードするために使う B<command> を指定する。"
#. type: SH
-#: original/man8/ip6tables.8:351 original/man8/iptables.8:357
+#: original/man8/ip6tables.8:363 original/man8/iptables.8:358
#, no-wrap
msgid "MATCH EXTENSIONS"
msgstr "マッチングの拡張"
#. type: Plain text
-#: original/man8/ip6tables.8:370
-msgid ""
-"ip6tables can use extended packet matching modules. These are loaded in two "
-"ways: implicitly, when B<-p> or B<--protocol> is specified, or with the B<-"
-"m> or B<--match> options, followed by the matching module name; after these, "
-"various extra command line options become available, depending on the "
-"specific module. You can specify multiple extended match modules in one "
-"line, and you can use the B<-h> or B<--help> options after the module has "
-"been specified to receive help specific to that module."
+#: original/man8/ip6tables.8:373
+#, fuzzy
+#| msgid ""
+#| "ip6tables can use extended packet matching modules. These are loaded in "
+#| "two ways: implicitly, when B<-p> or B<--protocol> is specified, or with "
+#| "the B<-m> or B<--match> options, followed by the matching module name; "
+#| "after these, various extra command line options become available, "
+#| "depending on the specific module. You can specify multiple extended "
+#| "match modules in one line, and you can use the B<-h> or B<--help> options "
+#| "after the module has been specified to receive help specific to that "
+#| "module."
+msgid ""
+"ip6tables can use extended packet matching modules with the B<-m> or B<--"
+"match> options, followed by the matching module name; after these, various "
+"extra command line options become available, depending on the specific "
+"module. You can specify multiple extended match modules in one line, and "
+"you can use the B<-h> or B<--help> options after the module has been "
+"specified to receive help specific to that module."
msgstr ""
"ip6tables は拡張されたパケットマッチングモジュールを使うことができる。 これら"
"のモジュールは 2 種類の方法でロードされる: モジュールは、 B<-p> または B<--"
"を表示させるためには、 モジュールを指定した後で B<-h> または B<--help> を指定"
"すればよい。"
+#. @MATCH@
#. type: Plain text
-#: original/man8/ip6tables.8:375 original/man8/iptables.8:381
+#: original/man8/ip6tables.8:378
msgid ""
-"The following are included in the base package, and most of these can be "
-"preceded by a B<!> to invert the sense of the match."
+"If the B<-p> or B<--protocol> was specified and if and only if an unknown "
+"option is encountered, ip6tables will try load a match module of the same "
+"name as the protocol, to try making the option available."
msgstr ""
-"以下の拡張がベースパッケージに含まれている。大部分のものは、 B<!> を\n"
-"前におくことによってマッチングの意味を逆にできる。"
#. type: SS
-#: original/man8/ip6tables.8:375 original/man8/iptables.8:630
+#: original/man8/ip6tables.8:378 original/man8/iptables.8:373
#, no-wrap
-msgid "tcp"
-msgstr "tcp"
+msgid "addrtype"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:378 original/man8/iptables.8:633
+#: original/man8/ip6tables.8:383 original/man8/iptables.8:378
msgid ""
-"These extensions are loaded if `--protocol tcp' is specified. It provides "
-"the following options:"
+"This module matches packets based on their B<address type.> Address types "
+"are used within the kernel networking stack and categorize addresses into "
+"various groups. The exact definition of that group depends on the specific "
+"layer three protocol."
msgstr ""
-"これらの拡張は `--protocol tcp' が指定され場合にロードされ、 以下のオプション"
-"が提供される:"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:385 original/man8/iptables.8:380
+#, fuzzy
+#| msgid "The following additional options can be specified:"
+msgid "The following address types are possible:"
+msgstr "その他に以下のオプションを指定することができる:"
#. type: TP
-#: original/man8/ip6tables.8:378 original/man8/ip6tables.8:424
-#: original/man8/iptables.8:633 original/man8/iptables.8:698
+#: original/man8/ip6tables.8:385 original/man8/iptables.8:380
#, no-wrap
-msgid "B<--source-port >[!] I<port>[:I<port>]"
-msgstr "B<--source-port >[!] I<port>[:I<port>]"
+msgid "B<UNSPEC>"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:390 original/man8/iptables.8:645
-msgid ""
-"Source port or port range specification. This can either be a service name "
-"or a port number. An inclusive range can also be specified, using the format "
-"I<port>:I<port>. If the first port is omitted, \"0\" is assumed; if the "
-"last is omitted, \"65535\" is assumed. If the second port greater then the "
-"first they will be swapped. The flag B<--sport> is a convenient alias for "
-"this option."
+#: original/man8/ip6tables.8:388 original/man8/iptables.8:383
+msgid "an unspecified address (i.e. 0.0.0.0)"
msgstr ""
-"送信元ポートまたはポート範囲の指定。 サービス名またはポート番号を指定で\n"
-"きる。 I<port>:I<port> という形式で、2 つの番号を含む範囲を指定すること\n"
-"もできる。 最初のポートを省略した場合、\"0\" を仮定する。 最後のポートを\n"
-"省略した場合、\"65535\" を仮定する。 最初のポートが最後のポートより大きい\n"
-"場合、2 つは入れ換えられる。 フラグ B<--sport> は、このオプションの便利\n"
-"な別名である。"
#. type: TP
-#: original/man8/ip6tables.8:390 original/man8/ip6tables.8:430
-#: original/man8/iptables.8:645 original/man8/iptables.8:704
+#: original/man8/ip6tables.8:388 original/man8/iptables.8:383
#, no-wrap
-msgid "B<--destination-port >[!] I<port>[:I<port>]"
-msgstr "B<--destination-port >[!] I<port>[:I<port>]"
+msgid "B<UNICAST>"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:395 original/man8/iptables.8:650
-msgid ""
-"Destination port or port range specification. The flag B<--dport> is a "
-"convenient alias for this option."
+#: original/man8/ip6tables.8:391 original/man8/iptables.8:386
+msgid "an unicast address"
msgstr ""
-"送信先ポートまたはポート範囲の指定。 フラグ B<--dport> は、このオプションの便"
-"利な別名である。"
#. type: TP
-#: original/man8/ip6tables.8:395 original/man8/iptables.8:650
+#: original/man8/ip6tables.8:391 original/man8/iptables.8:386
#, no-wrap
-msgid "B<--tcp-flags >[!] I<mask> I<comp>"
-msgstr "B<--tcp-flags >[!] I<mask> I<comp>"
+msgid "B<LOCAL>"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:403 original/man8/iptables.8:658
-msgid ""
-"Match when the TCP flags are as specified. The first argument is the flags "
-"which we should examine, written as a comma-separated list, and the second "
-"argument is a comma-separated list of flags which must be set. Flags are: "
-"B<SYN ACK FIN RST URG PSH ALL NONE>. Hence the command"
+#: original/man8/ip6tables.8:394 original/man8/iptables.8:389
+msgid "a local address"
msgstr ""
-"TCP フラグが指定されたものと等しい場合にマッチする。 第 1 引き数は評価\n"
-"対象とするフラグで、コンマ区切りのリストである。 第 2 引き数は必ず設定\n"
-"しなければならないフラグで、コンマ区切りのリストである。 指定できるフラ\n"
-"グは B<SYN ACK FIN RST URG PSH ALL NONE> である。 よって、コマンド"
-#. type: Plain text
-#: original/man8/ip6tables.8:405
+#. type: TP
+#: original/man8/ip6tables.8:394 original/man8/iptables.8:389
#, no-wrap
-msgid " ip6tables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
-msgstr "ip6tables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+msgid "B<BROADCAST>"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:408 original/man8/iptables.8:663
-msgid ""
-"will only match packets with the SYN flag set, and the ACK, FIN and RST "
-"flags unset."
+#: original/man8/ip6tables.8:397 original/man8/iptables.8:392
+msgid "a broadcast address"
msgstr ""
-"は、SYN フラグが設定され ACK, FIN, RST フラグが設定されていない パケットにの"
-"みマッチする。"
#. type: TP
-#: original/man8/ip6tables.8:408 original/man8/iptables.8:663
+#: original/man8/ip6tables.8:397 original/man8/iptables.8:392
#, no-wrap
-msgid "B<[!] --syn>"
-msgstr "B<[!] --syn>"
+msgid "B<ANYCAST>"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:418 original/man8/iptables.8:673
-msgid ""
-"Only match TCP packets with the SYN bit set and the ACK and RST bits "
-"cleared. Such packets are used to request TCP connection initiation; for "
-"example, blocking such packets coming in an interface will prevent incoming "
-"TCP connections, but outgoing TCP connections will be unaffected. It is "
-"equivalent to B<--tcp-flags SYN,RST,ACK SYN>. If the \"!\" flag precedes "
-"the \"--syn\", the sense of the option is inverted."
+#: original/man8/ip6tables.8:400 original/man8/iptables.8:395
+msgid "an anycast packet"
msgstr ""
-"SYN ビットが設定され ACK と RST ビットがクリアされている TCP パケットに\n"
-"のみマッチする。このようなパケットは TCP 接続の開始要求に使われる。例え\n"
-"ば、あるインターフェースに入ってくるこのようなパケットをブロックすれば、\n"
-"内側への TCP 接続は禁止されるが、外側への TCP 接続には影響しない。 これ\n"
-"は B<--tcp-flags SYN,RST,ACK SYN> と等しい。 \"--syn\" の前に \"!\" フラグ\n"
-"を置くと、 SYN ビットがクリアされ ACK と RST ビットが設定されている\n"
-"TCP パケットにのみマッチする。"
#. type: TP
-#: original/man8/ip6tables.8:418 original/man8/iptables.8:673
+#: original/man8/ip6tables.8:400 original/man8/iptables.8:395
#, no-wrap
-msgid "B<--tcp-option >[!] I<number>"
-msgstr "B<--tcp-option >[!] I<number>"
+msgid "B<MULTICAST>"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:421 original/man8/iptables.8:676
-msgid "Match if TCP option set."
-msgstr "TCP オプションが設定されている場合にマッチする。"
+#: original/man8/ip6tables.8:403 original/man8/iptables.8:398
+msgid "a multicast address"
+msgstr ""
-#. type: SS
-#: original/man8/ip6tables.8:421 original/man8/iptables.8:695
+#. type: TP
+#: original/man8/ip6tables.8:403 original/man8/iptables.8:398
#, no-wrap
-msgid "udp"
-msgstr "udp"
+msgid "B<BLACKHOLE>"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:424 original/man8/iptables.8:698
-msgid ""
-"These extensions are loaded if `--protocol udp' is specified. It provides "
-"the following options:"
+#: original/man8/ip6tables.8:406 original/man8/iptables.8:401
+msgid "a blackhole address"
msgstr ""
-"これらの拡張は `--protocol udp' が指定された場合にロードされ、 以下のオプショ"
-"ンが提供される:"
-#. type: Plain text
-#: original/man8/ip6tables.8:430 original/man8/iptables.8:704
-msgid ""
-"Source port or port range specification. See the description of the B<--"
-"source-port> option of the TCP extension for details."
+#. type: TP
+#: original/man8/ip6tables.8:406 original/man8/iptables.8:401
+#, no-wrap
+msgid "B<UNREACHABLE>"
msgstr ""
-"送信元ポートまたはポート範囲の指定。 詳細は TCP 拡張の B<--source-port> オプ"
-"ションの説明を参照すること。"
#. type: Plain text
-#: original/man8/ip6tables.8:436 original/man8/iptables.8:710
-msgid ""
-"Destination port or port range specification. See the description of the "
-"B<--destination-port> option of the TCP extension for details."
+#: original/man8/ip6tables.8:409 original/man8/iptables.8:404
+msgid "an unreachable address"
msgstr ""
-"送信先ポートまたはポート範囲の指定。 詳細は TCP 拡張の B<--destination-port> "
-"オプションの説明を参照すること。"
-#. type: SS
-#: original/man8/ip6tables.8:436
+#. type: TP
+#: original/man8/ip6tables.8:409 original/man8/iptables.8:404
#, no-wrap
-msgid "ipv6-icmp"
-msgstr "ipv6-icmp"
+msgid "B<PROHIBIT>"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:439
-msgid ""
-"This extension is loaded if `--protocol ipv6-icmp' or `--protocol icmpv6' is "
-"specified. It provides the following option:"
+#: original/man8/ip6tables.8:412 original/man8/iptables.8:407
+msgid "a prohibited address"
msgstr ""
-"これらの拡張は `--protocol ipv6-icmp' または `--protocol icmpv6' が指定された"
-"場合にロードされ、 以下のオプションが提供される:"
#. type: TP
-#: original/man8/ip6tables.8:439
+#: original/man8/ip6tables.8:412 original/man8/iptables.8:407
#, no-wrap
-msgid "B<--icmpv6-type >[!] I<typename>"
-msgstr "B<--icmpv6-type >[!] I<typename>"
+msgid "B<THROW>"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:443
-msgid ""
-"This allows specification of the ICMP type, which can be a numeric IPv6-ICMP "
-"type, or one of the IPv6-ICMP type names shown by the command"
+#: original/man8/ip6tables.8:415 original/man8/ip6tables.8:418
+#: original/man8/iptables.8:410 original/man8/iptables.8:413
+msgid "FIXME"
msgstr ""
-"ICMP タイプを指定できる。タイプ指定には、 数値の IPv6-ICMP タイプ、または以下"
-"のコマンド で表示される IPv6-ICMP タイプ名を使用できる。"
-#. type: Plain text
-#: original/man8/ip6tables.8:445
+#. type: TP
+#: original/man8/ip6tables.8:415 original/man8/iptables.8:410
#, no-wrap
-msgid " ip6tables -p ipv6-icmp -h\n"
-msgstr " ip6tables -p ipv6-icmp -h\n"
+msgid "B<NAT>"
+msgstr ""
-#. type: SS
-#: original/man8/ip6tables.8:446 original/man8/iptables.8:493
+#. type: TP
+#: original/man8/ip6tables.8:418 original/man8/iptables.8:413
#, no-wrap
-msgid "mac"
-msgstr "mac"
+msgid "B<XRESOLVE>"
+msgstr ""
#. type: TP
-#: original/man8/ip6tables.8:447 original/man8/iptables.8:494
-#, no-wrap
-msgid "B<--mac-source >[!] I<address>"
-msgstr "B<--mac-source >[!] I<address>"
+#: original/man8/ip6tables.8:420 original/man8/iptables.8:415
+#, fuzzy, no-wrap
+#| msgid "B<--icmp-type >[!] I<typename>"
+msgid "[B<!>] B<--src-type> I<type>"
+msgstr "B<--icmp-type >[!] I<typename>"
#. type: Plain text
-#: original/man8/ip6tables.8:457 original/man8/iptables.8:504
-msgid ""
-"Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note "
-"that this only makes sense for packets coming from an Ethernet device and "
-"entering the B<PREROUTING>, B<FORWARD> or B<INPUT> chains."
+#: original/man8/ip6tables.8:423 original/man8/iptables.8:418
+#, fuzzy
+#| msgid ""
+#| "Matches if the packet was created by a process with the given process id."
+msgid "Matches if the source address is of given type"
msgstr ""
-"送信元 MAC アドレスにマッチする。 I<address> は XX:XX:XX:XX:XX:XX と\n"
-"いう形式でなければならない。イーサーネットデバイスから入ってくるパケッ\n"
-"トで、 B<PREROUTING>, B<FORWARD>, B<INPUT> チェインに入るパケットにしか\n"
-"意味がない。"
+"指定されたプロセス ID のプロセスにより パケットが生成されている場合にマッチす"
+"る。"
-#. type: SS
-#: original/man8/ip6tables.8:457 original/man8/iptables.8:477
-#, no-wrap
-msgid "limit"
-msgstr "limit"
+#. type: TP
+#: original/man8/ip6tables.8:423 original/man8/iptables.8:418
+#, fuzzy, no-wrap
+#| msgid "B<--icmp-type >[!] I<typename>"
+msgid "[B<!>] B<--dst-type> I<type>"
+msgstr "B<--icmp-type >[!] I<typename>"
#. type: Plain text
-#: original/man8/ip6tables.8:463 original/man8/iptables.8:483
-msgid ""
-"This module matches at a limited rate using a token bucket filter. A rule "
-"using this extension will match until this limit is reached (unless the `!' "
-"flag is used). It can be used in combination with the B<LOG> target to give "
-"limited logging, for example."
-msgstr ""
-"このモジュールは、トークンバケツフィルタを使い、 単位時間あたり制限され\n"
-"た回数だけマッチする。 この拡張を使ったルールは、(`!' フラグが指定され\n"
-"ない限り) 制限に達するまでマッチする。 例えば、このモジュールはログ記録\n"
-"を制限するために B<LOG> ターゲットと組み合わせて使うことができる。"
+#: original/man8/ip6tables.8:426 original/man8/iptables.8:421
+#, fuzzy
+#| msgid "Match against reply destination address"
+msgid "Matches if the destination address is of given type"
+msgstr "応答の宛先アドレスにマッチする。"
#. type: TP
-#: original/man8/ip6tables.8:463 original/man8/iptables.8:483
-#, no-wrap
-msgid "B<--limit >I<rate>"
+#: original/man8/ip6tables.8:426 original/man8/iptables.8:421
+#, fuzzy, no-wrap
+#| msgid "B<--limit >I<rate>"
+msgid "B<--limit-iface-in>"
msgstr "B<--limit >I<rate>"
#. type: Plain text
-#: original/man8/ip6tables.8:468 original/man8/iptables.8:488
+#: original/man8/ip6tables.8:437 original/man8/iptables.8:432
msgid ""
-"Maximum average matching rate: specified as a number, with an optional `/"
-"second', `/minute', `/hour', or `/day' suffix; the default is 3/hour."
+"The address type checking can be limited to the interface the packet is "
+"coming in. This option is only valid in the B<PREROUTING>, B<INPUT> and "
+"B<FORWARD> chains. It cannot be specified with the B<--limit-iface-out> "
+"option."
msgstr ""
-"単位時間あたりの平均マッチ回数の最大値。 数値で指定され、添字 `/second', `/"
-"minute', `/hour', `/day' を付けることもできる。 デフォルトは 3/hour である。"
#. type: TP
-#: original/man8/ip6tables.8:468 original/man8/iptables.8:488
-#, no-wrap
-msgid "B<--limit-burst >I<number>"
-msgstr "B<--limit-burst >I<number>"
+#: original/man8/ip6tables.8:437 original/man8/iptables.8:432
+#, fuzzy, no-wrap
+#| msgid "B<--limit >I<rate>"
+msgid "B<--limit-iface-out>"
+msgstr "B<--limit >I<rate>"
#. type: Plain text
-#: original/man8/ip6tables.8:473 original/man8/iptables.8:493
+#: original/man8/ip6tables.8:448 original/man8/iptables.8:443
msgid ""
-"Maximum initial number of packets to match: this number gets recharged by "
-"one every time the limit specified above is not reached, up to this number; "
-"the default is 5."
+"The address type checking can be limited to the interface the packet is "
+"going out. This option is only valid in the B<POSTROUTING>, B<OUTPUT> and "
+"B<FORWARD> chains. It cannot be specified with the B<--limit-iface-in> "
+"option."
msgstr ""
-"パケットがマッチする回数の最大初期値: 上のオプションで指定した制限に\n"
-"達しなければ、 その度ごとに、この数値になるまで 1 個ずつ増やされる。\n"
-"デフォルトは 5 である。"
#. type: SS
-#: original/man8/ip6tables.8:473 original/man8/iptables.8:514
+#: original/man8/ip6tables.8:448 original/man8/iptables.8:443
#, no-wrap
-msgid "multiport"
-msgstr "multiport"
+msgid "ah"
+msgstr "ah"
#. type: Plain text
-#: original/man8/ip6tables.8:479 original/man8/iptables.8:520
+#: original/man8/ip6tables.8:450
+#, fuzzy
+#| msgid "This module matches the SPIs in AH header of IPSec packets."
msgid ""
-"This module matches a set of source or destination ports. Up to 15 ports "
-"can be specified. It can only be used in conjunction with B<-p tcp> or B<-p "
-"udp>."
-msgstr ""
-"このモジュールは送信元や送信先のポートの集合にマッチする。 ポートは 15 個まで"
-"指定できる。 このモジュールは B<-p tcp> または B<-p udp> と組み合わせて使うこ"
-"としかできない。"
+"This module matches the parameters in Authentication header of IPsec packets."
+msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。"
#. type: TP
-#: original/man8/ip6tables.8:479 original/man8/iptables.8:520
-#, no-wrap
-msgid "B<--source-ports >I<port>[,I<port>[,I<port>...]]"
-msgstr "B<--source-ports >I<port>[,I<port>[,I<port>...]]"
+#: original/man8/ip6tables.8:450 original/man8/iptables.8:445
+#, fuzzy, no-wrap
+#| msgid "B<--ahspi >[!] I<spi>[:I<spi>]"
+msgid "[B<!>] B<--ahspi> I<spi>[B<:>I<spi>]"
+msgstr "B<--ahspi >[!] I<spi>[:I<spi>]"
#. type: Plain text
-#: original/man8/ip6tables.8:484 original/man8/iptables.8:525
-msgid ""
-"Match if the source port is one of the given ports. The flag B<--sports> is "
-"a convenient alias for this option."
+#: original/man8/ip6tables.8:453
+msgid "Matches SPI."
msgstr ""
-"送信元ポートが指定されたポートのうちのいずれかであればマッチする。 フラグ "
-"B<--sports> は、このオプションの便利な別名である。"
#. type: TP
-#: original/man8/ip6tables.8:484 original/man8/iptables.8:525
-#, no-wrap
-msgid "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
-msgstr "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
+#: original/man8/ip6tables.8:453
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "[B<!>] B<--ahlen> I<length>"
+msgstr "B<-t>, B<--table> B<tablename>"
#. type: Plain text
-#: original/man8/ip6tables.8:489 original/man8/iptables.8:530
-msgid ""
-"Match if the destination port is one of the given ports. The flag B<--"
-"dports> is a convenient alias for this option."
+#: original/man8/ip6tables.8:456 original/man8/ip6tables.8:748
+#: original/man8/ip6tables.8:870
+msgid "Total length of this header in octets."
msgstr ""
-"宛先ポートが指定されたポートのうちのいずれかであればマッチする。\n"
-"フラグ B<--dports> は、このオプションの便利な別名である。"
#. type: TP
-#: original/man8/ip6tables.8:489 original/man8/iptables.8:530
+#: original/man8/ip6tables.8:456
#, no-wrap
-msgid "B<--ports >I<port>[,I<port>[,I<port>...]]"
-msgstr "B<--ports >I<port>[,I<port>[,I<port>...]]"
+msgid "B<--ahres>"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:493 original/man8/iptables.8:534
-msgid ""
-"Match if the both the source and destination ports are equal to each other "
-"and to one of the given ports."
+#: original/man8/ip6tables.8:459
+msgid "Matches if the reserved field is filled with zero."
msgstr ""
-"送信元ポートと宛先ポートが等しく、 かつそのポートが指定されたポートの\n"
-"うちのいずれかであればマッチする。"
#. type: SS
-#: original/man8/ip6tables.8:493 original/man8/iptables.8:504
+#: original/man8/ip6tables.8:459 original/man8/iptables.8:447
#, no-wrap
-msgid "mark"
-msgstr "mark"
+msgid "cluster"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:498 original/man8/iptables.8:509
+#: original/man8/ip6tables.8:462 original/man8/iptables.8:450
msgid ""
-"This module matches the netfilter mark field associated with a packet (which "
-"can be set using the B<MARK> target below)."
+"Allows you to deploy gateway and back-end load-sharing clusters without the "
+"need of load-balancers."
msgstr ""
-"このモジュールはパケットに関連づけられた netfilter の mark フィールドにマッチ"
-"する (このフィールドは、以下の B<MARK> ターゲットで設定される)。"
-
-#. type: TP
-#: original/man8/ip6tables.8:498 original/man8/iptables.8:509
-#, no-wrap
-msgid "B<--mark >I<value>[/I<mask>]"
-msgstr "B<--mark >I<value>[/I<mask>]"
#. type: Plain text
-#: original/man8/ip6tables.8:503 original/man8/iptables.8:514
+#: original/man8/ip6tables.8:465 original/man8/iptables.8:453
msgid ""
-"Matches packets with the given unsigned mark value (if a mask is specified, "
-"this is logically ANDed with the mask before the comparison)."
+"This match requires that all the nodes see the same packets. Thus, the "
+"cluster match decides if this node has to handle a packet given the "
+"following options:"
msgstr ""
-"指定された符号なし mark 値のパケットにマッチする (mask が指定されると、比較の"
-"前に mask との論理積 (AND) がとられる)。"
-#. type: SS
-#: original/man8/ip6tables.8:503 original/man8/iptables.8:534
+#. type: TP
+#: original/man8/ip6tables.8:465 original/man8/iptables.8:453
#, no-wrap
-msgid "owner"
-msgstr "owner"
+msgid "B<--cluster-total-nodes> I<num>"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:509
-msgid ""
-"This module attempts to match various characteristics of the packet creator, "
-"for locally-generated packets. It is only valid in the B<OUTPUT> chain, and "
-"even this some packets (such as ICMP ping responses) may have no owner, and "
-"hence never match. This is regarded as experimental."
+#: original/man8/ip6tables.8:468 original/man8/iptables.8:456
+msgid "Set number of total nodes in cluster."
msgstr ""
-"このモジュールは、ローカルで生成されたパケットに付いて、 パケット生成者のいろ"
-"いろな特性とのマッチングをとる。 これは B<OUTPUT> チェインのみでしか有効でな"
-"い。 また、(ICMP ping 応答のような) パケットは、 所有者がいないので絶対にマッ"
-"チしない。 これは実験的なものという扱いである。"
#. type: TP
-#: original/man8/ip6tables.8:509 original/man8/iptables.8:540
-#, no-wrap
-msgid "B<--uid-owner >I<userid>"
-msgstr "B<--uid-owner >I<userid>"
+#: original/man8/ip6tables.8:468 original/man8/iptables.8:456
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "[B<!>] B<--cluster-local-node> I<num>"
+msgstr "B<-t>, B<--table> B<tablename>"
#. type: Plain text
-#: original/man8/ip6tables.8:513 original/man8/iptables.8:544
-msgid ""
-"Matches if the packet was created by a process with the given effective user "
-"id."
+#: original/man8/ip6tables.8:471 original/man8/iptables.8:459
+msgid "Set the local node number ID."
msgstr ""
-"指定された実効ユーザー ID のプロセスにより パケットが生成されている場合にマッ"
-"チする。"
#. type: TP
-#: original/man8/ip6tables.8:513 original/man8/iptables.8:544
+#: original/man8/ip6tables.8:471 original/man8/iptables.8:459
#, no-wrap
-msgid "B<--gid-owner >I<groupid>"
-msgstr "B<--gid-owner >I<groupid>"
+msgid "[B<!>] B<--cluster-local-nodemask> I<mask>"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:517 original/man8/iptables.8:548
+#: original/man8/ip6tables.8:475 original/man8/iptables.8:463
msgid ""
-"Matches if the packet was created by a process with the given effective "
-"group id."
+"Set the local node number ID mask. You can use this option instead of B<--"
+"cluster-local-node>."
msgstr ""
-"指定された実効グループ ID のプロセスにより パケットが生成されている場合にマッ"
-"チする。"
#. type: TP
-#: original/man8/ip6tables.8:517 original/man8/iptables.8:548
-#, no-wrap
-msgid "B<--pid-owner >I<processid>"
-msgstr "B<--pid-owner >I<processid>"
+#: original/man8/ip6tables.8:475 original/man8/iptables.8:463
+#, fuzzy, no-wrap
+#| msgid "B<--set-mss >I<value>"
+msgid "B<--cluster-hash-seed> I<value>"
+msgstr "B<--set-mss >I<value>"
#. type: Plain text
-#: original/man8/ip6tables.8:521 original/man8/iptables.8:552
-msgid ""
-"Matches if the packet was created by a process with the given process id."
+#: original/man8/ip6tables.8:478 original/man8/iptables.8:466
+msgid "Set seed value of the Jenkins hash."
msgstr ""
-"指定されたプロセス ID のプロセスにより パケットが生成されている場合にマッチす"
-"る。"
-#. type: TP
-#: original/man8/ip6tables.8:521 original/man8/iptables.8:552
+#. type: Plain text
+#: original/man8/ip6tables.8:480 original/man8/ip6tables.8:526
+#: original/man8/ip6tables.8:563 original/man8/ip6tables.8:711
+#: original/man8/ip6tables.8:1837 original/man8/ip6tables.8:1885
+#: original/man8/ip6tables.8:1931 original/man8/iptables.8:468
+#: original/man8/iptables.8:514 original/man8/iptables.8:551
+#: original/man8/iptables.8:699 original/man8/iptables.8:1755
+#: original/man8/iptables.8:1803 original/man8/iptables.8:1852
#, no-wrap
-msgid "B<--sid-owner >I<sessionid>"
-msgstr "B<--sid-owner >I<sessionid>"
+msgid "Example:"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:558 original/man8/iptables.8:556
+#: original/man8/ip6tables.8:485 original/man8/iptables.8:473
msgid ""
-"Matches if the packet was created by a process in the given session group."
+"iptables -A PREROUTING -t mangle -i eth1 -m cluster --cluster-total-nodes 2 "
+"--cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark "
+"0xffff"
msgstr ""
-"指定されたセッショングループのプロセスにより パケットが生成されている場合に"
-"マッチする。"
-
-#. type: SH
-#: original/man8/ip6tables.8:558 original/man8/iptables.8:713
-#, no-wrap
-msgid "TARGET EXTENSIONS"
-msgstr "ターゲットの拡張"
#. type: Plain text
-#: original/man8/ip6tables.8:561
+#: original/man8/ip6tables.8:490 original/man8/iptables.8:478
msgid ""
-"ip6tables can use extended target modules: the following are included in the "
-"standard distribution."
+"iptables -A PREROUTING -t mangle -i eth2 -m cluster --cluster-total-nodes 2 "
+"--cluster-local-node 1 --cluster-hash-seed 0xdeadbeef -j MARK --set-mark "
+"0xffff"
msgstr ""
-"iptables は拡張ターゲットモジュールを使うことができる: 以下のものが、標準的な"
-"ディストリビューションに含まれている。"
-#. type: SS
-#: original/man8/ip6tables.8:561 original/man8/iptables.8:762
-#, no-wrap
-msgid "LOG"
-msgstr "LOG"
+#. type: Plain text
+#: original/man8/ip6tables.8:493 original/man8/iptables.8:481
+msgid ""
+"iptables -A PREROUTING -t mangle -i eth1 -m mark ! --mark 0xffff -j DROP"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:573
+#: original/man8/ip6tables.8:496 original/man8/iptables.8:484
msgid ""
-"Turn on kernel logging of matching packets. When this option is set for a "
-"rule, the Linux kernel will print some information on all matching packets "
-"(like most IPv6 IPv6-header fields) via the kernel log (where it can be read "
-"with I<dmesg> or I<syslogd>(8)). This is a \"non-terminating target\", i.e. "
-"rule traversal continues at the next rule. So if you want to LOG the "
-"packets you refuse, use two separate rules with the same matching criteria, "
-"first using target LOG then DROP (or REJECT)."
+"iptables -A PREROUTING -t mangle -i eth2 -m mark ! --mark 0xffff -j DROP"
msgstr ""
-"マッチしたパケットをカーネルログに記録する。 このオプションがルールに対して設"
-"定されると、 Linux カーネルはマッチしたパケットについての (IPv6 における大部"
-"分の IPv6 ヘッダフィールドのような) 何らかの情報を カーネルログに表示する "
-"(カーネルログは I<dmesg> または I<syslogd>(8) で見ることができる)。 これは"
-"「非終了タ ーゲット」である。 すなわち、ルールの検討は、次のルールへと継続さ"
-"れる。 よって、拒否するパケットをログ記録したければ、 同じマッチング判断基準"
-"を持つ 2 つのルールを使用し、 最初のルールで LOG ターゲットを、 次のルールで "
-"DROP (または REJECT) ターゲットを指定する。"
-#. type: TP
-#: original/man8/ip6tables.8:573 original/man8/iptables.8:774
-#, no-wrap
-msgid "B<--log-level >I<level>"
-msgstr "B<--log-level >I<level>"
+#. type: Plain text
+#: original/man8/ip6tables.8:498 original/man8/iptables.8:486
+msgid "And the following commands to make all nodes see the same packets:"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:576 original/man8/iptables.8:777
-msgid "Level of logging (numeric or see I<syslog.conf>(5))."
+#: original/man8/ip6tables.8:500 original/man8/iptables.8:488
+msgid "ip maddr add 01:00:5e:00:01:01 dev eth1"
msgstr ""
-"ログ記録のレベル (数値て指定するか、(名前で指定する場合は)\n"
-"I<syslog.conf>(5) を参照すること)。"
-#. type: TP
-#: original/man8/ip6tables.8:576 original/man8/iptables.8:777
-#, no-wrap
-msgid "B<--log-prefix >I<prefix>"
-msgstr "B<--log-prefix >I<prefix>"
+#. type: Plain text
+#: original/man8/ip6tables.8:502 original/man8/iptables.8:490
+msgid "ip maddr add 01:00:5e:00:01:02 dev eth2"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:580 original/man8/iptables.8:781
+#: original/man8/ip6tables.8:505 original/man8/iptables.8:493
msgid ""
-"Prefix log messages with the specified prefix; up to 29 letters long, and "
-"useful for distinguishing messages in the logs."
+"arptables -A OUTPUT -o eth1 --h-length 6 -j mangle --mangle-mac-s "
+"01:00:5e:00:01:01"
msgstr ""
-"指定したプレフィックスをログメッセージの前に付ける。\n"
-"プレフィックスは 29 文字までの長さで、\n"
-"ログの中でメッセージを区別するのに役立つ。"
-
-#. type: TP
-#: original/man8/ip6tables.8:580 original/man8/iptables.8:781
-#, no-wrap
-msgid "B<--log-tcp-sequence>"
-msgstr "B<--log-tcp-sequence>"
#. type: Plain text
-#: original/man8/ip6tables.8:584 original/man8/iptables.8:785
+#: original/man8/ip6tables.8:509 original/man8/iptables.8:497
msgid ""
-"Log TCP sequence numbers. This is a security risk if the log is readable by "
-"users."
+"arptables -A INPUT -i eth1 --h-length 6 --destination-mac 01:00:5e:00:01:01 -"
+"j mangle --mangle-mac-d 00:zz:yy:xx:5a:27"
msgstr ""
-"TCP シーケンス番号をログに記録する。 ログがユーザーから読める場合、セキュリ"
-"ティ上の危険がある。"
-#. type: TP
-#: original/man8/ip6tables.8:584 original/man8/iptables.8:785
-#, no-wrap
-msgid "B<--log-tcp-options>"
-msgstr "B<--log-tcp-options>"
+#. type: Plain text
+#: original/man8/ip6tables.8:512 original/man8/iptables.8:500
+msgid ""
+"arptables -A OUTPUT -o eth2 --h-length 6 -j mangle --mangle-mac-s "
+"01:00:5e:00:01:02"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:587 original/man8/iptables.8:788
-msgid "Log options from the TCP packet header."
-msgstr "TCP パケットヘッダのオプションをログに記録する。"
+#: original/man8/ip6tables.8:516 original/man8/iptables.8:504
+msgid ""
+"arptables -A INPUT -i eth2 --h-length 6 --destination-mac 01:00:5e:00:01:02 -"
+"j mangle --mangle-mac-d 00:zz:yy:xx:5a:27"
+msgstr ""
-#. type: TP
-#: original/man8/ip6tables.8:587 original/man8/iptables.8:788
-#, no-wrap
-msgid "B<--log-ip-options>"
-msgstr "B<--log-ip-options>"
+#. type: Plain text
+#: original/man8/ip6tables.8:520 original/man8/iptables.8:508
+msgid ""
+"In the case of TCP connections, pickup facility has to be disabled to avoid "
+"marking TCP ACK packets coming in the reply direction as valid."
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:590
-msgid "Log options from the IPv6 packet header."
-msgstr "IPv6 パケットヘッダのオプションをログに記録する。"
+#: original/man8/ip6tables.8:522 original/man8/iptables.8:510
+msgid "echo 0 E<gt> /proc/sys/net/netfilter/nf_conntrack_tcp_loose"
+msgstr ""
#. type: SS
-#: original/man8/ip6tables.8:590 original/man8/iptables.8:791
+#: original/man8/ip6tables.8:522 original/man8/iptables.8:510
#, no-wrap
-msgid "MARK"
-msgstr "MARK"
+msgid "comment"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:595
-msgid ""
-"This is used to set the netfilter mark value associated with the packet. It "
-"is only valid in the B<mangle> table."
+#: original/man8/ip6tables.8:524 original/man8/iptables.8:512
+msgid "Allows you to add comments (up to 256 characters) to any rule."
msgstr ""
-"パケットに関連づけられた netfilter の mark 値を指定する。 B<mangle> テーブル"
-"のみで有効である。"
#. type: TP
-#: original/man8/ip6tables.8:595 original/man8/iptables.8:796
+#: original/man8/ip6tables.8:524 original/man8/iptables.8:512
#, no-wrap
-msgid "B<--set-mark >I<mark>"
-msgstr "B<--set-mark >I<mark>"
+msgid "B<--comment> I<comment>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:529 original/man8/iptables.8:517
+msgid "iptables -A INPUT -i eth1 -m comment --comment \"my local LAN\""
+msgstr ""
#. type: SS
-#: original/man8/ip6tables.8:597 original/man8/iptables.8:853
+#: original/man8/ip6tables.8:529 original/man8/iptables.8:517
#, no-wrap
-msgid "REJECT"
-msgstr "REJECT"
+msgid "connbytes"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:610 original/man8/iptables.8:866
+#: original/man8/ip6tables.8:533 original/man8/iptables.8:521
msgid ""
-"This is used to send back an error packet in response to the matched packet: "
-"otherwise it is equivalent to B<DROP> so it is a terminating TARGET, ending "
-"rule traversal. This target is only valid in the B<INPUT>, B<FORWARD> and "
-"B<OUTPUT> chains, and user-defined chains which are only called from those "
-"chains. The following option controls the nature of the error packet "
-"returned:"
+"Match by how many bytes or packets a connection (or one of the two flows "
+"constituting the connection) has transferred so far, or by average bytes per "
+"packet."
msgstr ""
-"マッチしたパケットの応答としてエラーパケットを送信するために使われる。\n"
-"エラーパケットを送らなければ、 B<DROP> と同じであり、TARGET を終了し、\n"
-"ルールの検討を終了する。 このターゲットは、 B<INPUT>, B<FORWARD>,\n"
-"B<OUTPUT> チェインと、これらのチェインから呼ばれる ユーザー定義チェイン\n"
-"だけで有効である。以下のオプションは、返されるエラーパケットの特性を\n"
-"制御する。"
-
-#. type: TP
-#: original/man8/ip6tables.8:610 original/man8/iptables.8:866
-#, no-wrap
-msgid "B<--reject-with >I<type>"
-msgstr "B<--reject-with >I<type>"
#. type: Plain text
-#: original/man8/ip6tables.8:613 original/man8/iptables.8:869
-msgid "The type given can be"
-msgstr "type として指定可能なものは"
-
-#. type: Plain text
-#: original/man8/ip6tables.8:622
-#, no-wrap
-msgid ""
-"B<icmp6-no-route>\n"
-"B<no-route>\n"
-"B<icmp6-adm-prohibited>\n"
-"B<adm-prohibited>\n"
-"B<icmp6-addr-unreachable>\n"
-"B<addr-unreach>\n"
-"B<icmp6-port-unreachable>\n"
-"B<port-unreach>\n"
-msgstr ""
-"B<icmp6-no-route>\n"
-"B<no-route>\n"
-"B<icmp6-adm-prohibited>\n"
-"B<adm-prohibited>\n"
-"B<icmp6-addr-unreachable>\n"
-"B<addr-unreach>\n"
-"B<icmp6-port-unreachable>\n"
-"B<port-unreach>\n"
-
-#. .SS TOS
-#. This is used to set the 8-bit Type of Service field in the IP header.
-#. It is only valid in the
-#. .B mangle
-#. table.
-#. .TP
-#. .BI "--set-tos " "tos"
-#. You can use a numeric TOS values, or use
-#. .br
-#. iptables -j TOS -h
-#. .br
-#. to see the list of valid TOS names.
-#. .SS MIRROR
-#. This is an experimental demonstration target which inverts the source
-#. and destination fields in the IP header and retransmits the packet.
-#. It is only valid in the
-#. .BR INPUT ,
-#. .B FORWARD
-#. and
-#. .B PREROUTING
-#. chains, and user-defined chains which are only called from those
-#. chains. Note that the outgoing packets are
-#. .B NOT
-#. seen by any packet filtering chains, connection tracking or NAT, to
-#. avoid loops and other problems.
-#. .SS SNAT
-#. This target is only valid in the
-#. .B nat
-#. table, in the
-#. .B POSTROUTING
-#. chain. It specifies that the source address of the packet should be
-#. modified (and all future packets in this connection will also be
-#. mangled), and rules should cease being examined. It takes one option:
-#. .TP
-#. .BR "--to-source " "\fIipaddr\fP[-\fIipaddr\fP][:\fIport\fP-\fIport\fP]"
-#. which can specify a single new source IP address, an inclusive range
-#. of IP addresses, and optionally, a port range (which is only valid if
-#. the rule also specifies
-#. .B "-p tcp"
-#. or
-#. .BR "-p udp" ).
-#. If no port range is specified, then source ports below 512 will be
-#. mapped to other ports below 512: those between 512 and 1023 inclusive
-#. will be mapped to ports below 1024, and other ports will be mapped to
-#. 1024 or above. Where possible, no port alteration will occur.
-#. .SS DNAT
-#. This target is only valid in the
-#. .B nat
-#. table, in the
-#. .B PREROUTING
-#. and
-#. .B OUTPUT
-#. chains, and user-defined chains which are only called from those
-#. chains. It specifies that the destination address of the packet
-#. should be modified (and all future packets in this connection will
-#. also be mangled), and rules should cease being examined. It takes one
-#. option:
-#. .TP
-#. .BR "--to-destination " "\fIipaddr\fP[-\fIipaddr\fP][:\fIport\fP-\fIport\fP]"
-#. which can specify a single new destination IP address, an inclusive
-#. range of IP addresses, and optionally, a port range (which is only
-#. valid if the rule also specifies
-#. .B "-p tcp"
-#. or
-#. .BR "-p udp" ).
-#. If no port range is specified, then the destination port will never be
-#. modified.
-#. .SS MASQUERADE
-#. This target is only valid in the
-#. .B nat
-#. table, in the
-#. .B POSTROUTING
-#. chain. It should only be used with dynamically assigned IP (dialup)
-#. connections: if you have a static IP address, you should use the SNAT
-#. target. Masquerading is equivalent to specifying a mapping to the IP
-#. address of the interface the packet is going out, but also has the
-#. effect that connections are
-#. .I forgotten
-#. when the interface goes down. This is the correct behavior when the
-#. next dialup is unlikely to have the same interface address (and hence
-#. any established connections are lost anyway). It takes one option:
-#. .TP
-#. .BR "--to-ports " "\fIport\fP[-\fIport\fP]"
-#. This specifies a range of source ports to use, overriding the default
-#. .B SNAT
-#. source port-selection heuristics (see above). This is only valid
-#. if the rule also specifies
-#. .B "-p tcp"
-#. or
-#. .BR "-p udp" .
-#. .SS REDIRECT
-#. This target is only valid in the
-#. .B nat
-#. table, in the
-#. .B PREROUTING
-#. and
-#. .B OUTPUT
-#. chains, and user-defined chains which are only called from those
-#. chains. It alters the destination IP address to send the packet to
-#. the machine itself (locally-generated packets are mapped to the
-#. 127.0.0.1 address). It takes one option:
-#. .TP
-#. .BR "--to-ports " "\fIport\fP[-\fIport\fP]"
-#. This specifies a destination port or range of ports to use: without
-#. this, the destination port is never altered. This is only valid
-#. if the rule also specifies
-#. .B "-p tcp"
-#. or
-#. .BR "-p udp" .
-#. type: Plain text
-#: original/man8/ip6tables.8:740
-msgid ""
-"which return the appropriate IPv6-ICMP error message (B<port-unreach> is the "
-"default). Finally, the option B<tcp-reset> can be used on rules which only "
-"match the TCP protocol: this causes a TCP RST packet to be sent back. This "
-"is mainly useful for blocking I<ident> (113/tcp) probes which frequently "
-"occur when sending mail to broken mail hosts (which won't accept your mail "
-"otherwise)."
+#: original/man8/ip6tables.8:535 original/man8/iptables.8:523
+msgid "The counters are 64-bit and are thus not expected to overflow ;)"
msgstr ""
-"であり、適切な IPv6-ICMP エラーメッセージを返す (B<port-unreach> がデフォルト"
-"である)。 さらに、TCP プロトコルにのみマッチするルールに対して、オプション "
-"B<tcp-reset> を使うことができる。 このオプションを使うと、TCP RST パケットが"
-"送り返される。 主として I<ident> (113/tcp) による探査を阻止するのに役立つ。 "
-"I<ident> による探査は、壊れている (メールを受け取らない) メールホストに メー"
-"ルが送られる場合に頻繁に起こる。"
-#. type: SH
-#: original/man8/ip6tables.8:740 original/man8/iptables.8:995
-#, no-wrap
-msgid "DIAGNOSTICS"
-msgstr "返り値"
+#. type: Plain text
+#: original/man8/ip6tables.8:538 original/man8/iptables.8:526
+msgid ""
+"The primary use is to detect long-lived downloads and mark them to be "
+"scheduled using a lower priority band in traffic control."
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:745 original/man8/iptables.8:1000
+#: original/man8/ip6tables.8:541 original/man8/iptables.8:529
msgid ""
-"Various error messages are printed to standard error. The exit code is 0 "
-"for correct functioning. Errors which appear to be caused by invalid or "
-"abused command line parameters cause an exit code of 2, and other errors "
-"cause an exit code of 1."
+"The transferred bytes per connection can also be viewed through `conntrack -"
+"L` and accessed via ctnetlink."
msgstr ""
-"いろいろなエラーメッセージが標準エラーに表示される。 正しく機能した場合、終了"
-"コードは 0 である。 不正なコマンドラインパラメータによりエラーが発生した場合"
-"は、 終了コード 2 が返される。 その他のエラーの場合は、終了コード 1 が返され"
-"る。"
#. type: Plain text
-#: original/man8/ip6tables.8:748 original/man8/iptables.8:1003
+#: original/man8/ip6tables.8:547 original/man8/iptables.8:535
msgid ""
-"Bugs? What's this? ;-) Well... the counters are not reliable on sparc64."
+"NOTE that for connections which have no accounting information, the match "
+"will always return false. The \"net.netfilter.nf_conntrack_acct\" sysctl "
+"flag controls whether B<new> connections will be byte/packet counted. "
+"Existing connection flows will not be gaining/losing a/the accounting "
+"structure when be sysctl flag is flipped."
msgstr ""
-"バグ? バグって何? ;-) えーと…、sparc64 ではカウンター値が信頼できない。"
-#. type: SH
-#: original/man8/ip6tables.8:748 original/man8/iptables.8:1003
+#. type: TP
+#: original/man8/ip6tables.8:547 original/man8/iptables.8:535
#, no-wrap
-msgid "COMPATIBILITY WITH IPCHAINS"
-msgstr "IPCHAINS との互換性"
+msgid "[B<!>] B<--connbytes> I<from>[B<:>I<to>]"
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:761
+#: original/man8/ip6tables.8:553 original/man8/iptables.8:541
msgid ""
-"This B<ip6tables> is very similar to ipchains by Rusty Russell. The main "
-"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for "
-"packets coming into the local host and originating from the local host "
-"respectively. Hence every packet only passes through one of the three "
-"chains (except loopback traffic, which involves both INPUT and OUTPUT "
-"chains); previously a forwarded packet would pass through all three."
+"match packets from a connection whose packets/bytes/average packet size is "
+"more than FROM and less than TO bytes/packets. if TO is omitted only FROM "
+"check is done. \"!\" is used to match packets not falling in the range."
msgstr ""
-"B<ip6tables> は、Rusty Russell の ipchains と非常によく似ている。 大きな違い"
-"は、チェイン B<INPUT> と B<OUTPUT> が、それぞれローカルホストに入ってくるパ"
-"ケットと、 ローカルホストから出されるパケットのみしか調べないという点であ"
-"る。 よって、全てのパケットは 3 つあるチェインのうち 1 つしか通らない (ループ"
-"バックトラフィックは例外で、INPUT と OUTPUT チェインの両方を通る)。 以前は "
-"(ipchains では)、 フォワードされるパケットが 3 つのチェイン全てを通っていた。"
-#. .PP The various forms of NAT have been separated out;
-#. .B iptables
-#. is a pure packet filter when using the default `filter' table, with
-#. optional extension modules. This should simplify much of the previous
-#. confusion over the combination of IP masquerading and packet filtering
-#. seen previously. So the following options are handled differently:
-#. .br
-#. -j MASQ
-#. .br
-#. -M -S
-#. .br
-#. -M -L
-#. .br
-#. type: Plain text
-#: original/man8/ip6tables.8:784
-msgid ""
-"The other main difference is that B<-i> refers to the input interface; B<-o> "
-"refers to the output interface, and both are available for packets entering "
-"the B<FORWARD> chain. There are several other changes in ip6tables."
+#. type: TP
+#: original/man8/ip6tables.8:553 original/man8/iptables.8:541
+#, no-wrap
+msgid "B<--connbytes-dir> {B<original>|B<reply>|B<both>}"
msgstr ""
-"その他の大きな違いは、 B<-i> で入力インターフェース、 B<-o> で出力インター"
-"フェースを指定し、 ともに B<FORWARD> チェインに入るパケットに対して指定可能な"
-"点である。 ip6tables では、その他にもいくつかの変更がある。"
#. type: Plain text
-#: original/man8/ip6tables.8:790
-msgid ""
-"B<ip6tables-save>(8), B<ip6tables-restore(8),> B<iptables>(8), B<iptables-"
-"save>(8), B<iptables-restore>(8)."
+#: original/man8/ip6tables.8:556 original/man8/iptables.8:544
+msgid "which packets to consider"
msgstr ""
-"B<ip6tables-save>(8), B<ip6tables-restore(8),> B<iptables>(8), B<iptables-"
-"save>(8), B<iptables-restore>(8)."
-#. type: Plain text
-#: original/man8/ip6tables.8:796 original/man8/iptables.8:1050
-msgid ""
-"The packet-filtering-HOWTO details iptables usage for packet filtering, the "
-"NAT-HOWTO details NAT, the netfilter-extensions-HOWTO details the extensions "
-"that are not in the standard distribution, and the netfilter-hacking-HOWTO "
-"details the netfilter internals."
+#. type: TP
+#: original/man8/ip6tables.8:556 original/man8/iptables.8:544
+#, no-wrap
+msgid "B<--connbytes-mode> {B<packets>|B<bytes>|B<avgpkt>}"
msgstr ""
-"パケットフィルタリングについての詳細な iptables の使用法を\n"
-"説明している packet-filtering-HOWTO。\n"
-"NAT について詳細に説明している NAT-HOWTO。\n"
-"標準的な配布には含まれない拡張の詳細を 説明している \n"
-"netfilter-extensions-HOWTO。\n"
-"内部構造について詳細に説明している netfilter-hacking-HOWTO。"
#. type: Plain text
-#: original/man8/ip6tables.8:799 original/man8/iptables.8:1053
-msgid "See B<http://www.netfilter.org/>."
-msgstr "B<http://www.netfilter.org/> を参照。"
+#: original/man8/ip6tables.8:563 original/man8/iptables.8:551
+msgid ""
+"whether to check the amount of packets, number of bytes transferred or the "
+"average size (in bytes) of all packets received so far. Note that when \"both"
+"\" is used together with \"avgpkt\", and data is going (mainly) only in one "
+"direction (for example HTTP), the average packet size will be about half of "
+"the actual data packets."
+msgstr ""
#. type: Plain text
-#: original/man8/ip6tables.8:802 original/man8/iptables.8:1056
+#: original/man8/ip6tables.8:566 original/man8/iptables.8:554
msgid ""
-"Rusty Russell wrote iptables, in early consultation with Michael Neuling."
+"iptables .. -m connbytes --connbytes 10000:100000 --connbytes-dir both --"
+"connbytes-mode bytes ..."
msgstr ""
-"Rusty Russell は、初期の段階で Michael Neuling に相談して iptables を書いた。"
+
+#. type: SS
+#: original/man8/ip6tables.8:566 original/man8/iptables.8:554
+#, fuzzy, no-wrap
+#| msgid "limit"
+msgid "connlimit"
+msgstr "limit"
#. type: Plain text
-#: original/man8/ip6tables.8:806 original/man8/iptables.8:1060
+#: original/man8/ip6tables.8:569 original/man8/iptables.8:557
msgid ""
-"Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet "
-"selection framework in iptables, then wrote the mangle table, the owner "
-"match, the mark stuff, and ran around doing cool stuff everywhere."
+"Allows you to restrict the number of parallel connections to a server per "
+"client IP address (or client address block)."
msgstr ""
-"Marc Boucher は Rusty に iptables の一般的なパケット選択の考え方を勧めて、 "
-"ipnatctl を止めさせた。 そして、mangle テーブル・所有者マッチング・ mark 機能"
-"を書き、いたるところで使われている素晴らしいコードを書いた。"
-#. type: Plain text
-#: original/man8/ip6tables.8:808 original/man8/iptables.8:1062
-msgid "James Morris wrote the TOS target, and tos match."
-msgstr "James Morris が TOS ターゲットと tos マッチングを書いた。"
+#. type: TP
+#: original/man8/ip6tables.8:569 original/man8/iptables.8:557
+#, fuzzy, no-wrap
+#| msgid "B<--limit-burst >I<number>"
+msgid "B<--connlimit-upto> I<n>"
+msgstr "B<--limit-burst >I<number>"
#. type: Plain text
-#: original/man8/ip6tables.8:810 original/man8/iptables.8:1064
-msgid "Jozsef Kadlecsik wrote the REJECT target."
-msgstr "Jozsef Kadlecsik が REJECT ターゲットを書いた。"
+#: original/man8/ip6tables.8:572 original/man8/iptables.8:560
+msgid "Match if the number of existing connections is below or equal I<n>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:572 original/man8/iptables.8:560
+#, fuzzy, no-wrap
+#| msgid "B<--limit-burst >I<number>"
+msgid "B<--connlimit-above> I<n>"
+msgstr "B<--limit-burst >I<number>"
#. type: Plain text
-#: original/man8/ip6tables.8:812
-msgid "Harald Welte wrote the ULOG target, TTL match+target and libipulog."
+#: original/man8/ip6tables.8:575 original/man8/iptables.8:563
+msgid "Match if the number of existing connections is above I<n>."
msgstr ""
-"Harald Welte が ULOG ターゲット・TTL マッチングと TTL ターゲット・ libipulog "
-"を書いた。"
-#. type: Plain text
-#: original/man8/ip6tables.8:815 original/man8/iptables.8:1069
-msgid ""
-"The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Jozsef "
-"Kadlecsik, James Morris, Harald Welte and Rusty Russell."
+#. type: TP
+#: original/man8/ip6tables.8:575 original/man8/iptables.8:563
+#, no-wrap
+msgid "B<--connlimit-mask> I<prefix_length>"
msgstr ""
-"Netfilter コアチームは、Marc Boucher, Martin Josefsson, Jozsef Kadlecsik, "
-"James Morris, Harald Welte, Rusty Russell である。"
#. type: Plain text
-#: original/man8/ip6tables.8:817
+#: original/man8/ip6tables.8:580 original/man8/iptables.8:568
msgid ""
-"ip6tables man page created by Andras Kis-Szabo, based on iptables man page "
-"written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
+"Group hosts using the prefix length. For IPv4, this must be a number between "
+"(including) 0 and 32. For IPv6, between 0 and 128. If not specified, the "
+"maximum prefix length for the applicable protocol is used."
msgstr ""
-"ip6tables の man ページは、Andras Kis-Szabo によって作成された。 これは "
-"Herve Eychenne E<lt>rv@wallfire.orgE<gt> によって書かれた iptables の man "
-"ページを元にしている。"
-#. type: TH
-#: original/man8/iptables-restore.8:1
+#. type: TP
+#: original/man8/ip6tables.8:580 original/man8/iptables.8:568
#, no-wrap
-msgid "IPTABLES-RESTORE"
-msgstr "IPTABLES-RESTORE"
+msgid "B<--connlimit-saddr>"
+msgstr ""
-#. type: TH
-#: original/man8/iptables-restore.8:1 original/man8/iptables-save.8:1
+#. type: Plain text
+#: original/man8/ip6tables.8:584 original/man8/iptables.8:572
+msgid ""
+"Apply the limit onto the source group. This is the default if --connlimit-"
+"daddr is not specified."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:584 original/man8/iptables.8:572
#, no-wrap
-msgid "Jan 04, 2001"
-msgstr "Jan 04, 2001"
+msgid "B<--connlimit-daddr>"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables-restore.8:23
-msgid "iptables-restore - Restore IP Tables"
-msgstr "iptables-restore - IP テーブルを復元する"
+#: original/man8/ip6tables.8:587 original/man8/iptables.8:575
+msgid "Apply the limit onto the destination group."
+msgstr ""
#. type: Plain text
-#: original/man8/iptables-restore.8:25
-msgid "B<iptables-restore >[-c] [-n]"
-msgstr "B<iptables-restore >[-c] [-n]"
+#: original/man8/ip6tables.8:589 original/man8/ip6tables.8:852
+#: original/man8/ip6tables.8:1390 original/man8/ip6tables.8:1514
+#: original/man8/iptables.8:577 original/man8/iptables.8:800
+#: original/man8/iptables.8:1317 original/man8/iptables.8:1421
+msgid "Examples:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:589 original/man8/iptables.8:577
+#, no-wrap
+msgid "# allow 2 telnet connections per client host"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables-restore.8:31
+#: original/man8/ip6tables.8:592 original/man8/iptables.8:580
msgid ""
-"B<iptables-restore> is used to restore IP Tables from data specified on "
-"STDIN. Use I/O redirection provided by your shell to read from a file"
+"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -"
+"j REJECT"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:592 original/man8/iptables.8:580
+#, no-wrap
+msgid "# you can also match the other way around:"
msgstr ""
-"B<iptables-restore> は標準入力で指定されたデータから IP テーブルを復元するた"
-"めに使われる。 ファイルから読み込むためには、 シェルで提供されている I/O リダ"
-"イレクションを使うこと。"
#. type: Plain text
-#: original/man8/iptables-restore.8:39
+#: original/man8/ip6tables.8:595 original/man8/iptables.8:583
msgid ""
-"don't flush the previous contents of the table. If not specified, B<iptables-"
-"restore> flushes (deletes) all previous contents of the respective IP Table."
+"iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-upto 2 -j "
+"ACCEPT"
msgstr ""
-"これまでのテーブルの内容をフラッシュしない。 指定されない場合、 B<iptables-"
-"restore> は、これまでの各 IP テーブルの内容を全てフラッシュ (削除) する。"
-#. type: SH
-#: original/man8/iptables-restore.8:41 original/man8/iptables-save.8:40
+#. type: TP
+#: original/man8/ip6tables.8:595 original/man8/iptables.8:583
#, no-wrap
-msgid "AUTHOR"
-msgstr "作者"
+msgid "# limit the number of parallel HTTP requests to 16 per class C sized source network (24 bit netmask)"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables-restore.8:45
-msgid "B<iptables-save>(8), B<iptables>(8)"
-msgstr "B<iptables-save>(8), B<iptables>(8)"
+#: original/man8/ip6tables.8:600 original/man8/iptables.8:588
+msgid ""
+"iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --"
+"connlimit-mask 24 -j REJECT"
+msgstr ""
-#. type: TH
-#: original/man8/iptables-save.8:1
+#. type: TP
+#: original/man8/ip6tables.8:600 original/man8/iptables.8:588
#, no-wrap
-msgid "IPTABLES-SAVE"
-msgstr "IPTABLES-SAVE"
+msgid "# limit the number of parallel HTTP requests to 16 for the link local network"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables-save.8:23
-msgid "iptables-save - Save IP Tables"
-msgstr "iptables-save - IP テーブルを保存する"
+#: original/man8/ip6tables.8:605 original/man8/iptables.8:593
+msgid ""
+"(ipv6) ip6tables -p tcp --syn --dport 80 -s fe80::/64 -m connlimit --"
+"connlimit-above 16 --connlimit-mask 64 -j REJECT"
+msgstr ""
-#. type: Plain text
-#: original/man8/iptables-save.8:25
-msgid "B<iptables-save >[-c] [-t table]"
-msgstr "B<iptables-save >[-c] [-t table]"
+#. type: TP
+#: original/man8/ip6tables.8:605 original/man8/iptables.8:593
+#, no-wrap
+msgid "# Limit the number of connections to a particular host:"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables-save.8:31
+#: original/man8/ip6tables.8:609 original/man8/iptables.8:597
msgid ""
-"B<iptables-save> is used to dump the contents of an IP Table in easily "
-"parseable format to STDOUT. Use I/O-redirection provided by your shell to "
-"write to a file."
+"ip6tables -p tcp --syn --dport 49152:65535 -d 2001:db8::1 -m connlimit --"
+"connlimit-above 100 -j REJECT"
msgstr ""
-"B<iptables-save> は IP テーブルの内容を簡単に解析できる形式で 標準出力にダン"
-"プするために使われる。 ファイルに書き出すためには、 シェルで提供されている I/"
-"O リダイレクションを使うこと。"
+
+#. type: SS
+#: original/man8/ip6tables.8:609 original/man8/iptables.8:597
+#, fuzzy, no-wrap
+#| msgid "conntrack"
+msgid "connmark"
+msgstr "conntrack"
#. type: Plain text
-#: original/man8/iptables-save.8:44
-msgid "B<iptables-restore>(8), B<iptables>(8)"
-msgstr "B<iptables-restore>(8), B<iptables>(8)"
+#: original/man8/ip6tables.8:612 original/man8/iptables.8:600
+#, fuzzy
+#| msgid ""
+#| "This module matches the netfilter mark field associated with a packet "
+#| "(which can be set using the B<MARK> target below)."
+msgid ""
+"This module matches the netfilter mark field associated with a connection "
+"(which can be set using the B<CONNMARK> target below)."
+msgstr ""
+"このモジュールはパケットに関連づけられた netfilter の mark フィールドにマッチ"
+"する (このフィールドは、以下の B<MARK> ターゲットで設定される)。"
-#. type: TH
-#: original/man8/iptables.8:1
-#, no-wrap
-msgid "IPTABLES"
-msgstr "IPTABLES"
+#. type: TP
+#: original/man8/ip6tables.8:612 original/man8/ip6tables.8:1023
+#: original/man8/iptables.8:600 original/man8/iptables.8:909
+#, fuzzy, no-wrap
+#| msgid "B<--mark >I<value>[/I<mask>]"
+msgid "[B<!>] B<--mark> I<value>[B</>I<mask>]"
+msgstr "B<--mark >I<value>[/I<mask>]"
#. type: Plain text
-#: original/man8/iptables.8:27
-msgid "iptables - administration tool for IPv4 packet filtering and NAT"
-msgstr "iptables - IPv4 のパケットフィルタと NAT を管理するツール"
+#: original/man8/ip6tables.8:616 original/man8/iptables.8:604
+#, fuzzy
+#| msgid ""
+#| "Matches packets with the given unsigned mark value (if a mask is "
+#| "specified, this is logically ANDed with the mask before the comparison)."
+msgid ""
+"Matches packets in connections with the given mark value (if a mask is "
+"specified, this is logically ANDed with the mark before the comparison)."
+msgstr ""
+"指定された符号なし mark 値のパケットにマッチする (mask が指定されると、比較の"
+"前に mask との論理積 (AND) がとられる)。"
-#. type: Plain text
-#: original/man8/iptables.8:29
-msgid "B<iptables [-t table] -[AD] >chain rule-specification [options]"
-msgstr "B<iptables [-t table] -[AD] >チェイン ルールの詳細 [オプション]"
+#. type: SS
+#: original/man8/ip6tables.8:616 original/man8/iptables.8:604
+#, no-wrap
+msgid "conntrack"
+msgstr "conntrack"
#. type: Plain text
-#: original/man8/iptables.8:31
-msgid "B<iptables [-t table] -I >chain [rulenum] rule-specification [options]"
+#: original/man8/ip6tables.8:619 original/man8/iptables.8:607
+#, fuzzy
+#| msgid ""
+#| "This module, when combined with connection tracking, allows access to the "
+#| "connection tracking state for this packet."
+msgid ""
+"This module, when combined with connection tracking, allows access to the "
+"connection tracking state for this packet/connection."
msgstr ""
-"B<iptables [-t table] -I >チェイン [ルール番号] ルールの詳細 [オプション]"
+"このモジュールは、接続追跡 (connection tracking) と組み合わせて用いると、 パ"
+"ケットについての接続追跡状態を知ることができる。"
+
+#. type: TP
+#: original/man8/ip6tables.8:619 original/man8/iptables.8:607
+#, fuzzy, no-wrap
+#| msgid "B<--ctstate >I<state>"
+msgid "[B<!>] B<--ctstate> I<statelist>"
+msgstr "B<--ctstate >I<state>"
#. type: Plain text
-#: original/man8/iptables.8:33
-msgid "B<iptables [-t table] -R >chain rulenum rule-specification [options]"
+#: original/man8/ip6tables.8:623 original/man8/iptables.8:611
+msgid ""
+"I<statelist> is a comma separated list of the connection states to match. "
+"Possible states are listed below."
msgstr ""
-"B<iptables [-t table] -R >チェイン ルール番号 ルールの詳細 [オプション]"
-#. type: Plain text
-#: original/man8/iptables.8:35
-msgid "B<iptables [-t table] -D >chain rulenum [options]"
-msgstr "B<iptables [-t table] -D >チェイン ルール番号 [オプション]"
+#. type: TP
+#: original/man8/ip6tables.8:623 original/man8/iptables.8:611
+#, fuzzy, no-wrap
+#| msgid "B<--ctproto >I<proto>"
+msgid "[B<!>] B<--ctproto> I<l4proto>"
+msgstr "B<--ctproto >I<proto>"
#. type: Plain text
-#: original/man8/iptables.8:37
-msgid "B<iptables [-t table] -[LFZ] >[chain] [options]"
-msgstr "B<iptables [-t table] -[LFZ] >[チェイン] [オプション]"
+#: original/man8/ip6tables.8:626 original/man8/iptables.8:614
+#, fuzzy
+#| msgid "Protocol to match (by number or name)"
+msgid "Layer-4 protocol to match (by number or name)"
+msgstr "(名前または数値で) 指定されたプロトコルにマッチする。"
-#. type: Plain text
-#: original/man8/iptables.8:39
-msgid "B<iptables [-t table] -N >chain"
-msgstr "B<iptables [-t table] -N >チェイン"
+#. type: TP
+#: original/man8/ip6tables.8:626 original/man8/iptables.8:614
+#, fuzzy, no-wrap
+#| msgid "B<--ctorigsrc >I<[!] address[/mask]>"
+msgid "[B<!>] B<--ctorigsrc> I<address>[B</>I<mask>]"
+msgstr "B<--ctorigsrc >I<[!] address[/mask]>"
-#. type: Plain text
-#: original/man8/iptables.8:41
-msgid "B<iptables [-t table] -X >[chain]"
-msgstr "B<iptables [-t table] -X >[チェイン]"
+#. type: TP
+#: original/man8/ip6tables.8:628 original/man8/iptables.8:616
+#, fuzzy, no-wrap
+#| msgid "B<--ctorigdst >I<[!] address[/mask]>"
+msgid "[B<!>] B<--ctorigdst> I<address>[B</>I<mask>]"
+msgstr "B<--ctorigdst >I<[!] address[/mask]>"
-#. type: Plain text
-#: original/man8/iptables.8:43
-msgid "B<iptables [-t table] -P >chain target [options]"
-msgstr "B<iptables [-t table] -P >チェイン ターゲット [オプション]"
+#. type: TP
+#: original/man8/ip6tables.8:630 original/man8/iptables.8:618
+#, fuzzy, no-wrap
+#| msgid "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
+msgid "[B<!>] B<--ctreplsrc> I<address>[B</>I<mask>]"
+msgstr "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
+
+#. type: TP
+#: original/man8/ip6tables.8:632 original/man8/iptables.8:620
+#, fuzzy, no-wrap
+#| msgid "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
+msgid "[B<!>] B<--ctrepldst> I<address>[B</>I<mask>]"
+msgstr "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
#. type: Plain text
-#: original/man8/iptables.8:45
-msgid "B<iptables [-t table] -E >old-chain-name new-chain-name"
-msgstr "B<iptables [-t table] -E >旧チェイン名 新チェイン名"
+#: original/man8/ip6tables.8:635 original/man8/iptables.8:623
+#, fuzzy
+#| msgid "Match against original destination address"
+msgid "Match against original/reply source/destination address"
+msgstr "書き換え前の宛先アドレスにマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:635 original/man8/iptables.8:623
+#, fuzzy, no-wrap
+#| msgid "B<--source-port >[!] I<port>[:I<port>]"
+msgid "[B<!>] B<--ctorigsrcport> I<port>[B<:>I<port>]"
+msgstr "B<--source-port >[!] I<port>[:I<port>]"
+
+#. type: TP
+#: original/man8/ip6tables.8:637 original/man8/iptables.8:625
+#, fuzzy, no-wrap
+#| msgid "B<--to-ports >I<port>[-I<port>]"
+msgid "[B<!>] B<--ctorigdstport> I<port>[B<:>I<port>]"
+msgstr "B<--to-ports >I<port>[-I<port>]"
+
+#. type: TP
+#: original/man8/ip6tables.8:639 original/man8/iptables.8:627
+#, fuzzy, no-wrap
+#| msgid "B<--source-port >[!] I<port>[:I<port>]"
+msgid "[B<!>] B<--ctreplsrcport> I<port>[B<:>I<port>]"
+msgstr "B<--source-port >[!] I<port>[:I<port>]"
+
+#. type: TP
+#: original/man8/ip6tables.8:641 original/man8/iptables.8:629
+#, fuzzy, no-wrap
+#| msgid "B<--source-port >[!] I<port>[:I<port>]"
+msgid "[B<!>] B<--ctrepldstport> I<port>[B<:>I<port>]"
+msgstr "B<--source-port >[!] I<port>[:I<port>]"
#. type: Plain text
-#: original/man8/iptables.8:51
+#: original/man8/ip6tables.8:645 original/man8/iptables.8:633
msgid ""
-"B<Iptables> is used to set up, maintain, and inspect the tables of IP packet "
-"filter rules in the Linux kernel. Several different tables may be defined. "
-"Each table contains a number of built-in chains and may also contain user-"
-"defined chains."
+"Match against original/reply source/destination port (TCP/UDP/etc.) or GRE "
+"key. Matching against port ranges is only supported in kernel versions "
+"above 2.6.38."
msgstr ""
-"B<iptables> は Linux カーネルの IP パケットフィルタルールのテーブルを 設定・"
-"管理・検査するために使われる。 複数の異なるテーブルを定義できる。 各テーブル"
-"にはたくさんの組み込み済みチェインが含まれており、 さらにユーザー定義のチェイ"
-"ンを加えることもできる。"
+
+#. type: TP
+#: original/man8/ip6tables.8:645 original/man8/iptables.8:633
+#, fuzzy, no-wrap
+#| msgid "B<--ctstate >I<state>"
+msgid "[B<!>] B<--ctstatus> I<statelist>"
+msgstr "B<--ctstate >I<state>"
#. type: Plain text
-#: original/man8/iptables.8:86
+#: original/man8/ip6tables.8:649 original/man8/iptables.8:637
msgid ""
-"There are currently three independent tables (which tables are present at "
-"any time depends on the kernel configuration options and which modules are "
-"present)."
+"I<statuslist> is a comma separated list of the connection statuses to "
+"match. Possible statuses are listed below."
msgstr ""
-"現在のところ 3 つの独立なテーブルが存在する (ある時点でどのテーブルが存在する"
-"かは、 カーネルの設定やどういったモジュールが存在するかに依存する)。"
#. type: TP
-#: original/man8/iptables.8:105
-#, no-wrap
-msgid "B<nat>:"
-msgstr "B<nat>:"
+#: original/man8/ip6tables.8:649 original/man8/iptables.8:637
+#, fuzzy, no-wrap
+#| msgid "B<--ctexpire >I<time[:time]>"
+msgid "[B<!>] B<--ctexpire> I<time>[B<:>I<time>]"
+msgstr "B<--ctexpire >I<time[:time]>"
#. type: Plain text
-#: original/man8/iptables.8:115
+#: original/man8/ip6tables.8:653 original/man8/iptables.8:641
msgid ""
-"This table is consulted when a packet that creates a new connection is "
-"encountered. It consists of three built-ins: B<PREROUTING> (for altering "
-"packets as soon as they come in), B<OUTPUT> (for altering locally-generated "
-"packets before routing), and B<POSTROUTING> (for altering packets as they "
-"are about to go out)."
+"Match remaining lifetime in seconds against given value or range of values "
+"(inclusive)"
+msgstr "有効期間の残り秒数、またはその範囲(両端を含む)にマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:653 original/man8/iptables.8:641
+#, no-wrap
+msgid "B<--ctdir> {B<ORIGINAL>|B<REPLY>}"
msgstr ""
-"このテーブルは新しい接続を開くようなパケットに対して参照される。 これには "
-"B<PREROUTING> (パケットが入ってきた場合、すぐにそのパケットを変換するための"
-"チェイン)・ B<OUTPUT> (ローカルで生成されたパケットをルーティングの前に変換す"
-"るためのチェイン)・ B<POSTROUTING> (パケットが出て行くときに変換するための"
-"チェイン) という 3 つの組み込み済みチェインが含まれる。"
#. type: Plain text
-#: original/man8/iptables.8:135
+#: original/man8/ip6tables.8:657 original/man8/iptables.8:645
msgid ""
-"The options that are recognized by B<iptables> can be divided into several "
-"different groups."
-msgstr "B<iptables> で使えるオプションは、いくつかのグループに分けられる。"
+"Match packets that are flowing in the specified direction. If this flag is "
+"not specified at all, matches packets in both directions."
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:142
-msgid ""
-"These options specify the specific action to perform. Only one of them can "
-"be specified on the command line unless otherwise specified below. For all "
-"the long versions of the command and option names, you need to use only "
-"enough letters to ensure that B<iptables> can differentiate it from all "
-"other options."
+#: original/man8/ip6tables.8:659 original/man8/iptables.8:647
+msgid "States for B<--ctstate>:"
msgstr ""
-"これらのオプションは、実行する特定の動作を指定する。 以下の説明で注記されてい"
-"ない限り、 コマンドラインで指定できるのはこの中の 1 つだけである。 長いバー"
-"ジョンのコマンド名とオプション名は、 B<iptables> が他のコマンド名やオプション"
-"名と区別できる範囲で (文字を省略して) 指定することもできる。"
#. type: TP
-#: original/man8/iptables.8:155
+#: original/man8/ip6tables.8:659 original/man8/iptables.8:647
#, no-wrap
-msgid "B<-I, --insert >I<chain> [I<rulenum>] I<rule-specification>"
-msgstr "B<-I, --insert >I<チェイン> [I<ルール番号>] I<ルールの詳細>"
-
-#. type: Plain text
-#: original/man8/iptables.8:171
-msgid ""
-"List all rules in the selected chain. If no chain is selected, all chains "
-"are listed. As every other iptables command, it applies to the specified "
-"table (filter is the default), so NAT rules get listed by"
+msgid "B<INVALID>"
msgstr ""
-"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場"
-"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同"
-"様に、指定されたテーブル (デフォルトは filter) に対して作用する。 よって NAT "
-"ルールを表示するには以下のようにする。"
#. type: Plain text
-#: original/man8/iptables.8:173
-#, no-wrap
-msgid " iptables -t nat -n -L\n"
-msgstr " iptables -t nat -n -L\n"
+#: original/man8/ip6tables.8:662 original/man8/iptables.8:650
+msgid "meaning that the packet is associated with no known connection"
+msgstr ""
-#. type: Plain text
-#: original/man8/iptables.8:184
+#. type: TP
+#: original/man8/ip6tables.8:662 original/man8/iptables.8:650
#, no-wrap
-msgid " iptables -L -v\n"
-msgstr " iptables -L -v\n"
+msgid "B<NEW>"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:242
+#: original/man8/ip6tables.8:666 original/man8/iptables.8:654
msgid ""
-"The protocol of the rule or of the packet to check. The specified protocol "
-"can be one of I<tcp>, I<udp>, I<icmp>, or I<all>, or it can be a numeric "
-"value, representing one of these protocols or a different one. A protocol "
-"name from /etc/protocols is also allowed. A \"!\" argument before the "
-"protocol inverts the test. The number zero is equivalent to I<all>. "
-"Protocol I<all> will match with all protocols and is taken as default when "
-"this option is omitted."
+"meaning that the packet has started a new connection, or otherwise "
+"associated with a connection which has not seen packets in both directions, "
+"and"
msgstr ""
-"ルールで使われるプロトコル、またはチェックされるパケットのプロトコル。 指定で"
-"きるプロトコルは、 I<tcp>, I<udp>, I<icmp>, I<all> のいずれか 1 つか、数値で"
-"ある。 数値には、これらのプロトコルのどれかないし別のプロトコルを表す 数値を"
-"指定することができる。 /etc/protocols にあるプロトコル名も指定できる。 プロト"
-"コルの前に \"!\" を置くと、そのプロトコルを除外するという意味になる。 数値 0 "
-"は I<all> と等しい。 プロトコル I<all> は全てのプロトコルとマッチし、 このオ"
-"プションが省略された際のデフォルトである。"
-#. type: Plain text
-#: original/man8/iptables.8:261
-msgid ""
-"Source specification. I<Address> can be either a network name, a hostname "
-"(please note that specifying any name to be resolved with a remote query "
-"such as DNS is a really bad idea), a network IP address (with /mask), or a "
-"plain IP address. The I<mask> can be either a network mask or a plain "
-"number, specifying the number of 1's at the left side of the network mask. "
-"Thus, a mask of I<24> is equivalent to I<255.255.255.0>. A \"!\" argument "
-"before the address specification inverts the sense of the address. The flag "
-"B<--src> is an alias for this option."
+#. type: TP
+#: original/man8/ip6tables.8:666 original/man8/iptables.8:654
+#, no-wrap
+msgid "B<ESTABLISHED>"
msgstr ""
-"送信元の指定。 I<address> はホスト名 (DNS のようなリモートへの問い合わせで解"
-"決する名前を指定するのは非常に良くない) ・ネットワーク IP アドレス (/mask を"
-"指定する)・ 通常の IP アドレス、のいずれかである。 I<mask> はネットワークマス"
-"クか、 ネットワークマスクの左側にある 1 の数を指定する数値である。 つまり、 "
-"I<24> という mask は I<255.255.255.0> に等しい。 アドレス指定の前に \"!\" を"
-"置くと、そのアドレスを除外するという意味になる。 フラグ B<--src> は、このオプ"
-"ションの別名である。"
#. type: Plain text
-#: original/man8/iptables.8:304
+#: original/man8/ip6tables.8:670 original/man8/iptables.8:658
msgid ""
-"Name of an interface via which a packet is going to be sent (for packets "
-"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). When the \"!"
-"\" argument is used before the interface name, the sense is inverted. If "
-"the interface name ends in a \"+\", then any interface which begins with "
-"this name will match. If this option is omitted, any interface name will "
-"match."
+"meaning that the packet is associated with a connection which has seen "
+"packets in both directions,"
msgstr ""
-"パケットを送信することになるインターフェース名 (B<FORWARD>, B<OUTPUT>, "
-"B<POSTROUTING> チェインに入るパケットのみ)。 インターフェース名の前に \"!\" "
-"を置くと、 そのインターフェースを除外するという意味になる。 インターフェース"
-"名が \"+\" で終っている場合、 その名前で始まる任意のインターフェース名にマッ"
-"チする。 このオプションが省略された場合、 任意のインターフェース名にマッチす"
-"る。"
#. type: TP
-#: original/man8/iptables.8:304
+#: original/man8/ip6tables.8:670 original/man8/iptables.8:658
#, no-wrap
-msgid "B<[!] -f, --fragment>"
-msgstr "B<[!] -f, --fragment>"
+msgid "B<RELATED>"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:312
+#: original/man8/ip6tables.8:674 original/man8/iptables.8:662
msgid ""
-"This means that the rule only refers to second and further fragments of "
-"fragmented packets. Since there is no way to tell the source or destination "
-"ports of such a packet (or ICMP type), such a packet will not match any "
-"rules which specify them. When the \"!\" argument precedes the \"-f\" flag, "
-"the rule will only match head fragments, or unfragmented packets."
+"meaning that the packet is starting a new connection, but is associated with "
+"an existing connection, such as an FTP data transfer, or an ICMP error."
msgstr ""
-"このオプションは、分割されたパケット (fragmented packet) のうち 2 番目以降の"
-"パケットだけを参照するルールであることを意味する。 このようなパケット (また"
-"は ICMP タイプのパケット) は 送信元・送信先ポートを知る方法がないので、 送信"
-"元や送信先を指定するようなルールにはマッチしない。 \"-f\" フラグの前に \"!\" "
-"を置くと、 分割されたパケットのうち最初のものか、 分割されていないパケットだ"
-"けにマッチする。"
#. type: TP
-#: original/man8/iptables.8:312
+#: original/man8/ip6tables.8:674 original/man8/iptables.8:662
#, no-wrap
-msgid "B<-c, --set-counters >I<PKTS BYTES>"
-msgstr "B<-c, --set-counters >I<PKTS BYTES>"
+msgid "B<UNTRACKED>"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:376
+#: original/man8/ip6tables.8:678 original/man8/iptables.8:666
msgid ""
-"iptables can use extended packet matching modules. These are loaded in two "
-"ways: implicitly, when B<-p> or B<--protocol> is specified, or with the B<-"
-"m> or B<--match> options, followed by the matching module name; after these, "
-"various extra command line options become available, depending on the "
-"specific module. You can specify multiple extended match modules in one "
-"line, and you can use the B<-h> or B<--help> options after the module has "
-"been specified to receive help specific to that module."
+"meaning that the packet is not tracked at all, which happens if you use the "
+"NOTRACK target in raw table."
msgstr ""
-"iptables は拡張されたパケットマッチングモジュールを使うことができる。 これら"
-"のモジュールは 2 種類の方法でロードされる: モジュールは、 B<-p> または B<--"
-"protocol> で暗黙のうちに指定されるか、 B<-m> または B<--match> の後にモジュー"
-"ル名を続けて指定される。 これらのモジュールの後ろには、モジュールに応じて 他"
-"のいろいろなコマンドラインオプションを指定することができる。 複数の拡張マッチ"
-"ングモジュールを一行で指定することができる。 また、モジュールに特有のヘルプを"
-"表示させるためには、 モジュールを指定した後で B<-h> または B<--help> を指定す"
-"ればよい。"
-#. type: SS
-#: original/man8/iptables.8:381
-#, no-wrap
-msgid "ah"
-msgstr "ah"
+#. type: TP
+#: original/man8/ip6tables.8:678 original/man8/iptables.8:666
+#, fuzzy, no-wrap
+#| msgid "SNAT"
+msgid "B<SNAT>"
+msgstr "SNAT"
#. type: Plain text
-#: original/man8/iptables.8:383
-msgid "This module matches the SPIs in AH header of IPSec packets."
-msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。"
+#: original/man8/ip6tables.8:682 original/man8/iptables.8:670
+msgid ""
+"A virtual state, matching if the original source address differs from the "
+"reply destination."
+msgstr ""
#. type: TP
-#: original/man8/iptables.8:383
-#, no-wrap
-msgid "B<--ahspi >[!] I<spi>[:I<spi>]"
-msgstr "B<--ahspi >[!] I<spi>[:I<spi>]"
-
-#. type: SS
-#: original/man8/iptables.8:385
-#, no-wrap
-msgid "conntrack"
-msgstr "conntrack"
+#: original/man8/ip6tables.8:682 original/man8/iptables.8:670
+#, fuzzy, no-wrap
+#| msgid "DNAT"
+msgid "B<DNAT>"
+msgstr "DNAT"
#. type: Plain text
-#: original/man8/iptables.8:390
+#: original/man8/ip6tables.8:686 original/man8/iptables.8:674
msgid ""
-"This module, when combined with connection tracking, allows access to more "
-"connection tracking information than the \"state\" match. (this module is "
-"present only if iptables was compiled under a kernel supporting this feature)"
+"A virtual state, matching if the original destination differs from the reply "
+"source."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:688 original/man8/iptables.8:676
+msgid "Statuses for B<--ctstatus>:"
msgstr ""
-"このモジュールは、接続追跡 (connection tracking) と組み合わせて用いると、 "
-"\"state\" マッチよりもさらに多くの、 パケットについての接続追跡状態を知ること"
-"ができる (この機能をサポートしたカーネルのもとで iptables がコンパイルされた"
-"場合 にのみ、このモジュールは存在する)。"
#. type: TP
-#: original/man8/iptables.8:390
+#: original/man8/ip6tables.8:688 original/man8/iptables.8:676
#, no-wrap
-msgid "B<--ctstate >I<state>"
-msgstr "B<--ctstate >I<state>"
+msgid "B<NONE>"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:413
-msgid ""
-"Where state is a comma separated list of the connection states to match. "
-"Possible states are B<INVALID> meaning that the packet is associated with no "
-"known connection, B<ESTABLISHED> meaning that the packet is associated with "
-"a connection which has seen packets in both directions, B<NEW> meaning that "
-"the packet has started a new connection, or otherwise associated with a "
-"connection which has not seen packets in both directions, and B<RELATED> "
-"meaning that the packet is starting a new connection, but is associated with "
-"an existing connection, such as an FTP data transfer, or an ICMP error. "
-"B<SNAT> A virtual state, matching if the original source address differs "
-"from the reply destination. B<DNAT> A virtual state, matching if the "
-"original destination differs from the reply source."
-msgstr ""
-"state は、マッチング対象となる、コンマ区切りの接続状態リストである。 指定可能"
-"な state は以下の通り。 B<INVALID>: メモリを使い果たした為や、 既知の接続とは"
-"対応しない ICMP エラーなど、 何らかの理由によりパケットが識別できない。 "
-"B<ESTABLISHED>: このパケットは、過去双方向にパケットがやり取りされた接続に属"
-"するパケットである。 B<NEW>: このパケットが新しい接続を開始したか、 双方向に"
-"はパケットがやり取りされていない接続に属するパケットである。 B<RELATED>: この"
-"パケットが新しい接続を開始しているが、 FTP データ転送や ICMP エラーのように、"
-"既存の接続に関係している。 B<SNAT>: 仮想的な状態であり、書き換え前の送信元ア"
-"ドレスが応答の宛先アドレスと 異なる場合にマッチする。 B<DNAT>: 仮想的な状態で"
-"あり、書き換え前の宛先アドレスが応答の送信元アドレスと 異なる場合にマッチす"
-"る。"
+#: original/man8/ip6tables.8:691 original/man8/iptables.8:679
+msgid "None of the below."
+msgstr ""
#. type: TP
-#: original/man8/iptables.8:413
+#: original/man8/ip6tables.8:691 original/man8/iptables.8:679
#, no-wrap
-msgid "B<--ctproto >I<proto>"
-msgstr "B<--ctproto >I<proto>"
+msgid "B<EXPECTED>"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:416
-msgid "Protocol to match (by number or name)"
-msgstr "(名前または数値で) 指定されたプロトコルにマッチする。"
+#: original/man8/ip6tables.8:694 original/man8/iptables.8:682
+msgid "This is an expected connection (i.e. a conntrack helper set it up)"
+msgstr ""
#. type: TP
-#: original/man8/iptables.8:416
+#: original/man8/ip6tables.8:694 original/man8/iptables.8:682
#, no-wrap
-msgid "B<--ctorigsrc >I<[!] address[/mask]>"
-msgstr "B<--ctorigsrc >I<[!] address[/mask]>"
+msgid "B<SEEN_REPLY>"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:419
-msgid "Match against original source address"
-msgstr "書き換え前の送信元アドレスにマッチする。"
+#: original/man8/ip6tables.8:697 original/man8/iptables.8:685
+msgid "Conntrack has seen packets in both directions."
+msgstr ""
#. type: TP
-#: original/man8/iptables.8:419
+#: original/man8/ip6tables.8:697 original/man8/iptables.8:685
#, no-wrap
-msgid "B<--ctorigdst >I<[!] address[/mask]>"
-msgstr "B<--ctorigdst >I<[!] address[/mask]>"
+msgid "B<ASSURED>"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:422
-msgid "Match against original destination address"
-msgstr "書き換え前の宛先アドレスにマッチする。"
+#: original/man8/ip6tables.8:700 original/man8/iptables.8:688
+msgid "Conntrack entry should never be early-expired."
+msgstr ""
#. type: TP
-#: original/man8/iptables.8:422
+#: original/man8/ip6tables.8:700 original/man8/iptables.8:688
#, no-wrap
-msgid "B<--ctreplsrc >I<[!] address[/mask]>"
-msgstr "B<--ctreplsrc >I<[!] address[/mask]>"
+msgid "B<CONFIRMED>"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:425
-msgid "Match against reply source address"
-msgstr "応答の送信元アドレスにマッチする。"
+#: original/man8/ip6tables.8:703 original/man8/iptables.8:691
+msgid "Connection is confirmed: originating packet has left box."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:703 original/man8/iptables.8:691
+#, fuzzy, no-wrap
+#| msgid "tcp"
+msgid "cpu"
+msgstr "tcp"
#. type: TP
-#: original/man8/iptables.8:425
-#, no-wrap
-msgid "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
-msgstr "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
+#: original/man8/ip6tables.8:704 original/man8/iptables.8:692
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "[B<!>] B<--cpu> I<number>"
+msgstr "B<-t>, B<--table> B<tablename>"
#. type: Plain text
-#: original/man8/iptables.8:428
-msgid "Match against reply destination address"
-msgstr "応答の宛先アドレスにマッチする。"
+#: original/man8/ip6tables.8:709 original/man8/iptables.8:697
+msgid ""
+"Match cpu handling this packet. cpus are numbered from 0 to NR_CPUS-1 Can be "
+"used in combination with RPS (Remote Packet Steering) or multiqueue NICs to "
+"spread network traffic on different queues."
+msgstr ""
-#. type: TP
-#: original/man8/iptables.8:428
-#, no-wrap
-msgid "B<--ctstatus >I<[NONE|EXPECTED|SEEN_REPLY|ASSURED][,...]>"
-msgstr "B<--ctstatus >I<[NONE|EXPECTED|SEEN_REPLY|ASSURED][,...]>"
+#. type: Plain text
+#: original/man8/ip6tables.8:714 original/man8/iptables.8:702
+msgid ""
+"iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 -j REDIRECT --"
+"to-port 8080"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:431
-msgid "Match against internal conntrack states"
-msgstr "接続追跡の内部的な状態にマッチする。"
+#: original/man8/ip6tables.8:717 original/man8/iptables.8:705
+msgid ""
+"iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 -j REDIRECT --"
+"to-port 8081"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:719 original/man8/iptables.8:707
+msgid "Available since Linux 2.6.36."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:719 original/man8/iptables.8:707
+#, no-wrap
+msgid "dccp"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:720 original/man8/ip6tables.8:1492
+#: original/man8/ip6tables.8:1626 original/man8/ip6tables.8:1906
+#: original/man8/iptables.8:708 original/man8/iptables.8:1399
+#: original/man8/iptables.8:1533 original/man8/iptables.8:1824
+#, fuzzy, no-wrap
+#| msgid "B<--source-ports >I<port>[,I<port>[,I<port>...]]"
+msgid "[B<!>] B<--source-port>,B<--sport> I<port>[B<:>I<port>]"
+msgstr "B<--source-ports >I<port>[,I<port>[,I<port>...]]"
#. type: TP
-#: original/man8/iptables.8:431
+#: original/man8/ip6tables.8:722 original/man8/ip6tables.8:1494
+#: original/man8/ip6tables.8:1637 original/man8/ip6tables.8:1912
+#: original/man8/iptables.8:710 original/man8/iptables.8:1401
+#: original/man8/iptables.8:1544 original/man8/iptables.8:1830
+#, fuzzy, no-wrap
+#| msgid "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
+msgid "[B<!>] B<--destination-port>,B<--dport> I<port>[B<:>I<port>]"
+msgstr "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
+
+#. type: TP
+#: original/man8/ip6tables.8:724 original/man8/iptables.8:712
#, no-wrap
-msgid "B<--ctexpire >I<time[:time]>"
-msgstr "B<--ctexpire >I<time[:time]>"
+msgid "[B<!>] B<--dccp-types> I<mask>"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:435
+#: original/man8/ip6tables.8:729 original/man8/iptables.8:717
msgid ""
-"Match remaining lifetime in seconds against given value or range of values "
-"(inclusive)"
-msgstr "有効期間の残り秒数、またはその範囲(両端を含む)にマッチする。"
+"Match when the DCCP packet type is one of 'mask'. 'mask' is a comma-"
+"separated list of packet types. Packet types are: B<REQUEST RESPONSE DATA "
+"ACK DATAACK CLOSEREQ CLOSE RESET SYNC SYNCACK INVALID>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:729 original/man8/iptables.8:717
+#, fuzzy, no-wrap
+#| msgid "B<--tcp-option >[!] I<number>"
+msgid "[B<!>] B<--dccp-option> I<number>"
+msgstr "B<--tcp-option >[!] I<number>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:732 original/man8/iptables.8:720
+#, fuzzy
+#| msgid "Match if TCP option set."
+msgid "Match if DCCP option set."
+msgstr "TCP オプションが設定されている場合にマッチする。"
#. type: SS
-#: original/man8/iptables.8:435
+#: original/man8/ip6tables.8:732 original/man8/iptables.8:720
#, no-wrap
msgid "dscp"
msgstr "dscp"
#. type: Plain text
-#: original/man8/iptables.8:438
+#: original/man8/ip6tables.8:735 original/man8/iptables.8:723
msgid ""
"This module matches the 6 bit DSCP field within the TOS field in the IP "
"header. DSCP has superseded TOS within the IETF."
"ルドにマッチする。 IETF では DSCP が TOS に取って代わった。"
#. type: TP
-#: original/man8/iptables.8:438
-#, no-wrap
-msgid "B<--dscp >I<value>"
+#: original/man8/ip6tables.8:735 original/man8/iptables.8:723
+#, fuzzy, no-wrap
+#| msgid "B<--dscp >I<value>"
+msgid "[B<!>] B<--dscp> I<value>"
msgstr "B<--dscp >I<value>"
#. type: Plain text
-#: original/man8/iptables.8:441
-msgid "Match against a numeric (decimal or hex) value [0-32]."
+#: original/man8/ip6tables.8:738 original/man8/iptables.8:726
+#, fuzzy
+#| msgid "Match against a numeric (decimal or hex) value [0-32]."
+msgid "Match against a numeric (decimal or hex) value [0-63]."
msgstr "(10 進または 16 進の) 数値 [0-63] にマッチする。"
#. type: TP
-#: original/man8/iptables.8:441
-#, no-wrap
-msgid "B<--dscp-class >I<DiffServ Class>"
-msgstr "B<--dscp-class >I<DiffServ Class>"
+#: original/man8/ip6tables.8:738 original/man8/iptables.8:726
+#, fuzzy, no-wrap
+#| msgid "B<--set-dscp-class >I<class>"
+msgid "[B<!>] B<--dscp-class> I<class>"
+msgstr "B<--set-dscp-class >I<class>"
#. type: Plain text
-#: original/man8/iptables.8:446
+#: original/man8/ip6tables.8:743 original/man8/iptables.8:731
+#, fuzzy
+#| msgid ""
+#| "Match the DiffServ class. This value may be any of the BE, EF, AFxx or "
+#| "CSx classes. It will then be converted into it's according numeric value."
msgid ""
"Match the DiffServ class. This value may be any of the BE, EF, AFxx or CSx "
-"classes. It will then be converted into it's according numeric value."
+"classes. It will then be converted into its according numeric value."
msgstr ""
"DiffServ クラスにマッチする。 値は BE, EF, AFxx, CSx クラスのいずれかであ"
"る。 これらは、対応する数値で指定するのと同じである。"
#. type: SS
-#: original/man8/iptables.8:446
+#: original/man8/ip6tables.8:743
#, no-wrap
-msgid "esp"
-msgstr "esp"
+msgid "dst"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:448
-msgid "This module matches the SPIs in ESP header of IPSec packets."
-msgstr "このモジュールは IPSec パケットの ESP ヘッダーの SPI 値にマッチする。"
+#: original/man8/ip6tables.8:745
+#, fuzzy
+#| msgid "This module matches the time to live field in the IP header."
+msgid "This module matches the parameters in Destination Options header"
+msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。"
#. type: TP
-#: original/man8/iptables.8:448
-#, no-wrap
-msgid "B<--espspi >[!] I<spi>[:I<spi>]"
-msgstr "B<--espspi >[!] I<spi>[:I<spi>]"
+#: original/man8/ip6tables.8:745
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "[B<!>] B<--dst-len> I<length>"
+msgstr "B<-t>, B<--table> B<tablename>"
-#. type: SS
-#: original/man8/iptables.8:450
+#. type: TP
+#: original/man8/ip6tables.8:748
#, no-wrap
-msgid "helper"
-msgstr "helper"
+msgid "B<--dst-opts> I<type>[B<:>I<length>][B<,>I<type>[B<:>I<length>]...]"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:452
-msgid "This module matches packets related to a specific conntrack-helper."
+#: original/man8/ip6tables.8:751 original/man8/ip6tables.8:873
+msgid "numeric type of option and the length of the option data in octets."
msgstr ""
-"このモジュールは、指定された接続追跡ヘルパーモジュールに 関連するパケットに"
-"マッチする。"
-#. type: TP
-#: original/man8/iptables.8:452
+#. type: SS
+#: original/man8/ip6tables.8:751 original/man8/iptables.8:731
#, no-wrap
-msgid "B<--helper >I<string>"
-msgstr "B<--helper >I<string>"
+msgid "ecn"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:455
-msgid "Matches packets related to the specified conntrack-helper."
-msgstr "指定された接続追跡ヘルパーモジュールに 関連するパケットにマッチする。"
+#: original/man8/ip6tables.8:753 original/man8/iptables.8:733
+msgid ""
+"This allows you to match the ECN bits of the IPv4/IPv6 and TCP header. ECN "
+"is the Explicit Congestion Notification mechanism as specified in RFC3168"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:753 original/man8/iptables.8:733
+#, fuzzy, no-wrap
+#| msgid "B<--ecn-tcp-remove>"
+msgid "[B<!>] B<--ecn-tcp-cwr>"
+msgstr "B<--ecn-tcp-remove>"
#. type: Plain text
-#: original/man8/iptables.8:459
+#: original/man8/ip6tables.8:756 original/man8/iptables.8:736
msgid ""
-"string can be \"ftp\" for packets related to a ftp-session on default port. "
-"For other ports append -portnr to the value, ie. \"ftp-2121\"."
+"This matches if the TCP ECN CWR (Congestion Window Received) bit is set."
msgstr ""
-"デフォルトのポートを使った ftp-セッションに関連するパケットでは、 string に "
-"\"ftp\" と書ける。 他のポートでは \"-ポート番号\" を値に付け加える。 すなわ"
-"ち \"ftp-2121\" となる。"
+
+#. type: TP
+#: original/man8/ip6tables.8:756 original/man8/iptables.8:736
+#, fuzzy, no-wrap
+#| msgid "B<--ecn-tcp-remove>"
+msgid "[B<!>] B<--ecn-tcp-ece>"
+msgstr "B<--ecn-tcp-remove>"
#. type: Plain text
-#: original/man8/iptables.8:461
-msgid "Same rules apply for other conntrack-helpers."
-msgstr "他の接続追跡ヘルパーでも同じルールが適用される。"
+#: original/man8/ip6tables.8:759 original/man8/iptables.8:739
+msgid "This matches if the TCP ECN ECE (ECN Echo) bit is set."
+msgstr ""
-#. type: SS
-#: original/man8/iptables.8:462
+#. type: TP
+#: original/man8/ip6tables.8:759 original/man8/iptables.8:739
#, no-wrap
-msgid "icmp"
-msgstr "icmp"
+msgid "[B<!>] B<--ecn-ip-ect> I<num>"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:465
+#: original/man8/ip6tables.8:763 original/man8/iptables.8:743
msgid ""
-"This extension is loaded if `--protocol icmp' is specified. It provides the "
-"following option:"
+"This matches a particular IPv4/IPv6 ECT (ECN-Capable Transport). You have to "
+"specify a number between `0' and `3'."
msgstr ""
-"この拡張は `--protocol icmp' が指定された場合にロードされ、 以下のオプション"
-"が提供される:"
-#. type: TP
-#: original/man8/iptables.8:465
+#. type: SS
+#: original/man8/ip6tables.8:763 original/man8/iptables.8:743
#, no-wrap
-msgid "B<--icmp-type >[!] I<typename>"
-msgstr "B<--icmp-type >[!] I<typename>"
+msgid "esp"
+msgstr "esp"
#. type: Plain text
-#: original/man8/iptables.8:469
-msgid ""
-"This allows specification of the ICMP type, which can be a numeric ICMP "
-"type, or one of the ICMP type names shown by the command"
+#: original/man8/ip6tables.8:765 original/man8/iptables.8:745
+#, fuzzy
+#| msgid "This module matches the SPIs in ESP header of IPSec packets."
+msgid "This module matches the SPIs in ESP header of IPsec packets."
+msgstr "このモジュールは IPSec パケットの ESP ヘッダーの SPI 値にマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:765 original/man8/iptables.8:745
+#, fuzzy, no-wrap
+#| msgid "B<--espspi >[!] I<spi>[:I<spi>]"
+msgid "[B<!>] B<--espspi> I<spi>[B<:>I<spi>]"
+msgstr "B<--espspi >[!] I<spi>[:I<spi>]"
+
+#. type: SS
+#: original/man8/ip6tables.8:767
+#, no-wrap
+msgid "eui64"
msgstr ""
-"ICMP タイプを指定できる。タイプ指定には、 数値の ICMP タイプ、または以下のコ"
-"マンド で表示される ICMP タイプ名を指定できる。"
#. type: Plain text
-#: original/man8/iptables.8:471
-#, no-wrap
-msgid " iptables -p icmp -h\n"
-msgstr " iptables -p icmp -h\n"
+#: original/man8/ip6tables.8:778
+msgid ""
+"This module matches the EUI-64 part of a stateless autoconfigured IPv6 "
+"address. It compares the EUI-64 derived from the source MAC address in "
+"Ethernet frame with the lower 64 bits of the IPv6 source address. But "
+"\"Universal/Local\" bit is not compared. This module doesn't match other "
+"link layer frame, and is only valid in the B<PREROUTING>, B<INPUT> and "
+"B<FORWARD> chains."
+msgstr ""
#. type: SS
-#: original/man8/iptables.8:472
+#: original/man8/ip6tables.8:778
#, no-wrap
-msgid "length"
-msgstr "length"
+msgid "frag"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:475
-msgid ""
-"This module matches the length of a packet against a specific value or range "
-"of values."
-msgstr "このモジュールは、指定されたパケット長、またはその範囲にマッチする。"
+#: original/man8/ip6tables.8:780
+#, fuzzy
+#| msgid "This module matches the time to live field in the IP header."
+msgid "This module matches the parameters in Fragment header."
+msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。"
#. type: TP
-#: original/man8/iptables.8:475
+#: original/man8/ip6tables.8:780
#, no-wrap
-msgid "B<--length >I<length>[:I<length>]"
-msgstr "B<--length >I<length>[:I<length>]"
+msgid "[B<!>] B<--fragid> I<id>[B<:>I<id>]"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:540
-msgid ""
-"This module attempts to match various characteristics of the packet creator, "
-"for locally-generated packets. It is only valid in the B<OUTPUT> chain, and "
-"even this some packets (such as ICMP ping responses) may have no owner, and "
-"hence never match."
+#: original/man8/ip6tables.8:783
+msgid "Matches the given Identification or range of it."
msgstr ""
-"このモジュールは、ローカルで生成されたパケットに付いて、 パケット生成者のいろ"
-"いろな特性に対してマッチを行う。 これは B<OUTPUT> チェインのみでしか有効でな"
-"い。 また、(ICMP ping 応答のような) パケットは、 所有者がいないので絶対にマッ"
-"チしない。"
#. type: TP
-#: original/man8/iptables.8:556
-#, no-wrap
-msgid "B<--cmd-owner >I<name>"
-msgstr "B<--cmd-owner >I<name>"
+#: original/man8/ip6tables.8:783
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "[B<!>] B<--fraglen> I<length>"
+msgstr "B<-t>, B<--table> B<tablename>"
#. type: Plain text
-#: original/man8/iptables.8:561
+#: original/man8/ip6tables.8:787
msgid ""
-"Matches if the packet was created by a process with the given command name. "
-"(this option is present only if iptables was compiled under a kernel "
-"supporting this feature)"
+"This option cannot be used with kernel version 2.6.10 or later. The length "
+"of Fragment header is static and this option doesn't make sense."
msgstr ""
-"指定されたコマンド名を持つプロセスにより パケットが生成されている場合にマッチ"
-"する (この機能をサポートしたカーネルのもとで iptables がコンパイルされた場合 "
-"にのみ、このモジュールは存在する)。"
-#. type: SS
-#: original/man8/iptables.8:561
+#. type: TP
+#: original/man8/ip6tables.8:787
#, no-wrap
-msgid "physdev"
-msgstr "physdev"
+msgid "B<--fragres>"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:566
-msgid ""
-"This module matches on the bridge port input and output devices enslaved to "
+#: original/man8/ip6tables.8:790
+msgid "Matches if the reserved fields are filled with zero."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:790
+#, no-wrap
+msgid "B<--fragfirst>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:793
+msgid "Matches on the first fragment."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:793
+#, fuzzy, no-wrap
+#| msgid "B<[!] -f, --fragment>"
+msgid "B<--fragmore>"
+msgstr "B<[!] -f, --fragment>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:796
+msgid "Matches if there are more fragments."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:796
+#, no-wrap
+msgid "B<--fraglast>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:799
+msgid "Matches if this is the last fragment."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:799 original/man8/iptables.8:747
+#, fuzzy, no-wrap
+#| msgid "limit"
+msgid "hashlimit"
+msgstr "limit"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:805 original/man8/iptables.8:753
+msgid ""
+"B<hashlimit> uses hash buckets to express a rate limiting match (like the "
+"B<limit> match) for a group of connections using a B<single> iptables rule. "
+"Grouping can be done per-hostgroup (source and/or destination address) and/"
+"or per-port. It gives you the ability to express \"I<N> packets per time "
+"quantum per group\" (see below for some examples)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:808 original/man8/iptables.8:756
+msgid ""
+"A hash limit option (B<--hashlimit-upto>, B<--hashlimit-above>) and B<--"
+"hashlimit-name> are required."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:808 original/man8/iptables.8:756
+#, no-wrap
+msgid "B<--hashlimit-upto> I<amount>[B</second>|B</minute>|B</hour>|B</day>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:812 original/man8/iptables.8:760
+#, fuzzy
+#| msgid ""
+#| "Maximum average matching rate: specified as a number, with an optional `/"
+#| "second', `/minute', `/hour', or `/day' suffix; the default is 3/hour."
+msgid ""
+"Match if the rate is below or equal to I<amount>/quantum. It is specified as "
+"a number, with an optional time quantum suffix; the default is 3/hour."
+msgstr ""
+"単位時間あたりの平均マッチ回数の最大値。 数値で指定され、添字 `/second', `/"
+"minute', `/hour', `/day' を付けることもできる。 デフォルトは 3/hour である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:812 original/man8/iptables.8:760
+#, no-wrap
+msgid "B<--hashlimit-above> I<amount>[B</second>|B</minute>|B</hour>|B</day>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:815 original/man8/iptables.8:763
+msgid "Match if the rate is above I<amount>/quantum."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:815 original/man8/iptables.8:763
+#, fuzzy, no-wrap
+#| msgid "B<--limit-burst >I<number>"
+msgid "B<--hashlimit-burst> I<amount>"
+msgstr "B<--limit-burst >I<number>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:820 original/man8/ip6tables.8:1007
+#: original/man8/iptables.8:768 original/man8/iptables.8:893
+msgid ""
+"Maximum initial number of packets to match: this number gets recharged by "
+"one every time the limit specified above is not reached, up to this number; "
+"the default is 5."
+msgstr ""
+"パケットがマッチする回数の最大初期値: 上のオプションで指定した制限に\n"
+"達しなければ、 その度ごとに、この数値になるまで 1 個ずつ増やされる。\n"
+"デフォルトは 5 である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:820 original/man8/iptables.8:768
+#, no-wrap
+msgid "B<--hashlimit-mode> {B<srcip>|B<srcport>|B<dstip>|B<dstport>}B<,>..."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:825 original/man8/iptables.8:773
+msgid ""
+"A comma-separated list of objects to take into consideration. If no --"
+"hashlimit-mode option is given, hashlimit acts like limit, but at the "
+"expensive of doing the hash housekeeping."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:825 original/man8/iptables.8:773
+#, fuzzy, no-wrap
+#| msgid "B<--limit >I<rate>"
+msgid "B<--hashlimit-srcmask> I<prefix>"
+msgstr "B<--limit >I<rate>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:832 original/man8/iptables.8:780
+msgid ""
+"When --hashlimit-mode srcip is used, all source addresses encountered will "
+"be grouped according to the given prefix length and the so-created subnet "
+"will be subject to hashlimit. I<prefix> must be between (inclusive) 0 and "
+"32. Note that --hashlimit-srcmask 0 is basically doing the same thing as not "
+"specifying srcip for --hashlimit-mode, but is technically more expensive."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:832 original/man8/iptables.8:780
+#, fuzzy, no-wrap
+#| msgid "B<--limit >I<rate>"
+msgid "B<--hashlimit-dstmask> I<prefix>"
+msgstr "B<--limit >I<rate>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:835 original/man8/iptables.8:783
+msgid "Like --hashlimit-srcmask, but for destination addresses."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:835 original/man8/iptables.8:783
+#, no-wrap
+msgid "B<--hashlimit-name> I<foo>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:838 original/man8/iptables.8:786
+msgid "The name for the /proc/net/ipt_hashlimit/foo entry."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:838 original/man8/iptables.8:786
+#, no-wrap
+msgid "B<--hashlimit-htable-size> I<buckets>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:841 original/man8/iptables.8:789
+msgid "The number of buckets of the hash table"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:841 original/man8/iptables.8:789
+#, no-wrap
+msgid "B<--hashlimit-htable-max> I<entries>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:844 original/man8/iptables.8:792
+msgid "Maximum entries in the hash."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:844 original/man8/iptables.8:792
+#, no-wrap
+msgid "B<--hashlimit-htable-expire> I<msec>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:847 original/man8/iptables.8:795
+msgid "After how many milliseconds do hash entries expire."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:847 original/man8/iptables.8:795
+#, no-wrap
+msgid "B<--hashlimit-htable-gcinterval> I<msec>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:850 original/man8/iptables.8:798
+msgid "How many milliseconds between garbage collection intervals."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:852 original/man8/iptables.8:800
+#, fuzzy, no-wrap
+#| msgid "Match against original source address"
+msgid "matching on source host"
+msgstr "書き換え前の送信元アドレスにマッチする。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:856 original/man8/iptables.8:804
+msgid ""
+"\"1000 packets per second for every host in 192.168.0.0/16\" =E<gt> -s "
+"192.168.0.0/16 --hashlimit-mode srcip --hashlimit-upto 1000/sec"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:856 original/man8/iptables.8:804
+#, fuzzy, no-wrap
+#| msgid "Match against original source address"
+msgid "matching on source port"
+msgstr "書き換え前の送信元アドレスにマッチする。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:860 original/man8/iptables.8:808
+msgid ""
+"\"100 packets per second for every service of 192.168.1.1\" =E<gt> -s "
+"192.168.1.1 --hashlimit-mode srcport --hashlimit-upto 100/sec"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:860 original/man8/iptables.8:808
+#, no-wrap
+msgid "matching on subnet"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:865 original/man8/iptables.8:813
+msgid ""
+"\"10000 packets per minute for every /28 subnet (groups of 8 addresses) in "
+"10.0.0.0/8\" =E<gt> -s 10.0.0.8 --hashlimit-mask 28 --hashlimit-upto 10000/"
+"min"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:865
+#, no-wrap
+msgid "hbh"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:867
+#, fuzzy
+#| msgid "This module matches the time to live field in the IP header."
+msgid "This module matches the parameters in Hop-by-Hop Options header"
+msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:867
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "[B<!>] B<--hbh-len> I<length>"
+msgstr "B<-t>, B<--table> B<tablename>"
+
+#. type: TP
+#: original/man8/ip6tables.8:870
+#, no-wrap
+msgid "B<--hbh-opts> I<type>[B<:>I<length>][B<,>I<type>[B<:>I<length>]...]"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:873 original/man8/iptables.8:813
+#, no-wrap
+msgid "helper"
+msgstr "helper"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:875 original/man8/iptables.8:815
+msgid "This module matches packets related to a specific conntrack-helper."
+msgstr ""
+"このモジュールは、指定された接続追跡ヘルパーモジュールに 関連するパケットに"
+"マッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:875 original/man8/iptables.8:815
+#, fuzzy, no-wrap
+#| msgid "B<--helper >I<string>"
+msgid "[B<!>] B<--helper> I<string>"
+msgstr "B<--helper >I<string>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:878 original/man8/iptables.8:818
+msgid "Matches packets related to the specified conntrack-helper."
+msgstr "指定された接続追跡ヘルパーモジュールに 関連するパケットにマッチする。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:882 original/man8/iptables.8:822
+msgid ""
+"string can be \"ftp\" for packets related to a ftp-session on default port. "
+"For other ports append -portnr to the value, ie. \"ftp-2121\"."
+msgstr ""
+"デフォルトのポートを使った ftp-セッションに関連するパケットでは、 string に "
+"\"ftp\" と書ける。 他のポートでは \"-ポート番号\" を値に付け加える。 すなわ"
+"ち \"ftp-2121\" となる。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:884 original/man8/iptables.8:824
+msgid "Same rules apply for other conntrack-helpers."
+msgstr "他の接続追跡ヘルパーでも同じルールが適用される。"
+
+#. type: SS
+#: original/man8/ip6tables.8:885
+#, no-wrap
+msgid "hl"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:887
+#, fuzzy
+#| msgid "This module matches the time to live field in the IP header."
+msgid "This module matches the Hop Limit field in the IPv6 header."
+msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:887
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "[B<!>] B<--hl-eq> I<value>"
+msgstr "B<-t>, B<--table> B<tablename>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:890
+msgid "Matches if Hop Limit equals I<value>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:890
+#, fuzzy, no-wrap
+#| msgid "B<--dscp >I<value>"
+msgid "B<--hl-lt> I<value>"
+msgstr "B<--dscp >I<value>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:893
+msgid "Matches if Hop Limit is less than I<value>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:893
+#, fuzzy, no-wrap
+#| msgid "B<--dscp >I<value>"
+msgid "B<--hl-gt> I<value>"
+msgstr "B<--dscp >I<value>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:896
+msgid "Matches if Hop Limit is greater than I<value>."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:896
+#, fuzzy, no-wrap
+#| msgid "icmp"
+msgid "icmp6"
+msgstr "icmp"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:899
+#, fuzzy
+#| msgid ""
+#| "This extension is loaded if `--protocol ipv6-icmp' or `--protocol icmpv6' "
+#| "is specified. It provides the following option:"
+msgid ""
+"This extension can be used if `--protocol ipv6-icmp' or `--protocol icmpv6' "
+"is specified. It provides the following option:"
+msgstr ""
+"これらの拡張は `--protocol ipv6-icmp' または `--protocol icmpv6' が指定された"
+"場合にロードされ、 以下のオプションが提供される:"
+
+#. type: TP
+#: original/man8/ip6tables.8:899
+#, fuzzy, no-wrap
+#| msgid "B<--icmpv6-type >[!] I<typename>"
+msgid "[B<!>] B<--icmpv6-type> I<type>[B</>I<code>]|I<typename>"
+msgstr "B<--icmpv6-type >[!] I<typename>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:908
+#, fuzzy
+#| msgid ""
+#| "This allows specification of the ICMP type, which can be a numeric ICMP "
+#| "type, or one of the ICMP type names shown by the command"
+msgid ""
+"This allows specification of the ICMPv6 type, which can be a numeric ICMPv6 "
+"I<type>, I<type> and I<code>, or one of the ICMPv6 type names shown by the "
+"command"
+msgstr ""
+"ICMP タイプを指定できる。タイプ指定には、 数値の ICMP タイプ、または以下のコ"
+"マンド で表示される ICMP タイプ名を指定できる。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:910
+#, no-wrap
+msgid " ip6tables -p ipv6-icmp -h\n"
+msgstr " ip6tables -p ipv6-icmp -h\n"
+
+#. type: SS
+#: original/man8/ip6tables.8:911 original/man8/iptables.8:835
+#, no-wrap
+msgid "iprange"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:913 original/man8/iptables.8:837
+msgid "This matches on a given arbitrary range of IP addresses."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:913 original/man8/iptables.8:837
+#, no-wrap
+msgid "[B<!>] B<--src-range> I<from>[B<->I<to>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:916 original/man8/iptables.8:840
+msgid "Match source IP in the specified range."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:916 original/man8/iptables.8:840
+#, no-wrap
+msgid "[B<!>] B<--dst-range> I<from>[B<->I<to>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:919 original/man8/iptables.8:843
+msgid "Match destination IP in the specified range."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:919
+#, no-wrap
+msgid "ipv6header"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:921
+#, fuzzy
+#| msgid "This module matches the SPIs in AH header of IPSec packets."
+msgid "This module matches IPv6 extension headers and/or upper layer header."
+msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:921
+#, no-wrap
+msgid "B<--soft>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:925
+msgid ""
+"Matches if the packet includes B<any> of the headers specified with B<--"
+"header>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:925
+#, no-wrap
+msgid "[B<!>] B<--header> I<header>[B<,>I<header>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:930
+msgid ""
+"Matches the packet which EXACTLY includes all specified headers. The headers "
+"encapsulated with ESP header are out of scope. Possible I<header> types can "
+"be:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:930
+#, no-wrap
+msgid "B<hop>|B<hop-by-hop>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:933
+msgid "Hop-by-Hop Options header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:933
+#, no-wrap
+msgid "B<dst>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:936
+msgid "Destination Options header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:936
+#, no-wrap
+msgid "B<route>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:939
+msgid "Routing header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:939
+#, no-wrap
+msgid "B<frag>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:942
+msgid "Fragment header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:942
+#, no-wrap
+msgid "B<auth>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:945
+msgid "Authentication header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:945
+#, no-wrap
+msgid "B<esp>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:948
+msgid "Encapsulating Security Payload header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:948
+#, no-wrap
+msgid "B<none>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:952
+msgid ""
+"No Next header which matches 59 in the 'Next Header field' of IPv6 header or "
+"any IPv6 extension headers"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:952
+#, no-wrap
+msgid "B<proto>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:957
+msgid ""
+"which matches any upper layer protocol header. A protocol name from /etc/"
+"protocols and numeric value also allowed. The number 255 is equivalent to "
+"B<proto>."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:957 original/man8/iptables.8:843
+#, no-wrap
+msgid "ipvs"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:959 original/man8/iptables.8:845
+msgid "Match IPVS connection properties."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:959 original/man8/iptables.8:845
+#, fuzzy, no-wrap
+#| msgid "B<-c>, B<--counters>"
+msgid "[B<!>] B<--ipvs>"
+msgstr "B<-c>, B<--counters>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:962 original/man8/iptables.8:848
+msgid "packet belongs to an IPVS connection"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:962 original/man8/iptables.8:848
+#, no-wrap
+msgid "Any of the following options implies --ipvs (even negated)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:964 original/man8/iptables.8:850
+#, fuzzy, no-wrap
+#| msgid "B<-p, --protocol >[!] I<protocol>"
+msgid "[B<!>] B<--vproto> I<protocol>"
+msgstr "B<-p, --protocol >[!] I<protocol>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:967 original/man8/iptables.8:853
+#, fuzzy
+#| msgid "Protocol to match (by number or name)"
+msgid "VIP protocol to match; by number or name, e.g. \"tcp\""
+msgstr "(名前または数値で) 指定されたプロトコルにマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:967 original/man8/iptables.8:853
+#, fuzzy, no-wrap
+#| msgid "B<-s, --source >[!] I<address>[/I<mask>]"
+msgid "[B<!>] B<--vaddr> I<address>[B</>I<mask>]"
+msgstr "B<-s, --source >[!] I<address>[/I<mask>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:970 original/man8/iptables.8:856
+msgid "VIP address to match"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:970 original/man8/iptables.8:856
+#, fuzzy, no-wrap
+#| msgid "B<--ctproto >I<proto>"
+msgid "[B<!>] B<--vport> I<port>"
+msgstr "B<--ctproto >I<proto>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:973 original/man8/iptables.8:859
+#, fuzzy
+#| msgid "Protocol to match (by number or name)"
+msgid "VIP port to match; by number or name, e.g. \"http\""
+msgstr "(名前または数値で) 指定されたプロトコルにマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:973 original/man8/iptables.8:859
+#, no-wrap
+msgid "B<--vdir> {B<ORIGINAL>|B<REPLY>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:976 original/man8/iptables.8:862
+msgid "flow direction of packet"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:976 original/man8/iptables.8:862
+#, no-wrap
+msgid "[B<!>] B<--vmethod> {B<GATE>|B<IPIP>|B<MASQ>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:979 original/man8/iptables.8:865
+msgid "IPVS forwarding method used"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:979 original/man8/iptables.8:865
+#, no-wrap
+msgid "[B<!>] B<--vportctl> I<port>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:982 original/man8/iptables.8:868
+msgid "VIP port of the controlling connection to match, e.g. 21 for FTP"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:982 original/man8/iptables.8:868
+#, no-wrap
+msgid "length"
+msgstr "length"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:986 original/man8/iptables.8:872
+#, fuzzy
+#| msgid ""
+#| "This module matches the length of a packet against a specific value or "
+#| "range of values."
+msgid ""
+"This module matches the length of the layer-3 payload (e.g. layer-4 packet) "
+"of a packet against a specific value or range of values."
+msgstr "このモジュールは、指定されたパケット長、またはその範囲にマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:986 original/man8/iptables.8:872
+#, fuzzy, no-wrap
+#| msgid "B<--length >I<length>[:I<length>]"
+msgid "[B<!>] B<--length> I<length>[B<:>I<length>]"
+msgstr "B<--length >I<length>[:I<length>]"
+
+#. type: SS
+#: original/man8/ip6tables.8:988 original/man8/iptables.8:874
+#, no-wrap
+msgid "limit"
+msgstr "limit"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:994 original/man8/iptables.8:880
+#, fuzzy
+#| msgid ""
+#| "This module matches at a limited rate using a token bucket filter. A "
+#| "rule using this extension will match until this limit is reached (unless "
+#| "the `!' flag is used). It can be used in combination with the B<LOG> "
+#| "target to give limited logging, for example."
+msgid ""
+"This module matches at a limited rate using a token bucket filter. A rule "
+"using this extension will match until this limit is reached. It can be used "
+"in combination with the B<LOG> target to give limited logging, for example."
+msgstr ""
+"このモジュールは、トークンバケツフィルタを使い、 単位時間あたり制限され\n"
+"た回数だけマッチする。 この拡張を使ったルールは、(`!' フラグが指定され\n"
+"ない限り) 制限に達するまでマッチする。 例えば、このモジュールはログ記録\n"
+"を制限するために B<LOG> ターゲットと組み合わせて使うことができる。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:997 original/man8/iptables.8:883
+msgid ""
+"xt_limit has no negation support - you will have to use -m hashlimit ! --"
+"hashlimit I<rate> in this case whilst omitting --hashlimit-mode."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:997 original/man8/iptables.8:883
+#, no-wrap
+msgid "B<--limit> I<rate>[B</second>|B</minute>|B</hour>|B</day>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1002 original/man8/iptables.8:888
+msgid ""
+"Maximum average matching rate: specified as a number, with an optional `/"
+"second', `/minute', `/hour', or `/day' suffix; the default is 3/hour."
+msgstr ""
+"単位時間あたりの平均マッチ回数の最大値。 数値で指定され、添字 `/second', `/"
+"minute', `/hour', `/day' を付けることもできる。 デフォルトは 3/hour である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1002 original/man8/iptables.8:888
+#, fuzzy, no-wrap
+#| msgid "B<--limit-burst >I<number>"
+msgid "B<--limit-burst> I<number>"
+msgstr "B<--limit-burst >I<number>"
+
+#. type: SS
+#: original/man8/ip6tables.8:1007 original/man8/iptables.8:893
+#, no-wrap
+msgid "mac"
+msgstr "mac"
+
+#. type: TP
+#: original/man8/ip6tables.8:1008 original/man8/iptables.8:894
+#, fuzzy, no-wrap
+#| msgid "B<--mac-source >[!] I<address>"
+msgid "[B<!>] B<--mac-source> I<address>"
+msgstr "B<--mac-source >[!] I<address>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1018 original/man8/iptables.8:904
+msgid ""
+"Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note "
+"that this only makes sense for packets coming from an Ethernet device and "
+"entering the B<PREROUTING>, B<FORWARD> or B<INPUT> chains."
+msgstr ""
+"送信元 MAC アドレスにマッチする。 I<address> は XX:XX:XX:XX:XX:XX と\n"
+"いう形式でなければならない。イーサーネットデバイスから入ってくるパケッ\n"
+"トで、 B<PREROUTING>, B<FORWARD>, B<INPUT> チェインに入るパケットにしか\n"
+"意味がない。"
+
+#. type: SS
+#: original/man8/ip6tables.8:1018 original/man8/iptables.8:904
+#, no-wrap
+msgid "mark"
+msgstr "mark"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1023 original/man8/iptables.8:909
+msgid ""
+"This module matches the netfilter mark field associated with a packet (which "
+"can be set using the B<MARK> target below)."
+msgstr ""
+"このモジュールはパケットに関連づけられた netfilter の mark フィールドにマッチ"
+"する (このフィールドは、以下の B<MARK> ターゲットで設定される)。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1028 original/man8/iptables.8:914
+#, fuzzy
+#| msgid ""
+#| "Matches packets with the given unsigned mark value (if a mask is "
+#| "specified, this is logically ANDed with the mask before the comparison)."
+msgid ""
+"Matches packets with the given unsigned mark value (if a I<mask> is "
+"specified, this is logically ANDed with the I<mask> before the comparison)."
+msgstr ""
+"指定された符号なし mark 値のパケットにマッチする (mask が指定されると、比較の"
+"前に mask との論理積 (AND) がとられる)。"
+
+#. type: SS
+#: original/man8/ip6tables.8:1028
+#, no-wrap
+msgid "mh"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1031
+#, fuzzy
+#| msgid ""
+#| "This extension is loaded if `--protocol ipv6-icmp' or `--protocol icmpv6' "
+#| "is specified. It provides the following option:"
+msgid ""
+"This extension is loaded if `--protocol ipv6-mh' or `--protocol mh' is "
+"specified. It provides the following option:"
+msgstr ""
+"これらの拡張は `--protocol ipv6-icmp' または `--protocol icmpv6' が指定された"
+"場合にロードされ、 以下のオプションが提供される:"
+
+#. type: TP
+#: original/man8/ip6tables.8:1031
+#, no-wrap
+msgid "[B<!>] B<--mh-type> I<type>[B<:>I<type>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1038
+#, fuzzy
+#| msgid ""
+#| "This allows specification of the ICMP type, which can be a numeric ICMP "
+#| "type, or one of the ICMP type names shown by the command"
+msgid ""
+"This allows specification of the Mobility Header(MH) type, which can be a "
+"numeric MH I<type>, I<type> or one of the MH type names shown by the command"
+msgstr ""
+"ICMP タイプを指定できる。タイプ指定には、 数値の ICMP タイプ、または以下のコ"
+"マンド で表示される ICMP タイプ名を指定できる。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1040
+#, fuzzy, no-wrap
+#| msgid " ip6tables -p ipv6-icmp -h\n"
+msgid " ip6tables -p ipv6-mh -h\n"
+msgstr " ip6tables -p ipv6-icmp -h\n"
+
+#. type: SS
+#: original/man8/ip6tables.8:1041 original/man8/iptables.8:914
+#, no-wrap
+msgid "multiport"
+msgstr "multiport"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1048 original/man8/iptables.8:921
+#, fuzzy
+#| msgid ""
+#| "This module matches a set of source or destination ports. Up to 15 ports "
+#| "can be specified. It can only be used in conjunction with B<-p tcp> or "
+#| "B<-p udp>."
+msgid ""
+"This module matches a set of source or destination ports. Up to 15 ports "
+"can be specified. A port range (port:port) counts as two ports. It can "
+"only be used in conjunction with B<-p tcp> or B<-p udp>."
+msgstr ""
+"このモジュールは送信元や送信先のポートの集合にマッチする。 ポートは 15 個まで"
+"指定できる。 このモジュールは B<-p tcp> または B<-p udp> と組み合わせて使うこ"
+"としかできない。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1048 original/man8/iptables.8:921
+#, fuzzy, no-wrap
+#| msgid "B<--source-ports >I<port>[,I<port>[,I<port>...]]"
+msgid "[B<!>] B<--source-ports>,B<--sports> I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..."
+msgstr "B<--source-ports >I<port>[,I<port>[,I<port>...]]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1056 original/man8/iptables.8:929
+msgid ""
+"Match if the source port is one of the given ports. The flag B<--sports> is "
+"a convenient alias for this option. Multiple ports or port ranges are "
+"separated using a comma, and a port range is specified using a colon. "
+"B<53,1024:65535> would therefore match ports 53 and all from 1024 through "
+"65535."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1056 original/man8/iptables.8:929
+#, fuzzy, no-wrap
+#| msgid "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
+msgid "[B<!>] B<--destination-ports>,B<--dports> I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..."
+msgstr "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1061 original/man8/iptables.8:934
+msgid ""
+"Match if the destination port is one of the given ports. The flag B<--"
+"dports> is a convenient alias for this option."
+msgstr ""
+"宛先ポートが指定されたポートのうちのいずれかであればマッチする。\n"
+"フラグ B<--dports> は、このオプションの便利な別名である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1061 original/man8/iptables.8:934
+#, fuzzy, no-wrap
+#| msgid "B<--ports >I<port>[,I<port>[,I<port>...]]"
+msgid "[B<!>] B<--ports> I<port>[B<,>I<port>|B<,>I<port>B<:>I<port>]..."
+msgstr "B<--ports >I<port>[,I<port>[,I<port>...]]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1065 original/man8/iptables.8:938
+#, fuzzy
+#| msgid ""
+#| "Match if the both the source and destination ports are equal to each "
+#| "other and to one of the given ports."
+msgid ""
+"Match if either the source or destination ports are equal to one of the "
+"given ports."
+msgstr ""
+"送信元ポートと宛先ポートが等しく、 かつそのポートが指定されたポートの\n"
+"うちのいずれかであればマッチする。"
+
+#. type: SS
+#: original/man8/ip6tables.8:1065 original/man8/iptables.8:938
+#, no-wrap
+msgid "nfacct"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1069 original/man8/iptables.8:942
+msgid ""
+"The nfacct match provides the extended accounting infrastructure for "
+"iptables. You have to use this match together with the standalone user-"
+"space utility B<nfacct(8)>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1071 original/man8/iptables.8:944
+msgid "The only option available for this match is the following:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1071 original/man8/iptables.8:944
+#, fuzzy, no-wrap
+#| msgid "B<--cmd-owner >I<name>"
+msgid "B<--nfacct-name> I<name>"
+msgstr "B<--cmd-owner >I<name>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1075 original/man8/iptables.8:948
+msgid ""
+"This allows you to specify the existing object name that will be use for "
+"accounting the traffic that this rule-set is matching."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1077 original/man8/iptables.8:950
+msgid "To use this extension, you have to create an accounting object:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1079 original/man8/iptables.8:952
+msgid "nfacct add http-traffic"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1081 original/man8/iptables.8:954
+msgid "Then, you have to attach it to the accounting object via iptables:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1083 original/man8/iptables.8:956
+msgid ""
+"iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1085 original/man8/iptables.8:958
+msgid ""
+"iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1087 original/man8/iptables.8:960
+msgid "Then, you can check for the amount of traffic that the rules match:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1089 original/man8/iptables.8:962
+msgid "nfacct get http-traffic"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1091 original/man8/iptables.8:964
+msgid ""
+"{ pkts = 00000000000000000156, bytes = 00000000000000151786 } = http-traffic;"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1096 original/man8/iptables.8:969
+msgid ""
+"You can obtain B<nfacct(8)> from http://www.netfilter.org or, alternatively, "
+"from the git.netfilter.org repository."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1096 original/man8/iptables.8:1015
+#, no-wrap
+msgid "owner"
+msgstr "owner"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1101 original/man8/iptables.8:1020
+#, fuzzy
+#| msgid ""
+#| "This module attempts to match various characteristics of the packet "
+#| "creator, for locally-generated packets. It is only valid in the "
+#| "B<OUTPUT> chain, and even this some packets (such as ICMP ping responses) "
+#| "may have no owner, and hence never match."
+msgid ""
+"This module attempts to match various characteristics of the packet creator, "
+"for locally generated packets. This match is only valid in the OUTPUT and "
+"POSTROUTING chains. Forwarded packets do not have any socket associated with "
+"them. Packets from kernel threads do have a socket, but usually no owner."
+msgstr ""
+"このモジュールは、ローカルで生成されたパケットに付いて、 パケット生成者のいろ"
+"いろな特性に対してマッチを行う。 これは B<OUTPUT> チェインのみでしか有効でな"
+"い。 また、(ICMP ping 応答のような) パケットは、 所有者がいないので絶対にマッ"
+"チしない。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1101 original/man8/iptables.8:1020
+#, fuzzy, no-wrap
+#| msgid "B<--uid-owner >I<userid>"
+msgid "[B<!>] B<--uid-owner> I<username>"
+msgstr "B<--uid-owner >I<userid>"
+
+#. type: TP
+#: original/man8/ip6tables.8:1103 original/man8/iptables.8:1022
+#, fuzzy, no-wrap
+#| msgid "B<--uid-owner >I<userid>"
+msgid "[B<!>] B<--uid-owner> I<userid>[B<->I<userid>]"
+msgstr "B<--uid-owner >I<userid>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1107 original/man8/iptables.8:1026
+msgid ""
+"Matches if the packet socket's file structure (if it has one) is owned by "
+"the given user. You may also specify a numerical UID, or an UID range."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1107 original/man8/iptables.8:1026
+#, fuzzy, no-wrap
+#| msgid "B<--gid-owner >I<groupid>"
+msgid "[B<!>] B<--gid-owner> I<groupname>"
+msgstr "B<--gid-owner >I<groupid>"
+
+#. type: TP
+#: original/man8/ip6tables.8:1109 original/man8/iptables.8:1028
+#, fuzzy, no-wrap
+#| msgid "B<--gid-owner >I<groupid>"
+msgid "[B<!>] B<--gid-owner> I<groupid>[B<->I<groupid>]"
+msgstr "B<--gid-owner >I<groupid>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1113 original/man8/iptables.8:1032
+msgid ""
+"Matches if the packet socket's file structure is owned by the given group. "
+"You may also specify a numerical GID, or a GID range."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1113 original/man8/iptables.8:1032
+#, no-wrap
+msgid "[B<!>] B<--socket-exists>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1116 original/man8/iptables.8:1035
+#, fuzzy
+#| msgid ""
+#| "Matches if the packet was created by a process with the given process id."
+msgid "Matches if the packet is associated with a socket."
+msgstr ""
+"指定されたプロセス ID のプロセスにより パケットが生成されている場合にマッチす"
+"る。"
+
+#. type: SS
+#: original/man8/ip6tables.8:1116 original/man8/iptables.8:1035
+#, no-wrap
+msgid "physdev"
+msgstr "physdev"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1121 original/man8/iptables.8:1040
+msgid ""
+"This module matches on the bridge port input and output devices enslaved to "
"a bridge device. This module is a part of the infrastructure that enables a "
"transparent bridging IP firewall and is only useful for kernel versions "
"above version 2.5.44."
msgstr ""
-"このモジュールは、ブリッジデバイスのスレーブにされた、 ブリッジポートの入出力"
-"デバイスにマッチする。 このモジュールは、ブリッジによる透過的な IP ファイア"
-"ウォールの基盤の一部であり、 カーネルバージョン 2.5.44 以降でのみ有効である。"
+"このモジュールは、ブリッジデバイスのスレーブにされた、 ブリッジポートの入出力"
+"デバイスにマッチする。 このモジュールは、ブリッジによる透過的な IP ファイア"
+"ウォールの基盤の一部であり、 カーネルバージョン 2.5.44 以降でのみ有効である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1121 original/man8/iptables.8:1040
+#, fuzzy, no-wrap
+#| msgid "B<--physdev-in name>"
+msgid "[B<!>] B<--physdev-in> I<name>"
+msgstr "B<--physdev-in name>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1132 original/man8/iptables.8:1051
+msgid ""
+"Name of a bridge port via which a packet is received (only for packets "
+"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). If the "
+"interface name ends in a \"+\", then any interface which begins with this "
+"name will match. If the packet didn't arrive through a bridge device, this "
+"packet won't match this option, unless '!' is used."
+msgstr ""
+"パケットが受信されるブリッジのポート名 (B<INPUT>, B<FORWARD>, B<PREROUTING> "
+"チェインに入るパケットのみ)。 インターフェース名が \"+\" で終っている場合、 "
+"その名前で始まる任意のインターフェース名にマッチする。 ブリッジデバイスを通し"
+"て受け取られなかったパケットは、 \\&'!' が指定されていない限り、このオプショ"
+"ンにマッチしない。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1132 original/man8/iptables.8:1051
+#, fuzzy, no-wrap
+#| msgid "B<--physdev-out name>"
+msgid "[B<!>] B<--physdev-out> I<name>"
+msgstr "B<--physdev-out name>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1149 original/man8/iptables.8:1068
+#, fuzzy
+#| msgid ""
+#| "Name of a bridge port via which a packet is going to be sent (for packets "
+#| "entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). If the "
+#| "interface name ends in a \"+\", then any interface which begins with this "
+#| "name will match. Note that in the B<nat> and B<mangle> B<OUTPUT> chains "
+#| "one cannot match on the bridge output port, however one can in the "
+#| "B<filter OUTPUT> chain. If the packet won't leave by a bridge device or "
+#| "it is yet unknown what the output device will be, then the packet won't "
+#| "match this option, unless '!' is used."
+msgid ""
+"Name of a bridge port via which a packet is going to be sent (for packets "
+"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). If the "
+"interface name ends in a \"+\", then any interface which begins with this "
+"name will match. Note that in the B<nat> and B<mangle> B<OUTPUT> chains one "
+"cannot match on the bridge output port, however one can in the B<filter "
+"OUTPUT> chain. If the packet won't leave by a bridge device or if it is yet "
+"unknown what the output device will be, then the packet won't match this "
+"option, unless '!' is used."
+msgstr ""
+"パケットを送信することになるブリッジのポート名 (B<FORWARD>, B<OUTPUT>, "
+"B<POSTROUTING> チェインに入るパケットのみ)。 インターフェース名が \"+\" で"
+"終っている場合、 その名前で始まる任意のインターフェース名にマッチする。 "
+"B<nat> と B<mangle> テーブルの B<OUTPUT> チェインではブリッジの出力ポートに"
+"マッチさせることができないが、 B<filter> テーブルの B<OUPUT> チェインではマッ"
+"チ可能である。 パケットがブリッジデバイスから送られなかった場合、 またはパ"
+"ケットの出力デバイスが不明であった場合は、 \\&'!' が指定されていない限り、パ"
+"ケットはこのオプションにマッチしない。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1149 original/man8/iptables.8:1068
+#, fuzzy, no-wrap
+#| msgid "B<--physdev-is-in>"
+msgid "[B<!>] B<--physdev-is-in>"
+msgstr "B<--physdev-is-in>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1152 original/man8/iptables.8:1071
+msgid "Matches if the packet has entered through a bridge interface."
+msgstr "パケットがブリッジインターフェースに入った場合にマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1152 original/man8/iptables.8:1071
+#, fuzzy, no-wrap
+#| msgid "B<--physdev-is-out>"
+msgid "[B<!>] B<--physdev-is-out>"
+msgstr "B<--physdev-is-out>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1155 original/man8/iptables.8:1074
+msgid "Matches if the packet will leave through a bridge interface."
+msgstr "パケットがブリッジインターフェースから出ようとした場合にマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1155 original/man8/iptables.8:1074
+#, fuzzy, no-wrap
+#| msgid "B<--physdev-is-bridged>"
+msgid "[B<!>] B<--physdev-is-bridged>"
+msgstr "B<--physdev-is-bridged>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1159 original/man8/iptables.8:1078
+msgid ""
+"Matches if the packet is being bridged and therefore is not being routed. "
+"This is only useful in the FORWARD and POSTROUTING chains."
+msgstr ""
+"パケットがブリッジされることにより、 ルーティングされなかった場合にマッチす"
+"る。 これは FORWARD, POSTROUTING チェインにおいてのみ役立つ。"
+
+#. type: SS
+#: original/man8/ip6tables.8:1159 original/man8/iptables.8:1078
+#, no-wrap
+msgid "pkttype"
+msgstr "pkttype"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1161 original/man8/iptables.8:1080
+msgid "This module matches the link-layer packet type."
+msgstr "このモジュールは、リンク層のパケットタイプにマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1161 original/man8/iptables.8:1080
+#, fuzzy, no-wrap
+#| msgid "B<--pkt-type >I<[unicast|broadcast|multicast]>"
+msgid "[B<!>] B<--pkt-type> {B<unicast>|B<broadcast>|B<multicast>}"
+msgstr "B<--pkt-type >I<[unicast|broadcast|multicast]>"
+
+#. type: SS
+#: original/man8/ip6tables.8:1163 original/man8/iptables.8:1082
+#, no-wrap
+msgid "policy"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1165 original/man8/iptables.8:1084
+#, fuzzy
+#| msgid "This module matches the SPIs in AH header of IPSec packets."
+msgid "This modules matches the policy used by IPsec for handling a packet."
+msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1165 original/man8/iptables.8:1084
+#, no-wrap
+msgid "B<--dir> {B<in>|B<out>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1177 original/man8/iptables.8:1096
+msgid ""
+"Used to select whether to match the policy used for decapsulation or the "
+"policy that will be used for encapsulation. B<in> is valid in the "
+"B<PREROUTING, INPUT and FORWARD> chains, B<out> is valid in the "
+"B<POSTROUTING, OUTPUT and FORWARD> chains."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1177 original/man8/iptables.8:1096
+#, no-wrap
+msgid "B<--pol> {B<none>|B<ipsec>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1181 original/man8/iptables.8:1100
+msgid ""
+"Matches if the packet is subject to IPsec processing. B<--pol none> cannot "
+"be combined with B<--strict>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1181 original/man8/iptables.8:1100
+#, no-wrap
+msgid "B<--strict>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1185 original/man8/iptables.8:1104
+msgid ""
+"Selects whether to match the exact policy or match if any rule of the policy "
+"matches the given policy."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1189 original/man8/iptables.8:1108
+msgid ""
+"For each policy element that is to be described, one can use one or more of "
+"the following options. When B<--strict> is in effect, at least one must be "
+"used per element."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1189 original/man8/iptables.8:1108
+#, no-wrap
+msgid "[B<!>] B<--reqid> I<id>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1196 original/man8/iptables.8:1115
+msgid ""
+"Matches the reqid of the policy rule. The reqid can be specified with "
+"B<setkey(8)> using B<unique:id> as level."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1196 original/man8/iptables.8:1115
+#, fuzzy, no-wrap
+#| msgid "B<--ahspi >[!] I<spi>[:I<spi>]"
+msgid "[B<!>] B<--spi> I<spi>"
+msgstr "B<--ahspi >[!] I<spi>[:I<spi>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1199 original/man8/iptables.8:1118
+msgid "Matches the SPI of the SA."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1199 original/man8/iptables.8:1118
+#, no-wrap
+msgid "[B<!>] B<--proto> {B<ah>|B<esp>|B<ipcomp>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1202 original/man8/iptables.8:1121
+msgid "Matches the encapsulation protocol."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1202 original/man8/iptables.8:1121
+#, no-wrap
+msgid "[B<!>] B<--mode> {B<tunnel>|B<transport>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1205 original/man8/iptables.8:1124
+#, fuzzy
+#| msgid "Matches the given TTL value."
+msgid "Matches the encapsulation mode."
+msgstr "指定された TTL 値にマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1205 original/man8/iptables.8:1124
+#, fuzzy, no-wrap
+#| msgid "B<-s, --source >[!] I<address>[/I<mask>]"
+msgid "[B<!>] B<--tunnel-src> I<addr>[B</>I<mask>]"
+msgstr "B<-s, --source >[!] I<address>[/I<mask>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1209 original/man8/iptables.8:1128
+msgid ""
+"Matches the source end-point address of a tunnel mode SA. Only valid with "
+"B<--mode tunnel>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1209 original/man8/iptables.8:1128
+#, fuzzy, no-wrap
+#| msgid "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
+msgid "[B<!>] B<--tunnel-dst> I<addr>[B</>I<mask>]"
+msgstr "B<--ctrepldst >I<[!] address>B<[/>I<mask>B<]>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1213 original/man8/iptables.8:1132
+msgid ""
+"Matches the destination end-point address of a tunnel mode SA. Only valid "
+"with B<--mode tunnel>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1213 original/man8/iptables.8:1132
+#, no-wrap
+msgid "B<--next>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1217 original/man8/iptables.8:1136
+msgid ""
+"Start the next element in the policy specification. Can only be used with "
+"B<--strict>."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1217 original/man8/iptables.8:1136
+#, no-wrap
+msgid "quota"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1222 original/man8/iptables.8:1141
+msgid ""
+"Implements network quotas by decrementing a byte counter with each packet. "
+"The condition matches until the byte counter reaches zero. Behavior is "
+"reversed with negation (i.e. the condition does not match until the byte "
+"counter reaches zero)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1222 original/man8/iptables.8:1141
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "[B<!>] B<--quota> I<bytes>"
+msgstr "B<-t>, B<--table> B<tablename>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1225 original/man8/iptables.8:1144
+msgid "The quota in bytes."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1225 original/man8/iptables.8:1144
+#, no-wrap
+msgid "rateest"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1229 original/man8/iptables.8:1148
+msgid ""
+"The rate estimator can match on estimated rates as collected by the RATEEST "
+"target. It supports matching on absolute bps/pps values, comparing two rate "
+"estimators and matching on the difference between two rate estimators."
+msgstr ""
+
+#. * Absolute:
+#. type: Plain text
+#: original/man8/ip6tables.8:1233 original/man8/iptables.8:1152
+msgid ""
+"For a better understanding of the available options, these are all possible "
+"combinations:"
+msgstr ""
+
+#. type: IP
+#: original/man8/ip6tables.8:1233 original/man8/ip6tables.8:1235
+#: original/man8/ip6tables.8:1238 original/man8/ip6tables.8:1240
+#: original/man8/ip6tables.8:1243 original/man8/ip6tables.8:1245
+#: original/man8/ip6tables.8:1248 original/man8/ip6tables.8:1251
+#: original/man8/iptables.8:980 original/man8/iptables.8:983
+#: original/man8/iptables.8:986 original/man8/iptables.8:992
+#: original/man8/iptables.8:994 original/man8/iptables.8:996
+#: original/man8/iptables.8:1152 original/man8/iptables.8:1154
+#: original/man8/iptables.8:1157 original/man8/iptables.8:1159
+#: original/man8/iptables.8:1162 original/man8/iptables.8:1164
+#: original/man8/iptables.8:1167 original/man8/iptables.8:1170
+#, no-wrap
+msgid "\\(bu"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1235 original/man8/iptables.8:1154
+msgid "B<rateest> I<operator> B<rateest-bps>"
+msgstr ""
+
+#. * Absolute + Delta:
+#. type: Plain text
+#: original/man8/ip6tables.8:1238 original/man8/iptables.8:1157
+msgid "B<rateest> I<operator> B<rateest-pps>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1240 original/man8/iptables.8:1159
+msgid "(B<rateest> minus B<rateest-bps1>) I<operator> B<rateest-bps2>"
+msgstr ""
+
+#. * Relative:
+#. type: Plain text
+#: original/man8/ip6tables.8:1243 original/man8/iptables.8:1162
+msgid "(B<rateest> minus B<rateest-pps1>) I<operator> B<rateest-pps2>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1245 original/man8/iptables.8:1164
+msgid "B<rateest1> I<operator> B<rateest2> B<rateest-bps>(without rate!)"
+msgstr ""
+
+#. * Relative + Delta:
+#. type: Plain text
+#: original/man8/ip6tables.8:1248 original/man8/iptables.8:1167
+msgid "B<rateest1> I<operator> B<rateest2> B<rateest-pps>(without rate!)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1251 original/man8/iptables.8:1170
+msgid ""
+"(B<rateest1> minus B<rateest-bps1>) I<operator> (B<rateest2> minus B<rateest-"
+"bps2>)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1254 original/man8/iptables.8:1173
+msgid ""
+"(B<rateest1> minus B<rateest-pps1>) I<operator> (B<rateest2> minus B<rateest-"
+"pps2>)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1254 original/man8/iptables.8:1173
+#, no-wrap
+msgid "B<--rateest-delta>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1261 original/man8/iptables.8:1180
+msgid ""
+"For each estimator (either absolute or relative mode), calculate the "
+"difference between the estimator-determined flow rate and the static value "
+"chosen with the BPS/PPS options. If the flow rate is higher than the "
+"specified BPS/PPS, 0 will be used instead of a negative value. In other "
+"words, \"max(0, rateest#_rate - rateest#_bps)\" is used."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1261 original/man8/iptables.8:1180
+#, no-wrap
+msgid "[B<!>] B<--rateest-lt>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1264 original/man8/iptables.8:1183
+msgid "Match if rate is less than given rate/estimator."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1264 original/man8/iptables.8:1183
+#, no-wrap
+msgid "[B<!>] B<--rateest-gt>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1267 original/man8/iptables.8:1186
+msgid "Match if rate is greater than given rate/estimator."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1267 original/man8/iptables.8:1186
+#, no-wrap
+msgid "[B<!>] B<--rateest-eq>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1270 original/man8/iptables.8:1189
+msgid "Match if rate is equal to given rate/estimator."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1274 original/man8/iptables.8:1193
+msgid ""
+"In the so-called \"absolute mode\", only one rate estimator is used and "
+"compared against a static value, while in \"relative mode\", two rate "
+"estimators are compared against another."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1274 original/man8/iptables.8:1193
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "B<--rateest> I<name>"
+msgstr "B<-t>, B<--table> B<tablename>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1277 original/man8/iptables.8:1196
+msgid "Name of the one rate estimator for absolute mode."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1277 original/man8/iptables.8:1196
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "B<--rateest1> I<name>"
+msgstr "B<-t>, B<--table> B<tablename>"
+
+#. type: TP
+#: original/man8/ip6tables.8:1279 original/man8/iptables.8:1198
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "B<--rateest2> I<name>"
+msgstr "B<-t>, B<--table> B<tablename>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1282 original/man8/iptables.8:1201
+msgid "The names of the two rate estimators for relative mode."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1282 original/man8/iptables.8:1201
+#, fuzzy, no-wrap
+#| msgid "B<--set-mss >I<value>"
+msgid "B<--rateest-bps> [I<value>]"
+msgstr "B<--set-mss >I<value>"
+
+#. type: TP
+#: original/man8/ip6tables.8:1284 original/man8/iptables.8:1203
+#, fuzzy, no-wrap
+#| msgid "B<--set-mss >I<value>"
+msgid "B<--rateest-pps> [I<value>]"
+msgstr "B<--set-mss >I<value>"
+
+#. type: TP
+#: original/man8/ip6tables.8:1286 original/man8/iptables.8:1205
+#, fuzzy, no-wrap
+#| msgid "B<--set-mss >I<value>"
+msgid "B<--rateest-bps1> [I<value>]"
+msgstr "B<--set-mss >I<value>"
+
+#. type: TP
+#: original/man8/ip6tables.8:1288 original/man8/iptables.8:1207
+#, fuzzy, no-wrap
+#| msgid "B<--set-mss >I<value>"
+msgid "B<--rateest-bps2> [I<value>]"
+msgstr "B<--set-mss >I<value>"
+
+#. type: TP
+#: original/man8/ip6tables.8:1290 original/man8/iptables.8:1209
+#, fuzzy, no-wrap
+#| msgid "B<--set-mss >I<value>"
+msgid "B<--rateest-pps1> [I<value>]"
+msgstr "B<--set-mss >I<value>"
+
+#. type: TP
+#: original/man8/ip6tables.8:1292 original/man8/iptables.8:1211
+#, fuzzy, no-wrap
+#| msgid "B<--set-mss >I<value>"
+msgid "B<--rateest-pps2> [I<value>]"
+msgstr "B<--set-mss >I<value>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1298 original/man8/iptables.8:1217
+msgid ""
+"Compare the estimator(s) by bytes or packets per second, and compare against "
+"the chosen value. See the above bullet list for which option is to be used "
+"in which case. A unit suffix may be used - available ones are: bit, [kmgt]"
+"bit, [KMGT]ibit, Bps, [KMGT]Bps, [KMGT]iBps."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1302 original/man8/iptables.8:1221
+msgid ""
+"Example: This is what can be used to route outgoing data connections from an "
+"FTP server over two lines based on the available bandwidth at the time the "
+"data connection was started:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1304 original/man8/iptables.8:1223
+msgid "# Estimate outgoing rates"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1307 original/man8/iptables.8:1226
+msgid ""
+"iptables -t mangle -A POSTROUTING -o eth0 -j RATEEST --rateest-name eth0 --"
+"rateest-interval 250ms --rateest-ewma 0.5s"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1310 original/man8/iptables.8:1229
+msgid ""
+"iptables -t mangle -A POSTROUTING -o ppp0 -j RATEEST --rateest-name ppp0 --"
+"rateest-interval 250ms --rateest-ewma 0.5s"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1312 original/man8/iptables.8:1231
+msgid "# Mark based on available bandwidth"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1316 original/man8/iptables.8:1235
+msgid ""
+"iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper "
+"ftp -m rateest --rateest-delta --rateest1 eth0 --rateest-bps1 2.5mbit --"
+"rateest-gt --rateest2 ppp0 --rateest-bps2 2mbit -j CONNMARK --set-mark 1"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1320 original/man8/iptables.8:1239
+msgid ""
+"iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper "
+"ftp -m rateest --rateest-delta --rateest1 ppp0 --rateest-bps1 2mbit --"
+"rateest-gt --rateest2 eth0 --rateest-bps2 2.5mbit -j CONNMARK --set-mark 2"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1322 original/man8/iptables.8:1241
+msgid "iptables -t mangle -A balance -j CONNMARK --restore-mark"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1322 original/man8/iptables.8:1249
+#, no-wrap
+msgid "recent"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1325 original/man8/iptables.8:1252
+msgid ""
+"Allows you to dynamically create a list of IP addresses and then match "
+"against that list in a few different ways."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1329 original/man8/iptables.8:1256
+msgid ""
+"For example, you can create a \"badguy\" list out of people attempting to "
+"connect to port 139 on your firewall and then DROP all future packets from "
+"them without considering them."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1332 original/man8/iptables.8:1259
+msgid ""
+"B<--set>, B<--rcheck>, B<--update> and B<--remove> are mutually exclusive."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1332 original/man8/iptables.8:1259
+#, fuzzy, no-wrap
+#| msgid "B<--cmd-owner >I<name>"
+msgid "B<--name> I<name>"
+msgstr "B<--cmd-owner >I<name>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1336 original/man8/iptables.8:1263
+msgid ""
+"Specify the list to use for the commands. If no name is given then "
+"B<DEFAULT> will be used."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1336 original/man8/iptables.8:1263
+#, fuzzy, no-wrap
+#| msgid "B<-v, --verbose>"
+msgid "[B<!>] B<--set>"
+msgstr "B<-v, --verbose>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1341 original/man8/iptables.8:1268
+msgid ""
+"This will add the source address of the packet to the list. If the source "
+"address is already in the list, this will update the existing entry. This "
+"will always return success (or failure if B<!> is passed in)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1341 original/man8/iptables.8:1268
+#, no-wrap
+msgid "B<--rsource>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1345 original/man8/iptables.8:1272
+msgid ""
+"Match/save the source address of each packet in the recent list table. This "
+"is the default."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1345 original/man8/iptables.8:1272
+#, fuzzy, no-wrap
+#| msgid "B<--physdev-is-out>"
+msgid "B<--rdest>"
+msgstr "B<--physdev-is-out>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1348 original/man8/iptables.8:1275
+msgid ""
+"Match/save the destination address of each packet in the recent list table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1348 original/man8/iptables.8:1275
+#, fuzzy, no-wrap
+#| msgid "B<-c>, B<--counters>"
+msgid "[B<!>] B<--rcheck>"
+msgstr "B<-c>, B<--counters>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1351 original/man8/iptables.8:1278
+msgid "Check if the source address of the packet is currently in the list."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1351 original/man8/iptables.8:1278
+#, fuzzy, no-wrap
+#| msgid "B<-c>, B<--counters>"
+msgid "[B<!>] B<--update>"
+msgstr "B<-c>, B<--counters>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1355 original/man8/iptables.8:1282
+msgid ""
+"Like B<--rcheck>, except it will update the \"last seen\" timestamp if it "
+"matches."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1355 original/man8/iptables.8:1282
+#, fuzzy, no-wrap
+#| msgid "B<-v, --verbose>"
+msgid "[B<!>] B<--remove>"
+msgstr "B<-v, --verbose>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1360 original/man8/iptables.8:1287
+msgid ""
+"Check if the source address of the packet is currently in the list and if so "
+"that address will be removed from the list and the rule will return true. If "
+"the address is not found, false is returned."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1360 original/man8/iptables.8:1287
+#, fuzzy, no-wrap
+#| msgid "B<--set-tos >I<tos>"
+msgid "B<--seconds> I<seconds>"
+msgstr "B<--set-tos >I<tos>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1365 original/man8/iptables.8:1292
+msgid ""
+"This option must be used in conjunction with one of B<--rcheck> or B<--"
+"update>. When used, this will narrow the match to only happen when the "
+"address is in the list and was seen within the last given number of seconds."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1365 original/man8/iptables.8:1292
+#, no-wrap
+msgid "B<--reap>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1370 original/man8/iptables.8:1297
+msgid ""
+"This option can only be used in conjunction with B<--seconds>. When used, "
+"this will cause entries older than the last given number of seconds to be "
+"purged."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1370 original/man8/iptables.8:1297
+#, fuzzy, no-wrap
+#| msgid "B<--tos >I<tos>"
+msgid "B<--hitcount> I<hits>"
+msgstr "B<--tos >I<tos>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1380 original/man8/iptables.8:1307
+msgid ""
+"This option must be used in conjunction with one of B<--rcheck> or B<--"
+"update>. When used, this will narrow the match to only happen when the "
+"address is in the list and packets had been received greater than or equal "
+"to the given value. This option may be used along with B<--seconds> to "
+"create an even narrower match requiring a certain number of hits within a "
+"specific time frame. The maximum value for the hitcount parameter is given "
+"by the \"ip_pkt_list_tot\" parameter of the xt_recent kernel module. "
+"Exceeding this value on the command line will cause the rule to be rejected."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1380 original/man8/iptables.8:1307
+#, fuzzy, no-wrap
+#| msgid "B<--ttl >I<ttl>"
+msgid "B<--rttl>"
+msgstr "B<--ttl >I<ttl>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1388 original/man8/iptables.8:1315
+msgid ""
+"This option may only be used in conjunction with one of B<--rcheck> or B<--"
+"update>. When used, this will narrow the match to only happen when the "
+"address is in the list and the TTL of the current packet matches that of the "
+"packet which hit the B<--set> rule. This may be useful if you have problems "
+"with people faking their source address in order to DoS you via this module "
+"by disallowing others access to your site by sending bogus packets to you."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1392 original/man8/iptables.8:1319
+msgid ""
+"iptables -A FORWARD -m recent --name badguy --rcheck --seconds 60 -j DROP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1394 original/man8/iptables.8:1321
+msgid ""
+"iptables -A FORWARD -p tcp -i eth0 --dport 139 -m recent --name badguy --set "
+"-j DROP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1397 original/man8/iptables.8:1324
+msgid ""
+"Steve's ipt_recent website (http://snowman.net/projects/ipt_recent/) also "
+"has some examples of usage."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1400 original/man8/iptables.8:1327
+msgid ""
+"B</proc/net/xt_recent/*> are the current lists of addresses and information "
+"about each entry of each list."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1403 original/man8/iptables.8:1330
+msgid ""
+"Each file in B</proc/net/xt_recent/> can be read from to see the current "
+"list or written two using the following commands to modify the list:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1403 original/man8/iptables.8:1330
+#, no-wrap
+msgid "B<echo +>I<addr>B< E<gt>/proc/net/xt_recent/DEFAULT>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1406 original/man8/iptables.8:1333
+msgid "to add I<addr> to the DEFAULT list"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1406 original/man8/iptables.8:1333
+#, no-wrap
+msgid "B<echo ->I<addr>B< E<gt>/proc/net/xt_recent/DEFAULT>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1409 original/man8/iptables.8:1336
+msgid "to remove I<addr> from the DEFAULT list"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1409 original/man8/iptables.8:1336
+#, no-wrap
+msgid "B<echo / E<gt>/proc/net/xt_recent/DEFAULT>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1412 original/man8/iptables.8:1339
+msgid "to flush the DEFAULT list (remove all entries)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1414 original/man8/iptables.8:1341
+msgid "The module itself accepts parameters, defaults shown:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1414 original/man8/iptables.8:1341
+#, no-wrap
+msgid "B<ip_list_tot>=I<100>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1417 original/man8/iptables.8:1344
+msgid "Number of addresses remembered per table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1417 original/man8/iptables.8:1344
+#, no-wrap
+msgid "B<ip_pkt_list_tot>=I<20>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1420 original/man8/iptables.8:1347
+msgid "Number of packets per address remembered."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1420 original/man8/iptables.8:1347
+#, no-wrap
+msgid "B<ip_list_hash_size>=I<0>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1423 original/man8/iptables.8:1350
+msgid ""
+"Hash table size. 0 means to calculate it based on ip_list_tot, default: 512."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1423 original/man8/iptables.8:1350
+#, no-wrap
+msgid "B<ip_list_perms>=I<0644>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1426 original/man8/iptables.8:1353
+msgid "Permissions for /proc/net/xt_recent/* files."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1426 original/man8/iptables.8:1353
+#, no-wrap
+msgid "B<ip_list_uid>=I<0>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1429 original/man8/iptables.8:1356
+msgid "Numerical UID for ownership of /proc/net/xt_recent/* files."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1429 original/man8/iptables.8:1356
+#, no-wrap
+msgid "B<ip_list_gid>=I<0>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1432 original/man8/iptables.8:1359
+msgid "Numerical GID for ownership of /proc/net/xt_recent/* files."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1432 original/man8/iptables.8:1359
+#, fuzzy, no-wrap
+#| msgid "B<filter>:"
+msgid "rpfilter"
+msgstr "B<filter>:"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1441 original/man8/iptables.8:1368
+msgid ""
+"Performs a reverse path filter test on a packet. If a reply to the packet "
+"would be sent via the same interface that the packet arrived on, the packet "
+"will match. Note that, unlike the in-kernel rp_filter, packets protected by "
+"IPSec are not treated specially. Combine this match with the policy match "
+"if you want this. Also, packets arriving via the loopback interface are "
+"always permitted. This match can only be used in the PREROUTING chain of "
+"the raw or mangle table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1441 original/man8/iptables.8:1368
+#, fuzzy, no-wrap
+#| msgid "B<--tos >I<tos>"
+msgid "B<--loose>"
+msgstr "B<--tos >I<tos>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1445 original/man8/iptables.8:1372
+msgid ""
+"Used to specifiy that the reverse path filter test should match even if the "
+"selected output device is not the expected one."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1445 original/man8/iptables.8:1372
+#, no-wrap
+msgid "B<--validmark>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1448 original/man8/iptables.8:1375
+msgid ""
+"Also use the packets' nfmark value when performing the reverse path route "
+"lookup."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1448 original/man8/iptables.8:1375
+#, no-wrap
+msgid "B<--accept-local>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1455 original/man8/iptables.8:1382
+msgid ""
+"This will permit packets arriving from the network with a source address "
+"that is also assigned to the local machine. B<--invert> This will invert "
+"the sense of the match. Instead of matching packets that passed the reverse "
+"path filter test, match those that have failed it."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1457 original/man8/iptables.8:1384
+msgid "Example to log and drop packets failing the reverse path filter test:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1459 original/man8/iptables.8:1386
+#, fuzzy
+#| msgid " iptables -t nat -n -L\n"
+msgid "iptables -t raw -N RPFILTER"
+msgstr " iptables -t nat -n -L\n"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1461 original/man8/iptables.8:1388
+msgid "iptables -t raw -A RPFILTER -m rpfilter -j RETURN"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1463 original/man8/iptables.8:1390
+msgid ""
+"iptables -t raw -A RPFILTER -m limit --limit 10/minute -j NFLOG --nflog-"
+"prefix \"rpfilter drop\""
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1465 original/man8/iptables.8:1392
+msgid "iptables -t raw -A RPFILTER -j DROP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1467 original/man8/iptables.8:1394
+msgid "iptables -t raw -A PREROUTING -j RPFILTER"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1469 original/man8/iptables.8:1396
+msgid "Example to drop failed packets, without logging:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1471 original/man8/iptables.8:1398
+msgid "iptables -t raw -A RPFILTER -m rpfilter --invert -j DROP"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1471
+#, no-wrap
+msgid "rt"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1473
+msgid "Match on IPv6 routing header"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1473
+#, fuzzy, no-wrap
+#| msgid "B<--icmp-type >[!] I<typename>"
+msgid "[B<!>] B<--rt-type> I<type>"
+msgstr "B<--icmp-type >[!] I<typename>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1476
+msgid "Match the type (numeric)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1476
+#, no-wrap
+msgid "[B<!>] B<--rt-segsleft> I<num>[B<:>I<num>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1479
+msgid "Match the `segments left' field (range)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1479
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "[B<!>] B<--rt-len> I<length>"
+msgstr "B<-t>, B<--table> B<tablename>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1482
+msgid "Match the length of this header."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1482
+#, no-wrap
+msgid "B<--rt-0-res>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1485
+msgid "Match the reserved field, too (type=0)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1485
+#, no-wrap
+msgid "B<--rt-0-addrs> I<addr>[B<,>I<addr>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1488
+msgid "Match type=0 addresses (list)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1488
+#, no-wrap
+msgid "B<--rt-0-not-strict>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1491
+msgid "List of type=0 addresses is not a strict list."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1491 original/man8/iptables.8:1398
+#, no-wrap
+msgid "sctp"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1496 original/man8/iptables.8:1403
+#, no-wrap
+msgid "[B<!>] B<--chunk-types> {B<all>|B<any>|B<only>} I<chunktype>[B<:>I<flags>] [...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1500 original/man8/iptables.8:1407
+msgid ""
+"The flag letter in upper case indicates that the flag is to match if set, in "
+"the lower case indicates to match if unset."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1502 original/man8/iptables.8:1409
+msgid ""
+"Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN "
+"SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE "
+"ASCONF ASCONF_ACK FORWARD_TSN"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1504 original/man8/iptables.8:1411
+msgid "chunk type available flags"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1506 original/man8/iptables.8:1413
+msgid "DATA I U B E i u b e"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1508 original/man8/iptables.8:1415
+msgid "ABORT T t"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1510 original/man8/iptables.8:1417
+msgid "SHUTDOWN_COMPLETE T t"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1512 original/man8/iptables.8:1419
+msgid "(lowercase means flag should be \"off\", uppercase means \"on\")"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1516 original/man8/iptables.8:1423
+msgid "iptables -A INPUT -p sctp --dport 80 -j DROP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1518 original/man8/iptables.8:1425
+msgid "iptables -A INPUT -p sctp --chunk-types any DATA,INIT -j DROP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1520 original/man8/iptables.8:1427
+msgid "iptables -A INPUT -p sctp --chunk-types any DATA:Be -j ACCEPT"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1520 original/man8/iptables.8:1427
+#, no-wrap
+msgid "set"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1522 original/man8/iptables.8:1429
+#, fuzzy
+#| msgid "This module matches the SPIs in AH header of IPSec packets."
+msgid "This module matches IP sets which can be defined by ipset(8)."
+msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1522 original/man8/iptables.8:1429
+#, no-wrap
+msgid "[B<!>] B<--match-set> I<setname> I<flag>[B<,>I<flag>]..."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1529 original/man8/iptables.8:1436
+msgid ""
+"where flags are the comma separated list of B<src> and/or B<dst> "
+"specifications and there can be no more than six of them. Hence the command"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1531 original/man8/iptables.8:1438
+#, fuzzy, no-wrap
+#| msgid " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+msgid " iptables -A FORWARD -m set --match-set test src,dst\n"
+msgstr " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1537 original/man8/iptables.8:1444
+msgid ""
+"will match packets, for which (if the set type is ipportmap) the source "
+"address and destination port pair can be found in the specified set. If the "
+"set type of the specified set is single dimension (for example ipmap), then "
+"the command will match packets for which the source address can be found in "
+"the specified set."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1540 original/man8/iptables.8:1447
+msgid ""
+"The option B<--match-set> can be replaced by B<--set> if that does not clash "
+"with an option of other extensions."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1543 original/man8/iptables.8:1450
+msgid ""
+"Use of -m set requires that ipset kernel support is provided, which, for "
+"standard kernels, is the case since Linux 2.6.39."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1543 original/man8/iptables.8:1450
+#, no-wrap
+msgid "socket"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1546 original/man8/iptables.8:1453
+msgid ""
+"This matches if an open socket can be found by doing a socket lookup on the "
+"packet."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1546 original/man8/iptables.8:1453
+#, no-wrap
+msgid "B<--transparent>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1549 original/man8/iptables.8:1456
+msgid "Ignore non-transparent sockets."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1549 original/man8/iptables.8:1456
+#, no-wrap
+msgid "state"
+msgstr "state"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1552 original/man8/iptables.8:1459
+msgid ""
+"This module, when combined with connection tracking, allows access to the "
+"connection tracking state for this packet."
+msgstr ""
+"このモジュールは、接続追跡 (connection tracking) と組み合わせて用いると、 パ"
+"ケットについての接続追跡状態を知ることができる。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1552 original/man8/iptables.8:1459
+#, fuzzy, no-wrap
+#| msgid "B<--state >I<state>"
+msgid "[B<!>] B<--state> I<state>"
+msgstr "B<--state >I<state>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1574 original/man8/iptables.8:1481
+#, fuzzy
+#| msgid ""
+#| "Where state is a comma separated list of the connection states to match. "
+#| "Possible states are B<INVALID> meaning that the packet could not be "
+#| "identified for some reason which includes running out of memory and ICMP "
+#| "errors which don't correspond to any known connection, B<ESTABLISHED> "
+#| "meaning that the packet is associated with a connection which has seen "
+#| "packets in both directions, B<NEW> meaning that the packet has started a "
+#| "new connection, or otherwise associated with a connection which has not "
+#| "seen packets in both directions, and B<RELATED> meaning that the packet "
+#| "is starting a new connection, but is associated with an existing "
+#| "connection, such as an FTP data transfer, or an ICMP error."
+msgid ""
+"Where state is a comma separated list of the connection states to match. "
+"Possible states are B<INVALID> meaning that the packet could not be "
+"identified for some reason which includes running out of memory and ICMP "
+"errors which don't correspond to any known connection, B<ESTABLISHED> "
+"meaning that the packet is associated with a connection which has seen "
+"packets in both directions, B<NEW> meaning that the packet has started a new "
+"connection, or otherwise associated with a connection which has not seen "
+"packets in both directions, and B<RELATED> meaning that the packet is "
+"starting a new connection, but is associated with an existing connection, "
+"such as an FTP data transfer, or an ICMP error. B<UNTRACKED> meaning that "
+"the packet is not tracked at all, which happens if you use the NOTRACK "
+"target in raw table."
+msgstr ""
+"state は、マッチングを行うための、コンマで区切られた接続状態のリストである。 "
+"指定可能な state は以下の通り。 B<INVALID>: このパケットは既知の接続と関係し"
+"ていない。 B<ESTABLISHED>: このパケットは、過去双方向にパケットがやり取りされ"
+"た接続に属するパケットである。 B<NEW>: このパケットが新しい接続を開始した"
+"か、 双方向にはパケットがやり取りされていない接続に属するパケットである。 "
+"B<RELATED>: このパケットが新しい接続を開始しているが、 FTP データ転送や ICMP "
+"エラーのように、既存の接続に関係している。"
+
+#. type: SS
+#: original/man8/ip6tables.8:1574 original/man8/iptables.8:1481
+#, no-wrap
+msgid "statistic"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1579 original/man8/iptables.8:1486
+msgid ""
+"This module matches packets based on some statistic condition. It supports "
+"two distinct modes settable with the B<--mode> option."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1581 original/man8/iptables.8:1488
+msgid "Supported options:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1581 original/man8/iptables.8:1488
+#, fuzzy, no-wrap
+#| msgid "B<--cmd-owner >I<name>"
+msgid "B<--mode> I<mode>"
+msgstr "B<--cmd-owner >I<name>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1587 original/man8/iptables.8:1494
+msgid ""
+"Set the matching mode of the matching rule, supported modes are B<random> "
+"and B<nth.>"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1587 original/man8/iptables.8:1494
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "[B<!>] B<--probability> I<p>"
+msgstr "B<-t>, B<--table> B<tablename>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1592 original/man8/iptables.8:1499
+msgid ""
+"Set the probability for a packet to be randomly matched. It only works with "
+"the B<random> mode. I<p> must be within 0.0 and 1.0. The supported "
+"granularity is in 1/2147483648th increments."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1592 original/man8/iptables.8:1499
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "[B<!>] B<--every> I<n>"
+msgstr "B<-t>, B<--table> B<tablename>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1599 original/man8/iptables.8:1506
+msgid ""
+"Match one packet every nth packet. It works only with the B<nth> mode (see "
+"also the B<--packet> option)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1599 original/man8/iptables.8:1506
+#, no-wrap
+msgid "B<--packet> I<p>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1604 original/man8/iptables.8:1511
+msgid ""
+"Set the initial counter value (0 E<lt>= p E<lt>= n-1, default 0) for the "
+"B<nth> mode."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1604 original/man8/iptables.8:1511
+#, no-wrap
+msgid "string"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1606 original/man8/iptables.8:1513
+msgid ""
+"This modules matches a given string by using some pattern matching strategy. "
+"It requires a linux kernel E<gt>= 2.6.14."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1606 original/man8/iptables.8:1513
+#, no-wrap
+msgid "B<--algo> {B<bm>|B<kmp>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1609 original/man8/iptables.8:1516
+msgid ""
+"Select the pattern matching strategy. (bm = Boyer-Moore, kmp = Knuth-Pratt-"
+"Morris)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1609 original/man8/iptables.8:1516
+#, fuzzy, no-wrap
+#| msgid "B<--tos >I<tos>"
+msgid "B<--from> I<offset>"
+msgstr "B<--tos >I<tos>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1612 original/man8/iptables.8:1519
+msgid ""
+"Set the offset from which it starts looking for any matching. If not passed, "
+"default is 0."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1612 original/man8/iptables.8:1519
+#, fuzzy, no-wrap
+#| msgid "B<--tos >I<tos>"
+msgid "B<--to> I<offset>"
+msgstr "B<--tos >I<tos>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1617 original/man8/iptables.8:1524
+msgid ""
+"Set the offset up to which should be scanned. That is, byte I<offset>-1 "
+"(counting from 0) is the last one that is scanned. If not passed, default "
+"is the packet size."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1617 original/man8/iptables.8:1524
+#, no-wrap
+msgid "[B<!>] B<--string> I<pattern>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1620 original/man8/iptables.8:1527
+#, fuzzy
+#| msgid "Matches the given TTL value."
+msgid "Matches the given pattern."
+msgstr "指定された TTL 値にマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1620 original/man8/iptables.8:1527
+#, no-wrap
+msgid "[B<!>] B<--hex-string> I<pattern>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1623 original/man8/iptables.8:1530
+#, fuzzy
+#| msgid "Matches the given TTL value."
+msgid "Matches the given pattern in hex notation."
+msgstr "指定された TTL 値にマッチする。"
+
+#. type: SS
+#: original/man8/ip6tables.8:1623 original/man8/iptables.8:1530
+#, no-wrap
+msgid "tcp"
+msgstr "tcp"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1626 original/man8/iptables.8:1533
+#, fuzzy
+#| msgid ""
+#| "These extensions are loaded if `--protocol tcp' is specified. It provides "
+#| "the following options:"
+msgid ""
+"These extensions can be used if `--protocol tcp' is specified. It provides "
+"the following options:"
+msgstr ""
+"これらの拡張は `--protocol tcp' が指定され場合にロードされ、 以下のオプション"
+"が提供される:"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1637 original/man8/iptables.8:1544
+#, fuzzy
+#| msgid ""
+#| "Source port or port range specification. This can either be a service "
+#| "name or a port number. An inclusive range can also be specified, using "
+#| "the format I<port>:I<port>. If the first port is omitted, \"0\" is "
+#| "assumed; if the last is omitted, \"65535\" is assumed. If the second "
+#| "port greater then the first they will be swapped. The flag B<--sport> is "
+#| "a convenient alias for this option."
+msgid ""
+"Source port or port range specification. This can either be a service name "
+"or a port number. An inclusive range can also be specified, using the format "
+"I<first>B<:>I<last>. If the first port is omitted, \"0\" is assumed; if the "
+"last is omitted, \"65535\" is assumed. If the first port is greater than "
+"the second one they will be swapped. The flag B<--sport> is a convenient "
+"alias for this option."
+msgstr ""
+"送信元ポートまたはポート範囲の指定。 サービス名またはポート番号を指定で\n"
+"きる。 I<port>:I<port> という形式で、2 つの番号を含む範囲を指定すること\n"
+"もできる。 最初のポートを省略した場合、\"0\" を仮定する。 最後のポートを\n"
+"省略した場合、\"65535\" を仮定する。 最初のポートが最後のポートより大きい\n"
+"場合、2 つは入れ換えられる。 フラグ B<--sport> は、このオプションの便利\n"
+"な別名である。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1642 original/man8/iptables.8:1549
+msgid ""
+"Destination port or port range specification. The flag B<--dport> is a "
+"convenient alias for this option."
+msgstr ""
+"送信先ポートまたはポート範囲の指定。 フラグ B<--dport> は、このオプションの便"
+"利な別名である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1642 original/man8/iptables.8:1549
+#, fuzzy, no-wrap
+#| msgid "B<--tcp-flags >[!] I<mask> I<comp>"
+msgid "[B<!>] B<--tcp-flags> I<mask> I<comp>"
+msgstr "B<--tcp-flags >[!] I<mask> I<comp>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1650 original/man8/iptables.8:1557
+#, fuzzy
+#| msgid ""
+#| "Match when the TCP flags are as specified. The first argument is the "
+#| "flags which we should examine, written as a comma-separated list, and the "
+#| "second argument is a comma-separated list of flags which must be set. "
+#| "Flags are: B<SYN ACK FIN RST URG PSH ALL NONE>. Hence the command"
+msgid ""
+"Match when the TCP flags are as specified. The first argument I<mask> is "
+"the flags which we should examine, written as a comma-separated list, and "
+"the second argument I<comp> is a comma-separated list of flags which must be "
+"set. Flags are: B<SYN ACK FIN RST URG PSH ALL NONE>. Hence the command"
+msgstr ""
+"TCP フラグが指定されたものと等しい場合にマッチする。 第 1 引き数は評価\n"
+"対象とするフラグで、コンマ区切りのリストである。 第 2 引き数は必ず設定\n"
+"しなければならないフラグで、コンマ区切りのリストである。 指定できるフラ\n"
+"グは B<SYN ACK FIN RST URG PSH ALL NONE> である。 よって、コマンド"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1652 original/man8/iptables.8:1559
+#, no-wrap
+msgid " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+msgstr " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1655 original/man8/iptables.8:1562
+msgid ""
+"will only match packets with the SYN flag set, and the ACK, FIN and RST "
+"flags unset."
+msgstr ""
+"は、SYN フラグが設定され ACK, FIN, RST フラグが設定されていない パケットにの"
+"みマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1655 original/man8/iptables.8:1562
+#, fuzzy, no-wrap
+#| msgid "B<[!] --syn>"
+msgid "[B<!>] B<--syn>"
+msgstr "B<[!] --syn>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1665 original/man8/iptables.8:1572
+#, fuzzy
+#| msgid ""
+#| "Only match TCP packets with the SYN bit set and the ACK and RST bits "
+#| "cleared. Such packets are used to request TCP connection initiation; for "
+#| "example, blocking such packets coming in an interface will prevent "
+#| "incoming TCP connections, but outgoing TCP connections will be "
+#| "unaffected. It is equivalent to B<--tcp-flags SYN,RST,ACK SYN>. If the "
+#| "\"!\" flag precedes the \"--syn\", the sense of the option is inverted."
+msgid ""
+"Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits "
+"cleared. Such packets are used to request TCP connection initiation; for "
+"example, blocking such packets coming in an interface will prevent incoming "
+"TCP connections, but outgoing TCP connections will be unaffected. It is "
+"equivalent to B<--tcp-flags SYN,RST,ACK,FIN SYN>. If the \"!\" flag "
+"precedes the \"--syn\", the sense of the option is inverted."
+msgstr ""
+"SYN ビットが設定され ACK と RST ビットがクリアされている TCP パケットに\n"
+"のみマッチする。このようなパケットは TCP 接続の開始要求に使われる。例え\n"
+"ば、あるインターフェースに入ってくるこのようなパケットをブロックすれば、\n"
+"内側への TCP 接続は禁止されるが、外側への TCP 接続には影響しない。 これ\n"
+"は B<--tcp-flags SYN,RST,ACK SYN> と等しい。 \"--syn\" の前に \"!\" フラグ\n"
+"を置くと、 SYN ビットがクリアされ ACK と RST ビットが設定されている\n"
+"TCP パケットにのみマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1665 original/man8/iptables.8:1572
+#, fuzzy, no-wrap
+#| msgid "B<--tcp-option >[!] I<number>"
+msgid "[B<!>] B<--tcp-option> I<number>"
+msgstr "B<--tcp-option >[!] I<number>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1668 original/man8/iptables.8:1575
+msgid "Match if TCP option set."
+msgstr "TCP オプションが設定されている場合にマッチする。"
+
+#. type: SS
+#: original/man8/ip6tables.8:1668 original/man8/iptables.8:1575
+#, no-wrap
+msgid "tcpmss"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1670 original/man8/iptables.8:1577
+msgid ""
+"This matches the TCP MSS (maximum segment size) field of the TCP header. "
+"You can only use this on TCP SYN or SYN/ACK packets, since the MSS is only "
+"negotiated during the TCP handshake at connection startup time."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1670 original/man8/iptables.8:1577
+#, fuzzy, no-wrap
+#| msgid "B<--mss >I<value>[:I<value>]"
+msgid "[B<!>] B<--mss> I<value>[B<:>I<value>]"
+msgstr "B<--mss >I<value>[:I<value>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1673 original/man8/iptables.8:1580
+#, fuzzy
+#| msgid "Matches the given TTL value."
+msgid "Match a given TCP MSS value or range."
+msgstr "指定された TTL 値にマッチする。"
+
+#. type: SS
+#: original/man8/ip6tables.8:1673 original/man8/iptables.8:1580
+#, no-wrap
+msgid "time"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1677 original/man8/iptables.8:1584
+msgid ""
+"This matches if the packet arrival time/date is within a given range. All "
+"options are optional, but are ANDed when specified. All times are "
+"interpreted as UTC by default."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1677 original/man8/iptables.8:1584
+#, no-wrap
+msgid "B<--datestart> I<YYYY>[B<->I<MM>[B<->I<DD>[B<T>I<hh>[B<:>I<mm>[B<:>I<ss>]]]]]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1679 original/man8/iptables.8:1586
+#, no-wrap
+msgid "B<--datestop> I<YYYY>[B<->I<MM>[B<->I<DD>[B<T>I<hh>[B<:>I<mm>[B<:>I<ss>]]]]]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1683 original/man8/iptables.8:1590
+msgid ""
+"Only match during the given time, which must be in ISO 8601 \"T\" notation. "
+"The possible time range is 1970-01-01T00:00:00 to 2038-01-19T04:17:07."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1686 original/man8/iptables.8:1593
+msgid ""
+"If --datestart or --datestop are not specified, it will default to "
+"1970-01-01 and 2038-01-19, respectively."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1686 original/man8/iptables.8:1593
+#, no-wrap
+msgid "B<--timestart> I<hh>B<:>I<mm>[B<:>I<ss>]"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1688 original/man8/iptables.8:1595
+#, no-wrap
+msgid "B<--timestop> I<hh>B<:>I<mm>[B<:>I<ss>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1693 original/man8/iptables.8:1600
+msgid ""
+"Only match during the given daytime. The possible time range is 00:00:00 to "
+"23:59:59. Leading zeroes are allowed (e.g. \"06:03\") and correctly "
+"interpreted as base-10."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1693 original/man8/iptables.8:1600
+#, no-wrap
+msgid "[B<!>] B<--monthdays> I<day>[B<,>I<day>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1699 original/man8/iptables.8:1606
+msgid ""
+"Only match on the given days of the month. Possible values are B<1> to "
+"B<31>. Note that specifying B<31> will of course not match on months which "
+"do not have a 31st day; the same goes for 28- or 29-day February."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1699 original/man8/iptables.8:1606
+#, no-wrap
+msgid "[B<!>] B<--weekdays> I<day>[B<,>I<day>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1705 original/man8/iptables.8:1612
+msgid ""
+"Only match on the given weekdays. Possible values are B<Mon>, B<Tue>, "
+"B<Wed>, B<Thu>, B<Fri>, B<Sat>, B<Sun>, or values from B<1> to B<7>, "
+"respectively. You may also use two-character variants (B<Mo>, B<Tu>, etc.)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1705 original/man8/iptables.8:1612
+#, no-wrap
+msgid "B<--kerneltz>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1709 original/man8/iptables.8:1616
+msgid ""
+"Use the kernel timezone instead of UTC to determine whether a packet meets "
+"the time regulations."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1715 original/man8/iptables.8:1622
+msgid ""
+"About kernel timezones: Linux keeps the system time in UTC, and always does "
+"so. On boot, system time is initialized from a referential time source. "
+"Where this time source has no timezone information, such as the x86 CMOS "
+"RTC, UTC will be assumed. If the time source is however not in UTC, "
+"userspace should provide the correct system time and timezone to the kernel "
+"once it has the information."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1726 original/man8/iptables.8:1633
+msgid ""
+"Local time is a feature on top of the (timezone independent) system time. "
+"Each process has its own idea of local time, specified via the TZ "
+"environment variable. The kernel also has its own timezone offset variable. "
+"The TZ userspace environment variable specifies how the UTC-based system "
+"time is displayed, e.g. when you run date(1), or what you see on your "
+"desktop clock. The TZ string may resolve to different offsets at different "
+"dates, which is what enables the automatic time-jumping in userspace. when "
+"DST changes. The kernel's timezone offset variable is used when it has to "
+"convert between non-UTC sources, such as FAT filesystems, to UTC (since the "
+"latter is what the rest of the system uses)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1735 original/man8/iptables.8:1642
+msgid ""
+"The caveat with the kernel timezone is that Linux distributions may ignore "
+"to set the kernel timezone, and instead only set the system time. Even if a "
+"particular distribution does set the timezone at boot, it is usually does "
+"not keep the kernel timezone offset - which is what changes on DST - up to "
+"date. ntpd will not touch the kernel timezone, so running it will not "
+"resolve the issue. As such, one may encounter a timezone that is always "
+"+0000, or one that is wrong half of the time of the year. As such, B<using --"
+"kerneltz is highly discouraged.>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1737 original/man8/iptables.8:1644
+msgid "EXAMPLES. To match on weekends, use:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1739 original/man8/iptables.8:1646
+msgid "-m time --weekdays Sa,Su"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1741 original/man8/iptables.8:1648
+msgid "Or, to match (once) on a national holiday block:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1743 original/man8/iptables.8:1650
+msgid "-m time --datestart 2007-12-24 --datestop 2007-12-27"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1746 original/man8/iptables.8:1653
+msgid ""
+"Since the stop time is actually inclusive, you would need the following stop "
+"time to not match the first second of the new day:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1748 original/man8/iptables.8:1655
+msgid "-m time --datestart 2007-01-01T17:00 --datestop 2007-01-01T23:59:59"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1750 original/man8/iptables.8:1657
+msgid "During lunch hour:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1752 original/man8/iptables.8:1659
+msgid "-m time --timestart 12:30 --timestop 13:30"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1754 original/man8/iptables.8:1661
+msgid "The fourth Friday in the month:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1756 original/man8/iptables.8:1663
+msgid "-m time --weekdays Fr --monthdays 22,23,24,25,26,27,28"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1760 original/man8/iptables.8:1667
+msgid ""
+"(Note that this exploits a certain mathematical property. It is not possible "
+"to say \"fourth Thursday OR fourth Friday\" in one rule. It is possible with "
+"multiple rules, though.)"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1760 original/man8/iptables.8:1667
+#, no-wrap
+msgid "tos"
+msgstr "tos"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1764 original/man8/iptables.8:1671
+#, fuzzy
+#| msgid ""
+#| "This module matches the 8 bits of Type of Service field in the IP header "
+#| "(ie. including the precedence bits)."
+msgid ""
+"This module matches the 8-bit Type of Service field in the IPv4 header (i."
+"e. including the \"Precedence\" bits) or the (also 8-bit) Priority field in "
+"the IPv6 header."
+msgstr ""
+"このモジュールは IP ヘッダーの 8 ビットの (つまり上位ビットを含む) Type of "
+"Service フィールドにマッチする。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1764 original/man8/iptables.8:1671
+#, fuzzy, no-wrap
+#| msgid "B<--mark >I<value>[/I<mask>]"
+msgid "[B<!>] B<--tos> I<value>[B</>I<mask>]"
+msgstr "B<--mark >I<value>[/I<mask>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1768 original/man8/iptables.8:1675
+#, fuzzy
+#| msgid ""
+#| "Matches packets with the given unsigned mark value (if a mask is "
+#| "specified, this is logically ANDed with the mask before the comparison)."
+msgid ""
+"Matches packets with the given TOS mark value. If a mask is specified, it is "
+"logically ANDed with the TOS mark before the comparison."
+msgstr ""
+"指定された符号なし mark 値のパケットにマッチする (mask が指定されると、比較の"
+"前に mask との論理積 (AND) がとられる)。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1768 original/man8/iptables.8:1675
+#, fuzzy, no-wrap
+#| msgid "B<--tos >I<tos>"
+msgid "[B<!>] B<--tos> I<symbol>"
+msgstr "B<--tos >I<tos>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1773 original/man8/iptables.8:1680
+msgid ""
+"You can specify a symbolic name when using the tos match for IPv4. The list "
+"of recognized TOS names can be obtained by calling iptables with B<-m tos -"
+"h>. Note that this implies a mask of 0x3F, i.e. all but the ECN bits."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1773 original/man8/iptables.8:1691
+#, no-wrap
+msgid "u32"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1777 original/man8/iptables.8:1695
+msgid ""
+"U32 tests whether quantities of up to 4 bytes extracted from a packet have "
+"specified values. The specification of what to extract is general enough to "
+"find data at given offsets from tcp headers or payloads."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1777 original/man8/iptables.8:1695
+#, no-wrap
+msgid "[B<!>] B<--u32> I<tests>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1780 original/man8/iptables.8:1698
+msgid "The argument amounts to a program in a small language described below."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1782 original/man8/iptables.8:1700
+msgid "tests := location \"=\" value | tests \"&&\" location \"=\" value"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1784 original/man8/iptables.8:1702
+msgid "value := range | value \",\" range"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1786 original/man8/iptables.8:1704
+msgid "range := number | number \":\" number"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1789 original/man8/iptables.8:1707
+msgid ""
+"a single number, I<n>, is interpreted the same as I<n:n>. I<n:m> is "
+"interpreted as the range of numbers B<E<gt>=n> and B<E<lt>=m>."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1791 original/man8/iptables.8:1709
+msgid "location := number | location operator number"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1793 original/man8/iptables.8:1711
+msgid "operator := \"&\" | \"E<lt>E<lt>\" | \"E<gt>E<gt>\" | \"@\""
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1798 original/man8/iptables.8:1716
+msgid ""
+"The operators B<&>, B<E<lt>E<lt>>, B<E<gt>E<gt>> and B<&&> mean the same as "
+"in C. The B<=> is really a set membership operator and the value syntax "
+"describes a set. The B<@> operator is what allows moving to the next header "
+"and is described further below."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1801 original/man8/iptables.8:1719
+msgid ""
+"There are currently some artificial implementation limits on the size of the "
+"tests:"
+msgstr ""
+
+#. type: IP
+#: original/man8/ip6tables.8:1801 original/man8/ip6tables.8:1803
+#: original/man8/ip6tables.8:1805 original/man8/iptables.8:1719
+#: original/man8/iptables.8:1721 original/man8/iptables.8:1723
+#, no-wrap
+msgid " *"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1803 original/man8/iptables.8:1721
+msgid "no more than 10 of \"B<=>\" (and 9 \"B<&&>\"s) in the u32 argument"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1805 original/man8/iptables.8:1723
+msgid "no more than 10 ranges (and 9 commas) per value"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1807 original/man8/iptables.8:1725
+msgid "no more than 10 numbers (and 9 operators) per location"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1810 original/man8/iptables.8:1728
+msgid ""
+"To describe the meaning of location, imagine the following machine that "
+"interprets it. There are three registers:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1812 original/man8/iptables.8:1730
+msgid "A is of type B<char *>, initially the address of the IP header"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1814 original/man8/iptables.8:1732
+msgid "B and C are unsigned 32 bit integers, initially zero"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1816 original/man8/iptables.8:1734
+msgid "The instructions are:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1818 original/man8/iptables.8:1736
+msgid "number B = number;"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1820 original/man8/iptables.8:1738
+msgid ""
+"C = (*(A+B)E<lt>E<lt>24) + (*(A+B+1)E<lt>E<lt>16) + (*(A+B+2)E<lt>E<lt>8) + *"
+"(A+B+3)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1822 original/man8/iptables.8:1740
+msgid "&number C = C & number"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1824 original/man8/iptables.8:1742
+msgid "E<lt>E<lt> number C = C E<lt>E<lt> number"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1826 original/man8/iptables.8:1744
+msgid "E<gt>E<gt> number C = C E<gt>E<gt> number"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1828 original/man8/iptables.8:1746
+msgid "@number A = A + C; then do the instruction number"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1831 original/man8/iptables.8:1749
+msgid ""
+"Any access of memory outside [skb-E<gt>data,skb-E<gt>end] causes the match "
+"to fail. Otherwise the result of the computation is the final value of C."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1835 original/man8/iptables.8:1753
+msgid ""
+"Whitespace is allowed but not required in the tests. However, the characters "
+"that do occur there are likely to require shell quoting, so it is a good "
+"idea to enclose the arguments in quotes."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1839 original/man8/iptables.8:1757
+msgid "match IP packets with total length E<gt>= 256"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1841 original/man8/iptables.8:1759
+msgid "The IP header contains a total length field in bytes 2-3."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1843 original/man8/iptables.8:1761
+msgid "--u32 \"B<0 & 0xFFFF = 0x100:0xFFFF>\""
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1845 original/man8/iptables.8:1763
+msgid "read bytes 0-3"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1848 original/man8/iptables.8:1766
+msgid ""
+"AND that with 0xFFFF (giving bytes 2-3), and test whether that is in the "
+"range [0x100:0xFFFF]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1850 original/man8/iptables.8:1768
+msgid "Example: (more realistic, hence more complicated)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1852 original/man8/iptables.8:1770
+msgid "match ICMP packets with icmp type 0"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1854 original/man8/iptables.8:1772
+msgid "First test that it is an ICMP packet, true iff byte 9 (protocol) = 1"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1856 original/man8/iptables.8:1774
+msgid "--u32 \"B<6 & 0xFF = 1 &&> ..."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1863 original/man8/iptables.8:1781
+msgid ""
+"read bytes 6-9, use B<&> to throw away bytes 6-8 and compare the result to "
+"1. Next test that it is not a fragment. (If so, it might be part of such a "
+"packet but we cannot always tell.) N.B.: This test is generally needed if "
+"you want to match anything beyond the IP header. The last 6 bits of byte 6 "
+"and all of byte 7 are 0 iff this is a complete packet (not a fragment). "
+"Alternatively, you can allow first fragments by only testing the last 5 bits "
+"of byte 6."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1865 original/man8/iptables.8:1783
+msgid "... B<4 & 0x3FFF = 0 &&> ..."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1869 original/man8/iptables.8:1787
+msgid ""
+"Last test: the first byte past the IP header (the type) is 0. This is where "
+"we have to use the @syntax. The length of the IP header (IHL) in 32 bit "
+"words is stored in the right half of byte 0 of the IP header itself."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1871 original/man8/iptables.8:1789
+msgid "... B<0 E<gt>E<gt> 22 & 0x3C @ 0 E<gt>E<gt> 24 = 0>\""
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1883 original/man8/iptables.8:1801
+msgid ""
+"The first 0 means read bytes 0-3, B<E<gt>E<gt>22> means shift that 22 bits "
+"to the right. Shifting 24 bits would give the first byte, so only 22 bits is "
+"four times that plus a few more bits. B<&3C> then eliminates the two extra "
+"bits on the right and the first four bits of the first byte. For instance, "
+"if IHL=5, then the IP header is 20 (4 x 5) bytes long. In this case, bytes "
+"0-1 are (in binary) xxxx0101 yyzzzzzz, B<E<gt>E<gt>22> gives the 10 bit "
+"value xxxx0101yy and B<&3C> gives 010100. B<@> means to use this number as a "
+"new offset into the packet, and read four bytes starting from there. This is "
+"the first 4 bytes of the ICMP payload, of which byte 0 is the ICMP type. "
+"Therefore, we simply shift the value 24 to the right to throw out all but "
+"the first byte and compare the result with 0."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1887 original/man8/iptables.8:1805
+msgid "TCP payload bytes 8-12 is any of 1, 2, 5 or 8"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1889 original/man8/iptables.8:1807
+msgid "First we test that the packet is a tcp packet (similar to ICMP)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1891 original/man8/iptables.8:1809
+msgid "--u32 \"B<6 & 0xFF = 6 &&> ..."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1893 original/man8/iptables.8:1811
+msgid "Next, test that it is not a fragment (same as above)."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1895 original/man8/iptables.8:1813
+msgid "... B<0 E<gt>E<gt> 22 & 0x3C @ 12 E<gt>E<gt> 26 & 0x3C @ 8 = 1,2,5,8>\""
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1903 original/man8/iptables.8:1821
+msgid ""
+"B<0E<gt>E<gt>22&3C> as above computes the number of bytes in the IP header. "
+"B<@> makes this the new offset into the packet, which is the start of the "
+"TCP header. The length of the TCP header (again in 32 bit words) is the left "
+"half of byte 12 of the TCP header. The B<12E<gt>E<gt>26&3C> computes this "
+"length in bytes (similar to the IP header before). \"@\" makes this the new "
+"offset, which is the start of the TCP payload. Finally, 8 reads bytes 8-12 "
+"of the payload and B<=> checks whether the result is any of 1, 2, 5 or 8."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1903 original/man8/iptables.8:1821
+#, no-wrap
+msgid "udp"
+msgstr "udp"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1906 original/man8/iptables.8:1824
+#, fuzzy
+#| msgid ""
+#| "These extensions are loaded if `--protocol udp' is specified. It "
+#| "provides the following options:"
+msgid ""
+"These extensions can be used if `--protocol udp' is specified. It provides "
+"the following options:"
+msgstr ""
+"これらの拡張は `--protocol udp' が指定された場合にロードされ、 以下のオプショ"
+"ンが提供される:"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1912 original/man8/iptables.8:1830
+msgid ""
+"Source port or port range specification. See the description of the B<--"
+"source-port> option of the TCP extension for details."
+msgstr ""
+"送信元ポートまたはポート範囲の指定。 詳細は TCP 拡張の B<--source-port> オプ"
+"ションの説明を参照すること。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1918 original/man8/iptables.8:1836
+msgid ""
+"Destination port or port range specification. See the description of the "
+"B<--destination-port> option of the TCP extension for details."
+msgstr ""
+"送信先ポートまたはポート範囲の指定。 詳細は TCP 拡張の B<--destination-port> "
+"オプションの説明を参照すること。"
+
+#. type: SH
+#: original/man8/ip6tables.8:1918 original/man8/iptables.8:1839
+#, no-wrap
+msgid "TARGET EXTENSIONS"
+msgstr "ターゲットの拡張"
+
+#. @TARGET@
+#. type: Plain text
+#: original/man8/ip6tables.8:1922
+msgid ""
+"ip6tables can use extended target modules: the following are included in the "
+"standard distribution."
+msgstr ""
+"iptables は拡張ターゲットモジュールを使うことができる: 以下のものが、標準的な"
+"ディストリビューションに含まれている。"
+
+#. type: SS
+#: original/man8/ip6tables.8:1922 original/man8/iptables.8:1843
+#, no-wrap
+msgid "AUDIT"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1926 original/man8/iptables.8:1847
+msgid ""
+"This target allows to create audit records for packets hitting the target. "
+"It can be used to record accepted, dropped, and rejected packets. See auditd"
+"(8) for additional details."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1926 original/man8/iptables.8:1847
+#, no-wrap
+msgid "B<--type> {B<accept>|B<drop>|B<reject>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1929 original/man8/iptables.8:1850
+msgid "Set type of audit record."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1933 original/man8/iptables.8:1854
+#, fuzzy
+#| msgid " iptables -j TOS -h\n"
+msgid "iptables -N AUDIT_DROP"
+msgstr " iptables -j TOS -h\n"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1935 original/man8/iptables.8:1856
+msgid "iptables -A AUDIT_DROP -j AUDIT --type drop"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1937 original/man8/iptables.8:1858
+#, fuzzy
+#| msgid " iptables -j TOS -h\n"
+msgid "iptables -A AUDIT_DROP -j DROP"
+msgstr " iptables -j TOS -h\n"
+
+#. type: SS
+#: original/man8/ip6tables.8:1937 original/man8/iptables.8:1858
+#, no-wrap
+msgid "CHECKSUM"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1940 original/man8/iptables.8:1861
+#, fuzzy
+#| msgid ""
+#| "This target allows to selectively work around known ECN blackholes. It "
+#| "can only be used in the mangle table."
+msgid ""
+"This target allows to selectively work around broken/old applications. It "
+"can only be used in the mangle table."
+msgstr ""
+"このターゲットは ECN ブラックホール問題への対処を可能にする。 mangle テーブル"
+"でのみ使用できる。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1940 original/man8/iptables.8:1861
+#, no-wrap
+msgid "B<--checksum-fill>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1946 original/man8/iptables.8:1867
+msgid ""
+"Compute and fill in the checksum in a packet that lacks a checksum. This is "
+"particularly useful, if you need to work around old applications such as "
+"dhcp clients, that do not work well with checksum offloads, but don't want "
+"to disable checksum offload in your device."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1946 original/man8/iptables.8:1867
+#, no-wrap
+msgid "CLASSIFY"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1948 original/man8/iptables.8:1869
+msgid ""
+"This module allows you to set the skb-E<gt>priority value (and thus classify "
+"the packet into a specific CBQ class)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1948 original/man8/iptables.8:1869
+#, fuzzy, no-wrap
+#| msgid "B<--set-mark >I<mark>"
+msgid "B<--set-class> I<major>B<:>I<minor>"
+msgstr "B<--set-mark >I<mark>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1952 original/man8/iptables.8:1873
+msgid ""
+"Set the major and minor class value. The values are always interpreted as "
+"hexadecimal even if no 0x prefix is given."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:1952 original/man8/iptables.8:1898
+#, fuzzy, no-wrap
+#| msgid "MARK"
+msgid "CONNMARK"
+msgstr "MARK"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1955 original/man8/iptables.8:1901
+#, fuzzy
+#| msgid ""
+#| "This is used to set the netfilter mark value associated with the packet. "
+#| "It is only valid in the B<mangle> table."
+msgid ""
+"This module sets the netfilter mark value associated with a connection. The "
+"mark is 32 bits wide."
+msgstr ""
+"パケットに関連づけられた netfilter の mark 値を指定する。 B<mangle> テーブル"
+"のみで有効である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:1955 original/man8/ip6tables.8:2138
+#: original/man8/iptables.8:1901 original/man8/iptables.8:2114
+#, fuzzy, no-wrap
+#| msgid "B<--mark >I<value>[/I<mask>]"
+msgid "B<--set-xmark> I<value>[B</>I<mask>]"
+msgstr "B<--mark >I<value>[/I<mask>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1958 original/man8/iptables.8:1904
+msgid "Zero out the bits given by I<mask> and XOR I<value> into the ctmark."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1958 original/man8/iptables.8:1904
+#, no-wrap
+msgid "B<--save-mark> [B<--nfmask> I<nfmask>] [B<--ctmask> I<ctmask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1962 original/man8/iptables.8:1908
+msgid ""
+"Copy the packet mark (nfmark) to the connection mark (ctmark) using the "
+"given masks. The new nfmark value is determined as follows:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1964 original/man8/iptables.8:1910
+msgid "ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1968 original/man8/iptables.8:1914
+msgid ""
+"i.e. I<ctmask> defines what bits to clear and I<nfmask> what bits of the "
+"nfmark to XOR into the ctmark. I<ctmask> and I<nfmask> default to 0xFFFFFFFF."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1968 original/man8/iptables.8:1914
+#, no-wrap
+msgid "B<--restore-mark> [B<--nfmask> I<nfmask>] [B<--ctmask> I<ctmask>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1972 original/man8/iptables.8:1918
+msgid ""
+"Copy the connection mark (ctmark) to the packet mark (nfmark) using the "
+"given masks. The new ctmark value is determined as follows:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1974 original/man8/iptables.8:1920
+msgid "nfmark = (nfmark & ~I<nfmask>) ^ (ctmark & I<ctmask>);"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1978 original/man8/iptables.8:1924
+msgid ""
+"i.e. I<nfmask> defines what bits to clear and I<ctmask> what bits of the "
+"ctmark to XOR into the nfmark. I<ctmask> and I<nfmask> default to 0xFFFFFFFF."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1980 original/man8/iptables.8:1926
+msgid "B<--restore-mark> is only valid in the B<mangle> table."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1982 original/man8/iptables.8:1928
+msgid "The following mnemonics are available for B<--set-xmark>:"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1982 original/man8/ip6tables.8:2148
+#: original/man8/iptables.8:1928 original/man8/iptables.8:2124
+#, fuzzy, no-wrap
+#| msgid "B<--set-mark >I<mark>"
+msgid "B<--and-mark> I<bits>"
+msgstr "B<--set-mark >I<mark>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1986 original/man8/iptables.8:1932
+msgid ""
+"Binary AND the ctmark with I<bits>. (Mnemonic for B<--set-xmark 0/"
+">I<invbits>, where I<invbits> is the binary negation of I<bits>.)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1986 original/man8/ip6tables.8:2152
+#: original/man8/iptables.8:1932 original/man8/iptables.8:2128
+#, fuzzy, no-wrap
+#| msgid "B<--set-mark >I<mark>"
+msgid "B<--or-mark> I<bits>"
+msgstr "B<--set-mark >I<mark>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1990 original/man8/iptables.8:1936
+msgid ""
+"Binary OR the ctmark with I<bits>. (Mnemonic for B<--set-xmark> I<bits>B</"
+">I<bits>.)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1990 original/man8/ip6tables.8:2156
+#: original/man8/iptables.8:1936 original/man8/iptables.8:2132
+#, fuzzy, no-wrap
+#| msgid "B<--set-mark >I<mark>"
+msgid "B<--xor-mark> I<bits>"
+msgstr "B<--set-mark >I<mark>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1994 original/man8/iptables.8:1940
+msgid ""
+"Binary XOR the ctmark with I<bits>. (Mnemonic for B<--set-xmark> "
+"I<bits>B</0>.)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1994 original/man8/ip6tables.8:2142
+#: original/man8/iptables.8:1940 original/man8/iptables.8:2118
+#, fuzzy, no-wrap
+#| msgid "B<--mark >I<value>[/I<mask>]"
+msgid "B<--set-mark> I<value>[B</>I<mask>]"
+msgstr "B<--mark >I<value>[/I<mask>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:1998 original/man8/iptables.8:1944
+msgid ""
+"Set the connection mark. If a mask is specified then only those bits set in "
+"the mask are modified."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:1998 original/man8/iptables.8:1944
+#, fuzzy, no-wrap
+#| msgid "B<--set-mark >I<mark>"
+msgid "B<--save-mark> [B<--mask> I<mask>]"
+msgstr "B<--set-mark >I<mark>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2002 original/man8/iptables.8:1948
+msgid ""
+"Copy the nfmark to the ctmark. If a mask is specified, only those bits are "
+"copied."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2002 original/man8/iptables.8:1948
+#, fuzzy, no-wrap
+#| msgid "B<--set-mark >I<mark>"
+msgid "B<--restore-mark> [B<--mask> I<mask>]"
+msgstr "B<--set-mark >I<mark>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2006 original/man8/iptables.8:1952
+#, fuzzy
+#| msgid ""
+#| "This is used to set the netfilter mark value associated with the packet. "
+#| "It is only valid in the B<mangle> table."
+msgid ""
+"Copy the ctmark to the nfmark. If a mask is specified, only those bits are "
+"copied. This is only valid in the B<mangle> table."
+msgstr ""
+"パケットに関連づけられた netfilter の mark 値を指定する。 B<mangle> テーブル"
+"のみで有効である。"
+
+#. type: SS
+#: original/man8/ip6tables.8:2006 original/man8/iptables.8:1952
+#, no-wrap
+msgid "CONNSECMARK"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2016 original/man8/iptables.8:1962
+msgid ""
+"This module copies security markings from packets to connections (if "
+"unlabeled), and from connections back to packets (also only if unlabeled). "
+"Typically used in conjunction with SECMARK, it is valid in the B<security> "
+"table (for backwards compatibility with older kernels, it is also valid in "
+"the B<mangle> table)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2016 original/man8/iptables.8:1962
+#, no-wrap
+msgid "B<--save>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2020 original/man8/iptables.8:1966
+msgid ""
+"If the packet has a security marking, copy it to the connection if the "
+"connection is not marked."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2020 original/man8/iptables.8:1966
+#, no-wrap
+msgid "B<--restore>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2024 original/man8/iptables.8:1970
+msgid ""
+"If the packet does not have a security marking, and the connection does, "
+"copy the security marking from the connection to the packet."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2025 original/man8/iptables.8:1971
+#, no-wrap
+msgid "CT"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2030 original/man8/iptables.8:1976
+msgid ""
+"The CT target allows to set parameters for a packet or its associated "
+"connection. The target attaches a \"template\" connection tracking entry to "
+"the packet, which is then used by the conntrack core when initializing a new "
+"ct entry. This target is thus only valid in the \"raw\" table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2030 original/man8/iptables.8:1976
+#, no-wrap
+msgid "B<--notrack>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2033 original/man8/iptables.8:1979
+msgid "Disables connection tracking for this packet."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2033 original/man8/iptables.8:1979
+#, fuzzy, no-wrap
+#| msgid "B<--helper >I<string>"
+msgid "B<--helper> I<name>"
+msgstr "B<--helper >I<string>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2037 original/man8/iptables.8:1983
+msgid ""
+"Use the helper identified by I<name> for the connection. This is more "
+"flexible than loading the conntrack helper modules with preset ports."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2037 original/man8/iptables.8:1983
+#, no-wrap
+msgid "B<--ctevents> I<event>[B<,>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2043 original/man8/iptables.8:1989
+msgid ""
+"Only generate the specified conntrack events for this connection. Possible "
+"event types are: B<new>, B<related>, B<destroy>, B<reply>, B<assured>, "
+"B<protoinfo>, B<helper>, B<mark> (this refers to the ctmark, not nfmark), "
+"B<natseqinfo>, B<secmark> (ctsecmark)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2043 original/man8/iptables.8:1989
+#, no-wrap
+msgid "B<--expevents> I<event>[B<,>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2047 original/man8/iptables.8:1993
+msgid ""
+"Only generate the specified expectation events for this connection. "
+"Possible event types are: B<new>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2047 original/man8/iptables.8:1993
+#, fuzzy, no-wrap
+#| msgid "B<--uid-owner >I<userid>"
+msgid "B<--zone> I<id>"
+msgstr "B<--uid-owner >I<userid>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2051 original/man8/iptables.8:1997
+msgid ""
+"Assign this packet to zone I<id> and only have lookups done in that zone. "
+"By default, packets have zone 0."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2051 original/man8/iptables.8:2037
+#, no-wrap
+msgid "DSCP"
+msgstr "DSCP"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2055 original/man8/iptables.8:2041
+msgid ""
+"This target allows to alter the value of the DSCP bits within the TOS header "
+"of the IPv4 packet. As this manipulates a packet, it can only be used in "
+"the mangle table."
+msgstr ""
+"このターゲットは、IPv4 パケットの TOS ヘッダーにある DSCP ビットの値の書き換"
+"えを可能にする。 これはパケットを操作するので、mangle テーブルでのみ使用でき"
+"る。"
+
+#. type: TP
+#: original/man8/ip6tables.8:2055 original/man8/iptables.8:2041
+#, fuzzy, no-wrap
+#| msgid "B<--set-dscp >I<value>"
+msgid "B<--set-dscp> I<value>"
+msgstr "B<--set-dscp >I<value>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2058 original/man8/iptables.8:2044
+msgid "Set the DSCP field to a numerical value (can be decimal or hex)"
+msgstr "DSCP フィールドの数値を設定する (10 進または 16 進)。"
+
+#. type: TP
+#: original/man8/ip6tables.8:2058 original/man8/iptables.8:2044
+#, fuzzy, no-wrap
+#| msgid "B<--set-dscp-class >I<class>"
+msgid "B<--set-dscp-class> I<class>"
+msgstr "B<--set-dscp-class >I<class>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2061 original/man8/iptables.8:2047
+msgid "Set the DSCP field to a DiffServ class."
+msgstr "DSCP フィールドの DiffServ クラスを設定する。"
+
+#. type: SS
+#: original/man8/ip6tables.8:2061
+#, no-wrap
+msgid "HL"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2068
+msgid ""
+"This is used to modify the Hop Limit field in IPv6 header. The Hop Limit "
+"field is similar to what is known as TTL value in IPv4. Setting or "
+"incrementing the Hop Limit field can potentially be very dangerous, so it "
+"should be avoided at any cost. This target is only valid in B<mangle> table."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2070 original/man8/iptables.8:2564
+msgid ""
+"B<Don't ever set or increment the value on packets that leave your local "
+"network!>"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2070
+#, fuzzy, no-wrap
+#| msgid "B<--set-mss >I<value>"
+msgid "B<--hl-set> I<value>"
+msgstr "B<--set-mss >I<value>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2073
+msgid "Set the Hop Limit to `value'."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2073
+#, fuzzy, no-wrap
+#| msgid "B<--dscp >I<value>"
+msgid "B<--hl-dec> I<value>"
+msgstr "B<--dscp >I<value>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2076
+msgid "Decrement the Hop Limit `value' times."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2076
+#, fuzzy, no-wrap
+#| msgid "B<--dscp >I<value>"
+msgid "B<--hl-inc> I<value>"
+msgstr "B<--dscp >I<value>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2079
+msgid "Increment the Hop Limit `value' times."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2079 original/man8/iptables.8:2055
+#, no-wrap
+msgid "IDLETIMER"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2088 original/man8/iptables.8:2064
+msgid ""
+"This target can be used to identify when interfaces have been idle for a "
+"certain period of time. Timers are identified by labels and are created "
+"when a rule is set with a new label. The rules also take a timeout value "
+"(in seconds) as an option. If more than one rule uses the same timer label, "
+"the timer will be restarted whenever any of the rules get a hit. One entry "
+"for each timer is created in sysfs. This attribute contains the timer "
+"remaining for the timer to expire. The attributes are located under the "
+"xt_idletimer class:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2090 original/man8/iptables.8:2066
+msgid "/sys/class/xt_idletimer/timers/E<lt>labelE<gt>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2093 original/man8/iptables.8:2069
+msgid ""
+"When the timer expires, the target module sends a sysfs notification to the "
+"userspace, which can then decide what to do (eg. disconnect to save power)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2093 original/man8/iptables.8:2069
+#, fuzzy, no-wrap
+#| msgid "B<--limit >I<rate>"
+msgid "B<--timeout> I<amount>"
+msgstr "B<--limit >I<rate>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2096 original/man8/iptables.8:2072
+msgid "This is the time in seconds that will trigger the notification."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2096 original/man8/iptables.8:2072
+#, fuzzy, no-wrap
+#| msgid "B<--helper >I<string>"
+msgid "B<--label> I<string>"
+msgstr "B<--helper >I<string>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2100 original/man8/iptables.8:2076
+msgid ""
+"This is a unique identifier for the timer. The maximum length for the label "
+"string is 27 characters."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2100 original/man8/iptables.8:2076
+#, no-wrap
+msgid "LOG"
+msgstr "LOG"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2112
+msgid ""
+"Turn on kernel logging of matching packets. When this option is set for a "
+"rule, the Linux kernel will print some information on all matching packets "
+"(like most IPv6 IPv6-header fields) via the kernel log (where it can be read "
+"with I<dmesg> or I<syslogd>(8)). This is a \"non-terminating target\", i.e. "
+"rule traversal continues at the next rule. So if you want to LOG the "
+"packets you refuse, use two separate rules with the same matching criteria, "
+"first using target LOG then DROP (or REJECT)."
+msgstr ""
+"マッチしたパケットをカーネルログに記録する。 このオプションがルールに対して設"
+"定されると、 Linux カーネルはマッチしたパケットについての (IPv6 における大部"
+"分の IPv6 ヘッダフィールドのような) 何らかの情報を カーネルログに表示する "
+"(カーネルログは I<dmesg> または I<syslogd>(8) で見ることができる)。 これは"
+"「非終了タ ーゲット」である。 すなわち、ルールの検討は、次のルールへと継続さ"
+"れる。 よって、拒否するパケットをログ記録したければ、 同じマッチング判断基準"
+"を持つ 2 つのルールを使用し、 最初のルールで LOG ターゲットを、 次のルールで "
+"DROP (または REJECT) ターゲットを指定する。"
+
+#. type: TP
+#: original/man8/ip6tables.8:2112 original/man8/iptables.8:2088
+#, fuzzy, no-wrap
+#| msgid "B<--log-level >I<level>"
+msgid "B<--log-level> I<level>"
+msgstr "B<--log-level >I<level>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2115 original/man8/iptables.8:2091
+msgid "Level of logging (numeric or see I<syslog.conf>(5))."
+msgstr ""
+"ログ記録のレベル (数値て指定するか、(名前で指定する場合は)\n"
+"I<syslog.conf>(5) を参照すること)。"
+
+#. type: TP
+#: original/man8/ip6tables.8:2115 original/man8/iptables.8:2091
+#, fuzzy, no-wrap
+#| msgid "B<--log-prefix >I<prefix>"
+msgid "B<--log-prefix> I<prefix>"
+msgstr "B<--log-prefix >I<prefix>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2119 original/man8/iptables.8:2095
+msgid ""
+"Prefix log messages with the specified prefix; up to 29 letters long, and "
+"useful for distinguishing messages in the logs."
+msgstr ""
+"指定したプレフィックスをログメッセージの前に付ける。\n"
+"プレフィックスは 29 文字までの長さで、\n"
+"ログの中でメッセージを区別するのに役立つ。"
+
+#. type: TP
+#: original/man8/ip6tables.8:2119 original/man8/iptables.8:2095
+#, no-wrap
+msgid "B<--log-tcp-sequence>"
+msgstr "B<--log-tcp-sequence>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2123 original/man8/iptables.8:2099
+msgid ""
+"Log TCP sequence numbers. This is a security risk if the log is readable by "
+"users."
+msgstr ""
+"TCP シーケンス番号をログに記録する。 ログがユーザーから読める場合、セキュリ"
+"ティ上の危険がある。"
+
+#. type: TP
+#: original/man8/ip6tables.8:2123 original/man8/iptables.8:2099
+#, no-wrap
+msgid "B<--log-tcp-options>"
+msgstr "B<--log-tcp-options>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2126 original/man8/iptables.8:2102
+msgid "Log options from the TCP packet header."
+msgstr "TCP パケットヘッダのオプションをログに記録する。"
+
+#. type: TP
+#: original/man8/ip6tables.8:2126 original/man8/iptables.8:2102
+#, no-wrap
+msgid "B<--log-ip-options>"
+msgstr "B<--log-ip-options>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2129
+msgid "Log options from the IPv6 packet header."
+msgstr "IPv6 パケットヘッダのオプションをログに記録する。"
+
+#. type: TP
+#: original/man8/ip6tables.8:2129 original/man8/iptables.8:2105
+#, fuzzy, no-wrap
+#| msgid "B<--log-ip-options>"
+msgid "B<--log-uid>"
+msgstr "B<--log-ip-options>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2132 original/man8/iptables.8:2108
+msgid "Log the userid of the process which generated the packet."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2132 original/man8/iptables.8:2108
+#, no-wrap
+msgid "MARK"
+msgstr "MARK"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2138 original/man8/iptables.8:2114
+msgid ""
+"This target is used to set the Netfilter mark value associated with the "
+"packet. It can, for example, be used in conjunction with routing based on "
+"fwmark (needs iproute2). If you plan on doing so, note that the mark needs "
+"to be set in the PREROUTING chain of the mangle table to affect routing. "
+"The mark field is 32 bits wide."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2142 original/man8/iptables.8:2118
+msgid ""
+"Zeroes out the bits given by I<mask> and XORs I<value> into the packet mark "
+"(\"nfmark\"). If I<mask> is omitted, 0xFFFFFFFF is assumed."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2146 original/man8/iptables.8:2122
+msgid ""
+"Zeroes out the bits given by I<mask> and ORs I<value> into the packet mark. "
+"If I<mask> is omitted, 0xFFFFFFFF is assumed."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2148 original/man8/ip6tables.8:2385
+#: original/man8/iptables.8:2124 original/man8/iptables.8:2496
+msgid "The following mnemonics are available:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2152 original/man8/iptables.8:2128
+msgid ""
+"Binary AND the nfmark with I<bits>. (Mnemonic for B<--set-xmark 0/"
+">I<invbits>, where I<invbits> is the binary negation of I<bits>.)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2156 original/man8/iptables.8:2132
+msgid ""
+"Binary OR the nfmark with I<bits>. (Mnemonic for B<--set-xmark> I<bits>B</"
+">I<bits>.)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2160 original/man8/iptables.8:2136
+msgid ""
+"Binary XOR the nfmark with I<bits>. (Mnemonic for B<--set-xmark> "
+"I<bits>B</0>.)"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2160 original/man8/iptables.8:2190
+#, no-wrap
+msgid "NFLOG"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2170 original/man8/iptables.8:2200
+#, fuzzy
+#| msgid ""
+#| "This target provides userspace logging of matching packets. When this "
+#| "target is set for a rule, the Linux kernel will multicast this packet "
+#| "through a I<netlink> socket. One or more userspace processes may then "
+#| "subscribe to various multicast groups and receive the packets. Like LOG, "
+#| "this is a \"non-terminating target\", i.e. rule traversal continues at "
+#| "the next rule."
+msgid ""
+"This target provides logging of matching packets. When this target is set "
+"for a rule, the Linux kernel will pass the packet to the loaded logging "
+"backend to log the packet. This is usually used in combination with "
+"nfnetlink_log as logging backend, which will multicast the packet through a "
+"I<netlink> socket to the specified multicast group. One or more userspace "
+"processes may subscribe to the group to receive the packets. Like LOG, this "
+"is a non-terminating target, i.e. rule traversal continues at the next rule."
+msgstr ""
+"このターゲットは、マッチしたパケットを ユーザー空間でログ記録する機能を提供す"
+"る。 このターゲットがルールに設定されると、 Linux カーネルは、そのパケットを "
+"I<netlink> ソケットを用いてマルチキャストする。 そして、1 つ以上のユーザー空"
+"間プロセスが いろいろなマルチキャストグループに登録をおこない、 パケットを受"
+"信する。 LOG と同様、これは \"非終了ターゲット\" であり、 ルールの検討は次の"
+"ルールへと継続される。"
+
+#. type: TP
+#: original/man8/ip6tables.8:2170 original/man8/iptables.8:2200
+#, fuzzy, no-wrap
+#| msgid "B<--ulog-nlgroup >I<nlgroup>"
+msgid "B<--nflog-group> I<nlgroup>"
+msgstr "B<--ulog-nlgroup >I<nlgroup>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2174 original/man8/iptables.8:2204
+#, fuzzy
+#| msgid ""
+#| "This specifies the netlink group (1-32) to which the packet is sent. "
+#| "Default value is 1."
+msgid ""
+"The netlink group (0 - 2^16-1) to which packets are (only applicable for "
+"nfnetlink_log). The default value is 0."
+msgstr ""
+"パケットを送信する netlink グループ (1-32) を指定する。 デフォルトの値は 1 で"
+"ある。"
+
+#. type: TP
+#: original/man8/ip6tables.8:2174 original/man8/iptables.8:2204
+#, fuzzy, no-wrap
+#| msgid "B<--log-prefix >I<prefix>"
+msgid "B<--nflog-prefix> I<prefix>"
+msgstr "B<--log-prefix >I<prefix>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2178 original/man8/iptables.8:2208
+#, fuzzy
+#| msgid ""
+#| "Prefix log messages with the specified prefix; up to 32 characters long, "
+#| "and useful for distinguishing messages in the logs."
+msgid ""
+"A prefix string to include in the log message, up to 64 characters long, "
+"useful for distinguishing messages in the logs."
+msgstr ""
+"指定したプレフィックスをログメッセージの前に付ける。 32 文字までの指定でき"
+"る。 ログの中でメッセージを区別するのに便利である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:2178 original/man8/iptables.8:2208
+#, fuzzy, no-wrap
+#| msgid "B<--ulog-cprange >I<size>"
+msgid "B<--nflog-range> I<size>"
+msgstr "B<--ulog-cprange >I<size>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2183 original/man8/iptables.8:2213
+msgid ""
+"The number of bytes to be copied to userspace (only applicable for "
+"nfnetlink_log). nfnetlink_log instances may specify their own range, this "
+"option overrides it."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2183 original/man8/iptables.8:2213
+#, fuzzy, no-wrap
+#| msgid "B<--ulog-qthreshold >I<size>"
+msgid "B<--nflog-threshold> I<size>"
+msgstr "B<--ulog-qthreshold >I<size>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2190 original/man8/iptables.8:2220
+msgid ""
+"Number of packets to queue inside the kernel before sending them to "
+"userspace (only applicable for nfnetlink_log). Higher values result in less "
+"overhead per packet, but increase delay until the packets reach userspace. "
+"The default value is 1."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2190 original/man8/iptables.8:2220
+#, no-wrap
+msgid "NFQUEUE"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2200 original/man8/iptables.8:2230
+msgid ""
+"This target is an extension of the QUEUE target. As opposed to QUEUE, it "
+"allows you to put a packet into any specific queue, identified by its 16-bit "
+"queue number. It can only be used with Kernel versions 2.6.14 or later, "
+"since it requires the B<nfnetlink_queue> kernel support. The B<queue-"
+"balance> option was added in Linux 2.6.31, B<queue-bypass> in 2.6.39."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2200 original/man8/iptables.8:2230
+#, fuzzy, no-wrap
+#| msgid "B<--set-mss >I<value>"
+msgid "B<--queue-num> I<value>"
+msgstr "B<--set-mss >I<value>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2203 original/man8/iptables.8:2233
+msgid ""
+"This specifies the QUEUE number to use. Valid queue numbers are 0 to 65535. "
+"The default value is 0."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2204 original/man8/iptables.8:2234
+#, fuzzy, no-wrap
+#| msgid "B<--mss >I<value>[:I<value>]"
+msgid "B<--queue-balance> I<value>B<:>I<value>"
+msgstr "B<--mss >I<value>[:I<value>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2210 original/man8/iptables.8:2240
+msgid ""
+"This specifies a range of queues to use. Packets are then balanced across "
+"the given queues. This is useful for multicore systems: start multiple "
+"instances of the userspace program on queues x, x+1, .. x+n and use \"--"
+"queue-balance I<x>B<:>I<x+n>\". Packets belonging to the same connection "
+"are put into the same nfqueue."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2211 original/man8/iptables.8:2241
+#, no-wrap
+msgid "B<--queue-bypass>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2216 original/man8/iptables.8:2246
+msgid ""
+"By default, if no userspace program is listening on an NFQUEUE, then all "
+"packets that are to be queued are dropped. When this option is used, the "
+"NFQUEUE rule is silently bypassed instead. The packet will move on to the "
+"next rule."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2216 original/man8/iptables.8:2246
+#, no-wrap
+msgid "NOTRACK"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2218 original/man8/iptables.8:2248
+msgid ""
+"This target disables connection tracking for all packets matching that rule."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2222 original/man8/ip6tables.8:2442
+#: original/man8/iptables.8:2252 original/man8/iptables.8:2553
+msgid "It can only be used in the B<raw> table."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2222 original/man8/iptables.8:2252
+#, no-wrap
+msgid "RATEEST"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2225 original/man8/iptables.8:2255
+msgid ""
+"The RATEEST target collects statistics, performs rate estimation calculation "
+"and saves the results for later evaluation using the B<rateest> match."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2225 original/man8/iptables.8:2255
+#, fuzzy, no-wrap
+#| msgid "B<--ctstate >I<state>"
+msgid "B<--rateest-name> I<name>"
+msgstr "B<--ctstate >I<state>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2229 original/man8/iptables.8:2259
+msgid ""
+"Count matched packets into the pool referred to by I<name>, which is freely "
+"choosable."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2229 original/man8/iptables.8:2259
+#, no-wrap
+msgid "B<--rateest-interval> I<amount>{B<s>|B<ms>|B<us>}"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2232 original/man8/iptables.8:2262
+msgid "Rate measurement interval, in seconds, milliseconds or microseconds."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2232 original/man8/iptables.8:2262
+#, fuzzy, no-wrap
+#| msgid "B<--set-mss >I<value>"
+msgid "B<--rateest-ewmalog> I<value>"
+msgstr "B<--set-mss >I<value>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2235 original/man8/iptables.8:2265
+msgid "Rate measurement averaging time constant."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2235 original/man8/iptables.8:2291
+#, no-wrap
+msgid "REJECT"
+msgstr "REJECT"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2248 original/man8/iptables.8:2304
+msgid ""
+"This is used to send back an error packet in response to the matched packet: "
+"otherwise it is equivalent to B<DROP> so it is a terminating TARGET, ending "
+"rule traversal. This target is only valid in the B<INPUT>, B<FORWARD> and "
+"B<OUTPUT> chains, and user-defined chains which are only called from those "
+"chains. The following option controls the nature of the error packet "
+"returned:"
+msgstr ""
+"マッチしたパケットの応答としてエラーパケットを送信するために使われる。\n"
+"エラーパケットを送らなければ、 B<DROP> と同じであり、TARGET を終了し、\n"
+"ルールの検討を終了する。 このターゲットは、 B<INPUT>, B<FORWARD>,\n"
+"B<OUTPUT> チェインと、これらのチェインから呼ばれる ユーザー定義チェイン\n"
+"だけで有効である。以下のオプションは、返されるエラーパケットの特性を\n"
+"制御する。"
+
+#. type: TP
+#: original/man8/ip6tables.8:2248 original/man8/iptables.8:2304
+#, fuzzy, no-wrap
+#| msgid "B<--reject-with >I<type>"
+msgid "B<--reject-with> I<type>"
+msgstr "B<--reject-with >I<type>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2269
+#, fuzzy
+#| msgid ""
+#| "which return the appropriate IPv6-ICMP error message (B<port-unreach> is "
+#| "the default). Finally, the option B<tcp-reset> can be used on rules which "
+#| "only match the TCP protocol: this causes a TCP RST packet to be sent "
+#| "back. This is mainly useful for blocking I<ident> (113/tcp) probes which "
+#| "frequently occur when sending mail to broken mail hosts (which won't "
+#| "accept your mail otherwise)."
+msgid ""
+"The type given can be B<icmp6-no-route>, B<no-route>, B<icmp6-adm-"
+"prohibited>, B<adm-prohibited>, B<icmp6-addr-unreachable>, B<addr-unreach>, "
+"B<icmp6-port-unreachable> or B<port-unreach> which return the appropriate "
+"ICMPv6 error message (B<port-unreach> is the default). Finally, the option "
+"B<tcp-reset> can be used on rules which only match the TCP protocol: this "
+"causes a TCP RST packet to be sent back. This is mainly useful for blocking "
+"I<ident> (113/tcp) probes which frequently occur when sending mail to broken "
+"mail hosts (which won't accept your mail otherwise). B<tcp-reset> can only "
+"be used with kernel versions 2.6.14 or later."
+msgstr ""
+"であり、適切な IPv6-ICMP エラーメッセージを返す (B<port-unreach> がデフォルト"
+"である)。 さらに、TCP プロトコルにのみマッチするルールに対して、オプション "
+"B<tcp-reset> を使うことができる。 このオプションを使うと、TCP RST パケットが"
+"送り返される。 主として I<ident> (113/tcp) による探査を阻止するのに役立つ。 "
+"I<ident> による探査は、壊れている (メールを受け取らない) メールホストに メー"
+"ルが送られる場合に頻繁に起こる。"
+
+#. type: SS
+#: original/man8/ip6tables.8:2269 original/man8/iptables.8:2342
+#, fuzzy, no-wrap
+#| msgid "MARK"
+msgid "SECMARK"
+msgstr "MARK"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2278 original/man8/iptables.8:2351
+msgid ""
+"This is used to set the security mark value associated with the packet for "
+"use by security subsystems such as SELinux. It is valid in the B<security> "
+"table (for backwards compatibility with older kernels, it is also valid in "
+"the B<mangle> table). The mark is 32 bits wide."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2278 original/man8/iptables.8:2351
+#, no-wrap
+msgid "B<--selctx> I<security_context>"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2280 original/man8/iptables.8:2353
+#, no-wrap
+msgid "SET"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2283 original/man8/iptables.8:2356
+msgid ""
+"This modules adds and/or deletes entries from IP sets which can be defined "
+"by ipset(8)."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2283 original/man8/iptables.8:2356
+#, no-wrap
+msgid "B<--add-set> I<setname> I<flag>[B<,>I<flag>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2286 original/man8/iptables.8:2359
+msgid "add the address(es)/port(s) of the packet to the sets"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2286 original/man8/iptables.8:2359
+#, no-wrap
+msgid "B<--del-set> I<setname> I<flag>[B<,>I<flag>...]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2289 original/man8/iptables.8:2362
+msgid "delete the address(es)/port(s) of the packet from the sets"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2295 original/man8/iptables.8:2368
+msgid ""
+"where flags are B<src> and/or B<dst> specifications and there can be no more "
+"than six of them."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2295 original/man8/iptables.8:2368
+#, fuzzy, no-wrap
+#| msgid "B<--set-mss >I<value>"
+msgid "B<--timeout> I<value>"
+msgstr "B<--set-mss >I<value>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2299 original/man8/iptables.8:2372
+msgid ""
+"when adding entry, the timeout value to use instead of the default one from "
+"the set definition"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2299 original/man8/iptables.8:2372
+#, fuzzy, no-wrap
+#| msgid "B<-x, --exact>"
+msgid "B<--exist>"
+msgstr "B<-x, --exact>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2303 original/man8/iptables.8:2376
+msgid ""
+"when adding entry if it already exists, reset the timeout value to the "
+"specified one or to the default from the set definition"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2306 original/man8/iptables.8:2379
+msgid ""
+"Use of -j SET requires that ipset kernel support is provided, which, for "
+"standard kernels, is the case since Linux 2.6.39."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2306 original/man8/iptables.8:2417
+#, no-wrap
+msgid "TCPMSS"
+msgstr "TCPMSS"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2313 original/man8/iptables.8:2424
+#, fuzzy
+#| msgid ""
+#| "This target allows to alter the MSS value of TCP SYN packets, to control "
+#| "the maximum size for that connection (usually limiting it to your "
+#| "outgoing interface's MTU minus 40). Of course, it can only be used in "
+#| "conjunction with B<-p tcp>."
+msgid ""
+"This target allows to alter the MSS value of TCP SYN packets, to control the "
+"maximum size for that connection (usually limiting it to your outgoing "
+"interface's MTU minus 40 for IPv4 or 60 for IPv6, respectively). Of course, "
+"it can only be used in conjunction with B<-p tcp>."
+msgstr ""
+"このターゲットを用いると、TCP の SYN パケットの MSS 値を書き換え、 そのコネク"
+"ションの最大サイズ (通常は、送信インターフェースの MTU から 40 引いた値) を"
+"制御できる。 もちろん B<-p tcp> と組み合わせてしか使えない。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2320 original/man8/iptables.8:2431
+#, fuzzy
+#| msgid ""
+#| "This target is used to overcome criminally braindead ISPs or servers "
+#| "which block ICMP Fragmentation Needed packets. The symptoms of this "
+#| "problem are that everything works fine from your Linux firewall/router, "
+#| "but machines behind it can never exchange large packets:"
+msgid ""
+"This target is used to overcome criminally braindead ISPs or servers which "
+"block \"ICMP Fragmentation Needed\" or \"ICMPv6 Packet Too Big\" packets. "
+"The symptoms of this problem are that everything works fine from your Linux "
+"firewall/router, but machines behind it can never exchange large packets:"
+msgstr ""
+"このターゲットは犯罪的に頭のいかれた ISP や ICMP Fragmentation Needed パケッ"
+"トをブロックしてしまうサーバーを 乗り越えるために使用する。 Linux ファイア"
+"ウォール/ルーターでは何も問題がないのに、 そこにぶら下がるマシンでは以下のよ"
+"うに大きなパケットを やりとりできないというのが、この問題の兆候である。"
+
+#. type: IP
+#: original/man8/ip6tables.8:2320 original/man8/iptables.8:2431
+#, no-wrap
+msgid "1."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2322 original/man8/iptables.8:2433
+msgid "Web browsers connect, then hang with no data received."
+msgstr "ウェブ・ブラウザで接続が、何のデータも受け取らずにハングする"
+
+#. type: IP
+#: original/man8/ip6tables.8:2322 original/man8/iptables.8:2433
+#, no-wrap
+msgid "2."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2324 original/man8/iptables.8:2435
+msgid "Small mail works fine, but large emails hang."
+msgstr "短いメールは問題ないが、長いメールがハングする"
+
+#. type: IP
+#: original/man8/ip6tables.8:2324 original/man8/iptables.8:2435
+#, no-wrap
+msgid "3."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2326 original/man8/iptables.8:2437
+msgid "ssh works fine, but scp hangs after initial handshaking."
+msgstr "ssh は問題ないが、scp は最初のハンドシェーク後にハングする"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2329 original/man8/iptables.8:2440
+msgid ""
+"Workaround: activate this option and add a rule to your firewall "
+"configuration like:"
+msgstr ""
+"回避方法: このオプションを有効にし、以下のようなルールを ファイアウォールの設"
+"定に追加する。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2332 original/man8/iptables.8:2443
+#, fuzzy, no-wrap
+#| msgid ""
+#| " iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\e\n"
+#| " -j TCPMSS --clamp-mss-to-pmtu\n"
+msgid ""
+" iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN\n"
+" -j TCPMSS --clamp-mss-to-pmtu\n"
+msgstr ""
+" iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\e\n"
+" -j TCPMSS --clamp-mss-to-pmtu\n"
+
+#. type: TP
+#: original/man8/ip6tables.8:2332 original/man8/iptables.8:2443
+#, fuzzy, no-wrap
+#| msgid "B<--set-mss >I<value>"
+msgid "B<--set-mss> I<value>"
+msgstr "B<--set-mss >I<value>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2337 original/man8/iptables.8:2448
+msgid ""
+"Explicitly sets MSS option to specified value. If the MSS of the packet is "
+"already lower than I<value>, it will B<not> be increased (from Linux 2.6.25 "
+"onwards) to avoid more problems with hosts relying on a proper MSS."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2337 original/man8/iptables.8:2448
+#, no-wrap
+msgid "B<--clamp-mss-to-pmtu>"
+msgstr "B<--clamp-mss-to-pmtu>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2346 original/man8/iptables.8:2457
+msgid ""
+"Automatically clamp MSS value to (path_MTU - 40 for IPv4; -60 for IPv6). "
+"This may not function as desired where asymmetric routes with differing path "
+"MTU exist \\(em the kernel uses the path MTU which it would use to send "
+"packets from itself to the source and destination IP addresses. Prior to "
+"Linux 2.6.25, only the path MTU to the destination IP address was considered "
+"by this option; subsequent kernels also consider the path MTU to the source "
+"IP address."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2348 original/man8/iptables.8:2459
+msgid "These options are mutually exclusive."
+msgstr "これらのオプションはどちらか 1 つしか指定できない。"
+
+#. type: SS
+#: original/man8/ip6tables.8:2348 original/man8/iptables.8:2459
+#, no-wrap
+msgid "TCPOPTSTRIP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2351 original/man8/iptables.8:2462
+msgid ""
+"This target will strip TCP options off a TCP packet. (It will actually "
+"replace them by NO-OPs.) As such, you will need to add the B<-p tcp> "
+"parameters."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2351 original/man8/iptables.8:2462
+#, fuzzy, no-wrap
+#| msgid "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
+msgid "B<--strip-options> I<option>[B<,>I<option>...]"
+msgstr "B<--destination-ports >I<port>[,I<port>[,I<port>...]]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2356 original/man8/iptables.8:2467
+msgid ""
+"Strip the given option(s). The options may be specified by TCP option number "
+"or by symbolic name. The list of recognized options can be obtained by "
+"calling iptables with B<-j TCPOPTSTRIP -h>."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2356 original/man8/iptables.8:2467
+#, no-wrap
+msgid "TEE"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2361 original/man8/iptables.8:2472
+msgid ""
+"The B<TEE> target will clone a packet and redirect this clone to another "
+"machine on the B<local> network segment. In other words, the nexthop must be "
+"the target, or you will have to configure the nexthop to forward it further "
+"if so desired."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2361 original/man8/iptables.8:2472
+#, no-wrap
+msgid "B<--gateway> I<ipaddr>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2365 original/man8/iptables.8:2476
+msgid ""
+"Send the cloned packet to the host reachable at the given IP address. Use "
+"of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is invalid."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2367 original/man8/iptables.8:2478
+msgid ""
+"To forward all incoming traffic on eth0 to an Network Layer logging box:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2369 original/man8/iptables.8:2480
+msgid "-t mangle -A PREROUTING -i eth0 -j TEE --gateway 2001:db8::1"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2369 original/man8/iptables.8:2480
+#, no-wrap
+msgid "TOS"
+msgstr "TOS"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2374 original/man8/iptables.8:2485
+msgid ""
+"This module sets the Type of Service field in the IPv4 header (including the "
+"\"precedence\" bits) or the Priority field in the IPv6 header. Note that TOS "
+"shares the same bits as DSCP and ECN. The TOS target is only valid in the "
+"B<mangle> table."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2374 original/man8/iptables.8:2485
+#, fuzzy, no-wrap
+#| msgid "B<--mark >I<value>[/I<mask>]"
+msgid "B<--set-tos> I<value>[B</>I<mask>]"
+msgstr "B<--mark >I<value>[/I<mask>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2378 original/man8/iptables.8:2489
+msgid ""
+"Zeroes out the bits given by I<mask> (see NOTE below) and XORs I<value> into "
+"the TOS/Priority field. If I<mask> is omitted, 0xFF is assumed."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2378 original/man8/iptables.8:2489
+#, fuzzy, no-wrap
+#| msgid "B<--set-tos >I<tos>"
+msgid "B<--set-tos> I<symbol>"
+msgstr "B<--set-tos >I<tos>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2383 original/man8/iptables.8:2494
+msgid ""
+"You can specify a symbolic name when using the TOS target for IPv4. It "
+"implies a mask of 0xFF (see NOTE below). The list of recognized TOS names "
+"can be obtained by calling iptables with B<-j TOS -h>."
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2385 original/man8/iptables.8:2496
+#, fuzzy, no-wrap
+#| msgid "B<--tos >I<tos>"
+msgid "B<--and-tos> I<bits>"
+msgstr "B<--tos >I<tos>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2390 original/man8/iptables.8:2501
+msgid ""
+"Binary AND the TOS value with I<bits>. (Mnemonic for B<--set-tos 0/"
+">I<invbits>, where I<invbits> is the binary negation of I<bits>. See NOTE "
+"below.)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2390 original/man8/iptables.8:2501
+#, fuzzy, no-wrap
+#| msgid "B<--tos >I<tos>"
+msgid "B<--or-tos> I<bits>"
+msgstr "B<--tos >I<tos>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2394 original/man8/iptables.8:2505
+msgid ""
+"Binary OR the TOS value with I<bits>. (Mnemonic for B<--set-tos> I<bits>B</"
+">I<bits>. See NOTE below.)"
+msgstr ""
+
+#. type: TP
+#: original/man8/ip6tables.8:2394 original/man8/iptables.8:2505
+#, fuzzy, no-wrap
+#| msgid "B<--tos >I<tos>"
+msgid "B<--xor-tos> I<bits>"
+msgstr "B<--tos >I<tos>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2398 original/man8/iptables.8:2509
+msgid ""
+"Binary XOR the TOS value with I<bits>. (Mnemonic for B<--set-tos> "
+"I<bits>B</0>. See NOTE below.)"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2406 original/man8/iptables.8:2517
+msgid ""
+"NOTE: In Linux kernels up to and including 2.6.38, with the exception of "
+"longterm releases 2.6.32 (E<gt>=.42), 2.6.33 (E<gt>=.15), and 2.6.35 "
+"(E<gt>=.14), there is a bug whereby IPv6 TOS mangling does not behave as "
+"documented and differs from the IPv4 version. The TOS mask indicates the "
+"bits one wants to zero out, so it needs to be inverted before applying it to "
+"the original TOS field. However, the aformentioned kernels forgo the "
+"inversion which breaks --set-tos and its mnemonics."
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2406 original/man8/iptables.8:2517
+#, no-wrap
+msgid "TPROXY"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2413 original/man8/iptables.8:2524
+#, fuzzy
+#| msgid ""
+#| "This target is only valid in the B<nat> table, in the B<PREROUTING> and "
+#| "B<OUTPUT> chains, and user-defined chains which are only called from "
+#| "those chains. It alters the destination IP address to send the packet to "
+#| "the machine itself (locally-generated packets are mapped to the 127.0.0.1 "
+#| "address). It takes one option:"
+msgid ""
+"This target is only valid in the B<mangle> table, in the B<PREROUTING> chain "
+"and user-defined chains which are only called from this chain. It redirects "
+"the packet to a local socket without changing the packet header in any way. "
+"It can also change the mark value which can then be used in advanced routing "
+"rules. It takes three options:"
+msgstr ""
+"このターゲットは、 B<nat> テーブル内の B<PREROUTING> チェイン及び B<OUTPUT> "
+"チェイン、そしてこれらチェインから呼び出される ユーザー定義チェインでのみ有効"
+"である。 このターゲットはパケットの送信先 IP アドレスを マシン自身の IP アド"
+"レスに変換する。 (ローカルで生成されたパケットは、アドレス 127.0.0.1 にマップ"
+"される)。 このターゲットにはオプションが 1 つある:"
+
+#. type: TP
+#: original/man8/ip6tables.8:2413 original/man8/iptables.8:2524
+#, fuzzy, no-wrap
+#| msgid "B<--to-ports >I<port>[-I<port>]"
+msgid "B<--on-port> I<port>"
+msgstr "B<--to-ports >I<port>[-I<port>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2418 original/man8/iptables.8:2529
+#, fuzzy
+#| msgid ""
+#| "This specifies a destination port or range of ports to use: without this, "
+#| "the destination port is never altered. This is only valid if the rule "
+#| "also specifies B<-p tcp> or B<-p udp>."
+msgid ""
+"This specifies a destination port to use. It is a required option, 0 means "
+"the new destination port is the same as the original. This is only valid if "
+"the rule also specifies B<-p tcp> or B<-p udp>."
+msgstr ""
+"このオプションは使用される送信先ポート・ポート範囲・複数ポートを指定する。 こ"
+"のオプションが指定されない場合、送信先ポートは変更されない。 ルールが B<-p "
+"tcp> または B<-p udp> を指定している場合にのみ有効である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:2418 original/man8/iptables.8:2529
+#, fuzzy, no-wrap
+#| msgid "B<--mac-source >[!] I<address>"
+msgid "B<--on-ip> I<address>"
+msgstr "B<--mac-source >[!] I<address>"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2423 original/man8/iptables.8:2534
+#, fuzzy
+#| msgid ""
+#| "This specifies a destination port or range of ports to use: without this, "
+#| "the destination port is never altered. This is only valid if the rule "
+#| "also specifies B<-p tcp> or B<-p udp>."
+msgid ""
+"This specifies a destination address to use. By default the address is the "
+"IP address of the incoming interface. This is only valid if the rule also "
+"specifies B<-p tcp> or B<-p udp>."
+msgstr ""
+"このオプションは使用される送信先ポート・ポート範囲・複数ポートを指定する。 こ"
+"のオプションが指定されない場合、送信先ポートは変更されない。 ルールが B<-p "
+"tcp> または B<-p udp> を指定している場合にのみ有効である。"
+
+#. type: TP
+#: original/man8/ip6tables.8:2423 original/man8/iptables.8:2534
+#, fuzzy, no-wrap
+#| msgid "B<--mark >I<value>[/I<mask>]"
+msgid "B<--tproxy-mark> I<value>[B</>I<mask>]"
+msgstr "B<--mark >I<value>[/I<mask>]"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2428 original/man8/iptables.8:2539
+msgid ""
+"Marks packets with the given value/mask. The fwmark value set here can be "
+"used by advanced routing. (Required for transparent proxying to work: "
+"otherwise these packets will get forwarded, which is probably not what you "
+"want.)"
+msgstr ""
+
+#. type: SS
+#: original/man8/ip6tables.8:2428 original/man8/iptables.8:2539
+#, no-wrap
+msgid "TRACE"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2431 original/man8/iptables.8:2542
+msgid ""
+"This target marks packets so that the kernel will log every rule which match "
+"the packets as those traverse the tables, chains, rules."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2438 original/man8/iptables.8:2549
+msgid ""
+"A logging backend, such as ip(6)t_LOG or nfnetlink_log, must be loaded for "
+"this to be visible. The packets are logged with the string prefix: \"TRACE: "
+"tablename:chainname:type:rulenum \" where type can be \"rule\" for plain "
+"rule, \"return\" for implicit rule at the end of a user defined chain and "
+"\"policy\" for the policy of the built in chains."
+msgstr ""
+
+#. type: SH
+#: original/man8/ip6tables.8:2442 original/man8/iptables.8:2601
+#, no-wrap
+msgid "DIAGNOSTICS"
+msgstr "返り値"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2447 original/man8/iptables.8:2606
+msgid ""
+"Various error messages are printed to standard error. The exit code is 0 "
+"for correct functioning. Errors which appear to be caused by invalid or "
+"abused command line parameters cause an exit code of 2, and other errors "
+"cause an exit code of 1."
+msgstr ""
+"いろいろなエラーメッセージが標準エラーに表示される。 正しく機能した場合、終了"
+"コードは 0 である。 不正なコマンドラインパラメータによりエラーが発生した場合"
+"は、 終了コード 2 が返される。 その他のエラーの場合は、終了コード 1 が返され"
+"る。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2450
+msgid ""
+"Bugs? What's this? ;-) Well... the counters are not reliable on sparc64."
+msgstr ""
+"バグ? バグって何? ;-) えーと…、sparc64 ではカウンター値が信頼できない。"
+
+#. type: SH
+#: original/man8/ip6tables.8:2450 original/man8/iptables.8:2609
+#, no-wrap
+msgid "COMPATIBILITY WITH IPCHAINS"
+msgstr "IPCHAINS との互換性"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2459
+msgid ""
+"This B<ip6tables> is very similar to ipchains by Rusty Russell. The main "
+"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for "
+"packets coming into the local host and originating from the local host "
+"respectively. Hence every packet only passes through one of the three "
+"chains (except loopback traffic, which involves both INPUT and OUTPUT "
+"chains); previously a forwarded packet would pass through all three."
+msgstr ""
+"B<ip6tables> は、Rusty Russell の ipchains と非常によく似ている。 大きな違い"
+"は、チェイン B<INPUT> と B<OUTPUT> が、それぞれローカルホストに入ってくるパ"
+"ケットと、 ローカルホストから出されるパケットのみしか調べないという点であ"
+"る。 よって、全てのパケットは 3 つあるチェインのうち 1 つしか通らない (ループ"
+"バックトラフィックは例外で、INPUT と OUTPUT チェインの両方を通る)。 以前は "
+"(ipchains では)、 フォワードされるパケットが 3 つのチェイン全てを通っていた。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2464
+msgid ""
+"The other main difference is that B<-i> refers to the input interface; B<-o> "
+"refers to the output interface, and both are available for packets entering "
+"the B<FORWARD> chain. There are several other changes in ip6tables."
+msgstr ""
+"その他の大きな違いは、 B<-i> で入力インターフェース、 B<-o> で出力インター"
+"フェースを指定し、 ともに B<FORWARD> チェインに入るパケットに対して指定可能な"
+"点である。 ip6tables では、その他にもいくつかの変更がある。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2471
+#, fuzzy
+#| msgid ""
+#| "B<ip6tables-save>(8), B<ip6tables-restore(8),> B<iptables>(8), B<iptables-"
+#| "save>(8), B<iptables-restore>(8)."
+msgid ""
+"B<ip6tables-save>(8), B<ip6tables-restore>(8), B<iptables>(8), B<iptables-"
+"save>(8), B<iptables-restore>(8), B<libipq>(3)."
+msgstr ""
+"B<ip6tables-save>(8), B<ip6tables-restore(8),> B<iptables>(8), B<iptables-"
+"save>(8), B<iptables-restore>(8)."
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2477
+#, fuzzy
+#| msgid ""
+#| "The packet-filtering-HOWTO details iptables usage for packet filtering, "
+#| "the NAT-HOWTO details NAT, the netfilter-extensions-HOWTO details the "
+#| "extensions that are not in the standard distribution, and the netfilter-"
+#| "hacking-HOWTO details the netfilter internals."
+msgid ""
+"The packet-filtering-HOWTO details iptables usage for packet filtering, the "
+"netfilter-extensions-HOWTO details the extensions that are not in the "
+"standard distribution, and the netfilter-hacking-HOWTO details the netfilter "
+"internals."
+msgstr ""
+"パケットフィルタリングについての詳細な iptables の使用法を\n"
+"説明している packet-filtering-HOWTO。\n"
+"NAT について詳細に説明している NAT-HOWTO。\n"
+"標準的な配布には含まれない拡張の詳細を 説明している \n"
+"netfilter-extensions-HOWTO。\n"
+"内部構造について詳細に説明している netfilter-hacking-HOWTO。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2480 original/man8/iptables.8:2650
+msgid "See B<http://www.netfilter.org/>."
+msgstr "B<http://www.netfilter.org/> を参照。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2483
+msgid ""
+"Rusty Russell wrote iptables, in early consultation with Michael Neuling."
+msgstr ""
+"Rusty Russell は、初期の段階で Michael Neuling に相談して iptables を書いた。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2487 original/man8/iptables.8:2657
+msgid ""
+"Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet "
+"selection framework in iptables, then wrote the mangle table, the owner "
+"match, the mark stuff, and ran around doing cool stuff everywhere."
+msgstr ""
+"Marc Boucher は Rusty に iptables の一般的なパケット選択の考え方を勧めて、 "
+"ipnatctl を止めさせた。 そして、mangle テーブル・所有者マッチング・ mark 機能"
+"を書き、いたるところで使われている素晴らしいコードを書いた。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2489 original/man8/iptables.8:2659
+msgid "James Morris wrote the TOS target, and tos match."
+msgstr "James Morris が TOS ターゲットと tos マッチングを書いた。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2491 original/man8/iptables.8:2661
+msgid "Jozsef Kadlecsik wrote the REJECT target."
+msgstr "Jozsef Kadlecsik が REJECT ターゲットを書いた。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2493
+#, fuzzy
+#| msgid "Harald Welte wrote the ULOG target, TTL match+target and libipulog."
+msgid ""
+"Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as "
+"TTL match+target and libipulog."
+msgstr ""
+"Harald Welte が ULOG ターゲット・TTL マッチングと TTL ターゲット・ libipulog "
+"を書いた。"
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2497 original/man8/iptables.8:2667
+#, fuzzy
+#| msgid ""
+#| "The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Jozsef "
+#| "Kadlecsik, James Morris, Harald Welte and Rusty Russell."
+msgid ""
+"The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Yasuyuki "
+"Kozakai, Jozsef Kadlecsik, Patrick McHardy, James Morris, Pablo Neira Ayuso, "
+"Harald Welte and Rusty Russell."
+msgstr ""
+"Netfilter コアチームは、Marc Boucher, Martin Josefsson, Jozsef Kadlecsik, "
+"James Morris, Harald Welte, Rusty Russell である。"
+
+#. .. and did I mention that we are incredibly cool people?
+#. .. sexy, too ..
+#. .. witty, charming, powerful ..
+#. .. and most of all, modest ..
+#. type: Plain text
+#: original/man8/ip6tables.8:2504
+msgid ""
+"ip6tables man page created by Andras Kis-Szabo, based on iptables man page "
+"written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
+msgstr ""
+"ip6tables の man ページは、Andras Kis-Szabo によって作成された。 これは "
+"Herve Eychenne E<lt>rv@wallfire.orgE<gt> によって書かれた iptables の man "
+"ページを元にしている。"
+
+#. type: SH
+#: original/man8/ip6tables.8:2504 original/man8/iptables.8:2673
+#, no-wrap
+msgid "VERSION"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/ip6tables.8:2506
+msgid "This manual page applies to ip6tables @PACKAGE_VERSION@."
+msgstr ""
+
+#. type: TH
+#: original/man8/iptables-restore.8:1
+#, no-wrap
+msgid "IPTABLES-RESTORE"
+msgstr "IPTABLES-RESTORE"
+
+#. type: TH
+#: original/man8/iptables-restore.8:1 original/man8/iptables-save.8:1
+#, no-wrap
+msgid "Jan 04, 2001"
+msgstr "Jan 04, 2001"
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:23
+#, fuzzy
+#| msgid "iptables-restore - Restore IP Tables"
+msgid "iptables-restore \\(em Restore IP Tables"
+msgstr "iptables-restore - IP テーブルを復元する"
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:25
+#, fuzzy
+#| msgid "B<iptables-restore >[-c] [-n]"
+msgid "B<iptables-restore> [B<-c>] [B<-n>] [B<-T> I<name>]"
+msgstr "B<iptables-restore >[-c] [-n]"
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:30
+msgid ""
+"B<iptables-restore> is used to restore IP Tables from data specified on "
+"STDIN. Use I/O redirection provided by your shell to read from a file"
+msgstr ""
+"B<iptables-restore> は標準入力で指定されたデータから IP テーブルを復元するた"
+"めに使われる。 ファイルから読み込むためには、 シェルで提供されている I/O リダ"
+"イレクションを使うこと。"
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:38
+msgid ""
+"don't flush the previous contents of the table. If not specified, B<iptables-"
+"restore> flushes (deletes) all previous contents of the respective IP Table."
+msgstr ""
+"これまでのテーブルの内容をフラッシュしない。 指定されない場合、 B<iptables-"
+"restore> は、これまでの各 IP テーブルの内容を全てフラッシュ (削除) する。"
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:41
+msgid ""
+"Restore only the named table even if the input stream contains other ones."
+msgstr ""
+
+#. type: SH
+#: original/man8/iptables-restore.8:43 original/man8/iptables-save.8:44
+#: original/man1/iptables-xml.1:84
+#, no-wrap
+msgid "AUTHOR"
+msgstr "作者"
+
+#. type: Plain text
+#: original/man8/iptables-restore.8:47
+msgid "B<iptables-save>(8), B<iptables>(8)"
+msgstr "B<iptables-save>(8), B<iptables>(8)"
+
+#. type: TH
+#: original/man8/iptables-save.8:1
+#, no-wrap
+msgid "IPTABLES-SAVE"
+msgstr "IPTABLES-SAVE"
+
+#. type: Plain text
+#: original/man8/iptables-save.8:23
+msgid "iptables-save \\(em dump iptables rules to stdout"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-save.8:26
+#, fuzzy
+#| msgid "B<iptables-save >[-c] [-t table]"
+msgid "B<iptables-save> [B<-M> I<modprobe>] [B<-c>] [B<-t> I<table>]"
+msgstr "B<iptables-save >[-c] [-t table]"
+
+#. type: Plain text
+#: original/man8/iptables-save.8:31
+msgid ""
+"B<iptables-save> is used to dump the contents of an IP Table in easily "
+"parseable format to STDOUT. Use I/O-redirection provided by your shell to "
+"write to a file."
+msgstr ""
+"B<iptables-save> は IP テーブルの内容を簡単に解析できる形式で 標準出力にダン"
+"プするために使われる。 ファイルに書き出すためには、 シェルで提供されている I/"
+"O リダイレクションを使うこと。"
+
+#. type: Plain text
+#: original/man8/iptables-save.8:48
+msgid "B<iptables-restore>(8), B<iptables>(8)"
+msgstr "B<iptables-restore>(8), B<iptables>(8)"
+
+#. type: TH
+#: original/man8/iptables.8:1
+#, no-wrap
+msgid "IPTABLES"
+msgstr "IPTABLES"
+
+#. type: Plain text
+#: original/man8/iptables.8:27
+#, fuzzy
+#| msgid "iptables - administration tool for IPv4 packet filtering and NAT"
+msgid "iptables \\(em administration tool for IPv4 packet filtering and NAT"
+msgstr "iptables - IPv4 のパケットフィルタと NAT を管理するツール"
+
+#. type: Plain text
+#: original/man8/iptables.8:30
+#, fuzzy
+#| msgid "B<iptables [-t table] -[AD] >chain rule-specification [options]"
+msgid ""
+"B<iptables> [B<-t> I<table>] {B<-A>|B<-C>|B<-D>} I<chain> I<rule-"
+"specification>"
+msgstr "B<iptables [-t table] -[AD] >チェイン ルールの詳細 [オプション]"
+
+#. type: Plain text
+#: original/man8/iptables.8:32
+#, fuzzy
+#| msgid ""
+#| "B<iptables [-t table] -I >chain [rulenum] rule-specification [options]"
+msgid ""
+"B<iptables> [B<-t> I<table>] B<-I> I<chain> [I<rulenum>] I<rule-"
+"specification>"
+msgstr ""
+"B<iptables [-t table] -I >チェイン [ルール番号] ルールの詳細 [オプション]"
+
+#. type: Plain text
+#: original/man8/iptables.8:34
+#, fuzzy
+#| msgid "B<iptables [-t table] -R >chain rulenum rule-specification [options]"
+msgid "B<iptables> [B<-t> I<table>] B<-R> I<chain rulenum rule-specification>"
+msgstr ""
+"B<iptables [-t table] -R >チェイン ルール番号 ルールの詳細 [オプション]"
+
+#. type: Plain text
+#: original/man8/iptables.8:36
+#, fuzzy
+#| msgid "B<iptables [-t table] -D >chain rulenum [options]"
+msgid "B<iptables> [B<-t> I<table>] B<-D> I<chain rulenum>"
+msgstr "B<iptables [-t table] -D >チェイン ルール番号 [オプション]"
+
+#. type: Plain text
+#: original/man8/iptables.8:38
+#, fuzzy
+#| msgid "B<iptables [-t table] -D >chain rulenum [options]"
+msgid "B<iptables> [B<-t> I<table>] B<-S> [I<chain> [I<rulenum>]]"
+msgstr "B<iptables [-t table] -D >チェイン ルール番号 [オプション]"
+
+#. type: Plain text
+#: original/man8/iptables.8:40
+#, fuzzy
+#| msgid "B<iptables [-t table] -D >chain rulenum [options]"
+msgid ""
+"B<iptables> [B<-t> I<table>] {B<-F>|B<-L>|B<-Z>} [I<chain> [I<rulenum>]] "
+"[I<options...>]"
+msgstr "B<iptables [-t table] -D >チェイン ルール番号 [オプション]"
+
+#. type: Plain text
+#: original/man8/iptables.8:42
+#, fuzzy
+#| msgid "B<iptables [-t table] -N >chain"
+msgid "B<iptables> [B<-t> I<table>] B<-N> I<chain>"
+msgstr "B<iptables [-t table] -N >チェイン"
+
+#. type: Plain text
+#: original/man8/iptables.8:44
+#, fuzzy
+#| msgid "B<iptables [-t table] -X >[chain]"
+msgid "B<iptables> [B<-t> I<table>] B<-X> [I<chain>]"
+msgstr "B<iptables [-t table] -X >[チェイン]"
+
+#. type: Plain text
+#: original/man8/iptables.8:46
+#, fuzzy
+#| msgid "B<iptables [-t table] -P >chain target [options]"
+msgid "B<iptables> [B<-t> I<table>] B<-P> I<chain target>"
+msgstr "B<iptables [-t table] -P >チェイン ターゲット [オプション]"
+
+#. type: Plain text
+#: original/man8/iptables.8:48
+#, fuzzy
+#| msgid "B<iptables [-t table] -E >old-chain-name new-chain-name"
+msgid "B<iptables> [B<-t> I<table>] B<-E> I<old-chain-name new-chain-name>"
+msgstr "B<iptables [-t table] -E >旧チェイン名 新チェイン名"
+
+#. type: Plain text
+#: original/man8/iptables.8:50
+msgid "rule-specification = [I<matches...>] [I<target>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:52
+msgid "match = B<-m> I<matchname> [I<per-match-options>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:54
+msgid "target = B<-j> I<targetname> [I<per-target-options>]"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:60
+#, fuzzy
+#| msgid ""
+#| "B<Iptables> is used to set up, maintain, and inspect the tables of IP "
+#| "packet filter rules in the Linux kernel. Several different tables may be "
+#| "defined. Each table contains a number of built-in chains and may also "
+#| "contain user-defined chains."
+msgid ""
+"B<Iptables> is used to set up, maintain, and inspect the tables of IPv4 "
+"packet filter rules in the Linux kernel. Several different tables may be "
+"defined. Each table contains a number of built-in chains and may also "
+"contain user-defined chains."
+msgstr ""
+"B<iptables> は Linux カーネルの IP パケットフィルタルールのテーブルを 設定・"
+"管理・検査するために使われる。 複数の異なるテーブルを定義できる。 各テーブル"
+"にはたくさんの組み込み済みチェインが含まれており、 さらにユーザー定義のチェイ"
+"ンを加えることもできる。"
#. type: TP
-#: original/man8/iptables.8:566
+#: original/man8/iptables.8:107
#, no-wrap
-msgid "B<--physdev-in name>"
-msgstr "B<--physdev-in name>"
+msgid "B<nat>:"
+msgstr "B<nat>:"
#. type: Plain text
-#: original/man8/iptables.8:577
+#: original/man8/iptables.8:114
msgid ""
-"Name of a bridge port via which a packet is received (only for packets "
-"entering the B<INPUT>, B<FORWARD> and B<PREROUTING> chains). If the "
-"interface name ends in a \"+\", then any interface which begins with this "
-"name will match. If the packet didn't arrive through a bridge device, this "
-"packet won't match this option, unless '!' is used."
+"This table is consulted when a packet that creates a new connection is "
+"encountered. It consists of three built-ins: B<PREROUTING> (for altering "
+"packets as soon as they come in), B<OUTPUT> (for altering locally-generated "
+"packets before routing), and B<POSTROUTING> (for altering packets as they "
+"are about to go out)."
msgstr ""
-"パケットが受信されるブリッジのポート名 (B<INPUT>, B<FORWARD>, B<PREROUTING> "
-"チェインに入るパケットのみ)。 インターフェース名が \"+\" で終っている場合、 "
-"その名前で始まる任意のインターフェース名にマッチする。 ブリッジデバイスを通し"
-"て受け取られなかったパケットは、 \\&'!' が指定されていない限り、このオプショ"
-"ンにマッチしない。"
+"このテーブルは新しい接続を開くようなパケットに対して参照される。 これには "
+"B<PREROUTING> (パケットが入ってきた場合、すぐにそのパケットを変換するための"
+"チェイン)・ B<OUTPUT> (ローカルで生成されたパケットをルーティングの前に変換す"
+"るためのチェイン)・ B<POSTROUTING> (パケットが出て行くときに変換するための"
+"チェイン) という 3 つの組み込み済みチェインが含まれる。"
+
+#. type: Plain text
+#: original/man8/iptables.8:147
+msgid ""
+"The options that are recognized by B<iptables> can be divided into several "
+"different groups."
+msgstr "B<iptables> で使えるオプションは、いくつかのグループに分けられる。"
+
+#. type: Plain text
+#: original/man8/iptables.8:153
+#, fuzzy
+#| msgid ""
+#| "These options specify the specific action to perform. Only one of them "
+#| "can be specified on the command line unless otherwise specified below. "
+#| "For all the long versions of the command and option names, you need to "
+#| "use only enough letters to ensure that B<iptables> can differentiate it "
+#| "from all other options."
+msgid ""
+"These options specify the desired action to perform. Only one of them can be "
+"specified on the command line unless otherwise stated below. For long "
+"versions of the command and option names, you need to use only enough "
+"letters to ensure that B<iptables> can differentiate it from all other "
+"options."
+msgstr ""
+"これらのオプションは、実行する特定の動作を指定する。 以下の説明で注記されてい"
+"ない限り、 コマンドラインで指定できるのはこの中の 1 つだけである。 長いバー"
+"ジョンのコマンド名とオプション名は、 B<iptables> が他のコマンド名やオプション"
+"名と区別できる範囲で (文字を省略して) 指定することもできる。"
+
+#. type: Plain text
+#: original/man8/iptables.8:188
+#, fuzzy
+#| msgid ""
+#| "List all rules in the selected chain. If no chain is selected, all "
+#| "chains are listed. As every other iptables command, it applies to the "
+#| "specified table (filter is the default), so NAT rules get listed by"
+msgid ""
+"List all rules in the selected chain. If no chain is selected, all chains "
+"are listed. Like every other iptables command, it applies to the specified "
+"table (filter is the default), so NAT rules get listed by"
+msgstr ""
+"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場"
+"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同"
+"様に、指定されたテーブル (デフォルトは filter) に対して作用する。 よって NAT "
+"ルールを表示するには以下のようにする。"
+
+#. type: Plain text
+#: original/man8/iptables.8:190
+#, no-wrap
+msgid " iptables -t nat -n -L\n"
+msgstr " iptables -t nat -n -L\n"
+
+#. type: Plain text
+#: original/man8/iptables.8:199
+#, no-wrap
+msgid " iptables -L -v\n"
+msgstr " iptables -L -v\n"
+
+#. type: Plain text
+#: original/man8/iptables.8:205
+#, fuzzy
+#| msgid ""
+#| "List all rules in the selected chain. If no chain is selected, all "
+#| "chains are listed. As every other iptables command, it applies to the "
+#| "specified table (filter is the default), so NAT rules get listed by"
+msgid ""
+"Print all rules in the selected chain. If no chain is selected, all chains "
+"are printed like iptables-save. Like every other iptables command, it "
+"applies to the specified table (filter is the default)."
+msgstr ""
+"選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されない場"
+"合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマンドと同"
+"様に、指定されたテーブル (デフォルトは filter) に対して作用する。 よって NAT "
+"ルールを表示するには以下のようにする。"
+
+#. type: Plain text
+#: original/man8/iptables.8:256
+#, fuzzy
+#| msgid ""
+#| "The protocol of the rule or of the packet to check. The specified "
+#| "protocol can be one of I<tcp>, I<udp>, I<icmp>, or I<all>, or it can be a "
+#| "numeric value, representing one of these protocols or a different one. A "
+#| "protocol name from /etc/protocols is also allowed. A \"!\" argument "
+#| "before the protocol inverts the test. The number zero is equivalent to "
+#| "I<all>. Protocol I<all> will match with all protocols and is taken as "
+#| "default when this option is omitted."
+msgid ""
+"The protocol of the rule or of the packet to check. The specified protocol "
+"can be one of B<tcp>, B<udp>, B<udplite>, B<icmp>, B<esp>, B<ah>, B<sctp> or "
+"the special keyword \"B<all>\", or it can be a numeric value, representing "
+"one of these protocols or a different one. A protocol name from /etc/"
+"protocols is also allowed. A \"!\" argument before the protocol inverts the "
+"test. The number zero is equivalent to B<all>. \"B<all>\" will match with "
+"all protocols and is taken as default when this option is omitted."
+msgstr ""
+"ルールで使われるプロトコル、またはチェックされるパケットのプロトコル。 指定で"
+"きるプロトコルは、 I<tcp>, I<udp>, I<icmp>, I<all> のいずれか 1 つか、数値で"
+"ある。 数値には、これらのプロトコルのどれかないし別のプロトコルを表す 数値を"
+"指定することができる。 /etc/protocols にあるプロトコル名も指定できる。 プロト"
+"コルの前に \"!\" を置くと、そのプロトコルを除外するという意味になる。 数値 0 "
+"は I<all> と等しい。 プロトコル I<all> は全てのプロトコルとマッチし、 このオ"
+"プションが省略された際のデフォルトである。"
+
+#. type: TP
+#: original/man8/iptables.8:256
+#, fuzzy, no-wrap
+#| msgid "B<-s, --source >[!] I<address>[/I<mask>]"
+msgid "[B<!>] B<-s>, B<--source> I<address>[B</>I<mask>][B<,>I<...>]"
+msgstr "B<-s, --source >[!] I<address>[/I<mask>]"
+
+#. type: Plain text
+#: original/man8/iptables.8:273
+#, fuzzy
+#| msgid ""
+#| "Source specification. I<Address> can be either a network name, a "
+#| "hostname (please note that specifying any name to be resolved with a "
+#| "remote query such as DNS is a really bad idea), a network IP address "
+#| "(with /mask), or a plain IP address. The I<mask> can be either a network "
+#| "mask or a plain number, specifying the number of 1's at the left side of "
+#| "the network mask. Thus, a mask of I<24> is equivalent to "
+#| "I<255.255.255.0>. A \"!\" argument before the address specification "
+#| "inverts the sense of the address. The flag B<--src> is an alias for this "
+#| "option."
+msgid ""
+"Source specification. I<Address> can be either a network name, a hostname, a "
+"network IP address (with B</>I<mask>), or a plain IP address. Hostnames will "
+"be resolved once only, before the rule is submitted to the kernel. Please "
+"note that specifying any name to be resolved with a remote query such as DNS "
+"is a really bad idea. The I<mask> can be either a network mask or a plain "
+"number, specifying the number of 1's at the left side of the network mask. "
+"Thus, a mask of I<24> is equivalent to I<255.255.255.0>. A \"!\" argument "
+"before the address specification inverts the sense of the address. The flag "
+"B<--src> is an alias for this option. Multiple addresses can be specified, "
+"but this will B<expand to multiple rules> (when adding with -A), or will "
+"cause multiple rules to be deleted (with -D)."
+msgstr ""
+"送信元の指定。 I<address> はホスト名 (DNS のようなリモートへの問い合わせで解"
+"決する名前を指定するのは非常に良くない) ・ネットワーク IP アドレス (/mask を"
+"指定する)・ 通常の IP アドレス、のいずれかである。 I<mask> はネットワークマス"
+"クか、 ネットワークマスクの左側にある 1 の数を指定する数値である。 つまり、 "
+"I<24> という mask は I<255.255.255.0> に等しい。 アドレス指定の前に \"!\" を"
+"置くと、そのアドレスを除外するという意味になる。 フラグ B<--src> は、このオプ"
+"ションの別名である。"
+
+#. type: TP
+#: original/man8/iptables.8:273
+#, fuzzy, no-wrap
+#| msgid "B<-d, --destination >[!] I<address>[/I<mask>]"
+msgid "[B<!>] B<-d>, B<--destination> I<address>[B</>I<mask>][B<,>I<...>]"
+msgstr "B<-d, --destination >[!] I<address>[/I<mask>]"
#. type: TP
-#: original/man8/iptables.8:577
+#: original/man8/iptables.8:312
+#, fuzzy, no-wrap
+#| msgid "B<[!] -f, --fragment>"
+msgid "[B<!>] B<-f>, B<--fragment>"
+msgstr "B<[!] -f, --fragment>"
+
+#. type: Plain text
+#: original/man8/iptables.8:320
+msgid ""
+"This means that the rule only refers to second and further fragments of "
+"fragmented packets. Since there is no way to tell the source or destination "
+"ports of such a packet (or ICMP type), such a packet will not match any "
+"rules which specify them. When the \"!\" argument precedes the \"-f\" flag, "
+"the rule will only match head fragments, or unfragmented packets."
+msgstr ""
+"このオプションは、分割されたパケット (fragmented packet) のうち 2 番目以降の"
+"パケットだけを参照するルールであることを意味する。 このようなパケット (また"
+"は ICMP タイプのパケット) は 送信元・送信先ポートを知る方法がないので、 送信"
+"元や送信先を指定するようなルールにはマッチしない。 \"-f\" フラグの前に \"!\" "
+"を置くと、 分割されたパケットのうち最初のものか、 分割されていないパケットだ"
+"けにマッチする。"
+
+#. type: Plain text
+#: original/man8/iptables.8:368
+#, fuzzy
+#| msgid ""
+#| "iptables can use extended packet matching modules. These are loaded in "
+#| "two ways: implicitly, when B<-p> or B<--protocol> is specified, or with "
+#| "the B<-m> or B<--match> options, followed by the matching module name; "
+#| "after these, various extra command line options become available, "
+#| "depending on the specific module. You can specify multiple extended "
+#| "match modules in one line, and you can use the B<-h> or B<--help> options "
+#| "after the module has been specified to receive help specific to that "
+#| "module."
+msgid ""
+"iptables can use extended packet matching modules with the B<-m> or B<--"
+"match> options, followed by the matching module name; after these, various "
+"extra command line options become available, depending on the specific "
+"module. You can specify multiple extended match modules in one line, and "
+"you can use the B<-h> or B<--help> options after the module has been "
+"specified to receive help specific to that module."
+msgstr ""
+"iptables は拡張されたパケットマッチングモジュールを使うことができる。 これら"
+"のモジュールは 2 種類の方法でロードされる: モジュールは、 B<-p> または B<--"
+"protocol> で暗黙のうちに指定されるか、 B<-m> または B<--match> の後にモジュー"
+"ル名を続けて指定される。 これらのモジュールの後ろには、モジュールに応じて 他"
+"のいろいろなコマンドラインオプションを指定することができる。 複数の拡張マッチ"
+"ングモジュールを一行で指定することができる。 また、モジュールに特有のヘルプを"
+"表示させるためには、 モジュールを指定した後で B<-h> または B<--help> を指定す"
+"ればよい。"
+
+#. @MATCH@
+#. type: Plain text
+#: original/man8/iptables.8:373
+msgid ""
+"If the B<-p> or B<--protocol> was specified and if and only if an unknown "
+"option is encountered, iptables will try load a match module of the same "
+"name as the protocol, to try making the option available."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:445
+#, fuzzy
+#| msgid "This module matches the SPIs in AH header of IPSec packets."
+msgid "This module matches the SPIs in Authentication header of IPsec packets."
+msgstr "このモジュールは IPSec パケットの AH ヘッダーの SPI 値にマッチする。"
+
+#. type: SS
+#: original/man8/iptables.8:825
#, no-wrap
-msgid "B<--physdev-out name>"
-msgstr "B<--physdev-out name>"
+msgid "icmp"
+msgstr "icmp"
#. type: Plain text
-#: original/man8/iptables.8:594
+#: original/man8/iptables.8:828
+#, fuzzy
+#| msgid ""
+#| "This extension is loaded if `--protocol icmp' is specified. It provides "
+#| "the following option:"
msgid ""
-"Name of a bridge port via which a packet is going to be sent (for packets "
-"entering the B<FORWARD>, B<OUTPUT> and B<POSTROUTING> chains). If the "
-"interface name ends in a \"+\", then any interface which begins with this "
-"name will match. Note that in the B<nat> and B<mangle> B<OUTPUT> chains one "
-"cannot match on the bridge output port, however one can in the B<filter "
-"OUTPUT> chain. If the packet won't leave by a bridge device or it is yet "
-"unknown what the output device will be, then the packet won't match this "
-"option, unless '!' is used."
+"This extension can be used if `--protocol icmp' is specified. It provides "
+"the following option:"
+msgstr ""
+"この拡張は `--protocol icmp' が指定された場合にロードされ、 以下のオプション"
+"が提供される:"
+
+#. type: TP
+#: original/man8/iptables.8:828
+#, fuzzy, no-wrap
+#| msgid "B<--icmp-type >[!] I<typename>"
+msgid "[B<!>] B<--icmp-type> {I<type>[B</>I<code>]|I<typename>}"
+msgstr "B<--icmp-type >[!] I<typename>"
+
+#. type: Plain text
+#: original/man8/iptables.8:832
+#, fuzzy
+#| msgid ""
+#| "This allows specification of the ICMP type, which can be a numeric ICMP "
+#| "type, or one of the ICMP type names shown by the command"
+msgid ""
+"This allows specification of the ICMP type, which can be a numeric ICMP "
+"type, type/code pair, or one of the ICMP type names shown by the command"
+msgstr ""
+"ICMP タイプを指定できる。タイプ指定には、 数値の ICMP タイプ、または以下のコ"
+"マンド で表示される ICMP タイプ名を指定できる。"
+
+#. type: Plain text
+#: original/man8/iptables.8:834
+#, no-wrap
+msgid " iptables -p icmp -h\n"
+msgstr " iptables -p icmp -h\n"
+
+#. type: SS
+#: original/man8/iptables.8:969
+#, fuzzy, no-wrap
+#| msgid "tos"
+msgid "osf"
+msgstr "tos"
+
+#. type: Plain text
+#: original/man8/iptables.8:973
+msgid ""
+"The osf module does passive operating system fingerprinting. This modules "
+"compares some data (Window Size, MSS, options and their order, TTL, DF, and "
+"others) from packets with the SYN bit set."
msgstr ""
-"パケットを送信することになるブリッジのポート名 (B<FORWARD>, B<OUTPUT>, "
-"B<POSTROUTING> チェインに入るパケットのみ)。 インターフェース名が \"+\" で"
-"終っている場合、 その名前で始まる任意のインターフェース名にマッチする。 "
-"B<nat> と B<mangle> テーブルの B<OUTPUT> チェインではブリッジの出力ポートに"
-"マッチさせることができないが、 B<filter> テーブルの B<OUPUT> チェインではマッ"
-"チ可能である。 パケットがブリッジデバイスから送られなかった場合、 またはパ"
-"ケットの出力デバイスが不明であった場合は、 \\&'!' が指定されていない限り、パ"
-"ケットはこのオプションにマッチしない。"
#. type: TP
-#: original/man8/iptables.8:594
-#, no-wrap
-msgid "B<--physdev-is-in>"
-msgstr "B<--physdev-is-in>"
+#: original/man8/iptables.8:973
+#, fuzzy, no-wrap
+#| msgid "B<--helper >I<string>"
+msgid "[B<!>] B<--genre> I<string>"
+msgstr "B<--helper >I<string>"
#. type: Plain text
-#: original/man8/iptables.8:597
-msgid "Matches if the packet has entered through a bridge interface."
-msgstr "パケットがブリッジインターフェースに入った場合にマッチする。"
+#: original/man8/iptables.8:976
+msgid "Match an operating system genre by using a passive fingerprinting."
+msgstr ""
#. type: TP
-#: original/man8/iptables.8:597
-#, no-wrap
-msgid "B<--physdev-is-out>"
-msgstr "B<--physdev-is-out>"
+#: original/man8/iptables.8:976
+#, fuzzy, no-wrap
+#| msgid "B<--ttl >I<ttl>"
+msgid "B<--ttl> I<level>"
+msgstr "B<--ttl >I<ttl>"
#. type: Plain text
-#: original/man8/iptables.8:600
-msgid "Matches if the packet will leave through a bridge interface."
-msgstr "パケットがブリッジインターフェースから出ようとした場合にマッチする。"
+#: original/man8/iptables.8:980
+msgid ""
+"Do additional TTL checks on the packet to determine the operating system. "
+"I<level> can be one of the following values:"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:983
+msgid ""
+"0 - True IP address and fingerprint TTL comparison. This generally works for "
+"LANs."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:986
+msgid ""
+"1 - Check if the IP header's TTL is less than the fingerprint one. Works for "
+"globally-routable addresses."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:988
+msgid "2 - Do not compare the TTL at all."
+msgstr ""
#. type: TP
-#: original/man8/iptables.8:600
-#, no-wrap
-msgid "B<--physdev-is-bridged>"
-msgstr "B<--physdev-is-bridged>"
+#: original/man8/iptables.8:988
+#, fuzzy, no-wrap
+#| msgid "B<--log-level >I<level>"
+msgid "B<--log> I<level>"
+msgstr "B<--log-level >I<level>"
#. type: Plain text
-#: original/man8/iptables.8:604
+#: original/man8/iptables.8:992
msgid ""
-"Matches if the packet is being bridged and therefore is not being routed. "
-"This is only useful in the FORWARD and POSTROUTING chains."
+"Log determined genres into dmesg even if they do not match the desired one. "
+"I<level> can be one of the following values:"
msgstr ""
-"パケットがブリッジされることにより、 ルーティングされなかった場合にマッチす"
-"る。 これは FORWARD, POSTROUTING チェインにおいてのみ役立つ。"
-#. type: SS
-#: original/man8/iptables.8:604
-#, no-wrap
-msgid "pkttype"
-msgstr "pkttype"
+#. type: Plain text
+#: original/man8/iptables.8:994
+msgid "0 - Log all matched or unknown signatures"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:606
-msgid "This module matches the link-layer packet type."
-msgstr "このモジュールは、リンク層のパケットタイプにマッチする。"
+#: original/man8/iptables.8:996
+msgid "1 - Log only the first one"
+msgstr ""
-#. type: TP
-#: original/man8/iptables.8:606
-#, no-wrap
-msgid "B<--pkt-type >I<[unicast|broadcast|multicast]>"
-msgstr "B<--pkt-type >I<[unicast|broadcast|multicast]>"
+#. type: Plain text
+#: original/man8/iptables.8:998
+msgid "2 - Log all known matched signatures"
+msgstr ""
-#. type: SS
-#: original/man8/iptables.8:608
-#, no-wrap
-msgid "state"
-msgstr "state"
+#. type: Plain text
+#: original/man8/iptables.8:1000
+msgid "You may find something like this in syslog:"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:611
+#: original/man8/iptables.8:1003
msgid ""
-"This module, when combined with connection tracking, allows access to the "
-"connection tracking state for this packet."
+"Windows [2000:SP3:Windows XP Pro SP1, 2000 SP3]: 11.22.33.55:4024 -E<gt> "
+"11.22.33.44:139 hops=3 Linux [2.5-2.6:] : 1.2.3.4:42624 -E<gt> 1.2.3.5:22 "
+"hops=4"
msgstr ""
-"このモジュールは、接続追跡 (connection tracking) と組み合わせて用いると、 パ"
-"ケットについての接続追跡状態を知ることができる。"
-
-#. type: TP
-#: original/man8/iptables.8:611
-#, no-wrap
-msgid "B<--state >I<state>"
-msgstr "B<--state >I<state>"
#. type: Plain text
-#: original/man8/iptables.8:630
+#: original/man8/iptables.8:1006
msgid ""
-"Where state is a comma separated list of the connection states to match. "
-"Possible states are B<INVALID> meaning that the packet could not be "
-"identified for some reason which includes running out of memory and ICMP "
-"errors which don't correspond to any known connection, B<ESTABLISHED> "
-"meaning that the packet is associated with a connection which has seen "
-"packets in both directions, B<NEW> meaning that the packet has started a new "
-"connection, or otherwise associated with a connection which has not seen "
-"packets in both directions, and B<RELATED> meaning that the packet is "
-"starting a new connection, but is associated with an existing connection, "
-"such as an FTP data transfer, or an ICMP error."
+"OS fingerprints are loadable using the B<nfnl_osf> program. To load "
+"fingerprints from a file, use:"
msgstr ""
-"state は、マッチングを行うための、コンマで区切られた接続状態のリストである。 "
-"指定可能な state は以下の通り。 B<INVALID>: このパケットは既知の接続と関係し"
-"ていない。 B<ESTABLISHED>: このパケットは、過去双方向にパケットがやり取りされ"
-"た接続に属するパケットである。 B<NEW>: このパケットが新しい接続を開始した"
-"か、 双方向にはパケットがやり取りされていない接続に属するパケットである。 "
-"B<RELATED>: このパケットが新しい接続を開始しているが、 FTP データ転送や ICMP "
-"エラーのように、既存の接続に関係している。"
#. type: Plain text
-#: original/man8/iptables.8:660
-#, no-wrap
-msgid " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
-msgstr " iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+#: original/man8/iptables.8:1008
+msgid "B<nfnl_osf -f /usr/share/xtables/pf.os>"
+msgstr ""
-#. type: TP
-#: original/man8/iptables.8:676
-#, no-wrap
-msgid "B<--mss >I<value>[:I<value>]"
-msgstr "B<--mss >I<value>[:I<value>]"
+#. type: Plain text
+#: original/man8/iptables.8:1010
+msgid "To remove them again,"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:1012
+msgid "B<nfnl_osf -f /usr/share/xtables/pf.os -d>"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:680
+#: original/man8/iptables.8:1015
msgid ""
-"Match TCP SYN or SYN/ACK packets with the specified MSS value (or range), "
-"which control the maximum packet size for that connection."
+"The fingerprint database can be downlaoded from http://www.openbsd.org/cgi-"
+"bin/cvsweb/src/etc/pf.os ."
msgstr ""
-"指定された MSS 値 (の範囲) を持つ TCP の SYN または SYN/ACK パケットにマッチ"
-"する。 MSS は接続に対するパケットの最大サイズを制御する。"
#. type: SS
-#: original/man8/iptables.8:680
+#: original/man8/iptables.8:1241
#, no-wrap
-msgid "tos"
-msgstr "tos"
+msgid "realm"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:683
+#: original/man8/iptables.8:1244
msgid ""
-"This module matches the 8 bits of Type of Service field in the IP header "
-"(ie. including the precedence bits)."
+"This matches the routing realm. Routing realms are used in complex routing "
+"setups involving dynamic routing protocols like BGP."
msgstr ""
-"このモジュールは IP ヘッダーの 8 ビットの (つまり上位ビットを含む) Type of "
-"Service フィールドにマッチする。"
#. type: TP
-#: original/man8/iptables.8:683
-#, no-wrap
-msgid "B<--tos >I<tos>"
-msgstr "B<--tos >I<tos>"
+#: original/man8/iptables.8:1244
+#, fuzzy, no-wrap
+#| msgid "B<--mark >I<value>[/I<mask>]"
+msgid "[B<!>] B<--realm> I<value>[B</>I<mask>]"
+msgstr "B<--mark >I<value>[/I<mask>]"
#. type: Plain text
-#: original/man8/iptables.8:686
-msgid "The argument is either a standard name, (use"
+#: original/man8/iptables.8:1249
+msgid ""
+"Matches a given realm number (and optionally mask). If not a number, value "
+"can be a named realm from /etc/iproute2/rt_realms (mask can not be used in "
+"that case)."
msgstr ""
-"引き数は、マッチを行う標準的な名前でも数値でもよい (名前のリストを見るには"
-
-#. type: Plain text
-#: original/man8/iptables.8:688
-#, no-wrap
-msgid " iptables -m tos -h\n"
-msgstr " iptables -m tos -h\n"
-
-#. type: Plain text
-#: original/man8/iptables.8:690
-msgid "to see the list), or a numeric value to match."
-msgstr "を使うこと)。"
#. type: SS
-#: original/man8/iptables.8:690
+#: original/man8/iptables.8:1680
#, no-wrap
msgid "ttl"
msgstr "ttl"
#. type: Plain text
-#: original/man8/iptables.8:692
+#: original/man8/iptables.8:1682
msgid "This module matches the time to live field in the IP header."
msgstr "このモジュールは IP ヘッダーの time to live フィールドにマッチする。"
#. type: TP
-#: original/man8/iptables.8:692
-#, no-wrap
-msgid "B<--ttl >I<ttl>"
+#: original/man8/iptables.8:1682
+#, fuzzy, no-wrap
+#| msgid "B<--ttl >I<ttl>"
+msgid "[B<!>] B<--ttl-eq> I<ttl>"
msgstr "B<--ttl >I<ttl>"
#. type: Plain text
-#: original/man8/iptables.8:695
+#: original/man8/iptables.8:1685
msgid "Matches the given TTL value."
msgstr "指定された TTL 値にマッチする。"
+#. type: TP
+#: original/man8/iptables.8:1685
+#, fuzzy, no-wrap
+#| msgid "B<--ttl >I<ttl>"
+msgid "B<--ttl-gt> I<ttl>"
+msgstr "B<--ttl >I<ttl>"
+
+#. type: Plain text
+#: original/man8/iptables.8:1688
+#, fuzzy
+#| msgid "Matches the given TTL value."
+msgid "Matches if TTL is greater than the given TTL value."
+msgstr "指定された TTL 値にマッチする。"
+
+#. type: TP
+#: original/man8/iptables.8:1688
+#, fuzzy, no-wrap
+#| msgid "B<--ttl >I<ttl>"
+msgid "B<--ttl-lt> I<ttl>"
+msgstr "B<--ttl >I<ttl>"
+
+#. type: Plain text
+#: original/man8/iptables.8:1691
+#, fuzzy
+#| msgid "Matches the given TTL value."
+msgid "Matches if TTL is less than the given TTL value."
+msgstr "指定された TTL 値にマッチする。"
+
#. type: SS
-#: original/man8/iptables.8:710
+#: original/man8/iptables.8:1836
#, no-wrap
msgid "unclean"
msgstr "unclean"
#. type: Plain text
-#: original/man8/iptables.8:713
+#: original/man8/iptables.8:1839
msgid ""
"This module takes no options, but attempts to match packets which seem "
"malformed or unusual. This is regarded as experimental."
"このモジュールにはオプションがないが、 おかしく正常でないように見えるパケット"
"にマッチする。 これは実験的なものとして扱われている。"
+#. @TARGET@
#. type: Plain text
-#: original/man8/iptables.8:716
+#: original/man8/iptables.8:1843
msgid ""
"iptables can use extended target modules: the following are included in the "
"standard distribution."
"ディストリビューションに含まれている。"
#. type: SS
-#: original/man8/iptables.8:716
+#: original/man8/iptables.8:1873
+#, no-wrap
+msgid "CLUSTERIP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:1878
+msgid ""
+"This module allows you to configure a simple cluster of nodes that share a "
+"certain IP and MAC address without an explicit load balancer in front of "
+"them. Connections are statically distributed between the nodes in this "
+"cluster."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:1878
+#, no-wrap
+msgid "B<--new>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:1882
+msgid ""
+"Create a new ClusterIP. You always have to set this on the first rule for a "
+"given ClusterIP."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:1882
+#, fuzzy, no-wrap
+#| msgid "B<--cmd-owner >I<name>"
+msgid "B<--hashmode> I<mode>"
+msgstr "B<--cmd-owner >I<name>"
+
+#. type: Plain text
+#: original/man8/iptables.8:1886
+msgid ""
+"Specify the hashing mode. Has to be one of B<sourceip>, B<sourceip-"
+"sourceport>, B<sourceip-sourceport-destport>."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:1886
+#, fuzzy, no-wrap
+#| msgid "B<--set-mark >I<mark>"
+msgid "B<--clustermac> I<mac>"
+msgstr "B<--set-mark >I<mark>"
+
+#. type: Plain text
+#: original/man8/iptables.8:1889
+msgid ""
+"Specify the ClusterIP MAC address. Has to be a link-layer multicast address"
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:1889
+#, fuzzy, no-wrap
+#| msgid "B<-t>, B<--table> B<tablename>"
+msgid "B<--total-nodes> I<num>"
+msgstr "B<-t>, B<--table> B<tablename>"
+
+#. type: Plain text
+#: original/man8/iptables.8:1892
+msgid "Number of total nodes within this cluster."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:1892
+#, fuzzy, no-wrap
+#| msgid "B<--cmd-owner >I<name>"
+msgid "B<--local-node> I<num>"
+msgstr "B<--cmd-owner >I<name>"
+
+#. type: Plain text
+#: original/man8/iptables.8:1895
+msgid "Local node number within this cluster."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:1895
+#, fuzzy, no-wrap
+#| msgid "B<--limit >I<rate>"
+msgid "B<--hash-init> I<rnd>"
+msgstr "B<--limit >I<rate>"
+
+#. type: Plain text
+#: original/man8/iptables.8:1898
+msgid "Specify the random seed used for hash initialization."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:1997
#, no-wrap
msgid "DNAT"
msgstr "DNAT"
#. type: Plain text
-#: original/man8/iptables.8:728
+#: original/man8/iptables.8:2009
msgid ""
"This target is only valid in the B<nat> table, in the B<PREROUTING> and "
"B<OUTPUT> chains, and user-defined chains which are only called from those "
"ターゲットにはオプションが 1 種類ある:"
#. type: TP
-#: original/man8/iptables.8:728
-#, no-wrap
-msgid "B<--to-destination >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
+#: original/man8/iptables.8:2009
+#, fuzzy, no-wrap
+#| msgid "B<--to-destination >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
+msgid "B<--to-destination> [I<ipaddr>[B<->I<ipaddr>]][B<:>I<port>[B<->I<port>]]"
msgstr "B<--to-destination >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
#. type: Plain text
-#: original/man8/iptables.8:738
+#: original/man8/iptables.8:2020
+#, fuzzy
+#| msgid ""
+#| "which can specify a single new destination IP address, an inclusive range "
+#| "of IP addresses, and optionally, a port range (which is only valid if the "
+#| "rule also specifies B<-p tcp> or B<-p udp>). If no port range is "
+#| "specified, then the destination port will never be modified."
msgid ""
"which can specify a single new destination IP address, an inclusive range of "
"IP addresses, and optionally, a port range (which is only valid if the rule "
"also specifies B<-p tcp> or B<-p udp>). If no port range is specified, then "
-"the destination port will never be modified."
+"the destination port will never be modified. If no IP address is specified "
+"then only the destination port will be modified."
msgstr ""
"1 つの新しい送信先 IP アドレス、または IP アドレスの範囲が指定できる。 ポート"
"の範囲を指定することもできる (これはルールで B<-p tcp> または B<-p udp> を指"
"は変更されない。"
#. type: Plain text
-#: original/man8/iptables.8:744
+#: original/man8/iptables.8:2027
+#, fuzzy
+#| msgid ""
+#| "You can add several --to-destination options. If you specify more than "
+#| "one destination address, either via an address range or multiple --to-"
+#| "destination options, a simple round-robin (one after another in cycle) "
+#| "load balancing takes place between these adresses."
msgid ""
-"You can add several --to-destination options. If you specify more than one "
-"destination address, either via an address range or multiple --to-"
-"destination options, a simple round-robin (one after another in cycle) load "
-"balancing takes place between these adresses."
+"In Kernels up to 2.6.10 you can add several --to-destination options. For "
+"those kernels, if you specify more than one destination address, either via "
+"an address range or multiple --to-destination options, a simple round-robin "
+"(one after another in cycle) load balancing takes place between these "
+"addresses. Later Kernels (E<gt>= 2.6.11-rc1) don't have the ability to NAT "
+"to multiple ranges anymore."
msgstr ""
"複数の --to-destination オプションを指定することができる。 アドレスの範囲に"
"よって、 もしくは複数の --to-destination オプションによって 2 つ以上の送信先"
"アドレスを指定した場合、 それらのアドレスを使った単純なラウンド・ロビン (順々"
"に循環させる) がおこなわれる。"
-#. type: SS
-#: original/man8/iptables.8:744
+#. type: TP
+#: original/man8/iptables.8:2027 original/man8/iptables.8:2159
+#: original/man8/iptables.8:2284 original/man8/iptables.8:2338
+#: original/man8/iptables.8:2407
#, no-wrap
-msgid "DSCP"
-msgstr "DSCP"
+msgid "B<--random>"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:748
+#: original/man8/iptables.8:2032 original/man8/iptables.8:2289
msgid ""
-"This target allows to alter the value of the DSCP bits within the TOS header "
-"of the IPv4 packet. As this manipulates a packet, it can only be used in "
-"the mangle table."
+"If option B<--random> is used then port mapping will be randomized (kernel "
+"E<gt>= 2.6.22)."
msgstr ""
-"このターゲットは、IPv4 パケットの TOS ヘッダーにある DSCP ビットの値の書き換"
-"えを可能にする。 これはパケットを操作するので、mangle テーブルでのみ使用でき"
-"る。"
-
-#. type: TP
-#: original/man8/iptables.8:748
-#, no-wrap
-msgid "B<--set-dscp >I<value>"
-msgstr "B<--set-dscp >I<value>"
-
-#. type: Plain text
-#: original/man8/iptables.8:751
-msgid "Set the DSCP field to a numerical value (can be decimal or hex)"
-msgstr "DSCP フィールドの数値を設定する (10 進または 16 進)。"
#. type: TP
-#: original/man8/iptables.8:751
-#, no-wrap
-msgid "B<--set-dscp-class >I<class>"
-msgstr "B<--set-dscp-class >I<class>"
+#: original/man8/iptables.8:2032 original/man8/iptables.8:2412
+#, fuzzy, no-wrap
+#| msgid "B<--helper >I<string>"
+msgid "B<--persistent>"
+msgstr "B<--helper >I<string>"
#. type: Plain text
-#: original/man8/iptables.8:754
-msgid "Set the DSCP field to a DiffServ class."
-msgstr "DSCP フィールドの DiffServ クラスを設定する。"
+#: original/man8/iptables.8:2037 original/man8/iptables.8:2417
+msgid ""
+"Gives a client the same source-/destination-address for each connection. "
+"This supersedes the SAME target. Support for persistent mappings is "
+"available from 2.6.29-rc2."
+msgstr ""
#. type: SS
-#: original/man8/iptables.8:754
+#: original/man8/iptables.8:2047
#, no-wrap
msgid "ECN"
msgstr "ECN"
#. type: Plain text
-#: original/man8/iptables.8:757
+#: original/man8/iptables.8:2050
msgid ""
"This target allows to selectively work around known ECN blackholes. It can "
"only be used in the mangle table."
"でのみ使用できる。"
#. type: TP
-#: original/man8/iptables.8:757
+#: original/man8/iptables.8:2050
#, no-wrap
msgid "B<--ecn-tcp-remove>"
msgstr "B<--ecn-tcp-remove>"
#. type: Plain text
-#: original/man8/iptables.8:762
+#: original/man8/iptables.8:2055
msgid ""
"Remove all ECN bits from the TCP header. Of course, it can only be used in "
"conjunction with B<-p tcp>."
"B<-p tcp> オプションとの組合わせでのみ使用できる。"
#. type: Plain text
-#: original/man8/iptables.8:774
+#: original/man8/iptables.8:2088
msgid ""
"Turn on kernel logging of matching packets. When this option is set for a "
"rule, the Linux kernel will print some information on all matching packets "
"は REJECT) ターゲットを指定する。"
#. type: Plain text
-#: original/man8/iptables.8:791
+#: original/man8/iptables.8:2105
msgid "Log options from the IP packet header."
msgstr "IP パケットヘッダーのオプションをログに記録する。"
-#. type: Plain text
-#: original/man8/iptables.8:796
-msgid ""
-"This is used to set the netfilter mark value associated with the packet. It "
-"is only valid in the B<mangle> table. It can for example be used in "
-"conjunction with iproute2."
-msgstr ""
-"パケットに関連づけられた netfilter の mark 値を設定する。 B<mangle> テーブル"
-"のみで有効である。 例えば、iproute2 と組み合わせて使うことができる。"
-
#. type: SS
-#: original/man8/iptables.8:798
+#: original/man8/iptables.8:2136
#, no-wrap
msgid "MASQUERADE"
msgstr "MASQUERADE"
#. type: Plain text
-#: original/man8/iptables.8:812
+#: original/man8/iptables.8:2150
+#, fuzzy
+#| msgid ""
+#| "This target is only valid in the B<nat> table, in the B<POSTROUTING> "
+#| "chain. It should only be used with dynamically assigned IP (dialup) "
+#| "connections: if you have a static IP address, you should use the SNAT "
+#| "target. Masquerading is equivalent to specifying a mapping to the IP "
+#| "address of the interface the packet is going out, but also has the effect "
+#| "that connections are I<forgotten> when the interface goes down. This is "
+#| "the correct behavior when the next dialup is unlikely to have the same "
+#| "interface address (and hence any established connections are lost "
+#| "anyway). It takes one option:"
msgid ""
"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. "
"It should only be used with dynamically assigned IP (dialup) connections: "
"interface the packet is going out, but also has the effect that connections "
"are I<forgotten> when the interface goes down. This is the correct behavior "
"when the next dialup is unlikely to have the same interface address (and "
-"hence any established connections are lost anyway). It takes one option:"
+"hence any established connections are lost anyway)."
msgstr ""
"このターゲットは B<nat> テーブルの B<POSTROUTING> チェインのみで有効である。 "
"動的割り当て IP (ダイヤルアップ) 接続の場合にのみ使うべきである。 固定 IP ア"
"はオプションが 1 つある。"
#. type: TP
-#: original/man8/iptables.8:812 original/man8/iptables.8:845
-#, no-wrap
-msgid "B<--to-ports >I<port>[-I<port>]"
+#: original/man8/iptables.8:2150 original/man8/iptables.8:2276
+#, fuzzy, no-wrap
+#| msgid "B<--to-ports >I<port>[-I<port>]"
+msgid "B<--to-ports> I<port>[B<->I<port>]"
msgstr "B<--to-ports >I<port>[-I<port>]"
#. type: Plain text
-#: original/man8/iptables.8:821
+#: original/man8/iptables.8:2159
msgid ""
"This specifies a range of source ports to use, overriding the default "
"B<SNAT> source port-selection heuristics (see above). This is only valid if "
"送信元ポートの選択方法 (上記) よりも優先される。 ルールが B<-p tcp> または "
"B<-p udp> を指定している場合にのみ有効である。"
+#. type: Plain text
+#: original/man8/iptables.8:2165
+msgid ""
+"Randomize source port mapping If option B<--random> is used then port "
+"mapping will be randomized (kernel E<gt>= 2.6.21)."
+msgstr ""
+
#. type: SS
-#: original/man8/iptables.8:821
+#: original/man8/iptables.8:2167
#, no-wrap
msgid "MIRROR"
msgstr "MIRROR"
#. type: Plain text
-#: original/man8/iptables.8:834
+#: original/man8/iptables.8:2180
msgid ""
"This is an experimental demonstration target which inverts the source and "
"destination fields in the IP header and retransmits the packet. It is only "
"視B<されない>。"
#. type: SS
-#: original/man8/iptables.8:834
+#: original/man8/iptables.8:2180
+#, no-wrap
+msgid "NETMAP"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:2185
+#, fuzzy
+#| msgid ""
+#| "This target allows to selectively work around known ECN blackholes. It "
+#| "can only be used in the mangle table."
+msgid ""
+"This target allows you to statically map a whole network of addresses onto "
+"another network of addresses. It can only be used from rules in the B<nat> "
+"table."
+msgstr ""
+"このターゲットは ECN ブラックホール問題への対処を可能にする。 mangle テーブル"
+"でのみ使用できる。"
+
+#. type: TP
+#: original/man8/iptables.8:2185
+#, fuzzy, no-wrap
+#| msgid "B<-s, --source >[!] I<address>[/I<mask>]"
+msgid "B<--to> I<address>[B</>I<mask>]"
+msgstr "B<-s, --source >[!] I<address>[/I<mask>]"
+
+#. type: Plain text
+#: original/man8/iptables.8:2190
+msgid ""
+"Network address to map to. The resulting address will be constructed in the "
+"following way: All 'one' bits in the mask are filled in from the new "
+"`address'. All bits that are zero in the mask are filled in from the "
+"original address."
+msgstr ""
+
+#. type: SS
+#: original/man8/iptables.8:2265
#, no-wrap
msgid "REDIRECT"
msgstr "REDIRECT"
#. type: Plain text
-#: original/man8/iptables.8:845
+#: original/man8/iptables.8:2276
+#, fuzzy
+#| msgid ""
+#| "This target is only valid in the B<nat> table, in the B<PREROUTING> and "
+#| "B<OUTPUT> chains, and user-defined chains which are only called from "
+#| "those chains. It alters the destination IP address to send the packet to "
+#| "the machine itself (locally-generated packets are mapped to the 127.0.0.1 "
+#| "address). It takes one option:"
msgid ""
"This target is only valid in the B<nat> table, in the B<PREROUTING> and "
"B<OUTPUT> chains, and user-defined chains which are only called from those "
-"chains. It alters the destination IP address to send the packet to the "
-"machine itself (locally-generated packets are mapped to the 127.0.0.1 "
-"address). It takes one option:"
+"chains. It redirects the packet to the machine itself by changing the "
+"destination IP to the primary address of the incoming interface (locally-"
+"generated packets are mapped to the 127.0.0.1 address)."
msgstr ""
"このターゲットは、 B<nat> テーブル内の B<PREROUTING> チェイン及び B<OUTPUT> "
"チェイン、そしてこれらチェインから呼び出される ユーザー定義チェインでのみ有効"
"される)。 このターゲットにはオプションが 1 つある:"
#. type: Plain text
-#: original/man8/iptables.8:853
+#: original/man8/iptables.8:2284
msgid ""
"This specifies a destination port or range of ports to use: without this, "
"the destination port is never altered. This is only valid if the rule also "
"tcp> または B<-p udp> を指定している場合にのみ有効である。"
#. type: Plain text
-#: original/man8/iptables.8:877
-#, no-wrap
+#: original/man8/iptables.8:2322
+#, fuzzy
+#| msgid ""
+#| "which return the appropriate ICMP error message (B<port-unreachable> is "
+#| "the default). The option B<tcp-reset> can be used on rules which only "
+#| "match the TCP protocol: this causes a TCP RST packet to be sent back. "
+#| "This is mainly useful for blocking I<ident> (113/tcp) probes which "
+#| "frequently occur when sending mail to broken mail hosts (which won't "
+#| "accept your mail otherwise)."
+msgid ""
+"The type given can be B<icmp-net-unreachable>, B<icmp-host-unreachable>, "
+"B<icmp-port-unreachable>, B<icmp-proto-unreachable>, B<icmp-net-prohibited>, "
+"B<icmp-host-prohibited> or B<icmp-admin-prohibited> (*) which return the "
+"appropriate ICMP error message (B<port-unreachable> is the default). The "
+"option B<tcp-reset> can be used on rules which only match the TCP protocol: "
+"this causes a TCP RST packet to be sent back. This is mainly useful for "
+"blocking I<ident> (113/tcp) probes which frequently occur when sending mail "
+"to broken mail hosts (which won't accept your mail otherwise)."
+msgstr ""
+"であり、適切な ICMP エラーメッセージを返す (B<port-unreachable> がデフォルト"
+"である)。 TCP プロトコルにのみマッチするルールに対して、オプション B<tcp-"
+"reset> を使うことができる。 このオプションを使うと、TCP RST パケットが送り返"
+"される。 主として I<ident> (113/tcp) による探査を阻止するのに役立つ。 "
+"I<ident> による探査は、壊れている (メールを受け取らない) メールホストに メー"
+"ルが送られる場合に頻繁に起こる。"
+
+#. type: Plain text
+#: original/man8/iptables.8:2324
+msgid ""
+"(*) Using icmp-admin-prohibited with kernels that do not support it will "
+"result in a plain DROP instead of REJECT"
+msgstr ""
+"(*) icmp-admin-prohibited をサポートしないカーネルで、 icmp-admin-prohibited "
+"を使用すると、 REJECT ではなく単なる DROP になる。"
+
+#. type: SS
+#: original/man8/iptables.8:2324
+#, no-wrap
+msgid "SAME"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:2328
+msgid ""
+"Similar to SNAT/DNAT depending on chain: it takes a range of addresses (`--"
+"to 1.2.3.4-1.2.3.7') and gives a client the same source-/destination-address "
+"for each connection."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:2330
+msgid ""
+"N.B.: The DNAT target's B<--persistent> option replaced the SAME target."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables.8:2330
+#, fuzzy, no-wrap
+#| msgid "B<--to-source >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
+msgid "B<--to> I<ipaddr>[B<->I<ipaddr>]"
+msgstr "B<--to-source >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
+
+#. type: Plain text
+#: original/man8/iptables.8:2334
msgid ""
-"B<icmp-net-unreachable>\n"
-"B<icmp-host-unreachable>\n"
-"B<icmp-port-unreachable>\n"
-"B<icmp-proto-unreachable>\n"
-"B<icmp-net-prohibited>\n"
-"B<icmp-host-prohibited or>\n"
-"B<icmp-admin-prohibited (*)>\n"
+"Addresses to map source to. May be specified more than once for multiple "
+"ranges."
msgstr ""
-"B<icmp-net-unreachable>\n"
-"B<icmp-host-unreachable>\n"
-"B<icmp-port-unreachable>\n"
-"B<icmp-proto-unreachable>\n"
-"B<icmp-net-prohibited>\n"
-"B<icmp-host-prohibited or>\n"
-"B<icmp-admin-prohibited (*)>\n"
+
+#. type: TP
+#: original/man8/iptables.8:2334
+#, fuzzy, no-wrap
+#| msgid "B<--tos >I<tos>"
+msgid "B<--nodst>"
+msgstr "B<--tos >I<tos>"
#. type: Plain text
-#: original/man8/iptables.8:886
+#: original/man8/iptables.8:2338
msgid ""
-"which return the appropriate ICMP error message (B<port-unreachable> is the "
-"default). The option B<tcp-reset> can be used on rules which only match the "
-"TCP protocol: this causes a TCP RST packet to be sent back. This is mainly "
-"useful for blocking I<ident> (113/tcp) probes which frequently occur when "
-"sending mail to broken mail hosts (which won't accept your mail otherwise)."
+"Don't use the destination-ip in the calculations when selecting the new "
+"source-ip"
msgstr ""
-"であり、適切な ICMP エラーメッセージを返す (B<port-unreachable> がデフォルト"
-"である)。 TCP プロトコルにのみマッチするルールに対して、オプション B<tcp-"
-"reset> を使うことができる。 このオプションを使うと、TCP RST パケットが送り返"
-"される。 主として I<ident> (113/tcp) による探査を阻止するのに役立つ。 "
-"I<ident> による探査は、壊れている (メールを受け取らない) メールホストに メー"
-"ルが送られる場合に頻繁に起こる。"
#. type: Plain text
-#: original/man8/iptables.8:889
+#: original/man8/iptables.8:2342
msgid ""
-"(*) Using icmp-admin-prohibited with kernels that do not support it will "
-"result in a plain DROP instead of REJECT"
+"Port mapping will be forcibly randomized to avoid attacks based on port "
+"prediction (kernel E<gt>= 2.6.21)."
msgstr ""
-"(*) icmp-admin-prohibited をサポートしないカーネルで、 icmp-admin-prohibited "
-"を使用すると、 REJECT ではなく単なる DROP になる。"
#. type: SS
-#: original/man8/iptables.8:889
+#: original/man8/iptables.8:2379
#, no-wrap
msgid "SNAT"
msgstr "SNAT"
#. type: Plain text
-#: original/man8/iptables.8:898
+#: original/man8/iptables.8:2388
msgid ""
"This target is only valid in the B<nat> table, in the B<POSTROUTING> chain. "
"It specifies that the source address of the packet should be modified (and "
"指示する。 このターゲットにはオプションが 1 種類ある:"
#. type: TP
-#: original/man8/iptables.8:898
-#, no-wrap
-msgid "B<--to-source >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
+#: original/man8/iptables.8:2388
+#, fuzzy, no-wrap
+#| msgid "B<--to-source >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
+msgid "B<--to-source> [I<ipaddr>[B<->I<ipaddr>]][B<:>I<port>[B<->I<port>]]"
msgstr "B<--to-source >I<ipaddr>[-I<ipaddr>][:I<port>-I<port>]"
#. type: Plain text
-#: original/man8/iptables.8:910
+#: original/man8/iptables.8:2400
msgid ""
"which can specify a single new source IP address, an inclusive range of IP "
"addresses, and optionally, a port range (which is only valid if the rule "
"トにマッピングされる。 可能であれば、ポートの変換は起こらない。"
#. type: Plain text
-#: original/man8/iptables.8:916
+#: original/man8/iptables.8:2407
+#, fuzzy
+#| msgid ""
+#| "You can add several --to-source options. If you specify more than one "
+#| "source address, either via an address range or multiple --to-source "
+#| "options, a simple round-robin (one after another in cycle) takes place "
+#| "between these adresses."
msgid ""
-"You can add several --to-source options. If you specify more than one "
-"source address, either via an address range or multiple --to-source options, "
-"a simple round-robin (one after another in cycle) takes place between these "
-"adresses."
+"In Kernels up to 2.6.10, you can add several --to-source options. For those "
+"kernels, if you specify more than one source address, either via an address "
+"range or multiple --to-source options, a simple round-robin (one after "
+"another in cycle) takes place between these addresses. Later Kernels "
+"(E<gt>= 2.6.11-rc1) don't have the ability to NAT to multiple ranges anymore."
msgstr ""
"複数の --to-source オプションを指定することができる。 アドレスの範囲によっ"
"て、 もしくは複数の --to-source オプションによって 2 つ以上の送信元アドレスを"
"指定した場合、 それらのアドレスを使った単純なラウンド・ロビン (順々に循環させ"
"る) がおこなわれる。"
-#. type: SS
-#: original/man8/iptables.8:916
-#, no-wrap
-msgid "TCPMSS"
-msgstr "TCPMSS"
-
-#. type: Plain text
-#: original/man8/iptables.8:922
-msgid ""
-"This target allows to alter the MSS value of TCP SYN packets, to control the "
-"maximum size for that connection (usually limiting it to your outgoing "
-"interface's MTU minus 40). Of course, it can only be used in conjunction "
-"with B<-p tcp>."
-msgstr ""
-"このターゲットを用いると、TCP の SYN パケットの MSS 値を書き換え、 そのコネク"
-"ションの最大サイズ (通常は、送信インターフェースの MTU から 40 引いた値) を"
-"制御できる。 もちろん B<-p tcp> と組み合わせてしか使えない。"
-
#. type: Plain text
-#: original/man8/iptables.8:928
+#: original/man8/iptables.8:2412
msgid ""
-"This target is used to overcome criminally braindead ISPs or servers which "
-"block ICMP Fragmentation Needed packets. The symptoms of this problem are "
-"that everything works fine from your Linux firewall/router, but machines "
-"behind it can never exchange large packets:"
+"If option B<--random> is used then port mapping will be randomized (kernel "
+"E<gt>= 2.6.21)."
msgstr ""
-"このターゲットは犯罪的に頭のいかれた ISP や ICMP Fragmentation Needed パケッ"
-"トをブロックしてしまうサーバーを 乗り越えるために使用する。 Linux ファイア"
-"ウォール/ルーターでは何も問題がないのに、 そこにぶら下がるマシンでは以下のよ"
-"うに大きなパケットを やりとりできないというのが、この問題の兆候である。"
-
-#. type: TP
-#: original/man8/iptables.8:930
-#, no-wrap
-msgid "1)"
-msgstr "1)"
-
-#. type: Plain text
-#: original/man8/iptables.8:933
-msgid "Web browsers connect, then hang with no data received."
-msgstr "ウェブ・ブラウザで接続が、何のデータも受け取らずにハングする"
-
-#. type: TP
-#: original/man8/iptables.8:933
-#, no-wrap
-msgid "2)"
-msgstr "2)"
-#. type: Plain text
-#: original/man8/iptables.8:936
-msgid "Small mail works fine, but large emails hang."
-msgstr "短いメールは問題ないが、長いメールがハングする"
-
-#. type: TP
-#: original/man8/iptables.8:936
+#. type: SS
+#: original/man8/iptables.8:2553
#, no-wrap
-msgid "3)"
-msgstr "3)"
-
-#. type: Plain text
-#: original/man8/iptables.8:939
-msgid "ssh works fine, but scp hangs after initial handshaking."
-msgstr "ssh は問題ないが、scp は最初のハンドシェーク後にハングする"
+msgid "TTL"
+msgstr ""
#. type: Plain text
-#: original/man8/iptables.8:943
+#: original/man8/iptables.8:2557
msgid ""
-"Workaround: activate this option and add a rule to your firewall "
-"configuration like:"
+"This is used to modify the IPv4 TTL header field. The TTL field determines "
+"how many hops (routers) a packet can traverse until it's time to live is "
+"exceeded."
msgstr ""
-"回避方法: このオプションを有効にし、以下のようなルールを ファイアウォールの設"
-"定に追加する。"
#. type: Plain text
-#: original/man8/iptables.8:946
-#, no-wrap
+#: original/man8/iptables.8:2562
msgid ""
-" iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\e\n"
-" -j TCPMSS --clamp-mss-to-pmtu\n"
+"Setting or incrementing the TTL field can potentially be very dangerous, so "
+"it should be avoided at any cost. This target is only valid in B<mangle> "
+"table."
msgstr ""
-" iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \\e\n"
-" -j TCPMSS --clamp-mss-to-pmtu\n"
#. type: TP
-#: original/man8/iptables.8:947
-#, no-wrap
-msgid "B<--set-mss >I<value>"
+#: original/man8/iptables.8:2564
+#, fuzzy, no-wrap
+#| msgid "B<--set-mss >I<value>"
+msgid "B<--ttl-set> I<value>"
msgstr "B<--set-mss >I<value>"
#. type: Plain text
-#: original/man8/iptables.8:950
-msgid "Explicitly set MSS option to specified value."
-msgstr "MSS オプションの値に指定した値を明示的に設定する。"
-
-#. type: TP
-#: original/man8/iptables.8:950
-#, no-wrap
-msgid "B<--clamp-mss-to-pmtu>"
-msgstr "B<--clamp-mss-to-pmtu>"
-
-#. type: Plain text
-#: original/man8/iptables.8:953
-msgid "Automatically clamp MSS value to (path_MTU - 40)."
-msgstr "自動的に、MSS 値を (path_MTU - 40) に強制する。"
+#: original/man8/iptables.8:2567
+msgid "Set the TTL value to `value'."
+msgstr ""
#. type: TP
-#: original/man8/iptables.8:953
-#, no-wrap
-msgid "These options are mutually exclusive."
-msgstr "これらのオプションはどちらか 1 つしか指定できない。"
-
-#. type: SS
-#: original/man8/iptables.8:955
-#, no-wrap
-msgid "TOS"
-msgstr "TOS"
+#: original/man8/iptables.8:2567
+#, fuzzy, no-wrap
+#| msgid "B<--set-dscp >I<value>"
+msgid "B<--ttl-dec> I<value>"
+msgstr "B<--set-dscp >I<value>"
#. type: Plain text
-#: original/man8/iptables.8:960
-msgid ""
-"This is used to set the 8-bit Type of Service field in the IP header. It is "
-"only valid in the B<mangle> table."
+#: original/man8/iptables.8:2570
+msgid "Decrement the TTL value `value' times."
msgstr ""
-"IP ヘッダーの 8 ビットの Type of Service フィールドを設定するために使われ"
-"る。 B<mangle> テーブルのみで有効である。"
#. type: TP
-#: original/man8/iptables.8:960
-#, no-wrap
-msgid "B<--set-tos >I<tos>"
-msgstr "B<--set-tos >I<tos>"
-
-#. type: Plain text
-#: original/man8/iptables.8:963
-msgid "You can use a numeric TOS values, or use"
-msgstr "TOS を番号で指定することができる。 また、"
-
-#. type: Plain text
-#: original/man8/iptables.8:965
-#, no-wrap
-msgid " iptables -j TOS -h\n"
-msgstr " iptables -j TOS -h\n"
+#: original/man8/iptables.8:2570
+#, fuzzy, no-wrap
+#| msgid "B<--set-dscp >I<value>"
+msgid "B<--ttl-inc> I<value>"
+msgstr "B<--set-dscp >I<value>"
#. type: Plain text
-#: original/man8/iptables.8:967
-msgid "to see the list of valid TOS names."
-msgstr "を実行して得られる、使用可能な TOS 名の一覧にある TOS 名も指定できる。"
+#: original/man8/iptables.8:2573
+msgid "Increment the TTL value `value' times."
+msgstr ""
#. type: SS
-#: original/man8/iptables.8:967
+#: original/man8/iptables.8:2573
#, no-wrap
msgid "ULOG"
msgstr "ULOG"
#. type: Plain text
-#: original/man8/iptables.8:976
+#: original/man8/iptables.8:2582
msgid ""
"This target provides userspace logging of matching packets. When this "
"target is set for a rule, the Linux kernel will multicast this packet "
"ルールへと継続される。"
#. type: TP
-#: original/man8/iptables.8:976
-#, no-wrap
-msgid "B<--ulog-nlgroup >I<nlgroup>"
+#: original/man8/iptables.8:2582
+#, fuzzy, no-wrap
+#| msgid "B<--ulog-nlgroup >I<nlgroup>"
+msgid "B<--ulog-nlgroup> I<nlgroup>"
msgstr "B<--ulog-nlgroup >I<nlgroup>"
#. type: Plain text
-#: original/man8/iptables.8:980
+#: original/man8/iptables.8:2586
msgid ""
"This specifies the netlink group (1-32) to which the packet is sent. "
"Default value is 1."
"ある。"
#. type: TP
-#: original/man8/iptables.8:980
-#, no-wrap
-msgid "B<--ulog-prefix >I<prefix>"
+#: original/man8/iptables.8:2586
+#, fuzzy, no-wrap
+#| msgid "B<--ulog-prefix >I<prefix>"
+msgid "B<--ulog-prefix> I<prefix>"
msgstr "B<--ulog-prefix >I<prefix>"
#. type: Plain text
-#: original/man8/iptables.8:984
+#: original/man8/iptables.8:2590
msgid ""
"Prefix log messages with the specified prefix; up to 32 characters long, and "
"useful for distinguishing messages in the logs."
"る。 ログの中でメッセージを区別するのに便利である。"
#. type: TP
-#: original/man8/iptables.8:984
-#, no-wrap
-msgid "B<--ulog-cprange >I<size>"
+#: original/man8/iptables.8:2590
+#, fuzzy, no-wrap
+#| msgid "B<--ulog-cprange >I<size>"
+msgid "B<--ulog-cprange> I<size>"
msgstr "B<--ulog-cprange >I<size>"
#. type: Plain text
-#: original/man8/iptables.8:988
+#: original/man8/iptables.8:2594
msgid ""
"Number of bytes to be copied to userspace. A value of 0 always copies the "
"entire packet, regardless of its size. Default is 0."
"全パケットをコピーする。 デフォルトは 0 である。"
#. type: TP
-#: original/man8/iptables.8:988
-#, no-wrap
-msgid "B<--ulog-qthreshold >I<size>"
+#: original/man8/iptables.8:2594
+#, fuzzy, no-wrap
+#| msgid "B<--ulog-qthreshold >I<size>"
+msgid "B<--ulog-qthreshold> I<size>"
msgstr "B<--ulog-qthreshold >I<size>"
#. type: Plain text
-#: original/man8/iptables.8:994
+#: original/man8/iptables.8:2600
msgid ""
"Number of packet to queue inside kernel. Setting this value to, e.g. 10 "
"accumulates ten packets inside the kernel and transmits them as one netlink "
"である。"
#. type: Plain text
-#: original/man8/iptables.8:1016
+#: original/man8/iptables.8:2609
+msgid ""
+"Bugs? What's this? ;-) Well, you might want to have a look at http://"
+"bugzilla.netfilter.org/"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables.8:2618
msgid ""
"This B<iptables> is very similar to ipchains by Rusty Russell. The main "
"difference is that the chains B<INPUT> and B<OUTPUT> are only traversed for "
"いた。"
#. type: Plain text
-#: original/man8/iptables.8:1025
+#: original/man8/iptables.8:2622
msgid ""
"The other main difference is that B<-i> refers to the input interface; B<-o> "
"refers to the output interface, and both are available for packets entering "
"て指定可能な点である。"
#. type: Plain text
-#: original/man8/iptables.8:1032
+#: original/man8/iptables.8:2628
msgid ""
"The various forms of NAT have been separated out; B<iptables> is a pure "
"packet filter when using the default `filter' table, with optional extension "
"の 組合せによる混乱を簡略化する。 よって、オプション"
#. type: Plain text
-#: original/man8/iptables.8:1036
+#: original/man8/iptables.8:2632
#, no-wrap
msgid ""
" -j MASQ\n"
" -M -L\n"
#. type: Plain text
-#: original/man8/iptables.8:1038
+#: original/man8/iptables.8:2634
msgid "There are several other changes in iptables."
msgstr ""
"は別のものとして扱われる。 iptables では、その他にもいくつかの変更がある。"
#. type: Plain text
-#: original/man8/iptables.8:1044
+#: original/man8/iptables.8:2641
+#, fuzzy
+#| msgid ""
+#| "B<iptables-save>(8), B<iptables-restore>(8), B<ip6tables>(8), B<ip6tables-"
+#| "save>(8), B<ip6tables-restore>(8)."
msgid ""
"B<iptables-save>(8), B<iptables-restore>(8), B<ip6tables>(8), B<ip6tables-"
-"save>(8), B<ip6tables-restore>(8)."
+"save>(8), B<ip6tables-restore>(8), B<libipq>(3)."
msgstr ""
"B<iptables-save>(8), B<iptables-restore>(8), B<ip6tables>(8), B<ip6tables-"
"save>(8), B<ip6tables-restore>(8)."
#. type: Plain text
-#: original/man8/iptables.8:1066
-msgid "Harald Welte wrote the ULOG target, TTL, DSCP, ECN matches and targets."
+#: original/man8/iptables.8:2647
+msgid ""
+"The packet-filtering-HOWTO details iptables usage for packet filtering, the "
+"NAT-HOWTO details NAT, the netfilter-extensions-HOWTO details the extensions "
+"that are not in the standard distribution, and the netfilter-hacking-HOWTO "
+"details the netfilter internals."
+msgstr ""
+"パケットフィルタリングについての詳細な iptables の使用法を\n"
+"説明している packet-filtering-HOWTO。\n"
+"NAT について詳細に説明している NAT-HOWTO。\n"
+"標準的な配布には含まれない拡張の詳細を 説明している \n"
+"netfilter-extensions-HOWTO。\n"
+"内部構造について詳細に説明している netfilter-hacking-HOWTO。"
+
+#. type: Plain text
+#: original/man8/iptables.8:2653
+#, fuzzy
+#| msgid ""
+#| "Rusty Russell wrote iptables, in early consultation with Michael Neuling."
+msgid ""
+"Rusty Russell originally wrote iptables, in early consultation with Michael "
+"Neuling."
+msgstr ""
+"Rusty Russell は、初期の段階で Michael Neuling に相談して iptables を書いた。"
+
+#. type: Plain text
+#: original/man8/iptables.8:2663
+#, fuzzy
+#| msgid ""
+#| "Harald Welte wrote the ULOG target, TTL, DSCP, ECN matches and targets."
+msgid ""
+"Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as "
+"the TTL, DSCP, ECN matches and targets."
msgstr ""
"Harald Welte が ULOG ターゲットと、 TTL, DSCP, ECN のマッチ・ターゲットを書い"
"た。"
+#. .. and did I mention that we are incredibly cool people?
+#. .. sexy, too ..
+#. .. witty, charming, powerful ..
+#. .. and most of all, modest ..
#. type: Plain text
-#: original/man8/iptables.8:1070
-msgid "Man page written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
+#: original/man8/iptables.8:2673
+#, fuzzy
+#| msgid "Man page written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
+msgid ""
+"Man page originally written by Herve Eychenne E<lt>rv@wallfire.orgE<gt>."
msgstr "man ページは Herve Eychenne E<lt>rv@wallfire.orgE<gt> が書いた。"
+
+#. type: Plain text
+#: original/man8/iptables.8:2675
+msgid "This manual page applies to iptables @PACKAGE_VERSION@."
+msgstr ""
+
+#. type: TH
+#: original/man8/iptables-apply.8:5
+#, fuzzy, no-wrap
+#| msgid " iptables -p icmp -h\n"
+msgid "iptables-apply"
+msgstr " iptables -p icmp -h\n"
+
+#. type: TH
+#: original/man8/iptables-apply.8:5
+#, no-wrap
+msgid "2006-06-04"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:10
+msgid "iptables-apply - a safer way to update iptables remotely"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:12
+msgid "B<iptables-apply> [-B<hV>] [B<-t> I<timeout>] I<ruleset-file>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:20
+msgid ""
+"iptables-apply will try to apply a new ruleset (as output by iptables-save/"
+"read by iptables-restore) to iptables, then prompt the user whether the "
+"changes are okay. If the new ruleset cut the existing connection, the user "
+"will not be able to answer affirmatively. In this case, the script rolls "
+"back to the previous ruleset after the timeout expired. The timeout can be "
+"set with B<-t>."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:23
+msgid ""
+"When called as ip6tables-apply, the script will use ip6tables-save/-restore "
+"instead."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables-apply.8:24
+#, no-wrap
+msgid "B<-t> I<seconds>, B<--timeout> I<seconds>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:28
+msgid ""
+"Sets the timeout after which the script will roll back to the previous "
+"ruleset."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables-apply.8:28
+#, fuzzy, no-wrap
+#| msgid "B<-c>, B<--counters>"
+msgid "B<-h>, B<--help>"
+msgstr "B<-c>, B<--counters>"
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:31
+msgid "Display usage information."
+msgstr ""
+
+#. type: TP
+#: original/man8/iptables-apply.8:31
+#, fuzzy, no-wrap
+#| msgid "B<-c>, B<--counters>"
+msgid "B<-V>, B<--version>"
+msgstr "B<-c>, B<--counters>"
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:34
+msgid "Display version information."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:37
+#, fuzzy
+#| msgid "B<iptables-restore>(8), B<iptables>(8)"
+msgid "B<iptables-restore>(8), B<iptables-save>(8), B<iptables>(8)."
+msgstr "B<iptables-restore>(8), B<iptables>(8)"
+
+#. type: SH
+#: original/man8/iptables-apply.8:37
+#, no-wrap
+msgid "LEGALESE"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:40
+msgid "iptables-apply is copyright by Martin F. Krafft."
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:42
+msgid ""
+"This manual page was written by Martin F. Krafft E<lt>madduck@madduck."
+"netE<gt>"
+msgstr ""
+
+#. type: Plain text
+#: original/man8/iptables-apply.8:44
+msgid ""
+"Permission is granted to copy, distribute and/or modify this document under "
+"the terms of the Artistic License 2.0."
+msgstr ""
+
+#. type: TH
+#: original/man1/iptables-xml.1:1
+#, fuzzy, no-wrap
+#| msgid "IPTABLES"
+msgid "IPTABLES-XML"
+msgstr "IPTABLES"
+
+#. type: TH
+#: original/man1/iptables-xml.1:1
+#, no-wrap
+msgid "Jul 16, 2007"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:23
+msgid "iptables-xml \\(em Convert iptables-save format to XML"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:25
+#, fuzzy
+#| msgid "B<iptables-restore >[-c] [-n]"
+msgid "B<iptables-xml> [B<-c>] [B<-v>]"
+msgstr "B<iptables-restore >[-c] [-n]"
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:31
+#, fuzzy
+#| msgid ""
+#| "B<iptables-save> is used to dump the contents of an IP Table in easily "
+#| "parseable format to STDOUT. Use I/O-redirection provided by your shell to "
+#| "write to a file."
+msgid ""
+"B<iptables-xml> is used to convert the output of iptables-save into an "
+"easily manipulatable XML format to STDOUT. Use I/O-redirection provided by "
+"your shell to write to a file."
+msgstr ""
+"B<iptables-save> は IP テーブルの内容を簡単に解析できる形式で 標準出力にダン"
+"プするために使われる。 ファイルに書き出すためには、 シェルで提供されている I/"
+"O リダイレクションを使うこと。"
+
+#. type: TP
+#: original/man1/iptables-xml.1:31
+#, fuzzy, no-wrap
+#| msgid "B<-c>, B<--counters>"
+msgid "B<-c>, B<--combine>"
+msgstr "B<-c>, B<--counters>"
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:38
+msgid ""
+"combine consecutive rules with the same matches but different targets. "
+"iptables does not currently support more than one target per match, so this "
+"simulates that by collecting the targets from consecutive iptables rules "
+"into one action tag, but only when the rule matches are identical. "
+"Terminating actions like RETURN, DROP, ACCEPT and QUEUE are not combined "
+"with subsequent targets."
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:41
+msgid ""
+"Output xml comments containing the iptables line from which the XML is "
+"derived"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:48
+msgid ""
+"iptables-xml does a mechanistic conversion to a very expressive xml format; "
+"the only semantic considerations are for -g and -j targets in order to "
+"discriminate between E<lt>callE<gt> E<lt>gotoE<gt> and E<lt>nane-of-"
+"targetE<gt> as it helps xml processing scripts if they can tell the "
+"difference between a target like SNAT and another chain."
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:50
+msgid "Some sample output is:"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:74
+#, no-wrap
+msgid ""
+"E<lt>iptables-rulesE<gt>\n"
+" E<lt>table name=\"mangle\"E<gt>\n"
+" E<lt>chain name=\"PREROUTING\" policy=\"ACCEPT\" packet-count=\"63436\"\n"
+"byte-count=\"7137573\"E<gt>\n"
+" E<lt>ruleE<gt>\n"
+" E<lt>conditionsE<gt>\n"
+" E<lt>matchE<gt>\n"
+" E<lt>pE<gt>tcpE<lt>/pE<gt>\n"
+" E<lt>/matchE<gt>\n"
+" E<lt>tcpE<gt>\n"
+" E<lt>sportE<gt>8443E<lt>/sportE<gt>\n"
+" E<lt>/tcpE<gt>\n"
+" E<lt>/conditionsE<gt>\n"
+" E<lt>actionsE<gt>\n"
+" E<lt>callE<gt>\n"
+" E<lt>check_ip/E<gt>\n"
+" E<lt>/callE<gt>\n"
+" E<lt>ACCEPT/E<gt>\n"
+" E<lt>/actionsE<gt>\n"
+" E<lt>/ruleE<gt>\n"
+" E<lt>/chainE<gt>\n"
+" E<lt>/tableE<gt>\n"
+"E<lt>/iptables-rulesE<gt>\n"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:79
+msgid ""
+"Conversion from XML to iptables-save format may be done using the iptables."
+"xslt script and xsltproc, or a custom program using libxsltproc or similar; "
+"in this fashion:"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:81
+msgid "xsltproc iptables.xslt my-iptables.xml | iptables-restore"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:84
+#, fuzzy
+#| msgid "None known as of iptables-1.2.1 release"
+msgid "None known as of iptables-1.3.7 release"
+msgstr "iptables-1.2.1 リリースでは知られていない。"
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:86
+msgid "Sam Liddicott E<lt>azez@ufomechanic.netE<gt>"
+msgstr ""
+
+#. type: Plain text
+#: original/man1/iptables-xml.1:87
+#, fuzzy
+#| msgid "B<iptables-restore>(8), B<iptables>(8)"
+msgid "B<iptables-save>(8), B<iptables-restore>(8), B<iptables>(8)"
+msgstr "B<iptables-restore>(8), B<iptables>(8)"
+
+#~ msgid "Mar 09, 2002"
+#~ msgstr "Mar 09, 2002"
+
+#~ msgid "B<ip6tables [-t table] -[LFZ] >[chain] [options]"
+#~ msgstr "B<ip6tables [-t テーブル] -[LFZ] >[チェイン] [オプション]"
+
+#~ msgid ""
+#~ "There are currently two independent tables (which tables are present at "
+#~ "any time depends on the kernel configuration options and which modules "
+#~ "are present), as nat table has not been implemented yet."
+#~ msgstr ""
+#~ "現在のところ 2 つの独立なテーブルが存在する (どのテーブルがどの時点で現れ"
+#~ "るかは、 カーネルの設定やどういったモジュールが存在するかに依存する)。 "
+#~ "nat テーブルは、まだ実装されていない。"
+
+#~ msgid "B<-t, --table >I<table>"
+#~ msgstr "B<-t, --table >I<table>"
+
+#~ msgid "B<-I, --insert>"
+#~ msgstr "B<-I, --insert>"
+
+#~ msgid ""
+#~ "List all rules in the selected chain. If no chain is selected, all "
+#~ "chains are listed. As every other iptables command, it applies to the "
+#~ "specified table (filter is the default), so mangle rules get listed by"
+#~ msgstr ""
+#~ "選択されたチェインにある全てのルールを一覧表示する。 チェインが指定されな"
+#~ "い場合、全てのチェインにあるリストが一覧表示される。 他の各 iptables コマ"
+#~ "ンドと同様に、 指定されたテーブル (デフォルトは filter) に対して作用す"
+#~ "る。 よって mangle ルールを表示するには以下のようにする。"
+
+#~ msgid " ip6tables -t mangle -n -L\n"
+#~ msgstr " ip6tables -t mangle -n -L\n"
+
+#~ msgid ""
+#~ "The protocol of the rule or of the packet to check. The specified "
+#~ "protocol can be one of I<tcp>, I<udp>, I<ipv6-icmp|icmpv6>, or I<all>, or "
+#~ "it can be a numeric value, representing one of these protocols or a "
+#~ "different one. A protocol name from /etc/protocols is also allowed. A "
+#~ "\"!\" argument before the protocol inverts the test. The number zero is "
+#~ "equivalent to I<all>. Protocol I<all> will match with all protocols and "
+#~ "is taken as default when this option is omitted."
+#~ msgstr ""
+#~ "ルールで使われるプロトコル、またはチェックされるパケットのプロトコル。 指"
+#~ "定できるプロトコルは、 I<tcp>, I<udp>, I<ipv6-icmp|icmpv6>, I<all> のいず"
+#~ "れか 1 つか、数値である。 数値は、これらのプロトコルの 1 つ、もしくは別の"
+#~ "プロトコルを表す。 /etc/protocols にあるプロトコル名も指定できる。 プロト"
+#~ "コルの前に \"!\" を置くと、そのプロトコルを指定しないという意味になる。 数"
+#~ "値 0 は I<all> と等しい。 プロトコル I<all> は全てのプロトコルとマッチ"
+#~ "し、 このオプションが省略された際のデフォルトである。"
+
+#~ msgid ""
+#~ "Source specification. I<Address> can be either a hostname (please note "
+#~ "that specifying any name to be resolved with a remote query such as DNS "
+#~ "is a really bad idea), a network IPv6 address (with /mask), or a plain "
+#~ "IPv6 address. (the network name isn't supported now). The I<mask> can "
+#~ "be either a network mask or a plain number, specifying the number of 1's "
+#~ "at the left side of the network mask. Thus, a mask of I<64> is "
+#~ "equivalent to I<ffff:ffff:ffff:ffff:0000:0000:0000:0000>. A \"!\" "
+#~ "argument before the address specification inverts the sense of the "
+#~ "address. The flag B<--src> is an alias for this option."
+#~ msgstr ""
+#~ "送信元の指定。 I<address> はホスト名 (DNS のようなリモートへの問い合わせで"
+#~ "解決する名前を指定するのは 非常に良くない)・ ネットワーク IPv6 アドレス (/"
+#~ "mask を指定する)・ 通常の IPv6 アドレス (今のところ、ネットワーク名はサ"
+#~ "ポートされていない)、のいずれかである。 I<mask> はネットワークマスクか、 "
+#~ "ネットワークマスクの左側にある 1 の数を指定する数値である。 つまり、 "
+#~ "I<64> という mask は I<ffff:ffff:ffff:ffff:0000:0000:0000:0000> に等し"
+#~ "い。 アドレス指定の前に \"!\" を置くと、そのアドレスを除外するという意味に"
+#~ "なる。 フラグ B<--src> は、このオプションの別名である。"
+
+#~ msgid ""
+#~ "Name of an interface via which a packet is going to be sent (for packets "
+#~ "entering the B<FORWARD> and B<OUTPUT> chains). When the \"!\" argument "
+#~ "is used before the interface name, the sense is inverted. If the "
+#~ "interface name ends in a \"+\", then any interface which begins with this "
+#~ "name will match. If this option is omitted, any interface name will "
+#~ "match."
+#~ msgstr ""
+#~ "(B<FORWARD>, B<OUTPUT> チェインに入る) パケットを送信するインターフェース"
+#~ "名。 インターフェース名の前に \"!\" を置くと、 そのインターフェースを除外"
+#~ "するという意味になる。 インターフェース名が \"+\" で終っている場合、 その"
+#~ "名前で始まる任意のインターフェース名にマッチする。 このオプションが省略さ"
+#~ "れた場合、 任意のインターフェース名にマッチする。"
+
+#~ msgid "B<-c, --set-counters PKTS BYTES>"
+#~ msgstr "B<-c, --set-counters PKTS BYTES>"
+
+#~ msgid "B<-v, --verbose>"
+#~ msgstr "B<-v, --verbose>"
+
+#~ msgid ""
+#~ "The following are included in the base package, and most of these can be "
+#~ "preceded by a B<!> to invert the sense of the match."
+#~ msgstr ""
+#~ "以下の拡張がベースパッケージに含まれている。大部分のものは、 B<!> を\n"
+#~ "前におくことによってマッチングの意味を逆にできる。"
+
+#~ msgid "B<--destination-port >[!] I<port>[:I<port>]"
+#~ msgstr "B<--destination-port >[!] I<port>[:I<port>]"
+
+#~ msgid " ip6tables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+#~ msgstr "ip6tables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN\n"
+
+#~ msgid "ipv6-icmp"
+#~ msgstr "ipv6-icmp"
+
+#~ msgid ""
+#~ "This allows specification of the ICMP type, which can be a numeric IPv6-"
+#~ "ICMP type, or one of the IPv6-ICMP type names shown by the command"
+#~ msgstr ""
+#~ "ICMP タイプを指定できる。タイプ指定には、 数値の IPv6-ICMP タイプ、または"
+#~ "以下のコマンド で表示される IPv6-ICMP タイプ名を使用できる。"
+
+#~ msgid ""
+#~ "Match if the source port is one of the given ports. The flag B<--sports> "
+#~ "is a convenient alias for this option."
+#~ msgstr ""
+#~ "送信元ポートが指定されたポートのうちのいずれかであればマッチする。 フラグ "
+#~ "B<--sports> は、このオプションの便利な別名である。"
+
+#~ msgid ""
+#~ "This module attempts to match various characteristics of the packet "
+#~ "creator, for locally-generated packets. It is only valid in the "
+#~ "B<OUTPUT> chain, and even this some packets (such as ICMP ping responses) "
+#~ "may have no owner, and hence never match. This is regarded as "
+#~ "experimental."
+#~ msgstr ""
+#~ "このモジュールは、ローカルで生成されたパケットに付いて、 パケット生成者の"
+#~ "いろいろな特性とのマッチングをとる。 これは B<OUTPUT> チェインのみでしか有"
+#~ "効でない。 また、(ICMP ping 応答のような) パケットは、 所有者がいないので"
+#~ "絶対にマッチしない。 これは実験的なものという扱いである。"
+
+#~ msgid ""
+#~ "Matches if the packet was created by a process with the given effective "
+#~ "user id."
+#~ msgstr ""
+#~ "指定された実効ユーザー ID のプロセスにより パケットが生成されている場合に"
+#~ "マッチする。"
+
+#~ msgid ""
+#~ "Matches if the packet was created by a process with the given effective "
+#~ "group id."
+#~ msgstr ""
+#~ "指定された実効グループ ID のプロセスにより パケットが生成されている場合に"
+#~ "マッチする。"
+
+#~ msgid "B<--pid-owner >I<processid>"
+#~ msgstr "B<--pid-owner >I<processid>"
+
+#~ msgid "B<--sid-owner >I<sessionid>"
+#~ msgstr "B<--sid-owner >I<sessionid>"
+
+#~ msgid ""
+#~ "Matches if the packet was created by a process in the given session group."
+#~ msgstr ""
+#~ "指定されたセッショングループのプロセスにより パケットが生成されている場合"
+#~ "にマッチする。"
+
+#~ msgid "The type given can be"
+#~ msgstr "type として指定可能なものは"
+
+#~ msgid ""
+#~ "B<icmp6-no-route>\n"
+#~ "B<no-route>\n"
+#~ "B<icmp6-adm-prohibited>\n"
+#~ "B<adm-prohibited>\n"
+#~ "B<icmp6-addr-unreachable>\n"
+#~ "B<addr-unreach>\n"
+#~ "B<icmp6-port-unreachable>\n"
+#~ "B<port-unreach>\n"
+#~ msgstr ""
+#~ "B<icmp6-no-route>\n"
+#~ "B<no-route>\n"
+#~ "B<icmp6-adm-prohibited>\n"
+#~ "B<adm-prohibited>\n"
+#~ "B<icmp6-addr-unreachable>\n"
+#~ "B<addr-unreach>\n"
+#~ "B<icmp6-port-unreachable>\n"
+#~ "B<port-unreach>\n"
+
+#~ msgid "B<iptables [-t table] -[LFZ] >[chain] [options]"
+#~ msgstr "B<iptables [-t table] -[LFZ] >[チェイン] [オプション]"
+
+#~ msgid ""
+#~ "This module, when combined with connection tracking, allows access to "
+#~ "more connection tracking information than the \"state\" match. (this "
+#~ "module is present only if iptables was compiled under a kernel supporting "
+#~ "this feature)"
+#~ msgstr ""
+#~ "このモジュールは、接続追跡 (connection tracking) と組み合わせて用いると、 "
+#~ "\"state\" マッチよりもさらに多くの、 パケットについての接続追跡状態を知る"
+#~ "ことができる (この機能をサポートしたカーネルのもとで iptables がコンパイル"
+#~ "された場合 にのみ、このモジュールは存在する)。"
+
+#~ msgid ""
+#~ "Where state is a comma separated list of the connection states to match. "
+#~ "Possible states are B<INVALID> meaning that the packet is associated with "
+#~ "no known connection, B<ESTABLISHED> meaning that the packet is associated "
+#~ "with a connection which has seen packets in both directions, B<NEW> "
+#~ "meaning that the packet has started a new connection, or otherwise "
+#~ "associated with a connection which has not seen packets in both "
+#~ "directions, and B<RELATED> meaning that the packet is starting a new "
+#~ "connection, but is associated with an existing connection, such as an FTP "
+#~ "data transfer, or an ICMP error. B<SNAT> A virtual state, matching if "
+#~ "the original source address differs from the reply destination. B<DNAT> "
+#~ "A virtual state, matching if the original destination differs from the "
+#~ "reply source."
+#~ msgstr ""
+#~ "state は、マッチング対象となる、コンマ区切りの接続状態リストである。 指定"
+#~ "可能な state は以下の通り。 B<INVALID>: メモリを使い果たした為や、 既知の"
+#~ "接続とは対応しない ICMP エラーなど、 何らかの理由によりパケットが識別でき"
+#~ "ない。 B<ESTABLISHED>: このパケットは、過去双方向にパケットがやり取りされ"
+#~ "た接続に属するパケットである。 B<NEW>: このパケットが新しい接続を開始した"
+#~ "か、 双方向にはパケットがやり取りされていない接続に属するパケットである。 "
+#~ "B<RELATED>: このパケットが新しい接続を開始しているが、 FTP データ転送や "
+#~ "ICMP エラーのように、既存の接続に関係している。 B<SNAT>: 仮想的な状態であ"
+#~ "り、書き換え前の送信元アドレスが応答の宛先アドレスと 異なる場合にマッチす"
+#~ "る。 B<DNAT>: 仮想的な状態であり、書き換え前の宛先アドレスが応答の送信元ア"
+#~ "ドレスと 異なる場合にマッチする。"
+
+#~ msgid "B<--ctreplsrc >I<[!] address[/mask]>"
+#~ msgstr "B<--ctreplsrc >I<[!] address[/mask]>"
+
+#~ msgid "Match against reply source address"
+#~ msgstr "応答の送信元アドレスにマッチする。"
+
+#~ msgid "B<--ctstatus >I<[NONE|EXPECTED|SEEN_REPLY|ASSURED][,...]>"
+#~ msgstr "B<--ctstatus >I<[NONE|EXPECTED|SEEN_REPLY|ASSURED][,...]>"
+
+#~ msgid "Match against internal conntrack states"
+#~ msgstr "接続追跡の内部的な状態にマッチする。"
+
+#~ msgid "B<--dscp-class >I<DiffServ Class>"
+#~ msgstr "B<--dscp-class >I<DiffServ Class>"
+
+#~ msgid ""
+#~ "Matches if the packet was created by a process with the given command "
+#~ "name. (this option is present only if iptables was compiled under a "
+#~ "kernel supporting this feature)"
+#~ msgstr ""
+#~ "指定されたコマンド名を持つプロセスにより パケットが生成されている場合に"
+#~ "マッチする (この機能をサポートしたカーネルのもとで iptables がコンパイルさ"
+#~ "れた場合 にのみ、このモジュールは存在する)。"
+
+#~ msgid ""
+#~ "Match TCP SYN or SYN/ACK packets with the specified MSS value (or range), "
+#~ "which control the maximum packet size for that connection."
+#~ msgstr ""
+#~ "指定された MSS 値 (の範囲) を持つ TCP の SYN または SYN/ACK パケットにマッ"
+#~ "チする。 MSS は接続に対するパケットの最大サイズを制御する。"
+
+#~ msgid "The argument is either a standard name, (use"
+#~ msgstr ""
+#~ "引き数は、マッチを行う標準的な名前でも数値でもよい (名前のリストを見るには"
+
+#~ msgid " iptables -m tos -h\n"
+#~ msgstr " iptables -m tos -h\n"
+
+#~ msgid "to see the list), or a numeric value to match."
+#~ msgstr "を使うこと)。"
+
+#~ msgid ""
+#~ "This is used to set the netfilter mark value associated with the packet. "
+#~ "It is only valid in the B<mangle> table. It can for example be used in "
+#~ "conjunction with iproute2."
+#~ msgstr ""
+#~ "パケットに関連づけられた netfilter の mark 値を設定する。 B<mangle> テーブ"
+#~ "ルのみで有効である。 例えば、iproute2 と組み合わせて使うことができる。"
+
+#~ msgid ""
+#~ "B<icmp-net-unreachable>\n"
+#~ "B<icmp-host-unreachable>\n"
+#~ "B<icmp-port-unreachable>\n"
+#~ "B<icmp-proto-unreachable>\n"
+#~ "B<icmp-net-prohibited>\n"
+#~ "B<icmp-host-prohibited or>\n"
+#~ "B<icmp-admin-prohibited (*)>\n"
+#~ msgstr ""
+#~ "B<icmp-net-unreachable>\n"
+#~ "B<icmp-host-unreachable>\n"
+#~ "B<icmp-port-unreachable>\n"
+#~ "B<icmp-proto-unreachable>\n"
+#~ "B<icmp-net-prohibited>\n"
+#~ "B<icmp-host-prohibited or>\n"
+#~ "B<icmp-admin-prohibited (*)>\n"
+
+#~ msgid "1)"
+#~ msgstr "1)"
+
+#~ msgid "2)"
+#~ msgstr "2)"
+
+#~ msgid "3)"
+#~ msgstr "3)"
+
+#~ msgid "Explicitly set MSS option to specified value."
+#~ msgstr "MSS オプションの値に指定した値を明示的に設定する。"
+
+#~ msgid "Automatically clamp MSS value to (path_MTU - 40)."
+#~ msgstr "自動的に、MSS 値を (path_MTU - 40) に強制する。"
+
+#~ msgid ""
+#~ "This is used to set the 8-bit Type of Service field in the IP header. It "
+#~ "is only valid in the B<mangle> table."
+#~ msgstr ""
+#~ "IP ヘッダーの 8 ビットの Type of Service フィールドを設定するために使われ"
+#~ "る。 B<mangle> テーブルのみで有効である。"
+
+#~ msgid "You can use a numeric TOS values, or use"
+#~ msgstr "TOS を番号で指定することができる。 また、"
+
+#~ msgid "to see the list of valid TOS names."
+#~ msgstr ""
+#~ "を実行して得られる、使用可能な TOS 名の一覧にある TOS 名も指定できる。"
+
+#~ msgid "ip6tables-save - Save IPv6 Tables"
+#~ msgstr "ip6tables-save - IPv6 テーブルを保存する"
+
+#~ msgid "iptables-save - Save IP Tables"
+#~ msgstr "iptables-save - IP テーブルを保存する"