diff options
Diffstat (limited to 'extensions/libxt_tcp.man')
-rw-r--r-- | extensions/libxt_tcp.man | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/extensions/libxt_tcp.man b/extensions/libxt_tcp.man index 9b4ed599..8f39cdb8 100644 --- a/extensions/libxt_tcp.man +++ b/extensions/libxt_tcp.man @@ -1,7 +1,7 @@ -These extensions can be used if `--protocol tcp' is specified. It +These extensions can be used if `\-\-protocol tcp' is specified. It provides the following options: .TP -[\fB!\fP] \fB--source-port\fP,\fB--sport\fP \fIport\fP[\fB:\fP\fIport\fP] +[\fB!\fP] \fB\-\-source\-port\fP,\fB\-\-sport\fP \fIport\fP[\fB:\fP\fIport\fP] Source port or port range specification. This can either be a service name or a port number. An inclusive range can also be specified, using the format \fIport\fP\fB:\fP\fIport\fP. @@ -9,15 +9,15 @@ If the first port is omitted, "0" is assumed; if the last is omitted, "65535" is assumed. If the second port is greater than the first they will be swapped. The flag -.B --sport +\fB\-\-sport\fP is a convenient alias for this option. .TP -[\fB!\fP] \fB--destination-port\fP,\fB--dport\fP \fIport\fP[\fB,\fP\fIport\fP] +[\fB!\fP] \fB\-\-destination\-port\fP,\fB\-\-dport\fP \fIport\fP[\fB,\fP\fIport\fP] Destination port or port range specification. The flag -.B --dport +\fB\-\-dport\fP is a convenient alias for this option. .TP -[\fB!\fP] \fB--tcp-flags\fP \fImask\fP \fIcomp\fP +[\fB!\fP] \fB\-\-tcp\-flags\fP \fImask\fP \fIcomp\fP Match when the TCP flags are as specified. The first argument \fImask\fP is the flags which we should examine, written as a comma-separated list, and the second argument \fIcomp\fP is a comma-separated list of flags which must be @@ -25,20 +25,20 @@ set. Flags are: .BR "SYN ACK FIN RST URG PSH ALL NONE" . Hence the command .nf - iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN + iptables \-A FORWARD \-p tcp \-\-tcp\-flags SYN,ACK,FIN,RST SYN .fi will only match packets with the SYN flag set, and the ACK, FIN and RST flags unset. .TP -[\fB!\fP] \fB--syn\fP +[\fB!\fP] \fB\-\-syn\fP Only match TCP packets with the SYN bit set and the ACK,RST and FIN bits cleared. Such packets are used to request TCP connection initiation; for example, blocking such packets coming in an interface will prevent incoming TCP connections, but outgoing TCP connections will be unaffected. -It is equivalent to \fB--tcp-flags SYN,RST,ACK,FIN SYN\fP. -If the "!" flag precedes the "--syn", the sense of the +It is equivalent to \fB\-\-tcp\-flags SYN,RST,ACK,FIN SYN\fP. +If the "!" flag precedes the "\-\-syn", the sense of the option is inverted. .TP -[\fB!\fP] \fB--tcp-option\fP \fInumber\fP +[\fB!\fP] \fB\-\-tcp\-option\fP \fInumber\fP Match if TCP option set. |