Cloudflare Docs
Magic-Firewall
Cloudflare Docs
Magic Firewall
Search icon (depiction of a magnifying glass)
GitHub icon
Visit Magic Firewall on GitHub
Set theme to dark (⇧+D)

Magic Firewall fields

Field Name Description

cf.colo.name
String

 The data center that is handling this traffic.
Example value: sfo06

cf.colo.region
String

 Region of the data center that is handling this traffic.
Example value: WNAM

icmp
String

 The raw ICMP packet as a list of bytes. It should be used in conjunction with the bit_slice function when other structured fields are lacking.

icmp.type
Number

 The ICMP type. Only applies to ICMP packets.
Example value: 8

icmp.code
Number

 The ICMP code. Only applies to ICMP packets.
Example value: 2

ip
String

 The raw IP packet as a list of bytes. It should be used in conjunction with the bit_slice function when other structured fields are lacking.

ip.dst
IP Address

 The destination address as specified in the IP packet.
Example value: 192.0.2.2

ip.geoip.country
String

 Represents the 2-letter country code associated with the client IP address in ISO 3166-1 Alpha 2 format.
Example value: GB

For more information on the ISO 3166-1 Alpha 2 format, see ISO 3166-1 Alpha 2 on Wikipedia.

This field matches on both source and destination IP addresses.

ip.hdr_len
Number

 The length of the IPv4 header in bytes.
Example value: 5

ip.len
Number

 The length of the packet including the header.
Example value: 60

ip.opt.type
Number

 The first byte of IP options field, if the options field is set.
Example value: 25

ip.proto
String

 The transport layer for the packet, if it can be determined.
Example values: icmp, tcp

ip.src
IP Address

 The source address of the IP Packet.

ip.ttl
Number

 The time-to-live of the IP Packet.
Example values: 54

tcp
String

 The raw TCP packet as a list of bytes. It should be used in conjunction with the bit_slice function when other structured fields are lacking.

tcp.flags
Number

 The numeric value of the TCP flags byte.

tcp.flags.ack
Boolean

 TCP acknowledgment flag.

tcp.flags.cwr
Boolean

 TCP congestion window reduced flag.

tcp.flags.ecn
Boolean

 TCP ECN-Echo flag.

tcp.flags.fin
Boolean

 TCP flag indicating this is the last packet from sender.

tcp.flags.push
Boolean

 TCP push flag.

tcp.flags.reset
Boolean

 TCP reset flag.

tcp.flags.syn
Boolean

 TCP synchronize flag.

tcp.flags.urg
Boolean

 TCP urgent flag.

tcp.srcport
Number

 Source port number of the IP packet. Only applies to TCP packets.

tcp.dstport
Number

 Destination port number of the IP packet. Only applies to TCP packets.

udp
String

 The raw UDP packet as a list of bytes. It should be used in conjunction with the bit_slice function when other structured fields are lacking.

udp.dstport
Number

 Destination port number of the IP packet. Only applies to UDP packets.

udp.srcport
Number

 Source port number of the IP packet. Only applies to UDP packets.