1NFBPF_COMPILE(8) iptables 1.8.4 NFBPF_COMPILE(8)
2
3
4
6 nfbpf_compile - generate bytecode for use with xt_bpf
7
9 nfbpf_compile [ LLTYPE ] PROGRAM
10
11 LLTYPE := { EN10MB | RAW | SLIP | ... }
12
13
15 The nfbpf_compile utility aids in generating BPF byte code suitable for
16 passing to the iptables bpf match.
17
18
20 LLTYPE Link-layer header type to operate on. This is a name as defined
21 in <pcap/dlt.h> but with the leading DLT_ prefix stripped. For
22 use with iptables, RAW should be the right choice (it's also the
23 default if not specified).
24
25
26 PROGRAM
27 The BPF expression to compile, see pcap-filter(7) for a descrip‐
28 tion of the language.
29
30
32 The program returns 0 on success, 1 otherwise.
33
34
36 Match incoming TCP packets with size bigger than 100 bytes:
37
38 bpf=$(nfbpf_compile 'tcp and greater 100')
39 iptables -A INPUT -m bpf --bytecode "$bpf" -j ACCEPT
40
41The description of bpf match in iptables-extensions(8) lists a few more exam‐
42ples.
43
44
46 iptables-extensions(8), pcap-filter(7)
47
48
49
50iptables 1.8.4 NFBPF_COMPILE(8)