By using the IP traffic qualifier in a rule, you can define criteria for matching traffic to the Layer 3 (Network Layer) properties such as IP version, IP address, next level protocol, and port.

The Protocol attribute of the IP traffic qualifier represents the next level protocol consuming the payload of the packet. You can select a protocol from the drop-down menu or type its decimal number according to RFC 1700.

For the TCP and UDP protocols, you can also match traffic by source and destination ports.

By using the Source port attribute, you can match TCP or UDP packets by the source port. Consider the traffic direction when matching traffic to a source port.

By using the Destination port attribute, you can match TCP or UDP packets by the destination port. Consider the traffic direction when matching traffic to a destination port.

By using the Source Address attribute, you can match packets by source address or subnet. Consider the traffic direction when matching traffic to a source address or network.

You can match traffic source in several ways.

Patterns for Filtering or Marking Traffic by IP Source Address

Parameters to Match Traffic Source Address

Comparison Operator

Networking Argument Format

IP version

any

Select the IP version from the drop-down menu.

IP address

is or is not

Type the IP address that you want to match.

IP subnet

matches or does not match

Type the lowest address in the subnet and the bit length of the subnet prefix.

Use the Destination Address to match packets by IP address, subnet, or IP version. The destination address has the same format as the one for the source.

To match traffic in an IP qualifier more closely to your needs, you can use affirmative comparison or negation. You can define that all packets fall in the scope of a rule except packets with certain attributes.