######################
# IPTABLES ETHERNET #
######################
IPTABLES_IN_DEVICE (IN=%{WORD:iptables_in_device}?)
IPTABLES_OUT_DEVICE (OUT=%{WORD:iptables_out_device}?)
IPTABLES_MAC_ADDRESS (MAC=(?<mac_address>\S*))
IPTABLES_ETHERNET %{IPTABLES_IN_DEVICE}? %{IPTABLES_OUT_DEVICE}? %{IPTABLES_MAC_ADDRESS}?\s*

##############
# IPTABLES IP #
##############
FRAGFLAG ((?<= )(CE|DF|MF))*

IPTABLES_IP_SRC SRC=%{IP:iptables_src_ip}
IPTABLES_IP_DST DST=%{IP:iptables_dst_ip}
IPTABLES_IP_LEN LEN=%{NUMBER:iptables_len}
IPTABLES_IP_TOS TOS=%{WORD:iptables_tos}
IPTABLES_IP_PREC PREC=%{WORD:iptables_prec}
IPTABLES_IP_TTL TTL=%{WORD:iptables_ttl}
IPTABLES_IP_ID (ID=%{NUMBER:iptables_id}?)
IPTABLES_IP_FRAGFLAG %{FRAGFLAG:iptables_fragment_flags}

IPTABLES_IP %{IPTABLES_IP_SRC}? %{IPTABLES_IP_DST}? %{IPTABLES_IP_LEN}? %{IPTABLES_IP_TOS}? %{IPTABLES_IP_PREC}? %{IPTABLES_IP_TTL}? %{IPTABLES_IP_ID}? %{IPTABLES_IP_FRAGFLAG}?\s*

#################
# IPTABLES ICMP #
#################
IPTABLES_ICMP TYPE=%{NUMBER:iptables_icmp_type}

################
# IPTABLES UDP #
################
IPTABLES_UDP %{IPTABLES_PORTS} LEN=%{NUMBER:iptables_udp_len}

################
# IPTABLES TCP #
################
IPTABLES_TCP %{IPTABLES_PORTS}

####################
# IPTABLES PAYLOAD #
####################
IPTABLES_PORTS SPT=%{NUMBER:iptables_src_port} DPT=%{NUMBER:iptables_dst_port}
IPTABLES_PAYLOAD PROTO=%{WORD:iptables_protocol} (%{IPTABLES_TCP}|%{IPTABLES_UDP}|%{IPTABLES_ICMP})

#################
# MAIN MESSAGE #
#################
IPTABLES_MESSAGE (?<status>.*) %{IPTABLES_ETHERNET}%{IPTABLES_IP}%{IPTABLES_PAYLOAD}
