Skip to main content

Common Match Criteria and Common Match Criteria conhnued

Common Match Criteria 

IP address or network

Network interface
i lo
0 eth1

Criteria can be inverted with
i etho  s

Most rules in the filter table involve allowing or denying packets based on their source or destination. Below are examples of options that can be used to create such rules.

A packet‘s source or destination can be specified with s or d, respectively. The option should be followed by an IP address or lP Net mask combination or hostname. Net masks can use CIDR ( or

VLSN (,255.255.0) notation. Using a hostname is not recommended because it will just be translated into an IP when the rule is stored anyway.

The following example would allow packets from any address on the 192.168.0.X network through the firewall.

Packets can also be matched based on the physical network interface they are arriving on or leaving through This is done with the i and -0 options, respectively. The following command would only allow packets destined for the local network to leave via etho (assuming all other packets are denied by default).

Another common interface based rule is the following, which allows all packets arriving on the system's loopback interface through the firewall.

Since only local processes have access to the loopback interface, traffic on Io is usually unfiltered. Thus, many firewall rulesets begin with a rule like the above.

Any match criterion may be negated by prep ending (with the quotes) to the value. While the quotes 3’9 not strictly necessary in these examples, they are considered best practice when dealing with a speclall

Character the bash shell might desire to expand. The following example would block all traffic except packets from

Common Match Criteria conhnued 

Transport protocol and port
p tcp dport 80
p udp sport 53
Port ranges can be specified with start:end

ICMP type

p icmp  icmp  type host unreachable

Packets can also be matched by their source or destination ports. Because port numbers are ambiguous unless associated with a transport protocol since tcp port 53 is distinct from udp port 53 references to ports must always specify a ayer  4 protocol with the p option. Destination ports are matched with
dport and source ports with sport. Ranges of ports can be listed as start port end port If end port is left out, it is assumed to be the highest possible port.

The following example would ailow tcp packets coming from port 123 of 19216801 to port 1024 or above of 19216802

ICMP packets, which include ping requests and responses, destination unreachable messages from routers, and many other types of network diagnostic messages, can be selectively filtered by specifying

icmp as the protocol and using the icmp type to match specific types. The following examples would explicitly deny ping requests and explicitly allow destination unreachable messages, respectively

While some networks choose to block pings requests, denying all ICMP packets is not recommended. Certain types, such as destination unreachabie messages represent important information that network clients should receive.


Popular posts from this blog

Try winter cough cough Home remedies will run away from this country prescription without any medication Your cold cough

Try winter cough cough Home remedies will run away from this country prescription without any medication Your cold cough

 Friendly winter cough is a common problem in the winter season which is applicable to all people and if the winter season is going on right now then we are ten persons, three persons have this disease.
 And if we get a lot of colds or coughs this season, if we try to take medicine instead of a doctor, this can be relieved.

Let's have friends today what we know about this country remedy

The easiest and easiest way

 Put some salt in warm water and rinse with water. Relieves throat problems as well as drinking hot drinks like tea and coffee and yes, drinking warm water also helps.

 To relieve cold soreness and body aches or headaches
 Add turmeric powder ginger powder and a teaspoon of honey in a glass of warm water. This will provide a lot of relief.

 Native remedy for cold

 Friends find a steam machine in the market and if you want to buy a steam machine, boil hot water …

The DNS Hierarchy

The DNS Hierarchy

DNS is a directory of resource records organized as a tree resource record maps a name to data

klostname to IP address, domain to authoritative nameserver etc.

A domain is a collection of records in the same DNS subtree The root domain consists ol the whole DNS tree

The domain com consists only of names that end in .com hedhat .com is a subdomain of .com which in turn is a subdomain of

Ths part of a domain served by a particular nameserver is called the zone The nameserver is authoritative tor these names

The zone may cover an entire domain, or selected subdomains may be delegated to be served out as Separate zones by other nameservers

The fONOWing definitions are essential to understanding how DNS works Namesen any network device that is running a DNS server.

Resource Record an entry in a zone on the nameserver that maps one thing to anotherie. hostname to Ip address

Domain: a collection of resource records which end in a common name and represent an entire subtree of the DN…

These healthy tips on how to stay healthy in winter

These healthy tips on how to stay healthy in winter

 Eating different types of fruits in the winter improves the body's health by eating figs in winter strengthens bones

 Keeping body healthy in winter season should be taken care of different fresh vegetables and fruits in winter maintains health in our body.
 Winter fruits provide essential nutrients to our body by eating the fruits of winter benefits the body's mushroom tissues.

 Friends today we know what fruits should be eaten in the winter to keep our bodies healthy and which fruits to eat

 By eating bananas every morning from 11 to 12 pm, blood pressure is in control of our body and also keeps the heart healthy.

 The dark circles under the eyes on our face become darker. If we eat apples in winter, it provides a great deal of relief, as well as eating apples every day, we can control our weight and keep skin cancer away.

 Half a cup of cranberries contains about 25 calories if needed.  Consuming it daily i…