path: root/iptables/
diff options
authorJan Engelhardt <>2011-12-18 02:44:05 +0100
committerJan Engelhardt <>2011-12-18 02:44:07 +0100
commit70af559db7732b6e06a57fca3611c86c6fa5dc00 (patch)
tree6263eff622218c55ce1dc0e839964aa8c76533a3 /iptables/
parent3964023f8640b60456373825b326b91badd7a058 (diff)
doc: clarification on the meaning of -p 0
Signed-off-by: Jan Engelhardt <>
Diffstat (limited to 'iptables/')
1 files changed, 7 insertions, 3 deletions
diff --git a/iptables/ b/iptables/
index 24618b7b..59d6e040 100644
--- a/iptables/
+++ b/iptables/
@@ -356,15 +356,19 @@ corresponding to that rule's position in the chain.
When adding or inserting rules into a chain, use \fIcommand\fP
to load any necessary modules (targets, match extensions, etc).
-iptables can use extended packet matching modules. These are loaded
-in two ways: implicitly, when \fB\-p\fP or \fB\-\-protocol\fP
-is specified, or with the \fB\-m\fP or \fB\-\-match\fP
+iptables can use extended packet matching modules
+with the \fB\-m\fP or \fB\-\-match\fP
options, followed by the matching module name; after these, various
extra command line options become available, depending on the specific
module. You can specify multiple extended match modules in one line,
and you can use the \fB\-h\fP or \fB\-\-help\fP
options after the module has been specified to receive help specific
to that module.
+If the \fB\-p\fP or \fB\-\-protocol\fP was specified and if and only if an
+unknown option is encountered, iptables will try load a match module of the
+same name as the protocol, to try making the option available.
.\" @MATCH@
iptables can use extended target modules: the following are included