Filter
Top Products
B
FILTER EXPRESSION SYNTAX
This appendix describes the syntax used to define user access rights (allowed traffic filters and redirected
traffic filters), bridged traffic, and HTTP Proxy filters.
It includes the following sections:
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Filter Specification Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Tcpdump Primitives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2
Introduction
The 700wl Series system uses filters defined in tcpdump syntax to specify user access rights (Allowed
Traffic filters and Redirected Traffic filters), bridged traffic, and proxy filters. Incoming packets are tested
against these filters to determine whether those packets should be forwarded, redirected, or bridged.
This appendix describes the syntax of the filter specifications used by the 700wl Series system for
defining Allowed and Redirected Traffic filters, Bridged traffic, and HTTP Proxy filters.
Filter Specification Syntax
Each filter specification is an expression formed using the tcpdump syntax. If an incoming packet
matches the filter (the expression is “true”) then the packet is forwarded, redirected, or bridged,
depending on the type of filter. If no expression in the set of filters is true, the packet is dropped.
An expression consists of one or more primitives. Primitives usually consist of an ID (name or number)
preceded by one or more qualifiers. There are three different kinds of qualifier:
• Type qualifiers indicate the type of object to which the ID name refers. Possible types are
host, net and
port. If there is no type qualifier, host is assumed.
Examples are: “
host myHost”, “net 122.43”, or “port 44”.
• Direction qualifiers specify a particular transfer direction— from the ID (
src), to the ID (dst), either to
or from (
src or dst) or both to and from (src and dst). If there is no direction qualifier, src or dst
is assumed. For null link layers (i.e. point to point protocols such as slip) the inbound and outbound
qualifiers can be used to specify a desired direction.
Examples are:
“src myHost”, “dst net 122.43”, or “src or dst port ftp-data”.
• Protocol qualifiers restrict the match to a particular protocol. Possible protocols are:
ether, fddi, tr, ip,
ip6, arp, rarp, decnet,
tcp and udp. If there is no protocol qualifier, all protocols consistent with the ID
type are assumed.
B-1