1This module matches Stream Control Transmission Protocol headers. 2.TP 3[\fB!\fP] \fB\-\-source\-port\fP,\fB\-\-sport\fP \fIport\fP[\fB:\fP\fIport\fP] 4.TP 5[\fB!\fP] \fB\-\-destination\-port\fP,\fB\-\-dport\fP \fIport\fP[\fB:\fP\fIport\fP] 6.TP 7[\fB!\fP] \fB\-\-chunk\-types\fP {\fBall\fP|\fBany\fP|\fBonly\fP} \fIchunktype\fP[\fB:\fP\fIflags\fP] [...] 8The flag letter in upper case indicates that the flag is to match if set, 9in the lower case indicates to match if unset. 10 11Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE ASCONF ASCONF_ACK FORWARD_TSN 12 13chunk type available flags 14.br 15DATA I U B E i u b e 16.br 17ABORT T t 18.br 19SHUTDOWN_COMPLETE T t 20 21(lowercase means flag should be "off", uppercase means "on") 22.P 23Examples: 24 25iptables \-A INPUT \-p sctp \-\-dport 80 \-j DROP 26 27iptables \-A INPUT \-p sctp \-\-chunk\-types any DATA,INIT \-j DROP 28 29iptables \-A INPUT \-p sctp \-\-chunk\-types any DATA:Be \-j ACCEPT 30