• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
NFBPF_COMPILE 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
NAME
nfbpf_compile - generate bytecode for use with xt_bpf
SYNOPSIS
nfbpf_compile [ LLTYPE ] PROGRAM LLTYPE := { EN10MB " | " RAW " | " SLIP " | " ... }
DESCRIPTION
The nfbpf_compile utility aids in generating BPF byte code suitable for passing to the iptables bpf match.
OPTIONS

LLTYPE Link-layer header type to operate on. This is a name as defined in < pcap/dlt.h > but with the leading DLT_ prefix stripped. For use with iptables, RAW should be the right choice (it's also the default if not specified).

PROGRAM The BPF expression to compile, see pcap-filter (7) for a description of the language.

EXIT STATUS
The program returns 0 on success, 1 otherwise.
EXAMPLE
Match incoming TCP packets with size bigger than 100 bytes:

bpf=$(nfbpf_compile 'tcp and greater 100')

iptables -A INPUT -m bpf --bytecode "$bpf" -j ACCEPT

The description of bpf match in iptables-extensions (8) lists a few more examples.

SEE ALSO
iptables-extensions (8), pcap-filter (7)