--- /dev/null
+`-dest` `string` ::
+
+Restrict packet destination address. This can refer to a single IP address,
+an IP set ('+ipsetname') or an IP alias definition. You can also specify an
+address range like '20.34.101.207-201.3.9.99', or a list of IP addresses
+and networks (entries are separated by comma). Please do not mix IPv4 and
+IPv6 addresses inside such lists.
+
+`-dport` `string` ::
+
+Restrict TCP/UDP destination port. You can use service names or simple
+numbers (0-65535), as defined in '/etc/services'. Port ranges can be
+specified with '\d+:\d+', for example '80:85', and you can use comma
+separated list to match several ports or ranges.
+
+`-iface` `string` ::
+
+Network interface name. You have to use network configuration key names for
+VMs and containers ('net\d+'). Host related rules can use arbitrary
+strings.
+
+`-proto` `string` ::
+
+IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers, as
+defined in '/etc/protocols'.
+
+`-source` `string` ::
+
+Restrict packet source address. This can refer to a single IP address, an
+IP set ('+ipsetname') or an IP alias definition. You can also specify an
+address range like '20.34.101.207-201.3.9.99', or a list of IP addresses
+and networks (entries are separated by comma). Please do not mix IPv4 and
+IPv6 addresses inside such lists.
+
+`-sport` `string` ::
+
+Restrict TCP/UDP source port. You can use service names or simple numbers
+(0-65535), as defined in '/etc/services'. Port ranges can be specified with
+'\d+:\d+', for example '80:85', and you can use comma separated list to
+match several ports or ranges.
+
projects / pve-docs.git / blobdiff