Manualshelf

Service manual

ManualsBrandsAvocent ManualsComputer equipmentCyclades ACS
31323334353637383940
Chapter 2: Network Configuration 27
Multiport extension
This module matches a set of source or destination ports. Up to 15 ports may be specified. It may
only be used in conjunction with -m tcp or -m udp.
Target extensions
Iptables may use extended target modules. The following are included in the standard distribution.
LOG extensions
Turn on kernel logging of matching packets. When this option is set for a rule, the Linux kernel
prints some information on all matching packets (like most IP header fields) via the kernel log.
REJECT (filter table only)
This is used to send back an error packet in response to the matched packet, otherwise it is
equivalent to DROP. This target is only valid in the INPUT, FORWARD and OUTPUT chains and
Table 2.14: Multiport Extensions
Multiport extension Description
--source-port [port[,port]] Match if the source port is one of the given ports.
--destination-port [port[,port]] Match if the destination port is one of the given ports.
--port [port[,port]] Match if the both the source and destination port are equal to each other
and to one of the given ports.
Table 2.15: LOG Extensions
LOG extension Description
--log-level level Level of logging (numeric or see syslog.conf(5)).
--log-prefix prefix Prefix log messages with the specified prefix; up to 29 letters long and useful
for distinguishing messages in the logs.
--log-tcp-sequence Log TCP sequence numbers. This is a security risk if the log is readable
by users.
--log-tcp-options Log options from the TCP packet header.
--log-ip-options Log options from the IP packet header.