Cluster I/O Protocols (CIP) Configuration and Management Manual (H06.16+, J06.05+)

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

331

332

333

334

335

336

337

338

339

340

time

Matches the arrival time/date of packets.

--datestart YYYY[-MM[-DD[Thh[:mm[:ss]]]]]

--datestop MM[-DD[Thh[:mm[:ss]]]]]

--timestart hh:mm[:ss]

--timestop hh:mm[:ss]

[!] --monthdays day[,day...]

[!] --weekdays day[,day...]

--utc

Interprets the times given for --datestart, --datestop, --timestart and --timestop to be utc.

--localtz

Interprets the times given for --datestart, --datestop, --timestart and --timestop to be local kernel

time. (Default)

tos

Matches the 8 bits ToS (Type of Service) field in the IP header.

[!] --tos value[/mask]

[!] --tos symbol

u32

Tests whether quantities of up to 4 bytes extracted from a packet have specified values. The

specification of what to extract is general enough to find data at given offsets from tcp headers

or payloads.

[!] --u32 tests

The argument amounts to a program in a small language described below:

tests := location "=" value | tests "&&" location "=" value

value := range | value "," range

range := number | number ":" number

a single number, n, is interpreted the same as n:n. n:m is interpreted as the range of numbers

>=n and <=m.

location := number | location operator number

operator := "&" | "<<" | ">>" | "@"

The operators &, <<, >> and && mean the same as in C. The = is really a set membership

operator and the value syntax describes a set. The @ operator is what allows moving to the

next header.

udp

Matches UDP-specific values.

[!] --source-port | --sport port[:port]

[!] --destination-port | --dport port[:port]

Target Extensions ip6

The supported target extensions are based on the Linux ip6tables man pages. They are subject to

future changes made by Linux ip6tables implementation.

log

When the LOG target is set for a rule, the Linux kernel will print some information on all matching

packets (i.e., most IP header fields) to syslog. This is a "non-terminating target", i.e. rule traversal

continues at the next rule. So if you want to LOG the packets you refuse, use two separate rules

with the same matching criteria, first using target LOG, the next using DROP (or REJECT).

332