MikroTik RouterOS v2.9 Reference Manual page 476

out-interface ( name ) - interface the packet is leaving the router through
packet-mark ( text ) - matches packets marked via mangle facility with particular packet mark
packet-size ( integer : 0 ..65535 | integer : 0 ..65535 ) - matches packet of the specified size or size
range in bytes
• Min - specifies lower boundary of the size range or a standalone value
• Max - specifies upper boundary of the size range
phys-in-interface ( name ) - matches the bridge port physical input device added to a bridge
device. It is only useful if the packet has arrived through the bridge
phys-out-interface ( name ) - matches the bridge port physical output device added to a bridge
device. It is only useful if the packet will leave the router through the bridge
protocol ( ddp | egp | encap | ggp | gre | hmp | icmp | idrp-cmtp | igmp | ipencap | ipip | ipsec-ah |
ipsec-esp | iso-tp4 | ospf | pup | rdp | rspf | st | tcp | udp | vmtp | xns-idp | xtp | integer ) - matches
particular IP protocol specified by protocol name or number. You should specify this setting if you
want to specify ports
psd ( integer | time | integer | integer ) - attempts to detect TCP and UDP scans. It is advised to
assign lower weight to ports with high numbers to reduce the frequency of false positives, such as
from passive mode FTP transfers
• WeightThreshold - total weight of the latest TCP/UDP packets with different destination ports
coming from the same host to be treated as port scan sequence
• DelayThreshold - delay for the packets with different destination ports coming from the same
host to be treated as possible port scan subsequence
• LowPortWeight - weight of the packets with privileged (<=1024) destination port
• HighPortWeight - weight of the packet with non-priviliged destination port
random ( integer ) - match packets randomly with given propability
routing-mark ( name ) - matches packets marked by mangle facility with particular routing mark
same-not-by-dst ( yes | no ) - specifies whether to account or not to account for destination IP
address when selecting a new source IP address for packets matched by rules with action=same
src-address ( IP address | netmask | IP address | IP address ) - specifies the address range an IP
packet is originated from. Note that console converts entered address/netmask value to a valid
network address, i.e.:1.1.1.1/24 is converted to 1.1.1.0/24
src-address-list ( name ) - matches source address of a packet against user-defined address list
src-address-type ( unicast | local | broadcast | multicast ) - matches source address type of the IP
packet, one of the:
• unicast - IP addresses used for one point to another point transmission. There is only one
sender and one receiver in this case
• local - matches addresses assigned to router's interfaces
• broadcast - the IP packet is sent from one point to all other points in the IP subnetwork
• multicast - this type of IP addressing is responsible for transmission from one or more points to
a set of other points
src-mac-address ( MAC address ) - source MAC address
src-port ( integer : 0 ..65535 | integer : 0 ..65535 ) - source port number or range
tcp-mss ( integer : 0 ..65535 ) - matches TCP MSS value of an IP packet
Page 462 of 695
Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.
Other trademarks and registred trademarks mentioned herein are properties of their respective owners.