blob: 16fd9dfd932a9f396e1b9f2a718c88494b5dd024 [file] [log] [blame]
This module matches packets based on their
.B address type.
Address types are used within the kernel networking stack and categorize
addresses into various groups. The exact definition of that group depends on the specific layer three protocol.
.PP
The following address types are possible:
.TP
.BI "UNSPEC"
an unspecified address (i.e. 0.0.0.0)
.TP
.BI "UNICAST"
an unicast address
.TP
.BI "LOCAL"
a local address
.TP
.BI "BROADCAST"
a broadcast address
.TP
.BI "ANYCAST"
an anycast packet
.TP
.BI "MULTICAST"
a multicast address
.TP
.BI "BLACKHOLE"
a blackhole address
.TP
.BI "UNREACHABLE"
an unreachable address
.TP
.BI "PROHIBIT"
a prohibited address
.TP
.BI "THROW"
FIXME
.TP
.BI "NAT"
FIXME
.TP
.BI "XRESOLVE"
.TP
[\fB!\fP] \fB\-\-src\-type\fP \fItype\fP
Matches if the source address is of given type
.TP
[\fB!\fP] \fB\-\-dst\-type\fP \fItype\fP
Matches if the destination address is of given type
.TP
.BI "\-\-limit\-iface\-in"
The address type checking can be limited to the interface the packet is coming
in. This option is only valid in the
.BR PREROUTING ,
.B INPUT
and
.B FORWARD
chains. It cannot be specified with the
\fB\-\-limit\-iface\-out\fP
option.
.TP
\fB\-\-limit\-iface\-out\fP
The address type checking can be limited to the interface the packet is going
out. This option is only valid in the
.BR POSTROUTING ,
.B OUTPUT
and
.B FORWARD
chains. It cannot be specified with the
\fB\-\-limit\-iface\-in\fP
option.