Lines Matching defs:rules
304 * Table of functions available for use with call rules.
818 /* are two rules that can be used to guard against type 3 packets: L4 */
2194 /* port numbers, etc, for "standard" IPFilter rules are all orchestrated in */
2364 /* Check the input/output list of rules for a match to the current packet. */
2391 * If there are no rules in this list, return now.
2589 * packet, set it up. Add state for "quick" rules
2592 * filter rules.
2621 /* Checks a packet against accounting rules, if there are any for the given */
2662 /* Applies an appropriate set of firewall rules to the packet, to see if */
2664 /* in the cache. If not, then search an appropriate list of rules. Once a */
2726 * If a rule is a pre-auth rule, check again in the list of rules
2781 /* directed by firewall rules and of course whether or not to allow the */
3131 * When using return-* with auth rules, the auth code
3155 * If we didn't drop off the bottom of the list of rules (and thus
3186 /* this is for to rules: */
3479 /* set(I) - which set of rules (inactive/inactive) this is */
3494 * rules are being operated on.
3519 /* set(I) - which set of rules (inactive/inactive) this is */
3570 /* Returns: int - number of rules deleted */
3618 /* Returns: int - number of rules flush from group */
3622 /* Remove all of the rules that currently are listed under the given group. */
3640 /* flags(I) - which set of rules to find the rule in */
3645 /* group # g doesn't exist or there are less than n rules in the group. */
3666 /* Returns: int - >= 0 - number of flushed rules */
3672 /* Recursively flush rules from the list, descending groups as they are */
3675 /* to store the accumulating count of rules removed, whereas the returned */
3677 /* needed to correctly adjust reference counts on rules that define groups. */
3679 /* NOTE: Rules not loaded from user space cannot be flushed. */
3724 /* Returns: int - >= 0 - number of flushed rules */
3726 /* unit(I) - device for which to flush rules */
3727 /* flags(I) - which set of rules to flush */
3729 /* Calls flushlist() for all filter rules (accounting, firewall - both IPv4 */
3770 /* Returns: int - >= 0 - number of flushed rules */
3773 /* flags(I) - which set of rules to flush */
3855 /* Adjust all the rules in a list which would have skip'd past the position */
3861 int rules, rn;
3864 rules = 0;
3866 rules++;
3872 if (FR_ISSKIP(fp->fr_flags) && (rn + fp->fr_arg >= rules))
3948 /* Walk through a list of filter rules and resolve any interface names into */
4068 /* filter rules, NAT entries and the state table and check if anything */
4363 /* Returns: int - 0 == rules are the same, else mismatch */
4365 /* Compare two rules and return 0 if they match or a number indicating */
4403 /* filter rules. This includes adding, deleting, insertion. It is also */
4492 * Only filter rules for IPv4 or IPv6 are accepted.
4577 * Allow loading rules that are in groups to cause
4856 * This elminates rules which are indentical being loaded. Checksum
4946 * rules that have equal fr_collect fields.
4993 * with rules not loaded that way.
5147 /* expiring rules with the ones to be removed first added to the front of */
5198 /* rules, it is necessary to resolve both the object referred to by the */
5514 /* For rules that have had ipf_grpmapinit called, ipf_lookup_deref needs to */
5535 /* the key, and descend into that group and continue matching rules against */
5564 /* rules against the packet. */
7613 /* Returns: frentry_t * - NULL == no more rules, else pointer to next */
7616 /* out(I) - 1 == out rules, 0 == input rules */
7621 /* output rules that are returned, never both. */
8214 /* rules belonging to the head group this rule specifies. */
9123 /* Clean out the rules which have been added since _init was last called, */
9486 /* firewall rules. Both inactive and active lists are scanned for items to */
Indexes created Wed Oct 01 18:09:54 GMT 2025