The general host syntax is [FAMILY:]ADDRESS[:PORT].
FAMILY must be one of the families supported by the -f option. If
not given it defaults to the family given with the -f option, and
if that is also missing, will assume either inet or inet6. Note
that all host conditions in the expression should either all be
the same family or be only inet and inet6. If there is some other
mixture of families, the results will probably be unexpected.
The form of ADDRESS and PORT depends on the family used. "*" can
be used as a wildcard for either the address or port. The details
for each family are as follows:
unix ADDRESS is a glob pattern (see fnmatch(3)) that will be
matched case-insensitively against the unix socket's
address. Both path and abstract names are supported. Unix
addresses do not support a port, and "*" cannot be used as
a wildcard.
link ADDRESS is the case-insensitive name of an Ethernet
protocol to match. PORT is either a device name or a
device index for the desired link device, as seen in the
output of ip link.
netlink
ADDRESS is a descriptor of the netlink family. Possible
values come from /etc/iproute2/nl_protos. PORT is the port
id of the socket, which is usually the same as the owning
process id. The value "kernel" can be used to represent
the kernel (port id of 0).
vsock ADDRESS is an integer representing the CID address, and
PORT is the port.
inet and inet6
ADDRESS is an ip address (either v4 or v6 depending on the
family) or a DNS hostname that resolves to an ip address
of the required version. An ipv6 address must be enclosed
in "[" and "]" to disambiguate the port separator. The
address may additionally have a prefix length given in
CIDR notation (a slash followed by the prefix length in
bits). PORT is either the numerical socket port, or the
service name for the port to match.
