Manpage of IPTABLES
This module matches the length of a packet against a specific value or range of values.
--length length[:length]
ttl
This module matches the time to live field in the IP header.
--ttl ttl
Matches the given TTL value.
unclean
This module takes no options, but attempts to match packets which seem malformed or unusual. This is
regarded as experimental.
TARGET EXTENSIONS
iptables can use extended target modules: the following are included in the standard distribution.
LOG
Turn on kernel logging of matching packets. When this option is set for a rule, the Linux kernel will print
some information on all matching packets (like most IP header fields) via the kernel log (where it can be
read with dmesg or
syslogd
(8)). This is a "non-terminating target", i.e. rule traversal continues at the next
rule. So if you want to LOG the packets you refuse, use two separate rules with the same matching
criteria, first using target LOG then DROP (or REJECT).
--log-level level
Level of logging (numeric or see
syslog.conf
(5)).
--log-prefix prefix
Prefix log messages with the specified prefix; up to 29 letters long, and useful for distinguishing
messages in the logs.
--log-tcp-sequence
Log TCP sequence numbers. This is a security risk if the log is readable by users.
http://www.iptablesrocks.org/syntax/man_iptables.htm (12 of 20) [2/13/2004 8:04:51 PM]