ocaml-pf

An Angstrom-based parser for the FreeBSD pf firewall configuration format.

implementation status

Ticked below are the lines that are (at least partially) implemented.

• macro definitions (NB: macro expansion is NOT)
• option
• pf-rule
• nat-rule
• binat-rule
• rdr-rule
• antispoof-rule
• altq-rule
• queue-rule
• trans-anchors
• anchor-rule
• anchor-close
• load-anchor
• table-rule
• include

contributing

• I would be very grateful for examples of rules that trip the parser - please file an issue ticket on GitHub.

• Ideas regarding the AST, the API, or other suggestions are also very welcome.

• It is always nice with improvements to the pretty-printers! :-)

• Support for more lines is a goal, you can help by writing PRs or submitting examples of syntax that is not handled by the parser.

• Before taking on larger rewrites, please get in touch so we can avoid merge conflicts.

compiling the example

First, install the dependencies:

opam pin add -n pf .
opam install --deps-only pf

# build test executable, self-test rules from 'man pf.conf':
jbuilder runtest

This will give you the parse_conf.exe utility that you can use to parse firewall configuration files:

./_build/default/test/parse_conf.exe /home/me/my-pf-file.conf
Reading "/home/me/my-pf-file.conf"
Line 0: ext_bridge = "external"
Read 1 lines!