Table of Contents
Advertisement
Enterprise Linux
iptables
Refer to the
iptables
It is also possible to direct a packet matching this rule to a user-defined chain outside of the
current chain so that other rules can be applied to the packet.
If no target is specified, the packet moves past the rule with no action taken. However, the
counter for this rule increases by one.
•
— Sets the outgoing network interface for a rule and may only be used with OUTPUT and
-o
FORWARD chains in the
tables. This parameter's options are the same as those of the incoming network interface
parameter (
).
-i
•
— Sets the IP protocol for the rule, which can be either
-p
every supported protocol. In addition, any protocols listed in
used. If this option is omitted when creating a rule, the
•
— Sets the source for a particular packet using the same syntax as the destination (
-s
parameter.
3.4.
Match Options
iptables
Different network protocols provide specialized matching options which can be configured to
match a particular packet using that protocol. However, the protocol must first be specified in
the
command. For example
iptables
the target protocol), makes options for the specified protocol available.
3.4.1. TCP Protocol
These match options are available for the TCP protocol (
•
— Sets the destination port for the packet. Use either a network service name (such
--dport
as
or
), port number, or range of port numbers to configure this option. To browse
www
smtp
the names and aliases of network services and the port numbers they use, view the
file. The
/etc/services
To specify a range of port numbers, separate the two numbers with a colon (
tcp --dport 3000:3200
Use an exclamation point character (
not use that network service or port.
•
— Sets the source port of the packet using the same options as
--sport
match option is synonymous with
--source-port
•
— Applies to all TCP packets designed to initiate communication, commonly called
--syn
SYN packets. Any packets that carry a data payload are not touched. Placing an exclamation
RPM package, such as
man page for more information about these and other targets.
table, and the POSTROUTING chain in the
filter
-p tcp <protocol-name>
--destination-port
. The largest acceptable valid range is
) after the
!
iptables
,
, and
LOG
MARK
REJECT
,
,
icmp
tcp
udp
/etc/protocols
option is the default.
all
(where
):
-p tcp
match option is synonymous with
0:65535
option to match all packets which do
--dport
.
--sport
Match Options
, among others.
and
nat
mangle
, or
, to match
all
may also be
)
-d
is
<protocol-name>
.
--dport
), such as
:
-p
.
. The
--dport
333
Advertisement
Table of Contents
