]>
Commit | Line | Data |
---|---|---|
2489d6df | 1 | `--dest` `<string>` :: |
696fb448 | 2 | |
c30bb419 | 3 | Restrict packet destination address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. |
696fb448 | 4 | |
2489d6df | 5 | `--dport` `<string>` :: |
696fb448 | 6 | |
c30bb419 | 7 | Restrict TCP/UDP destination port. You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with '\d+:\d+', for example '80:85', and you can use comma separated list to match several ports or ranges. |
696fb448 | 8 | |
4772952b TL |
9 | `--icmp-type` `<string>` :: |
10 | ||
c30bb419 | 11 | Specify icmp-type. Only valid if proto equals 'icmp'. |
4772952b | 12 | |
2489d6df | 13 | `--iface` `<string>` :: |
696fb448 | 14 | |
c30bb419 | 15 | Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings. |
696fb448 | 16 | |
95895385 TL |
17 | `--log` `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` :: |
18 | ||
19 | Log level for firewall rule. | |
20 | ||
2489d6df | 21 | `--proto` `<string>` :: |
696fb448 | 22 | |
c30bb419 | 23 | IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers, as defined in '/etc/protocols'. |
696fb448 | 24 | |
2489d6df | 25 | `--source` `<string>` :: |
696fb448 | 26 | |
c30bb419 | 27 | Restrict packet source address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. |
696fb448 | 28 | |
2489d6df | 29 | `--sport` `<string>` :: |
696fb448 | 30 | |
c30bb419 | 31 | Restrict TCP/UDP source port. You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with '\d+:\d+', for example '80:85', and you can use comma separated list to match several ports or ranges. |
696fb448 | 32 |