User Guide
8 Firewall Commands
141 / 260
3EC 16982 AFAA TCZZA Ed. 01
[srcbridgeport] A number between 0 and 6.
Represents the bridge port the virtual packet should [or should NOT]
arrive on.
Execute bridge iflist for a list of available bridge ports.
OPTIONAL
[src] The source IP address (range) the packet should [or should NOT]
come from. (Supports cidr notation).
OPTIONAL
[srcmsk] The source IP address mask defining the range (see src). OPTIONAL
[dstintf] The name of the interface the packet should [or should NOT] be
going to.
(NOT applicable if used in a chain assigned to the input hook)
OPTIONAL
[dstintfgrp] The interface group the packet should [or should NOT] be going to.
Choose between:
wan
local
lan
(NOT applicable if used in a chain assigned to the input hook)
OPTIONAL
[dst] The destination IP address (range) the packet should [or should NOT]
be going to. (supports cidr notation).
OPTIONAL
[dstmsk] The destination IP address mask defining the range (see dst). OPTIONAL
[tos] A number between 0 and 255.
Represents the Type Of Service specification which should be
expected [or NOT expected] in the IP packet. The Type of Service
numbering specification is in accordance to the latest version of
RFC1700: Assigned numbers.
OPTIONAL
[prot] The protocol (name or number) in the IP packet expected [or NOT
expected] in the IP packet.
Choose between:
tcp
udp
icmp
Or specify the protocol number in accordance to the latest version of
RFC1700: Assigned numbers.
OPTIONAL
[syn] Expect TCP SYN flag set (yes) or not (no).
In combination with TCP ACK this allows selection of incoming versus
outgoing TCP connections.
OPTIONAL
[urg] Expect TCP URG flag set (yes) or not (no). OPTIONAL
[ack] Expect TCP ACK flag set (yes) or not (no). OPTIONAL