| ipf.5 (22514) | ipf.5 (26119) |
|---|---|
| 1.TH IPF 5 2.SH NAME 3ipf \- IP packet filter rule syntax 4.SH DESCRIPTION 5.PP 6A rule file for \fBipf\fP may have any name or even be stdin. As 7\fBipfstat\fP produces parseable rules as output when displaying the internal 8kernel filter lists, it is quite plausible to use its output to feed back --- 263 unchanged lines hidden (view full) --- 272If a \fBport\fP match is included, for either or both of source and 273destination, then it is only applied to 274.\" XXX - "may only be" ? how does this apply to other protocols? will it not match, or will it be ignored? 275TCP and UDP packets. If there is no \fBproto\fP match parameter, 276packets from both protocols are compared. This is equivalent to "proto 277tcp/udp". When composing \fBport\fP comparisons, either the service 278name or an integer port number may be used. Port comparisons may be 279done in a number of forms, with a number of comparison operators, or | 1.TH IPF 5 2.SH NAME 3ipf \- IP packet filter rule syntax 4.SH DESCRIPTION 5.PP 6A rule file for \fBipf\fP may have any name or even be stdin. As 7\fBipfstat\fP produces parseable rules as output when displaying the internal 8kernel filter lists, it is quite plausible to use its output to feed back --- 263 unchanged lines hidden (view full) --- 272If a \fBport\fP match is included, for either or both of source and 273destination, then it is only applied to 274.\" XXX - "may only be" ? how does this apply to other protocols? will it not match, or will it be ignored? 275TCP and UDP packets. If there is no \fBproto\fP match parameter, 276packets from both protocols are compared. This is equivalent to "proto 277tcp/udp". When composing \fBport\fP comparisons, either the service 278name or an integer port number may be used. Port comparisons may be 279done in a number of forms, with a number of comparison operators, or |
| 280port ranges may be specified. See the examples for more information. | 280port ranges may be specified. When the port appears as part of the 281\fBfrom\fP object, it matches the source port number, when it appears 282as part of the \fBto\fP object, it matches the destination port number. 283See the examples for more information. |
| 281.PP 282The \fBall\fP keyword is essentially a synonym for "from any to any" 283with no other match parameters. 284.PP 285Following the source and destination matching parameters, the 286following additional parameters may be used: 287.TP 288.B with --- 136 unchanged lines hidden (view full) --- 425.fi 426.PP 427would be needed before the first block. 428.SH FILES 429/etc/services 430.br 431/etc/hosts 432.SH SEE ALSO | 284.PP 285The \fBall\fP keyword is essentially a synonym for "from any to any" 286with no other match parameters. 287.PP 288Following the source and destination matching parameters, the 289following additional parameters may be used: 290.TP 291.B with --- 136 unchanged lines hidden (view full) --- 428.fi 429.PP 430would be needed before the first block. 431.SH FILES 432/etc/services 433.br 434/etc/hosts 435.SH SEE ALSO |
| 433ipf(1), ipftest(1) | 436ipf(1), ipftest(1), mkfilters(1) |