1The CT target allows to set parameters for a packet or its associated 2connection. The target attaches a "template" connection tracking entry to 3the packet, which is then used by the conntrack core when initializing 4a new ct entry. This target is thus only valid in the "raw" table. 5.TP 6\fB\-\-notrack\fP 7Disables connection tracking for this packet. 8.TP 9\fB\-\-helper\fP \fIname\fP 10Use the helper identified by \fIname\fP for the connection. This is more 11flexible than loading the conntrack helper modules with preset ports. 12.TP 13\fB\-\-ctevents\fP \fIevent\fP[\fB,\fP...] 14Only generate the specified conntrack events for this connection. Possible 15event types are: \fBnew\fP, \fBrelated\fP, \fBdestroy\fP, \fBreply\fP, 16\fBassured\fP, \fBprotoinfo\fP, \fBhelper\fP, \fBmark\fP (this refers to 17the ctmark, not nfmark), \fBnatseqinfo\fP, \fBsecmark\fP (ctsecmark). 18.TP 19\fB\-\-expevents\fP \fIevent\fP[\fB,\fP...] 20Only generate the specified expectation events for this connection. 21Possible event types are: \fBnew\fP. 22.TP 23\fB\-\-zone-orig\fP {\fIid\fP|\fBmark\fP} 24For traffic coming from ORIGINAL direction, assign this packet to zone 25\fIid\fP and only have lookups done in that zone. If \fBmark\fP is used 26instead of \fIid\fP, the zone is derived from the packet nfmark. 27.TP 28\fB\-\-zone-reply\fP {\fIid\fP|\fBmark\fP} 29For traffic coming from REPLY direction, assign this packet to zone 30\fIid\fP and only have lookups done in that zone. If \fBmark\fP is used 31instead of \fIid\fP, the zone is derived from the packet nfmark. 32.TP 33\fB\-\-zone\fP {\fIid\fP|\fBmark\fP} 34Assign this packet to zone \fIid\fP and only have lookups done in that zone. 35If \fBmark\fP is used instead of \fIid\fP, the zone is derived from the 36packet nfmark. By default, packets have zone 0. This option applies to both 37directions. 38.TP 39\fB\-\-timeout\fP \fIname\fP 40Use the timeout policy identified by \fIname\fP for the connection. This is 41provides more flexible timeout policy definition than global timeout values 42available at /proc/sys/net/netfilter/nf_conntrack_*_timeout_*. 43