First page Back Continue Last page Summary Graphics

Basic Filtering (cont)

rule = action direction [options] [proto] ip
ip = srcdst [icmp]
icmp = "icmp-type" icmp-type ["code" codenr]
icmp-type =
- nr (see netinet/ip_icmp.h), or:
- "unreach" or "echo" or ...
codenr = icmp subcode (0-255)
Only allowed with "proto icmp"

Notes: