#------------------------------------------------------------------------------ # fli4l __FLI4LVER__ - configuration check for base # # Last Update: $Id$ # # Copyright (c) 2002-2016 - fli4l-Team #------------------------------------------------------------------------------ NONE = '.*' : '' NOTEMPTY = '.*[^ ]+.*' : 'should not be empty' NOBLANK = '[^ ]+' : 'should not contain spaces' ENOBLANK = '()|(RE:NOBLANK)' : 'should be empty or should not contain spaces' PASSWORD = '[^ ]{1,126}' : 'password should contain at least one and at most 126 nonblank characters' NUMERIC = '0|[1-9][0-9]*' : 'should be numeric (decimal) without leading zero(s)' ENUMERIC = '()|(RE:NUMERIC)' : 'should be numeric (decimal) without leading zero(s) or empty' NUMERICLZ = '[0-9]+' : 'should be numeric (decimal) with or without leading zero(s)' ENUMERICLZ = '()|(RE:NUMERICLZ)' : 'should be numeric (decimal) with or without leading zero(s) or empty' DOT_NUMERIC = '(RE:NUMERIC).[0-9]+' : 'should be numeric (decimal) with dot e.g. 5.0' EDOT_NUMERIC = '()|(RE:DOT_NUMERIC)' : 'should be numeric (decimal) with dot e.g. 5.0 or empty' NUM_HEX = '0x[[:xdigit:]]+' : 'should be a hexadecimal number (a number starting with "0x")' ENUM_HEX = '()|0x[[:xdigit:]]+' : 'should be empty or a hexadecimal number (a number starting with "0x")' NUM_ANY = '(RE:NUMERIC)|(RE:NUM_HEX)' : 'should be a decimal or hexadecimal number' ENUM_ANY = '()|(RE:NUMERIC)|(RE:NUM_HEX)' : 'should be empty or be a decimal or hexadecimal number' YESNO = 'yes|no' : 'only yes or no are allowed' KERNEL_MAJOR = '3\.1[4-9]' : 'Invalid version number, use a valid major version number for a 3.x Linux kernel like 3.16' KERNEL_VERSION = '(RE:KERNEL_MAJOR)\..+' : 'Invalid version number, use a valid version number for a 3.x Linux kernel like 3.1x.xx' PM_IFC = 'none|acpi|apm|apm_rm' : 'invalid value, please choose: none, acpi, apm, apm_rm' DEBUG_MODULES = 'yes|no|error' : 'choose one of no, yes (log all invocations of insmod/modprobe) or error (only log failed invocations of insmod/modprobe)' CONSOLE = 'no|yes|primary|secondary' : 'choose one of yes, no, primary, secondary' COMPTYPEOPT = 'bzip2|lzma|xz' : 'only bzip2, lzma, and xz are allowed compression methods for the OPT archive' MOUNTTYPE = 'ro|rw|no' : 'only ro, rw, or no are allowed mount options' DIALMODE = 'auto|manual|off' : 'only auto, manual or off are allowed' BOOT_TYPES = 'attached|cd|hd|integrated|ls120|netboot|pxeboot' : 'wrong boot type! should be cd, ls120, hd, integrated, attached, pxeboot or netboot.' CIRCUIT = 'pppoe|dhcp|(RE:NUMERIC)' : 'invalid circuit ("pppoe", "dhcp" or a number)' CIRCUITS = '(RE:CIRCUIT)([[:space:]]+(RE:CIRCUIT))*' : 'no valid circuits, please specify one or more circuits ("pppoe", "dhcp" or a number)' MACADDR = '[[:xdigit:]][[:xdigit:]](:[[:xdigit:]][[:xdigit:]]){5}' : 'wrong mac address, it should be 6 hex numbers each represented by two digits and separated by a ":" (for instance 00:00:E8:83:72:92)' # DNS definitions modeled after http://www.icann.org/general/idn-guidelines-20jun03.htm LABEL = '[0-9A-Za-z]([-0-9A-Za-z]{0,61}[0-9A-Za-z])?' : '' COMMENT = '(RE:LABEL)' : 'wrong comment, only letters, numbers and minus sign are allowed; no leading or trailing minus-sign; 63 characters maximum' HOSTNAME = '(RE:LABEL)' : 'wrong hostname, only letters, numbers and minus sign are allowed; no leading or trailing minus sign; 63 characters maximum' DOMAIN = '(RE:LABEL)(\.(RE:LABEL))*' : 'wrong domain name, only letters, numbers and minus sign are allowed; parts are separated by a dot (for instance lan.fli4l); no leading or trailing minus sign or dot' FQDN = '(RE:LABEL)(\.(RE:LABEL))+' : 'wrong fully qualified domain name, it should consist of a hostname and a domain name separated by a dot; only letters, numbers and minus sign are allowed, no leading or trailing minus sign' EFQDN = '()|(RE:FQDN)' : 'should either be empty or contain a fully qualified domain name (should consist of a host name and a domain name separated by a dot; only letters, numbers and minus sign are allowed, no leading or trailing minus sign)' EDOMAIN = '()|(RE:DOMAIN)' : 'should either be empty or contain a valid domain name (only letters, numbers and minus sign are allowed; parts are separated by a dot (for instance lan.fli4l); no leading or trailing minus sign or dot)' EHOSTNAME = '()|(RE:HOSTNAME)' : 'invalid hostname, should be empty or contain only letters, numbers and minus sign; leading or trailing minus signs are not allowed.' OCTET = '1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5]' : 'should be a value between 0 and 255' OCTET6 = '[0-9a-fA-F]{1,4}' : 'should be a hex value between 0 and ffff' IPADDR = '((RE:OCTET)\.){3}(RE:OCTET)' : 'invalid ipv4 address' IPADDR6COMPAT = '(((RE:OCTET6):){6}(RE:IPADDR))|(::((RE:OCTET6):){0,5}(RE:IPADDR))|(((RE:OCTET6):){1}:((RE:OCTET6):){0,4}(RE:IPADDR))|(((RE:OCTET6):){2}:((RE:OCTET6):){0,3}(RE:IPADDR))|(((RE:OCTET6):){3}:((RE:OCTET6):){0,2}(RE:IPADDR))|(((RE:OCTET6):){4}:((RE:OCTET6):)?(RE:IPADDR))|(((RE:OCTET6):){5}:(RE:IPADDR))' : 'invalid ipv6 address' IPADDR6 = '(((RE:OCTET6):){7}(RE:OCTET6))|(::((RE:OCTET6)(:(RE:OCTET6)){0,6})?)|((RE:OCTET6){1}::((RE:OCTET6)(:(RE:OCTET6)){0,5})?)|((RE:OCTET6)(:(RE:OCTET6)){1}::((RE:OCTET6)(:(RE:OCTET6)){0,4})?)|((RE:OCTET6)(:(RE:OCTET6)){2}::((RE:OCTET6)(:(RE:OCTET6)){0,3})?)|((RE:OCTET6)(:(RE:OCTET6)){3}::((RE:OCTET6)(:(RE:OCTET6)){0,2})?)|((RE:OCTET6)(:(RE:OCTET6)){4}::((RE:OCTET6)(:(RE:OCTET6)){0,1})?)|((RE:OCTET6)(:(RE:OCTET6)){5}::(RE:OCTET6)?)|(RE:IPADDR6COMPAT)' : 'invalid ipv6 address' IPADDRX = '(RE:IPADDR)' : 'invalid ip address' EIPADDR = '()|(RE:IPADDR)' : 'should be empty or contain a valid ipv4 address' EIPADDR6 = '()|(RE:IPADDR6)' : 'should be empty or contain a valid ipv6 address' EIPADDRX = '()|(RE:IPADDRX)' : 'should be empty or contain a valid ip address' NEIPADDR = 'none|()|(RE:IPADDR)' : 'should be empty, contain "none" or contain a valid ipv4 address' NEIPADDR6 = 'none|()|(RE:IPADDR6)' : 'should be empty, contain "none" or contain a valid ipv6 address' NEIPADDRX = 'none|()|(RE:IPADDRX)' : 'should be empty, contain "none" or contain a valid ip address' NUM_INT = '6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[0-5][0-9]{4}|[0-9]{1,4}' : 'should be a number between 0 and 65535' IPADDRANDPORT = '(RE:IPADDR):(RE:NUM_INT)' : 'should be an IPv4 address:port combination' IPADDRANDPORT6 = '\[(RE:IPADDR6)\]:(RE:NUM_INT)' : 'should be a bracketed [IPv6 address]:port combination' IPADDRANDPORTX = '(RE:IPADDRANDPORT)' : 'should be an IP address:port combination' IPADDRPORT = '(RE:IPADDRANDPORT)|(RE:IPADDR)' : 'should be a single IPv4 address or an IPv4 address:port combination' IPADDRPORT6 = '(RE:IPADDRANDPORT6)|(RE:IPADDR6)' : 'should be a single IPv6 address or a bracketed [IPv6 address]:port combination' IPADDRPORTX = '(RE:IPADDRANDPORTX)|(RE:IPADDRX)' : 'should be a single IP address or an IP address:port combination' IPADDRESSES = '(RE:IPADDRX)([[:space:]]+(RE:IPADDRX))*' : 'invalid ip address, please specify one or more valid ip addresses' IPADDRPORTS = '(RE:IPADDRPORTX)([[:space:]]+(RE:IPADDRPORTX))*' : 'invalid ip address, please specify one or more valid ip addresses' EIPADDRESSES = '()|(RE:IPADDRESSES)' : 'should be empty or contain one or more valid ip addresses' DNSFORWARD = '()|(RE:IPADDRESSES)|(RE:IPADDRPORTS)' : 'should be empty or contain one or more valid ip addresses (with optional port)' PORT_RANGE = '(RE:NUM_INT)(-(RE:NUM_INT))?' : 'should be a port or a port range, something like 0 or 0-65535' MASK = '3[0-2]|[1-2]?[0-9]' : 'invalid netmask specified, please specify a value between 0 and 32' MASK6 = '1[01][0-9]|12[0-8]|[1-9][0-9]|[0-9]' : 'invalid netmask specified, please specify a value between 0 and 128' MASKX = '(RE:MASK)' : 'invalid netmask specified, please specify a value between 0 and 32' NETWORK = '(RE:IPADDR)/(RE:MASK)' : 'invalid network specification, should be a network address followed by a netmask, for instance 192.168.6.0/24' NETWORK6 = '(RE:IPADDR6)/(RE:MASK6)' : 'invalid network specification, should be a network address followed by a netmask, for instance fe80::/10' NETWORKX = '(RE:NETWORK)' : 'invalid network specification, should be a network address followed by a netmask, for instance 192.168.6.0/24' ENETWORK = '()|(RE:NETWORK)' : 'invalid network specification, should be empty or it should contain a network address followed by a netmask, for instance 192.168.6.0/24' ENETWORK6 = '()|(RE:NETWORK6)' : 'invalid network specification, should be empty or it should contain a network address followed by a netmask, for instance fe80::/10' ENETWORKX = '()|(RE:NETWORKX)' : 'invalid network specification, should be empty or it should contain a network address followed by a netmask, for instance 192.168.6.0/24' NETWORKS = '(RE:NETWORK)([[:space:]]+(RE:NETWORK))*' : 'invalid network specification, should be one or more network addresse(s) followed by a netmask, for instance 192.168.6.0/24' ENETWORKS = '()|(RE:NETWORKS)' : 'invalid network specification, should be empty or should contain one or more network addresse(s) followed by a netmask, for instance 192.168.6.0/24, for dhcp config package dhcp_client' MULTIPLE_NETWORKS = '(RE:NETWORK)([[:space:]]+(RE:NETWORK))+' : 'invalid network specification, should be two or more network addresses followed by their netmasks, for instance "192.168.6.0/24 192.168.7.0/24"' EMULTIPLE_NETWORKS= '()|(RE:MULTIPLE_NETWORKS)' : 'invalid network specification, should be empty or contain two or more network addresses followed by their netmasks, for instance "192.168.6.0/24 192.168.7.0/24"' IPADDR_NETWORK = '(RE:IPADDR)|(RE:NETWORK)' : 'should contain a valid ip or network address ' EIPADDR_NETWORK = '()|(RE:IPADDR)|(RE:NETWORK)' : 'should either be empty or contain a valid ip or network address' FQDN_EPORT = '((RE:LABEL)(\.(RE:LABEL))+)|((RE:LABEL)(\.(RE:LABEL))+:(RE:NUM_INT))' : 'wrong fully qualified domain name, it should consist of a hostname and a domain name separated by a dot; only letters, numbers and minus sign are allowed, no leading or trailing minus sign. An optional port number could be added like in example.com:1234' LOCAL_PART = '[0-9A-Za-z][0-9A-Za-z.!#$%&*+-/=?^_`{|}~]*' : 'invalid local-part of email address' MAILADDR = '(RE:LOCAL_PART)@((RE:DOMAIN)|localhost)' : 'invalid email address, use e.g. "aaaa@bbbb.ccc"' EMAILADDR = '()|(RE:MAILADDR)' : 'should either be empty or contain a valid email address' CRONTAB = '([0-9,/*-]+) *([0-9,/*-]+) *([0-9,/*-]+) *([0-9,/*(jan,feb,mar,apr,may,jun,jul,aug,sep,oct,nov,dec)-]+) *([0-7,/*(mon,tue,wed,thu,fri,sat,sun)-]+)' : 'invalid crontab string, use e.g. "3 5 * * *"' DISK = '(sd|hd|nftl)[a-z]' : 'invalid disk' PARTITION = '(RE:DISK)[1-8]' : 'invalid partition' REL_PATH = '(([0-9A-Za-z]|[-_.@])+)(/([0-9A-Za-z]|[-_.@])+)*/?' : 'invalid relative path, only numbers, letters, "-", "_" and "@" separated by "/" are allowed' E_REL_PATH = '()|(RE:REL_PATH)' : 'should either be empty or contain a valid relative path; only numbers, letters, "-" and "_" separated by "/" are allowed' ABS_PATH = '/(RE:E_REL_PATH)' : 'invalid absolute path (must start with a slash and only numbers, letters, "-" and "_" separated by "/" are allowed)' E_ABS_PATH = '()|(RE:ABS_PATH)' : 'should either be empty or contain a valid absolute path (must start with a slash and only numbers, letters, "-" and "_" separated by "/" are allowed)' PART_OPT = 'auto|(RE:PARTITION)|([1-2]?[0-9]{2}|[3-9])[0-9]{2}' : 'invalid PART_OPT, should be auto, a value between 300 and 29999 or a partition' NET_DRV = '3c509|3c515|3c59x|8139cp|8139too|ac3200|acenic|alx|amd8111e|atl1|atl1c|atl1e|atl2|atp|b44|be2net|bna|bnx2|bnx2x|cassini|cosa|cs89x0|cxgb|cxgb3|cxgb4|cxgb4vf|de2104x|de4x5|de620|defxx|dl2k|dmfe|dscc4|dummy|e100|e1000|e1000e|enic|epic100|farsync|fealnx|forcedeth|hamachi|hostess_sv11|hp100|igb|igbvf|ipg|ixgb|ixgbe|ixgbevf|jme|ksz884x|lance|lmc|mlx4_core|myri10ge|natsemi|ne|ne2k-pci|netxen_nic|ni65|niu|ns83820|pc300too|pch_gbe|pci200syn|pcnet32|qla3xxx|qlcnic|qlge|r6040|r8169|s2io|sb1000|sbni|sc92031|sealevel|seeq8005|sfc|sis190|sis900|skfp|skge|sky2|smc9194|smsc9420|smc-ultra|starfire|stmmac|sundance|sungem|sunhme|tehuti|tg3|tlan|tulip|typhoon|uli526x|via-rhine|via-velocity|virtio_net|vmxnet3|vxge|wanxl|wd|winbond-840|xen-netfront|xircom_cb|yellowfin' : 'invalid ethernet driver or not in this KERNEL, please choose one of the drivers in config/base_nic.list' +NET_DRV(KERNEL_VERSION=~'^3\.(1[5-9]|[2-9][0-9])\..+$') = 'i40e|i40evf|ec_bhf' : '' PCMCIA_NET_DRV = '3c574_cs|3c589_cs|axnet_cs|fmvj18x_cs|nmclan_cs|pcnet_cs|smc91c92_cs|xirc2ps_cs' : '' +NET_DRV = '(RE:PCMCIA_NET_DRV)' : '' USB_NET_DRV = 'asix|ax88179_178a|catc|cdc_eem|cdc_ether|cdc_mbim|cdc_ncm|cdc_subset|cx82310_eth|dm9601|gl620a|hso|huawei_cdc_ncm|int51x1|ipheth|kalmia|kaweth|lg-vl600|mcs7830|net1080|pegasus|plusb|qmi_wwan|r8152|rndis_host|rtl8150|smsc75xx|smsc95xx|sr9700|sr9800|zaurus' : '' +NET_DRV = '(RE:USB_NET_DRV)' : '' ETH_BASE_DEV_NAME= 'eth[1-9]?[0-9]' : 'Invalid ethernet device name, ether devices are named eth0, eth1, ..., eth99' ETH_DEV_NAME = '(RE:ETH_BASE_DEV_NAME)' : 'Invalid ethernet device name, ether devices are named eth0, eth1 ... eth99' DUMMY_DEV_NAME = 'dummy[1-9]?[0-9]' : 'Invalid dummy device name, dummy devices are named dummy' HOST_REF = '@((RE:HOSTNAME)|(RE:FQDN))' : 'no error message yet' HOST_EXPR = '@\.?((RE:HOSTNAME)|(RE:FQDN))' : 'invalid host expression' IP_NET = '(RE:NETWORK)' : 'invalid network specification, should contain a network address followed by a netmask, for instance 192.168.6.0/24' IP_NET_DEV = '(RE:ETH_DEV_NAME)|(RE:DUMMY_DEV_NAME)' : 'Invalid device name, only ethernet (eth) or dummy (dummy) devices are allowed.' IP_NET_TYPE = 'green|orange|()' : 'Invalid network type, only green or orange are allowed' IP_ROUTE = '(RE:NETWORK)[[:space:]]+(((RE:HOST_REF)|(RE:IPADDR)|(RE:IP_NET_DEV))|(((RE:HOST_REF)|(RE:IPADDR))[[:space:]]+(RE:IP_NET_DEV)))' : 'invalid route specification (network/cidr gateway)' PF_LOG_LEVEL = 'debug|info|notice|warning|err|crit|alert|emerg' : 'wrong log level, should be one of the following: debug, info, notice, warning, err, crit, alert, emerg' PF_INPUT_POLICY = 'DROP|REJECT|ACCEPT' : 'choose either DROP, REJECT or ACCEPT' PF_FORWARD_POLICY = 'DROP|REJECT|ACCEPT' : 'choose either DROP, REJECT or ACCEPT' PF_OUTPUT_POLICY = 'DROP|REJECT|ACCEPT' : 'choose either DROP, REJECT or ACCEPT' FW_USR_CHAIN = 'usr-[-_a-z]+' : 'User defined chains have to start with usr- and may only consist of lower case letters, minus sign and underscores.' FW_TMPL = 'tmpl:[^[:space:]]+' : '' FW_MAC = 'mac:!?(RE:MACADDR)' : '' FW_NET = 'IP_NET_[1-9]?[0-9]' : '' FW_ROUTE_NET = 'IP_ROUTE_[1-9]?[0-9]' : '' FW_NET_IP = '(RE:FW_NET)_IPADDR' : '' FW_NET_DEV = '(RE:FW_NET)_DEV' : '' FW_IF = 'any|lo|(RE:FW_NET_DEV)' : '' FW_IF_IN = 'if:!?(RE:FW_IF):any' : '' FW_IF_OUT = 'if:any:!?(RE:FW_IF)' : '' FW_IF_IN_OUT = 'if:!?(RE:FW_IF):!?(RE:FW_IF)' : '' FW_ICMP_TYPES = 'echo-reply|echo-request' : '' FW_ICMP = '!?(icmp|icmp:(RE:FW_ICMP_TYPES))' : '' FW_PROTO = 'prot:((!?(tcp|udp|gre|(RE:NUMERIC)))|(RE:FW_ICMP))' : '' FW_STATES = 'RELATED|ESTABLISHED|NEW|INVALID' : '' FW_STATE = 'state:(RE:FW_STATES)(,(RE:FW_STATES))*' : '' FW_PORTS = '(RE:PORT_RANGE)|(RE:NUM_INT)(,(RE:NUM_INT)){1,14}' : '' FW_LENGTH = 'length:(RE:PORT_RANGE)' : '' FW_LIMIT_EXPR = '[[:digit:]]+/(second|minute|hour|day)(:[[:digit:]]+)?' : '' FW_LIMIT = 'limit:(RE:FW_LIMIT_EXPR)' : 'invalid limit expression' FW_IP_NOPORT = 'any|(RE:IPADDR)(/(RE:MASK))?|(RE:FW_NET)|(RE:FW_ROUTE_NET)|(RE:FW_NET_IP)|(RE:HOST_EXPR)' : 'invalid address, net or host specification' FW_IP = '!?((RE:FW_PORTS)|(RE:FW_IP_NOPORT)(:(RE:FW_PORTS))?)[[:space:]]+' : '' PRE_IP = '((RE:FW_TMPL)[[:space:]]+)?!?((RE:FW_PORTS)|(any|dynamic|(RE:IPADDR)(/(RE:MASK))?|(RE:FW_NET)|(RE:FW_ROUTE_NET)|(RE:FW_NET_IP)|(RE:HOST_EXPR))(:(RE:FW_PORTS))?)[[:space:]]+' : '' NAT_SRC = '((RE:IPADDR)(-(RE:IPADDR))?|(RE:FW_NET_IP)|(RE:HOST_REF))(:(RE:PORT_RANGE))?' : '' NAT_DST = '((RE:IPADDR)(-(RE:IPADDR))?|(RE:FW_NET_IP)|(RE:HOST_REF))(:(RE:PORT_RANGE))?' : '' FW_LOG_ACTION = 'LOG(:[-_0-9A-Za-z]{1,28})?' : '' FW_HELPER_ACTION= 'HELPER:[^ ]+' : '' FW_ACTION = '(DROP|REJECT|ACCEPT|(RE:FW_USR_CHAIN))([[:space:]]+BIDIRECTIONAL)?([[:space:]]+(NOLOG|(RE:FW_LOG_ACTION)))?|(RE:FW_LOG_ACTION)([[:space:]]+BIDIRECTIONAL)?' : '' FW_NAT_SNAT_ACTION= 'SNAT:(RE:NAT_SRC)' : '' FW_NAT_DNAT_ACTION= 'DNAT:(RE:NAT_DST)' : '' FW_NAT_MASQ_ACTION= 'MASQUERADE(:(RE:PORT_RANGE))?' : '' FW_NAT_REDIRECT_ACTION= 'REDIRECT:(RE:FW_PORTS)' : '' FW_NAT_NETMAP_ACTION= 'NETMAP:((RE:IPADDR)|(RE:NETWORK)|(RE:FW_NET))' : '' FW_OUTPUT_ACTION = '(RE:FW_NAT_REDIRECT_ACTION)|(RE:FW_ACTION)' : '' FW_NAT_POST_ACTION= '((ACCEPT|(RE:FW_NAT_MASQ_ACTION))([[:space:]]+BIDIRECTIONAL)?|(RE:FW_NAT_SNAT_ACTION)|(RE:FW_NAT_NETMAP_ACTION))([[:space:]]+(RE:FW_LOG_ACTION))?' : '' FW_NAT_PRE_ACTION= '((ACCEPT|DROP)([[:space:]]+BIDIRECTIONAL)?|(RE:FW_NAT_DNAT_ACTION)|(RE:FW_NAT_REDIRECT_ACTION)|(RE:FW_NAT_NETMAP_ACTION))([[:space:]]+(RE:FW_LOG_ACTION))?' : '' FW_GENERIC_MATCH= '((RE:FW_TMPL)|(RE:FW_PROTO)|(RE:FW_LENGTH)|(RE:FW_STATE)|(RE:FW_MAC)|(RE:FW_LIMIT))' : '' FW_INPUT_MATCH = '((RE:FW_GENERIC_MATCH)|(RE:FW_IF_IN))[[:space:]]+' : '' FW_INPUT_RULE = '([[:space:]]*(RE:FW_INPUT_MATCH)*(RE:FW_IP){0,2}(RE:FW_ACTION))|redir-access-chain' : 'please refer to the documentation' FW_FORWARD_MATCH= '((RE:FW_GENERIC_MATCH)|(RE:FW_IF_IN_OUT))[[:space:]]+' : '' FW_FORWARD_RULE = '([[:space:]]*(RE:FW_FORWARD_MATCH)*(RE:FW_IP){0,2}(RE:FW_ACTION))|pfwaccess-chain' : 'please refer to the documentation' FW_OUTPUT_MATCH = '((RE:FW_GENERIC_MATCH)|(RE:FW_IF_OUT))[[:space:]]+' : '' FW_OUTPUT_RULE = '([[:space:]]*(RE:FW_OUTPUT_MATCH)*(RE:FW_IP){0,2}(RE:FW_OUTPUT_ACTION))' : 'please refer to the documentation' FW_NAT_POST_MATCH= '((RE:FW_GENERIC_MATCH)|(RE:FW_IF_OUT))[[:space:]]+' : '' FW_NAT_PRE_MATCH= '((RE:FW_GENERIC_MATCH)|(RE:FW_IF_IN))[[:space:]]+' : '' FW_NAT_POST_RULE= '[[:space:]]*(RE:FW_NAT_POST_MATCH)*(RE:FW_IP){0,2}(RE:FW_NAT_POST_ACTION)' : 'please refer to the documentation' FW_NAT_PRE_RULE = '[[:space:]]*(RE:FW_NAT_PRE_MATCH)*((RE:FW_IP)?(RE:PRE_IP))?(RE:FW_NAT_PRE_ACTION)' : 'please refer to the documentation' FW_OUTPUT_CT_RULE='[[:space:]]*(RE:FW_OUTPUT_MATCH)*(RE:FW_IP){0,2}(RE:FW_HELPER_ACTION)' : 'please refer to the documentation' FW_PREROUTING_CT_RULE='[[:space:]]*(RE:FW_INPUT_MATCH)*((RE:FW_IP)?(RE:PRE_IP))?(RE:FW_HELPER_ACTION)([[:space:]]+BIDIRECTIONAL)?' : 'please refer to the documentation' FW_NET6 = 'IPV6_NET_[1-9]?[0-9]' : 'invalid net reference, must be IPV6_NET_' FW_ROUTE_NET6 = 'IPV6_ROUTE_[1-9]?[0-9]' : 'invalid route reference, must be IPV6_ROUTE_' FW_NET_IP6 = '(RE:FW_NET6)_IPADDR' : 'invalid address reference, must be IPV6_NET__IPADDR' FW_NET_DEV6 = '((RE:FW_NET6)_DEV)|(IPV6_TUNNEL_[0-9]+_DEV)' : 'invalid device reference, must be IPV6_NET__DEV or IPV6_TUNNEL__DEV' FW_IF6 = 'any|lo|(RE:FW_NET_DEV6)' : 'invalid interface reference, must be any, lo, IPV6_NET__DEV, or IPV6_TUNNEL__DEV' FW_IF_IN6 = 'if:!?(RE:FW_IF6):any' : 'invalid input interface' FW_IF_OUT6 = 'if:any:!?(RE:FW_IF6)' : 'invalid output interface' FW_IF_IN_OUT6 = 'if:!?(RE:FW_IF6):!?(RE:FW_IF6)' : 'invalid input/output interface' FW_ICMP6 = '!?(icmpv6|icmpv6:(RE:FW_ICMP_TYPES))' : '' FW_PROTO6 = 'prot:((!?(tcp|udp|gre|(RE:NUMERIC)))|(RE:FW_ICMP6))' : '' FW_IP6_NOADDR = '(any|(RE:FW_NET6)|(RE:FW_ROUTE_NET6)|(RE:FW_NET_IP6)|(RE:HOST_EXPR))' : '' PRE_IP6_NOADDR = '(RE:FW_IP6_NOADDR)|dynamic' : '' FW_IP6_NOPORT = '(RE:FW_IP6_NOADDR)|(RE:IPADDR6)(/(RE:MASK6))?' : 'invalid address, net or host specification' PRE_IP6_NOPORT = '(RE:PRE_IP6_NOADDR)|(RE:IPADDR6)(/(RE:MASK6))?' : 'invalid address, net or host specification' FW_IP6 = '!?((RE:FW_PORTS)|(RE:FW_IP6_NOADDR)|\[(RE:FW_IP6_NOPORT)\](:(RE:FW_PORTS))?)[[:space:]]+' : '' PRE_IP6 = '((RE:FW_TMPL)[[:space:]]+)?!?((RE:FW_PORTS)|(RE:PRE_IP6_NOADDR)|\[(RE:PRE_IP6_NOPORT)\](:(RE:FW_PORTS))?)[[:space:]]+' : '' NAT_RAW6 = '(RE:IPADDR6)(-(RE:IPADDR6))?|(RE:FW_NET_IP6)|(RE:HOST_REF)' : '' NAT_SRC6 = '(RE:NAT_RAW6)|\[(RE:NAT_RAW6)\](:(RE:PORT_RANGE))?' : '' NAT_DST6 = '(RE:NAT_RAW6)|\[(RE:NAT_RAW6)\](:(RE:PORT_RANGE))?' : '' FW_NAT_SNAT_ACTION6= 'SNAT:(RE:NAT_SRC6)' : '' FW_NAT_DNAT_ACTION6= 'DNAT:(RE:NAT_DST6)' : '' FW_NAT_MASQ_ACTION6= 'MASQUERADE(:(RE:PORT_RANGE))?' : '' FW_NAT_REDIRECT_ACTION6= 'REDIRECT:(RE:FW_PORTS)' : '' FW_NAT_NETMAP_ACTION6= 'NETMAP:((RE:IPADDR6)|(RE:NETWORK6)|(RE:FW_NET6))' : '' FW_OUTPUT_ACTION6 = '(RE:FW_NAT_REDIRECT_ACTION6)|(RE:FW_ACTION)' : '' FW_NAT_POST_ACTION6= '((ACCEPT|(RE:FW_NAT_MASQ_ACTION6))([[:space:]]+BIDIRECTIONAL)?|(RE:FW_NAT_SNAT_ACTION6)|(RE:FW_NAT_NETMAP_ACTION6))([[:space:]]+(RE:FW_LOG_ACTION))?' : '' FW_NAT_PRE_ACTION6= '((ACCEPT|DROP)([[:space:]]+BIDIRECTIONAL)?|(RE:FW_NAT_DNAT_ACTION6)|(RE:FW_NAT_REDIRECT_ACTION6)|(RE:FW_NAT_NETMAP_ACTION6))([[:space:]]+(RE:FW_LOG_ACTION))?' : '' FW_GENERIC_MATCH6= '((RE:FW_TMPL)|(RE:FW_PROTO6)|(RE:FW_LENGTH)|(RE:FW_STATE)|(RE:FW_MAC)|(RE:FW_LIMIT))' : '' FW_INPUT_MATCH6 = '((RE:FW_GENERIC_MATCH6)|(RE:FW_IF_IN6))[[:space:]]+' : '' FW_INPUT_RULE6 = '([[:space:]]*(RE:FW_INPUT_MATCH6)*(RE:FW_IP6){0,2}(RE:FW_ACTION))' : 'please refer to the documentation' FW_FORWARD_MATCH6= '((RE:FW_GENERIC_MATCH6)|(RE:FW_IF_IN_OUT6))[[:space:]]+' : '' FW_FORWARD_RULE6 = '([[:space:]]*((RE:FW_FORWARD_MATCH6)+)?(RE:FW_IP6){0,2}(RE:FW_ACTION))' : 'please refer to the documentation' FW_OUTPUT_MATCH6 = '((RE:FW_GENERIC_MATCH6)|(RE:FW_IF_OUT6))[[:space:]]+' : '' FW_OUTPUT_RULE6 = '([[:space:]]*(RE:FW_OUTPUT_MATCH6)*(RE:FW_IP6){0,2}(RE:FW_ACTION))' : 'please refer to the documentation' FW_NAT_POST_MATCH6= '((RE:FW_GENERIC_MATCH6)|(RE:FW_IF_OUT))[[:space:]]+' : '' FW_NAT_PRE_MATCH6= '((RE:FW_GENERIC_MATCH6)|(RE:FW_IF_IN))[[:space:]]+' : '' FW_NAT_POST_RULE6= '[[:space:]]*(RE:FW_NAT_POST_MATCH6)*(RE:FW_IP6){0,2}(RE:FW_NAT_POST_ACTION6)' : 'please refer to the documentation' FW_NAT_PRE_RULE6= '[[:space:]]*(RE:FW_NAT_PRE_MATCH6)*((RE:FW_IP6)?(RE:PRE_IP6))?(RE:FW_NAT_PRE_ACTION6)' : 'please refer to the documentation' FW_OUTPUT_CT_RULE6='[[:space:]]*(RE:FW_OUTPUT_MATCH6)*(RE:FW_IP6){0,2}(RE:FW_HELPER_ACTION)' : 'please refer to the documentation' FW_PREROUTING_CT_RULE6='[[:space:]]*(RE:FW_INPUT_MATCH6)*((RE:FW_IP6)?(RE:PRE_IP6))?(RE:FW_HELPER_ACTION)([[:space:]]+BIDIRECTIONAL)?' : 'please refer to the documentation' DNSEXCEPTIONS = '()|(RE:FW_IP_NOPORT)([[:space:]]+(RE:FW_IP_NOPORT))*' : 'invalid list of exceptions for transparent DNS redirection' LANG = '(de)|(en)|(es)|(fr)|(hu)|(nl)' : 'language is not available, please choose between de, en, fr, hu and nl' DNS_IP = '(RE:FW_NET_IP)|(RE:IPADDR)|(RE:HOST_REF)' : 'use either an ip address, a reference to one of the IP_NET_x-Variables (i.e. IP_NET_1_IPADDR) or a reference to a hostname declared via HOST_%_NAME or HOST_%_ALIAS.' PORTFW_TARGET = '((((RE:FW_NET)|(RE:DNS_IP)|(RE:CIRCUIT)):)?((RE:PORT_RANGE)|none))' : 'invalid portforwarding target, should be a port (i.e. 21), a port range (3000-3010), a local address (specified as ip address, network, reference to IP_NET_x, reference to a name or alias specified in HOST_x) combined with a port(range) or none, a circuit and a port(range) (pppoe:23)' PORTFW_NEW_TARGET= '(RE:DNS_IP)(:(RE:PORT_RANGE))?' : 'invalid new target for portforwarding, a local address (specified as ip address, network, reference to IP_NET_x, reference to a name or alias specified in HOST_x) optionally combined with a port (i.e. 192.168.6.15:22)' PORTFW_PROTO = 'udp|tcp|gre|(RE:NUMERIC)' : 'invalid portforwarding protocol, should be "udp", "tcp", "gre" or the protocol number' CONFIG_FILENAME = '[-@_.0-9A-Za-z]+' : 'invalid filename, only numbers, letters, ".", "-", "@" and "_" are allowed' ABS_FILENAME = '(RE:ABS_PATH)/(RE:CONFIG_FILENAME)' : 'should be an absolute filename as a target filename' FW_LOG_LIMIT = '(RE:FW_LIMIT_EXPR)' : 'invalid limit specification' EFW_LOG_LIMIT = '()|(RE:FW_LOG_LIMIT)|none' : 'invalid limit specification, should be empty, none or a valid limit' KEYBOARD_LOCALE = '()|([A-Za-z][A-Za-z][-_.0-9A-Za-z]*)' : 'wrong locale, please select auto, off, or a name that matches a mapfile in opt/etc like de matches opt/etc/de.map.' HOST_IP = '(RE:FW_NET_IP)|(RE:IPADDR)' : 'use either an ip address or a reference to one of the IP_NET_x-Variables (i.e. IP_NET_1_IPADDR)' HOST_IP_PORT = '(RE:HOST_REF)|(RE:HOST_REF):(RE:NUM_INT)|(RE:IPADDRPORT)' : 'use either an IPv4 address or a reference to a host with an optional port' HOST_IP_PORT6 = '(RE:HOST_REF)|(RE:HOST_REF):(RE:NUM_INT)|(RE:IPADDRPORT6)' : 'use either an IPv6 address or a reference to a host with an optional port' HOST_IP_PORTX = '(RE:HOST_REF)|(RE:HOST_REF):(RE:NUM_INT)|(RE:IPADDRPORTX)' : 'use either an IP address or a reference to a host with an optional port' HOST_NAME = 'HOSTNAME|(RE:HOSTNAME)' : 'wrong hostname, only letters, numbers and minus sign are allowed or aliasname "HOSTNAME"; no leading or trailing minus sign' COMPORT = 'com[1-4]' : 'must be a valid com device (com1, com2, com3 or com4)' ECOMPORT = '()|(RE:COMPORT)' : 'should be empty or contain a valid com device (com1, com2, com3 or com4)' PARPORT_ADDS = '0x0*([23]78|3[BbDd][Cc])' : 'must be a valid parallel port address (0x378, 0x278, 0x3BC or 0x3DC)' UUID = '[[:xdigit:]]{8}(-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}' : 'invalid UUID' LISTEN_IP = '(RE:FW_NET_IP)|(RE:IPADDRX)' : 'use either an IP address or a reference to one of the IP_NET_x variables (i.e. IP_NET_1_IPADDR)' LISTEN_IP_PORT = '(RE:FW_NET_IP)|(RE:FW_NET_IP):(RE:NUM_INT)|(RE:IPADDRANDPORT)' : 'use either an ip address or a reference to one of the IP_NET_x-Variables (i.e. IP_NET_1_IPADDR) with an optional port' OPT_REGEXP_ID = '[ug]id=[0-9A-Za-z]+' : '' OPT_REGEXP_MODE = 'mode=[0-7]{3,4}' : '' OPT_REGEXP_FLAGS = 'flags=(sh|utxt|dtxt)' : '' OPT_REGEXP_NAME = 'name=/?(RE:REL_PATH)' : '' OPT_REGEXP_DEVTYPE = 'devtype=(c|b)' : '' OPT_REGEXP_DEVMAJOR = 'major=(RE:NUMERIC)' : '' OPT_REGEXP_DEVMINOR = 'minor=(RE:NUMERIC)' : '' OPT_REGEXP_LINKTARGET = 'linktarget=/?(RE:REL_PATH)' : '' OPT_REGEXP_LOCAL_OPT = '(RE:OPT_REGEXP_NAME)|(RE:OPT_REGEXP_ID)|(RE:OPT_REGEXP_MODE)|(RE:OPT_REGEXP_FLAGS)' : '' OPT_REGEXP_FILE_OPT = '(RE:OPT_REGEXP_NAME)|(RE:OPT_REGEXP_ID)|(RE:OPT_REGEXP_MODE)|(RE:OPT_REGEXP_FLAGS)' : '' OPT_REGEXP_DIR_OPT = '(RE:OPT_REGEXP_ID)|(RE:OPT_REGEXP_MODE)' : '' OPT_REGEXP_NODE_OPT = '(RE:OPT_REGEXP_ID)|(RE:OPT_REGEXP_MODE)' : '' OPT_REGEXP_SYMLINK_OPT = '(RE:OPT_REGEXP_ID)|(RE:OPT_REGEXP_MODE)' : '' OPT_REGEXP_LOCAL = '[[:space:]]*type=local([[:space:]]+(RE:OPT_REGEXP_LOCAL_OPT))*' : '' OPT_REGEXP_FILE = '[[:space:]]*type=file([[:space:]]+(RE:OPT_REGEXP_FILE_OPT))*' : '' OPT_REGEXP_DIR = '[[:space:]]*type=dir([[:space:]]+(RE:OPT_REGEXP_DIR_OPT))*' : '' OPT_REGEXP_NODE = '[[:space:]]*type=node[[:space:]]+(RE:OPT_REGEXP_DEVTYPE)[[:space:]]+(RE:OPT_REGEXP_DEVMAJOR)[[:space:]]+(RE:OPT_REGEXP_DEVMINOR)([[:space:]]+(RE:OPT_REGEXP_NODE_OPT))*' : '' OPT_REGEXP_SYMLINK = '[[:space:]]*type=symlink[[:space:]]+(RE:OPT_REGEXP_LINKTARGET)([[:space:]]+(RE:OPT_REGEXP_SYMLINK_OPT))*' : '' OPT_REGEXP = '((RE:OPT_REGEXP_LOCAL)|(RE:OPT_REGEXP_FILE)|(RE:OPT_REGEXP_DIR)|(RE:OPT_REGEXP_NODE)|(RE:OPT_REGEXP_SYMLINK)|([[:space:]]*(RE:OPT_REGEXP_LOCAL_OPT)([[:space:]]+(RE:OPT_REGEXP_LOCAL_OPT))*)*)' : 'wrong type/option, please read developer documentation to find out about possible options and their values' ARCH = 'x86|x86_64' : 'invalid architecture'