Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
flow-filter(1)		    General Commands Manual		flow-filter(1)

NAME
       flow-filter -- Filter flows.

SYNOPSIS
       flow-filter   [-hko]    [-a  src_as_filter]   [-A  dst_as_filter]   [-b
       big|little]  [-C	comment]  [-D dstaddr_filter_name]   [-d  debug_level]
       [-e  exaddr_filter]  [-f	acl_fname]  [-i	input_filter]  [-I output_fil-
       ter]  [-p srcport_filter]  [-P dstport_filter]  [-r ipprot_filter]  [-S
       srcaddr_filter_name]   [-t tos_filter]  [-T tcp_flags_filter]  [-x nex-
       thop_filter_name]  [-z z_level]

DESCRIPTION
       The flow-filter utility will filter flows based on user selectable cri-
       teria.	The IP address filters are defined in flow.acl or by the file-
       name specified by -f.

       Other filters such as input interface and ports are defined on the com-
       mand  line.   These  filters  accept  range  and	negation operators, ie
       -i1-15 for input	interfaces 1 through 15	or -i1,15 for input interfaces
       1 and 15, or !1,15 for not input	interfaces 1 and 15.

       The  syntax  is	kludgy	and needs reworked but works for most applica-
       tions.

OPTIONS
       -a src_as_filter
		 Source	AS filter, ie -a159 to permit Autonomous System	159.

       -A dst_as_filter
		 Destination AS	filter,	ie  -A159,3112	to  permit  Autonomous
		 Systems 159 and 3112.

       -b big|little
		 Byte order of output.

       -C Comment
		 Add a comment.

       -d debug_level
		 Enable	debugging.

       -D dstaddr_filter_name
		 Destination IP	address	filter.	 This is the name or number of
		 a standard access list	defined	in flow.acl or the file	speci-
		 fied by -f.

       -e exaddr_filter
		 Exporter IP address filter.  One exporter address can be fil-
		 tered.

       -f acl_fname
		 Access	list filename.	Defaults to flow.acl.

       -h	 Display help.

       -i input_filter
		 Input interface filter, ie -i0	to permit traffic from	inter-
		 face 0.

       -k	 Keep time from	input.

       -I output_filter
		 Output	 interface  filter, ie -I0 to permit traffic to	inter-
		 face 0.

       -o	 Logical OR instead of AND filters.

       -p srcport_filter
		 Source	port filter, ie	-p80 to	only permit source port	80.

       -P dstport_filter
		 Destination port filter, ie -P80,8080 to  permit  destination
		 ports 80 and 8080.

       -r ipprot_filter
		 IP Protocol filter, ie	-r6 to only permit TCP traffic.

       -S srcaddr_filter_name
		 Source	 IP  address  filter.  This is the name	or number of a
		 standard access list defined in flow.acl or the  file	speci-
		 fied by -f.

       -t tos_filter
		 ToS  bits filter.  An optional	mask is	available which	is ap-
		 plied to the tos field	before comparing to the	 filter	 list.
		 For  example  to  match  a  tos  bit  pattern of 101xxxxx use
		 0xA0/0xE0.

       -T tcp_flags_filter
		 TCP bits filter.  An optional mask is available which is  ap-
		 plied	to  the	TCP flags field	before comparing to the	filter
		 list.	For example to match a flows with the SYN bit set  use
		 0x2/0x2.

       -x nexthop_filter_name
		 NextHop  IP  address filter.  This is the name	or number of a
		 standard access list defined in flow.acl or the  file	speci-
		 fied by -f.

       -z z_level
		 Configure  compression	 level to  z_level.  0 is disabled (no
		 compression), 9 is highest compression.

EXAMPLES
       Print all traffic with a	destination port of 80.

	 flow-cat /flows/krc4 |	flow-filter -P80 | flow-print

       Print all traffic with with source IP 10.0.0.1.	Populate flow.acl with
	 ip access-list	standard badguy	permit host 10.0.0.1

	 flow-cat /flows/krc4 |	flow-filter -Sbadguy | flow-print

       Report all destinations that IP 10.0.0.1	has sent traffic to.  Sort  by
       octets.	Populate flow.acl with
	 ip access-list	standard badguy	permit host 10.0.0.1

	 flow-cat /flows/krc4 |	flow-filter -Sbadguy | flow-stat -f8 -S2

BUGS
       Extended	access lists are not fully implemented.	 The command line fil-
       ter syntax is a kludge.

NOTES
       Use flow-nfilter.

AUTHOR
       Mark Fullmer maf@splintered.net

SEE ALSO
       flow-tools(1)

								flow-filter(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | BUGS | NOTES | AUTHOR | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=flow-filter&sektion=1&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help