package pf-qubes
Install
Dune Dependency
Authors
Maintainers
Sources
sha256=4e21b305a83a5e4e4972d776298a05b4a9a177c8ad5a232f88654eed2909a7cf
sha512=a89295829a6b794dcd79a5d3092f92b77c67ecdb802a86beece6a93bdb24d3d5813e12c48f1d214d798d3e826c129cd14e8e77d6f23968a891b91cce0685100c
Description
pf-qubes provides a parser for the QubesOS (>=4.0) firewall ruleset syntax.
README
ocaml-pf
An Angstrom-based parser for the FreeBSD pf firewall configuration format.
implementation status
Ticked below are the lines that are (at least partially) implemented.
[x]
macro
definitions (NB: macro expansion is NOT)[x]
option
[x]
pf-rule
[x]
nat-rule
[ ]
binat-rule
[x]
rdr-rule
[ ]
antispoof-rule
[x]
altq-rule
[x]
queue-rule
[x]
trans-anchors
[ ]
anchor-rule
[ ]
anchor-close
[x]
load-anchor
[x]
table-rule
[x]
include
contributing
I would be very grateful for examples of rules that trip the parser - please file an issue ticket on GitHub.
Ideas regarding the AST, the API, or other suggestions are also very welcome.
It is always nice with improvements to the pretty-printers! :-)
Support for more lines is a goal, you can help by writing PRs or submitting examples of syntax that is not handled by the parser.
Before taking on larger rewrites, please get in touch so we can avoid merge conflicts.
compiling the example
First, install the dependencies:
opam pin add -n pf .
opam install --deps-only pf
# build test executable, self-test rules from 'man pf.conf':
jbuilder runtest
This will give you the parse_conf.exe
utility that you can use to parse firewall configuration files:
./_build/default/test/parse_conf.exe /home/me/my-pf-file.conf
Reading "/home/me/my-pf-file.conf"
Line 0: ext_bridge = "external"
Read 1 lines!