ipchains 1.3.9, 17-Mar-1999

Usage: ipchains -[ADC] chain rule-specification [options]
       ipchains -[RI] chain rulenum rule-specification [options]
       ipchains -D chain rulenum [options]
       ipchains -[LFZNX] [chain] [options]
       ipchains -P chain target [options]
       ipchains -M [ -L | -S ] [options]
       ipchains -h [icmp] (print this help information, or ICMP list)

Commands:
Either long or short options are allowed.
  --add     -A chain		Append to chain
  --delete  -D chain		Delete matching rule from chain
  --delete  -D chain rulenum
				Delete rule rulenum (1 = first) from chain
  --insert  -I chain [rulenum]
				Insert in chain as rulenum (default 1=first)
  --replace -R chain rulenum
				Replace rule rulenum (1 = first) in chain
  --list    -L [chain]		List the rules in a chain or all chains
  --flush   -F [chain]		Delete all rules in  chain or all chains
  --zero    -Z [chain]		Zero counters in chain or all chains
  --check   -C chain		Test this packet on chain
  --new     -N chain		Create a new user-defined chain
  --delete-chain
            -X chain		Delete a user-defined chain
  --policy  -P chain target
				Change policy on chain to target
  --masquerade -M -L		List current masqerading connections
  --set	-M -S tcp tcpfin udp
				Set masquerading timeout values

Options:
  --bidirectional -b		insert two rules: one with -s & -d reversed
  --proto	-p [!] proto	protocol: by number or name, eg. `tcp'
  --source	-s [!] address[/mask] [!] [port[:port]]
				source specification
  --source-port [!] [port[:port]]
				source port specification
  --destination -d [!] address[/mask] [!] [port[:port]]
				destination specification
  --destination-port [!] [port[:port]]
				destination port specification
  --icmp-type [!] typename	specify ICMP type
  --interface	-i [!] name[+]
				network interface name ([+] for wildcard)
  --jump	-j target [port]
				target for rule ([port] for REDIRECT)
  --mark	-m [+-]mark	number to mark on matching packet
  --numeric	-n		numeric output of addresses and ports
  --log		-l		turn on kernel logging for matching packets
  --output	-o [maxsize]	output matching packet to netlink device
  --TOS		-t and xor	and/xor masks for TOS field
  --verbose	-v		verbose mode
  --exact	-x		expand numbers (display exact values)
[!] --fragment	-f		match second or further fragments only
[!] --syn	-y		match TCP packets only when SYN set
[!] --version	-V		print package version.