The packet filter language syntax is as follows. Keywords are in bold. Optional terms are in [square brackets]
. Placeholders for literals are in <angle brackets>
. Binary logical operators associate to the left. All keywords and port aliases should be in lower case.
<len>
: Packet length in bytes. Greater or less comparison is inclusive of len
.<mac_addr>
: MAC address, e.g. DE:AD:BE:EF:D0:0D
. Hex digits are case-insensitive.<ip_addr>
: IP address consistent with the IP version specified previously. E.g. 192.168.1.10
, 2001:4860:4860::8888
.<port_lst>
: List of ports or port ranges separated by commas, e.g. 13,ssh,6000-7000,20
. The following aliases for defined ports and port ranges can be used as an item in the list, but not as part of a range (3,dhcp,12
is allowed, http-100
is not):Alias | Port(s) |
---|---|
dhcp | 67-68 |
dns | 53 |
echo | 7 |
ftpxfer | 20 |
ftpctl | 21 |
http | 80 |
https | 443 |
irc | 194 |
ntp | 123 |
sftp | 115 |
ssh | 22 |
telnet | 23 |
tftp | 69 |
dbglog | Netboot debug log port |
dbgack | Netboot debug log ack port |
The following aliases may be used instead of the keywords listed in the syntax:
Keyword | Alias |
---|---|
ip | ip4 |
port | portrange |