| ipf.5 (145519) | ipf.5 (153881) |
|---|---|
| 1.\" $FreeBSD: head/contrib/ipfilter/man/ipf.5 145519 2005-04-25 18:20:15Z darrenr $ | 1.\" $FreeBSD: head/contrib/ipfilter/man/ipf.5 153881 2005-12-30 11:52:26Z guido $ |
| 2.TH IPF 5 3.SH NAME 4ipf, ipf.conf, ipf6.conf \- IP packet filter rule syntax 5.SH DESCRIPTION 6.PP 7A rule file for \fBipf\fP may have any name or even be stdin. As 8\fBipfstat\fP produces parsable rules as output when displaying the internal 9kernel filter lists, it is quite plausible to use its output to feed back --- 42 unchanged lines hidden (view full) --- 52addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] . 53addr = "any" | "<thishost>" | nummask | 54 host-name [ "mask" ipaddr | "mask" hexnumber ] . 55port-comp = "port" compare port-num . 56port-range = "port" port-num range port-num . 57flags = "flags" flag { flag } [ "/" flag { flag } ] . 58with = "with" | "and" . 59icmp = "icmp-type" icmp-type [ "code" decnumber ] . | 2.TH IPF 5 3.SH NAME 4ipf, ipf.conf, ipf6.conf \- IP packet filter rule syntax 5.SH DESCRIPTION 6.PP 7A rule file for \fBipf\fP may have any name or even be stdin. As 8\fBipfstat\fP produces parsable rules as output when displaying the internal 9kernel filter lists, it is quite plausible to use its output to feed back --- 42 unchanged lines hidden (view full) --- 52addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] . 53addr = "any" | "<thishost>" | nummask | 54 host-name [ "mask" ipaddr | "mask" hexnumber ] . 55port-comp = "port" compare port-num . 56port-range = "port" port-num range port-num . 57flags = "flags" flag { flag } [ "/" flag { flag } ] . 58with = "with" | "and" . 59icmp = "icmp-type" icmp-type [ "code" decnumber ] . |
| 60return-code = "("icmp-code")" . 61keep = "keep" "state" | "keep" "frags" . | 60return-code = "(" icmp-code ")" . 61keep = "keep" "state" [ "(" state-options ")" ] | "keep" "frags" . |
| 62loglevel = facility"."priority | priority . 63 64nummask = host-name [ "/" decnumber ] . 65host-name = ipaddr | hostname | "any" . 66ipaddr = host-num "." host-num "." host-num "." host-num . 67host-num = digit [ digit [ digit ] ] . 68port-num = service-name | decnumber . | 62loglevel = facility"."priority | priority . 63 64nummask = host-name [ "/" decnumber ] . 65host-name = ipaddr | hostname | "any" . 66ipaddr = host-num "." host-num "." host-num "." host-num . 67host-num = digit [ digit [ digit ] ] . 68port-num = service-name | decnumber . |
| 69state-options = state-opts [ "," state-options ] . |
|
| 69 | 70 |
| 71state-opts = "age" decnumber [ "/" decnumber ] | "strict" | 72 "no-icmp-err" | "limit" decnumber | "newisn" | "sync" . |
|
| 70withopt = [ "not" | "no" ] opttype [ withopt ] . 71opttype = "ipopts" | "short" | "frag" | "opt" optname . 72optname = ipopts [ "," optname ] . 73ipopts = optlist | "sec-class" [ secname ] . 74secname = seclvl [ "," secname ] . 75seclvl = "unclass" | "confid" | "reserv-1" | "reserv-2" | "reserv-3" | 76 "reserv-4" | "secret" | "topsecret" . 77icmp-type = "unreach" | "echo" | "echorep" | "squench" | "redir" | --- 477 unchanged lines hidden --- | 73withopt = [ "not" | "no" ] opttype [ withopt ] . 74opttype = "ipopts" | "short" | "frag" | "opt" optname . 75optname = ipopts [ "," optname ] . 76ipopts = optlist | "sec-class" [ secname ] . 77secname = seclvl [ "," secname ] . 78seclvl = "unclass" | "confid" | "reserv-1" | "reserv-2" | "reserv-3" | 79 "reserv-4" | "secret" | "topsecret" . 80icmp-type = "unreach" | "echo" | "echorep" | "squench" | "redir" | --- 477 unchanged lines hidden --- |