diff options
| author | darrenr <darrenr@FreeBSD.org> | 2005-04-25 17:31:50 +0000 |
|---|---|---|
| committer | darrenr <darrenr@FreeBSD.org> | 2005-04-25 17:31:50 +0000 |
| commit | d438802dcb3e270d6fcc65f075c808c64853a7c2 (patch) | |
| tree | e2e1c7115044e6dfc86ff65598566fa32e5f7421 /contrib/ipfilter/BNF | |
| parent | 590450fec65a8e72a8965117398bc8f14938b4a8 (diff) | |
| download | FreeBSD-src-d438802dcb3e270d6fcc65f075c808c64853a7c2.zip FreeBSD-src-d438802dcb3e270d6fcc65f075c808c64853a7c2.tar.gz | |
import ipfilter 4.1.8 into the vendor branch
Diffstat (limited to 'contrib/ipfilter/BNF')
| -rw-r--r-- | contrib/ipfilter/BNF | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/contrib/ipfilter/BNF b/contrib/ipfilter/BNF index cf30ab6..404cc28 100644 --- a/contrib/ipfilter/BNF +++ b/contrib/ipfilter/BNF @@ -1,25 +1,26 @@ filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ] - [ proto ] [ ip ] [ group ]. + [ proto ] [ ip ] [ group ] [ tag ] [ pps ] . insert = "@" decnumber . -action = block | "no-match" | "pass" | log | "count" | skip | auth | call . +action = block | "pass" | log | "count" | auth | call . in-out = "in" | "out" . -options = [ log ] [ "quick" ] [ "on" interface-name [ dup ] [ froute ] - [ via ] ] . +options = [ log ] [ "quick" ] [ onif [ dup ] [ froute ] ] . tos = "tos" decnumber | "tos" hexnumber . ttl = "ttl" decnumber . proto = "proto" protocol . ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] . group = [ "head" decnumber ] [ "group" decnumber ] . +pps = "pps" decnumber . +onif = "on" interface-name [ "out-via" interface-name ] . block = "block" [ return-icmp[return-code] | "return-rst" ] . auth = "auth" | "preauth" . log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] . -call = "call" [ "now" ] function-name . -skip = "skip" decnumber . +tag = "tag" tagid . +call = "call" [ "now" ] function-name "/" decnumber. dup = "dup-to" interface-name[":"ipaddr] . -via = "in-via" interface-name | "out-via" interface-name . -froute = "fastroute" | "to" interface-name [ ":" ipaddr ] . +froute = "fastroute" | "to" interface-name . +replyto = "reply-to" interface-name [ ":" ipaddr ] . protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber . srcdst = "all" | fromto . fromto = "from" object "to" object . @@ -34,8 +35,7 @@ flags = "flags" flag { flag } [ "/" flag { flag } ] . with = "with" | "and" . icmp = "icmp-type" icmp-type [ "code" decnumber ] . return-code = "("icmp-code")" . -keep = "keep" "state" | "keep" "frags" | "keep" "state-age" state-age . -state-age = decnmber [ "/" decnumber ] . +keep = "keep" "state" [ "limit" number ] | "keep" "frags" . nummask = host-name [ "/" decnumber ] . host-name = ipaddr | hostname | "any" . @@ -43,8 +43,9 @@ ipaddr = host-num "." host-num "." host-num "." host-num . host-num = digit [ digit [ digit ] ] . port-num = service-name | decnumber . -withopt = [ "not" | "no" ] opttype [ withopt ] . -opttype = "ipopts" | "short" | "frag" | "opt" ipopts . +withopt = [ "not" | "no" ] opttype [ [ "," ] withopt ] . +opttype = "ipopts" | "short" | "nat" | "bad-src" | "lowttl" | "frag" | + "mbcast" | "opt" ipopts . optname = ipopts [ "," optname ] . ipopts = optlist | "sec-class" [ secname ] . secname = seclvl [ "," secname ] . @@ -77,4 +78,4 @@ compare = "=" | "!=" | "<" | ">" | "<=" | ">=" | "eq" | "ne" | "lt" | "gt" | range = "<>" | "><" . hexdigit = digit | "a" | "b" | "c" | "d" | "e" | "f" . digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" . -flag = "F" | "S" | "R" | "P" | "A" | "U" . +flag = "F" | "S" | "R" | "P" | "A" | "U" | "C" | "W" . |
