Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)
--zero | -Z [chain]
This command zeros out the packet and bytes counters in the specified chain or all chains if
the chain name is not specified. This applies to all user-defined chains, the CIP built-in chain
and Linux built-in chains if chain is not specified. A user may also specify the Linux built-in
INPUT chain for this command.
--new | -N chain
This command creates a new user-defined chain by the given name. There must be no target
of that name already, or an error is returned. Creating a CIP reserved chain (a name begins
with CIP_) and any of the Linux built-in chains (INPUT, OUTPUT, and FORWARD) is not allowed.
--delete-chain | -X [chain]
Delete the user-defined chain specified. There must be no references to the chain. If there are,
you must delete or replace the referring rules before the chain can be deleted. The chain must
also be empty, i.e. not containing any rules. If no argument is given, it will attempt to delete
every user-defined chain in the table. The following built-in chains cannot be deleted: CIP_INPUT,
CIP_INPUT_p, INPUT, OUTPUT, and FORWARD.
--rename-chain | -E old-chain new-chain
This command renames the specified user-defined chain to the user-supplied name. Any
references to the old chain name are automatically renamed by Linux iptables/ip6tables itself.
The following built-in chains cannot be renamed: CIP_INPUT, CIP_INPUT_p, INPUT, OUTPUT,
and FORWARD.
--policy | -P chain target
This command sets the policy for the chain to the given target. Only a CIP built-in CIP_INPUT
chain can be specified with a policy. Neither Linux built-in nor user-defined chains can be
policy targets.
Setting a policy to CIP_INPUT chain causes the target (the first and only rule) in CIP_INPUT_p
chain to be replaced.
-h | -help | --help
This command prints the climconfig iptables/ip6tables help information. If it is specified after
a match extension, some more information pertinent to that match could also be given.
PARAMETERS
-prov
Specifies a provider name. This option is mandatory for CLIMs that have MULTIPROV set to
ON and cannot be used if MULTIPROV is set to OFF. Each provider has its own iptables
configuration. The provider name is case-insensitive and always converted to UPPER case.
-force
Used with a sensitive command, causes the command to bypass user confirmation. Must be
either ahead of the command or at end of the line.
[!] --protocol | -p proto
To match protocol proto, which is either a protocol name or number. Supported protocols
are: all(0), tcp(6), udp(17), icmp(1), esp(50), ah(51), and sctp(132). When the "!" argument
is used, the ‘match’ operation is changed to the ‘not match’ operation.
[!] --source | --src | -s address[/mask]
To match a source address. Address can be either a network IPv4/IPv6 address (with /mask),
or a plain IP address. The mask can be either a network mask or a plain number, specifying
the number of 1s at the left side of the network mask. Thus, a mask of 24 is equivalent to
255.255.255.0. When the "!" argument is used the ‘match’ operation is changed to the ‘not
match’ operation.
337