The packet filter language syntax is as follows. Keywords are in bold. Optional terms are in [square brackets]. Placeholders for literals are in <angle brackets>. Binary logical operators associate to the left. All keywords and port aliases should be in lower case.
<len>: Packet length in bytes. Greater or less comparison is inclusive of len.<mac_addr>: MAC address, e.g. DE:AD:BE:EF:D0:0D. Hex digits are case-insensitive.<ip_addr>: IP address consistent with the IP version specified previously. E.g. 192.168.1.10, 2001:4860:4860::8888.<port_lst>: List of ports or port ranges separated by commas, e.g. 13,ssh,6000-7000,20. The following aliases for defined ports and port ranges can be used as an item in the list, but not as part of a range (3,dhcp,12 is allowed, http-100 is not):| Alias | Port(s) |
|---|---|
dhcp | 67-68 |
dns | 53 |
echo | 7 |
ftpxfer | 20 |
ftpctl | 21 |
http | 80 |
https | 443 |
irc | 194 |
ntp | 123 |
sftp | 115 |
ssh | 22 |
telnet | 23 |
tftp | 69 |
dbglog | Netboot debug log port |
dbgack | Netboot debug log ack port |
The following aliases may be used instead of the keywords listed in the syntax:
| Keyword | Alias |
|---|---|
ip | ip4 |
port | portrange |