[!] -i, --in-interface name
Name of an interface via which a packet was received (only for packets entering the INPUT, FORWARD
and PREROUTING chains). When the "!" argument is used before the interface name, the sense is
inverted. If the interface name ends in a "+", then any interface which begins with this name
will match. If this option is omitted, any interface name will match.
|
[!] -s, --source address[/mask][,...]
Source specification. Address can be either a network name, a hostname, a network IP address (with
/mask), or a plain IP address. Hostnames will be resolved once only, before the rule is submitted
to the kernel. Please note that specifying any name to be resolved with a remote query such as
DNS is a really bad idea. The mask can be either a network mask or a plain number, specifying the
number of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent to
255.255.255.0. A "!" argument before the address specification inverts the sense of the address.
The flag --src is an alias for this option. Multiple addresses can be specified, but this will
expand to multiple rules (when adding with -A), or will cause multiple rules to be deleted (with
-D).
|
-j, --jump target
This specifies the target of the rule; i.e., what to do if the packet matches it. The target can
be a user-defined chain (other than the one this rule is in), one of the special builtin targets
which decide the fate of the packet immediately, or an extension (see EXTENSIONS below). If this
option is omitted in a rule (and -g is not used), then matching the rule will have no effect on
the packet's fate, but the counters on the rule will be incremented.
|