From owner-freebsd-pf@FreeBSD.ORG Mon Jul 21 17:01:55 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BB32E1065672 for ; Mon, 21 Jul 2008 17:01:55 +0000 (UTC) (envelope-from dfeustel@mindspring.com) Received: from QMTA05.westchester.pa.mail.comcast.net (qmta05.westchester.pa.mail.comcast.net [76.96.62.48]) by mx1.freebsd.org (Postfix) with ESMTP id 5BF2B8FC18 for ; Mon, 21 Jul 2008 17:01:55 +0000 (UTC) (envelope-from dfeustel@mindspring.com) Received: from OMTA14.westchester.pa.mail.comcast.net ([76.96.62.60]) by QMTA05.westchester.pa.mail.comcast.net with comcast id sagy1Z0051HzFnQ55glbFg; Mon, 21 Jul 2008 16:45:35 +0000 Received: from localhost ([69.245.196.200]) by OMTA14.westchester.pa.mail.comcast.net with comcast id sglt1Z00a4KuD453aglu6P; Mon, 21 Jul 2008 16:45:54 +0000 X-Authority-Analysis: v=1.0 c=1 a=6I5d2MoRAAAA:8 a=7HFYbcmAYPFAovrW2gcA:9 a=V2VTskI_ZvxXeg8SggIA:9 a=oNgW5rQwDvJOqqxUZnAA:7 a=XMtpeOCnv6djWcomY8Yd_NiIW0wA:4 a=LY0hPdMaydYA:10 From: Dave To: Jeremy Chadwick In-Reply-To: <20080721124055.GA33609@eos.sc1.parodius.com> Message-Id: <20080721170155.5BF2B8FC18@mx1.freebsd.org> Date: Mon, 21 Jul 2008 17:01:55 +0000 (UTC) Cc: freebsd-pf@freebsd.org Subject: Re: BNF Syntax of pf commands X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jul 2008 17:01:55 -0000 On Mon, Jul 21, 2008 at 05:40:55AM -0700, Jeremy Chadwick wrote: >On Mon, Jul 21, 2008 at 12:38:00PM +0000, Dave wrote: >> I'm looking for a BNF description of the PF ruleset. >> Is that available somewhere? > >It's in the manpage, section GRAMMAR. > >http://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=5&manpath=FreeBSD+7.0-stable&format=html#end Thanks! I had just found this myself using google and noticed that the bnf is coded up by hand instead of via yacc or bison. The reason I got interested in this is that I saw pretty clear indications on my OpenBSD 4,3 pf firewall that certain 'equivalent' rules (differing only the presence or absence of 'optional' syntactic sugar keywords ) in my pf.conf file did not produce identical behavior from pf. I've started wondering about how one would implement regression testing on pf.