#include #include #include #include #include Destination parameters #include #include #include #include #include #include #include Option to disable firewall rule IP fragment match Second and further fragments of fragmented packets Head fragments or unfragmented packets ICMP type and code information ICMP code u32:0-255 ICMP code (0-255) ICMP type u32:0-255 ICMP type (0-255) #include Inbound IPsec packets Inbound IPsec packets Inbound non-IPsec packets Rate limit using a token bucket filter Maximum number of packets to allow in excess of rate u32:0-4294967295 Maximum number of packets to allow in excess of rate Maximum average matching rate txt integer/unit (Example: 5/minute) \d+/(second|minute|hour|day) Option to log packets matching rule enable disable enable Enable log disable Disable log (enable|disable) #include Connection status NAT connection status destination source destination Match connections that are subject to destination NAT source Match connections that are subject to source NAT (destination|source) Protocol to match (protocol name, number, or "all") all tcp_udp all All IP protocols tcp_udp Both TCP and UDP u32:0-255 IP protocol number <protocol> IP protocol name !<protocol> IP protocol name Parameters for matching recently seen sources Source addresses seen more than N times u32:1-255 Source addresses seen more than N times Source addresses seen in the last second/minute/hour second minute hour second Source addresses seen COUNT times in the last second minute Source addresses seen COUNT times in the last minute hour Source addresses seen COUNT times in the last hour (second|minute|hour) Source parameters #include #include #include #include #include #include #include #include Time to match rule Date to start matching rule txt Enter date using following notation - YYYY-MM-DD (\d{4}\-\d{2}\-\d{2}) Time of day to start matching rule txt Enter time using using 24 hour notation - hh:mm:ss ([0-2][0-9](\:[0-5][0-9]){1,2}) Date to stop matching rule txt Enter date using following notation - YYYY-MM-DD (\d{4}\-\d{2}\-\d{2}) Time of day to stop matching rule txt Enter time using using 24 hour notation - hh:mm:ss ([0-2][0-9](\:[0-5][0-9]){1,2}) Comma separated weekdays to match rule on txt Name of day (Monday, Tuesday, Wednesday, Thursdays, Friday, Saturday, Sunday) u32:0-6 Day number (0 = Sunday ... 6 = Saturday)