diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-03-07 13:17:41 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2002-03-07 13:17:41 +0000 |
| commit | f095b92f6f22470b964c589e49699e54ac846ad4 (patch) | |
| tree | cc0c785291fbd100cb79fa443527bae009708189 /share | |
| parent | ac4e86585428efb96399370183ae8c75f91c3d56 (diff) | |
Add interface-list to BNF, re-indent and wrap. Found by Attila Nagy.
Diffstat (limited to 'share')
| -rw-r--r-- | share/man/man5/pf.conf.5 | 75 |
1 files changed, 40 insertions, 35 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index a9af66c499c..2f28973b5ab 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.33 2002/02/23 01:22:54 dhartmei Exp $ +.\" $OpenBSD: pf.conf.5,v 1.34 2002/03/07 13:17:40 dhartmei Exp $ .\" .\" Copyright (c) 2001, Daniel Hartmeier .\" All rights reserved. @@ -44,50 +44,55 @@ performed. .Sh GRAMMAR Syntax for filter rules in BNF: .Bd -literal -rule = action ( "in" | "out" ) - [ "log" | "log-all" ] [ "quick" ] - [ "on" interface-name ] [ route ] [ af ] - [ "proto" ( proto-name | proto-number | "{" proto-list "}" ) ] - hosts - [ flags ] ( [ icmp-type ] | [ ipv6-icmp-type ] ) - [ "keep state" ] [ "modulate state" ] - [ "no-df" ] [ "min-ttl" number ] [ "allow-opts" ] - [ "label" string ] . +rule = action ( "in" | "out" ) + [ "log" | "log-all" ] [ "quick" ] + [ "on" ( interface-name | "{" interface-list "}" ) ] + [ route ] [ af ] + [ "proto" ( proto-name | proto-number | + "{" proto-list "}" ) ] + hosts + [ flags ] ( [ icmp-type ] | [ ipv6-icmp-type ] ) + [ "keep state" ] [ "modulate state" ] + [ "no-df" ] [ "min-ttl" number ] [ "allow-opts" ] + [ "label" string ] . -action = "pass" | "block" [ return ] | "scrub" . -return = "return-rst" | - "return-icmp" [ "(" ( icmp-code-name | icmp-code-number ) ")" ] | - "return-icmp6" [ "(" ( icmp-code-name | icmp-code-number ) ")" ] . +action = "pass" | "block" [ return ] | "scrub" . +return = "return-rst" | + "return-icmp" + [ "(" ( icmp-code-name | icmp-code-number ) ")" ] | + "return-icmp6" + [ "(" ( icmp-code-name | icmp-code-number ) ")" ] . -af = "inet" | "inet6" . -proto-list = ( proto-name | proto-number ) [ "," proto-list ] . +interface-list = interface-name [ "," interface-list ] . +af = "inet" | "inet6" . +proto-list = ( proto-name | proto-number ) [ "," proto-list ] . -hosts = "all" | - "from" ( "any" | host | "{" host-list "}" ) [ port ] - "to" ( "any" | host | "{" host-list "}" ) [ port ] . +hosts = "all" | + "from" ( "any" | host | "{" host-list "}" ) [ port ] + "to" ( "any" | host | "{" host-list "}" ) [ port ] . -host = [ "!" ] address [ "/" mask-bits ] . -address = ( interface-name | host-name | ipv4-dotted-quad | - ipv6-coloned-hex ) . -host-list = host [ "," host-list ] . -port = "port" ( unary-op | binary-op | "{" port-list "}" ) . -port-list = ( unary-op | binary-op ) [ "," port-list ] . -unary-op = [ "=" | "!=" | "<" | "<=" | ">" | ">=" ] - ( port-name | port-number ) . -binary-op = port-number ( "<>" | "><" ) port-number . +host = [ "!" ] address [ "/" mask-bits ] . +address = ( interface-name | host-name | ipv4-dotted-quad | + ipv6-coloned-hex ) . +host-list = host [ "," host-list ] . +port = "port" ( unary-op | binary-op | "{" port-list "}" ) . +port-list = ( unary-op | binary-op ) [ "," port-list ] . +unary-op = [ "=" | "!=" | "<" | "<=" | ">" | ">=" ] + ( port-name | port-number ) . +binary-op = port-number ( "<>" | "><" ) port-number . -flags = "flags" ( flag-set | flag-set "/" flag-set | "/" flag-set ) . -flag-set = [ "F" ] [ "S" ] [ "R" ] [ "P" ] [ "A" ] [ "U" ] . +flags = "flags" ( flag-set | flag-set "/" flag-set | "/" flag-set ) . +flag-set = [ "F" ] [ "S" ] [ "R" ] [ "P" ] [ "A" ] [ "U" ] . -icmp-type = "icmp-type" ( icmp-type-code | "{" icmp-list "}" ) . +icmp-type = "icmp-type" ( icmp-type-code | "{" icmp-list "}" ) . ipv6-icmp-type = "ipv6-icmp-type" ( icmp-type-code | "{" icmp-list "}" ) . icmp-type-code = ( icmp-type-name | icmp-type-number ) [ "code" ( icmp-code-name | icmp-code-number ) ] . -icmp-list = icmp-type-code [ "," icmp-list ] . +icmp-list = icmp-type-code [ "," icmp-list ] . -route = "fastroute" | - "route-to" interface-name[":"address] | - "dup-to" interface-name[":"address] +route = "fastroute" | + "route-to" interface-name[":"address] | + "dup-to" interface-name[":"address] .Ed .Sh FILTER RULES |