# icmp type echo-reply accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "echo-reply"
}
},
{
"accept": null
}
]
# icmp type destination-unreachable accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "destination-unreachable"
}
},
{
"accept": null
}
]
# icmp type source-quench accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "source-quench"
}
},
{
"accept": null
}
]
# icmp type redirect accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "redirect"
}
},
{
"accept": null
}
]
# icmp type echo-request accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "echo-request"
}
},
{
"accept": null
}
]
# icmp type time-exceeded accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "time-exceeded"
}
},
{
"accept": null
}
]
# icmp type parameter-problem accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "parameter-problem"
}
},
{
"accept": null
}
]
# icmp type timestamp-request accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "timestamp-request"
}
},
{
"accept": null
}
]
# icmp type timestamp-reply accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "timestamp-reply"
}
},
{
"accept": null
}
]
# icmp type info-request accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "info-request"
}
},
{
"accept": null
}
]
# icmp type info-reply accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "info-reply"
}
},
{
"accept": null
}
]
# icmp type address-mask-request accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "address-mask-request"
}
},
{
"accept": null
}
]
# icmp type address-mask-reply accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "address-mask-reply"
}
},
{
"accept": null
}
]
# icmp type router-advertisement accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "router-advertisement"
}
},
{
"accept": null
}
]
# icmp type router-solicitation accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": "router-solicitation"
}
},
{
"accept": null
}
]
# icmp type {echo-reply, destination-unreachable, source-quench, redirect, echo-request, time-exceeded, parameter-problem, timestamp-request, timestamp-reply, info-request, info-reply, address-mask-request, address-mask-reply, router-advertisement, router-solicitation} accept
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"set": [
"echo-reply",
"destination-unreachable",
"source-quench",
"redirect",
"echo-request",
"time-exceeded",
"parameter-problem",
"timestamp-request",
"timestamp-reply",
"info-request",
"info-reply",
"address-mask-request",
"address-mask-reply",
"router-advertisement",
"router-solicitation"
]
}
}
},
{
"accept": null
}
]
# icmp type != {echo-reply, destination-unreachable, source-quench}
[
{
"match": {
"left": {
"payload": {
"field": "type",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
"echo-reply",
"destination-unreachable",
"source-quench"
]
}
}
}
]
# icmp code 111 accept
[
{
"match": {
"left": {
"payload": {
"field": "code",
"protocol": "icmp"
}
},
"op": "==",
"right": 111
}
},
{
"accept": null
}
]
# icmp code != 111 accept
[
{
"match": {
"left": {
"payload": {
"field": "code",
"protocol": "icmp"
}
},
"op": "!=",
"right": 111
}
},
{
"accept": null
}
]
# icmp code 33-55
[
{
"match": {
"left": {
"payload": {
"field": "code",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"range": [ 33, 55 ]
}
}
}
]
# icmp code != 33-55
[
{
"match": {
"left": {
"payload": {
"field": "code",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"range": [ 33, 55 ]
}
}
}
]
# icmp code { 33-55}
[
{
"match": {
"left": {
"payload": {
"field": "code",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"set": [
{ "range": [ 33, 55 ] }
]
}
}
}
]
# icmp code != { 33-55}
[
{
"match": {
"left": {
"payload": {
"field": "code",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
{ "range": [ 33, 55 ] }
]
}
}
}
]
# icmp code { 2, 4, 54, 33, 56}
[
{
"match": {
"left": {
"payload": {
"field": "code",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"set": [
2,
4,
33,
54,
56
]
}
}
}
]
# icmp code != { prot-unreachable, 4, 33, 54, 56}
[
{
"match": {
"left": {
"payload": {
"field": "code",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
"prot-unreachable",
4,
33,
54,
56
]
}
}
}
]
# icmp checksum 12343 accept
[
{
"match": {
"left": {
"payload": {
"field": "checksum",
"protocol": "icmp"
}
},
"op": "==",
"right": 12343
}
},
{
"accept": null
}
]
# icmp checksum != 12343 accept
[
{
"match": {
"left": {
"payload": {
"field": "checksum",
"protocol": "icmp"
}
},
"op": "!=",
"right": 12343
}
},
{
"accept": null
}
]
# icmp checksum 11-343 accept
[
{
"match": {
"left": {
"payload": {
"field": "checksum",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"range": [ 11, 343 ]
}
}
},
{
"accept": null
}
]
# icmp checksum != 11-343 accept
[
{
"match": {
"left": {
"payload": {
"field": "checksum",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"range": [ 11, 343 ]
}
}
},
{
"accept": null
}
]
# icmp checksum { 11-343} accept
[
{
"match": {
"left": {
"payload": {
"field": "checksum",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"set": [
{ "range": [ 11, 343 ] }
]
}
}
},
{
"accept": null
}
]
# icmp checksum != { 11-343} accept
[
{
"match": {
"left": {
"payload": {
"field": "checksum",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
{ "range": [ 11, 343 ] }
]
}
}
},
{
"accept": null
}
]
# icmp checksum { 1111, 222, 343} accept
[
{
"match": {
"left": {
"payload": {
"field": "checksum",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"set": [
1111,
222,
343
]
}
}
},
{
"accept": null
}
]
# icmp checksum != { 1111, 222, 343} accept
[
{
"match": {
"left": {
"payload": {
"field": "checksum",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
1111,
222,
343
]
}
}
},
{
"accept": null
}
]
# icmp id 1245 log
[
{
"match": {
"left": {
"payload": {
"field": "id",
"protocol": "icmp"
}
},
"op": "==",
"right": 1245
}
},
{
"log": null
}
]
# icmp id 22
[
{
"match": {
"left": {
"payload": {
"field": "id",
"protocol": "icmp"
}
},
"op": "==",
"right": 22
}
}
]
# icmp id != 233
[
{
"match": {
"left": {
"payload": {
"field": "id",
"protocol": "icmp"
}
},
"op": "!=",
"right": 233
}
}
]
# icmp id 33-45
[
{
"match": {
"left": {
"payload": {
"field": "id",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"range": [ 33, 45 ]
}
}
}
]
# icmp id != 33-45
[
{
"match": {
"left": {
"payload": {
"field": "id",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"range": [ 33, 45 ]
}
}
}
]
# icmp id { 33-55}
[
{
"match": {
"left": {
"payload": {
"field": "id",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"set": [
{ "range": [ 33, 55 ] }
]
}
}
}
]
# icmp id != { 33-55}
[
{
"match": {
"left": {
"payload": {
"field": "id",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
{ "range": [ 33, 55 ] }
]
}
}
}
]
# icmp id { 22, 34, 333}
[
{
"match": {
"left": {
"payload": {
"field": "id",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"set": [
22,
34,
333
]
}
}
}
]
# icmp id != { 22, 34, 333}
[
{
"match": {
"left": {
"payload": {
"field": "id",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
22,
34,
333
]
}
}
}
]
# icmp sequence 22
[
{
"match": {
"left": {
"payload": {
"field": "sequence",
"protocol": "icmp"
}
},
"op": "==",
"right": 22
}
}
]
# icmp sequence != 233
[
{
"match": {
"left": {
"payload": {
"field": "sequence",
"protocol": "icmp"
}
},
"op": "!=",
"right": 233
}
}
]
# icmp sequence 33-45
[
{
"match": {
"left": {
"payload": {
"field": "sequence",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"range": [ 33, 45 ]
}
}
}
]
# icmp sequence != 33-45
[
{
"match": {
"left": {
"payload": {
"field": "sequence",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"range": [ 33, 45 ]
}
}
}
]
# icmp sequence { 33, 55, 67, 88}
[
{
"match": {
"left": {
"payload": {
"field": "sequence",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"set": [
33,
55,
67,
88
]
}
}
}
]
# icmp sequence != { 33, 55, 67, 88}
[
{
"match": {
"left": {
"payload": {
"field": "sequence",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
33,
55,
67,
88
]
}
}
}
]
# icmp sequence { 33-55}
[
{
"match": {
"left": {
"payload": {
"field": "sequence",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"set": [
{ "range": [ 33, 55 ] }
]
}
}
}
]
# icmp sequence != { 33-55}
[
{
"match": {
"left": {
"payload": {
"field": "sequence",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
{ "range": [ 33, 55 ] }
]
}
}
}
]
# icmp mtu 33
[
{
"match": {
"left": {
"payload": {
"field": "mtu",
"protocol": "icmp"
}
},
"op": "==",
"right": 33
}
}
]
# icmp mtu 22-33
[
{
"match": {
"left": {
"payload": {
"field": "mtu",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"range": [ 22, 33 ]
}
}
}
]
# icmp mtu { 22-33}
[
{
"match": {
"left": {
"payload": {
"field": "mtu",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"set": [
{ "range": [ 22, 33 ] }
]
}
}
}
]
# icmp mtu != { 22-33}
[
{
"match": {
"left": {
"payload": {
"field": "mtu",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
{ "range": [ 22, 33 ] }
]
}
}
}
]
# icmp mtu 22
[
{
"match": {
"left": {
"payload": {
"field": "mtu",
"protocol": "icmp"
}
},
"op": "==",
"right": 22
}
}
]
# icmp mtu != 233
[
{
"match": {
"left": {
"payload": {
"field": "mtu",
"protocol": "icmp"
}
},
"op": "!=",
"right": 233
}
}
]
# icmp mtu 33-45
[
{
"match": {
"left": {
"payload": {
"field": "mtu",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"range": [ 33, 45 ]
}
}
}
]
# icmp mtu != 33-45
[
{
"match": {
"left": {
"payload": {
"field": "mtu",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"range": [ 33, 45 ]
}
}
}
]
# icmp mtu { 33, 55, 67, 88}
[
{
"match": {
"left": {
"payload": {
"field": "mtu",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"set": [
33,
55,
67,
88
]
}
}
}
]
# icmp mtu != { 33, 55, 67, 88}
[
{
"match": {
"left": {
"payload": {
"field": "mtu",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
33,
55,
67,
88
]
}
}
}
]
# icmp mtu { 33-55}
[
{
"match": {
"left": {
"payload": {
"field": "mtu",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"set": [
{ "range": [ 33, 55 ] }
]
}
}
}
]
# icmp mtu != { 33-55}
[
{
"match": {
"left": {
"payload": {
"field": "mtu",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
{ "range": [ 33, 55 ] }
]
}
}
}
]
# icmp gateway 22
[
{
"match": {
"left": {
"payload": {
"field": "gateway",
"protocol": "icmp"
}
},
"op": "==",
"right": 22
}
}
]
# icmp gateway != 233
[
{
"match": {
"left": {
"payload": {
"field": "gateway",
"protocol": "icmp"
}
},
"op": "!=",
"right": 233
}
}
]
# icmp gateway 33-45
[
{
"match": {
"left": {
"payload": {
"field": "gateway",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"range": [ 33, 45 ]
}
}
}
]
# icmp gateway != 33-45
[
{
"match": {
"left": {
"payload": {
"field": "gateway",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"range": [ 33, 45 ]
}
}
}
]
# icmp gateway { 33, 55, 67, 88}
[
{
"match": {
"left": {
"payload": {
"field": "gateway",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"set": [
33,
55,
67,
88
]
}
}
}
]
# icmp gateway != { 33, 55, 67, 88}
[
{
"match": {
"left": {
"payload": {
"field": "gateway",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
33,
55,
67,
88
]
}
}
}
]
# icmp gateway { 33-55}
[
{
"match": {
"left": {
"payload": {
"field": "gateway",
"protocol": "icmp"
}
},
"op": "==",
"right": {
"set": [
{ "range": [ 33, 55 ] }
]
}
}
}
]
# icmp gateway != { 33-55}
[
{
"match": {
"left": {
"payload": {
"field": "gateway",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
{ "range": [ 33, 55 ] }
]
}
}
}
]
# icmp gateway != 34
[
{
"match": {
"left": {
"payload": {
"field": "gateway",
"protocol": "icmp"
}
},
"op": "!=",
"right": 34
}
}
]
# icmp gateway != { 333, 334}
[
{
"match": {
"left": {
"payload": {
"field": "gateway",
"protocol": "icmp"
}
},
"op": "!=",
"right": {
"set": [
333,
334
]
}
}
}
]