Table of Contents
Advertisement
The following match options are available for the Internet Control Message Protocol (ICMP) (
):
icmp
•
— Sets the name or number of the ICMP type to match with the rule. A list of
--icmp-type
valid ICMP names can be retrieved by typing the
3.4.4. Additional Match Option Modules
Additional match options are also available through modules loaded by the
To use a match option module, load the module by name using the
(replacing
<module-name>
A large number of modules are available by default. It is even possible to create modules that
provide additional functionality.
The following is a partial list of the most commonly used modules:
•
module — Places limits on how many packets are matched to a particular rule. This is
limit
especially beneficial when used in conjunction with the
matching packets from filling up the system log with repetitive messages or using up system
resources. Refer to
The
module enables the following options:
limit
•
— Sets the number of matches for a particular range of time, specified with a
--limit
number and time modifier arranged in a
--limit 5/hour
If a number and time modifier are not used, the default value of
•
— Sets a limit on the number of packets able to match a rule at one time.
--limit-burst
This option should be used in conjunction with the
to set the burst threshold.
If no number is specified, only five packets are initially able to match the rule.
•
module — Enables state matching.
state
The
module enables the following options:
state
•
— match a packet with the following connection states:
--state
•
— The matching packet is associated with other packets in an established
ESTABLISHED
connection.
•
— The matching packet cannot be tied to a known connection.
INVALID
•
— The matching packet is either creating a new connection or is part of a two-way
NEW
with the name of the module).
<module-name>
Section 3.5, "Target Options"
only lets a rule match
iptables -p icmp -h
target as it can prevent a flood of
LOG
for more information about the
format. For example, using
<number>/<time>
times in a single hour.
5
option, and it accepts a number
--limit
Match Options
iptables
command.
command.
iptables
option, such as
-m
-m
target.
LOG
is assumed.
3/hour
-p
335
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 4.5.0
Related Products for Red Hat ENTERPRISE LINUX 4.5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
- Red Hat ENTERPRISE LINUX 4 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
- Red Hat LINUX 7.1 - ISERIES
- Red Hat Enterprise Linux 2.1
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE