From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 9 14:36:33 2010 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 26D5F1065674 for ; Tue, 9 Mar 2010 14:36:33 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id A37F38FC14 for ; Tue, 9 Mar 2010 14:36:32 +0000 (UTC) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.3/8.14.3) with ESMTP id o29EaFpr048888; Tue, 9 Mar 2010 15:36:30 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.3/8.14.3/Submit) id o29EaFQi048887; Tue, 9 Mar 2010 15:36:15 +0100 (CET) (envelope-from olli) Date: Tue, 9 Mar 2010 15:36:15 +0100 (CET) Message-Id: <201003091436.o29EaFQi048887@lurza.secnetix.de> From: Oliver Fromme To: freebsd-ipfw@FreeBSD.ORG X-Newsgroups: list.freebsd-ipfw User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/6.4-PRERELEASE-20080904 (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Tue, 09 Mar 2010 15:36:30 +0100 (CET) Cc: Subject: Small problem with "ipfw list" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Mar 2010 14:36:33 -0000 Hi, Just a question: Is the output from "ipfw list" supposed to be in the same rule format that is accepted as input? If that's the case, then there is a small bug: # ipfw add 100 allow ip from any to '{' 1.1.1.1 or 2.2.2.2 '}' 00100 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}' # ipfw list 100 00100 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}' # ipfw add 200 allow ip from any to '{' 1.1.1.1 or dst-ip 2.2.2.2 '}' ipfw: hostname ``dst-ip'' unknown So it inserts the word "dst-ip" in the output when an "or" block is used, but that word isn't accepted as input. I think the output from "ipfw list" should be valid rule format that could be fed back as input to ipfw(8). In fact that's exactly what I need to do in a script that I've written recently, and the "dst-ip" problem bit me. I had to work around it with sed(1). Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "Python is an experiment in how much freedom programmers need. Too much freedom and nobody can read another's code; too little and expressiveness is endangered." -- Guido van Rossum