#include #include Option to disable firewall rule IP fragment match Second and further fragments of fragmented packets Head fragments or unfragmented packets Inbound IPsec packets Inbound IPsec packets Inbound non-IPsec packets Rate limit using a token bucket filter Maximum number of packets to allow in excess of rate u32:0-4294967295 Maximum number of packets to allow in excess of rate Maximum average matching rate u32:0-4294967295 Maximum average matching rate Option to log packets matching rule enable disable enable Enable log disable Disable log ^(enable|disable)$ Protocol to match (protocol name, number, or "all") all tcp_udp all All IP protocols tcp_udp Both TCP and UDP u32:0-255 IP protocol number <protocol> IP protocol name !<protocol> IP protocol name Parameters for matching recently seen sources Source addresses seen more than N times u32:1-255 Source addresses seen more than N times Source addresses seen in the last N seconds u32:0-4294967295 Source addresses seen in the last N seconds Source parameters #include #include Source MAC address <MAC address> MAC address to match !<MAC address> Match everything except the specified MAC address #include Session state Established state enable disable enable Enable disable Disable ^(enable|disable)$ Invalid state enable disable enable Enable disable Disable ^(enable|disable)$ New state enable disable enable Enable disable Disable ^(enable|disable)$ Related state enable disable enable Enable disable Disable ^(enable|disable)$ #include Time to match rule Date to start matching rule txt Enter date using following notation - YYYY-MM-DD ^(\d{4}\-\d{2}\-\d{2})$ Time of day to start matching rule txt Enter time using using 24 hour notation - hh:mm:ss ^([0-2][0-9](\:[0-5][0-9]){1,2})$ Date to stop matching rule txt Enter date using following notation - YYYY-MM-DD ^(\d{4}\-\d{2}\-\d{2})$ Time of day to stop matching rule txt Enter time using using 24 hour notation - hh:mm:ss ^([0-2][0-9](\:[0-5][0-9]){1,2})$ Comma separated weekdays to match rule on txt Name of day (Monday, Tuesday, Wednesday, Thursdays, Friday, Saturday, Sunday) u32:0-6 Day number (0 = Sunday ... 6 = Saturday)