Filter Descriptions and Configuration

Exclude Source IP Filter

ID: exclude-from-ip

This filter specification can be used to select packets sent from any host excluding the specified one.

Parameters

ip-range

This parameter contains the regular expression that will be used to select the packets sent from any host, excluding the matching one(s). Only packets sent from a host not matching that regexp will be included in the subreports. The match is done on the host's IP address (not its hostname).

Defaults to .*.

Exclude Destination IP Filter

ID: exclude-to-ip

This filter specification can be used to select packets sent to any host excluding the specified one.

Parameters

ip-range

This parameter contains the regular expression that will be used to select the packets sent to any host, excluding the matching one(s). Only packets sent to a host not matching that regexp will be included in the subreports. The match is done on the host's IP address (not its hostname).

Defaults to .*.

Select Action Filter

ID: select-action

This filter specification can be used to select only the firewall events that were permitted or denied.

Parameters

action_match

This parameter contains the action that should selected:

denied

Select only denied events.

permitted

Select only permitted events.

-

This is also a possible action when we can't determine from the log information if this event was denied or permitted.

Defaults to denied.

Select Source IP Filter

ID: select-from-ip

This filter specification can be used to select the packets coming from a particular host.

Parameters

ip-range

This parameter contains the regular expression that will be used to select packets coming from particular hosts. Only packets sent from a host matching that regexp will be included in the subreports. The match is done on the client IP address (not its hostname).

Defaults to .*.

Select Destination IP Filter

ID: select-to-ip

This filter specification can be used to select packets sent to a particular host.

Parameters

ip-range

This parameter contains the regular expression that will be used to select the packets sent to a particular host. Only packets sent to a host matching that regexp will be included in the subreports. The match is done on the host's IP address (not its hostname).

Defaults to .*.

Select Destination Port

ID: select-to-port

This filter specification can be used to select packets sent to a particular port on the destination host.

Parameters

port-range

This parameter contains the regular expression that will be used to select the packets sent to a particular port. Only packets sent to a port matching that regexp will be included in the subreports. The match is done on the ports symbolic name, as found by Lire::Firewall's firewall_number2names routine.

Defaults to .*.