# KILLSTREAM

The `KILLSTREAM` command inspects network traffic for activity on the specified ports which matches a regular expression.  The stream is then terminated via a TCP FIN injection.

## Options

The `KILLSTREAM` command expects several options:

```
KILLSTREAM [interface] [direction] [expression] [port] ... [portN]
```

### Interface

`KILLSTREAM` requires a network interface.  Typically on the Packet Squirrel this is `br-lan`, the virtual interface which connects the Ethernet ports.

### Direction

`KILLSTREAM` requires a direction:  It can match on `CLIENT` requests, `SERVER` responses, or packets in `ANY` direction.

### Expression

`KILLSTREAM` matches on a basic [regular expression](https://en.wikipedia.org/wiki/Regular_expression).

This expression can be as simple as the text to match, such as `"Authorization: Basic"`, or a complex match such as `"[0-9]{4}-[0-9]{4}-[0-9]{4}-[0-9]{4}"`to match four groups of four digits.

### Ports

`KILLSTREAM` can match any number of ports.

## Examples

The most basic use of the `KILLSTREAM` command is to prevent streams with specified content.  For instance to kill any stream using HTTP Basic authentication, while allowing normal HTTP traffic:

```bash
#!/bin/bash 

# Title: Killstream example
#
# Description: Prevent HTTP Basic Authorization requests

# Set bridge mode
NETMODE BRIDGE

LED R SINGLE

# Wait for any basic-auth on port 80
KILLSTREAM br-lan ANY 'Authorization: Basic' 80

```