Iptables can use extended packet matching modules.
These are loaded in two ways: implicitly, when -p or --protocol is specified,or with the -m or --match options, followed by the matching module name; after these, various extra command line options become available, depending on the specific module.
===========================================================================
You can specify multiple extended match modules in one line, and you can use the -h or --help options after the module has been specified to receive help specific to that module.
===========================================================================
两个例子:
tos:
This module matches the 8 bits of Type of Service field in the IP header (ie. including the precedence bits).
tos --tos
The argument is either a standard name,(use ‘iptables -m tos -h’ to see the list), or a numeric value to match.
length:
-m length --length 100
其中,100指定的是IP数据包的大小。而在ping中,用-l(windows下)或-s(linux下)指定的是要发送的数据data的大小。这样的数据要先后加上ICMP头--8字节、IP头--20字节...
===========================================================================
关于tos:
tos.doc
阅读(1301) | 评论(0) | 转发(0) |
