From owner-freebsd-ipfw@FreeBSD.ORG Mon Jul 18 11:06:24 2005 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.ORG Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B7CDE16A41C for ; Mon, 18 Jul 2005 11:06:24 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F4DA43D68 for ; Mon, 18 Jul 2005 11:06:23 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (wtcfqp@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.1/8.13.1) with ESMTP id j6IB6KHs008173 for ; Mon, 18 Jul 2005 13:06:21 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.1/8.13.1/Submit) id j6IB6K8D008172; Mon, 18 Jul 2005 13:06:20 +0200 (CEST) (envelope-from olli) Date: Mon, 18 Jul 2005 13:06:20 +0200 (CEST) Message-Id: <200507181106.j6IB6K8D008172@lurza.secnetix.de> From: Oliver Fromme To: freebsd-ipfw@FreeBSD.ORG In-Reply-To: <20050718020900.D13026@xorpc.icir.org> X-Newsgroups: list.freebsd-ipfw User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.11-RELEASE (i386)) Cc: Subject: Re: "or" blocks in IPFW2 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-ipfw@FreeBSD.ORG List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jul 2005 11:06:24 -0000 Luigi Rizzo wrote: > On Wed, Jul 13, 2005 at 05:57:53PM +0200, Oliver Fromme wrote: > ... > > # ipfw add allow tcp from any to any \{ in recv fxp0 or out xmit fxp0 \} > > 04400 allow tcp from any to any in { recv fxp0 or out } xmit fxp0 > > surely the parser is not very robust and should complain :) > > This said, the 'or' is a conjunction of individual options, > and 'in' is one option and 'recv fxp0' is another one. Okay ... So the braces are actually redundant, right? Because the "or" operator has highest priority anyway (except possibly for "not"), and braces cannot be used to change priority. > if you need something different you probably have to write separate rules. Thank you very much for the explanation. So I have to write separate rules. (Not a big deal.) Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Marktplatz 29, 85567 Grafing Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them.