#include #include #include #include IP fragment match Second and further fragments of fragmented packets Head fragments or unfragmented packets Inbound IPsec packets Inbound IPsec packets Inbound non-IPsec packets Rate limit using a token bucket filter Maximum number of packets to allow in excess of rate u32:0-4294967295 Maximum number of packets to allow in excess of rate Maximum average matching rate u32:0-4294967295 Maximum average matching rate #include Protocol to match (protocol name, number, or "all") all All IP protocols tcp_udp Both TCP and UDP 0-255 IP protocol number !<protocol> IP protocol number all Parameters for matching recently seen sources Source addresses seen more than N times u32:1-255 Source addresses seen more than N times Source addresses seen in the last N seconds u32:0-4294967295 Source addresses seen in the last N seconds Packet modifications Connection marking u32:0-2147483647 Connection marking Packet Differentiated Services Codepoint (DSCP) u32:0-63 DSCP number Packet marking u32:1-2147483647 Packet marking Routing table to forward packet with u32:1-200 Table number main Main table (main) main protocols static table TCP Maximum Segment Size u32:500-1460 Explicitly set TCP MSS value #include #include Time to match rule Monthdays to match rule on Date to start matching rule Time of day to start matching rule Date to stop matching rule Time of day to stop matching rule Interpret times for startdate, stopdate, starttime and stoptime to be UTC Weekdays to match rule on