Red Hat ENTERPRISE LINUX 3 Reference Manual page 277
Hide thumbs
Also See for ENTERPRISE LINUX 3:
- Manual (410 pages) ,
- System administration manual (348 pages) ,
- Administration manual (200 pages)
Table of Contents
Advertisement
iptables
Chapter 17.
17.3.4.3. ICMP Protocol
The following match options are available for the Internet Control Message Protocol (ICMP) (
):
icmp
— Sets the name or number of the ICMP type to match with the rule. A list of valid
•
--icmp-type
ICMP names can be retrieved by typing the
17.3.4.4. Additional Match Option Modules
Additional match options are also available through modules loaded by the
To use a match option module, load the module by name using the
(replacing
module-name
A large number of modules are available by default. It is even possible to create modules that provide
additional functionality.
The following is a partial list of the most commonly used modules:
module — Places limits on how many packets are matched to a particular rule. This is espe-
•
limit
cially beneficial when used in conjunction with the
packets from filling up the system log with repetitive messages or using up system resources. Refer
to Section 17.3.5 Target Options for more information about the
The
module enables the following options:
limit
— Sets the number of matches for a particular range of time, specified with a number
--limit
•
and time modifier arranged in a
only lets a rule match
5/hour
If a number and time modifier are not used, the default value of
--limit-burst
•
option should be used in conjunction with the
the burst threshold.
If no number is specified, only five packets are initially able to match the rule.
module — Enables state matching.
•
state
The
module enables the following options:
state
— match a packet with the following connection states:
--state
•
ESTABLISHED
•
nection.
— The matching packet cannot be tied to a known connection.
INVALID
•
— The matching packet is either creating a new connection or is part of a two-way con-
NEW
•
nection not previously seen.
— The matching packet is starting a new connection related in some way to an
RELATED
•
existing connection.
These connection states can be used in combination with one another by separating them with
commas, such as
module — Enables hardware MAC address matching.
•
mac
The
module enables the following option:
mac
module-name with the name of the module).
number / time
times in a single hour.
5
— Sets a limit on the number of packets able to match a rule at one time. This
— The matching packet is associated with other packets in an established con-
-m state --state INVALID,NEW
iptables -p icmp -h
target as it can prevent a flood of matching
LOG
format. For example, using
option, and it accepts a number to set
--limit
.
command.
iptables
option, such as
-m
target.
LOG
is assumed.
3/hour
259
-p
command.
-m
--limit
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 3
Related Products for Red Hat ENTERPRISE LINUX 3
- Red Hat ENTERPRISE LINUX 3 - FOR IBM ESERVER ISERIES AND IBM ESERVER PSERIES
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
- Red Hat LINUX 7.1 - ISERIES
- Red Hat Enterprise Linux 2.1
- Red Hat ENTERPRISE LINUX 5 - VIRTUAL SERVER ADMINISTRATION
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
Need help?
Do you have a question about the ENTERPRISE LINUX 3 and is the answer not in the manual?