Manualshelf

Service manual

ManualsBrandsAvocent ManualsComputer equipmentCyclades ACS
31323334353637383940
Chapter 2: Network Configuration 23
Rule specification
The following parameters define a rule specification as used in the add, delete, insert, replace and
append commands.
-L --list List all rules in the selected chain. If no chain is selected, all chains are listed. It is
legal to specify the -Z (zero) option as well, in which case the chain(s) are
automatically listed and zeroed. The exact output is affected by the other
arguments given.
-F --flush Flush the selected chain. This is equivalent to deleting all the rules one-by-one.
-Z --zero Zero the packet and byte counters in all chains. It is legal to specify the -L, --list (list)
option as well, to see the counters immediately before they are cleared.
-N --new-chain New chain. Create a new user-defined chain by the given name. There must be no
target of that name already.
-X --delete-chain Delete the specified user-defined chain. There must be no references to the chain. If
there are, you must delete or replace the referring rules before the chain may be
deleted. If no argument is given, it attempts to delete every non-built-in chain in the
table.
-P --policy Set the policy for the chain to the given target. Only non-user-defined chains may
have policies and neither built-in nor user-defined chains may be policy targets.
-E --rename-chain Rename the user-specified chain to the user-supplied name. This is cosmetic and
has no effect on the structure of the table.
-h --help Help. Gives a very brief description of the command syntax.
Table 2.10: iptables Rules Specifications
Parameter Description
-p - -protocol[!]protocol
The protocol of the rule or of the packet to check. The specified protocol may be one of TCP,
UDP, ICMP (ICMPv6 for IPv6 configurations), ESP (IPv6 only), all, or it may be a numeric
value, representing one of these protocols or a different one. A protocol name from
/etc/protocols is also allowed. A ! argument before the protocol inverts the test. The number
zero is equivalent to all. Protocol all matches with all protocols and is taken as default when
this option is omitted.
-s - -source[!]address[/mask]
Source specification. Address may be either a hostname, a network name or a plain IP
address. The mask may be either a network mask or a plain number, specifying the number
of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.0.
A ! argument before the address specification inverts the sense of the address. The flag - -src
is a convenient alias for this option.
Table 2.9: iptables Commands Options (Continued)
Command Description