head	1.1;
branch	1.1.1;
access;
symbols
	netbsd-11-0-RC4:1.1.1.1
	netbsd-11-0-RC3:1.1.1.1
	netbsd-11-0-RC2:1.1.1.1
	netbsd-11-0-RC1:1.1.1.1
	perseant-exfatfs-base-20250801:1.1.1.1
	netbsd-11:1.1.1.1.0.50
	netbsd-11-base:1.1.1.1
	netbsd-10-1-RELEASE:1.1.1.1
	perseant-exfatfs-base-20240630:1.1.1.1
	perseant-exfatfs:1.1.1.1.0.48
	perseant-exfatfs-base:1.1.1.1
	netbsd-8-3-RELEASE:1.1.1.1
	netbsd-9-4-RELEASE:1.1.1.1
	netbsd-10-0-RELEASE:1.1.1.1
	netbsd-10-0-RC6:1.1.1.1
	netbsd-10-0-RC5:1.1.1.1
	netbsd-10-0-RC4:1.1.1.1
	netbsd-10-0-RC3:1.1.1.1
	netbsd-10-0-RC2:1.1.1.1
	netbsd-10-0-RC1:1.1.1.1
	netbsd-10:1.1.1.1.0.46
	netbsd-10-base:1.1.1.1
	netbsd-9-3-RELEASE:1.1.1.1
	cjep_sun2x-base1:1.1.1.1
	cjep_sun2x:1.1.1.1.0.44
	cjep_sun2x-base:1.1.1.1
	cjep_staticlib_x-base1:1.1.1.1
	netbsd-9-2-RELEASE:1.1.1.1
	cjep_staticlib_x:1.1.1.1.0.42
	cjep_staticlib_x-base:1.1.1.1
	netbsd-9-1-RELEASE:1.1.1.1
	phil-wifi-20200421:1.1.1.1
	phil-wifi-20200411:1.1.1.1
	is-mlppp:1.1.1.1.0.40
	is-mlppp-base:1.1.1.1
	phil-wifi-20200406:1.1.1.1
	netbsd-8-2-RELEASE:1.1.1.1
	netbsd-9-0-RELEASE:1.1.1.1
	netbsd-9-0-RC2:1.1.1.1
	netbsd-9-0-RC1:1.1.1.1
	phil-wifi-20191119:1.1.1.1
	netbsd-9:1.1.1.1.0.38
	netbsd-9-base:1.1.1.1
	phil-wifi-20190609:1.1.1.1
	netbsd-8-1-RELEASE:1.1.1.1
	netbsd-8-1-RC1:1.1.1.1
	pgoyette-compat-merge-20190127:1.1.1.1
	pgoyette-compat-20190127:1.1.1.1
	pgoyette-compat-20190118:1.1.1.1
	pgoyette-compat-1226:1.1.1.1
	pgoyette-compat-1126:1.1.1.1
	pgoyette-compat-1020:1.1.1.1
	pgoyette-compat-0930:1.1.1.1
	pgoyette-compat-0906:1.1.1.1
	netbsd-7-2-RELEASE:1.1.1.1
	pgoyette-compat-0728:1.1.1.1
	netbsd-8-0-RELEASE:1.1.1.1
	phil-wifi:1.1.1.1.0.36
	phil-wifi-base:1.1.1.1
	pgoyette-compat-0625:1.1.1.1
	netbsd-8-0-RC2:1.1.1.1
	pgoyette-compat-0521:1.1.1.1
	pgoyette-compat-0502:1.1.1.1
	pgoyette-compat-0422:1.1.1.1
	netbsd-8-0-RC1:1.1.1.1
	pgoyette-compat-0415:1.1.1.1
	pgoyette-compat-0407:1.1.1.1
	pgoyette-compat-0330:1.1.1.1
	pgoyette-compat-0322:1.1.1.1
	pgoyette-compat-0315:1.1.1.1
	netbsd-7-1-2-RELEASE:1.1.1.1
	pgoyette-compat:1.1.1.1.0.34
	pgoyette-compat-base:1.1.1.1
	netbsd-7-1-1-RELEASE:1.1.1.1
	matt-nb8-mediatek:1.1.1.1.0.32
	matt-nb8-mediatek-base:1.1.1.1
	perseant-stdc-iso10646:1.1.1.1.0.30
	perseant-stdc-iso10646-base:1.1.1.1
	netbsd-8:1.1.1.1.0.28
	netbsd-8-base:1.1.1.1
	prg-localcount2-base3:1.1.1.1
	prg-localcount2-base2:1.1.1.1
	prg-localcount2-base1:1.1.1.1
	prg-localcount2:1.1.1.1.0.26
	prg-localcount2-base:1.1.1.1
	pgoyette-localcount-20170426:1.1.1.1
	bouyer-socketcan-base1:1.1.1.1
	pgoyette-localcount-20170320:1.1.1.1
	netbsd-7-1:1.1.1.1.0.24
	netbsd-7-1-RELEASE:1.1.1.1
	netbsd-7-1-RC2:1.1.1.1
	netbsd-7-nhusb-base-20170116:1.1.1.1
	bouyer-socketcan:1.1.1.1.0.22
	bouyer-socketcan-base:1.1.1.1
	pgoyette-localcount-20170107:1.1.1.1
	netbsd-7-1-RC1:1.1.1.1
	pgoyette-localcount-20161104:1.1.1.1
	netbsd-7-0-2-RELEASE:1.1.1.1
	localcount-20160914:1.1.1.1
	netbsd-7-nhusb:1.1.1.1.0.20
	netbsd-7-nhusb-base:1.1.1.1
	pgoyette-localcount-20160806:1.1.1.1
	pgoyette-localcount-20160726:1.1.1.1
	pgoyette-localcount:1.1.1.1.0.18
	pgoyette-localcount-base:1.1.1.1
	netbsd-7-0-1-RELEASE:1.1.1.1
	netbsd-7-0:1.1.1.1.0.16
	netbsd-7-0-RELEASE:1.1.1.1
	netbsd-7-0-RC3:1.1.1.1
	netbsd-7-0-RC2:1.1.1.1
	netbsd-7-0-RC1:1.1.1.1
	netbsd-7:1.1.1.1.0.14
	netbsd-7-base:1.1.1.1
	yamt-pagecache-base9:1.1.1.1
	yamt-pagecache-tag8:1.1.1.1.2.2
	tls-earlyentropy:1.1.1.1.0.12
	tls-earlyentropy-base:1.1.1.1
	riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.1.1.1
	riastradh-drm2-base3:1.1.1.1
	riastradh-drm2-base2:1.1.1.1
	riastradh-drm2-base1:1.1.1.1
	riastradh-drm2:1.1.1.1.0.6
	riastradh-drm2-base:1.1.1.1
	khorben-n900:1.1.1.1.0.10
	agc-symver:1.1.1.1.0.8
	agc-symver-base:1.1.1.1
	yamt-pagecache-base8:1.1.1.1
	yamt-pagecache-base7:1.1.1.1
	yamt-pagecache-base6:1.1.1.1
	tls-maxphys:1.1.1.1.0.4
	tls-maxphys-base:1.1.1.1
	v5-1-2:1.1.1.1
	yamt-pagecache-base5:1.1.1.1
	yamt-pagecache:1.1.1.1.0.2
	yamt-pagecache-base4:1.1.1.1
	v5-1-1:1.1.1.1
	DARRENR:1.1.1;
locks; strict;
comment	@# @;


1.1
date	2012.03.23.21.20.22;	author christos;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	2012.03.23.21.20.22;	author christos;	state Exp;
branches
	1.1.1.1.2.1;
next	;

1.1.1.1.2.1
date	2012.03.23.21.20.22;	author yamt;	state dead;
branches;
next	1.1.1.1.2.2;

1.1.1.1.2.2
date	2012.04.17.00.03.26;	author yamt;	state Exp;
branches;
next	;


desc
@@


1.1
log
@Initial revision
@
text
@filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ]
	      [ proto ] [ ip ] [ group ] [ tag ] [ pps ] .

insert	= "@@" decnumber .
action	= block | "pass" | log | "count" | auth | call .
in-out	= "in" | "out" .
options	= [ log ] [ "quick" ] [ onif [ dup ] [ froute ] ] .
tos	= "tos" decnumber | "tos" hexnumber .
ttl	= "ttl" decnumber .
proto	= "proto" protocol .
ip	= srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] .
group	= [ "head" decnumber ] [ "group" decnumber ] .
pps	= "pps" decnumber .

onif	= "on" interface-name [ "out-via" interface-name ] .
block	= "block" [ return-icmp[return-code] | "return-rst" ] .
auth	= "auth" | "preauth" .
log	= "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] .
tag	= "tag" tagid .
call	= "call" [ "now" ] function-name .
dup	= "dup-to" interface-name[":"ipaddr] .
froute	= "fastroute" | "to" interface-name .
protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber .
srcdst	= "all" | fromto .
fromto	= "from" object "to" object .

return-icmp = "return-icmp" | "return-icmp-as-dest" .
loglevel = facility"."priority | priority .
object	= addr [ port-comp | port-range ] .
addr	= "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
port-comp = "port" compare port-num .
port-range = "port" port-num range port-num .
flags	= "flags" flag { flag } [ "/" flag { flag } ] .
with	= "with" | "and" .
icmp	= "icmp-type" icmp-type [ "code" decnumber ] .
return-code = "("icmp-code")" .
keep	= "keep" "state" [ "limit" number ] | "keep" "frags" .

nummask	= host-name [ "/" decnumber ] .
host-name = ipaddr | hostname | "any" .
ipaddr	= host-num "." host-num "." host-num "." host-num .
host-num = digit [ digit [ digit ] ] .
port-num = service-name | decnumber .

withopt = [ "not" | "no" ] opttype [ withopt ] .
opttype = "ipopts" | "short" | "nat" | "bad-src" | "lowttl" | "frag" |
          "mbcast" | "opt" ipopts  .
optname	= ipopts [ "," optname ] .
ipopts  = optlist | "sec-class" [ secname ] .
secname	= seclvl [ "," secname ] .
seclvl  = "unclass" | "confid" | "reserv-1" | "reserv-2" | "reserv-3" |
	  "reserv-4" | "secret" | "topsecret" .
icmp-type = "unreach" | "echo" | "echorep" | "squench" | "redir" |
	    "timex" | "paramprob" | "timest" | "timestrep" | "inforeq" |
	    "inforep" | "maskreq" | "maskrep"  | "routerad" |
	    "routersol" | decnumber .
icmp-code = decumber | "net-unr" | "host-unr" | "proto-unr" | "port-unr" |
	    "needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" |
	    "net-prohib" | "host-prohib" | "net-tos" | "host-tos" |
	    "filter-prohib" | "host-preced" | "cutoff-preced" .
optlist	= "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" | "tr" |
	  "sec" | "lsrr" | "e-sec" | "cipso" | "satid" | "ssrr" | "addext" |
	  "visa" | "imitd" | "eip" | "finn" .
facility = "kern" | "user" | "mail" | "daemon" | "auth" | "syslog" |
	   "lpr" | "news" | "uucp" | "cron" | "ftp" | "authpriv" |
	   "audit" | "logalert" | "local0" | "local1" | "local2" |
	   "local3" | "local4" | "local5" | "local6" | "local7" .
priority = "emerg" | "alert" | "crit" | "err" | "warn" | "notice" |
	   "info" | "debug" .

hexnumber = "0" "x" hexstring .
hexstring = hexdigit [ hexstring ] .
decnumber = digit [ decnumber ] .

compare = "=" | "!=" | "<" | ">" | "<=" | ">=" | "eq" | "ne" | "lt" | "gt" |
	  "le" | "ge" .
range	= "<>" | "><" .
hexdigit = digit | "a" | "b" | "c" | "d" | "e" | "f" .
digit	= "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" .
flag	= "F" | "S" | "R" | "P" | "A" | "U" | "C" | "W" .
@


1.1.1.1
log
@import 5.1.1
@
text
@@


1.1.1.1.2.1
log
@file BNF.ipf was added on branch yamt-pagecache on 2012-04-17 00:03:26 +0000
@
text
@d1 80
@


1.1.1.1.2.2
log
@sync with head
@
text
@a0 80
filter-rule = [ insert ] action in-out [ options ] [ tos ] [ ttl ]
	      [ proto ] [ ip ] [ group ] [ tag ] [ pps ] .

insert	= "@@" decnumber .
action	= block | "pass" | log | "count" | auth | call .
in-out	= "in" | "out" .
options	= [ log ] [ "quick" ] [ onif [ dup ] [ froute ] ] .
tos	= "tos" decnumber | "tos" hexnumber .
ttl	= "ttl" decnumber .
proto	= "proto" protocol .
ip	= srcdst [ flags ] [ with withopt ] [ icmp ] [ keep ] .
group	= [ "head" decnumber ] [ "group" decnumber ] .
pps	= "pps" decnumber .

onif	= "on" interface-name [ "out-via" interface-name ] .
block	= "block" [ return-icmp[return-code] | "return-rst" ] .
auth	= "auth" | "preauth" .
log	= "log" [ "body" ] [ "first" ] [ "or-block" ] [ "level" loglevel ] .
tag	= "tag" tagid .
call	= "call" [ "now" ] function-name .
dup	= "dup-to" interface-name[":"ipaddr] .
froute	= "fastroute" | "to" interface-name .
protocol = "tcp/udp" | "udp" | "tcp" | "icmp" | decnumber .
srcdst	= "all" | fromto .
fromto	= "from" object "to" object .

return-icmp = "return-icmp" | "return-icmp-as-dest" .
loglevel = facility"."priority | priority .
object	= addr [ port-comp | port-range ] .
addr	= "any" | nummask | host-name [ "mask" ipaddr | "mask" hexnumber ] .
port-comp = "port" compare port-num .
port-range = "port" port-num range port-num .
flags	= "flags" flag { flag } [ "/" flag { flag } ] .
with	= "with" | "and" .
icmp	= "icmp-type" icmp-type [ "code" decnumber ] .
return-code = "("icmp-code")" .
keep	= "keep" "state" [ "limit" number ] | "keep" "frags" .

nummask	= host-name [ "/" decnumber ] .
host-name = ipaddr | hostname | "any" .
ipaddr	= host-num "." host-num "." host-num "." host-num .
host-num = digit [ digit [ digit ] ] .
port-num = service-name | decnumber .

withopt = [ "not" | "no" ] opttype [ withopt ] .
opttype = "ipopts" | "short" | "nat" | "bad-src" | "lowttl" | "frag" |
          "mbcast" | "opt" ipopts  .
optname	= ipopts [ "," optname ] .
ipopts  = optlist | "sec-class" [ secname ] .
secname	= seclvl [ "," secname ] .
seclvl  = "unclass" | "confid" | "reserv-1" | "reserv-2" | "reserv-3" |
	  "reserv-4" | "secret" | "topsecret" .
icmp-type = "unreach" | "echo" | "echorep" | "squench" | "redir" |
	    "timex" | "paramprob" | "timest" | "timestrep" | "inforeq" |
	    "inforep" | "maskreq" | "maskrep"  | "routerad" |
	    "routersol" | decnumber .
icmp-code = decumber | "net-unr" | "host-unr" | "proto-unr" | "port-unr" |
	    "needfrag" | "srcfail" | "net-unk" | "host-unk" | "isolate" |
	    "net-prohib" | "host-prohib" | "net-tos" | "host-tos" |
	    "filter-prohib" | "host-preced" | "cutoff-preced" .
optlist	= "nop" | "rr" | "zsu" | "mtup" | "mtur" | "encode" | "ts" | "tr" |
	  "sec" | "lsrr" | "e-sec" | "cipso" | "satid" | "ssrr" | "addext" |
	  "visa" | "imitd" | "eip" | "finn" .
facility = "kern" | "user" | "mail" | "daemon" | "auth" | "syslog" |
	   "lpr" | "news" | "uucp" | "cron" | "ftp" | "authpriv" |
	   "audit" | "logalert" | "local0" | "local1" | "local2" |
	   "local3" | "local4" | "local5" | "local6" | "local7" .
priority = "emerg" | "alert" | "crit" | "err" | "warn" | "notice" |
	   "info" | "debug" .

hexnumber = "0" "x" hexstring .
hexstring = hexdigit [ hexstring ] .
decnumber = digit [ decnumber ] .

compare = "=" | "!=" | "<" | ">" | "<=" | ">=" | "eq" | "ne" | "lt" | "gt" |
	  "le" | "ge" .
range	= "<>" | "><" .
hexdigit = digit | "a" | "b" | "c" | "d" | "e" | "f" .
digit	= "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" .
flag	= "F" | "S" | "R" | "P" | "A" | "U" | "C" | "W" .
@