docs: tproxy: ignore non-transparent sockets in iptables

The iptables example was added in commit d2f26037 (netfilter: Add documentation for tproxy, 2008-10-08), but xt_socket 'transparent' option was added in commit a31e1ffd (netfilter: xt_socket: added new revision of the 'socket' match supporting flags, 2009-06-09). Now add the 'transparent' option to the iptables example to ignore non-transparent sockets, which is also consistent with the nft example. Signed-off-by: 谢致邦 (XIE Zhibang) <Yeking@Red54.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

docs: tproxy: ignore non-transparent sockets in iptables
The iptables example was added in commit d2f26037 (netfilter: Add documentation for tproxy, 2008-10-08), but xt_socket 'transparent' option was added in commit a31e1ffd (netfilter: xt_socket: added new revision of the 'socket' match supporting flags, 2009-06-09). Now add the 'transparent' option to the iptables example to ignore non-transparent sockets, which is also consistent with the nft example. Signed-off-by: 谢致邦 (XIE Zhibang) <Yeking@Red54.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
aa758763 · 谢致邦 (XIE Zhibang) · Pablo Neira Ayuso · 2cadd3b1 · aa758763
Commit aa758763 authored Sep 12, 2024 by 谢致邦 (XIE Zhibang) Committed by Pablo Neira Ayuso Sep 26, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

Documentation/networking/tproxy.rst Documentation/networking/tproxy.rst +1 -1

No files found.
--- a/Documentation/networking/tproxy.rst
+++ b/Documentation/networking/tproxy.rst
@@ -17,7 +17,7 @@ The idea is that you identify packets with destination address matching a local
 socket on your box, set the packet mark to a certain value::

    # iptables -t mangle -N DIVERT
-    # iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
+    # iptables -t mangle -A PREROUTING -p tcp -m socket --transparent -j DIVERT
    # iptables -t mangle -A DIVERT -j MARK --set-mark 1
    # iptables -t mangle -A DIVERT -j ACCEPT