Generic Matches

-i – in-bound interface – matches on the interface on which the packet comes in
- Can only be used where it makes sense, i.e., on chains that have an inbound interface and their references, namely, INPUT, FORWARD, PREROUTING (e.g., OUTPUT would not have an inbound interface) iptables -A INPUT -i eth0 -j DROP
- “+” is a wildcard iptables -A FORWARD -i ipsec+ -j ACCEPT

-i – in-bound interface – matches on the interface on which the packet comes in