source-git / iptables

Clone
Source Code
GIT

Blame utils/nfbpf_compile.8.in

c8 c8s master
  1.   83b9b9dec02600d86e4354342803ab60ff875669
  2.   utils
  3.   nfbpf_compile.8.in
Blob History Raw
Packit 7b22a4 
.TH NFBPF_COMPILE 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
Packit 7b22a4
Packit 7b22a4 
.SH NAME
Packit 7b22a4 
nfbpf_compile \- generate bytecode for use with xt_bpf
Packit 7b22a4 
.SH SYNOPSIS
Packit 7b22a4
Packit 7b22a4 
.ad l
Packit 7b22a4 
.in +8
Packit 7b22a4 
.ti -8
Packit 7b22a4 
.B nfbpf_compile
Packit 7b22a4 
[
Packit 7b22a4 
.I LLTYPE
Packit 7b22a4 
]
Packit 7b22a4 
.I PROGRAM
Packit 7b22a4
Packit 7b22a4 
.ti -8
Packit 7b22a4 
.I LLTYPE
Packit 7b22a4 
:= {
Packit 7b22a4 
.BR EN10MB " | " RAW " | " SLIP " | "
Packit 7b22a4 
.I ...
Packit 7b22a4 
}
Packit 7b22a4
Packit 7b22a4 
.SH DESCRIPTION
Packit 7b22a4 
The
Packit 7b22a4 
.B nfbpf_compile
Packit 7b22a4 
utility aids in generating BPF byte code suitable for passing to
Packit 7b22a4 
the iptables
Packit 7b22a4 
.B bpf
Packit 7b22a4 
match.
Packit 7b22a4
Packit 7b22a4 
.SH OPTIONS
Packit 7b22a4
Packit 7b22a4 
.TP
Packit 7b22a4 
.I LLTYPE
Packit 7b22a4 
Link-layer header type to operate on. This is a name as defined in
Packit 7b22a4 
.RB < pcap/dlt.h >
Packit 7b22a4 
but with the leading
Packit 7b22a4 
.B DLT_
Packit 7b22a4 
prefix stripped. For use with iptables,
Packit 7b22a4 
.B RAW
Packit 7b22a4 
should be the right choice (it's also the default if not specified).
Packit 7b22a4
Packit 7b22a4 
.TP
Packit 7b22a4 
.I PROGRAM
Packit 7b22a4 
The BPF expression to compile, see
Packit 7b22a4 
.BR pcap-filter (7)
Packit 7b22a4 
for a description of the language.
Packit 7b22a4
Packit 7b22a4 
.SH EXIT STATUS
Packit 7b22a4 
The program returns 0 on success, 1 otherwise.
Packit 7b22a4
Packit 7b22a4 
.SH EXAMPLE
Packit 7b22a4 
Match incoming TCP packets with size bigger than 100 bytes:
Packit 7b22a4 
.P
Packit 7b22a4 
.in +8
Packit 7b22a4 
.EE
Packit 7b22a4 
bpf=$(nfbpf_compile 'tcp and greater 100')
Packit 7b22a4 
.br
Packit 7b22a4 
iptables -A INPUT -m bpf --bytecode "$bpf" -j ACCEPT
Packit 7b22a4 
.RE
Packit 7b22a4 
.P
Packit 7b22a4 
The description of
Packit 7b22a4 
.B bpf
Packit 7b22a4 
match in
Packit 7b22a4 
.BR iptables-extensions (8)
Packit 7b22a4 
lists a few more examples.
Packit 7b22a4
Packit 7b22a4 
.SH SEE ALSO
Packit 7b22a4 
.BR iptables-extensions (8),
Packit 7b22a4 
.BR pcap-filter (7)

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation