| BNF (31183) | BNF (53024) |
|---|---|
| 1filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ] 2 [ proto ] [ ip ] [ group ]. 3 4insert = "@" decnumber . 5action = block | "pass" | log | "count" | skip | auth | call . 6in-out = "in" | "out" . 7options = [ log ] [ "quick" ] [ "on" interface-name [ dup ] [ froute ] ] . 8tos = "tos" decnumber | "tos" hexnumber . 9ttl = "ttl" decnumber . 10proto = "proto" protocol . 11ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] . 12group = [ "head" decnumber ] [ "group" decnumber ] . 13 | 1filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ] 2 [ proto ] [ ip ] [ group ]. 3 4insert = "@" decnumber . 5action = block | "pass" | log | "count" | skip | auth | call . 6in-out = "in" | "out" . 7options = [ log ] [ "quick" ] [ "on" interface-name [ dup ] [ froute ] ] . 8tos = "tos" decnumber | "tos" hexnumber . 9ttl = "ttl" decnumber . 10proto = "proto" protocol . 11ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] . 12group = [ "head" decnumber ] [ "group" decnumber ] . 13 |
| 14block = "block" [ "return-icmp"[return-code] | "return-rst" ] . | 14block = "block" [ icmp [return-code] | "return-rst" ] . |
| 15auth = "auth" | "preauth" . | 15auth = "auth" | "preauth" . |
| 16log = "log" [ "body" ] [ "first" ] [ "or-block" ] . | 16log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] . |
| 17call = "call" [ "now" ] function-name . 18skip = "skip" decnumber . 19dup = "dup-to" interface-name[":"ipaddr] . 20froute = "fastroute" | "to" interface-name . 21protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber . 22srcdst = "all" | fromto . 23fromto = "from" object "to" object . 24 | 17call = "call" [ "now" ] function-name . 18skip = "skip" decnumber . 19dup = "dup-to" interface-name[":"ipaddr] . 20froute = "fastroute" | "to" interface-name . 21protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber . 22srcdst = "all" | fromto . 23fromto = "from" object "to" object . 24 |
| 25icmp = "return-icmp" | "return-icmp-as-dest" . 26loglevel = facility"."priority | priority . |
|
| 25object = addr [ port-comp | port-range ] . 26addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] . 27port-comp = "port" compare port-num . 28port-range = "port" port-num range port-num . 29flags = "flags" flag { flag } [ "/" flag { flag } ] . 30with = "with" | "and" . 31icmp = "icmp-type" icmp-type [ "code" decnumber ] . 32return-code = "("icmp-code")" . --- 17 unchanged lines hidden (view full) --- 50 "inforep" | "maskreq" | "maskrep" | "routerad" | 51 "routersol" | decnumber . 52icmp-code = decumber | "net-unr" | "host-unr" | "proto-unr" | "port-unr" | 53 "needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" | 54 "net-prohib" | "host-prohib" | "net-tos" | "host-tos" . 55optlist = "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" | "tr" | 56 "sec" | "lsrr" | "e-sec" | "cipso" | "satid" | "ssrr" | "addext" | 57 "visa" | "imitd" | "eip" | "finn" . | 27object = addr [ port-comp | port-range ] . 28addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] . 29port-comp = "port" compare port-num . 30port-range = "port" port-num range port-num . 31flags = "flags" flag { flag } [ "/" flag { flag } ] . 32with = "with" | "and" . 33icmp = "icmp-type" icmp-type [ "code" decnumber ] . 34return-code = "("icmp-code")" . --- 17 unchanged lines hidden (view full) --- 52 "inforep" | "maskreq" | "maskrep" | "routerad" | 53 "routersol" | decnumber . 54icmp-code = decumber | "net-unr" | "host-unr" | "proto-unr" | "port-unr" | 55 "needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" | 56 "net-prohib" | "host-prohib" | "net-tos" | "host-tos" . 57optlist = "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" | "tr" | 58 "sec" | "lsrr" | "e-sec" | "cipso" | "satid" | "ssrr" | "addext" | 59 "visa" | "imitd" | "eip" | "finn" . |
| 60facility = "kern" | "user" | "mail" | "daemon" | "auth" | "syslog" | 61 "lpr" | "news" | "uucp" | "cron" | "ftp" | "authpriv" | 62 "audit" | "logalert" | "local0" | "local1" | "local2" | 63 "local3" | "local4" | "local5" | "local6" | "local7" . 64priority = "emerg" | "alert" | "crit" | "err" | "warn" | "notice" | 65 "info" | "debug" . |
|
| 58 59hexnumber = "0" "x" hexstring . 60hexstring = hexdigit [ hexstring ] . 61decnumber = digit [ decnumber ] . 62 63compare = "=" | "!=" | "<" | ">" | "<=" | ">=" | "eq" | "ne" | "lt" | "gt" | 64 "le" | "ge" . 65range = "<>" | "><" . 66hexdigit = digit | "a" | "b" | "c" | "d" | "e" | "f" . 67digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" . 68flag = "F" | "S" | "R" | "P" | "A" | "U" . | 66 67hexnumber = "0" "x" hexstring . 68hexstring = hexdigit [ hexstring ] . 69decnumber = digit [ decnumber ] . 70 71compare = "=" | "!=" | "<" | ">" | "<=" | ">=" | "eq" | "ne" | "lt" | "gt" | 72 "le" | "ge" . 73range = "<>" | "><" . 74hexdigit = digit | "a" | "b" | "c" | "d" | "e" | "f" . 75digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" . 76flag = "F" | "S" | "R" | "P" | "A" | "U" . |