Lines Matching defs:rules
298 * Table of functions available for use with call rules.
1668 /* port numbers, etc, for "standard" IPFilter rules are all orchestrated in */
1851 /* Check the input/output list of rules for a match to the current packet. */
1879 * If there are no rules in this list, return now.
2050 * packet, set it up. Add state for "quick" rules
2053 * filter rules.
2083 /* Checks a packet against accounting rules, if there are any for the given */
2131 /* Applies an appropriate set of firewall rules to the packet, to see if */
2133 /* in the cache. If not, then search an appropriate list of rules. Once a */
2158 * If there are no rules loaded skip all checks and return.
2236 * If a rule is a pre-auth rule, check again in the list of rules
2308 /* directed by firewall rules and of course whether or not to allow the */
2716 * If we didn't drop off the bottom of the list of rules (and thus
2740 /* this is for to rules: */
3316 /* set(I) - which set of rules (inactive/inactive) this is */
3334 * rules are being operated on.
3358 /* set(I) - which set of rules (inactive/inactive) this is */
3412 /* set(I) - which set of rules (inactive/inactive) this is */
3442 /* flags(I) - which set of rules to find the rule in */
3447 /* group # g doesn't exist or there are less than n rules in the group. */
3502 /* Returns: int - >= 0 - number of flushed rules */
3503 /* Parameters: set(I) - which set of rules (inactive/inactive) this is */
3504 /* unit(I) - device for which to flush rules */
3505 /* flags(I) - which set of rules to flush */
3510 /* Recursively flush rules from the list, descending groups as they are */
3513 /* to store the accumulating count of rules removed, whereas the returned */
3515 /* needed to correctly adjust reference counts on rules that define groups. */
3557 /* Returns: int - >= 0 - number of flushed rules */
3558 /* Parameters: unit(I) - device for which to flush rules */
3559 /* flags(I) - which set of rules to flush */
3561 /* Calls flushlist() for all filter rules (accounting, firewall - both IPv4 */
3655 /* Adjust all the rules in a list which would have skip'd past the position */
3662 int rules, rn;
3665 rules = 0;
3667 rules++;
3673 if (FR_ISSKIP(fp->fr_flags) && (rn + fp->fr_arg >= rules))
3814 * (unbound) rules (entries).
3836 /* Walk through a list of filter rules and resolve any interface names into */
3927 /* filter rules, NAT entries and the state table and check if anything */
3968 /* Parameters: rules - list of rules to be sync'd */
3975 static void fr_syncindex(rules, ifp, newifp)
3976 frentry_t *rules;
3983 for (fr = rules; fr != NULL; fr = fr->fr_next) {
4010 /* Function updates the NIC references in rules with new interfaces index */
4012 /* with accounting rules (IPv6 and IPv4) */
4013 /* with inbound rules (IPv6 and IPv4) */
4014 /* with outbound rules (IPv6 and IPv4) */
4018 /* nic_event_hook). The hook function also updates state entries, NAT rules */
4031 unsigned int rules = sizeof (rule_lists) / sizeof (frentry_t *);
4042 for (i = 0; i < rules; i++) {
4378 /* filter rules. This includes adding, deleting, insertion. It is also */
4423 * Only filter rules for IPv4 or IPv6 are accepted.
4641 * This elminates rules which are indentical being loaded. Checksum
4714 * rules that have equal fr_collect fields.
4760 * with rules not loaded that way.
5074 /* the key, and descend into that group and continue matching rules against */
5104 /* rules against the packet. */