Книга: Linux Network Administrator Guide, Second Edition

Parameters

Parameters

At least one of the following must be supplied. Use the parameters to specify to which datagrams this rule applies:

- P protocol

Can be TCP, UDP, ICMP, or all. Example:

- P tcp

- S address[/mask] [port]

Source IP address that this rule will match. A netmask of "/32" will be assumed if you don't supply one. You may optionally specify which ports this rule will apply to. You must also specify the protocol using the -P argument described above for this to work. If you don't specify a port or port range, "all" ports will be assumed to match. Ports may be specified by name, using their /etc/services entry if you wish. In the case of the ICMP protocol, the port field is used to indicate the ICMP datagram types. Port ranges may be described; use the general syntax: lowport:highport. Here is an example:

- S 172.29.16.1/24 ftp:ftp-data

- D address[/mask] [port]

Specify the destination IP address that this rule will match. The destination address is coded with the same rules as the source address described previously. Here is an example:

- D 172.29.16.1/24 smtp

- V address

Specify the address of the network interface on which the packet is received (-I) or is being sent (-O). This allows us to create rules that apply only to certain network interfaces on our machine. Here is an example:

- V 172.29.16.1

- W name

Specify the name of the network interface. This argument works in the same way as the -V argument, except you supply the device name instead of its address. Here is an example:

- W ppp0

Оглавление книги