MAN-J
Man PagesPricing
LoginGet Started
nfbpf_compile(8)
Original
English • 49 lines
NFBPF_COMPILE(8)		iptables 1.8.11		      NFBPF_COMPILE(8)



NAME
       nfbpf_compile — generate bytecode for use with xt_bpf

SYNOPSIS
       nfbpf_compile [ LLTYPE ] PROGRAM

       LLTYPE := { EN10MB | RAW | SLIP |  ...  }


DESCRIPTION
       The nfbpf_compile utility aids in generating BPF byte code suitable for
       passing to the iptables bpf match.


OPTIONS
       LLTYPE Link-layer header type to operate on. This is a name as defined
	      in <pcap/dlt.h> but with the leading DLT_ prefix stripped. For
	      use with iptables, RAW should be the right choice (it's also the
	      default if not specified).


       PROGRAM
	      The BPF expression to compile, see pcap-filter(7) for a
	      description of the language.


EXIT STATUS
       The program returns 0 on success, 1 otherwise.


EXAMPLE
       Match incoming TCP packets with size bigger than 100 bytes:

	       bpf=$(nfbpf_compile 'tcp and greater 100')
	       iptables -A INPUT -m bpf --bytecode "$bpf" -j ACCEPT

       The description of bpf match in iptables-extensions(8) lists a few more
       examples.


SEE ALSO
       iptables-extensions(8), pcap-filter(7)

iptables 1.8.11						      NFBPF_COMPILE(8)

nfbpf_compile(8)

nfbpf_compile \(em generate bytecode for use with xt_bpf

0popularity

System Information

iptables 1.8.11 1.0.0
Updated
Maintained by Unknown

Actions