Table of Contents
Advertisement
Chapter 21
Rules
Table 21-1
Rule Field
78-17020-01
Rule Fields and Arguments
Field Description and Arguments
Variables
Argument Descriptions
ANY—(Default) No constraint is
placed on the source or destination
ports or protocol or port.
SAME type variables signify that the
specified destination port, source port
and protocol are the same for each
count. These variables are local to the
offset.
SAME_ANY_DEST_PORT
•
SAME_TCP_DEST_PORT
SAME_UDP_DEST_PORT
SAME_ANY_SRC_PORT
•
SAME_TCP_SRC_PORT
SAME_UDP_SRC_PORT
DISTINCT type variables signify that
the specified destination port, source
port and protocol are unique for each
count. These variables are local to the
offset.
DISTINCT_ANY_DEST_PORT
•
DISTINCT_TCP_DEST_PORT
DISTINCT_UDP_DEST_PORT
Identical variables in different fields
or offsets signify that the specified
port and protocol for each count are
identical to each other.
•
$ANY_BOTH_PORT5
$ANY_DEST_PORT1 to
•
ANY_DEST_PORT5
$ANY_SRC_PORT1
•
$TCP_BOTH_PORT1,
•
$TCP_BOTH_PORT2
$TCP_DEST_PORT1 to
•
$TCP_DEST_PORT5
$TCP_SRC_PORT1,
•
$TCP_SRC_PORT2
$UDP_BOTH_PORT1,
•
$UDP_BOTH_PORT2
$UDP_DEST_PORT1 to
•
$UDP_DEST_PORT5
$UDP_SRC_PORT1,
•
$UDP_SRC_PORT2
User Guide for Cisco Security MARS Local Controller
Constructing a Rule
21-9
Advertisement
Table of Contents
Troubleshooting
