Unterschiede
Filtern nach
Protokoll (tcp, udp, icmp,. . . )
source
destination
interface
TCP/UDP: sport (Source Port)
TCP/UDP: dport (Destination Port)
TCP: flags
ICMP: type
IP: fragment
OUT: uid, gid, pid
State: INVALID, NEW,
ESTABLISHED, RELATED
tos (type of service)
ttl
Protokoll (tcp, udp, icmp,. . . )
source
destination
interface
TCP/UDP: sport (Source Port)
TCP/UDP: dport (Destination Port)
TCP: nur syn flag
ICMP: type
IP: fragment
LOG (ohne Optionen)
ACCEPT
REJECT
(immer host-prohibited)
DENY
MASQ
REDIRECT (nur lokal zu port)
TOS-Maske
RETURN
LOG (pri,limit,messsage)
ACCEPT
REJECT (net-unreachable, host-unreachable,
port-unreachable, proto-unreachable,
net-prohibited, host-prohibited,
tcp-reset)
DROP
SNAT
DNAT (ip:port)
MASQUERADE
REDIRECT (port)
TOS
RETURN
Aktionen