-v causes iptables to be verbose in its (Free web hosts)
-v causes iptables to be verbose in its output; it will supply more information. -n causes iptables to display IP address and ports as numbers without attempting to resolve them to their corresponding names. -x causes any numbers in the iptables output to be expanded to their exact values with no rounding. - -line-numbers causes line numbers to be displayed when listing rulesets. The line number will correspond to the rule’s position within the chain. Extensions We said earlier that the iptables utility is extensible through optional shared library modules. There are some standard extensions that provide some of the features ipchains provided. To make use of an extension, you must specify its name through the -m name argument to iptables. The following list shows the -m and -p options that set up the extension’s context, and the options provided by that extension. TCP Extensions: used with -m tcp -p tcp - -sport [!] [port[:port]] Specifies the port that the datagram source must be using to match this rule. Ports may be specified as a range by specifying the upper and lower limits of the range using the colon as a delimiter. For example, 20:25 described all of the ports numbered 20 up to and including 25. Again, the ! character may be used to negate the values. - -dport [!] [port[:port]] Specifies the port that the datagram destination must be using to match this rule. The argument is coded identically to the - -sport option. - -tcp-flags [!] mask comp Specifies that this rule should match when the TCP flags in the datagram match those specified by mask and comp. mask is a comma-separated list of flags that should be examined when making the test. comp is a comma-separated list of flags that must be set for the rule to match. Valid flags are: SYN, ACK, FIN, RST, URG, PSH, ALL or NONE. This is an advanced option: refer to a good description of the TCP protocol, such as RFC-793, for a description of the meaning and implication of each of these flags. The ! character negates the rule. [!] - -syn Specifies the rule to match only datagrams with the SYN bit set and the ACK and FIN bits cleared. Datagrams with these options are used to open TCP connections, and this option can therefore be used to manage connection requests. This option is shorthand for: –tcp-flags SYN,RST,ACK SYN When you use the negation operator, the rule will match all datagrams that do not have both the SYN and ACK bits set. UDP Extensions: used with -m udp -p udp - -sport [!] [port[:port]] Specifies the port that the datagram source must be using to match this rule. Ports may be specified as a range by specifying the upper and lower limits of the range using the colon as a delimiter. For example, 20:25 describes all of the ports numbered 20 up to and including 25. Again, the ! character may be used to negate the values. - -dport [!] [port[:port]] Specifies the port that the datagram destination must be using to match this rule. The argument is coded identically to the - -sport option.