An Angstrom-based parser for the FreeBSD pf firewall configuration format.
Ticked below are the lines that are (at least partially) implemented.
-
macro
definitions (NB: macro expansion is NOT) -
option
-
pf-rule
-
nat-rule
-
binat-rule
-
rdr-rule
-
antispoof-rule
-
altq-rule
-
queue-rule
-
trans-anchors
-
anchor-rule
-
anchor-close
-
load-anchor
-
table-rule
-
include
-
I would be very grateful for examples of rules that trip the parser - please file an issue ticket on GitHub.
-
Ideas regarding the AST, the API, or other suggestions are also very welcome.
-
It is always nice with improvements to the pretty-printers! :-)
-
Support for more lines is a goal, you can help by writing PRs or submitting examples of syntax that is not handled by the parser.
-
Before taking on larger rewrites, please get in touch so we can avoid merge conflicts.
First, install the dependencies:
opam pin add -n pf .
opam install --deps-only pf
# build test executable, self-test rules from 'man pf.conf':
jbuilder runtest
This will give you the parse_conf.exe
utility that you can use to parse
firewall configuration files:
./_build/default/test/parse_conf.exe /home/me/my-pf-file.conf
Reading "/home/me/my-pf-file.conf"
Line 0: ext_bridge = "external"
Read 1 lines!