Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)
Not supported because it is only valid in the OUTPUT and POSTROUTING chains.
physdev *
Matches on the bridge port input and output devices enslaved to a bridge device.
Not supported because CIP is not a bridge device.
pkttype
Matches link-layer packet type.
[!] --pkt-type {unicast|broadcast|multicast}
policy
Matches IPsec policy.
--dir {in|out}
--pol {none|ipsec}
--strict
[!] --reqid id
[!] --spi spi
[!] --proto {ah|esp|ipcomp}
[!] --mode {tunnel|transport}
[!] --tunnel-src addr[/mask]
[!] --tunnel-dst addr[/mask]
--next
quota
Implements network quota by decrementing a byte counter with each packet.
--quota bytes
The quota in bytes.
rateest *
Rate estimator.
Not supported because it is mainly for making routing decisions (mangle table).
realm *
Matches the routing realm.
Not supported because it is for dynamic routing.
recent
Matches against dynamically constructed list of IP addresses.
--name name
[!] --set
--rsource
--rdest
[!] --rcheck
[!] --update
[!] --remove
--seconds seconds
--hitcount hits
--rttl
rt
Matches on IPv6 routing header.
330