From owner-cvs-all Mon Aug 19 5:37: 1 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0FEC037B400; Mon, 19 Aug 2002 05:36:56 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C985643E65; Mon, 19 Aug 2002 05:36:55 -0700 (PDT) (envelope-from luigi@FreeBSD.org) Received: from freefall.freebsd.org (luigi@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7JCatJU012394; Mon, 19 Aug 2002 05:36:55 -0700 (PDT) (envelope-from luigi@freefall.freebsd.org) Received: (from luigi@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7JCatIG012386; Mon, 19 Aug 2002 05:36:55 -0700 (PDT) Message-Id: <200208191236.g7JCatIG012386@freefall.freebsd.org> From: Luigi Rizzo Date: Mon, 19 Aug 2002 05:36:54 -0700 (PDT) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG luigi 2002/08/19 05:36:54 PDT Modified files: sbin/ipfw ipfw.8 ipfw2.c Log: One more (hopefully the last one) step in cleaning up the syntax, following Julian's good suggestion: since you can specify any match pattern as an option, rules now have the following format: [ from to ] [options] i.e. the first part is now entirely optional (and left there just for compatibility with ipfw1 rulesets). Add a "-c" flag to show/list rules in the compact form (i.e. without the "ip from any to any" part) when possible. The default is to include it so that scripts processing ipfw's canonical output will still work. Note that as part of this cleanup (and to remove ambiguity), MAC fields now can only be specified in the options part. Update the manpage to reflect the syntax. Clarify the behaviour when a match is attempted on fields which are not present in the packet, e.g. port numbers on non TCP/UDP packets, and the "not" operator is specified. E.g. ipfw add allow not src-port 80 will match also ICMP packets because they do not have port numbers, so "src-port 80" will fail and "not src-port 80" will succeed. For such cases it is advised to insert further options to prevent undesired results (e.g. in the case above, "ipfw add allow proto tcp not src-port 80"). We definitely need to rewrite the parser using lex and yacc! Revision Changes Path 1.109 +84 -55 src/sbin/ipfw/ipfw.8 1.12 +18 -6 src/sbin/ipfw/ipfw2.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message