1filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ]
2 [ proto ] [ ip ] [ group ].
3
4insert = "@" decnumber .
| 1filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ]
2 [ proto ] [ ip ] [ group ].
3
4insert = "@" decnumber .
|
5action = block | "pass" | log | "count" | skip | auth | call .
| 5action = block | "no-match" | "pass" | log | "count" | skip | auth | call .
|
6in-out = "in" | "out" .
| 6in-out = "in" | "out" .
|
7options = [ log ] [ "quick" ] [ "on" interface-name [ dup ] [ froute ] ] .
| 7options = [ log ] [ "quick" ] [ "on" interface-name [ dup ] [ froute ]
8 [ via ] ] .
|
8tos = "tos" decnumber | "tos" hexnumber .
9ttl = "ttl" decnumber .
10proto = "proto" protocol .
11ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] .
12group = [ "head" decnumber ] [ "group" decnumber ] .
13
| 9tos = "tos" decnumber | "tos" hexnumber .
10ttl = "ttl" decnumber .
11proto = "proto" protocol .
12ip = srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] .
13group = [ "head" decnumber ] [ "group" decnumber ] .
14
|
14block = "block" [ reutrn-icmp[return-code] | "return-rst" ] .
| 15block = "block" [ return-icmp[return-code] | "return-rst" ] .
|
15auth = "auth" | "preauth" .
16log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] .
17call = "call" [ "now" ] function-name .
18skip = "skip" decnumber .
19dup = "dup-to" interface-name[":"ipaddr] .
| 16auth = "auth" | "preauth" .
17log = "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] .
18call = "call" [ "now" ] function-name .
19skip = "skip" decnumber .
20dup = "dup-to" interface-name[":"ipaddr] .
|
| 21via = "in-via" interface-name | "out-via" interface-name .
|
20froute = "fastroute" | "to" interface-name [ ":" ipaddr ] .
21protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber .
22srcdst = "all" | fromto .
23fromto = "from" object "to" object .
24
| 22froute = "fastroute" | "to" interface-name [ ":" ipaddr ] .
23protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber .
24srcdst = "all" | fromto .
25fromto = "from" object "to" object .
26
|
25reutrn-icmp = "return-icmp" | "return-icmp-as-dest" .
| 27return-icmp = "return-icmp" | "return-icmp-as-dest" .
|
26loglevel = facility"."priority | priority .
27object = addr [ port-comp | port-range ] .
28addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
29port-comp = "port" compare port-num .
30port-range = "port" port-num range port-num .
31flags = "flags" flag { flag } [ "/" flag { flag } ] .
32with = "with" | "and" .
33icmp = "icmp-type" icmp-type [ "code" decnumber ] .
34return-code = "("icmp-code")" .
| 28loglevel = facility"."priority | priority .
29object = addr [ port-comp | port-range ] .
30addr = "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
31port-comp = "port" compare port-num .
32port-range = "port" port-num range port-num .
33flags = "flags" flag { flag } [ "/" flag { flag } ] .
34with = "with" | "and" .
35icmp = "icmp-type" icmp-type [ "code" decnumber ] .
36return-code = "("icmp-code")" .
|
35keep = "keep" "state" | "keep" "frags" .
| 37keep = "keep" "state" | "keep" "frags" | "keep" "state-age" state-age .
38state-age = decnmber [ "/" decnumber ] .
|
36
37nummask = host-name [ "/" decnumber ] .
38host-name = ipaddr | hostname | "any" .
39ipaddr = host-num "." host-num "." host-num "." host-num .
40host-num = digit [ digit [ digit ] ] .
41port-num = service-name | decnumber .
42
43withopt = [ "not" | "no" ] opttype [ withopt ] .
--- 34 unchanged lines hidden --- | 39
40nummask = host-name [ "/" decnumber ] .
41host-name = ipaddr | hostname | "any" .
42ipaddr = host-num "." host-num "." host-num "." host-num .
43host-num = digit [ digit [ digit ] ] .
44port-num = service-name | decnumber .
45
46withopt = [ "not" | "no" ] opttype [ withopt ] .
--- 34 unchanged lines hidden --- |