summaryrefslogtreecommitdiffstats
path: root/tests/xmlfiles/38-rule-real.xml
blob: d48547c63e67791771ef6bd9ae308c1b1f541415 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
<rule family="ip" table="filter" chain="INPUT" handle="30">
	<rule_flags>0</rule_flags>
	<expr type="payload">
		<dreg>1</dreg>
		<offset>16</offset>
		<len>4</len>
		<base>network</base>
	</expr>
	<expr type="lookup">
		<set>set3</set>
		<sreg>1</sreg>
		<dreg>0</dreg>
	</expr>
	<expr type="payload">
		<dreg>1</dreg>
		<offset>9</offset>
		<len>1</len>
		<base>network</base>
	</expr>
	<expr type="cmp">
		<sreg>1</sreg>
		<op>eq</op>
		<cmpdata>
			<data_reg type="value">
				<len>1</len>
				<data0>0x00000006</data0>
			</data_reg>
		</cmpdata>
	</expr>
	<expr type="payload">
		<dreg>1</dreg>
		<offset>2</offset>
		<len>2</len>
		<base>transport</base>
	</expr>
	<expr type="cmp">
		<sreg>1</sreg>
		<op>eq</op>
		<cmpdata>
			<data_reg type="value">
				<len>2</len>
				<data0>0x0000bb01</data0>
			</data_reg>
		</cmpdata>
	</expr>
	<expr type="counter">
		<pkts>0</pkts>
		<bytes>0</bytes>
	</expr>
	<expr type="immediate">
		<dreg>0</dreg>
		<immediatedata>
			<data_reg type="verdict">
				<verdict>accept</verdict>
			</data_reg>
		</immediatedata>
	</expr>
</rule>
<!-- nft add rule ip filter INPUT ip daddr { 192.168.0.1, 192.168.0.2, 192.168.0.3 } tcp dport 443 counter accept -->