ipfw2.h revision 187767 
1/*
2 * Copyright (c) 2002-2003 Luigi Rizzo
3 * Copyright (c) 1996 Alex Nash, Paul Traina, Poul-Henning Kamp
4 * Copyright (c) 1994 Ugen J.S.Antsilevich
5 *
6 * Idea and grammar partially left from:
7 * Copyright (c) 1993 Daniel Boulet
8 *
9 * Redistribution and use in source forms, with and without modification,
10 * are permitted provided that this entire comment appears intact.
11 *
12 * Redistribution in binary form may occur without any restrictions.
13 * Obviously, it would be nice if you gave credit where credit is due
14 * but requiring it would be too onerous.
15 *
16 * This software is provided ``AS IS'' without any warranties of any kind.
17 *
18 * NEW command line interface for IP firewall facility
19 *
20 * $FreeBSD: head/sbin/ipfw/ipfw2.h 187767 2009-01-27 10:18:55Z luigi $
21 */
22
23/*
24 * Options that can be set on the command line.
25 * When reading commands from a file, a subset of the options can also
26 * be applied globally by specifying them before the file name.
27 * After that, each line can contain its own option that changes
28 * the global value.
29 * XXX The context is not restored after each line.
30 */
31
32struct cmdline_opts {
33	/* boolean options: */
34	int	do_value_as_ip;	/* show table value as IP */
35	int	do_resolv;	/* try to resolve all ip to names */
36	int	do_time;	/* Show time stamps */
37	int	do_quiet;	/* Be quiet in add and flush */
38	int	do_pipe;	/* this cmd refers to a pipe */
39	int	do_nat; 	/* this cmd refers to a nat config */
40	int	do_dynamic;	/* display dynamic rules */
41	int	do_expired;	/* display expired dynamic rules */
42	int	do_compact;	/* show rules in compact mode */
43	int	do_force;	/* do not ask for confirmation */
44	int	show_sets;	/* display the set each rule belongs to */
45	int	test_only;	/* only check syntax */
46	int	comment_only;	/* only print action and comment */
47	int	verbose;	/* be verbose on some commands */
48
49	/* The options below can have multiple values. */
50
51	int	do_sort;	/* field to sort results (0 = no) */
52		/* valid fields are 1 and above */
53
54	int	use_set;	/* work with specified set number */
55		/* 0 means all sets, otherwise apply to set use_set - 1 */
56
57};
58
59extern struct cmdline_opts co;
60
61/*
62 * _s_x is a structure that stores a string <-> token pairs, used in
63 * various places in the parser. Entries are stored in arrays,
64 * with an entry with s=NULL as terminator.
65 * The search routines are match_token() and match_value().
66 * Often, an element with x=0 contains an error string.
67 *
68 */
69struct _s_x {
70	char const *s;
71	int x;
72};
73
74/*
75 * the following macro returns an error message if we run out of
76 * arguments.
77 */
78#define NEED1(msg)      {if (!ac) errx(EX_USAGE, msg);}
79
80/* memory allocation support */
81void *safe_calloc(size_t number, size_t size);
82void *safe_realloc(void *ptr, size_t size);
83
84/* a string comparison function used for historical compatibility */
85int _substrcmp(const char *str1, const char* str2);
86
87/*
88 * The reserved set numer. This is a constant in ip_fw.h
89 * but we store it in a variable so other files do not depend
90 * in that header just for one constant.
91 */
92extern int resvd_set_number;
93
94void ipfw_add(int ac, char *av[]);
95void ipfw_show_nat(int ac, char **av);
96void ipfw_config_pipe(int ac, char **av);
97void ipfw_config_nat(int ac, char **av);
98void ipfw_sets_handler(int ac, char *av[]);
99void ipfw_table_handler(int ac, char *av[]);
100void ipfw_sysctl_handler(int ac, char *av[], int which);
101void ipfw_delete(int ac, char *av[]);
102void ipfw_flush(int force);
103void ipfw_zero(int ac, char *av[], int optname);
104void ipfw_list(int ac, char *av[], int show_counters);
105
106