To get the destination port out of a line which also contains "firewall" and "deny", you could use the following regular expression:

m/firewall.+deny.+ (\d+) syn/
[download]

Translated it means: match "firewall" followed by some characters, followed by "deny" followed by some more characters, followed by a space, some digits, another space and "syn"; also save the digits you found in the special variable $1.

CountZero

"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law