Basic iptables question
Hi, I'm mondering why people set both protocol and match in rules..
eg: -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT surely just -A INPUT -p tcp --dport 22 -j ACCEPT is sufficient as you've already said you're examining the tcp protocol so don't need to then also "match" it. Or am I missing something? |
It is as the manual says, use -m --match if you want to use extension module to test specific property (--dport 22 property for example with tcp module)
But in your example, tcp match is implicitly set with -p tcp, so you don't need to explicitly use -m tcp here |
Ah good, so it's not functionally needed there, it's just "good grammar".
|
All times are GMT -5. The time now is 07:09 PM. |