#include #include #include #include #include #include #include #include Protocol to match (protocol name, number, or "all") all All IP protocols tcp_udp Both TCP and UDP 0-255 IP protocol number !<protocol> IP protocol number all Parameters for matching recently seen sources Source addresses seen more than N times u32:1-255 Source addresses seen more than N times Source addresses seen in the last N seconds u32:0-4294967295 Source addresses seen in the last N seconds #include #include #include #include #include #include #include #include Time to match rule Monthdays to match rule on Date to start matching rule Time of day to start matching rule Date to stop matching rule Time of day to stop matching rule Interpret times for startdate, stopdate, starttime and stoptime to be UTC Weekdays to match rule on