Iptables parameter options
[!] -p, --protocol protocol: This is the connection protocol used. The specified protocol can be one of tcp, udp, udplite, icmp, esp, ah, sctp or the special keyword ‘all’. Or it can be a numeric value, representing one of these protocols or a different one. A protocol name from / etc/protocols is also allowed. A ‘!’ argument before the protocol inverts the test.
[!] -s, --source address[/mask][,...]: This is the address[/ mask] source specification. Address can be either a network name, a hostname, a network IP address (with /mask), or a plain IP address. A ‘!’ argument before the address specification inverts the sense of the address.
[!] -d, --destination address[/mask][,...]: This is the address[/mask] destination specification.
-j, --jump target: This jumps to the specified target when a packet matches a particular rule.
[!] -i, --in-interface name: This is the name of an interface via which a packet has been received (only for packets entering the INPUT, FORWARD and PREROUTING chains). When the ‘!’ argument is used before the interface name, the sense is inverted. If the interface name ends in a ‘+’, then any interface which begins with this name will match. If this option is omitted, any interface name will match.
[!] -o, --out-interface name: This is the name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the ‘!’ argument is used before the interface name, the sense is inverted. If the interface name ends in a ‘+’, then any interface which begins with this name will match. If this option is omitted, any interface name will match.
[!] -f, --fragment: This rule applies only to fragmented packets.
You can use the exclamation point character (!) option before this parameter to specify that only unfragmented packets are matched.
-c, --set-counters packets bytes: This enables the administrator to initialise the packet and byte counters of a rule (during the INSERT, APPEND and REPLACE operations).