Red Hat Enterprise Linux 5 Administration Unleashed

Selecting a Table and Command for IPTables 479TABLE 24.1 ContinuedIPTables CommandDescription-P Set the target policy for a given chain, or what to dowith the packets if they match the rule.-E Rename a user-defined chain. New name must beunique.-h Show very brief description of command-lineoptions.The parameters in Table 24.2 should be used to form the rule specifications for thecommands in Table 24.1 that are followed by .CAUTIONDo not use hostnames when writing IPTables rules. IPTables is started before DNS,and the system will not be able to resolve the hostnames.24TABLE 24.2 IPTables Rule ParametersParameterDescription-p Protocol for the packets. The most common ones are tcp, udp, andicmp. Protocols from /etc/protocols can also be used. If all isused, all protocols are valid for the rule. If an exclamation point anda space are before the protocol name, the rule matches all protocolsexcept the one listed after the exclamation point.-s Source of the packets. The can be a network name, anIP address, or an IP address with a mask. If an exclamation pointand a space are before the address, the rule matches all addressesexcept the one listed after the exclamation point.-d Destination of the packets. The can be in the sameformats as for the -s parameter.-j Target of the rule, or what to do with the packets if they match therule. Target can be a user-defined chain other than the one this ruleis in, a predefined target, or an extension. Refer to the “UsingIPTables Target Extensions” section for details on extensions.The following predefined targets are available:ACCEPT: Allow the packet through.DROP: Drop the packet and do nothing further with it.QUEUE: Pass the packet to userspace.RETURN: Stop processing the current chain and return the previouschain.-g Continue processing in the given chain.