Manpages - nfbpf_compile.8

Table of Contents

Home DTOS Other Projects Knowledge Base Linux Manpages Community Contribute

NAME

nfbpf_compile - generate bytecode for use with xt_bpf

SYNOPSIS

nfbpf_compile [ LLTYPE ] PROGRAM

LLTYPE := { EN10MB | RAW | SLIP | }

DESCRIPTION

The nfbpf_compile utility aids in generating BPF byte code suitable for passing to the iptables bpf match.

OPTIONS

LLTYPE
Link-layer header type to operate on. This is a name as defined in <*pcap/dlt.h*> but with the leading DLT_ prefix stripped. For use with iptables, RAW should be the right choice (it’s also the default if not specified).
PROGRAM
The BPF expression to compile, see *pcap-filter*(7) for a description of the language.

EXIT STATUS

The program returns 0 on success, 1 otherwise.

EXAMPLE

Match incoming TCP packets with size bigger than 100 bytes:

bpf=$(nfbpf_compile ’tcp and greater 100’)
iptables -A INPUT -m bpf –bytecode “$bpf” -j ACCEPT

The description of bpf match in *iptables-extensions*(8) lists a few more examples.

SEE ALSO

*iptables-extensions*(8), *pcap-filter*(7)

Author: dt

Created: 2022-02-20 Sun 09:46