• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1This module matches packets based on their
2.B address type.
3Address types are used within the kernel networking stack and categorize
4addresses into various groups.  The exact definition of that group depends on the specific layer three protocol.
5.PP
6The following address types are possible:
7.TP
8.BI "UNSPEC"
9an unspecified address (i.e. 0.0.0.0)
10.TP
11.BI "UNICAST"
12an unicast address
13.TP
14.BI "LOCAL"
15a local address
16.TP
17.BI "BROADCAST"
18a broadcast address
19.TP
20.BI "ANYCAST"
21an anycast packet
22.TP
23.BI "MULTICAST"
24a multicast address
25.TP
26.BI "BLACKHOLE"
27a blackhole address
28.TP
29.BI "UNREACHABLE"
30an unreachable address
31.TP
32.BI "PROHIBIT"
33a prohibited address
34.TP
35.BI "THROW"
36FIXME
37.TP
38.BI "NAT"
39FIXME
40.TP
41.BI "XRESOLVE"
42.TP
43[\fB!\fP] \fB\-\-src\-type\fP \fItype\fP
44Matches if the source address is of given type
45.TP
46[\fB!\fP] \fB\-\-dst\-type\fP \fItype\fP
47Matches if the destination address is of given type
48.TP
49.BI "\-\-limit\-iface\-in"
50The address type checking can be limited to the interface the packet is coming
51in. This option is only valid in the
52.BR PREROUTING ,
53.B INPUT
54and
55.B FORWARD
56chains. It cannot be specified with the
57\fB\-\-limit\-iface\-out\fP
58option.
59.TP
60\fB\-\-limit\-iface\-out\fP
61The address type checking can be limited to the interface the packet is going
62out. This option is only valid in the
63.BR POSTROUTING ,
64.B OUTPUT
65and
66.B FORWARD
67chains. It cannot be specified with the
68\fB\-\-limit\-iface\-in\fP
69option.
70