Defining Options

For filtering and manipulation of packets you need to define which properties a packet must have to be filtered/manipulated. This is done by passing one or more option names p.e. “ --source” and the value that should match “192.168.0.1” in that case.

IPTables define quiet a lot of different options you can check for. Some of them are directly implemented in the iptables program like the --source option but there are also some more complex options that need to load the needed modules into the kernel to be available. Those options are defined like ... --match state --state RELATED,ESTABLISHED ... The “--match state” options lets the program look for an available option called “state” which is in this case the connection tracking module.

The availability of those extended options depends on the configuration of your kernel and the available modules that can be loaded or are directly compiled into the kernel.

For a more detailed description of the options that can be used from within this program have a look at the chapter Packet Filtering and Altering.