Version: current

firewall

ipv6/firewall/nat

Type: Directory

Argument	Type	Description
`static`	switch
`dynamic`	switch
`chain` ( mandatory )	enum
`action`	enum (accept \| jump \| return \| log \| passthrough \| add-src-to-address-list \| add-dst-to-address-list \| src-nat \| masquerade \| dst-nat \| redirect \| netmap)
`jump-target`	enum ()
`to-address`	super { , ip6_prefix_arg }
`to-ports`	super { , num [0 .. 65535] , -num [0 .. 65535] }
`connection-state`	super { ! , ubit (invalid, established, related, new, untracked) { invalid, established, related, new, untracked } }
`connection-limit`	super { ! , num , ,num [0 .. 128] }
`protocol`	super { ! , enum (icmpv6) { , icmpv6:58 } }
`src-address`	super { ! , ip6_prefix_arg }
`dst-address`	super { ! , ip6_prefix_arg }
`src-address-list`	super { ! , enum }
`dst-address-list`	super { ! , enum }
`address-list`	enum ()
`address-list-timeout`	alt { enum (none-dynamic \| none-static) { none-dynamic:0, none-static:0xffffffff } , time [ .. 21474836] , }
`src-address-type`	super { ! , ubit (unicast, local, anycast, multicast, unreachable) { unicast, local, anycast, multicast, unreachable } }
`dst-address-type`	super { ! , ubit (unicast, local, anycast, multicast, unreachable) { unicast, local, anycast, multicast, unreachable } }
`headers`	super { ! , ubit (hop, dst, route, frag, ah, esp, none, proto) { hop, dst, route, frag, ah, esp, none, proto } , [ :enum (exact \| contains) { exact:0, contains:1 }] }
`tcp-flags`	super { !, , multi_arg { array-id, array-id, super { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } } { array-id, array-id, super { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } } }
`hop-limit`	super { enum (equal \| not-equal \| less-than \| greater-than) { equal:0, not-equal:1, less-than:2, greater-than:3 } , :num [0 .. 255] }
`connection-mark`	super { ! , enum }
`connection-type`	super { ! , enum (ftp \| pptp \| h323 \| sip \| irc \| quake3 \| tftp) { ftp:0, pptp:1, h323:2, sip:3, irc:4, quake3:5, tftp:6 } }
`connection-bytes`	super { num , -num }
`connection-rate`	super { ! , num , -num }
`routing-mark`	super { ! , enum () { } }
`in-interface`	super { ! , interface_enum { } { } }
`out-interface`	super { ! , interface_enum { } { } }
`in-interface-list`	super { ! , enum }
`out-interface-list`	super { ! , enum }
`in-bridge-port`	super { ! , interface_enum { } { } }
`out-bridge-port`	super { ! , interface_enum { } { } }
`in-bridge-port-list`	super { ! , enum }
`out-bridge-port-list`	super { ! , enum }
`packet-mark`	super { ! , enum }
`src-port`	super { ! , multi_arg { , , range_arg [ .. 65535] } { , , range_arg [ .. 65535] } }
`dst-port`	super { ! , multi_arg { , , range_arg [ .. 65535] } { , , range_arg [ .. 65535] } }
`port`	super { ! , multi_arg { , , range_arg [ .. 65535] } { , , range_arg [ .. 65535] } }
`icmp-options`	super { ! , num [0 .. 255] , [ :range_arg [ .. 255]] }
`src-mac-address`	super { ! , macAddr }
`content`	super { ! , string }
`ingress-priority`	super { ! , num [0 .. 63] }
`priority`	super { ! , num [0 .. 63] }
`dscp`	super { ! , num [0 .. 63] }
`tos`	super { ! , num [0 .. 255] , [ /num [0 .. 255]] }
`limit`	super { ! , num [1 .. 32000000000] , [ /time [1 .. ]] , ,num [ .. 2000000000] , [ :enum (packet \| bit) { packet:0, bit:1 }] }
`dst-limit`	super { num , [ /time] , ,num , ,enum (dst-address \| dst-address-and-port \| src-address \| src-and-dst-addresses \| addresses-and-dst-port) { dst-address:1, dst-address-and-port:3, src-address:4, src-and-dst-addresses:5, addresses-and-dst-port:7 } , [ /time] }
`time`	super { ! , time [0 .. 86400] , -time [0 .. 86400] , ,ubit (sun, mon, tue, wed, thu, fri, sat) { sun, mon, tue, wed, thu, fri, sat } }
`random`	super { num [1 .. 99] }
`nth`	super { ! , num [1 .. ] , [ ,num [1 .. ]] }
`tcp-mss`	super { ! , num [0 .. 65535] , -num [0 .. 65535] }
`per-connection-classifier`	super { ! , enum (src-address \| dst-address \| both-addresses \| src-port \| src-address-and-port \| dst-port \| dst-address-and-port \| both-ports \| both-addresses-and-ports) { src-address:1, dst-address:2, both-addresses:3, src-port:4, src-address-and-port:5, dst-port:8, dst-address-and-port:10, both-ports:12, both-addresses-and-ports:15 } , :num [1 .. ] , /num [0 .. ] }
`packet-size`	super { ! , num [ .. 65535] , -num [ .. 65535] }
`log`	bool
`log-prefix`	string
`ipsec-policy`	super { enum (in \| out) { in:0, out:1 } , ,enum (none \| ipsec) { none:0, ipsec:1 } }

ipv6/firewall/raw

Type: Directory

Flag	Name	Description
`X`	disabled	disabled
`I`	invalid	invalid
`D`	dynamic	dynamic

Argument	Type	Description
`chain` ( mandatory )	enum
`action`	enum (accept \| jump \| return \| log \| passthrough \| add-src-to-address-list \| add-dst-to-address-list \| drop \| notrack)
`jump-target`	enum ()
`tls-host`	super { ! , string }
`in-interface`	super { ! , interface_enum { } { } }
`out-interface`	super { ! , interface_enum { } { } }
`in-interface-list`	super { ! , enum }
`out-interface-list`	super { ! , enum }
`in-bridge-port`	super { ! , interface_enum { } { } }
`out-bridge-port`	super { ! , interface_enum { } { } }
`in-bridge-port-list`	super { ! , enum }
`out-bridge-port-list`	super { ! , enum }
`packet-mark`	super { ! , enum }
`src-port`	super { ! , multi_arg { , , range_arg [ .. 65535] } { , , range_arg [ .. 65535] } }
`dst-port`	super { ! , multi_arg { , , range_arg [ .. 65535] } { , , range_arg [ .. 65535] } }
`port`	super { ! , multi_arg { , , range_arg [ .. 65535] } { , , range_arg [ .. 65535] } }
`icmp-options`	super { ! , num [0 .. 255] , [ :range_arg [ .. 255]] }
`src-mac-address`	super { ! , macAddr }
`content`	super { ! , string }
`ingress-priority`	super { ! , num [0 .. 63] }
`priority`	super { ! , num [0 .. 63] }
`dscp`	super { ! , num [0 .. 63] }
`tos`	super { ! , num [0 .. 255] , [ /num [0 .. 255]] }
`limit`	super { ! , num [1 .. 32000000000] , [ /time [1 .. ]] , ,num [ .. 2000000000] , [ :enum (packet \| bit) { packet:0, bit:1 }] }
`dst-limit`	super { num , [ /time] , ,num , ,enum (dst-address \| dst-address-and-port \| src-address \| src-and-dst-addresses \| addresses-and-dst-port) { dst-address:1, dst-address-and-port:3, src-address:4, src-and-dst-addresses:5, addresses-and-dst-port:7 } , [ /time] }
`time`	super { ! , time [0 .. 86400] , -time [0 .. 86400] , ,ubit (sun, mon, tue, wed, thu, fri, sat) { sun, mon, tue, wed, thu, fri, sat } }
`random`	super { num [1 .. 99] }
`nth`	super { ! , num [1 .. ] , [ ,num [1 .. ]] }
`tcp-mss`	super { ! , num [0 .. 65535] , -num [0 .. 65535] }
`per-connection-classifier`	super { ! , enum (src-address \| dst-address \| both-addresses \| src-port \| src-address-and-port \| dst-port \| dst-address-and-port \| both-ports \| both-addresses-and-ports) { src-address:1, dst-address:2, both-addresses:3, src-port:4, src-address-and-port:5, dst-port:8, dst-address-and-port:10, both-ports:12, both-addresses-and-ports:15 } , :num [1 .. ] , /num [0 .. ] }
`packet-size`	super { ! , num [ .. 65535] , -num [ .. 65535] }
`log`	bool
`log-prefix`	string
`ipsec-policy`	super { enum (in \| out) { in:0, out:1 } , ,enum (none \| ipsec) { none:0, ipsec:1 } }
`protocol`	super { ! , enum (icmpv6) { , icmpv6:58 } }
`src-address`	super { ! , ip6_prefix_arg }
`dst-address`	super { ! , ip6_prefix_arg }
`src-address-list`	super { ! , enum }
`dst-address-list`	super { ! , enum }
`address-list`	enum ()
`address-list-timeout`	alt { enum (none-dynamic \| none-static) { none-dynamic:0, none-static:0xffffffff } , time [ .. 21474836] , }
`src-address-type`	super { ! , ubit (unicast, local, anycast, multicast, unreachable) { unicast, local, anycast, multicast, unreachable } }
`dst-address-type`	super { ! , ubit (unicast, local, anycast, multicast, unreachable) { unicast, local, anycast, multicast, unreachable } }
`headers`	super { ! , ubit (hop, dst, route, frag, ah, esp, none, proto) { hop, dst, route, frag, ah, esp, none, proto } , [ :enum (exact \| contains) { exact:0, contains:1 }] }
`tcp-flags`	super { !, , multi_arg { array-id, array-id, super { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } } { array-id, array-id, super { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } } }
`hop-limit`	super { enum (equal \| not-equal \| less-than \| greater-than) { equal:0, not-equal:1, less-than:2, greater-than:3 } , :num [0 .. 255] }

Read-only Argument	Type	Description
`bytes`	num
`packets`	num

ipv6/firewall/raw/reset-counters

Type: Command

ipv6/firewall/raw/reset-counters-all

Type: Command

ipv6/firewall/mangle

Type: Directory

Argument	Type	Description
`chain` ( mandatory )	enum
`action`	enum (accept \| jump \| return \| log \| passthrough \| add-src-to-address-list \| add-dst-to-address-list \| sniff-tzsp \| sniff-pc \| drop \| mark-packet \| mark-connection \| mark-routing \| change-mss \| change-dscp \| set-priority \| change-hop-limit \| snpt \| dnpt)
`src-prefix`	ip6_prefix_arg
`dst-prefix`	ip6_prefix_arg
`jump-target`	enum ()
`new-packet-mark`	enum ()
`new-connection-mark`	enum ()
`new-routing-mark`	enum ()
`new-mss`	alt { , enum (clamp-to-pmtu) { clamp-to-pmtu:65535 } , num [40 .. 65534] }
`new-dscp`	num { }
`new-priority`	alt { , enum (from-dscp \| from-ingress \| from-dscp-high-3-bits) { from-dscp:65536, from-ingress:65537, from-dscp-high-3-bits:65538 } , num [0 .. 63] }
`new-hop-limit`	super { , enum (set \| increment \| decrement) { set:0, increment:1, decrement:2 } , :num [0 .. 255] }
`passthrough`	bool { }
`sniff-target`	ipAddr { }
`sniff-target-port`	num { }
`sniff-id`	num { }
`connection-nat-state`	super { ! , ubit (srcnat, dstnat) { srcnat, dstnat } }
`tls-host`	super { ! , string }
`connection-state`	super { ! , ubit (invalid, established, related, new, untracked) { invalid, established, related, new, untracked } }
`connection-limit`	super { ! , num , ,num [0 .. 128] }
`protocol`	super { ! , enum (icmpv6) { , icmpv6:58 } }
`src-address`	super { ! , ip6_prefix_arg }
`dst-address`	super { ! , ip6_prefix_arg }
`src-address-list`	super { ! , enum }
`dst-address-list`	super { ! , enum }
`address-list`	enum ()
`address-list-timeout`	alt { enum (none-dynamic \| none-static) { none-dynamic:0, none-static:0xffffffff } , time [ .. 21474836] , }
`src-address-type`	super { ! , ubit (unicast, local, anycast, multicast, unreachable) { unicast, local, anycast, multicast, unreachable } }
`dst-address-type`	super { ! , ubit (unicast, local, anycast, multicast, unreachable) { unicast, local, anycast, multicast, unreachable } }
`headers`	super { ! , ubit (hop, dst, route, frag, ah, esp, none, proto) { hop, dst, route, frag, ah, esp, none, proto } , [ :enum (exact \| contains) { exact:0, contains:1 }] }
`tcp-flags`	super { !, , multi_arg { array-id, array-id, super { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } } { array-id, array-id, super { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } } }
`hop-limit`	super { enum (equal \| not-equal \| less-than \| greater-than) { equal:0, not-equal:1, less-than:2, greater-than:3 } , :num [0 .. 255] }
`connection-mark`	super { ! , enum }
`connection-type`	super { ! , enum (ftp \| pptp \| h323 \| sip \| irc \| quake3 \| tftp) { ftp:0, pptp:1, h323:2, sip:3, irc:4, quake3:5, tftp:6 } }
`connection-bytes`	super { num , -num }
`connection-rate`	super { ! , num , -num }
`routing-mark`	super { ! , enum () { } }
`in-interface`	super { ! , interface_enum { } { } }
`out-interface`	super { ! , interface_enum { } { } }
`in-interface-list`	super { ! , enum }
`out-interface-list`	super { ! , enum }
`in-bridge-port`	super { ! , interface_enum { } { } }
`out-bridge-port`	super { ! , interface_enum { } { } }
`in-bridge-port-list`	super { ! , enum }
`out-bridge-port-list`	super { ! , enum }
`packet-mark`	super { ! , enum }
`src-port`	super { ! , multi_arg { , , range_arg [ .. 65535] } { , , range_arg [ .. 65535] } }
`dst-port`	super { ! , multi_arg { , , range_arg [ .. 65535] } { , , range_arg [ .. 65535] } }
`port`	super { ! , multi_arg { , , range_arg [ .. 65535] } { , , range_arg [ .. 65535] } }
`icmp-options`	super { ! , num [0 .. 255] , [ :range_arg [ .. 255]] }
`src-mac-address`	super { ! , macAddr }
`content`	super { ! , string }
`ingress-priority`	super { ! , num [0 .. 63] }
`priority`	super { ! , num [0 .. 63] }
`dscp`	super { ! , num [0 .. 63] }
`tos`	super { ! , num [0 .. 255] , [ /num [0 .. 255]] }
`limit`	super { ! , num [1 .. 32000000000] , [ /time [1 .. ]] , ,num [ .. 2000000000] , [ :enum (packet \| bit) { packet:0, bit:1 }] }
`dst-limit`	super { num , [ /time] , ,num , ,enum (dst-address \| dst-address-and-port \| src-address \| src-and-dst-addresses \| addresses-and-dst-port) { dst-address:1, dst-address-and-port:3, src-address:4, src-and-dst-addresses:5, addresses-and-dst-port:7 } , [ /time] }
`time`	super { ! , time [0 .. 86400] , -time [0 .. 86400] , ,ubit (sun, mon, tue, wed, thu, fri, sat) { sun, mon, tue, wed, thu, fri, sat } }
`random`	super { num [1 .. 99] }
`nth`	super { ! , num [1 .. ] , [ ,num [1 .. ]] }
`tcp-mss`	super { ! , num [0 .. 65535] , -num [0 .. 65535] }
`per-connection-classifier`	super { ! , enum (src-address \| dst-address \| both-addresses \| src-port \| src-address-and-port \| dst-port \| dst-address-and-port \| both-ports \| both-addresses-and-ports) { src-address:1, dst-address:2, both-addresses:3, src-port:4, src-address-and-port:5, dst-port:8, dst-address-and-port:10, both-ports:12, both-addresses-and-ports:15 } , :num [1 .. ] , /num [0 .. ] }
`packet-size`	super { ! , num [ .. 65535] , -num [ .. 65535] }
`log`	bool
`log-prefix`	string
`ipsec-policy`	super { enum (in \| out) { in:0, out:1 } , ,enum (none \| ipsec) { none:0, ipsec:1 } }

ipv6/firewall/connection

Type: Directory

Flag	Name	Description
`E`	expected	expected
`S`	seen-reply	seen-reply
`A`	assured	assured
`C`	confirmed	confirmed
`D`	dying	dying
`F`	fasttrack	fasttrack
`H`	hw-offload	hw-offload
`s`	srcnat	srcnat
`d`	dstnat	dstnat
`h`	uses-helper	uses-helper

Read-only Argument	Type	Description
`protocol`	enum ()
`src-address`	ip6Addr
`src-port`	num
`dst-address`	ip6Addr
`dst-port`	num
`reply-src-address`	ip6Addr
`reply-src-port`	num
`reply-dst-address`	ip6Addr
`reply-dst-port`	num
`tcp-state`	enum (none \| syn-sent \| syn-recv \| established \| fin-wait \| close-wait \| last-ack \| time-wait \| close \| listen)
`icmp-type`	num
`icmp-code`	num
`icmp-id`	num
`gre-protocol`	num
`gre-version`	num
`gre-key`	num
`connection-type`	string
`timeout`	time
`connection-mark`	string
`orig-packets`	num
`orig-bytes`	num
`orig-fasttrack-packets`	num
`orig-fasttrack-bytes`	num
`repl-packets`	num
`repl-bytes`	num
`repl-fasttrack-packets`	num
`repl-fasttrack-bytes`	num
`orig-rate`	num
`repl-rate`	num

ipv6/firewall/filter

Type: Directory

Argument	Type	Description
`chain` ( mandatory )	enum
`action`	enum (accept \| jump \| return \| log \| passthrough \| add-src-to-address-list \| add-dst-to-address-list \| drop \| reject \| fasttrack-connection)
`jump-target`	enum ()
`reject-with`	enum (icmp-no-route \| icmp-admin-prohibited \| icmp-not-neighbour \| icmp-address-unreachable \| icmp-port-unreachable \| tcp-reset \| icmp-err-src-routing-header \| icmp-headers-too-long)
`connection-nat-state`	super { ! , ubit (srcnat, dstnat) { srcnat, dstnat } }
`tls-host`	super { ! , string }
`connection-state`	super { ! , ubit (invalid, established, related, new, untracked) { invalid, established, related, new, untracked } }
`connection-limit`	super { ! , num , ,num [0 .. 128] }
`protocol`	super { ! , enum (icmpv6) { , icmpv6:58 } }
`src-address`	super { ! , ip6_prefix_arg }
`dst-address`	super { ! , ip6_prefix_arg }
`src-address-list`	super { ! , enum }
`dst-address-list`	super { ! , enum }
`address-list`	enum ()
`address-list-timeout`	alt { enum (none-dynamic \| none-static) { none-dynamic:0, none-static:0xffffffff } , time [ .. 21474836] , }
`src-address-type`	super { ! , ubit (unicast, local, anycast, multicast, unreachable) { unicast, local, anycast, multicast, unreachable } }
`dst-address-type`	super { ! , ubit (unicast, local, anycast, multicast, unreachable) { unicast, local, anycast, multicast, unreachable } }
`headers`	super { ! , ubit (hop, dst, route, frag, ah, esp, none, proto) { hop, dst, route, frag, ah, esp, none, proto } , [ :enum (exact \| contains) { exact:0, contains:1 }] }
`tcp-flags`	super { !, , multi_arg { array-id, array-id, super { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } } { array-id, array-id, super { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } { ! , enum (fin \| syn \| rst \| psh \| ack \| urg \| ece \| cwr) { fin:0, syn:1, rst:2, psh:3, ack:4, urg:5, ece:6, cwr:7 } } } }
`hop-limit`	super { enum (equal \| not-equal \| less-than \| greater-than) { equal:0, not-equal:1, less-than:2, greater-than:3 } , :num [0 .. 255] }
`connection-mark`	super { ! , enum }
`connection-type`	super { ! , enum (ftp \| pptp \| h323 \| sip \| irc \| quake3 \| tftp) { ftp:0, pptp:1, h323:2, sip:3, irc:4, quake3:5, tftp:6 } }
`connection-bytes`	super { num , -num }
`connection-rate`	super { ! , num , -num }
`routing-mark`	super { ! , enum () { } }
`in-interface`	super { ! , interface_enum { } { } }
`out-interface`	super { ! , interface_enum { } { } }
`in-interface-list`	super { ! , enum }
`out-interface-list`	super { ! , enum }
`in-bridge-port`	super { ! , interface_enum { } { } }
`out-bridge-port`	super { ! , interface_enum { } { } }
`in-bridge-port-list`	super { ! , enum }
`out-bridge-port-list`	super { ! , enum }
`packet-mark`	super { ! , enum }
`src-port`	super { ! , multi_arg { , , range_arg [ .. 65535] } { , , range_arg [ .. 65535] } }
`dst-port`	super { ! , multi_arg { , , range_arg [ .. 65535] } { , , range_arg [ .. 65535] } }
`port`	super { ! , multi_arg { , , range_arg [ .. 65535] } { , , range_arg [ .. 65535] } }
`icmp-options`	super { ! , num [0 .. 255] , [ :range_arg [ .. 255]] }
`src-mac-address`	super { ! , macAddr }
`content`	super { ! , string }
`ingress-priority`	super { ! , num [0 .. 63] }
`priority`	super { ! , num [0 .. 63] }
`dscp`	super { ! , num [0 .. 63] }
`tos`	super { ! , num [0 .. 255] , [ /num [0 .. 255]] }
`limit`	super { ! , num [1 .. 32000000000] , [ /time [1 .. ]] , ,num [ .. 2000000000] , [ :enum (packet \| bit) { packet:0, bit:1 }] }
`dst-limit`	super { num , [ /time] , ,num , ,enum (dst-address \| dst-address-and-port \| src-address \| src-and-dst-addresses \| addresses-and-dst-port) { dst-address:1, dst-address-and-port:3, src-address:4, src-and-dst-addresses:5, addresses-and-dst-port:7 } , [ /time] }
`time`	super { ! , time [0 .. 86400] , -time [0 .. 86400] , ,ubit (sun, mon, tue, wed, thu, fri, sat) { sun, mon, tue, wed, thu, fri, sat } }
`random`	super { num [1 .. 99] }
`nth`	super { ! , num [1 .. ] , [ ,num [1 .. ]] }
`tcp-mss`	super { ! , num [0 .. 65535] , -num [0 .. 65535] }
`per-connection-classifier`	super { ! , enum (src-address \| dst-address \| both-addresses \| src-port \| src-address-and-port \| dst-port \| dst-address-and-port \| both-ports \| both-addresses-and-ports) { src-address:1, dst-address:2, both-addresses:3, src-port:4, src-address-and-port:5, dst-port:8, dst-address-and-port:10, both-ports:12, both-addresses-and-ports:15 } , :num [1 .. ] , /num [0 .. ] }
`packet-size`	super { ! , num [ .. 65535] , -num [ .. 65535] }
`log`	bool
`log-prefix`	string
`ipsec-policy`	super { enum (in \| out) { in:0, out:1 } , ,enum (none \| ipsec) { none:0, ipsec:1 } }

ipv6/firewall/address-list

Type: Directory

Flag	Name	Description
`X`	disabled	disabled
`D`	dynamic	dynamic

Argument	Type	Description
`list` ( mandatory )	enum
`address`	alt { ip6_prefix_arg , string }
`timeout`	time
`dynamic`	bool

Read-only Argument	Type	Description
`creation-time`	date_arg

ipv6/firewall/nat​

ipv6/firewall/raw​

ipv6/firewall/raw/reset-counters​

ipv6/firewall/raw/reset-counters-all​

ipv6/firewall/mangle​

ipv6/firewall/connection​

ipv6/firewall/filter​

ipv6/firewall/address-list​

ipv6/firewall/nat

ipv6/firewall/raw

ipv6/firewall/raw/reset-counters

ipv6/firewall/raw/reset-counters-all

ipv6/firewall/mangle

ipv6/firewall/connection

ipv6/firewall/filter

ipv6/firewall/address-list