Options Used Within; Commands - Red Hat ENTERPRISE LINUX 3 Reference Manual

iptables
Chapter 17.
Order matters when placing options in a rule. Previously, with
•
options did not matter. The
commands the protocol (ICMP, TCP, or UDP) must be specified before the source or destination
ports.
When specifying network interfaces to be used with a rule, you must only use incoming interfaces
•
( option) with INPUT or FORWARD chains and outgoing interfaces (
-i
or OUTPUT chains. This is necessary because OUTPUT chains are no longer used by incoming
interfaces, and INPUT chains are not seen by packets moving through outgoing interfaces.
This is not a comprehensive list of the changes, given that
network filter. For more specific information, refer to the Linux 2.4 Packet Filtering HOWTO found in
Section 17.7 Additional Resources.

17.3. Options Used within

Rules for filtering packets are put in place using the
command, the following aspects of the packet are most often used as criteria:
Packet Type — Specifies the type of packets the command filters.
•
Packet Source/Destination — Specifies which packets the command filters based on the source or
•
destination of the packet.
Target — Specifies what action is taken on packets matching the above criteria.
•
For more information on specific options which address these aspects of a packet, refer to Section
17.3.4 Match Options and Section 17.3.5 Target Options.
iptables
The options used with given
ditions of the overall rule, for the rule to be valid. The remainder of this section explains commonly-
used options for the
iptables
17.3.1. Structure of
Many commands have the following structure:
iptables
iptables [-t table-name ]
option-1
The
table-name
table to use with the command. The
such as appending or deleting the rule specified by the
are pairs of parameters and options that define what happens when a packet
chain-name
matches the rule.
When looking at the structure of an
most other commands, the length and complexity of an
purpose. A command to remove a rule from a chain can be very short, while a command designed to
filter packets from a particular subnet using a variety of specific parameters and options can be rather
lengthy. When creating
options may create the need for other parameters and options to further specify the previous option's
request. To construct a valid rule, this must continue until every parameter and option that requires
another set of options is satisfied.
Type
iptables -h
iptables
iptables
rule must be grouped logically, based on the purpose and con-
iptables
command.
Options
iptables
command
parameter-n
option allows the user to select a table other than the default
command
iptables
commands it is helpful to recognize that some parameters and
iptables
to view a comprehensive list of
command uses stricter syntax. For example, in
iptables

Commands

iptables
chain-name
option-n
option dictates a specific action to perform,
chain-name
command, it is important to remember that, unlike
iptables
iptables
, the order of the rule
ipchains
option) with FORWARD
-o
is a fundamentally rewritten
command. When using the
parameter-1
option. Following the
command can change based on its
command structures.
255
iptables
iptables
\
filter