Allied Telesis AT-WR4500 manual

time - specifies the time interval over which the packet rate is measured burst - number of packets to match in a burst

log-prefix(text) - all messages written to logs will contain the prefix specified herein. Used in conjunction with action=log

nth (integer,integer: 0..15,integer{0,1}) - match a particular Nth packet received by the rule. One of 16 available counters can be used to count packets

every - match every every+1th packet. For example, if every=1 then the rule matches every 2nd packet

counter - specifies which counter to use. A counter increments each time the rule containing nth match matches

packet - match on the given packet number. The value by obvious reasons must be between 0 and every. If this option is used for a given counter, then there must be at least every+1 rules with this option, covering all values between 0 and every inclusively.

out-bridge-port(name) - actual interface the packet is leaving the router through (if bridged, this property matches the actual bridge port, while out-interface- the bridge itself)

out-interface(name) - interface the packet is leaving the router through (if the interface is bridged, then the packet will appear to leave through the bridge interface itself)

p2p (all-p2p bit-torrent blubster direct-connect edonkey fasttrack gnutella soulseek warez winmx) - matches packets from various peer-to-peer (P2P) protocols

packet-mark(text) - matches packets marked via mangle facility with particular packet mark packet-size(integer: 0..65535-integer: 0..65535{0,1}) - matches packet of the specified size or size range in bytes

min - specifies lower boundary of the size range or a standalone value max - specifies upper boundary of the size range

port (port{0-16}) - matches if any (source or destination) port matches the specified list of ports or port ranges (note that the protocol must still be selected, just like for the regular src-portand dst-portmatchers)

protocol (ddp egp encap ggp gre hmp icmp idrp-cmtp igmp ipencap ipip ipsec-ah ipsec- esp iso-tp4 ospf pup rdp rspf st tcp udp vmtp xns-idp xtp integer) - matches particular IP protocol specified by protocol name or number. You should specify this setting if you want to specify ports

psd (integer,time,integer,integer) - attempts to detect TCP and UDP scans. It is advised to assign lower weight to ports with high numbers to reduce the frequency of false positives, such as from passive mode FTP transfers

WeightThreshold - total weight of the latest TCP/UDP packets with different destination ports coming from the same host to be treated as port scan sequence

DelayThreshold - delay for the packets with different destination ports coming from the same host to be treated as possible port scan subsequence

LowPortWeight - weight of the packets with privileged (<=1024) destination port HighPortWeight - weight of the packet with non-priviliged destination port random (integer: 1..99) - matches packets randomly with given propability

reject-with(icmp-admin-prohibited icmp-echo-reply icmp-host-prohibited icmp-host-unreachable icmp-net-prohibited icmp-network-unreachable icmp-port-unreachable icmp-protocol-unreachable tcp-reset integer) - alters the reply packet of reject action

routing-mark(name) - matches packets marked by mangle facility with particular routing mark src-address(IP address/netmask IP address-IP address) - specifies the address range an IP packet is originated from. Note that console converts entered address/netmask value to a valid network address, i.e.:1.1.1.1/24 is converted to 1.1.1.0/24

src-address-list(name) - matches source address of a packet against user-defined address list src-address-type(unicast local broadcast multicast) - matches source address type of the IP packet, one of the:

unicast - IP addresses used for one point to another point transmission. There is only one sender and one receiver in this case

local - matches addresses assigned to router's interfaces

broadcast - the IP packet is sent from one point to all other points in the IP subnetwork

multicast - this type of IP addressing is responsible for transmission from one or more points to a set of other points

src-mac-address(MAC address) - source MAC address

src-port(integer: 0..65535-integer: 0..65535{*}) - source port number or range