Manualshelf

Service manual

ManualsBrandsAvocent ManualsComputer equipmentCyclades ACS
31323334353637383940
24 Cyclades ACS 5000 Advanced Console Server Command Reference Guide
-d - -destination[!]address[/mask]
Destination specification. See the description of the -s (source) flag for a detailed description
of the syntax. The flag - -dst is an alias for this option.
-j - - jump target
This specifies the target of the rule, for example, what to do if the packet matches it. The
target may be a user-defined chain (other than the one this rule is in), one of the special built-
in targets which decide the fate of the packet immediately, or an extension, see Match
extensions. If this option is omitted in a rule, then matching the rule has no effect on the
packet's fate, but the counters on the rule is incremental. The special built-in targets are:
ACCEPT means to let the packet through.
DROP means to drop the packet on the floor.
QUEUE means to pass the packet to userspace (if supported by the kernel).
RETURN means stop traversing this chain and resume at the next rule in the previous
(calling) chain. If the end of a built-in chain is reached or a rule in a built-in chain with
target RETURN is matched, the target specified by the chain policy determines the fate of
the packet.
-i - -in-interface[!][name]
Optional name of an interface via which a packet is received (for packets entering the INPUT
and FORWARD chains). When the ! argument is used before the interface name, the sense
is inverted. If the interface name ends in a plus (+) then any interface which begins with this
name matches. If this option is omitted, the string plus (+) is assumed, which matches with
any interface name.
-o - -out-interface[!][name]
Optional name of an interface via which a packet is going to be sent (for packets entering the
FORWARD and OUTPUT chains). When the ! argument is used before the interface name,
the sense is inverted. If the interface name ends in a plus (+) then any interface which begins
with this name matches. If this option is omitted, the string plus (+) is assumed, which
matches with any interface name.
[!] -f - -fragment
This means that the rule only refers to second and further fragments of fragmented packets.
Since there is no way to tell the source or destination ports of such a packet (or
ICMP/ICMPv6 type), such a packet does not match any rules which specify them. When the !
argument precedes the -f flag, the rule only matches head fragments, or unfragmented
packets.
-c - -set-counters PKTS BYTES
This enables the administrater to initialize the packet and byte counters of a rule (during
INSERT, APPEND, REPLACE operations).
-v - -verbose
Verbose output. This option makes the list command show the interface address, the rule
options, if any and the TOS masks. The packet and byte counters are also listed with the
suffix K, M or G for 1000, 1,000,000 and 1,000,000,000 multipliers respectively (see the -x
flag to change this). For appending, insertion, deletion and replacement, this causes detailed
information on the rule or rules to be printed.
Table 2.10: iptables Rules Specifications (Continued)
Parameter Description