(sorry if these are painfully trivial questions, but sometimes the docs just don't seem to be consistent.) based on both the man page and andreasson's tutorial, i can filter on protocol with some variation of -p tcp -p udp -p udp,icmp -p ! tcp -p <some protocol number here> and so on. while the common filtering protocols are of course tcp, udp and icmp, there are far more listed in /etc/protocols that can be selected by name or number. so it's a but puzzling that andreasson's tutorial claims that "--protocol ! tcp would mean to match the ICMP and UDP protocols." really? i would have assumed it would have matched *every* other protocol but TCP. am i misunderstanding the function of the "!" with respect to protocol? rday
