|
|
|
@ -79,6 +79,48 @@ at the command line. See the __\-\-config-file__ option below for details. |
|
|
|
Optional and defaults to zero. |
|
|
|
If in-kernel operation is not desired, a negative number can be specified. |
|
|
|
|
|
|
|
- __\-\-nftables-chain=__*CHAIN* |
|
|
|
|
|
|
|
Name of the netfilter chain in which to create the custom forwarding rule |
|
|
|
required for in-kernel packet forwarding. Defaults to __rtpengine__. Only |
|
|
|
used if in-kernel packet forwarding is enabled (__table__ set to zero or |
|
|
|
higher). |
|
|
|
|
|
|
|
At startup __rtpengine__ creates a new netfilter chain with this name (in |
|
|
|
the __filter__ table) if it doesn't yet exist, or flushes (empties out) |
|
|
|
the chain if it already exists. It then creates a single forwarding rule in |
|
|
|
this chain to direct media packets into the kernel module for processing. |
|
|
|
|
|
|
|
The rule and the chain are deleted during shutdown. |
|
|
|
|
|
|
|
Explicitly setting this option to an empty string disables managing of a |
|
|
|
netfilter chain and prevents creation of the custom forwarding rule. |
|
|
|
|
|
|
|
- __\-\-nftables-base-chain=__*CHAIN* |
|
|
|
|
|
|
|
Name of the netfilter base chain to use as entry point for in-kernel packet |
|
|
|
forwarding. Defaults to __INPUT__ to match legacy __iptables__ setups. Only |
|
|
|
applicable if the option __nftables-chain__ is active. |
|
|
|
|
|
|
|
If the chain with this name doesn't exist during startup, __rtpengine__ |
|
|
|
will create it as a base chain. It then adds a single immediate-goto (jump) |
|
|
|
rule to the chain given by the __nftables-chain__ option. During shutdown |
|
|
|
this rule is again deleted. |
|
|
|
|
|
|
|
If this option is explicitly set to an empty string, then __rtpengine__ |
|
|
|
will directly create the chain given by __nftables-chain__ as a base chain |
|
|
|
and skip creating the immediate-goto rule. |
|
|
|
|
|
|
|
- __\-\-nftables-start__ |
|
|
|
- __\-\-nftables-stop__ |
|
|
|
|
|
|
|
Instructs __rtpengine__ to execute the actions described under |
|
|
|
__nftables-chain__ and __nftables-base-chain__ and then immediately exit. |
|
|
|
Useful to manually re-create the rule(s) if they have gotten lost during |
|
|
|
runtime, and/or to manually manage creation and deletion of these rules |
|
|
|
from a script (typically in combination with an empty __nftables-chain=__ |
|
|
|
in the main config file). |
|
|
|
|
|
|
|
- __-F__, __\-\-no-fallback__ |
|
|
|
|
|
|
|
Will prevent fallback to userspace-only operation if the kernel module is |
|
|
|
|
Richard Fuchs
2 years ago