-
Notifications
You must be signed in to change notification settings - Fork 5
/
iptables.patterns
28 lines (19 loc) · 1.62 KB
/
iptables.patterns
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
UNSIGNED_INT [0-9]+
IPTABLES_ETHERNET IN=%{WORD:in_device} OUT=%{WORD:out_device}? MAC=(?:[^\s]+)
IPTABLES_PORT_PAIR SPT=%{UNSIGNED_INT:src_port} DPT=%{UNSIGNED_INT:dst_port}
IPTABLES_TCP_FLAGS ((?<= )(CWR|ECE|URG|ACK|PSH|RST|SYN|FIN))*
IPTABLES_TCP_SEQ SEQ=%{UNSIGNED_INT:seq_seq} ACK=%{UNSIGNED_INT:seq_ack}
IPTABLES_TCP_DETAILS (?:%{IPTABLES_TCP_SEQ} )?WINDOW=%{UNSIGNED_INT:window} RES=0x%{BASE16NUM:res} %{IPTABLES_TCP_FLAGS:tcp_flags}
IPTABLES_INCOMPLETE_PACKET INCOMPLETE \[%{UNSIGNED_INT:incomplete} bytes\]
IPTABLES_UDP_DETAILS LEN=%{UNSIGNED_INT:udp_len}
IPTABLES_ICMP_EXTRA_ECHO ID=%{UNSIGNED_INT:icmp_id} SEQ=%{UNSIGNED_INT:icmp_seq}
IPTABLES_ICMP_EXTRA_PARAM PARAMETER=%{UNSIGNED_INT:icmp_parameter}
IPTABLES_ICMP_EXTRA_REDIRECT GATEWAY=%{IP:icmp_redirect}
IPTABLES_ICMP_EXTRA ( (?:%{IPTABLES_ICMP_EXTRA_ECHO}|%{IPTABLES_ICMP_EXTRA_PARAM}|%{IPTABLES_ICMP_EXTRA_REDIRECT}))*
IPTABLES_ICMP_DETAILS TYPE=%{UNSIGNED_INT:icmp_type} CODE=%{UNSIGNED_INT:icmp_code}(( %{IPTABLES_INCOMPLETE_PACKET})|%{IPTABLES_ICMP_EXTRA})
IPTABLES_PROTOCOL PROTO=(?<proto>[a-zA-Z0-9]+)
IPTABLES_IP_PAYLOAD %{IPTABLES_PROTOCOL}( %{IPTABLES_PORT_PAIR})?( (%{IPTABLES_TCP_DETAILS}|%{IPTABLES_UDP_DETAILS}|%{IPTABLES_ICMP_DETAILS}|%{IPTABLES_INCOMPLETE_PACKET}))?
IPTABLES_IP_FRAGFLAG ((?<= )(CE|DF|MF))*
IPTABLES_IP_START SRC=%{IP:src_ip} DST=%{IP:dst_ip} LEN=%{UNSIGNED_INT:length} TOS=0x%{BASE16NUM:tos} PREC=0x%{BASE16NUM:prec} TTL=%{UNSIGNED_INT:ttl} ID=%{UNSIGNED_INT:id}(?: %{IPTABLES_IP_FRAGFLAG:fragment_flags})?(?: FRAG: %{UNSIGNED_INT:fragment})?
IPTABLES_IP %{IPTABLES_IP_START} %{IPTABLES_IP_PAYLOAD}
IPTABLES %{IPTABLES_ETHERNET} %{IPTABLES_IP}