NAME
ipfmeta - use objects in IPfilter files
SYNOPSIS
ipfmeta [objfile]
DESCRIPTION
ipfmeta is used to simplify the maintenance of your IPfilter ruleset. It
does this through the use of 'objects'. A matching object gets replaced
by its values at runtime. This is similar to what a macro processor like
m4 does.
ipfmeta is specifically geared towards IPfilter. It is line oriented: if
an object has multiple values, the line with the object is duplicated
and substituted for each value. It is also recursive: an object may have
another object as a value.
Metarules to be processed are read from stdin, output rules go to
stdout.
Definition of the objects and their values is done in a separate file;
the filename defaults to ipf.objs. An object is delimited by square
brackets. A value is delimited by whitespace, except when it is enclosed
by double-quotes. Comments start with '#' and end with a newline. Empty
lines and extraneous whitespace are allowed. A value belongs to the
object that precedes it.
ipfmeta has a command mode. Metarules starting with '%' are passed to
the command processor. The commands are listed below.
It is recommended that you use all caps or another distinguishing
feature for object names. You can use ipfmeta for NAT rules also, for
instance to keep them in sync with filter rules. Combine ipfmeta with a
Makefile to save typing.
COMMANDS
dump
Include a list of all objects with their values in the output as
comments. This can be used to verify if the objectfile is parsed
correctly.
group n
Append 'group n' to subsequent output rules. Use 'group 0' to stop
appending groups to the output. This is also the default.
verbose level
Include expanded metarules in output as comments. The default is 0,
do not add any comments. Higher verbosity levels cause deeper levels
of expanded metarules to be included.
EXAMPLES
ipfmeta ipf.objs <ipf.metarules >ipf.rules
cat ipf.metarules | ipfmeta | ipf -I -Fa -vf -
AUTHOR
Camiel Dobbelaar <cd at sentia.nl>
