11
2
Firewall configuration written by system-config-firewall
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
trekkerboy
Posted 2013-08-12T19:40:52.487
Reputation: 123
what does "-m tcp" mean in this iptables rule?
Answers
10
Per the manual, it's an unusual but harmless explicit invocation of the tcp iptables module; this module is implicitly invoked when -p tcp (TCP protocol) is specified, and only works when -p tcp is specified anyway, but apparently whoever wrote system-config-firewall's rule generator believed in the belt-and-suspenders theory of reliability.
Aaron Miller
Posted 2013-08-12T19:40:52.487
Reputation: 8 849
5
From iptables manual page:
-m, --match match
Specifies a match to use, that is, an extension module that tests for a specific property. The set of matches make up the condition under which a target is invoked. Matches are evaluated first to last as specified on the command line and work in short-circuit fashion, i.e. if one extension yields false, evaluation will stop.
In this case TCP match is being used.
TCP matches
These matches are protocol specific and are only available when working with TCP packets and streams. To use these matches, you need to specify --protocol tcp on the command line before trying to use them. Note that the --protocol tcp match must be to the left of the protocol specific matches. These matches are loaded implicitly in a sense, just as the UDP and ICMP matches are loaded implicitly. The other matches will be looked over in the continuation of this section, after the TCP match section.
VL-80
Posted 2013-08-12T19:40:52.487
Reputation: 3 867
ip{,6}tables-save adds it explicitly by default. – selurvedu – 2017-11-01T05:13:37.180