#include #include #include #include #include #include Option to disable firewall rule IP fragment match Second and further fragments of fragmented packets Head fragments or unfragmented packets Inbound IPsec packets Inbound IPsec packets Inbound non-IPsec packets Rate limit using a token bucket filter Maximum number of packets to allow in excess of rate u32:0-4294967295 Maximum number of packets to allow in excess of rate Maximum average matching rate txt integer/unit (Example: 5/minute) \d+/(second|minute|hour|day) Option to log packets matching rule enable disable enable Enable log disable Disable log (enable|disable) Option to log packets matching rule enable disable enable Enable log disable Disable log (enable|disable) #include Connection status NAT connection status destination source destination Match connections that are subject to destination NAT source Match connections that are subject to source NAT (destination|source) Protocol to match (protocol name, number, or "all") all tcp_udp all All IP protocols tcp_udp Both TCP and UDP u32:0-255 IP protocol number <protocol> IP protocol name !<protocol> IP protocol name Parameters for matching recently seen sources Source addresses seen more than N times u32:1-255 Source addresses seen more than N times Source addresses seen in the last second/minute/hour second minute hour second Source addresses seen COUNT times in the last second minute Source addresses seen COUNT times in the last minute hour Source addresses seen COUNT times in the last hour (second|minute|hour) Session state Established state enable disable enable Enable disable Disable (enable|disable) Invalid state enable disable enable Enable disable Disable (enable|disable) New state enable disable enable Enable disable Disable (enable|disable) Related state enable disable enable Enable disable Disable (enable|disable) #include Time to match rule Date to start matching rule txt Enter date using following notation - YYYY-MM-DD (\d{4}\-\d{2}\-\d{2}) Time of day to start matching rule txt Enter time using using 24 hour notation - hh:mm:ss ([0-2][0-9](\:[0-5][0-9]){1,2}) Date to stop matching rule txt Enter date using following notation - YYYY-MM-DD (\d{4}\-\d{2}\-\d{2}) Time of day to stop matching rule txt Enter time using using 24 hour notation - hh:mm:ss ([0-2][0-9](\:[0-5][0-9]){1,2}) Comma separated weekdays to match rule on txt Name of day (Monday, Tuesday, Wednesday, Thursdays, Friday, Saturday, Sunday) u32:0-6 Day number (0 = Sunday ... 6 = Saturday)