TOC & Recently Viewed

Recently Viewed Topics

Supported Packet Filter Primitives

The following table lists the supported primitives for the Extended Packet Filter option in PVS.



dst host host

True if the IPv4/v6 destination field of the packet is host, which may be either an address or a name.

src host host

True if the IPv4/v6 source field of the packet is host.

host host

True if either the IPv4/v6 source or destination of the packet is host.

Any of the above host expressions can be prepended with the keywords ip, arp, rarp, or ip6. For example:

ip host host

which is equivalent to:

ether proto \ip and host host

If host is a name with multiple IP addresses, each address will be checked for a match.

ether dst ehost

True if the Ethernet destination address is ehost. Ehost may be either a name from /etc/ethers or a number (see ethers(3N) for numeric format).

ether src ehost

True if the Ethernet source address is ehost.

ether host ehost

True if either the Ethernet source or destination address is ehost.

gateway host

True if the packet used host as a gateway.

dst net net


src net net


dst port port


src port port


port port


dst portrange port1-port2


src portrange port1-port2


portrange port1-port2


less length


greater length


tcp, udp, icmp


protochain protocol


ether broadcast


ether multicast


ether proto protocol


arp, rarp, atalk, aarp, decnet, iso, stp, ipx, netbeui


lat, moprc, mopdl


decnet src host


decnet dst host


decnet host host




llc Fitype


ifname interface


on interface


rnr num


rulenum num


reason code


rset name


ruleset name


srnr num


subrulenum num


action act


wlan ra ehost


wlan ta ehost


wlan addr1 ehost


wlan addr2 ehost


wlan addr3 ehost


wlan addr4 ehost


type wlan_type


type wlan_type subtype wlan_subtype


subtype wlan_subtype


dir dir


mpls [label_num]




pppoes [session_id]


geneve [vni]


iso proto protocol


clnp, esis, isis


l1, l2, iih, lsp, snp, csnp, psnp


vpi n


vci n
























expr relop expr


Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.