Jonas Berlin | f33c461 | 2005-04-01 06:54:23 +0000 | [diff] [blame] | 1 | .TP |
| 2 | \fB--source-port\fR,\fB--sport \fR[\fB!\fR] \fIport\fR[\fB:\fIport\fR] |
| 3 | .TP |
| 4 | \fB--destination-port\fR,\fB--dport \fR[\fB!\fR] \fIport\fR[\fB:\fIport\fR] |
| 5 | .TP |
| 6 | \fB--chunk-types\fR [\fB!\fR] \fBall\fR|\fBany\fR|\fBonly \fIchunktype\fR[\fB:\fIflags\fR] [...] |
| 7 | The flag letter in upper case indicates that the flag is to match if set, |
| 8 | in the lower case indicates to match if unset. |
| 9 | |
| 10 | Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE ASCONF ASCONF_ACK |
| 11 | |
| 12 | chunk type available flags |
| 13 | .br |
| 14 | DATA U B E u b e |
| 15 | .br |
| 16 | ABORT T t |
| 17 | .br |
| 18 | SHUTDOWN_COMPLETE T t |
| 19 | |
| 20 | (lowercase means flag should be "off", uppercase means "on") |
| 21 | .P |
| 22 | Examples: |
| 23 | |
| 24 | iptables -A INPUT -p sctp --dport 80 -j DROP |
| 25 | |
| 26 | iptables -A INPUT -p sctp --chunk-types any DATA,INIT -j DROP |
| 27 | |
| 28 | iptables -A INPUT -p sctp --chunk-types any DATA:Be -j ACCEPT |