1NFBPF_COMPILE(8)                iptables 1.8.3                NFBPF_COMPILE(8)
2
3
4

NAME

6       nfbpf_compile - generate bytecode for use with xt_bpf
7

SYNOPSIS

9       nfbpf_compile [ LLTYPE ] PROGRAM
10
11       LLTYPE := { EN10MB | RAW | SLIP | ...  }
12
13

DESCRIPTION

15       The nfbpf_compile utility aids in generating BPF byte code suitable for
16       passing to the iptables bpf match.
17
18

OPTIONS

20       LLTYPE Link-layer header type to operate on. This is a name as defined
21              in <pcap/dlt.h> but with the leading DLT_ prefix stripped. For
22              use with iptables, RAW should be the right choice (it's also the
23              default if not specified).
24
25
26       PROGRAM
27              The BPF expression to compile, see pcap-filter(7) for a descrip‐
28              tion of the language.
29
30

EXIT STATUS

32       The program returns 0 on success, 1 otherwise.
33
34

EXAMPLE

36       Match incoming TCP packets with size bigger than 100 bytes:
37
38               bpf=$(nfbpf_compile 'tcp and greater 100')
39               iptables -A INPUT -m bpf --bytecode "$bpf" -j ACCEPT
40
41The description of bpf match in iptables-extensions(8) lists a few more exam‐
42ples.
43
44

SEE ALSO

46       iptables-extensions(8), pcap-filter(7)
47
48
49
50iptables 1.8.3                                                NFBPF_COMPILE(8)
Impressum