Changes a filter rule.
-v |
IP version of the target filter rule. |
-n |
The ID of the filter rule you want to change. It must exist in the filter rule table
and for IP version 4, it cannot be 1 (rule 1 is a system reserved rule and is unchangeable). |
-a |
Action. The value of Deny (D) will block traffic, and the value of Permit
(P) will allow traffic. |
-s |
Source address. It can be an IP address or a host name. If a host name is specified,
the first IP address returned by the name server for that host will be used. This value along with the source
subnet mask will be compared against the source address of the IP packets. |
-m |
Source subnet mask. This will be applied to
the Source address (-s flag) when compared with the source
address of the IP packet. |
-d |
Destination address. It can be an IP address or a host name. If a host name is
specified, the first IP address returned by the name server for that host will be used. This value along with
the destination subnet mask will be compared against the destination address of the IP packets. |
-M |
Destination subnet mask. This will be applied to the Destination address(-d
flag) when compared with the destination address of the IP packets. |
-g |
Apply to source routing? Must be specified as Y (yes) or N (No). If
Y is specified, this filter rule can apply to IP packets that use source routing. |
-c |
Protocol. The valid values are: udp, icmp, icmpv6, tcp,
tcp/ack, ospf, ipip, esp, ah, and all. Value all indicates
that the filter rule will apply to all the protocols. The protocol can also be specified numerically (between
1 and 252). |
-o |
Source port or ICMP type operation. This is the operation that will be used in the
comparison of the source port/ICMP type of the packet with the source port or ICMP type (-p flag)
specified in this filter rule. The valid values are: lt, le, gt, ge, eq,
neq, and any. The value must be any when the -c flag is ospf. |
-p |
Source port or ICMP type. This is the value/type that will be compared to the source
port (or ICMP type) of the IP packet. |
-O |
Destination port or ICMP code operation. This is the operation that will be used in the
comparison between the destination port/ICMP code of the packet with the destination port or ICMP code
(-P flag). The valid values are: lt, le, gt, ge, eq, neq,
and any. This value must be any when the -c flag is ospf. |
-P |
Destination port/ICMP code. This is the value/code that will be compared to the
destination port (or ICMP code) of the IP packet. |
-r |
Routing. This specifies whether the rule will apply to forwarded packets
(R), packets destined or originated from the local host (L), or both (B). |
-w |
Direction. This specifies whether the rule will apply to incoming packets (I),
outgoing packets (O), or both (B). |
-l |
Log control. Must be specified as Y (yes) or N (No). If specified as
Y, packets that match this filter rule will be included in the filter log. |
-f |
Fragmentation control. This flag specifies that this rule will apply to either all
packets (Y), fragment headers and unfragmented packets only (H), fragments and fragment headers
only (O), or unfragmented packets only (N). |
-t |
ID of the tunnel related to this filter rule. All the packets that match this filter
rule must go through the specified tunnel. |
-i |
The name of IP interface(s) to which the filter rule applies. Examples are: all,
tr0, en0, lo0, and pp0. |