From 70af559db7732b6e06a57fca3611c86c6fa5dc00 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 18 Dec 2011 02:44:05 +0100 Subject: doc: clarification on the meaning of -p 0 Signed-off-by: Jan Engelhardt --- iptables/iptables.8.in | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'iptables/iptables.8.in') diff --git a/iptables/iptables.8.in b/iptables/iptables.8.in index 24618b7b..59d6e040 100644 --- a/iptables/iptables.8.in +++ b/iptables/iptables.8.in @@ -356,15 +356,19 @@ corresponding to that rule's position in the chain. When adding or inserting rules into a chain, use \fIcommand\fP to load any necessary modules (targets, match extensions, etc). .SH MATCH EXTENSIONS -iptables can use extended packet matching modules. These are loaded -in two ways: implicitly, when \fB\-p\fP or \fB\-\-protocol\fP -is specified, or with the \fB\-m\fP or \fB\-\-match\fP +.PP +iptables can use extended packet matching modules +with the \fB\-m\fP or \fB\-\-match\fP options, followed by the matching module name; after these, various extra command line options become available, depending on the specific module. You can specify multiple extended match modules in one line, and you can use the \fB\-h\fP or \fB\-\-help\fP options after the module has been specified to receive help specific to that module. +.PP +If the \fB\-p\fP or \fB\-\-protocol\fP was specified and if and only if an +unknown option is encountered, iptables will try load a match module of the +same name as the protocol, to try making the option available. .\" @MATCH@ .SH TARGET EXTENSIONS iptables can use extended target modules: the following are included -- cgit v1.2.3