NFBPF_COMPILE
Section: iptables 1.8.7 (8)
Updated:
Page Index
NAME
nfbpf_compile - generate bytecode for use with xt_bpf
SYNOPSIS
nfbpf_compile
[
LLTYPE
]
PROGRAM
LLTYPE
:= {
EN10MB | RAW | SLIP |
...
}
DESCRIPTION
The
nfbpf_compile
utility aids in generating BPF byte code suitable for passing to
the iptables
bpf
match.
OPTIONS
- LLTYPE
-
Link-layer header type to operate on. This is a name as defined in
<pcap/dlt.h>
but with the leading
DLT_
prefix stripped. For use with iptables,
RAW
should be the right choice (it's also the default if not specified).
- PROGRAM
-
The BPF expression to compile, see
pcap-filter(7)
for a description of the language.
EXIT STATUS
The program returns 0 on success, 1 otherwise.
EXAMPLE
Match incoming TCP packets with size bigger than 100 bytes:
bpf=$(nfbpf_compile 'tcp and greater 100')
iptables -A INPUT -m bpf --bytecode "$bpf" -j ACCEPT
The description of
bpf
match in
iptables-extensions(8)
lists a few more examples.
SEE ALSO
iptables-extensions(8),
pcap-filter(7)