Discuss how you can define matching rules for iptables.

What will be an ideal response?

---

Define matching rules:
Matches can be based, for instance, on interfaces, ports, or IP addresses.
Not every possible option has to be specified. If an option (the destination port, for example) is not specified, it is not taken into consideration.
Specify the interface: -i for input, -o for output: -i eth0
-o cannot be used in the INPUT chain; -i is not possible in the OUTPUT chain.
Specify the protocol: -p TCP, -p UDP
The protocol can be specified with its abbreviation or the number of the protocol from /etc/protocols. Both lower and upper case are acceptable.
Specify source and/or destination IP: -s 1.2.3.4, -d 192.168.0.0/24
Specify source and/or destination port: --sport 1024:65535, -- dport 80
You can specify a single port or port ranges (start:end). The port you put in the rules depends on the service you want to access. /etc/services lists the ports and the service that can usually be found on that port. While UDP and TCP usually have the same service on the same port, this is not necessarily so. See Ports and Port Numbers for frequently used ports and the services associated with them.
Additional matches can be used with the option -m.