Red Hat Enterprise Linux 5 Administration Unleashed

Using IPTables Match Extensions 493[!] --synMatch only if the SYN bit is set and the ACK, RST, and FIN bits are cleared. Thesepackets are trying to initiate a TCP connection.--tcp-option [!] Match if the TCP option listed is set.--mss :Match TCP SYN or TCP SYN/ACK packets with the given MSS value or value range.tcpmssMatch the TCP MSS field of the TCP header. This field controls the maximumpacket size for the connection.[!] --mss :Match based on a value or a value range.24timeDefine a range of arrival times and dates for packets to match.--timestart Match if start time is after defined time, which is in the format HH:MM.--timestop Match if stop time is before defined time, which is in the format HH:MM.--days Match if today is in the list of days, which is a comma-separated list of days.Correct day formats: Mon, Tue, Wed, Thu, Fri, Sat, Sun.--datestop Match if stop date is before defined date in the formatYYYY[:MM[:DD[:hh[:mm[:ss]]]]]. The h, m, and s values start counting at 0.tosMatch the TOS (Type of Service) field in the IP header.--tos Name or number to match. Execute iptables -m tos -h for a list of valid values.ttlMatch the TTL (Time To Live) field in the IP header.--ttl-eq Match defined TTL value.--ttl-gt Match if TTL is greater than defined value.--ttl-lt Match if TTP is less than defined value.