Differences

This shows you the differences between two versions of the page.

--- firewall:syntax [2010/11/01 13:37]
tibor
+++ firewall:syntax [2015/02/25 11:04] (current)
mats
@@ Line 21: / Line 21: @@
 ===== Packet processing pipeline =====
+{{ :firewall:setup_rules.gif|Pipeline schematics}}
 Incoming packets on an interface are first checked for validity using a predefined set of checks. After that fragments are handled specifically. The first user controlled filtering stage is the supervisor rule set. Supervisor rules are often used as a coarse filter to get rid of unwanted traffic. An example of this is the so-called "spoof protection", which makes sure that an incoming package comes from a valid IP address range.
@@ Line 219: / Line 222: @@
 ^ Pre-processor parameters	^ Description ^
-| $(net.et1.ip=)	| IP address of the et1 interface |
+| $(net.if.ip=[et1])	| IP address of the et1 interface |
-| $(net.et2.ip=)	| IP address of the et2 interface |
+| $(net.if.ip=[et2])	| IP address of the et2 interface |
-| $(net.usb.ip=)	| IP address of the USB interface |
+| $(net.if.mask=[et1])	| Subnet Mask of the et1 interface |
-| $(net.et1.mask=)	| Subnet Mask of the et1 interface |
+| $(net.if.mask=[et2])	| Subnet Mask of the et2 interface |
-| $(net.et2.mask=)	| Subnet Mask of the et2 interface |
-| $(net.usb.mask=)	| Subnet Mask of the USB interface |

firewall/syntax.1288615051.txt.gz · Last modified: 2010/11/01 13:37 by tibor