Znyx Networks bh5700 manual Specifying TCP flags, Specifying an Interface, Filter Rule Targets

The type can be preceded by ! to match any message except the type listed, for example, --icmp-type ! 1

Specifying TCP or UDP ports

If the protocol is TCP or UDP, the -s( or --sport) and -d(or --dport) options specify the TCP or UDP ports to match.

A range of ports can be specified by giving the first and last ports separated by a :, as in -- dport 0:1023. It is also possible to precede the port specification with a ! to match all ports which are not included in the range, for example, --sport ! 0:1023. However, the range of ports must be a power of two, starting with a port number which is a multiple of the range.

Specifying TCP flags

If the protocol is TCP, a match on particular TCP flags is specified by listing the flag names; for example, -p tcp --syn.

Specifying an Interface

The -i(or --in-interface) and -o(or --out-interface) options specify the name of an interface to match. An interface is the physical device the packet came in on (-i) or is going out on (-o). You can use the ifconfig command to list the `up' interfaces (for example, working at the moment).

As a special case, an interface name ending with a + will match all interfaces, whether they currently exist or not, which begin with that string. For example, to specify a rule which matches all zhp interfaces, the -i zhp+ option would be used.

Filter Rule Targets

As mentioned above the -jconstruct within a rule specifies which target is to be used in filter rule to define a target.

Supported Targets

The following are the supported targets. The switch has many additional targets that are software based (example Network Address Translation or generic connection tracking).

Classical Targets

DROP This drops the packet.

Parameters for ZACTION: