Value

Description

permit

Packets matching the rest of the fields in the rule definition will be allowed through the firewall

deny

Packets matching the rest of the fields in the rule definition will be blocked by the firewall

Value

Description

x.x.x.x

A valid IP address in dotted decimal format, e.g. 192.168.42.50

Value

Description

x.x.x.x

Applied as bitwise AND to match address, e.g. 255.255.255.0

Value

Description

all

Matches all protocols

icmp

Matches ICMP packets

udp

Matches UDP packets

tcp

Matches TCP packets

tcp/ack

Matches TCP packets with acknowledgement bit set

ipsp

Matches IPSP packets

Value

Description

any 0

Matches any port number

eq (port no.)

Matches specified port number, e.g. eq 301

neq (port no.)

Matches any port number other than that specified

lt (port no.)

Matches any port number less than that specified

gt (port no.)

Matches any port number greater than that specified

le (port no.)

Matches any port number less than or equal to that specified

ge (port no.)

Matches any port number greater than or equal to that specifed

Value

Description

secure

Matches packets flowing through a secure interface

non-secure

Matches packets flowing through a non-secure interface

both

Matches all packets

Value

Description

local

Matches packets flowing to or from the firewall

route

Matches packets flowing through the firewall

both

Matches all packets

Value

Description

inbound

Matches packets flowing to the specified interface

outbound

Matches packets flowing from the specified interface

both

Matches all packets

Value

Description

l=yes

Logs packets if set (default for denied packets)

l=no

Does not log packets if set (default for permitted packets)

Value

Description

f=yes

Matches headers, fragments and non-fragmented packets if set

f=no

Matches only non-fragmented packets if set

f=only

Matches only headers and fragments if set

Value

Description

t=(tunnel id)

Identifies tunnel through which packet must be sent if set