Filter
Top Products
Table B-1. Allowable Primitives (Continued)
Primitive Explanation
host host True if either the source or destination of the packet is host.
ether dst ehost True if the Ethernet destination address is ehost.
Ehost can be either a name from /etc/ethers or a number (see ethers(3N) for
numeric format).
ether src ehost True if the Ethernet source address is ehost.
ether host ehost True if either the ethernet source or destination address is ehost.
gateway host True if the packet used host as a gateway. In other words, the ethernet source or
destination address was host but neither the IP source nor the IP destination was host.
Host must be a name and must be found both by the machine's host-name-to-IP-
address resolution mechanisms (host name file, DNS, NIS, etc.) and by the machine's
host-name-to-Ethernet-address resolution mechanism (/etc/ethers, etc.). (An
equivalent expression is ether host ehost and not host host which can be
used with either names or numbers for host / ehost.) This syntax does not work in
IPv6-enabled configuration
dst net net True if the destination address of the packet has a network number of net.
Net can be either a name from /etc/networks or a network number (see
networks(4) for details).
src net net True if the source address of the packet has a network number of net.
net net True if either the source or destination address of the packet has a network number of
net.
net net mask mask True if the IP address matches net with the specific netmask. Can be qualified with src
or dst.
net net/length True if the address matches net a netmask length bits wide. Can be qualified with src
or dst.
dst port port True if the packet is ip/tcp or ip/udp, and has a destination port value of port.
The port can be a number or a name used in /etc/services (see tcp(4P) and
udp(4P)). If a name is used, both the port number and protocol are checked. If a
number or ambiguous name is used, only the port number is checked (e.g., dst port
513 will print both tcp/login traffic and udp/who traffic, and port domain will print both
tcp/domain and udp/domain traffic).
src port port True if the packet has a source port value of port.
port port True if either the source or destination port of the packet is port. Any of the above port
expressions can be prepended with the keywords tcp or udp, as in, for example
tcp src port port
which matches only tcp packets whose source port is port.
less length True if the packet has a length less than or equal to length.
greater length True if the packet has a length greater than or equal to length.
ip proto protocol True if the packet is an IP packet (see ip(4P)) of protocol type protocol. Protocol can
be a number or one of the names icmp, icmp6, igmp, igrp, pim, ah, esp, udp, or tcp.
Note that the identifiers tcp, udp, and icmp are also keywords and must be escaped
via backslash (\)
HP ProCurve Secure Access 700wl Series Management and Configuration Guide B-3