]>
Commit | Line | Data |
---|---|---|
696fb448 DM |
1 | `-dest` `string` :: |
2 | ||
de0983cb | 3 | Restrict packet destination address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. |
696fb448 DM |
4 | |
5 | `-dport` `string` :: | |
6 | ||
de0983cb | 7 | Restrict TCP/UDP destination port. You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with '\d+:\d+', for example '80:85', and you can use comma separated list to match several ports or ranges. |
696fb448 DM |
8 | |
9 | `-iface` `string` :: | |
10 | ||
de0983cb | 11 | Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings. |
696fb448 DM |
12 | |
13 | `-proto` `string` :: | |
14 | ||
de0983cb | 15 | IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers, as defined in '/etc/protocols'. |
696fb448 DM |
16 | |
17 | `-source` `string` :: | |
18 | ||
de0983cb | 19 | Restrict packet source address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. |
696fb448 DM |
20 | |
21 | `-sport` `string` :: | |
22 | ||
de0983cb | 23 | Restrict TCP/UDP source port. You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with '\d+:\d+', for example '80:85', and you can use comma separated list to match several ports or ranges. |
696fb448 | 24 |