1 .TP 2 [\fB!\fP] \fB\-\-source\-port\fP,\fB\-\-sport\fP \fIport\fP[\fB:\fP\fIport\fP] 3 .TP 4 [\fB!\fP] \fB\-\-destination\-port\fP,\fB\-\-dport\fP \fIport\fP[\fB:\fP\fIport\fP] 5 .TP 6 [\fB!\fP] \fB\-\-chunk\-types\fP {\fBall\fP|\fBany\fP|\fBonly\fP} \fIchunktype\fP[\fB:\fP\fIflags\fP] [...] 7 The flag letter in upper case indicates that the flag is to match if set, 8 in the lower case indicates to match if unset. 9 10 Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE ASCONF ASCONF_ACK FORWARD_TSN 11 12 chunk type available flags 13 .br 14 DATA I U B E i u b e 15 .br 16 ABORT T t 17 .br 18 SHUTDOWN_COMPLETE T t 19 20 (lowercase means flag should be "off", uppercase means "on") 21 .P 22 Examples: 23 24 iptables \-A INPUT \-p sctp \-\-dport 80 \-j DROP 25 26 iptables \-A INPUT \-p sctp \-\-chunk\-types any DATA,INIT \-j DROP 27 28 iptables \-A INPUT \-p sctp \-\-chunk\-types any DATA:Be \-j ACCEPT 29
