mirror of
git://git.code.sf.net/p/zsh/code
synced 2025-09-04 10:41:11 +02:00
121 lines
4.8 KiB
Text
121 lines
4.8 KiB
Text
#compdef pfctl
|
|
|
|
local pfctl_flush_modifiers pfctl_optimizer_level pfctl_show_modifiers pfctl_tables_command pfctl_debug_level
|
|
local -a args
|
|
|
|
pfctl_flush_modifiers=(
|
|
'rules:flush the filter rules'
|
|
'states:flush the stable table'
|
|
'Sources:flush the source tracking table'
|
|
'info:flush the filter information'
|
|
'Tables:flush the tables'
|
|
'osfp:flush the passive operating system fingerprints'
|
|
'all:flush all'
|
|
)
|
|
|
|
pfctl_show_modifiers=(
|
|
'queue:show the currently loaded queue rules'
|
|
'rules:show the currently loaded filter rules'
|
|
'Anchors:show the currently loaded anchors directly attached to the main ruleset'
|
|
'states:show the contents of the state table'
|
|
'Sources:show the contents of the source tracking table'
|
|
'info:show filter information'
|
|
'labels:show per-rule statistics of filter rules with labels'
|
|
'timeouts:show the current global timeouts'
|
|
'memory:show the current pool memory hard limits'
|
|
'Tables:show the list of tables'
|
|
'osfp:show the list of operating system fingerprints'
|
|
'Interfaces:show the list of interfaces and interface drivers available to PF'
|
|
'all:show all except for the lists of interfaces and operating system fingerprints'
|
|
)
|
|
|
|
pfctl_optimizer_level=(
|
|
'none:disable the ruleset optimizer'
|
|
'basic:enable basic ruleset optimizations'
|
|
'profile:enable basic ruleset optimizations with profiling'
|
|
)
|
|
|
|
pfctl_tables_command=(
|
|
'kill:kill a table'
|
|
'flush:flush all addresses of a table'
|
|
'add:add one or more addresses in a table'
|
|
'delete:delete one or more addresses from a table'
|
|
'expire:delete addresses which had their statistics cleared more than number seconds ago'
|
|
'replace:replace the addresses of the table'
|
|
'show:show the content (addresses) of a table'
|
|
'test:test if the given addresses match a table'
|
|
'zero:clear all the statistics of a table'
|
|
'load:load only the table definitions from pf.conf(5)'
|
|
)
|
|
|
|
_pf_ifaces() {
|
|
compadd "$@" - $(_call_program tables pfctl -s Interfaces)
|
|
}
|
|
|
|
_pf_tables() {
|
|
compadd "$@" - $(_call_program tables pfctl -s Tables)
|
|
}
|
|
|
|
case $OSTYPE in
|
|
openbsd*)
|
|
pfctl_debug_level=(
|
|
emerg alert crit err warning notice info debug
|
|
)
|
|
args=(
|
|
'-L+[load pf states from specified state file]:file:_files'
|
|
"-N[don't perform domain name resolution]"
|
|
'-P[display ports using service names]'
|
|
'-S+[store pf state table in the specified file]:file:_files'
|
|
'-V+[select routing domain to be used to kill states]:routing domain'
|
|
)
|
|
;;
|
|
(free|net)bsd*)
|
|
pfctl_debug_level=(
|
|
"none:don\'t generate debug messages"
|
|
'urgent:generate debug messages only for serious errors'
|
|
'misc:generate debug messages for various errors'
|
|
'loud:generate debug messages for common conditions'
|
|
)
|
|
pfctl_flush_modifiers+=(
|
|
'nat:flush the NAT rules'
|
|
'queue:flush the queue rules'
|
|
)
|
|
pfctl_show_modifiers+=(
|
|
'nat:show the currently loaded NAT rules'
|
|
)
|
|
args=(
|
|
'-A[load only the queue rules present in the rule file]'
|
|
'-N[load only the NAT rules present in the rule file]'
|
|
'-O[load only the options present in the rule file]'
|
|
'-R[load only the filter rules present in the rule file]'
|
|
)
|
|
;|
|
|
freebsd*)
|
|
args+=( '-P[display ports numerically]' )
|
|
;;
|
|
esac
|
|
|
|
_arguments -s $args \
|
|
'-a[apply flags -f, -F, and -s only to the rules in the specified anchor]:anchor' \
|
|
'-F+[flush the filter parameters specified by modifier]:modifier:(($pfctl_flush_modifiers))' \
|
|
'-D+[define macro to be set to value]:macro' \
|
|
'(-e)-d[disable the packet filter]' \
|
|
'(-D)-e[enable the packet filter]' \
|
|
'-f+[load the rules contained in a file]:configuration file:_files' \
|
|
'-g[include output helpful for debugging]' \
|
|
'(-)-h[display help information]' \
|
|
'-i[restrict the operation to the given interface]:interface:_pf_ifaces' \
|
|
'*-K[kill all of the source tracking entries originating from the specified host or network]:host or network:_hosts' \
|
|
'*-k[kill all of the state entries originating from the specified host or network]:host or network:_hosts' \
|
|
'-m[merge in explicitly given options without disturbing others]' \
|
|
"-n[don't actually load rules, just parse them]" \
|
|
'-o+[control the ruleset optimizer]:level:(($pfctl_optimizer_level))' \
|
|
'-p+[use the device file device instead of the default /dev/pf]:device:_files' \
|
|
'-q[only print errors and warnings]' \
|
|
'-r[perform reverse DNS lookups on states when displaying them]' \
|
|
'-s+[show the filter parameters specified by modifier]:modifier:(($pfctl_show_modifiers))' \
|
|
'-T+[specify the command to apply to the table]:command:(($pfctl_tables_command))' \
|
|
'-t[specify the name of the table]:table:_pf_tables' \
|
|
'-v[produce more verbose output]' \
|
|
'-x+[set the debug level]:debug level:(($pfctl_debug_level))' \
|
|
'-z[clear per-rule statistics]'
|