syn", the sense of the option is inverted.
--tcp-option [!] number
Match if TCP option set.
--mss value[:value]
Match TCP SYN or SYN/ACK packets with the specified MSS value (or range), which control the
maximum packet size for that connection.
udp
These extensions are loaded if `--protocol udp' is specified. It provides the following options:
--source-port [!] port[:port]
Source port or port range specification. See the description of the --source-port option of the TCP
extension for details.
--destination-port [!] port[:port]
Destination port or port range specification. See the description of the --destination-port option of
the TCP extension for details.
icmp
This extension is loaded if `--protocol icmp' is specified. It provides the following option:
--icmp-type [!] typename
This allows specification of the ICMP type, which can be a numeric ICMP type, or one of the
ICMP type names shown by the command
iptables -p icmp -h
mac
--mac-source [!] address
Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note that this only
makes sense for packets coming from an Ethernet device and entering the PREROUTING,
FORWARD or INPUT chains.
http://www.iptablesrocks.org/syntax/man_iptables.htm (7 of 20) [2/13/2004 8:04:51 PM]
To Next Page
Loading...