From d380133d19b8c39c5d57e736fb3ac11ac09a028b Mon Sep 17 00:00:00 2001 From: Zrubi Date: Thu, 25 May 2017 11:07:49 +0200 Subject: [PATCH] Update vm-interface.md Added the "dpi" Deep Packet Inspection option for supporting L7 firewall rules --- debugging/vm-interface.md | 1 + 1 file changed, 1 insertion(+) diff --git a/debugging/vm-interface.md b/debugging/vm-interface.md index 8524737b..47009c10 100644 --- a/debugging/vm-interface.md +++ b/debugging/vm-interface.md @@ -96,6 +96,7 @@ Possible options for a single rule: together with `proto=tcp` or `proto=udp`; for example `1-1024`, `80-80` - `icmptype`, value: numeric (decimal) icmp message type, for example `8` for echo request, valid only together with `proto=icmp` + - 'dpi', value: Deep Packet Inspection protocol (like: HTTP, SSL, SMB, SSH, SMTP) or the default 'NO' as no DPI, only packet filtering Rule matches only when all predicates matches. Only one of `dst4`, `dst6`, `dstname`, `specialtarget` can be used in a single rule.