.BR "--ahspi " "[!] \fIspi\fP[:\fIspi\fP]"
Matches SPI.
.TP
-.BR "--ahlen " "[!] \fIlength"
+[\fB!\fP] \fB--ahlen\fP \fIlength\fP
Total length of this header in octets.
.TP
.BI "--ahres"
This module matches the parameters in Destination Options header
.TP
-.BR "--dst-len " "[!] \fIlength"
+[\fB!\fP] \fB--dst-len\fP \fIlength\fP
Total length of this header in octets.
.TP
.BR "--dst-opts " "\fItype\fP[:\fIlength\fP][,\fItype\fP[:\fIlength\fP]...]"
Allows you to restrict the number of parallel connections to a server per
client IP address (or client address block).
.TP
-[\fB!\fR] \fB--connlimit-above \fIn\fR
+[\fB!\fP] \fB--connlimit-above\fP \fIn\fP
Match if the number of existing connections is (not) above \fIn\fR.
.TP
\fB--connlimit-mask\fR \fIprefix_length\fR
you to put a packet into any specific queue, identified by its 16-bit queue
number.
.TP
-.BR "--queue-num " "\fIvalue"
+\fB--queue-num\fP \fIvalue\fP
This specifies the QUEUE number to use. Valud queue numbers are 0 to 65535. The default value is 0.
.TP
It can only be used with Kernel versions 2.6.14 or later, since it requires
The transfered bytes per connection can also be viewed through
/proc/net/ip_conntrack and accessed via ctnetlink
.TP
-[\fB!\fR]\fB --connbytes \fIfrom\fB:\fR[\fIto\fR]
+[\fB!\fP] \fB--connbytes\fP \fIfrom\fP[\fB:\fR\fIto\fP]
match packets from a connection whose packets/bytes/average packet
size is more than FROM and less than TO bytes/packets. if TO is
omitted only FROM check is done. "!" is used to match packets not
.TP
-\fB--source-port\fR,\fB--sport \fR[\fB!\fR] \fIport\fR[\fB:\fIport\fR]
+[\fB!\fP] \fB--source-port\fP,\fB--sport\fP \fIport\fP[\fB:\fP\fIport\fP]
.TP
-\fB--destination-port\fR,\fB--dport \fR[\fB!\fR] \fIport\fR[\fB:\fIport\fR]
+[\fB!\fP] \fB--destination-port\fP,\fB--dport\fP \fIport\fP[\fB:\fP\fIport\fP]
.TP
\fB--dccp-types\fR [\fB!\fR] \fImask\fP
Match when the DCCP packet type is one of 'mask'. 'mask' is a comma-separated
.TP
-\fB--source-port\fR,\fB--sport \fR[\fB!\fR] \fIport\fR[\fB:\fIport\fR]
+[\fB!\fP] \fB--source-port\fP,\fB--sport\fP \fIport\fP[\fB:\fP\fIport\fP]
.TP
-\fB--destination-port\fR,\fB--dport \fR[\fB!\fR] \fIport\fR[\fB:\fIport\fR]
+[\fB!\fP] \fB--destination-port\fP,\fB--dport\fP \fIport\fP[\fB:\fP\fIport\fP]
.TP
-\fB--chunk-types\fR [\fB!\fR] \fBall\fR|\fBany\fR|\fBonly \fIchunktype\fR[\fB:\fIflags\fR] [...]
+[\fB!\fP] \fB--chunk-types\fP {\fBall\fP|\fBany\fP|\fBonly\fP} \fIchunktype\fP[\fB:\fP\fIflags\fP] [...]
The flag letter in upper case indicates that the flag is to match if set,
in the lower case indicates to match if unset.
specified values. The specification of what to extract is general enough to
find data at given offsets from tcp headers or payloads.
.TP
-[\fB!\fR]\fB --u32 \fItests\fR
+[\fB!\fP] \fB--u32\fP \fItests\fP
The argument amounts to a program in a small language described below.
.IP
tests := location "=" value | tests "&&" location "=" value
projects / thirdparty / iptables.git / commitdiff
