either in the traditional form (e.g., /255.255.255.0) or (Christian web host)
either in the traditional form (e.g., /255.255.255.0) or in the modern form (e.g., /24). The optional port specifies the TCP, UDP, or ICMP type that will match. You may supply a port specification only if you’ve supplied the -p parameter with one of the tcp, udp or icmp protocols. A colon can be used to indicate an inclusive range of ports or ICMP values to be used. (e.g., 20:25 for ports 20 through 25). If the first port parameter is missing, the default value is 0. If the second is omitted, the default value is 65535. -d [!] address[/mask] [!] [port], –destination [!] address[/mask] [port] Match packets with the destination address. The syntax for this command’s parameters is the same as for the -s option. -j target, –jump target Jump to a special target or a user-defined chain. If this option is not specified for a rule, matching the rule only increases the rule’s counters and the packet is tested against the next rule. -i [!] name, –interface name Match packets from interface name[+]. name is the network interface used by your system (e.g., eth0 or ppp0). A + can be used as a wildcard, so ppp+ would match any interface name beginning with ppp. [!] -f, [!]–fragment $PARAMETER The rule applies to everything but the first fragment of a fragmented packet. –source-port [!] port Match packets from the source port. The syntax for specifying ports can be found in the preceding description of the -s option. –destination-port [!] port Match packets with the destination port. The syntax for specifying ports can be found in the preceding description of the -s option. –icmp-type [!] type Match packets with ICMP type name or number of type. Options -b, –bidirectional Put rule in both the input and output chain so packets will be matched in both directions. -v, –verbose Verbose mode. -n, –numeric Print all IP address and port numbers in numeric form. By default, names are displayed when possible.