199 Firewall #include Flowtable [a-zA-Z0-9][\w\-\.]* #include Interfaces to use this flowtable Offloading method hardware software hardware Hardware offload software Software offload (hardware|software) software Firewall group Firewall address-group [a-zA-Z0-9][\w\-\.]* Address-group member ipv4 IPv4 address to match ipv4range IPv4 range to match (e.g. 10.0.0.1-10.0.0.200) Include another address-group firewall group address-group #include Firewall domain-group [a-zA-Z_][a-zA-Z0-9][\w\-\.]* Name of domain-group can only contain alpha-numeric letters, hyphen, underscores and not start with numeric Domain-group member txt Domain address to match #include Firewall interface-group [a-zA-Z0-9][\w\-\.]* Interface-group member Include another interface-group firewall group interface-group #include Firewall ipv6-address-group [a-zA-Z0-9][\w\-\.]* Address-group member ipv6 IPv6 address to match ipv6range IPv6 range to match (e.g. 2002::1-2002::ff) Include another ipv6-address-group firewall group ipv6-address-group #include Firewall ipv6-network-group [a-zA-Z0-9][\w\-\.]* #include Network-group member ipv6net IPv6 address to match Include another ipv6-network-group firewall group ipv6-network-group Firewall mac-group [a-zA-Z0-9][\w\-\.]* #include Mac-group member macaddr MAC address to match Include another mac-group firewall group mac-group Firewall network-group [a-zA-Z0-9][\w\-\.]* #include Network-group member ipv4net IPv4 Subnet to match Include another network-group firewall group network-group Firewall port-group [a-zA-Z0-9][\w\-\.]* #include Port-group member txt Named port (any name in /etc/services, e.g., http) u32:1-65535 Numbered port start-end Numbered port range (e.g. 1001-1050) Include another port-group firewall group port-group Bridge firewall #include #include IPv4 firewall #include #include #include #include IPv6 firewall #include #include #include #include