Dport and sport in iptables

Dport and sport in iptables first translate dport and sport meaning: dport: Destination Port sport: Source Port beginner iptables is easy to confuse, but I try to explain it to you in plain language. Dport and sport are literally easy to understand. One is the destination port for data arrival and the other is the port for data source. However, when using the data package, you need to consider the specific situation. This is the flow behavior of your data packets. (INPUT or OUTPUT) for example:/sbin/iptables-a input-p tcp -- dport 80-j ACCEPT. Pay attention to the INPUT parameter, this indicates the "go" Operation of your data packet! This data packet can be described as follows: 1. This is a data entry from the external to the internal local server. 2. The destination (dport) Address of the data packet is 80, which means to access port 80 on my local device. 3. Allow the above data to pass. Sum: allow external data to access port 80 of my local server. Let's look at the first 2nd columns:/sbin/iptables-a input-p tcp -- sport 80-j ACCEPT 1. This is A data entry from the external to the internal local server. 2. The source port of the data packet is sport 80, that is, the packet sent from the other party is port 80. 3. Allow the above data behavior. Summary: allow external data from port 80 to access my local server. Input mode Summary: dport refers to local and sport refers to external. If your data packet is an (OUTPUT) behavior, it is another way of understanding:/sbin/iptables-a output-p tcp -- dport 80-j ACCEPT 1. this is a piece of internal data. 2. The destination (dport) port is 80. 3. Allow the above data behavior. Output behavior Summary: dport is external only, and sport is local.