1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept
ip test-ip input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
[ payload load 2b @ transport header + 2 => reg 1 ]
[ cmp eq reg 1 0x00001600 ]
[ meta load iiftype => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
[ payload load 4b @ network header + 16 => reg 1 ]
[ cmp eq reg 1 0x04030201 ]
[ payload load 6b @ link header + 6 => reg 1 ]
[ cmp eq reg 1 0x0c540f00 0x00000411 ]
[ immediate reg 0 accept ]
# tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4
ip test-ip input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
[ payload load 2b @ transport header + 2 => reg 1 ]
[ cmp eq reg 1 0x00001600 ]
[ meta load iiftype => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
[ payload load 6b @ link header + 6 => reg 1 ]
[ cmp eq reg 1 0x0c540f00 0x00000411 ]
[ payload load 4b @ network header + 16 => reg 1 ]
[ cmp eq reg 1 0x04030201 ]
# tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04
ip test-ip input
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000006 ]
[ payload load 2b @ transport header + 2 => reg 1 ]
[ cmp eq reg 1 0x00001600 ]
[ payload load 4b @ network header + 16 => reg 1 ]
[ cmp eq reg 1 0x04030201 ]
[ meta load iiftype => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
[ payload load 6b @ link header + 6 => reg 1 ]
[ cmp eq reg 1 0x0c540f00 0x00000411 ]
# ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept
ip test-ip input
[ meta load iiftype => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
[ payload load 6b @ link header + 6 => reg 1 ]
[ cmp eq reg 1 0x0c540f00 0x00000411 ]
[ payload load 4b @ network header + 16 => reg 1 ]
[ cmp eq reg 1 0x04030201 ]
[ immediate reg 0 accept ]
|
