Target Options - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

Hide thumbs Also See for ENTERPRISE LINUX 5 - DEPLOYMENT:
Table of Contents

Advertisement

• mac module — Enables hardware MAC address matching.
The mac module enables the following option:
• --mac-source — Matches a MAC address of the network interface card that sent the packet. To
exclude a MAC address from a rule, place an exclamation point character (!) after the --mac-
source match option.
Refer to the iptables man page for more match options available through modules.

43.9.3.5. Target Options

When a packet has matched a particular rule, the rule can direct the packet to a number of different
targets which determine the appropriate action. Each chain has a default target, which is used if none
of the rules on that chain match a packet or if none of the rules which match the packet specify a
target.
The following are the standard targets:
• <user-defined-chain> — A user-defined chain within the table. User-defined chain names must
be unique. This target passes the packet to the specified chain.
• ACCEPT — Allows the packet through to its destination or to another chain.
• DROP — Drops the packet without responding to the requester. The system that sent the packet is
not notified of the failure.
• QUEUE — The packet is queued for handling by a user-space application.
• RETURN — Stops checking the packet against rules in the current chain. If the packet with a RETURN
target matches a rule in a chain called from another chain, the packet is returned to the first chain to
resume rule checking where it left off. If the RETURN rule is used on a built-in chain and the packet
cannot move up to its previous chain, the default target for the current chain is used.
In addition, extensions are available which allow other targets to be specified. These extensions are
called target modules or match option modules and most only apply to specific tables and situations.
Section 43.9.3.4.4, "Additional Match Option Modules"
Refer to
option modules.
Many extended target modules exist, most of which only apply to specific tables or situations. Some of
the most popular target modules included by default in Red Hat Enterprise Linux are:
• LOG — Logs all packets that match this rule. Because the packets are logged by the kernel, the /
etc/syslog.conf file determines where these log entries are written. By default, they are placed
in the /var/log/messages file.
Additional options can be used after the LOG target to specify the way in which logging occurs:
• --log-level — Sets the priority level of a logging event. Refer to the syslog.conf man page
for a list of priority levels.
• --log-ip-options — Logs any options set in the header of an IP packet.
• --log-prefix — Places a string of up to 29 characters before the log line when it is written.
This is useful for writing syslog filters for use in conjunction with packet logging.
Command Options for IPTables
for more information about match
719

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ENTERPRISE LINUX 5 - DEPLOYMENT and is the answer not in the manual?

Questions and answers

Table of Contents