#include #include Option to disable firewall rule IP fragment match Second and further fragments of fragmented packets Head fragments or unfragmented packets Inbound IPsec packets Inbound IPsec packets Inbound non-IPsec packets Rate limit using a token bucket filter Maximum number of packets to allow in excess of rate u32:0-4294967295 burst__change_me Maximum average matching rate u32:0-4294967295 rate__change_me Option to log packets matching rule enable disable enable Enable log disable Disable log ^(enable|disable)$ Protocol to match (protocol name, number, or "all") all All IP protocols tcp_udp Both TCP and UDP 0-255 IP protocol number !<protocol> IP protocol number all Parameters for matching recently seen sources Source addresses seen more than N times u32:1-255 Source addresses seen more than N times Source addresses seen in the last N seconds u32:0-4294967295 Source addresses seen in the last N seconds Source parameters #include #include Source MAC address <MAC address> MAC address to match !<MAC address> Match everything except the specified MAC address #include Session state Established state enable disable enable Enable disable Disable ^(enable|disable)$ Invalid state enable disable enable Enable disable Disable ^(enable|disable)$ New state enable disable enable Enable disable Disable ^(enable|disable)$ Related state enable disable enable Enable disable Disable ^(enable|disable)$ TCP flags to match TCP flags to match txt TCP flags to match \n\n Allowed values for TCP flags : SYN ACK FIN RST URG PSH ALL\n When specifying more than one flag, flags should be comma-separated.\n For example : value of 'SYN,!ACK,!FIN,!RST' will only match packets with\n the SYN flag set, and the ACK, FIN and RST flags unset Time to match rule Monthdays to match rule on Date to start matching rule Time of day to start matching rule Date to stop matching rule Time of day to stop matching rule Interpret times for startdate, stopdate, starttime and stoptime to be UTC Weekdays to match rule on