-i','--in-interface','The incoming interface name
-o','--out-interface','The outgoing interface name (same as the -i option) at this point
-j', '--jump','The action assocaiated with the rule ACCEPT or DROP',choices=['DROP','ACCEPT','ACCEPT-TRAP','TRAP']
-I','-A','The INPUT or OUTPUT chain which maps to the INGRESS or EGRESS tables',choices=['INPUT','OUTPUT']
-p', '--protocol','The IP protocol type (TCP/UDP/ICMP)
-d', '--destination','Specify the destination IPv4/IPv6 address'
--dport','Specify the destination port number'
--sport','Specify the source port number'
-s', '--source','Specify the source IPv4/IPv6 address'
--mac-source','The source MAC address'
--mac-destination','The destination MAC address'
- (blocks unknown)
-A INPUT -p ssh -m mac --mac-source 00:00:00:00:00:001 --dport 80 -j DROP
- (blocks bad requests)
-A INPUT -p ssh -m mac --mac-source 00:00:00:00:00:001 --dport 80 -j DROP
- (accepts http requests on port 80)
-A INPUT -p tcp --dport 80 -j ACCEPT