Port Syntax in Intrusion Rules
The system uses a specific type of syntax to define the port numbers used in rule headers.
Note | The system ignores port definitions in an intrusion rule header
when the protocol is set to
|
You can list ports by separating the ports with commas, as shown in the following example:
80, 8080, 8138, 8600-9000, !8650-8675
Optionally, the following example shows how you can surround a port list with brackets, which was required in previous software versions but is no longer required:
[80, 8080, 8138, 8600-9000, !8650-8675]
Note that you must surround negated port lists in brackets, as shown in the following example:
![20, 22, 23]
The following table summarizes the syntax you can use:
|
To Specify... |
Use |
Example |
|---|---|---|
|
any port |
|
|
|
a specific port |
the port number |
|
|
a range of ports |
a dash between the first and last port number in the range |
|
|
all ports less than or equal to a specific port |
a dash before the port number |
|
|
all ports greater than or equal to a specific port |
a dash after the port number |
|
|
all ports except a specific port or range of ports |
the
Note that you can logically use negation with all port designations except any, which if negated would indicate no port. |
|
|
all ports defined by a port variable |
the variable name, in uppercase letter, preceded by
|
|
|
all ports except ports defined by a port variable |
the variable name, in uppercase letter, preceded by
|
|