Syntax

The packet filter language syntax is as follows. Keywords are in bold. Optional terms are in [square brackets]. Placeholders for literals are in <angle brackets>. Binary logical operators associate to the left. All keywords and port aliases should be in lower case.

  • <len>: Packet length in bytes. Greater or less comparison is inclusive of len.
  • <mac_addr>: MAC address, e.g. DE:AD:BE:EF:D0:0D. Hex digits are case-insensitive.
  • <ip_addr>: IP address consistent with the IP version specified previously. E.g. 192.168.1.10, 2001:4860:4860::8888.
  • <port_lst>: List of ports or port ranges separated by commas, e.g. 13,ssh,6000-7000,20. The following aliases for defined ports and port ranges can be used as an item in the list, but not as part of a range (3,dhcp,12 is allowed, http-100 is not):

|Alias | Port(s) |
|:--------| :-------------------------|
|dhcp | 67-68 |
|dns | 53 | |echo | 7 | |ftpxfer| 20 | |ftpctl | 21 | |http | 80 | |https | 443 | |irc | 194 | |ntp | 123 | |sftp | 115 | |ssh | 22 | |telnet | 23 | |tftp | 69 | |dbglog | Netboot debug log port | |dbgack | Netboot debug log ack port|

Synonyms

The following aliases may be used instead of the keywords listed in the syntax:

KeywordAlias
ipip4
portportrange