Cross Reference: /freebsd-10-stable/contrib/ipfilter/BNF

Deleted Added

sdiff udiff text old ( 22514 ) new ( 31183 )

full compact

BNF (22514)	BNF (31183)
1filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ]	1filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ]
2 [ proto ] [ ip ] .	2 [ proto ] [ ip ] [ group ].
3 4insert = "@" decnumber .	3 4insert = "@" decnumber .
5action = block \| "pass" \| log \| "count" \| call .	5action = block \| "pass" \| log \| "count" \| skip \| auth \| call .
6in-out = "in" \| "out" . 7options = [ log ] [ "quick" ] [ "on" interface-name [ dup ] [ froute ] ] . 8tos = "tos" decnumber \| "tos" hexnumber . 9ttl = "ttl" decnumber . 10proto = "proto" protocol . 11ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] .	6in-out = "in" \| "out" . 7options = [ log ] [ "quick" ] [ "on" interface-name [ dup ] [ froute ] ] . 8tos = "tos" decnumber \| "tos" hexnumber . 9ttl = "ttl" decnumber . 10proto = "proto" protocol . 11ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] .
	12group = [ "head" decnumber ] [ "group" decnumber ] .
12 13block = "block" [ "return-icmp"[return-code] \| "return-rst" ] .	13 14block = "block" [ "return-icmp"[return-code] \| "return-rst" ] .
	15auth = "auth" \| "preauth" .
14log = "log" [ "body" ] [ "first" ] [ "or-block" ] . 15call = "call" [ "now" ] function-name .	16log = "log" [ "body" ] [ "first" ] [ "or-block" ] . 17call = "call" [ "now" ] function-name .
	18skip = "skip" decnumber .
16dup = "dup-to" interface-name[":"ipaddr] . 17froute = "fastroute" \| "to" interface-name . 18protocol = "tcp/udp" \| "udp" \| "tcp" \| "icmp" \| decnumber . 19srcdst = "all" \| fromto . 20fromto = "from" object "to" object . 21 22object = addr [ port-comp \| port-range ] . 23addr = "any" \| nummask \| host-name [ "mask" ipaddr \| "mask" hexnumber ] . --- 15 unchanged lines hidden (view full) --- 39opttype = "ipopts" \| "short" \| "frag" \| "opt" ipopts . 40optname = ipopts [ "," optname ] . 41ipopts = optlist \| "sec-class" [ secname ] . 42secname = seclvl [ "," secname ] . 43seclvl = "unclass" \| "confid" \| "reserv-1" \| "reserv-2" \| "reserv-3" \| 44 "reserv-4" \| "secret" \| "topsecret" . 45icmp-type = "unreach" \| "echo" \| "echorep" \| "squench" \| "redir" \| 46 "timex" \| "paramprob" \| "timest" \| "timestrep" \| "inforeq" \|	19dup = "dup-to" interface-name[":"ipaddr] . 20froute = "fastroute" \| "to" interface-name . 21protocol = "tcp/udp" \| "udp" \| "tcp" \| "icmp" \| decnumber . 22srcdst = "all" \| fromto . 23fromto = "from" object "to" object . 24 25object = addr [ port-comp \| port-range ] . 26addr = "any" \| nummask \| host-name [ "mask" ipaddr \| "mask" hexnumber ] . --- 15 unchanged lines hidden (view full) --- 42opttype = "ipopts" \| "short" \| "frag" \| "opt" ipopts . 43optname = ipopts [ "," optname ] . 44ipopts = optlist \| "sec-class" [ secname ] . 45secname = seclvl [ "," secname ] . 46seclvl = "unclass" \| "confid" \| "reserv-1" \| "reserv-2" \| "reserv-3" \| 47 "reserv-4" \| "secret" \| "topsecret" . 48icmp-type = "unreach" \| "echo" \| "echorep" \| "squench" \| "redir" \| 49 "timex" \| "paramprob" \| "timest" \| "timestrep" \| "inforeq" \|
47 "inforep" \| "maskreq" \| "maskrep" \| decnumber .	50 "inforep" \| "maskreq" \| "maskrep" \| "routerad" \| 51 "routersol" \| decnumber .
48icmp-code = decumber \| "net-unr" \| "host-unr" \| "proto-unr" \| "port-unr" \| 49 "needfrag" \| "srcfail" \| "net-unk" \| "host-unk" \| "isolate" \| 50 "net-prohib" \| "host-prohib" \| "net-tos" \| "host-tos" . 51optlist = "nop" \| "rr" \| "zsu" \| "mtup" \| "mtur" \| "encode" \| "ts" \| "tr" \| 52 "sec" \| "lsrr" \| "e-sec" \| "cipso" \| "satid" \| "ssrr" \| "addext" \| 53 "visa" \| "imitd" \| "eip" \| "finn" . 54 55hexnumber = "0" "x" hexstring . 56hexstring = hexdigit [ hexstring ] . 57decnumber = digit [ decnumber ] . 58 59compare = "=" \| "!=" \| "<" \| ">" \| "<=" \| ">=" \| "eq" \| "ne" \| "lt" \| "gt" \| 60 "le" \| "ge" . 61range = "<>" \| "><" . 62hexdigit = digit \| "a" \| "b" \| "c" \| "d" \| "e" \| "f" . 63digit = "0" \| "1" \| "2" \| "3" \| "4" \| "5" \| "6" \| "7" \| "8" \| "9" . 64flag = "F" \| "S" \| "R" \| "P" \| "A" \| "U" .	52icmp-code = decumber \| "net-unr" \| "host-unr" \| "proto-unr" \| "port-unr" \| 53 "needfrag" \| "srcfail" \| "net-unk" \| "host-unk" \| "isolate" \| 54 "net-prohib" \| "host-prohib" \| "net-tos" \| "host-tos" . 55optlist = "nop" \| "rr" \| "zsu" \| "mtup" \| "mtur" \| "encode" \| "ts" \| "tr" \| 56 "sec" \| "lsrr" \| "e-sec" \| "cipso" \| "satid" \| "ssrr" \| "addext" \| 57 "visa" \| "imitd" \| "eip" \| "finn" . 58 59hexnumber = "0" "x" hexstring . 60hexstring = hexdigit [ hexstring ] . 61decnumber = digit [ decnumber ] . 62 63compare = "=" \| "!=" \| "<" \| ">" \| "<=" \| ">=" \| "eq" \| "ne" \| "lt" \| "gt" \| 64 "le" \| "ge" . 65range = "<>" \| "><" . 66hexdigit = digit \| "a" \| "b" \| "c" \| "d" \| "e" \| "f" . 67digit = "0" \| "1" \| "2" \| "3" \| "4" \| "5" \| "6" \| "7" \| "8" \| "9" . 68flag = "F" \| "S" \| "R" \| "P" \| "A" \| "U" .