22.214.171.124. Target Options
<user-defined-chain>— A user-defined chain within the table. User-defined chain names must be unique. This target passes the packet to the specified chain.
ACCEPT— Allows the packet through to its destination or to another chain.
DROP— Drops the packet without responding to the requester. The system that sent the packet is not notified of the failure.
QUEUE— The packet is queued for handling by a user-space application.
RETURN— Stops checking the packet against rules in the current chain. If the packet with a
RETURNtarget matches a rule in a chain called from another chain, the packet is returned to the first chain to resume rule checking where it left off. If the
RETURNrule is used on a built-in chain and the packet cannot move up to its previous chain, the default target for the current chain is used.
LOG— Logs all packets that match this rule. Because the packets are logged by the kernel, the
/etc/syslog.conffile determines where these log entries are written. By default, they are placed in the
/var/log/messagesfile.Additional options can be used after the
LOGtarget to specify the way in which logging occurs:
--log-level— Sets the priority level of a logging event. Refer to the
syslog.confman page for a list of priority levels.
--log-ip-options— Logs any options set in the header of an IP packet.
--log-prefix— Places a string of up to 29 characters before the log line when it is written. This is useful for writing syslog filters for use in conjunction with packet logging.
NoteDue to an issue with this option, you should add a trailing space to the log-prefix value.
--log-tcp-options— Logs any options set in the header of a TCP packet.
--log-tcp-sequence— Writes the TCP sequence number for the packet in the log.
REJECT— Sends an error packet back to the remote system and drops the packet.The
--reject-with <type>(where <type> is the rejection type) allowing more detailed information to be returned with the error packet. The message
port-unreachableis the default error type given if no other option is used. Refer to the
iptablesman page for a full list of
nattable, or with packet alteration using the
mangletable, can be found in the