5 ipmon, ipmon.conf \- ipmon configuration file format
7 The format for files accepted by ipmon is described by the following grammar:
10 "match" "{" matchlist "}" "do" "{" doing "}" ";"
12 matchlist ::= matching [ "," matching ] .
13 matching ::= direction | dstip | dstport | every | group | interface |
14 logtag | nattag | protocol | result | rule | srcip | srcport .
16 dolist ::= doing [ "," doing ] .
17 doing ::= execute | save | syslog .
19 direction ::= "in" | "out" .
20 dstip ::= "dstip" "=" ipv4 "/" number .
21 dstport ::= "dstport" "=" number .
22 every ::= "every" every-options .
23 execute ::= "execute" "=" string .
24 group ::= "group" "=" string | "group" "=" number .
25 interface ::= "interface" "=" string .
26 logtag ::= "logtag" "=" string | "logtag" "=" number .
27 nattag ::= "nattag" "=" string .
28 protocol ::= "protocol" "=" string | "protocol" "=" number .
29 result ::= "result" "=" result-option .
30 rule ::= "rule" "=" number .
31 srcip ::= "srcip" "=" ipv4 "/" number .
32 srcport ::= "srcport" "=" number .
33 type ::= "type" "=" ipftype .
34 ipv4 ::= number "." number "." number "." number .
36 every-options ::= "second" | number "seconds" | "packet" | number "packets" .
37 result-option ::= "pass" | "block" | "short" | "nomatch" | "log" .
38 ipftype ::= "ipf" | "nat" | "state" .
42 In addition, lines that start with a # are considered to be comments.
46 The ipmon configuration file is used for defining rules to be executed when
47 logging records are read from
50 At present, only IPv4 matching is available for source/destination address
54 Each rule for ipmon consists of two primary segments: the first describes how
55 the log record is to be matched, the second defines what action to take if
56 there is a positive match. All entries of the rules present in the file are
57 compared for matches - there is no first or last rule match.
projects / FreeBSD / releng / 9.2.git / blob