Basic syntax
- file ::= empty | file stmt [`;']
- stmt ::= option-stmt | fw-stmt
- fw-stmt ::= `fw' source options [`to'|`->'] target options
- options ::= `{' option-seq `}'
- option-seq ::= empty | option-stmt [`;'] option-seq
+ FILE ::= EMPTY | FILE STMT [`;']
+ STMT ::= OPTION-STMT | FW-STMT
+ FW-STMT ::= `fw' SOURCE OPTIONS [`to'|`->'] TARGET OPTIONS
+ OPTIONS ::= `{' OPTION-SEQ `}'
+ OPTION-SEQ ::= EMPTY | OPTION-STMT [`;'] OPTION-SEQ
Option syntax
- option-stmt ::= q-option
- q-option ::= option
- | prefix `.' q-option
- | prefix `{' option-seq `}'
- prefix ::= word
+ OPTION-STMT ::= Q-OPTION
+ Q-OPTION ::= OPTION
+ | PREFIX `.' Q-OPTION
+ | PREFIX `{' OPTION-SEQ `}'
+ PREFIX ::= WORD
File source and target
- source ::= file
- target ::= file
- file ::= `file' [`.'] fspec [`,' fspec]
- fspec ::= fd-spec | name-spec | null-spec
- fd-spec ::= [[`:']`fd'[`:']] number|`stdin'|`stdout'
- name-spec ::= [[`:']`file'[`:']] file-name
- file-name ::= path-seq | [ path-seq ]
- path-seq ::= path-elt | path-seq path-elt
- path-elt ::= `/' | word
- null-spec ::= [`:']`null'[`:']
+ SOURCE ::= FILE
+ TARGET ::= FILE
+ FILE ::= `file' [`.'] FSPEC [`,' FSPEC]
+ FSPEC ::= FD-SPEC | NAME-SPEC | NULL-SPEC
+ FD-SPEC ::= [[`:']`fd'[`:']] NUMBER|`stdin'|`stdout'
+ NAME-SPEC ::= [[`:']`file'[`:']] FILE-NAME
+ FILE-NAME ::= PATH-SEQ | [ PATH-SEQ ]
+ PATH-SEQ ::= PATH-ELT | PATH-SEQ PATH-ELT
+ PATH-ELT ::= `/' | WORD
+ NULL-SPEC ::= [`:']`null'[`:']
Exec source and target
- source ::= exec
- target ::= exec
- exec ::= `exec' [`.'] cmd-spec
- cmd-spec ::= shell-cmd | [prog-name] `[' argv0 arg-seq `]'
- arg-seq ::= word | arg-seq word
- shell-cmd ::= word
- argv0 ::= word
+ SOURCE ::= EXEC
+ TARGET ::= EXEC
+ EXEC ::= `exec' [`.'] CMD-SPEC
+ CMD-SPEC ::= SHELL-CMD | [PROG-NAME] `[' ARGV0 ARG-SEQ `]'
+ ARG-SEQ ::= WORD | ARG-SEQ WORD
+ SHELL-CMD ::= WORD
+ ARGV0 ::= WORD
Socket source and target
- source ::= socket-source
- target ::= socket-target
- socket-source ::= [`socket'[`.']] [[`:']addr-type[`:']] source-addr
- socket-target ::= [`socket'[`.']] [[`:']addr-type[`:']] target-addr
+ SOURCE ::= SOCKET-SOURCE
+ TARGET ::= SOCKET-TARGET
+ SOCKET-SOURCE ::= [`socket'[`.']] [[`:']ADDR-TYPE[`:']] SOURCE-ADDR
+ SOCKET-TARGET ::= [`socket'[`.']] [[`:']ADDR-TYPE[`:']] TARGET-ADDR
- inet-source-addr ::= [port] port
- inet-target-addr ::= address [`:'] port
- address ::= addr-elt | address addr-elt
- addr-elt ::= `.' | word
+ INET-SOURCE-ADDR ::= [`port'] PORT
+ INET-TARGET-ADDR ::= ADDRESS [`:'] PORT
+ ADDRESS ::= ADDR-ELT | ADDRESS ADDR-ELT
+ ADDR-ELT ::= `.' | WORD
- unix-source-addr ::= file-name
- unix-target-addr ::= file-name
+ UNIX-SOURCE-ADDR ::= FILE-NAME
+ UNIX-TARGET-ADDR ::= FILE-NAME
File attributes (`fattr')
- prefix.fattr.mode [=] mode
- prefix.fattr.owner [=] user
- prefix.fattr.group [=] group
+ PREFIX.fattr.mode [=] MODE
+ PREFIX.fattr.owner [=] USER
+ PREFIX.fattr.group [=] GROUP
File options
file.create [=] yes|no
Exec options
exec.logging [=] yes|no
- exec.dir [=] file-name
- exec.root [=] file-name
- exec.user [=] user
- exec.group [=] group
- exec.rlimit.limit[.hard|.soft] [=] value
+ exec.dir [=] FILE-NAME
+ exec.root [=] FILE-NAME
+ exec.user [=] USER
+ exec.group [=] GROUP
+ exec.rlimit.LIMIT[.hard|.soft] [=] VALUE
exec.env.clear
- exec.env.unset var
- exec.env.[set] var [=] value
+ exec.env.unset VAR
+ exec.env.[set] VAR [=] VALUE
Socket options
- socket.conn [=] number|unlimited|one-shot
+ socket.conn [=] NUMBER|unlimited|one-shot
socket.logging [=] yes|no
- socket.inet.[allow|deny] [from] address [/ address]
- socket.unix.fattr.*
+
+ socket.inet.source.[allow|deny] priv-port
+ socket.inet.source.[allow|deny] [host] ADDR [/ ADDR]
+ socket.inet.source.addr [=] any|ADDR
+ socket.inet.dest.addr [=] any|ADDR
+
+ socket.unix.source.fattr.*