Allied Telesis AT-WR4500 manual

unicast - IP addresses used for one point to another point transmission. There is only one sender and one receiver in this case

local - matches addresses assigned to router's interfaces

broadcast - the IP packet is sent from one point to all other points in the IP subnetwork

multicast - this type of IP addressing is responsible for transmission from one or more points to a set of other points

dst-limit(integer/time{0,1},integer,dst-address dst-port src-address{+},time{0,1}) - limits the packet per second (pps) rate on a per destination IP or per destination port base. As opposed to the limit match, every destination IP address / destination port has it's own limit. The options are as follows (in order of appearance):

count - maximum average packet rate, measured in packets per second (pps), unless followed by time option

time - specifies the time interval over which the packet rate is measured burst - number of packets to match in a burst

mode - the classifier(-s) for packet rate limiting

expire - specifies interval after which recorded IP addresses / ports will be deleted dst-port(integer: 0..65535-integer: 0..65535{*}) - destination port number or range fragment (yes no) - whether the packet is a fragment of an IP packet. Starting packet (i.e., first fragment) does not count. Note that is the connection tracking is enabled, there will be no fragments as the system automatically assembles every packet

hotspot (multiple choice: auth from-client http local-dst to-client) - matches packets received from clients against various HotSpot conditions. All values can be negated

auth - true, if a packet comes from an authenticted HotSpotclient from-client- true, if a packet comes from any HotSpot client

http - true, if a HotSpot client sends a packet to the address and port previously detected as his proxy server (Universal Proxy technique) or if the destination port is 80 and transparent proxying is enabled for that particular client

local-dst- true, if a packet has local destination IP address to-client- true, if a packet is sent to a client icmp-options(integer:integer) - matches ICMP Type:Code fields

in-bridge-port(name) - actual interface the packet has entered the router through (if bridged, this property matches the actual bridge port, while in-interface- the bridge itself)

in-interface(name) - interface the packet has entered the router through (if the interface is bridged, then the packet will appear to come from the bridge interface itself)

ingress-priority(integer: 0..63) - INGRESS (received) priority of the packet, if set (0 otherwise). The priority may be derived from either VLAN or WMM priority

ipv4-options(any loose-source-routing no-record-route no-router-alert no-source-routing no- timestamp none record-route router-alert strict-source-routing timestamp) - match ipv4 header options

any - match packet with at least one of the ipv4 options

loose-source-routing- match packets with loose source routing option. This option is used to route the internet datagram based on information supplied by the source

no-record-route- match packets with no record route option. This option is used to route the internet datagram based on information supplied by the source

no-router-alert- match packets with no router alter option no-source-routing- match packets with no source routing option no-timestamp- match packets with no timestamp option record-route- match packets with record route option router-alert- match packets with router alter option strict-source-routing- match packets with strict source routing option timestamp - match packets with timestamp

jump-target(forward input output name) - name of the target chain to jump to, if the action=jump is used

layer7-protocol(name) - Layer 7 filter name as set in the /ip firewall layer7-protocolmenu. Caution: this matcher needs high computational power

limit (integer/time{0,1},integer) - restricts packet match rate to a given limit. Usefull to reduce the amount of log messages

count - maximum average packet rate, measured in packets per second (pps), unless followed by time option