LinuxQuestions.org - Basic iptables question

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Basic iptables question (https://www.linuxquestions.org/questions/linux-newbie-8/basic-iptables-question-4175522049/)

kbnuts

10-14-2014 03:06 AM

Basic iptables question

Hi, I'm mondering why people set both protocol and match in rules..

eg:

-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

surely just

-A INPUT -p tcp --dport 22 -j ACCEPT

is sufficient as you've already said you're examining the tcp protocol so don't need to then also "match" it.

Or am I missing something?

keefaz

10-14-2014 05:01 AM

It is as the manual says, use -m --match if you want to use extension module to test specific property (--dport 22 property for example with tcp module)

But in your example, tcp match is implicitly set with -p tcp, so you don't need to explicitly use -m tcp here

kbnuts

10-14-2014 06:00 AM

Ah good, so it's not functionally needed there, it's just "good grammar".

All times are GMT -5. The time now is 07:09 PM.