Linux with Operating System Concepts



Download 5,65 Mb.
Pdf ko'rish
bet193/254
Sana22.07.2022
Hajmi5,65 Mb.
#840170
1   ...   189   190   191   192   193   194   195   196   ...   254
Bog'liq
Linux-with-Operating-System-Concepts-Fox-Richard-CRC-Press-2014

Option
Meaning
Example
-m state --state 
value(s)
True if the message’s state matches the listed 
value(s) (see also Table 12.7)
-m state --state 
ESTABLISHED,RELATED
-p 
protocol
True if the message is of the given protocol 
(e.g., udp, tcp, and icmp)
-p tcp
-i 
interface
True if the message is received by the given 
interface
-i eth0
-o 
interface
True if the message is being sent over the 
given interface
-o lo
-s 
address
True if the message originated from the 
given IP address
-s 10.11.12.13
-s 10.11.0.0/16
-d 
address
True if the message is being sent to the 
given IP address
-d 172.19.31.141
--dport 
port
True if the message is intended to be 
received at the given port
--dport 431
--sport 
port
True if the message originated from the 
given port
--sport 22
--dports 
port1,port2,

True if the message is intended for any of 
the given ports
--dports 80,8080,443
--sports 
port1,port2,

True if the message originated from any of 
the given ports
--sports 67,68

514

Linux with Operating System Concepts
Each option comes with at least one parameter. For instance, with –s or –d, you would 
indicate one (or more) IP address. With --dport, you list one port and with --dports, you 
list multiple ports, separated by a comma.
The –m option is used to employ an additional 
matching module
. We saw in Table 12.6 
that one useful module is called 
state
that can be used to match the message to one 
or more possible states of interest such as 
NEW
or 
ESTABLISHED
. There are numerous 
other modules available as shown in Table 12.7. Each type of module has its own syntax 
to describe the criteria to match against. For instance, we might want to match this mes-
sage to the address type of the source sending the message. This might be a 
BROADCAST
device, a 
UNICAST
device, and so on. Therefore, we use a rule like
–A INPUT –m addrtype BROADCAST –j ACCEPT
One additional option of note is –g 
chain
. This option is not part of a rule’s criteria but 
instead specifies that if the rule applies, then rather than stopping, chaining should con-
tinue through the chain 
chain
.
TABLE 12.7 
Modules for Further iptables Rule Criteria

Download 5,65 Mb.

Do'stlaringiz bilan baham:
1   ...   189   190   191   192   193   194   195   196   ...   254



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish