auser
2017-06-03 22:07:55 +08:00
网上找资料不如读文档。
iptables-extensions(8) iptables 1.6.0 iptables-extensions(8)
NAME
iptables-extensions — list of extensions in the standard iptables distribution
SYNOPSIS
ip6tables [-m name [module-options...]] [-j target-name [target-options...]
iptables [-m name [module-options...]] [-j target-name [target-options...]
MATCH EXTENSIONS
iptables can use extended packet matching modules with the -m or --match options, followed by the matching module name; after these, various extra command line options become available, depending on the specific module. You can specify multiple extended match modules in one line, and you can use the -h or --help options after the module has been specified to receive help specific to that module. The extended match modules are evaluated in the order they are specified in the rule.
--------------------------
If the -p or --protocol was specified and if and only if an unknown option is encountered, iptables will try load a match module of the same name as the protocol, to try making the option available.
--------------------------
tcp
These extensions can be used if `--protocol tcp' is specified. It provides the following options:
udp
These extensions can be used if `--protocol udp' is specified. It provides the following options: