First page Back Continue Last page Overview Graphics
Matches
Major matches are preceded by a single dash “-”
Submatches are preceded by a double dash “--”
Protocol would be a major match with submatches of destination port, source port or icmp type
iptables -A FORWARD -p 6 –dport 23 -j DROP
iptables -I FORWARD 5 -p 1 –icmp-type 8 -m state –state NEW -j ACCEPT
Matches can be negated with “!”, e.g.,
iptables -A INPUT -s ! 6.5.4.0/24 -j DROP
drops all packets NOT from the 6.5.4.0 network
Notes: