TrafMeter :: Rule editor

Rule Editor

You can fill in the following rule parameters parameters here:

Rule description

The description of the rule (maximum 100 symbols). This field can stay blank.

IP protocol

Defines the name or the number of an IP protocol for the rule. See the IP protocol number article in TrafMeter Knowledge Base.

Source and Destination

These fields define a method of checking the IP addresses of the captured packets. If the captured packet is TCP or UDP, you can set the conditions to check the TCP or UDP port number.

Direction

If the "Direction" option is disabled, the captured packet must be matching the source and destination addresses exactly. This case is called "Direct Match". If "Direct Match" appears, the sent bytes counter will be updated.
If the "Direction" option is enabled, the rule will also match the captured packets with the exact opposite source and destination addresses. This option can fire two types of matching: "Direct Match" and "Mirrored Match". If "Direct Match" appears, the sent bytes counter will be updated. If "Mirrored Match" appears, the received bytes counter will be updated.

Attention! The "Direction" option is enabled by default. Unless you surely know what you are doing, leave this untouched.

TCP options (only for TCP protocol)

This allows to catch the first packet of new TCP connection (according the TCP specification, it is the packet with SYN flag and without ACK flag). The option is useful for creating firewall rules which block, for example, incoming TCP connections. This option is available only in one direction, the "Direction" flag will be disabled automatically.

ICMP options (only for ICMP protocol)

This enables checking a type of each captured ICMP packet. If captured packet is ICMP Echo Request, the match will be appeared (if other condition are valid also). This option is useful for creating firewall fules as well.

Action

The "Action" property defines what TrafMeter should do with the captured packet in case of Rule Match.

Count - the filter counter will be updated and the captured packet will be processed by the next filter
Pass (not count) - the filter counter will be not updated and the captured packet will not be processed by the next filter
Count and Pass - the filter counter will be updated and the captured packet will not be processed by the next filter
Deny - the filter counter will be not updated and the captured packet will be denied by the firewall (available only in the Active Capture mode)

These actions can be expressed in the next table as well:

Action	The counters will be updated	The captured packet will be processed by the next filter	The captured packet will be denied by firewall
Count	Yes	Yes	No
Pass (not count)	No	No	No
Count and pass	Yes	No	No
Block	No	No	Yes
No rule match	No	Yes	No

Options "The packet must be"

This defines whether the packet must be counted in the previous filter(s), not counted in the previous filter(s) or ignore this option. It is useful to prevent counting the same packet twice.

ToS (Type of Service)

This sets a condition for checking ToS (ToS is a filed located in the IP packet header). See an article about ToS in TrafMeter Knowledge Base.

Traffic counters condition

This allows setting the traffic limits for the filters (available only in Active Capture Mode). See configuration example 6.

Time-based counters conditions

This allows to define a time when the current rule will be valid.

You can invoke Rule Editor from Filter Editor.