Option List

-L

List rules

--line-numbers

Adds rule numbers with the list

-S

List rules and commands used in the background

-A

Append rule to bottom of list

-I

Insert rule above rule specified

-R

Replace specified rule

-P

Policy (change policy)

-D

Delete specified rule

-F

Flush rules

-i

Inbound interface

-o

Outbound interface

-s

Source IP

-d

Destination IP

-p

Protocol (tcp/udp/icmp)

--icmp-type

ICMP type/code

--sport

Source port

--dport

Destination port

--ports

Both ports

-m

Match

-j

Jump to target

ACCEPT

Accept traffic matching this rule

REJECT

Deny traffic matching this rule. Send ICMP type 3 message back to source.

DROP

Deny traffic matching this rule. No response.

DNAT

Change destination IP to ... (only on PREROUTING or INPUT)

SNAT

Change source IP to ... (only on POSTROUTING or OUTPUT)

MASQUERADE

Change source IP to outbound interface IP. Only on POSTROUTING or OUTPUT

--ctstate

conntrack

Used to maintain a connection tracking table.

state

Used to match packets based on their state in the connection tracking table.

Previousiptables NextGeneral Commands

Last updated 1 year ago

Was this helpful?