# tcp dport 22 iiftype ether ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:4 accept [ { "match": { "left": { "payload": { "field": "dport", "protocol": "tcp" } }, "op": "==", "right": 22 } }, { "match": { "left": { "meta": { "key": "iiftype" } }, "op": "==", "right": "ether" } }, { "match": { "left": { "payload": { "field": "daddr", "protocol": "ip" } }, "op": "==", "right": "1.2.3.4" } }, { "match": { "left": { "payload": { "field": "saddr", "protocol": "ether" } }, "op": "==", "right": "00:0f:54:0c:11:04" } }, { "accept": null } ] # tcp dport 22 ip daddr 1.2.3.4 ether saddr 00:0f:54:0c:11:04 [ { "match": { "left": { "payload": { "field": "dport", "protocol": "tcp" } }, "op": "==", "right": 22 } }, { "match": { "left": { "payload": { "field": "daddr", "protocol": "ip" } }, "op": "==", "right": "1.2.3.4" } }, { "match": { "left": { "payload": { "field": "saddr", "protocol": "ether" } }, "op": "==", "right": "00:0f:54:0c:11:04" } } ] # tcp dport 22 ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 [ { "match": { "left": { "payload": { "field": "dport", "protocol": "tcp" } }, "op": "==", "right": 22 } }, { "match": { "left": { "payload": { "field": "saddr", "protocol": "ether" } }, "op": "==", "right": "00:0f:54:0c:11:04" } }, { "match": { "left": { "payload": { "field": "daddr", "protocol": "ip" } }, "op": "==", "right": "1.2.3.4" } } ] # ether saddr 00:0f:54:0c:11:04 ip daddr 1.2.3.4 accept [ { "match": { "left": { "payload": { "field": "saddr", "protocol": "ether" } }, "op": "==", "right": "00:0f:54:0c:11:04" } }, { "match": { "left": { "payload": { "field": "daddr", "protocol": "ip" } }, "op": "==", "right": "1.2.3.4" } }, { "accept": null } ] # ether daddr 00:01:02:03:04:05 ether saddr set ff:fe:dc:ba:98:76 drop [ { "match": { "left": { "payload": { "field": "daddr", "protocol": "ether" } }, "op": "==", "right": "00:01:02:03:04:05" } }, { "mangle": { "key": { "payload": { "field": "saddr", "protocol": "ether" } }, "value": "ff:fe:dc:ba:98:76" } }, { "drop": null } ]