mirror of
git://git.proxmox.com/git/pve-docs.git
synced 2025-01-26 10:03:45 +03:00
42 lines
1.5 KiB
Plaintext
42 lines
1.5 KiB
Plaintext
`-dest` `string` ::
|
|
|
|
Restrict packet destination address. This can refer to a single IP address,
|
|
an IP set ('+ipsetname') or an IP alias definition. You can also specify an
|
|
address range like '20.34.101.207-201.3.9.99', or a list of IP addresses
|
|
and networks (entries are separated by comma). Please do not mix IPv4 and
|
|
IPv6 addresses inside such lists.
|
|
|
|
`-dport` `string` ::
|
|
|
|
Restrict TCP/UDP destination port. You can use service names or simple
|
|
numbers (0-65535), as defined in '/etc/services'. Port ranges can be
|
|
specified with '\d+:\d+', for example '80:85', and you can use comma
|
|
separated list to match several ports or ranges.
|
|
|
|
`-iface` `string` ::
|
|
|
|
Network interface name. You have to use network configuration key names for
|
|
VMs and containers ('net\d+'). Host related rules can use arbitrary
|
|
strings.
|
|
|
|
`-proto` `string` ::
|
|
|
|
IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers, as
|
|
defined in '/etc/protocols'.
|
|
|
|
`-source` `string` ::
|
|
|
|
Restrict packet source address. This can refer to a single IP address, an
|
|
IP set ('+ipsetname') or an IP alias definition. You can also specify an
|
|
address range like '20.34.101.207-201.3.9.99', or a list of IP addresses
|
|
and networks (entries are separated by comma). Please do not mix IPv4 and
|
|
IPv6 addresses inside such lists.
|
|
|
|
`-sport` `string` ::
|
|
|
|
Restrict TCP/UDP source port. You can use service names or simple numbers
|
|
(0-65535), as defined in '/etc/services'. Port ranges can be specified with
|
|
'\d+:\d+', for example '80:85', and you can use comma separated list to
|
|
match several ports or ranges.
|
|
|