Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)
Allows specification of the ICMP type, which can be a numeric ICMP type, type/code pair,
or one of the ICMP type names shown by the command: iptables -p icmp -h
iprange
Matches on a given arbitrary range of IP addresses.
[!] --src-range from[-to]
[!] --dst-range from[-to]
length
Matches the length of a packet against a value or range of values.
[!] --length length[:length]
limit
Matches a rule to a specified rate. A rule using this extension will match until this limit is reached
(unless the '!' flag is used).
[!] --limit rate [/second|/minute|/hour|/day]
--limit-burst number
mac
Matches source MAC address.
[!] --mac-source address
mark *
Matches packets with value previously set by MARK target.
Not supported because it is valid only in the mangle table.
multiport
Matches a set of source or destination ports.
[!] --source-ports | --sports port[,port|,port:port]...
[!] --destination-ports | --dports port[,port|,port:port]...
[!] --ports port[,port|,port:port]...
owner *
Matches various characteristics of the (locally generated) packet creator.
Not supported because it is only valid in the OUTPUT and POSTROUTING chains.
physdev *
Matches on the bridge port input and output devices enslaved to a bridge device.
Not supported because CIP is not a bridge device.
pkttype
Matches link-layer packet type.
[!] --pkt-type {unicast|broadcast|multicast}
policy
Matches IPsec policy.
--dir {in|out}
--pol {none|ipsec}
--strict
[!] --reqid id
[!] --spi spi
[!] --proto {ah|esp|ipcomp}
[!] --mode {tunnel|transport}
341