-
-p(--protocol):- Specifies the protocol for the rule (e.g.,
tcp,udp,icmp, orallfor any protocol).
- Specifies the protocol for the rule (e.g.,
-
-s(--source):- Specifies the source IP address or network (e.g.,
192.168.1.1or192.168.1.0/24).
- Specifies the source IP address or network (e.g.,
-
-d(--destination):- Specifies the destination IP address or network.
-
-i(--in-interface):- Specifies the incoming network interface (e.g.,
eth0).
- Specifies the incoming network interface (e.g.,
-
-o(--out-interface):- Specifies the outgoing network interface.
-
-j(--jump):- Specifies the target of the rule, i.e., what action to take (
ACCEPT,DROP,REJECT,LOG, etc.).
- Specifies the target of the rule, i.e., what action to take (
-
-m(--match):- Allows the use of extended matches, which load additional modules (e.g.,
state,tcp,multiport,conntrack).
- Allows the use of extended matches, which load additional modules (e.g.,
-
-A(--append):- Appends a rule to a specific chain (e.g.,
INPUT,OUTPUT,FORWARD).
- Appends a rule to a specific chain (e.g.,
-
-I(--insert):- Inserts a rule at a specific position in a chain.
-
-D(--delete):- Deletes a specific rule from a chain.
-
-R(--replace):- Replaces a rule at a specific position in a chain.
-
-L(--list):- Lists all rules in a chain or all chains.
-
-v(--verbose):- Displays detailed information when listing rules.
-
-n(--numeric):- Displays IP addresses and port numbers in numeric format (avoiding DNS lookups).
-
-t(--table):- Specifies the table to which the command applies (e.g.,
filter,nat,mangle).
- Specifies the table to which the command applies (e.g.,
-
--sport(--source-port):- Specifies the source port (commonly used with
-p tcpor-p udp).
- Specifies the source port (commonly used with
-
--dport(--destination-port):- Specifies the destination port.
-
--state:- Used with the
statematch to specify connection states (e.g.,NEW,ESTABLISHED,RELATED).
- Used with the
-
-c(--set-counters):- Initializes packet and byte counters for a rule.
-
-g(--goto):- Jumps to a specific chain within the current table, similar to
-jbut doesn't return.
- Jumps to a specific chain within the current table, similar to
-
--uid-owner:- Matches packets based on the user ID of the process that generated them.
-
--gid-owner:- Matches packets based on the group ID of the process that generated them.
-
--limit:- Limits the packet match rate (e.g.,
--limit 5/sec).
- Limits the packet match rate (e.g.,
-
--log-prefix:- Used with the
LOGtarget to add a prefix to log messages.
- Used with the
-
--icmp-type:- Used with
-p icmpto specify the type of ICMP message.
- Used with
Last active
August 10, 2024 13:54
-
-
Save Dreamfarer/8a89a9223a9f651eb394a82b9ee12cfc to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment