package pf-qubes

  1. Overview
  2. Docs
QubesOS firewall ruleset handling library

Install

Dune Dependency

github.com Readme Changelog AGPL-3.0-only License Edit opam file Versions (2)

Authors

  1. R
    Robur.coop

Maintainers

  1. T
    team@robur.coop

Sources

pf-qubes-v0.1.0.tbz
sha256=30064f5dc4bd5f53df0e30085c48ab1ac8a5987c760effd68ef432de1afb0b06
sha512=59c4bd27a54fad2ba45d0aacb2217fd358011e4cec302b951ece1a8f150d57ef4571d6f7c8fbaed4e3ad05a41bd5b17dd2f21dbbf6bb1bdd14ddb4f2c4795e6e

Description

pf-qubes provides a parser for the QubesOS (>=4.0) firewall ruleset syntax.

Tags

org:mirage

Published: 23 Dec 2019

README

ocaml-pf

An Angstrom-based parser for the FreeBSD pf firewall configuration format.

implementation status

Ticked below are the lines that are (at least partially) implemented.

  • [x] macro definitions (NB: macro expansion is NOT)

  • [x] option

  • [x] pf-rule

  • [x] nat-rule

  • [ ] binat-rule

  • [x] rdr-rule

  • [ ] antispoof-rule

  • [x] altq-rule

  • [x] queue-rule

  • [x] trans-anchors

  • [ ] anchor-rule

  • [ ] anchor-close

  • [x] load-anchor

  • [x] table-rule

  • [x] include

contributing

  • I would be very grateful for examples of rules that trip the parser - please file an issue ticket on GitHub.

  • Ideas regarding the AST, the API, or other suggestions are also very welcome.

  • It is always nice with improvements to the pretty-printers! :-)

  • Support for more lines is a goal, you can help by writing PRs or submitting examples of syntax that is not handled by the parser.

  • Before taking on larger rewrites, please get in touch so we can avoid merge conflicts.

compiling the example

First, install the dependencies:

opam pin add -n pf .
opam install --deps-only pf

# build test executable, self-test rules from 'man pf.conf':
jbuilder runtest

This will give you the parse_conf.exe utility that you can use to parse firewall configuration files:

./_build/default/test/parse_conf.exe /home/me/my-pf-file.conf
Reading "/home/me/my-pf-file.conf"
Line 0: ext_bridge = "external"
Read 1 lines!

Dependencies (10)

  1. bisect_ppx >= "1.4.1"
  2. ipaddr >= "2.8.0"
  3. uri >= "1.9.5"
  4. rresult >= "0.5.0"
  5. logs >= "0.6.2"
  6. fmt >= "0.8.4"
  7. angstrom >= "0.12.1" & < "0.14.0"
  8. cstruct >= "3.3.0"
  9. ocaml >= "4.07.0"
  10. dune

Dev Dependencies (2)

  1. afl-persistent with-test
  2. alcotest with-test

Used by

None

Conflicts

None

OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct