#include #include Option to disable firewall rule IP fragment match Second and further fragments of fragmented packets Head fragments or unfragmented packets Inbound IPsec packets Inbound IPsec packets Inbound non-IPsec packets Rate limit using a token bucket filter Maximum number of packets to allow in excess of rate u32:0-4294967295 Maximum number of packets to allow in excess of rate Maximum average matching rate u32:0-4294967295 Maximum average matching rate Option to log packets matching rule enable disable enable Enable log disable Disable log ^(enable|disable)$ Protocol to match (protocol name, number, or "all") all tcp_udp all All IP protocols tcp_udp Both TCP and UDP u32:0-255 IP protocol number <protocol> IP protocol name !<protocol> IP protocol name Parameters for matching recently seen sources Source addresses seen more than N times u32:1-255 Source addresses seen more than N times Source addresses seen in the last N seconds u32:0-4294967295 Source addresses seen in the last N seconds Source parameters #include #include Source MAC address <MAC address> MAC address to match !<MAC address> Match everything except the specified MAC address #include Session state Established state enable disable enable Enable disable Disable ^(enable|disable)$ Invalid state enable disable enable Enable disable Disable ^(enable|disable)$ New state enable disable enable Enable disable Disable ^(enable|disable)$ Related state enable disable enable Enable disable Disable ^(enable|disable)$ TCP flags to match TCP flags to match txt Multiple comma-separated flags syn Syncronise flag ack Acknowledge flag fin Finish flag rst Reset flag urg Urgent flag psh Push flag \n When specifying more than one flag, flags should be comma-separated.\n For example: value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset syn ack fin rst urg psh Time to match rule Date to start matching rule txt Enter date using following notation - YYYY-MM-DD ^(\d{4}\-\d{2}\-\d{2})$ Time of day to start matching rule txt Enter time using using 24 hour notation - hh:mm:ss ^([0-2][0-9](\:[0-5][0-9]){1,2})$ Date to stop matching rule txt Enter date using following notation - YYYY-MM-DD ^(\d{4}\-\d{2}\-\d{2})$ Time of day to stop matching rule txt Enter time using using 24 hour notation - hh:mm:ss ^([0-2][0-9](\:[0-5][0-9]){1,2})$ Comma separated weekdays to match rule on txt Name of day (Monday, Tuesday, Wednesday, Thursdays, Friday, Saturday, Sunday) u32:0-6 Day number (0 = Sunday ... 6 = Saturday)