ipfw2.h revision 187767
1/* 2 * Copyright (c) 2002-2003 Luigi Rizzo 3 * Copyright (c) 1996 Alex Nash, Paul Traina, Poul-Henning Kamp 4 * Copyright (c) 1994 Ugen J.S.Antsilevich 5 * 6 * Idea and grammar partially left from: 7 * Copyright (c) 1993 Daniel Boulet 8 * 9 * Redistribution and use in source forms, with and without modification, 10 * are permitted provided that this entire comment appears intact. 11 * 12 * Redistribution in binary form may occur without any restrictions. 13 * Obviously, it would be nice if you gave credit where credit is due 14 * but requiring it would be too onerous. 15 * 16 * This software is provided ``AS IS'' without any warranties of any kind. 17 * 18 * NEW command line interface for IP firewall facility 19 * 20 * $FreeBSD: head/sbin/ipfw/ipfw2.h 187767 2009-01-27 10:18:55Z luigi $ 21 */ 22 23/* 24 * Options that can be set on the command line. 25 * When reading commands from a file, a subset of the options can also 26 * be applied globally by specifying them before the file name. 27 * After that, each line can contain its own option that changes 28 * the global value. 29 * XXX The context is not restored after each line. 30 */ 31 32struct cmdline_opts { 33 /* boolean options: */ 34 int do_value_as_ip; /* show table value as IP */ 35 int do_resolv; /* try to resolve all ip to names */ 36 int do_time; /* Show time stamps */ 37 int do_quiet; /* Be quiet in add and flush */ 38 int do_pipe; /* this cmd refers to a pipe */ 39 int do_nat; /* this cmd refers to a nat config */ 40 int do_dynamic; /* display dynamic rules */ 41 int do_expired; /* display expired dynamic rules */ 42 int do_compact; /* show rules in compact mode */ 43 int do_force; /* do not ask for confirmation */ 44 int show_sets; /* display the set each rule belongs to */ 45 int test_only; /* only check syntax */ 46 int comment_only; /* only print action and comment */ 47 int verbose; /* be verbose on some commands */ 48 49 /* The options below can have multiple values. */ 50 51 int do_sort; /* field to sort results (0 = no) */ 52 /* valid fields are 1 and above */ 53 54 int use_set; /* work with specified set number */ 55 /* 0 means all sets, otherwise apply to set use_set - 1 */ 56 57}; 58 59extern struct cmdline_opts co; 60 61/* 62 * _s_x is a structure that stores a string <-> token pairs, used in 63 * various places in the parser. Entries are stored in arrays, 64 * with an entry with s=NULL as terminator. 65 * The search routines are match_token() and match_value(). 66 * Often, an element with x=0 contains an error string. 67 * 68 */ 69struct _s_x { 70 char const *s; 71 int x; 72}; 73 74/* 75 * the following macro returns an error message if we run out of 76 * arguments. 77 */ 78#define NEED1(msg) {if (!ac) errx(EX_USAGE, msg);} 79 80/* memory allocation support */ 81void *safe_calloc(size_t number, size_t size); 82void *safe_realloc(void *ptr, size_t size); 83 84/* a string comparison function used for historical compatibility */ 85int _substrcmp(const char *str1, const char* str2); 86 87/* 88 * The reserved set numer. This is a constant in ip_fw.h 89 * but we store it in a variable so other files do not depend 90 * in that header just for one constant. 91 */ 92extern int resvd_set_number; 93 94void ipfw_add(int ac, char *av[]); 95void ipfw_show_nat(int ac, char **av); 96void ipfw_config_pipe(int ac, char **av); 97void ipfw_config_nat(int ac, char **av); 98void ipfw_sets_handler(int ac, char *av[]); 99void ipfw_table_handler(int ac, char *av[]); 100void ipfw_sysctl_handler(int ac, char *av[], int which); 101void ipfw_delete(int ac, char *av[]); 102void ipfw_flush(int force); 103void ipfw_zero(int ac, char *av[], int optname); 104void ipfw_list(int ac, char *av[], int show_counters); 105 106