1
# tcpspy.rules for tcpspy Debian GNU/Linux package
2
# Written by Pablo Lorenzzoni <spectra@linuxbr.com.br>
4
# Lines containing a # will be ignored. Blank lines too.
6
# Rule Syntax - this is a copy of tcpspy.rules(5)
7
# A rule may be specified with the following comparison
11
# True if the local user initiating or accepting the
12
# connection has the effective user id uid.
15
# Same as above, but using a username instead of a
19
# True if the local end of the connection has port
22
# lport [low] - [high]
23
# True if the local end of the connection has a port
24
# number greater than or equal to low and less than
25
# or equal to high. If the form low- is used, high
26
# is assumed to be 65535. If the form -high is used,
27
# low is assumed to be 0. It is an error to omit both
31
# Same as above, but using a service name from
32
# /etc/services instead of a port number.
34
# rport Same as lport but compares the port number of the
35
# remote end of the connection.
37
# laddr n.n.n.n[/m.m.m.m]
38
# Interpreted as a "net/mask" expression; true if
39
# "net" is equal to the bitwise AND of the local
40
# address of the connection and "mask". If no mask is
41
# specified, a default mask with all bits set
42
# (255.255.255.255) is used.
44
# raddr Same as laddr but compares the remote address.
47
# True if the full filename (including directory) of
48
# the executable that created/accepted the connection
49
# matches pattern, a glob(7)-style wildcard pattern.
51
# The pattern "" (an empty string) matches connec-
52
# tions created/accepted by processes whose exe-
53
# cutable filename is unknown.
55
# If the -p option is not specified, a warning mes-
56
# sage will be printed, and the result of this com-
57
# parison will always be true.
59
# By default this file is empty. This means tcpspy will log everything