1This module matches Stream Control Transmission Protocol headers. 2.TP 3[\fB!\fP] \fB\-\-source\-port\fP,\fB\-\-sport\fP \fIport\fP[\fB:\fP\fIport\fP] 4.TP 5[\fB!\fP] \fB\-\-destination\-port\fP,\fB\-\-dport\fP \fIport\fP[\fB:\fP\fIport\fP] 6.TP 7[\fB!\fP] \fB\-\-chunk\-types\fP {\fBall\fP|\fBany\fP|\fBonly\fP} \fIchunktype\fP[\fB:\fP\fIflags\fP] [...] 8The flag letter in upper case indicates that the flag is to match if set, 9in the lower case indicates to match if unset. 10 11Match types: 12.TP 13all 14Match if all given chunk types are present and flags match. 15.TP 16any 17Match if any of the given chunk types is present with given flags. 18.TP 19only 20Match if only the given chunk types are present with given flags and none are missing. 21 22Chunk types: DATA INIT INIT_ACK SACK HEARTBEAT HEARTBEAT_ACK ABORT SHUTDOWN SHUTDOWN_ACK ERROR COOKIE_ECHO COOKIE_ACK ECN_ECNE ECN_CWR SHUTDOWN_COMPLETE I_DATA RE_CONFIG PAD ASCONF ASCONF_ACK FORWARD_TSN I_FORWARD_TSN 23 24chunk type available flags 25.br 26DATA I U B E i u b e 27.br 28I_DATA I U B E i u b e 29.br 30ABORT T t 31.br 32SHUTDOWN_COMPLETE T t 33 34(lowercase means flag should be "off", uppercase means "on") 35.P 36Examples: 37 38iptables \-A INPUT \-p sctp \-\-dport 80 \-j DROP 39 40iptables \-A INPUT \-p sctp \-\-chunk\-types any DATA,INIT \-j DROP 41 42iptables \-A INPUT \-p sctp \-\-chunk\-types any DATA:Be \-j ACCEPT 43