accountmanagementengineBNF_Rules
nfw { <action> <chain> <parameters> } | file <string> | help
<chain> =: INPUT | OUTPUT | FORWARD
<action> =: DROP | DENY | ACCEPT | LOG | CUSTOM
<CUSTOM is a special type that will interpret the rule as is>
<parameters> =: { <ip> | <iprange> | <port> | <comment> | <protocol> | <cstate> | <state> | <recent> | <name> | <rsource> | <position> } | <parameters>
<ip> =: <ip_addr> <direction>
<iprange> =: <ip_addr>-<ip_addr> <direction>
<port> =: # <direction>
<recent> =: recent <time>-#-#
<name> =: name <string>
<comment> =: comment <string>
<protocol> =: protocol ( tcp | udp )
<cstate> =: cstate { NEW | RELATED | ESTABLISHED | INVALID }
<state> =: state { NEW | RELATED | ESTABLISHED | INVALID }
<ip_addr> =: #.#.#.#
<direction> =: source | destitation
Recent construct:
-m recent --update --seconds # --hitcount #
IP construct:
-s <ip_addr>
-d <ip_addr>
IPrange construct:
-m iprange --src-range <ip_addr>-<ip_addr>
match construct:
-m lcase(<protocol>)
protocol construct:
-p lcase(<protocol>)
Comment construct
-m comment --comment
Port construct:
if source:
--sport #
if dest:
--dport #
name construct:
--name <string>
rsource construct:
--rsource