Protocols operate in a similar manner to Match Extensions. Protocols filter the current packet based on the current communications protocol. There are only a few options, and for our purposes we will only focus on the two most common: TCP and UDP. Protocol filtering may be combined with match extensions (-m) on the same line to create more sophisticated filters on a single command line.
TCP
Match extensions that filter based on port numbers must be used in conjunction with a protocol (e.g. -p tcp or -p udp). Port filtering may consist of a single port, group of ports, range of ports, or a group of port ranges. The maximum number of ports specified as a command line argument is 15. A range (e.g. x-y) counts as two ports (out of the maximum of 15).
Here are some syntax examples of the tcp protocol used with various port number filters.
- -p tcp --source-port {port,port,port:port}
- -p tcp --sport {port,port,port:port}
- -p tcp --destination-port {port,port,port:port}
- -p tcp --dport {port,port,port:port}
- -p tcp --dport 0:9999,12000:15000,34999
Note there is no module prefix between the -m parameter and the match extension syntax.
UDP
The UDP match extension follows the same format as the TCP extension.
Port filtering may consist of a single port, group of ports, range of ports, or a group of port ranges. The maximum number of ports specified as a command line argument is 15. A range (e.g. x-y) counts as two ports (out of the maximum of 15).
Here are some syntax examples of the tcp protocol used with various port number filters.
- -p udp --source-port {port,port,port:port}
- -p udp --sport {port,port,port:port}
- -p udp --sport 23,47:125,57:123,449
- -p udp --destination-port {port,port,port:port}
- -p udp --dport {port,port,port:port}
Note there is no module prefix between the -m parameter and the match extension syntax.