]>
Commit | Line | Data |
---|---|---|
696fb448 DM |
1 | `-dest` `string` :: |
2 | ||
3 | Restrict packet destination address. This can refer to a single IP address, | |
4 | an IP set ('+ipsetname') or an IP alias definition. You can also specify an | |
5 | address range like '20.34.101.207-201.3.9.99', or a list of IP addresses | |
6 | and networks (entries are separated by comma). Please do not mix IPv4 and | |
7 | IPv6 addresses inside such lists. | |
8 | ||
9 | `-dport` `string` :: | |
10 | ||
11 | Restrict TCP/UDP destination port. You can use service names or simple | |
12 | numbers (0-65535), as defined in '/etc/services'. Port ranges can be | |
13 | specified with '\d+:\d+', for example '80:85', and you can use comma | |
14 | separated list to match several ports or ranges. | |
15 | ||
16 | `-iface` `string` :: | |
17 | ||
18 | Network interface name. You have to use network configuration key names for | |
19 | VMs and containers ('net\d+'). Host related rules can use arbitrary | |
20 | strings. | |
21 | ||
22 | `-proto` `string` :: | |
23 | ||
24 | IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers, as | |
25 | defined in '/etc/protocols'. | |
26 | ||
27 | `-source` `string` :: | |
28 | ||
29 | Restrict packet source address. This can refer to a single IP address, an | |
30 | IP set ('+ipsetname') or an IP alias definition. You can also specify an | |
31 | address range like '20.34.101.207-201.3.9.99', or a list of IP addresses | |
32 | and networks (entries are separated by comma). Please do not mix IPv4 and | |
33 | IPv6 addresses inside such lists. | |
34 | ||
35 | `-sport` `string` :: | |
36 | ||
37 | Restrict TCP/UDP source port. You can use service names or simple numbers | |
38 | (0-65535), as defined in '/etc/services'. Port ranges can be specified with | |
39 | '\d+:\d+', for example '80:85', and you can use comma separated list to | |
40 | match several ports or ranges. | |
41 |