Documentation
¶
Overview ¶
Check references: https://man.openbsd.org/pf.conf#EXAMPLES
Index ¶
- Constants
- type Action
- type ActionBlock
- type ActionBlockReturn
- type Address
- type AddressFamily
- type AfTo
- type AnchorRule
- type AntiSpoofRule
- type Assignment
- type BinAtTo
- type Binary
- type BlockPolicyOption
- type BooleanSet
- type Comment
- type Configuration
- type DebugOption
- type DivertTo
- type FilterOption
- type FingerPrintsOption
- type Flags
- type FlushStateOverloadEntry
- type Group
- type Host
- type HostFrom
- type HostFromFirstOs
- type HostFromFirstPort
- type HostTo
- type Hosts
- type HostsFromTo
- type HostsTarget
- type IP
- type IcmpCode
- type IcmpType
- type IcmpType6
- type IfSpec
- type IfSpecEntry
- type Label
- type LimitItem
- type LimitOption
- type Line
- type Literal
- type Log
- type LogOption
- type LoginInterfaceOption
- type MaxPacketRate
- type MaxSrcConnRage
- type NatTo
- type Number
- type Operation
- type OptimizatioOption
- type Option
- type Os
- type OtherOption
- type Parentheses
- type PfRule
- type PfRuleOn
- type PfRuleOption
- type PoolType
- type Port
- type PortSpec
- type ProtoSpec
- type Protocol
- type RdrTo
- type ReassembleOption
- type RulesetOptimizationOption
- type ScrubOption
- type ScrubOptions
- type SkipOnOption
- type SourceHash
- type State
- type StateDefaultsOption
- type StateOption
- type StateOverloadEntry
- type StatePolicyOption
- type String
- type TableAddress
- type TableAddressSpec
- type TableOption
- type TableRule
- type Tag
- type Tagged
- type Text
- type Timeout
- type TimeoutOption
- type Tos
- type Unary
- type User
- type Value
- type ValueOrBraceList
- type ValueOrRawList
- type Variable
Constants ¶
View Source
const ( IPv4Expr = "(" + `\d{1,3}(\.\d{1,3}){3}` + ")" IPv6Expr = "(" + "::::" + ")" AddressExpr = "(" + IPv4Expr + "|" + IPv6Expr + ")" IPRange = "(" + AddressExpr + "-" + AddressExpr + ")" CIDR = "(" + AddressExpr + `/\d{1,3})` )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Action ¶
type Action struct {
Pass BooleanSet `parser:"@('pass')"`
Match BooleanSet `parser:"| @('match')"`
Block *ActionBlock `parser:"| @@"`
}
type ActionBlock ¶
type ActionBlock struct {
Return *string `parser:"'block' @('return' | 'return-icmp' | 'return-icmp6' | 'return-rst' | 'drop')?"`
}
type ActionBlockReturn ¶
type ActionBlockReturn struct {
Return string `parser:"@('return' | 'drop')"`
}
type Address ¶
type Address struct {
IP *Value[IP] `parser:"@@"`
UrpfFailed BooleanSet `parser:"| @('urpf-failed')"`
Text *Value[Text] `parser:"| @@"`
}
type AddressFamily ¶
type AddressFamily struct {
Is4 BooleanSet `parser:"@('inet') | 'inet6'"`
}
type AfTo ¶
type AfTo struct {
AddressFamily AddressFamily `parser:"'af-to' @@"`
From ValueOrBraceList[Host] `parser:"'from' @@"`
To *ValueOrBraceList[Host] `parser:"('to' @@)?"`
}
type AnchorRule ¶
type AnchorRule struct {
Name Value[Text] `parser:"'anchor' @@"`
Direction *string `parser:"@('in' | 'out')?"`
OnIfSpec *IfSpec `parser:"('on' @@)?"`
AddressFamily *AddressFamily `parser:"@@?"`
ProtoSpec *ProtoSpec `parser:"@@?"`
Hosts *Hosts `parser:"@@?"`
FilterOptions *ValueOrRawList[FilterOption] `parser:"@@?"`
Body []*Line `parser:"'{' EOL (@@ EOL?)* EOL? '}'"`
}
type AntiSpoofRule ¶
type AntiSpoofRule struct {
Log *Log `parser:"'antispoof' @@?"`
Quick BooleanSet `parser:"@('quick')?"`
IfSpec IfSpec `parser:"'for' @@"`
AddressFamily *AddressFamily `parser:"@@?"`
Label *Label `parser:"@@?"`
}
type Assignment ¶
type Assignment struct {
Variable string `parser:"@Ident"`
Value ValueOrBraceList[Literal] `parser:"'=' @@"`
}
type BinAtTo ¶
type BinAtTo struct {
To ValueOrBraceList[Host] `parser:"'binat-to' @@"`
PortSpec *PortSpec `parser:"@@?"`
PoolType *PoolType `parser:"@@?"`
}
type BlockPolicyOption ¶
type BlockPolicyOption struct {
Policy string `parser:"'block-policy' @('drop' | 'return')"`
}
type BooleanSet ¶
type BooleanSet bool
func (*BooleanSet) Capture ¶
func (b *BooleanSet) Capture(values []string) error
type Configuration ¶
type Configuration struct {
Line []*Line `parser:"(@@ EOL?)*"`
}
func ParseContent ¶
func ParseContent[T string | ~[]byte](b T) (conf *Configuration, err error)
func ParseReader ¶
func ParseReader(r io.Reader) (conf *Configuration, err error)
type DebugOption ¶
type DebugOption struct {
Level string `parser:"'debug' @('urgent' | 'emerg' | 'alert' | 'crit' | 'err' | 'warning' | 'notice' | 'info' | 'debug')"`
}
type FilterOption ¶
type FilterOption struct {
User *User `parser:"@@"`
Group *Group `parser:"| @@"`
Flags *Flags `parser:"| @@"`
IcmpType *IcmpType `parser:"| @@"`
IcmpType6 *IcmpType6 `parser:"| @@"`
Tos *Tos `parser:"| ('tos' @@)"`
State *State `parser:"| @@"`
ScrubOption *ScrubOptions `parser:"| ('scrub' '(' @@ ')')"`
Fragment BooleanSet `parser:"| @('fragment')"`
AllowOpts BooleanSet `parser:"| @('allow-opts')"`
Once BooleanSet `parser:"| @('once')"`
DivertPacketPort *Port `parser:"| ('divert-packet' @@)"`
DivertReply BooleanSet `parser:"| @('divert-reply')"`
DivertTo DivertTo `parser:"| @@"`
Label *Label `parser:"| @@"`
Tag *Tag `parser:"| @@"`
Tagged *Tagged `parser:"| @@"`
MaxPacketRate *MaxPacketRate `parser:"| @@"`
SetDelay *Value[Number] `parser:"| ('set' 'delay' @@)"`
SetPrio *[]Value[Number] `parser:"| ('set' 'prio' (@@ | '(' @@ (',' @@)* ')' ))"`
SetQueue *[]Value[Text] `parser:"| ('set' 'queue' (@@ | '(' @@ (',' @@)* ')' ))"`
Rtable *Value[Number] `parser:"| ('rtable' @@)"`
Probability *Value[Number] `parser:"| ('probability' @@ '%')"`
Prio *Value[Number] `parser:"| ('prio' @@)"`
AfTo *AfTo `parser:"| @@"`
BinAtTo *BinAtTo `parser:"| @@"`
RdrTo *RdrTo `parser:"| @@"`
NatTo *NatTo `parser:"| @@"`
}
type FingerPrintsOption ¶
type Flags ¶
type Flags struct {
Left []string `parser:"'flags' @Ident?"`
Right string `parser:"'/' (@Ident"`
Any BooleanSet `parser:"@('any')? )"`
}
type FlushStateOverloadEntry ¶
type FlushStateOverloadEntry struct {
Global BooleanSet `parser:"'flush' @('global')?"`
}
type Group ¶
type Group struct {
Selected ValueOrBraceList[Operation] `parser:"'group' @@"`
}
type HostFrom ¶
type HostFrom struct {
FirstPort *HostFromFirstPort `parser:"@@"`
FirstOs *HostFromFirstOs `parser:"| @@"`
Target *ValueOrBraceList[HostsTarget] `parser:"| ('from' @@"`
Port *Port `parser:"@@?"`
Os *Os `parser:"@@? )"`
}
type HostFromFirstOs ¶
type HostFromFirstOs struct {
Os *Os `parser:"'from' @@"`
}
type HostFromFirstPort ¶
type HostTo ¶
type HostTo struct {
OnlyPort *Port `parser:" ('to' @@)"`
Target *ValueOrBraceList[HostsTarget] `parser:"| ('to' @@"`
Port *Port `parser:"@@?)"`
}
type Hosts ¶
type Hosts struct {
All BooleanSet `parser:"@('all')"`
HostsFromTo []*HostsFromTo `parser:"| @@+"`
}
type HostsFromTo ¶
type HostsTarget ¶
type HostsTarget struct {
Any BooleanSet `parser:"( @('any')"`
NoRoute BooleanSet `parser:"| @('no-route')"`
Self BooleanSet `parser:"| @('self')"`
Route *Value[Text] `parser:"| ('route' @@)"`
Host *Host `parser:"| @@ )"`
}
type IcmpType ¶
type IcmpType struct {
Codes ValueOrBraceList[IcmpCode] `parser:"'icmp-type' @@"`
}
type IcmpType6 ¶
type IcmpType6 struct {
Codes ValueOrBraceList[IcmpCode] `parser:"'icmp6-type' @@"`
}
type IfSpec ¶
type IfSpec ValueOrBraceList[IfSpecEntry]
type IfSpecEntry ¶
type IfSpecEntry struct {
Negate BooleanSet `parser:"'!'?"`
InterfaceOrInterfaceGroup Value[Text] `parser:"@@"`
}
type LimitOption ¶
type LimitOption struct {
Limit ValueOrBraceList[LimitItem] `parser:"'limit' @@"`
}
type Line ¶
type Line struct {
Option *Option `parser:"@@"`
PfRule *PfRule `parser:"| @@"`
Comment *Comment `parser:"| @Comment"`
AntiSpoofRule *AntiSpoofRule `parser:"| @@"`
Assignment *Assignment `parser:"| @@"`
// QueueRule *QueueRule `parser:"| @@"`
AnchorRule *AnchorRule `parser:"| @@"`
// LoadAnchor *LoadAnchor `parser:"| @@"`
TableRule *TableRule `parser:"| @@"`
}
type Log ¶
type Log struct {
Options *ValueOrRawList[LogOption] `parser:"'log' ('(' @@ ')')?"`
}
type LogOption ¶
type LogOption struct {
All BooleanSet `parser:"@('all')"`
Matches BooleanSet `parser:"| @('matches')"`
User BooleanSet `parser:"| @('user')"`
To *Value[Text] `parser:"| ('to' @@)"`
}
type LoginInterfaceOption ¶
type LoginInterfaceOption struct {
None BooleanSet `parser:"'logininterface' ( @('none')"`
Interface Value[Text] `parser:"| @@)"`
}
type MaxPacketRate ¶
type MaxSrcConnRage ¶
type NatTo ¶
type NatTo struct {
Host ValueOrBraceList[Host] `parser:"'nat-to' @@"`
PortSpec *PortSpec `parser:"@@?"`
PoolType *PoolType `parser:"@@?"`
StaticPort BooleanSet `parser:"@('static-port')?"`
}
type OptimizatioOption ¶
type OptimizatioOption struct {
Value string `parser:"'optimization' @('default' | 'normal' | 'high-latency' | 'satellite' | 'aggressive' | 'convervative')"`
}
type Option ¶
type Option struct {
Timeout *TimeoutOption `parser:"'set' (@@"`
RulesetOptimization *RulesetOptimizationOption `parser:"| @@"`
Optimizatio *OptimizatioOption `parser:"| @@"`
Limit *LimitOption `parser:"| @@"`
BlockPolicy *BlockPolicyOption `parser:"| @@"`
StatePolicy *StatePolicyOption `parser:"| @@"`
StateDefaults *StateDefaultsOption `parser:"| @@"`
FingerPrints *FingerPrintsOption `parser:"| @@"`
SkipOn *SkipOnOption `parser:"| @@"`
Debug *DebugOption `parser:"| @@"`
Reassemble *ReassembleOption `parser:"| @@"`
Other *OtherOption `parser:"| @@)"`
}
type Os ¶
type Os struct {
Selected ValueOrBraceList[Value[Text]] `parser:"'os' @@"`
}
type OtherOption ¶
type Parentheses ¶
type Parentheses[T any] struct { Value T `parser:"('(' @@ ')') | @@"` }
type PfRule ¶
type PfRule struct {
Action Action `parser:"@@"`
Options []*PfRuleOption `parser:"@@*"`
Hosts *Hosts `parser:"@@?"`
FilterOptions *ValueOrRawList[FilterOption] `parser:"@@?"`
}
type PfRuleOption ¶
type PfRuleOption struct {
Direction *string `parser:"@('in' | 'out')"`
Log *Log `parser:"| @@"`
Quick BooleanSet `parser:"| @('quick')"`
On *PfRuleOn `parser:"| @@"`
AddressFamily *AddressFamily `parser:"| @@"`
ProtoSpec *ProtoSpec `parser:"| @@"`
}
type PoolType ¶
type PoolType struct {
Bitmask BooleanSet `parser:"@('bitmask')"`
LeastStates BooleanSet `parser:"| @('least-states')"`
Random BooleanSet `parser:"| @('random')"`
RoundRobin BooleanSet `parser:"| @('round-robin')"`
SourceHash *SourceHash `parser:"| @@"`
StickyAddress BooleanSet `parser:"| @('sticky-address')"`
}
type Port ¶
type Port struct {
Ports ValueOrBraceList[Operation] `parser:"'port' @@"`
}
type ProtoSpec ¶
type ProtoSpec struct {
Protocol ValueOrBraceList[Protocol] `parser:"'proto' @@"`
}
type RdrTo ¶
type RdrTo struct {
Host ValueOrBraceList[Host] `parser:"'rdr-to' @@"`
PortSpec *PortSpec `parser:"@@?"`
PoolType *PoolType `parser:"@@?"`
}
type ReassembleOption ¶
type ReassembleOption struct {
Reassemble BooleanSet `parser:"'reassemble' (@('yes') | 'no')"`
NoDf BooleanSet `parser:"@('no-df')?"`
}
type RulesetOptimizationOption ¶
type RulesetOptimizationOption struct {
Value string `parser:"'ruleset-optimization' @('none' | 'basic' | 'profile')"`
}
type ScrubOption ¶
type ScrubOption struct {
NoDf BooleanSet `parser:"@('no-df')"`
MinTtl *Value[Number] `parser:"| ('min-ttl' @@)"`
MaxMss *Value[Number] `parser:"| ('max-mss' @@)"`
ReassembleTcp BooleanSet `parser:"| @('reassemble' 'tcp')"`
RandomId BooleanSet `parser:"| @('random-id')"`
}
type ScrubOptions ¶
type ScrubOptions struct {
Options ValueOrRawList[ScrubOption] `parser:"@@"`
}
type SkipOnOption ¶
type SkipOnOption struct {
IfSpec IfSpec `parser:"'skip' 'on' @@"`
}
type SourceHash ¶
type State ¶
type State struct {
Mode *string `parser:"@('no' | 'keep' | 'modulate' | 'synproxy') 'state'"`
Options *ValueOrRawList[StateOption] `parser:"('(' @@ ')')?"`
}
type StateDefaultsOption ¶
type StateDefaultsOption struct {
Defaults ValueOrRawList[StateOption] `parser:"'state-defaults' @@"`
}
type StateOption ¶
type StateOption struct {
Max *Value[Number] `parser:"('max' @@)"`
NoSync BooleanSet `parser:"| @('no-sync')"`
Timeout *Timeout `parser:"| @@"`
Sloppy BooleanSet `parser:"| @('sloppy')"`
Pflow BooleanSet `parser:"| @('pflow')"`
SourceTrack string `parser:"| ('source-track' @('rule' | 'global'))"`
MaxSrcNodes *Value[Number] `parser:"| ('max-src-nodes' @@)"`
MaxSrcStates *Value[Number] `parser:"| ('max-src-states' @@)"`
MaxSrcConn *Value[Number] `parser:"| ('max-src-conn' @@)"`
MaxSrcConnRate *MaxSrcConnRage `parser:"| @@"`
Overload *StateOverloadEntry `parser:"| @@"`
IfFloating BooleanSet `parser:"| @('if-floating')"`
Floating BooleanSet `parser:"| @('floating')"`
}
type StateOverloadEntry ¶
type StateOverloadEntry struct {
Value Value[Text] `parser:"'overload' '<' @@ '>'"`
Flush *FlushStateOverloadEntry `parser:"@@?"`
}
type StatePolicyOption ¶
type StatePolicyOption struct {
Policy string `parser:"'state-policy' @('if-bound' | 'floating')"`
}
type TableAddress ¶
type TableAddressSpec ¶
type TableAddressSpec struct {
Negate BooleanSet `parser:"@('!')?"`
Target TableAddress `parser:"@@"`
}
type TableOption ¶
type TableOption struct {
Persist BooleanSet `parser:"@('persist')"`
Const BooleanSet `parser:"| @('const')"`
Counters BooleanSet `parser:"| @('counters')"`
File *Value[Text] `parser:"| ('file' @@)"`
Addresses *ValueOrBraceList[TableAddressSpec] `parser:"| @@"`
}
type TableRule ¶
type TableRule struct {
Name Value[Text] `parser:"'table' '<' @@ '>'"`
Options []*TableOption `parser:"@@+"`
}
type Tagged ¶
type Tagged struct {
Negate BooleanSet `parser:"@('!')?"`
Text Value[Text] `parser:"'tagged' @@"`
}
type TimeoutOption ¶
type TimeoutOption struct {
Timeout ValueOrBraceList[Timeout] `parser:"'timeout' @@"`
}
type User ¶
type User struct {
Selected ValueOrBraceList[Operation] `parser:"'user' @@"`
}
type ValueOrBraceList ¶
type ValueOrRawList ¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.