Compatible Systems 5.4 manual IP Packet Filter Rule Operators and Port Names

the device when it compares the address in a packet to the filter rule. For example, an address specified in the rules as 192.15.32.0/19 would match all host addresses from 192.15.32.1 to 192.15.63.255.

Any part of an address which is past the number of significant bits specified is ignored and assumed to be zero.

IP Packet Filter Rule Operators and Port Names

Filter rules can accept certain modifiers, which are described in the next subsection of this manual. All of these modifiers use a set of expression oper- ators to allow information in a packet to be compared to the modifier’s param- eters. These operators are discussed below:

•eq, ==, or = These are allowable ways of writing an "equality" operator which will match a packet if its port number is equal to the port specified in the modifier.

•lt or < These are allowable ways of writing a "less than" operator which will match a packet if its port number is less than the port specified in the modifier.

•lteq, le, <=, or =< These are allowable ways of writing a "less than or equal to" operator which will match a packet if its port number is less than or equal to the port specified in the modifier.

•gt or > These are allowable ways of writing a "greater than" operator which will match a packet if its port number is greater than the port spec- ified in the modifier.

•gteq, ge, >=, or => These are allowable ways of writing a "greater than or equal to" operator which will match a packet if its port number is greater than or equal to the port specified in the modifier.

•ne, <>, or != These are allowable ways of writing an "inequality" oper- ator which will match a packet if its port number is not equal to the port specified in the modifier.

ϖNote: In rules where expressions are used, the syntax checker requires a space before and a space after the expression operator(s).