Generic Matches

-o – out-bound interface – matches on the interface on which the packet leaves
- Can only be used where it makes sense, i.e., on chains that have an outbound interface and their references, namely, OUTPUT, FORWARD, POSTROUTING (e.g., INPUT would not have an outbound interface) iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
- “+” is a wildcard iptables -A OUTPUT -o eth+ -p 17 –dport 53 -j ACCEPT

-o – out-bound interface – matches on the interface on which the packet leaves