activate alert drop dynamic log pass reject sdrop $EXTERNAL_NET $HOME_NET $HTTP_PORTS any dcerpc dnp3 dns enip ftp http icmp imap ip modbus msn nfs ntp smb smtp ssh tcp tls udp ack app-layer-event app-layer-protocol appid asn1 base64_data base64_decode byte_extract byte_jump byte_test classtype content dce_iface dce_opnum dce_stub_data decode-event depth detection_filter distance dns_query dsize engine-event fast_pattern file_data fileext filemagic filemd5 filename filesize filestore flags flow flowbits flowint flowvar __flowvar__postmatch__ fragbits fragoffset ftpbounce geoip gid hostbits http_client_body http_cookie http_header http_host http_method http_raw_header http_raw_host http_raw_uri http_server_body http_stat_code http_stat_msg http_uri http_user_agent icmp_id icmp_seq icmpv4-csum icmpv6-csum icode id ip_proto ipopts iprep ipv4-csum isdataat itype l3_proto lua metadata modbus msg name nfq_set_mark noalert nocase offset pcre pkt_data pktvar priority rawbytes reference replace rev rpc sameip seq sid ssl_state ssl_version stream-event stream_size tag tcpv4-csum tcpv6-csum template threshold tls_sni tos ttl udpv4-csum udpv6-csum uricontent urilen window within xbits