From UntangleWiki

Untangle Server User's Guide

Contents 1 About Untangle Rule Syntax 2 IP Matcher 3 Port Matcher 4 URL Matcher 5 User Matcher 6 Group Matcher 7 Glob Matcher 8 Time of Day Matcher 9 Day of Week Matcher 10 Rule Builder

About Untangle Rule Syntax

Throughout the Untangle Server Administrative Interface, Administrators must enter information about their network and web locations. In some cases the values entered can be exact, and in others the text entered indicates a range of values.

The following describe common syntaxes to describe IPs, ports, strings, URLs, etc.

IP Matcher

IP Matcher syntax is a that describes an IP address or set of IP addresses. This can be used, for example, in Firewall or Policy Manager rules to match against certain traffic.

IP Matcher can be any of the following:

Name	Example	Description
Any Matcher	any	matches all addresses
Single IP	1.2.3.4	matches the single IP address
Range of IPs	1.2.3.4-1.2.3.100	matches all the IPs in the range
CIDR range	192.168.1.0/24	matches all the IPs in that subnet
List of IP Matchers*	1.2.3.4,1.2.3.5,1.2.3.10-1.2.3.15	matches all the IPs in the list and in that range

^* May not be available in all places.

Port Matcher

Port Matcher syntax is a that describes a port or set of ports. This can be used, for example, in Firewall or Policy Manager rules to match against certain traffic.

Port Matcher can be any of the following:

Name	Example	Description
Any Matcher	any	matches all ports
Single Port	80	matches that single port
Range of Ports	1024-65535	matches all the Ports in the range
List of Port Matchers*	80,443,8080-8088	matches all 80, 443, and 8080 through 8088

^* - Not available in all places (like config->networking)

URL Matcher

The URL Matcher Syntax describes all or part of a website.

Example	Matches	Does not Match
example.com	http://example.com/, http://www.example.com/, http://example.com/foo	http://example.net
example.com/bar	http://example.com/bar/test.html, http://www.example.com/bar	http://example.com/foo
*porn*	http://pornsite.com/	http://foobar.com
example???.com/	http://example123.com	http://example1.com
example.com/foo	http://example.com/foo, http://abc.example.com/foobar	http://example.com/

URL Matchers use globs which are describe more in depth in the Glob Matcher documentation.

Important notes:

• The "http://" is often stripped from the rule, it is assumed.
• The left side of the rule is anchored. "foo.com" will match only "foo.com" and not "afoo.com"
• The rule will match subdomains. "foo.com" will not match "afoo.com" but will match "a.foo.com"
• The right side of the rule has an implicit ".*". "foo.com" will match "foo.com/test.html" because it is actually "foo.com.*". "foo.com/bar" is "foo.com/bar.*" which will match "foo.com/bar/baz" and "foo.com/bar2". Also "foo" becomes "foo.*" which will match "foobar.com" and "foo.com"
• "www." is automatically stripped from the rule. This is to prevent the frequent misconfiguration of users adding a block rule for something like "www.pornsite.com" which blocks "www.pornsite.com" but not just "pornsite.com." If you truly desire to only match www.pornsite.com and not pornsite.com then use "*www.pornsite.com" because the "*" will match zero or more characters.
• Similarly "*." is stripped from the rule for the same reason as above. If you truly want all subdomains but not the main domain matched, you can accomplish this by doing "*?.foo.com"

User Matcher

User Matcher syntax is a that describes an user or set of users. This can be used, for example, in Policy Manager or Bandwidth Control rules to match against certain traffic.

User Matcher can be any of the following:

Name	Example	Description
Any Matcher	[any]	matches all users
None Matcher	[none]	matches no users
Any Authenticated User	[authenticated]	matches all indentified or authenticated users
Unauthenticated User	[unauthenticated]	matches all unidentified or unauthenticated users
Username	myuser	matches the "myuser" user
Glob Matcher	m*r	matches the "myuser" user
List of User Matchers	myuser1,myuser2	matches "myuser1" and "myuser2"

Group Matcher

Group Matcher syntax is a that describes an user or set of users. This can be used, for example, in Policy Manager or Bandwidth Control rules to match against certain traffic.

Group Matcher can be any of the following:

Name	Example	Description
Any Matcher	[any]	matches all groups
None Matcher	[none]	matches no groups
Groupname	mygroup	matches the "mygroup" group
Glob Matcher	m*p	matches the "mygroup" group
List of Group Matchers	mygroup1,mygroup2	matches "mygroup1" and "mygroup2"

Glob Matcher

The URL Matcher Syntax describes all or part of a website.

Example	Matches	Does not Match
example.com	http://example.com/, http://www.example.com/, http://example.com/foo	http://example.net
example.com/bar	http://example.com/bar/test.html, http://www.example.com/bar	http://example.com/foo
*porn*	http://pornsite.com/	http://foobar.com
example???.com/	http://example123.com	http://example1.com
example.com/foo	http://example.com/foo, http://example.com/foo/bar	http://example.com/foobar

URL Matchers use globs which are describe more in depth in the Glob Matcher documentation.

Important notes:

• The "http://" is often stripped from the rule, it is assumed.
• The left side of the rule is anchored. "foo.com" will match only "foo.com" and not "afoo.com"
• The rule will match subdomains. "foo.com" will not match "afoo.com" but will match "a.foo.com"
• The right side of the rule has an implicit ".*". "foo.com" will match "foo.com/test.html" because it is actually "foo.com.*". "foo.com/bar" is "foo.com/bar.*" which will match "foo.com/bar/baz" and "foo.com/bar2". Also "foo" becomes "foo.*" which will match "foobar.com" and "foo.com"
• "www." is automatically stripped from the rule. This is to prevent the frequent misconfiguration of users adding a block rule for something like "www.pornsite.com" which blocks "www.pornsite.com" but not just "pornsite.com." If you truly desire to only match www.pornsite.com and not pornsite.com then use "*www.pornsite.com" because the "*" will match zero or more characters.
• Similarly "*." is stripped from the rule for the same reason as above. If you truly want all subdomains but not the main domain matched, you can accomplish this by doing "*?.foo.com"

Time of Day Matcher

A "Time of Day" matcher is a syntax used to describe times of day.

A Time of Day Matcher can be any of the following syntax:

Name	Example	Description
Any Matcher	"any"	matches all times of day
Single Time	"11:30"	matches 11:30 AM only
Range of Times	"11:00-14:00"	matches all the times in that range.
Inverted Range of Times	"04:00-02:00"	matches all the times outside that range (all times except 2am->4am)
List of Time of Day Matchers	"11:30,14:00-15:00"	matches 11:30 and 2pm-3pm

Day of Week Matcher

A "Day of Week" matcher is a syntax used to describe times of day.

A Day of Week Matcher can be any of the following syntax:

Name	Example	Description
Any Matcher	"any"	matches all days of the week
Single Day (English name)	"tuesday"	matches Tuesday only
Single Day (Digit 1-7)	"1"	matches Sunday only
List of Time of Day Matchers	"monday,2,wednesday"	matches Monday, Tuesday, and Wednesday

Rule Builder

This table contains a description of matchers for the Rule Builder, which is used throughout Untangle in certain applications and networking areas.

Name	Legal Value	Description
Destination Address	IP Matcher	The Destination IP of the traffic.
Destination Port	Port Matcher	The Destination Port of the traffic.
Destined Local		This will match on any IP the Untangle holds, including aliases. Only recommended if your WAN interface(s) are Dynamic.
Protocol	Checkboxes	The protocol that should be forwarded - check all that apply.
Source Interface	Radio Buttons	The Source Interface of the traffic - choose only one.
Source Address	IP Matcher	The Source Address of the traffic.
Source MAC Address	XX:XX:XX:XX:XX:XX	The MAC Address of the source of the traffic.