Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

321

322

323

324

325

326

327

328

329

330

[!] --destination | --dst | -d address[/mask]

To match a destination address. Address can be either a network IP address (with /mask), or

a plain IPv4/IPv6 address. The mask can be either a network mask or a plain number, specifying

the number of 1s at the left side of the network mask. Thus, a mask of 24 is equivalent to

255.255.255.0. When the "!" argument is used the ‘match’ operation is changed to the ‘not

match’ operation.

[!] --in-interface | -i interface_name[+]

To match a packet by the interface in which it was received. If the interface name ends in a

"+", then any interface which begins with this name will match. If this option is omitted, any

interface name will match. When the "!" argument is used the ‘match’ operation is changed

to the ‘not match’ operation.

--jump | -j target

Jump to a target, which can be a user-defined chain, a built-in or extension target.

--match | -m match-module-name

Load a match extension module.

--numeric | -n

Select numeric output of addresses and ports.

--table | -t table

Specify table to manipulate. table must be ‘filter’.

--verbose | -v

Verbose mode.

--line-numbers

Print line numbers when listing.

--exact | -x

To expand numbers (display exact values).

--set-counters | -c pkts bytes

This enables the administrator to initialize the packet and byte counters of a rule (during INSERT,

APPEND, REPLACE operations). For example,

iptables -A CIP_INPUT -c 100 2000 -p tcp -i eth2

--dport 21 -j ACCEPT

would set the rule in the CIP_INPUT chain for accepting ftp packets targeted for interface eth2

and, at the same time, initialize the number of packets accepted to be 100 and number of

bytes to be 2000.

Match Extensions ip6

The supported match extensions are based on the Linux iptables man pages. They are subject to

future changes made by Linux iptables implementation.

Matches the SPIs in Authentication header of IPsec packets.

[!] --ahspi spi[:spi]

[!] --ahlen length

--ahres

comment

Allows you to add comments (up to 256 characters) to any rule.

--comment comment

Example:

ip6tables -A CIP_INPUT -s fe80::221:5aff:fec9:1a32/64

-m comment --comment 'A privatized IP block'

326