Merge commit 'origin/trunk@12184' into fedora

[iptables.git] / trunk / extensions / libxt_CONNSECMARK.man

diff --git a/trunk/extensions/libxt_CONNSECMARK.man b/trunk/extensions/libxt_CONNSECMARK.man
new file mode 100644 (file)
index 0000000..b94353a
--- /dev/null
+++ b/trunk/extensions/libxt_CONNSECMARK.man
@@ -0,0 +1,15 @@
+This module copies security markings from packets to connections
+(if unlabeled), and from connections back to packets (also only
+if unlabeled).  Typically used in conjunction with SECMARK, it is
+only valid in the
+.B mangle
+table.
+.TP
+.B --save
+If the packet has a security marking, copy it to the connection
+if the connection is not marked.
+.TP
+.B --restore
+If the packet does not have a security marking, and the connection
+does, copy the security marking from the connection to the packet.
+