SAP byte
802.3-type ( integer ) - Ethernet protocol type, placed after the IEEE 802.2 frame header. Works
only if 802.3-sap is 0xAA (SNAP - Sub-Network Attachment Point header). For example,
AppleTalk can be indicated by SAP code of 0xAA followed by a SNAP type code of 0x809B
arp-dst-address ( IP address ; default: 0.0.0.0/0 ) - ARP destination address
arp-dst-mac-address ( MAC address ; default: 00:00:00:00:00:00 ) - ARP destination MAC
address
arp-hardware-type ( integer ; default: 1 ) - ARP hardware type. This normally Ethernet (Type 1)
arp-opcode ( arp-nak | drarp-error | drarp-reply | drarp-request | inarp-request | reply |
reply-reverse | request | request-reverse ) - ARP opcode (packet type)
• arp-nak - negative ARP reply (rarely used, mostly in ATM networks)
• drarp-error - Dynamic RARP error code, saying that an IP address for the given MAC address
can not be allocated
• drarp-reply - Dynamic RARP reply, with a temporaty IP address assignment for a host
• drarp-request - Dynamic RARP request to assign a temporary IP address for the given MAC
address
• inarp-request -
• reply - standard ARP reply with a MAC address
• reply-reverse - reverse ARP (RARP) reply with an IP address assigned
• request - standard ARP request to a known IP address to find out unknown MAC address
• request-reverse - reverse ARP (RARP) request to a known MAC address to find out unknown
IP address (intended to be used by hosts to find out their own IP address, similarly to DHCP
service)
arp-packet-type ( integer ) -
arp-src-address ( IP address ; default: 0.0.0.0/0 ) - ARP source IP address
arp-src-mac-address ( MAC address ; default: 00:00:00:00:00:00 ) - ARP source MAC address
chain ( text ) - bridge firewall chain, which the filter is functioning in (either a built-in one, or a
user defined)
dst-address ( IP address ; default: 0.0.0.0/0 ) - destination IP address (only if MAC protocol is set
to IPv4)
dst-mac-address ( MAC address ; default: 00:00:00:00:00:00 ) - destination MAC address
dst-port ( integer : 0 ..65535 ) - destination port number or range (only for TCP or UDP protocols)
flow ( text ) - individual packet mark to match
in-bridge ( name ) - bridge interface through which the packet is coming in
in-interface ( name ) - physical interface (i.e., bridge port) through which the packet is coming in
ip-protocol ( ipsec-ah | ipsec-esp | ddp | egp | ggp | gre | hmp | idpr-cmtp | icmp | igmp | ipencap |
encap | ipip | iso-tp4 | ospf | pup | rspf | rdp | st | tcp | udp | vmtp | xns-idp | xtp ) - IP protocol (only if
MAC protocol is set to IPv4)
• ipsec-ah - IPsec AH protocol
• ipsec-esp - IPsec ESP protocol
• ddp - datagram delivery protocol
Page 163 of 695
Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.
Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
To Next Page
Loading...