pf-qubes

QubesOS firewall ruleset handling library
README

An Angstrom-based parser for the
FreeBSD pf firewall configuration format.

implementation status

Ticked below are the lines that are (at least partially) implemented.

  • [x] macro definitions (NB: macro expansion is NOT)

  • [x] option

  • [x] pf-rule

  • [x] nat-rule

  • [ ] binat-rule

  • [x] rdr-rule

  • [ ] antispoof-rule

  • [x] altq-rule

  • [x] queue-rule

  • [x] trans-anchors

  • [ ] anchor-rule

  • [ ] anchor-close

  • [x] load-anchor

  • [x] table-rule

  • [x] include

contributing

  • I would be very grateful for examples of rules that trip the parser - please
    file an issue ticket on GitHub.

  • Ideas regarding the AST, the API, or other suggestions are also very welcome.

  • It is always nice with improvements to the pretty-printers! :-)

  • Support for more lines is a goal, you can help by writing PRs or submitting examples of syntax that is not handled by the parser.

  • Before taking on larger rewrites, please get in touch so we can avoid merge conflicts.

compiling the example

First, install the dependencies:

opam pin add -n pf .
opam install --deps-only pf

# build test executable, self-test rules from 'man pf.conf':
jbuilder runtest

This will give you the parse_conf.exe utility that you can use to parse
firewall configuration files:

./_build/default/test/parse_conf.exe /home/me/my-pf-file.conf
Reading "/home/me/my-pf-file.conf"
Line 0: ext_bridge = "external"
Read 1 lines!
Install
Authors
Maintainers
Sources
pf-qubes-v0.1.1.tbz
sha256=4e21b305a83a5e4e4972d776298a05b4a9a177c8ad5a232f88654eed2909a7cf
sha512=a89295829a6b794dcd79a5d3092f92b77c67ecdb802a86beece6a93bdb24d3d5813e12c48f1d214d798d3e826c129cd14e8e77d6f23968a891b91cce0685100c
Dependencies
alcotest
with-test
bisect_ppx
>= "1.4.1"
ipaddr
>= "2.8.0"
uri
>= "1.9.5"
rresult
>= "0.5.0"
logs
>= "0.6.2"
fmt
>= "0.8.4"
angstrom
>= "0.14.0"
cstruct
>= "3.3.0"
ocaml
>= "4.07.0"
Reverse Dependencies