Created
April 5, 2019 02:55
-
-
Save pcmoore/50546bc728e34d4ddadbb8b1fee02c66 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # pseudo filter code start | |
| # | |
| # filter for arch x86_64 (3221225534) | |
| if ($arch == 3221225534) | |
| # filter for syscall "fstat64" (4294957286) [priority: 65535] | |
| if ($syscall == 4294957286) | |
| action ALLOW; | |
| # filter for syscall "getegid32" (4294957281) [priority: 65535] | |
| if ($syscall == 4294957281) | |
| action ALLOW; | |
| # filter for syscall "geteuid32" (4294957280) [priority: 65535] | |
| if ($syscall == 4294957280) | |
| action ALLOW; | |
| # filter for syscall "getgid32" (4294957279) [priority: 65535] | |
| if ($syscall == 4294957279) | |
| action ALLOW; | |
| # filter for syscall "getuid32" (4294957275) [priority: 65535] | |
| if ($syscall == 4294957275) | |
| action ALLOW; | |
| # filter for syscall "_llseek" (4294957270) [priority: 65535] | |
| if ($syscall == 4294957270) | |
| action ALLOW; | |
| # filter for syscall "sigreturn" (4294957238) [priority: 65535] | |
| if ($syscall == 4294957238) | |
| action ALLOW; | |
| # filter for syscall "stat64" (4294957234) [priority: 65535] | |
| if ($syscall == 4294957234) | |
| action ALLOW; | |
| # filter for syscall "getrandom" (318) [priority: 65535] | |
| if ($syscall == 318) | |
| action ALLOW; | |
| # filter for syscall "prlimit64" (302) [priority: 65535] | |
| if ($syscall == 302) | |
| action ALLOW; | |
| # filter for syscall "pipe2" (293) [priority: 65535] | |
| if ($syscall == 293) | |
| action ALLOW; | |
| # filter for syscall "eventfd2" (290) [priority: 65535] | |
| if ($syscall == 290) | |
| action ALLOW; | |
| # filter for syscall "epoll_pwait" (281) [priority: 65535] | |
| if ($syscall == 281) | |
| action ALLOW; | |
| # filter for syscall "set_robust_list" (273) [priority: 65535] | |
| if ($syscall == 273) | |
| action ALLOW; | |
| # filter for syscall "epoll_wait" (232) [priority: 65535] | |
| if ($syscall == 232) | |
| action ALLOW; | |
| # filter for syscall "exit_group" (231) [priority: 65535] | |
| if ($syscall == 231) | |
| action ALLOW; | |
| # filter for syscall "clock_gettime" (228) [priority: 65535] | |
| if ($syscall == 228) | |
| action ALLOW; | |
| # filter for syscall "getdents64" (217) [priority: 65535] | |
| if ($syscall == 217) | |
| action ALLOW; | |
| # filter for syscall "epoll_create" (213) [priority: 65535] | |
| if ($syscall == 213) | |
| action ALLOW; | |
| # filter for syscall "sched_getaffinity" (204) [priority: 65535] | |
| if ($syscall == 204) | |
| action ALLOW; | |
| # filter for syscall "futex" (202) [priority: 65535] | |
| if ($syscall == 202) | |
| action ALLOW; | |
| # filter for syscall "gettid" (186) [priority: 65535] | |
| if ($syscall == 186) | |
| action ALLOW; | |
| # filter for syscall "setrlimit" (160) [priority: 65535] | |
| if ($syscall == 160) | |
| action ALLOW; | |
| # filter for syscall "_sysctl" (156) [priority: 65535] | |
| if ($syscall == 156) | |
| action ERRNO(1); | |
| # filter for syscall "mlockall" (151) [priority: 65535] | |
| if ($syscall == 151) | |
| action ALLOW; | |
| # filter for syscall "sigaltstack" (131) [priority: 65535] | |
| if ($syscall == 131) | |
| action ALLOW; | |
| # filter for syscall "getegid" (108) [priority: 65535] | |
| if ($syscall == 108) | |
| action ALLOW; | |
| # filter for syscall "geteuid" (107) [priority: 65535] | |
| if ($syscall == 107) | |
| action ALLOW; | |
| # filter for syscall "getgid" (104) [priority: 65535] | |
| if ($syscall == 104) | |
| action ALLOW; | |
| # filter for syscall "getuid" (102) [priority: 65535] | |
| if ($syscall == 102) | |
| action ALLOW; | |
| # filter for syscall "sysinfo" (99) [priority: 65535] | |
| if ($syscall == 99) | |
| action ALLOW; | |
| # filter for syscall "getrlimit" (97) [priority: 65535] | |
| if ($syscall == 97) | |
| action ALLOW; | |
| # filter for syscall "gettimeofday" (96) [priority: 65535] | |
| if ($syscall == 96) | |
| action ALLOW; | |
| # filter for syscall "fchmod" (91) [priority: 65535] | |
| if ($syscall == 91) | |
| action ALLOW; | |
| # filter for syscall "unlink" (87) [priority: 65535] | |
| if ($syscall == 87) | |
| action ALLOW; | |
| # filter for syscall "mkdir" (83) [priority: 65535] | |
| if ($syscall == 83) | |
| action ALLOW; | |
| # filter for syscall "getdents" (78) [priority: 65535] | |
| if ($syscall == 78) | |
| action ALLOW; | |
| # filter for syscall "fcntl" (72) [priority: 65535] | |
| if ($syscall == 72) | |
| action ALLOW; | |
| # filter for syscall "uname" (63) [priority: 65535] | |
| if ($syscall == 63) | |
| action ALLOW; | |
| # filter for syscall "wait4" (61) [priority: 65535] | |
| if ($syscall == 61) | |
| action ALLOW; | |
| # filter for syscall "exit" (60) [priority: 65535] | |
| if ($syscall == 60) | |
| action ALLOW; | |
| # filter for syscall "clone" (56) [priority: 65535] | |
| if ($syscall == 56) | |
| action ALLOW; | |
| # filter for syscall "getsockname" (51) [priority: 65535] | |
| if ($syscall == 51) | |
| action ALLOW; | |
| # filter for syscall "listen" (50) [priority: 65535] | |
| if ($syscall == 50) | |
| action ALLOW; | |
| # filter for syscall "bind" (49) [priority: 65535] | |
| if ($syscall == 49) | |
| action ALLOW; | |
| # filter for syscall "shutdown" (48) [priority: 65535] | |
| if ($syscall == 48) | |
| action ALLOW; | |
| # filter for syscall "recvmsg" (47) [priority: 65535] | |
| if ($syscall == 47) | |
| action ALLOW; | |
| # filter for syscall "sendmsg" (46) [priority: 65535] | |
| if ($syscall == 46) | |
| action ALLOW; | |
| # filter for syscall "recvfrom" (45) [priority: 65535] | |
| if ($syscall == 45) | |
| action ALLOW; | |
| # filter for syscall "sendto" (44) [priority: 65535] | |
| if ($syscall == 44) | |
| action ALLOW; | |
| # filter for syscall "connect" (42) [priority: 65535] | |
| if ($syscall == 42) | |
| action ALLOW; | |
| # filter for syscall "getpid" (39) [priority: 65535] | |
| if ($syscall == 39) | |
| action ALLOW; | |
| # filter for syscall "nanosleep" (35) [priority: 65535] | |
| if ($syscall == 35) | |
| action ALLOW; | |
| # filter for syscall "madvise" (28) [priority: 65535] | |
| if ($syscall == 28) | |
| action ALLOW; | |
| # filter for syscall "sched_yield" (24) [priority: 65535] | |
| if ($syscall == 24) | |
| action ALLOW; | |
| # filter for syscall "pipe" (22) [priority: 65535] | |
| if ($syscall == 22) | |
| action ALLOW; | |
| # filter for syscall "access" (21) [priority: 65535] | |
| if ($syscall == 21) | |
| action ALLOW; | |
| # filter for syscall "writev" (20) [priority: 65535] | |
| if ($syscall == 20) | |
| action ALLOW; | |
| # filter for syscall "rt_sigreturn" (15) [priority: 65535] | |
| if ($syscall == 15) | |
| action ALLOW; | |
| # filter for syscall "brk" (12) [priority: 65535] | |
| if ($syscall == 12) | |
| action ALLOW; | |
| # filter for syscall "munmap" (11) [priority: 65535] | |
| if ($syscall == 11) | |
| action ALLOW; | |
| # filter for syscall "mmap" (9) [priority: 65535] | |
| if ($syscall == 9) | |
| action ALLOW; | |
| # filter for syscall "lseek" (8) [priority: 65535] | |
| if ($syscall == 8) | |
| action ALLOW; | |
| # filter for syscall "poll" (7) [priority: 65535] | |
| if ($syscall == 7) | |
| action ALLOW; | |
| # filter for syscall "fstat" (5) [priority: 65535] | |
| if ($syscall == 5) | |
| action ALLOW; | |
| # filter for syscall "stat" (4) [priority: 65535] | |
| if ($syscall == 4) | |
| action ALLOW; | |
| # filter for syscall "close" (3) [priority: 65535] | |
| if ($syscall == 3) | |
| action ALLOW; | |
| # filter for syscall "write" (1) [priority: 65535] | |
| if ($syscall == 1) | |
| action ALLOW; | |
| # filter for syscall "read" (0) [priority: 65535] | |
| if ($syscall == 0) | |
| action ALLOW; | |
| # filter for syscall "accept4" (288) [priority: 65533] | |
| if ($syscall == 288) | |
| if ($a3.hi32 & 0xffffffff == 0) | |
| if ($a3.lo32 & 0xfff7f7ff == 0) | |
| action ALLOW; | |
| # filter for syscall "time" (201) [priority: 65533] | |
| if ($syscall == 201) | |
| if ($a0.hi32 == 0) | |
| if ($a0.lo32 == 0) | |
| action ALLOW; | |
| # filter for syscall "prctl" (157) [priority: 65533] | |
| if ($syscall == 157) | |
| if ($a0.hi32 == 0) | |
| if ($a0.lo32 == 4) | |
| action ALLOW; | |
| # filter for syscall "kill" (62) [priority: 65533] | |
| if ($syscall == 62) | |
| if ($a1.hi32 == 0) | |
| if ($a1.lo32 == 0) | |
| action ALLOW; | |
| # filter for syscall "ioctl" (16) [priority: 65533] | |
| if ($syscall == 16) | |
| if ($a1.hi32 == 0) | |
| if ($a1.lo32 == 35147) | |
| action ALLOW; | |
| # filter for syscall "open" (2) [priority: 65533] | |
| if ($syscall == 2) | |
| if ($a1.hi32 & 0xffffffff == 0) | |
| if ($a1.lo32 & 0xfff5f6ff == 0) | |
| action ERRNO(13); | |
| # filter for syscall "flock" (73) [priority: 65532] | |
| if ($syscall == 73) | |
| if ($a1.hi32 == 0) | |
| if ($a1.lo32 == 8) | |
| action ALLOW; | |
| if ($a1.lo32 == 6) | |
| action ALLOW; | |
| # filter for syscall "rt_sigprocmask" (14) [priority: 65532] | |
| if ($syscall == 14) | |
| if ($a0.hi32 == 0) | |
| if ($a0.lo32 == 2) | |
| action ALLOW; | |
| if ($a0.lo32 == 1) | |
| action ALLOW; | |
| # filter for syscall "epoll_ctl" (233) [priority: 65531] | |
| if ($syscall == 233) | |
| if ($a1.hi32 == 0) | |
| if ($a1.lo32 == 3) | |
| action ALLOW; | |
| if ($a1.lo32 == 2) | |
| action ALLOW; | |
| if ($a1.lo32 == 1) | |
| action ALLOW; | |
| # filter for syscall "socketpair" (53) [priority: 65531] | |
| if ($syscall == 53) | |
| if ($a0.hi32 == 0) | |
| if ($a0.lo32 == 1) | |
| if ($a1.hi32 == 0) | |
| if ($a1.lo32 == 524289) | |
| action ALLOW; | |
| # filter for syscall "mremap" (25) [priority: 65531] | |
| if ($syscall == 25) | |
| if ($a3.hi32 == 0) | |
| if ($a3.lo32 == 1) | |
| action ALLOW; | |
| if ($a0.hi32 == 32622) | |
| if ($a0.lo32 == 1981579264) | |
| action KILL; | |
| # filter for syscall "fcntl64" (4294957287) [priority: 65526] | |
| if ($syscall == 4294957287) | |
| if ($a1.hi32 == 0) | |
| if ($a1.lo32 == 4) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 2050) | |
| action ALLOW; | |
| if ($a1.lo32 == 3) | |
| action ALLOW; | |
| if ($a1.lo32 == 2) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 1) | |
| action ALLOW; | |
| if ($a1.lo32 == 1) | |
| action ALLOW; | |
| # filter for syscall "rt_sigaction" (13) [priority: 65526] | |
| if ($syscall == 13) | |
| if ($a0.hi32 == 0) | |
| if ($a0.lo32 == 25) | |
| action ALLOW; | |
| if ($a0.lo32 == 17) | |
| action ALLOW; | |
| if ($a0.lo32 == 15) | |
| action ALLOW; | |
| if ($a0.lo32 == 13) | |
| action ALLOW; | |
| if ($a0.lo32 == 12) | |
| action ALLOW; | |
| if ($a0.lo32 == 10) | |
| action ALLOW; | |
| if ($a0.lo32 == 2) | |
| action ALLOW; | |
| if ($a0.lo32 == 1) | |
| action ALLOW; | |
| # filter for syscall "setsockopt" (54) [priority: 65522] | |
| if ($syscall == 54) | |
| if ($a1.hi32 == 0) | |
| if ($a1.lo32 == 41) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 26) | |
| action ALLOW; | |
| if ($a1.lo32 == 1) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 32) | |
| action ALLOW; | |
| if ($a2.lo32 == 8) | |
| action ALLOW; | |
| if ($a2.lo32 == 7) | |
| action ALLOW; | |
| if ($a2.lo32 == 2) | |
| action ALLOW; | |
| if ($a1.lo32 == 0) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 19) | |
| action ALLOW; | |
| # filter for syscall "getsockopt" (55) [priority: 65520] | |
| if ($syscall == 55) | |
| if ($a1.hi32 == 0) | |
| if ($a1.lo32 == 41) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 80) | |
| action ALLOW; | |
| if ($a1.lo32 == 6) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 11) | |
| action ALLOW; | |
| if ($a1.lo32 == 1) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 30) | |
| action ALLOW; | |
| if ($a2.lo32 == 7) | |
| action ALLOW; | |
| if ($a2.lo32 == 4) | |
| action ALLOW; | |
| if ($a1.lo32 == 0) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 80) | |
| action ALLOW; | |
| # filter for syscall "mmap2" (4294957267) [priority: 65519] | |
| if ($syscall == 4294957267) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 5) | |
| if ($a3.hi32 == 0) | |
| if ($a3.lo32 == 2050) | |
| action ALLOW; | |
| if ($a2.lo32 == 3) | |
| if ($a3.hi32 == 0) | |
| if ($a3.lo32 == 131106) | |
| action ALLOW; | |
| if ($a3.lo32 == 2066) | |
| action ALLOW; | |
| if ($a3.lo32 == 50) | |
| action ALLOW; | |
| if ($a3.lo32 == 34) | |
| action ALLOW; | |
| if ($a2.lo32 == 1) | |
| if ($a3.hi32 == 0) | |
| if ($a3.lo32 == 2) | |
| action ALLOW; | |
| if ($a2.lo32 == 0) | |
| if ($a3.hi32 == 0) | |
| if ($a3.lo32 == 16418) | |
| action ALLOW; | |
| # filter for syscall "mprotect" (10) [priority: 65518] | |
| if ($syscall == 10) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 1) | |
| action ALLOW; | |
| if ($a2.lo32 == 0) | |
| action ALLOW; | |
| if ($a0.hi32 > 32622) | |
| if ($a1.hi32 > 0) | |
| else | |
| if ($a1.hi32 == 0) | |
| if ($a1.lo32 > 20971520) | |
| else | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 3) | |
| action ALLOW; | |
| else | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 3) | |
| action ALLOW; | |
| else | |
| if ($a0.hi32 == 32622) | |
| if ($a0.lo32 >= 1981579264) | |
| else | |
| if ($a1.hi32 > 0) | |
| else | |
| if ($a1.hi32 == 0) | |
| if ($a1.lo32 > 20971520) | |
| else | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 3) | |
| action ALLOW; | |
| else | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 3) | |
| action ALLOW; | |
| if ($a0.lo32 > 2002552863) | |
| if ($a1.hi32 > 0) | |
| else | |
| if ($a1.hi32 == 0) | |
| if ($a1.lo32 > 20971520) | |
| else | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 3) | |
| action ALLOW; | |
| else | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 3) | |
| action ALLOW; | |
| else | |
| if ($a1.hi32 > 0) | |
| else | |
| if ($a1.hi32 == 0) | |
| if ($a1.lo32 > 20971520) | |
| else | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 3) | |
| action ALLOW; | |
| else | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 3) | |
| action ALLOW; | |
| # filter for syscall "socket" (41) [priority: 65505] | |
| if ($syscall == 41) | |
| if ($a0.hi32 == 0) | |
| if ($a0.lo32 == 16) | |
| if ($a1.hi32 & 0xffffffff == 0) | |
| if ($a1.lo32 & 0xfff7ffff == 3) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 0) | |
| action ALLOW; | |
| if ($a0.lo32 == 10) | |
| if ($a1.hi32 & 0xffffffff == 0) | |
| if ($a1.lo32 & 0xfff7f7ff == 2) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 17) | |
| action ALLOW; | |
| if ($a2.lo32 == 0) | |
| action ALLOW; | |
| if ($a1.lo32 & 0xfff7f7ff == 1) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 6) | |
| action ALLOW; | |
| if ($a0.lo32 == 2) | |
| if ($a1.hi32 & 0xffffffff == 0) | |
| if ($a1.lo32 & 0xfff7f7ff == 2) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 17) | |
| action ALLOW; | |
| if ($a2.lo32 == 0) | |
| action ALLOW; | |
| if ($a1.lo32 & 0xfff7f7ff == 1) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 6) | |
| action ALLOW; | |
| if ($a0.lo32 == 1) | |
| if ($a1.hi32 & 0xffffffff == 0) | |
| if ($a1.lo32 & 0xfff7f7ff == 2) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 0) | |
| action ALLOW; | |
| if ($a1.lo32 & 0xfff7f7ff == 1) | |
| action ALLOW; | |
| # filter for syscall "rename" (82) [priority: 65480] | |
| if ($syscall == 82) | |
| if ($a0.hi32 == 32622) | |
| if ($a0.lo32 == 2002551612) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551634) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002551564) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551590) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002551508) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551538) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002551432) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551472) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002551364) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551400) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002551337) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551314) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002551287) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551314) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002551256) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551287) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002551228) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551204) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002551176) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551204) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002551144) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551176) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002551118) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551096) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002551066) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002550851) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002551051) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002550899) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002551019) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551037) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002550971) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002550997) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002550925) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002550950) | |
| action ALLOW; | |
| if ($a0.lo32 == 2002550851) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551096) | |
| action ALLOW; | |
| # filter for syscall "openat" (257) [priority: 65478] | |
| if ($syscall == 257) | |
| if ($a2.hi32 & 0xffffffff == 0) | |
| if ($a2.lo32 & 0xfff5f6ff == 0) | |
| action ERRNO(13); | |
| if ($a0.hi32 == 4294967295) | |
| if ($a0.lo32 == 4294967196) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551888) | |
| if ($a2.hi32 == 0) | |
| if ($a2.lo32 == 591872) | |
| action ALLOW; | |
| if ($a0.hi32 == 0) | |
| if ($a0.lo32 == 4294967196) | |
| if ($a1.hi32 == 32622) | |
| if ($a1.lo32 == 2002551878) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551846) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551816) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551791) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551778) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551765) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551753) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551742) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551728) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551711) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551686) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551652) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551634) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551612) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551590) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551564) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551538) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551508) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551472) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551432) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551400) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551364) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551337) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551314) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551287) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551256) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551228) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551204) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551176) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551144) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551118) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551096) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551066) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551051) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551037) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002551019) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002550997) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002550971) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002550950) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002550925) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002550920) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002550899) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002550851) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002550842) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002550817) | |
| action ALLOW; | |
| if ($a1.lo32 == 2002550784) | |
| action ALLOW; | |
| # default action | |
| action TRAP; | |
| # invalid architecture action | |
| action KILL; | |
| # | |
| # pseudo filter code end | |
| # |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment