blob: 3e5ffa09c9da7b0713e107b954f950ba7609683d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
This module matches Stream Control Transmission Protocol headers.
.TP
[\fB!\fP] \fB\-\-source\-port\fP,\fB\-\-sport\fP \fIport\fP[\fB:\fP\fIport\fP]
.TP
[\fB!\fP] \fB\-\-destination\-port\fP,\fB\-\-dport\fP \fIport\fP[\fB:\fP\fIport\fP]
.TP
[\fB!\fP] \fB\-\-chunk\-types\fP {\fBall\fP|\fBany\fP|\fBonly\fP} \fIchunktype\fP[\fB:\fP\fIflags\fP] [...]
The flag letter in upper case indicates that the flag is to match if set,
in the lower case indicates to match if unset.
Match types:
.TP
all
Match if all given chunk types are present and flags match.
.TP
any
Match if any of the given chunk types is present with given flags.
.TP
only
Match if only the given chunk types are present with given flags and none are missing.
Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE ASCONF ASCONF_ACK FORWARD_TSN
chunk type available flags
.br
DATA I U B E i u b e
.br
ABORT T t
.br
SHUTDOWN_COMPLETE T t
(lowercase means flag should be "off", uppercase means "on")
.P
Examples:
iptables \-A INPUT \-p sctp \-\-dport 80 \-j DROP
iptables \-A INPUT \-p sctp \-\-chunk\-types any DATA,INIT \-j DROP
iptables \-A INPUT \-p sctp \-\-chunk\-types any DATA:Be \-j ACCEPT
|
