Ip packet filter rule operators and port names – Compatible Systems 5.4 User Manual
Page 196
190
Chapter 11 - TCP/IP Filtering
the device when it compares the address in a packet to the filter rule. For
example, an address specified in the rules as 192.15.32.0/19 would match all
host addresses from 192.15.32.1 to 192.15.63.255.
Any part of an address which is past the number of significant bits specified
is ignored and assumed to be zero.
IP Packet Filter Rule Operators and Port Names
Filter rules can accept certain modifiers, which are described in the next
subsection of this manual. All of these modifiers use a set of expression oper-
ators to allow information in a packet to be compared to the modifier’s param-
eters. These operators are discussed below:
•
eq, ==, or = These are allowable ways of writing an "equality" operator
which will match a packet if its port number is equal to the port specified
in the modifier.
•
lt or < These are allowable ways of writing a "less than" operator which
will match a packet if its port number is less than the port specified in the
modifier.
•
lteq, le, <=, or =< These are allowable ways of writing a "less than or
equal to" operator which will match a packet if its port number is less
than or equal to the port specified in the modifier.
•
gt or > These are allowable ways of writing a "greater than" operator
which will match a packet if its port number is greater than the port spec-
ified in the modifier.
•
gteq, ge, >=, or => These are allowable ways of writing a "greater than
or equal to" operator which will match a packet if its port number is
greater than or equal to the port specified in the modifier.
•
ne, <>, or != These are allowable ways of writing an "inequality" oper-
ator which will match a packet if its port number is not equal to the port
specified in the modifier.
v Note: In rules where expressions are used, the syntax checker requires a
space before and a space after the expression operator(s).