I am currently writing a mini how-to for a SANS paper and I have a question regarding information in the man page that apparently behaves differently than expected. It is my understanding that in order to use --sport or --dport in the filter chain, -p Protocol must be used. For example: iptables -A INPUT -i eth0 -s 192.168.0.1 --sport 5000 -d 192.168.0.22 --dport 56 -j ACCEPT yields iptables v1.2.8: Unknown arg `--sport' Try `iptables -h' or 'iptables --help' for more information. but iptables -A INPUT -i eth0 -p tcp -s 192.168.0.1 --sport 5000 -d 192.168.0.22 --dport 56 -j ACCEPT works. Now, according to the man page, the argument to -p can be tcp,udp,icmp,all or a number representing a protocol in /etc/protocols or a name from /etc/protocols. I have found that in reality iptables yields the same error above for anything expcept tcp.udp,icmp or their associated numbers. What have I missed -or- is the man page wrong? Will
