Changes a filter rule.
-a
| Action. The value of Deny (D) will block traffic, and
the value of Permit (P) will allow traffic.
|
-c protocol
| Protocol. The valid values are: udp,
icmp, icmpv6, tcp, tcp/ack,
ospf, ipip, esp, ah, and
all. Value all indicates that the filter rule
will apply to all the protocols. The protocol can also be specified
numerically (between 1 and 252).
|
-d d_addr
| Destination address. It can be an IP address or a host
name. If a host name is specified, the first IP address returned by the
name server for that host will be used. This value along with the
destination subnet mask will be compared against the destination address of
the IP packets.
|
-f
| Fragmentation control. This flag specifies that this rule will
apply to either all packets (Y), fragment headers and unfragmented
packets only (H), fragments and fragment headers only
(O), or unfragmented packets only (N).
|
-g
| Apply to source routing? Must be specified as Y (yes) or
N (No). If Y is specified, this filter rule can
apply to IP packets that use source routing.
|
-i
interface
| The name of IP interface(s) to which the filter rule applies.
Examples are: all, tr0, en0,
lo0, and pp0.
|
-l
| Log control. Must be specified as Y (yes) or
N (No). If specified as Y, packets that match
this filter rule will be included in the filter log.
|
-M d_mask
| Destination subnet mask. This will be applied to the Destination
address(-d flag) when compared with the destination address of the
IP packets.
|
-m s_mask
| Source subnet mask. This will be applied to the Source address
(-s flag) when compared with the source address of the IP
packet.
|
-n fid
| The ID of the filter rule you want to change. It must exist in the
filter rule table and for IP version 4, it cannot be 1 (rule 1 is a system
reserved rule and is unchangeable).
|
-O d_opr
| Destination port or ICMP code operation. This is the operation
that will be used in the comparison between the destination port/ICMP code of
the packet with the destination port or ICMP code (-P flag).
The valid values are: lt, le, gt,
ge, eq, neq, and any. This
value must be any when the -c flag is
ospf.
|
-o s_opr
| Source port or ICMP type operation. This is the operation that
will be used in the comparison of the source port/ICMP type of the packet with
the source port or ICMP type (-p flag) specified in this filter
rule. The valid values are: lt, le,
gt, ge, eq, neq, and
any. The value must be any when the -c
flag is ospf.
|
-P d_port
| Destination port/ICMP code. This is the value/code that will be
compared to the destination port (or ICMP code) of the IP packet.
|
-p s_port
| Source port or ICMP type. This is the value/type that will be
compared to the source port (or ICMP type) of the IP packet.
|
-r
| Routing. This specifies whether the rule will apply to forwarded
packets (R), packets destined or originated from the local host
(L), or both (B).
|
-s s_addr
| Source address. It can be an IP address or a host name. If
a host name is specified, the first IP address returned by the name server for
that host will be used. This value along with the source subnet mask
will be compared against the source address of the IP packets.
|
-t tid
| ID of the tunnel related to this filter rule. All the packets that
match this filter rule must go through the specified tunnel.
|
-v
| IP version of the target filter rule.
|
-w
| Direction. This specifies whether the rule will apply to incoming
packets (I), outgoing packets (O), or both
(B).
|