NONE            = '.*'                  : ''
NOTEMPTY        = '.*[^ ]+.*'           : 'should not be empty'
NOBLANK         = '[^ ]+'               : 'should not contain spaces'
ENOBLANK        = '()|(RE:NOBLANK)'     : 'should be empty or should not contain spaces'
NUMERIC         = '0|[1-9][0-9]*'       : 'should be numeric (decimal) without leading zero(s)'
ENUMERIC        = '()|(RE:NUMERIC)'     : 'should be numeric (decimal) without leading zero(s) or empty'
NUMERICLZ       = '[0-9][0-9]*'         : 'should be numeric (decimal) with or without leading zero(s)'
ENUMERICLZ      = '()|(RE:NUMERICLZ)'   : 'should be numeric (decimal) with or without leading zero(s) or empty'
DOT_NUMERIC     = '(RE:NUMERIC).[0-9]+'
                : 'should be numeric (decimal) with dot e.g. 5.0'
EDOT_NUMERIC    = '()|(RE:DOT_NUMERIC)'
                : 'should be numeric (decimal) with dot e.g. 5.0 or empty'
NUM_HEX         = '0x[[:xdigit:]]+'
                : 'should be a hexadecimal number (a number starting with "0x")'
ENUM_HEX        = '()|0x[[:xdigit:]]+'
                : 'should be empty or a hexadecimal number (a number starting with "0x")'
NUM_ANY         = '(RE:NUMERIC)|(RE:NUM_HEX)'
                : 'should be a decimal or hexadecimal number'
ENUM_ANY        = '()|(RE:NUMERIC)|(RE:NUM_HEX)'
                : 'should be empty or be a decimal or hexadecimal number'
YESNO           = 'yes|no'
                : 'only yes or no are allowed'
IMOND_YESNO     = 'yes' 
                : 'The development version of imond is for developers only; If you would like to use it, please edit the check files to enable it manually'
KERNEL_VERSION  = '2\.6\..*'
                : 'Invalid version number, use a valid version number for a 2.6 Linux kernel like 2.6.29.4'
PM_IFC          = 'none|acpi|apm|apm_rm' : 'invalid value, please choose: none, acpi, apm, apm_rm'
DEBUG_MODULES   = 'yes|no|error' : 'choose one of no, yes (log all invocations of insmod/modprobe) or error (only log failed invocations of insmod/modprobe)'
CONSOLE         = 'no|yes|primary|secondary'
                : 'choose one of yes, no, primary, secondary'
COMPTYPE        = 'gzip'
                : 'only gzip or bzip2 are allowed compression methods for kernel 2.4, only gzip,lzma or uncompressed are allowed compression methods for kernel 2.6'
+COMPTYPE(KERNEL_VERSION=~'2\.4\..*$') = 'bzip2' : ''
+COMPTYPE(KERNEL_VERSION=~'2\.6\..*$') = 'lzma' : ''
+COMPTYPE(KERNEL_VERSION=~'2\.6\..*$') = 'uncompressed' : ''
COMPTYPEROOTFS  = 'gzip'
                : 'only gzip and lzma compression for kernel 2.6, only gzip and bzip2 compression for kernel 2.4'
+COMPTYPEROOTFS(KERNEL_VERSION=~'^2\.4\..*$') = 'bzip2' : ''
+COMPTYPEROOTFS(KERNEL_VERSION=~'^2\.6\..*$') = 'lzma'  : ''
COMPTYPEOPT     = 'bzip2|lzma'
                : 'only bzip2 or lzma are allowed compression methods for the OPT-Archive'
MOUNTTYPE       = 'ro|rw|no'
                : 'only ro, rw, or no are allowed mount options'
FLMOUNTDEV      = 'first|second|no'
                : 'only first, second, or no are allowed floppy mount devices'
DIALMODE        = 'auto|manual|off'
                : 'only auto, manual or off are allowed'
BOOT_TYPES      = 'fd1440|fd1680|dual1440|dual1680|dualfd|fd|fdx2|integrated|attached|netboot|pxeboot|cd|cdemul|hd|ls120'
                : 'wrong boot type! should be fd1440, fd1680, dual1440, dual1680, dualfd, fd, fdx2, cd, cdemul, ls120, hd, integrated, attached or netboot.'
CIRCUIT         = 'pppoe|dhcp|(RE:NUMERIC)'
                : 'invalid circuit ("pppoe", "dhcp" or a number)'
CIRCUITS        = '(RE:CIRCUIT)([[:space:]]+(RE:CIRCUIT))*'
                : 'no valid circuits, please specify one or more circuits ("pppoe", "dhcp" or a number)'
MACADDR         = '[[:xdigit:]][[:xdigit:]](:[[:xdigit:]][[:xdigit:]]){5}'
                : 'wrong mac address, it should be 6 hex numbers each 
                   represented by two digits and separated by a ":" (for instance 
                   00:00:E8:83:72:92)'
# DNS definitions modeled after http://www.icann.org/general/idn-guidelines-20jun03.htm
LABEL           = '[0-9A-Za-z]([-0-9A-Za-z]{0,61}[0-9A-Za-z])?' : ''
COMMENT         = '(RE:LABEL)'
                : 'wrong comment, only letters, numbers and minus sign
                   are allowed; no leading or trailing minus-sign; 63 characters maximum'
HOSTNAME        = '(RE:LABEL)'
                : 'wrong hostname, only letters, numbers and minus sign 
                   are allowed; no leading or trailing minus sign; 63 characters maximum'
DOMAIN          = '(RE:LABEL)(\.(RE:LABEL))*'
                : 'wrong domain name, only letters, numbers and minus sign 
                   are allowed; parts are separated by a dot (for instance 
                   lan.fli4l); no leading or trailing minus sign or dot'
FQDN            = '(RE:LABEL)(\.(RE:LABEL))+'
                : 'wrong fully qualified domain name, it should consist of a 
                   hostname and a domain name separated by a dot; only 
                   letters, numbers and minus sign are allowed, no leading 
                   or trailing minus sign'
EDOMAIN         = '()|(RE:DOMAIN)'
                : 'should either be empty or contain a valid domain name (only letters, numbers and minus 
                   sign are allowed; parts are separated by a dot (for instance 
                   lan.fli4l); no leading or trailing minus sign or dot)'
EHOSTNAME       = '()|(RE:HOSTNAME)'
                : 'invalid hostname, should be empty or contain only 
                   letters, numbers and minus sign; leading or trailing minus signs are not allowed.'
EFQDN           = '()|(RE:FQDN)'
                : 'should either be empty or contain a fully qualified domain name (should consist of a 
                   host name and a domain name separated by a dot; only letters, 
                   numbers and minus sign are allowed, no leading or trailing 
                   minus sign)'
OCTET           = '1?[0-9]?[0-9]|2[0-4][0-9]|25[0-5]'
                : 'should be a value between 0 and 255'
OCTET6          = '[0-9a-fA-F]{1,4}'
                : 'should be a hex value between 0 and ffff'
IPADDR          = '((RE:OCTET)\.){3}(RE:OCTET)'
                : 'invalid ip address'
IPADDR6COMPAT  = '(((RE:OCTET6):){6}(RE:IPADDR))|(::((RE:OCTET6):){0,5}(RE:IPADDR))|(((RE:OCTET6):){1}:((RE:OCTET6):){0,4}(RE:IPADDR))|(((RE:OCTET6):){2}:((RE:OCTET6):){0,3}(RE:IPADDR))|(((RE:OCTET6):){3}:((RE:OCTET6):){0,2}(RE:IPADDR))|(((RE:OCTET6):){4}:((RE:OCTET6):)?(RE:IPADDR))|(((RE:OCTET6):){5}:(RE:IPADDR))'
                : 'invalid ipv6 address'
IPADDR6         = '(((RE:OCTET6):){7}(RE:OCTET6))|(::((RE:OCTET6)(:(RE:OCTET6)){0,6})?)|((RE:OCTET6){1}::((RE:OCTET6)(:(RE:OCTET6)){0,5})?)|((RE:OCTET6)(:(RE:OCTET6)){1}::((RE:OCTET6)(:(RE:OCTET6)){0,4})?)|((RE:OCTET6)(:(RE:OCTET6)){2}::((RE:OCTET6)(:(RE:OCTET6)){0,3})?)|((RE:OCTET6)(:(RE:OCTET6)){3}::((RE:OCTET6)(:(RE:OCTET6)){0,2})?)|((RE:OCTET6)(:(RE:OCTET6)){4}::((RE:OCTET6)(:(RE:OCTET6)){0,1})?)|((RE:OCTET6)(:(RE:OCTET6)){5}::(RE:OCTET6)?)|(RE:IPADDR6COMPAT)'
                : 'invalid ipv6 address'
EIPADDR         = '()|(RE:IPADDR)'
                : 'should be empty or contain a valid ip address'
EIPADDR6        = '()|(RE:IPADDR6)'
                : 'should be empty or contain a valid ipv6 address'
NEIPADDR        = 'none|()|(RE:IPADDR)'
                : 'should be empty, contain "none" or contain a valid ip address'
NEIPADDR6       = 'none|()|(RE:IPADDR6)'
                : 'should be empty, contain "none" or contain a valid ipv6 address'
NUM_INT         = '6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[0-5][0-9]{4}|[0-9]{1,4}'
                : 'should be a number between 0 and 65535'
IPADDRPORT      = '(RE:IPADDR):(RE:NUM_INT)|\[(RE:IPADDR6)\]:(RE:NUM_INT)|(RE:IPADDR)|(RE:IPADDR6)'
                : 'invalid ip address:port combination or single ip address'
IPADDRESSES     = '((RE:IPADDR)|(RE:IPADDR6))([[:space:]]+((RE:IPADDR)|(RE:IPADDR6)))*'
                : 'invalid ip address, please specify one or more valid ip addresses'
IPADDRPORTS     = '(RE:IPADDRPORT)([[:space:]]+(RE:IPADDRPORT))*'
                : 'invalid ip address, please specify one or more valid ip addresses'
EIPADDRESSES    = '()|(RE:IPADDRESSES)'
                : 'should be empty or contain one or more valid ip addresses'
DNSFORWARD      = '()|(RE:IPADDRESSES)|(RE:IPADDRPORTS)'
                : 'should be empty or contain one or more valid ip addresses (with optional port)'
PORT_RANGE      = '(RE:NUM_INT)(-(RE:NUM_INT))?'
                : 'should be a port or a port range, something like 0 or 0-65535'
DENY_PORT       = '(RE:PORT_RANGE)([[:space:]]+(REJECT|DROP)(-TCP|-UDP)?)?'
                : 'invalid port specification, should be a single port 
                   (i.e. 23) or a port range (137-139), followed  
                   by either DROP or REJECT followed by either -TCP or -UDP'
ACCEPT_PORT     = '(RE:PORT_RANGE)([[:space:]]+(TCP|UDP))?'
                : 'invalid port specification, should be a single port 
                   (i.e. 23) or a port range (137-139), followed 
                   by either TCP or UDP'
POLICY          = 'REJECT|DROP|ACCEPT'
                : 'policy: REJECT, DROP, or ACCEPT'
MASK            = '3[0-2]|[1-2]?[0-9]'
                : 'invalid netmask specified, please specify a value 
                   between 0 and 32'
NETWORK         = '(RE:IPADDR)/(RE:MASK)'
                : 'invalid network specification, should be a network 
                  address followed by a netmask, for instance 192.168.6.0/24'
ENETWORK        = '()|(RE:NETWORK)'
                : 'invalid network specification, should be empty or it
                  should contain a network address followed by a netmask, for
                  instance 192.168.6.0/24'
NETWORKS        = '(RE:NETWORK)([[:space:]]+(RE:NETWORK))*'
                : 'invalid network specification, should be one or more 
                  network addresse(s) followed by a netmask, 
                  for instance 192.168.6.0/24'
ENETWORKS       = '()|(RE:NETWORKS)'
                : 'invalid network specification, should be empty or 
                  should contain one or more 
                  network addresse(s) followed by a netmask, 
                  for instance 192.168.6.0/24, for dhcp config package dhcp_client'
MULTIPLE_NETWORKS = '(RE:NETWORK)([[:space:]]+(RE:NETWORK))+'
                : 'invalid network specification, should be two or more 
                  network addresses followed by their netmasks, 
                  for instance "192.168.6.0/24 192.168.7.0/24"'
EMULTIPLE_NETWORKS= '()|(RE:MULTIPLE_NETWORKS)'
                : 'invalid network specification, should be empty or 
                  contain two or more 
                  network addresses followed by their netmasks, 
                  for instance "192.168.6.0/24 192.168.7.0/24"'
IPADDR_NETWORK  = '(RE:IPADDR)|(RE:NETWORK)'
                : 'should contain a valid ip or network address '
EIPADDR_NETWORK = '()|(RE:IPADDR)|(RE:NETWORK)'
                : 'should either be empty or contain a valid ip or network address'
LOCAL_PART      = '[0-9A-Za-z]([0-9A-Za-z.-]+)?'
                : 'invalid local-part of email address'
MAILADDR        = '(RE:LOCAL_PART)@((RE:DOMAIN)|localhost)'
                : 'invalid email address, use e.g. "aaaa@bbbb.ccc"'
EMAILADDR       = '()|(RE:MAILADDR)'
                : 'should either be empty or contain a valid email address'
CRONTAB         = '([0-9,/*-]+) *([0-9,/*-]+) *([0-9,/*-]+) *([0-9,/*(jan,feb,mar,apr,may,jun,jul,aug,sep,oct,nov,dec)-]+) *([0-7,/*(mon,tue,wed,thu,fri,sat,sun)-]+)'
                : 'invalid crontab string, use e.g. "3 5 * * *"'
DISK            = '(sd|hd|nftl)[a-z]'        : 'invalid disk'
PARTITION       = '(RE:DISK)[1-8]'      : 'invalid partition'
REL_PATH        = '(([0-9A-Za-z]|[-_.])+)(/([0-9A-Za-z]|[-_.])+)*/?'
                : 'invalid relative path, only numbers, letters, "-" and 
                   "_" separated by "/" are allowed'
E_REL_PATH      = '()|(RE:REL_PATH)'
                : 'should either be empty or contain a valid relative path; only numbers, 
                  letters, "-" and "_" separated by "/" are allowed'
ABS_PATH        = '/(RE:E_REL_PATH)'
                : 'invalid absolute path (must start with a slash and 
                   only numbers, letters, "-" and "_" separated by "/" are 
                   allowed)'
E_ABS_PATH      = '()|(RE:ABS_PATH)'
                : 'should either be empty or contain a 
                   valid absolute path (must start with a slash and 
                   only numbers, letters, "-" and "_" separated by "/" are 
                   allowed)'
PART_OPT        = 'auto|(RE:PARTITION)|([1-2]?[0-9]{2}|[3-9])[0-9]{2}'
                : 'invalid PART_OPT, should be auto, a value between 
                  300 and 29999 or a partition'
NET_DRV         = '3c501|3c503|3c505|3c507|3c509|3c515|3c59x|8139too|82596|ac3200|arlan|b44|e100|amd8111e|at1700|cassini|cs89x0|cxgb|de4x5|depca|dgrs|dmfe|dummy|e2100|eepro|eexpress|epic100|eth16i|ewrk3|fealnx|forcedeth|hp100|hp|hp-plus|ixgb|lance|natsemi|ne2k-pci|ne|ni5010|ni52|ni65|pcnet32|proteon|r8169|s2io|sis190|sis900|skisa|smc9194|smc-ultra|starfire|sundance|sungem|tlan|typhoon|via-rhine|wd|tulip|8139cp|acenic|dl2k|e1000|e1000bp|hamachi|ns83820|tg3|yellowfin|sunhme|winbond-840|uli526x|xircom_cb|atl1|atl2|bnx2|de2104x|e1000e|skge|sky2|via-velocity|uli526x'
                : 'invalid ethernet driver or not in this KERNEL, please choose one of the drivers in config/base_nic.list'
+NET_DRV(KERNEL_VERSION=~'^2\.6\.16.*$') = 'eepro100|sk98lin|xircom_tulip_cb' : ''
+NET_DRV(KERNEL_VERSION=~'^2\.6\.3[2-9].*$') = 'virtio-net|igb|igbvf|atl1c|atl1e|seeq8005|be2net|bnx2x|cxgb3|ems_pci|ipg|ixgbe|jme|kvaser_pci|mlx4_core|myri10ge|netxen_nic|niu|qla3xxx|qlge|r6040|sc92031|sfc|smsc9420|tehuti|vmxnet3|vxge|cdc_eem|cdc_ether|cdc-phonet|cdc_subset|dm9601|gl620a|hso|i2400m-usb|int51x1|mcs7830|net1080|plusb|rndis_host|smsc95xx|zaurus|virtio_net|xen' : ''
TR_DRV          = '3c359|abyss|ibmtr|lanstreamer|olympic|smctr|tmspci'
                : 'invalid token ring driver'
+NET_DRV        = '(RE:TR_DRV)' : ''
ETH_BASE_DEV_NAME= 'eth[1-9]?[0-9]'
                : 'Invalid ethernet device name, ether devices are named eth0, eth1, ..., eth99'
ETH_DEV_NAME    = '(RE:ETH_BASE_DEV_NAME)'
                : 'Invalid ethernet device name, ether devices are named eth0, eth1 ... eth99'
TR_DEV_NAME     = 'tr[1-9]?[0-9]'
                : 'Invalid tokenring device name, tokenring devices are named tr0, tr1, ..., tr99'
DUMMY_DEV_NAME  = 'dummy[1-9]?[0-9]'
                : 'Invalid dummy device name, dummy devices are named dummy<number>'
HOST_REF        = '@((RE:HOSTNAME)|(RE:FQDN))' : 'no error message yet'
IP_NET          = '(RE:NETWORK)' 
                : 'invalid network specification, should contain a network 
                   addresse followed by a netmask, for instance 192.168.6.0/24' 
IP_NET_DEV     = '(RE:TR_DEV_NAME)|(RE:ETH_DEV_NAME)|(RE:DUMMY_DEV_NAME)'
                : 'Invalid device name, only ethernet (eth), token ring (tr) or dummy (dummy<number>) devices are allowed.'
IP_NET_TYPE     = 'green|orange|()' 
                : 'Invalid network type, only green or orange are allowed'
IP_ROUTE        = '(RE:NETWORK)[[:space:]]+(((RE:HOST_REF)|(RE:IPADDR)|(RE:IP_NET_DEV))|(((RE:HOST_REF)|(RE:IPADDR))[[:space:]]+(RE:IP_NET_DEV)))'
                : 'invalid route specification (network/cidr gateway)'
OBSOLETE_2_1    = 'obsolete{64}'
                : 'This variable was removed in version 2.1, please 
                   read the documentation'

PF_LOG_LEVEL    = 'debug|info|notice|warning|err|crit|alert|emerg' 
                : 'wrong log level, should be one of the following: debug, info, notice, warning, err, crit, alert, emerg'
PF_INPUT_POLICY = 'DROP|REJECT|ACCEPT' : 'choose either DROP, REJECT or ACCEPT'
PF_FORWARD_POLICY = 'DROP|REJECT|ACCEPT' : 'choose either DROP, REJECT or ACCEPT'
FW_USR_CHAIN    = 'usr-[-_a-z]+' : 'User defined chains have to start with usr- and may only consist of lower case letters, minus sign and underscores.'
FW_TMPL         = 'tmpl:[^[:space:]]+' : ''
FW_MAC          = 'mac:!?(RE:MACADDR)' : ''
FW_NET          = 'IP_NET_[1-9]?[0-9]' : ''
FW_ROUTE_NET    = 'IP_ROUTE_[1-9]?[0-9]' : ''
FW_NET_IP       = '(RE:FW_NET)_IPADDR' : ''
FW_NET_DEV      = '(RE:FW_NET)_DEV' : ''
# FW_IF           = 'lo|eth[0-9]+|br[0-9]+|circuit-[-_0-9A-Za-z]+|(RE:FW_NET_DEV)|pppoe|any|tun[+]|tun[0-9]+|isdn[+]|isdn[0-9]+|i?ppp[+]|i?ppp[0-9]+'
# FW_IF           = 'any|lo|eth[0-9]+|(RE:FW_NET_DEV)' : ''
FW_IF           = 'any|lo|(RE:FW_NET_DEV)' : ''
FW_IF_IN        = 'if:!?(RE:FW_IF):any' : ''
FW_IF_OUT       = 'if:any:!?(RE:FW_IF)' : ''
FW_IF_IN_OUT    = 'if:!?(RE:FW_IF):!?(RE:FW_IF)' : ''
FW_ICMP_TYPES   = 'echo-reply|echo-request' : ''
FW_ICMP         = '!?(icmp|icmp:(RE:FW_ICMP_TYPES))' : ''
FW_PROTO        = 'prot:((!?(tcp|udp|gre|(RE:NUMERIC)))|(RE:FW_ICMP))'
                : ''
FW_STATES       = 'RELATED|ESTABLISHED|NEW|INVALID'
                : ''
FW_STATE        = 'state:(RE:FW_STATES)(,(RE:FW_STATES))*'
                : ''
FW_PORTS        = '(RE:PORT_RANGE)|(RE:NUM_INT)(,(RE:NUM_INT)){1,14}'
                : ''
FW_LENGTH       = 'length:(RE:PORT_RANGE)'
                : ''
FW_LIMIT_EXPR   = '[[:digit:]]+/(second|minute|hour|day)(:[[:digit:]]+)?'
                : ''
FW_LIMIT        = 'limit:(RE:FW_LIMIT_EXPR)'
                : 'invalid limit expression'
FW_IP           = '!?((RE:FW_PORTS)|(any|(RE:IPADDR)(/(RE:MASK))?|(RE:FW_NET)|(RE:FW_ROUTE_NET)|(RE:FW_NET_IP)|(RE:HOST_REF))(:(RE:FW_PORTS))?)[[:space:]]+'
                : ''
PRE_IP          = '((RE:FW_TMPL)[[:space:]]+)?!?((RE:FW_PORTS)|(any|dynamic|(RE:IPADDR)(/(RE:MASK))?|(RE:FW_NET)|(RE:FW_ROUTE_NET)|(RE:FW_NET_IP)|(RE:HOST_REF))(:(RE:FW_PORTS))?)[[:space:]]+'
                : ''
FW_LOG_ACTION   = 'LOG(:[-_0-9A-Za-z]+)?' : ''
FW_ACTION       = '(DROP|REJECT|ACCEPT|(RE:FW_USR_CHAIN))([[:space:]]+BIDIRECTIONAL)?([[:space:]]+(NOLOG|(RE:FW_LOG_ACTION)))?|(RE:FW_LOG_ACTION)([[:space:]]+BIDIRECTIONAL)?'
                : ''
FW_GENERIC_MATCH= '((RE:FW_TMPL)|(RE:FW_PROTO)|(RE:FW_LENGTH)|(RE:FW_STATE)|(RE:FW_MAC)|(RE:FW_LIMIT))'
                : ''
FW_INPUT_MATCH  = '((RE:FW_GENERIC_MATCH)|(RE:FW_IF_IN))[[:space:]]+'
                : ''
FW_INPUT_RULE   = '([[:space:]]*(RE:FW_INPUT_MATCH)*(RE:FW_IP){0,2}(RE:FW_ACTION))|dmz-chain|redir-access-chain'
                : 'please refer to the documentation'
FW_FORWARD_MATCH= '((RE:FW_GENERIC_MATCH)|(RE:FW_IF_IN_OUT))[[:space:]]+'
                : ''
FW_FORWARD_RULE = '([[:space:]]*((RE:FW_FORWARD_MATCH)+)?(RE:FW_IP){0,2}(RE:FW_ACTION))|dmz-chain|pfwaccess-chain'
                : 'please refer to the documentation'
FW_NAT_POST_MATCH= '((RE:FW_GENERIC_MATCH)|(RE:FW_IF_OUT))[[:space:]]+'
                : ''
FW_NAT_PRE_MATCH= '((RE:FW_GENERIC_MATCH)|(RE:FW_IF_IN))[[:space:]]+'
                : ''
NAT_DST         = '((RE:IPADDR)(-(RE:IPADDR))?|(RE:FW_NET_IP)|(RE:HOST_REF))(:(RE:PORT_RANGE))?'
                : ''
FW_NAT_SNAT_ACTION= 'SNAT:(RE:NAT_DST)' : ''
FW_NAT_MASQ_ACTION= 'MASQUERADE(:(RE:PORT_RANGE))?' : ''
FW_NAT_NETMAP_ACTION= 'NETMAP:((RE:IPADDR)|(RE:NETWORK))' : ''
FW_NAT_POST_ACTION= '((ACCEPT|(RE:FW_NAT_MASQ_ACTION))([[:space:]]+BIDIRECTIONAL)?|(RE:FW_NAT_SNAT_ACTION)|(RE:FW_NAT_NETMAP_ACTION))([[:space:]]+(RE:FW_LOG_ACTION))?'
                : ''
FW_NAT_PRE_ACTION= '((ACCEPT|DROP)([[:space:]]+BIDIRECTIONAL)?|DNAT:(RE:NAT_DST)|REDIRECT:(RE:FW_PORTS)|NETMAP:((RE:IPADDR)|(RE:NETWORK)))([[:space:]]+(RE:FW_LOG_ACTION))?'
                : ''
FW_NAT_POST_RULE= '[[:space:]]*((RE:FW_NAT_POST_MATCH)+)?(RE:FW_IP){0,2}(RE:FW_NAT_POST_ACTION)'
                : 'please refer to the documentation'
FW_NAT_PRE_RULE = '[[:space:]]*((RE:FW_NAT_PRE_MATCH)+)?((RE:FW_IP)?(RE:PRE_IP))?(RE:FW_NAT_PRE_ACTION)'
                : 'please refer to the documentation'
LANG            = '(de)|(en)|(es)|(fr)|(hu)|(nl)'
                : 'language is not available, please choose between de, en, fr, hu and nl'
DNS_IP          = '(RE:FW_NET_IP)|(RE:IPADDR)|(RE:HOST_REF)' : 'use either an ip address, a reference to one of the IP_NET_x-Variables (i.e. IP_NET_1_IPADDR) or a reference to a hostname declared via HOST_%_NAME or HOST_%_ALIAS.'
PORTFW_TARGET   = '((((RE:FW_NET)|(RE:DNS_IP)|(RE:CIRCUIT)):)?((RE:PORT_RANGE)|none))'
                : 'invalid portforwarding target, should be a port (i.e. 21), 
                   a port range (3000-3010), a local address (specified as ip address, network, reference to IP_NET_x, reference to a name or alias specified in HOST_x) combined with a port(range) or none, a circuit and a port(range) (pppoe:23)'
PORTFW_NEW_TARGET= '(RE:DNS_IP)(:(RE:PORT_RANGE))?'
                : 'invalid new target for portforwarding, a local address (specified as ip address, network, reference to IP_NET_x, reference to a name or alias specified in HOST_x) optionally combined with a port (i.e. 192.168.6.15:22)'
PORTFW_PROTO    = 'udp|tcp|gre|(RE:NUMERIC)'
                : 'invalid portforwarding protocol, should be "udp", "tcp", "gre" or the protocol number'
CONFIG_FILENAME = '[-@_.0-9A-Za-z]+'
                : 'invalid filename, only numbers, letters, ".", "-", "@" and 
                   "_" are allowed'

FW_NETWORK_REF  = '(RE:IPADDR_NETWORK)|(RE:FW_NET)|(RE:FW_ROUTE_NET)|(RE:FW_NET_IP)|(RE:HOST_REF)'
                : 'should contain an ip address, a network specification, a reference to ip_net_x or a hostname/fqdn'
EFW_NETWORK_REFS= '()|((RE:FW_NETWORK_REF)[[:space:]]+)*(RE:FW_NETWORK_REF)'
                : 'should either be empty or contain an ip address, a network specification, a reference to ip_net_x or a hostname/fqdn'
MFW_NETWORK_REFS= '((RE:FW_NETWORK_REF)[[:space:]]+)+(RE:FW_NETWORK_REF)'
                : 'should contain at least two of the following things: an ip address, a network specification, a reference to ip_net_x or a hostname/fqdn'
EMFW_NETWORK_REFS= '()|(RE:MFW_NETWORK_REFS)'
                : 'should either be empty or contain at least two of the following things: an ip address, a network specification, a reference to ip_net_x or a hostname/fqdn'
FW_LOG_LIMIT    = '(RE:FW_LIMIT_EXPR)'
                : 'invalid limit specification'
EFW_LOG_LIMIT   = '()|(RE:FW_LOG_LIMIT)|none'
                : 'invalid limit specification, should be empty, none or a valid limit'
KEYBOARD_LOCALE = '()|([A-Za-z][A-Za-z][-_.0-9A-Za-z]*)'
                : 'wrong locale, please select auto, off, or a name that matches a mapfile in opt/etc like de matches opt/etc/de.map.'
HOST_IP         = '(RE:FW_NET_IP)|(RE:IPADDR)' : 'use either an ip address or a reference to one of the IP_NET_x-Variables (i.e. IP_NET_1_IPADDR)'
HOST_NAME       = 'HOSTNAME|(RE:HOSTNAME)'
                : 'wrong hostname, only letters, numbers and minus sign are allowed or aliasname "HOSTNAME"; no leading or trailing minus sign'
DMZ_DEV         = 'pppoe|ppp[0-9]+|ippp[+]|isdn[+]|(RE:IP_NET_DEV)|IP_NET_[0-9]+_DEV'
                : 'wrong device specification, use pppoe, ppp<index>, ippp+, isdn+ or a reference to IP_NET_x_DEV'
COMPORT         = 'com[1-4]'
                : 'must be a valid com device (com1, com2, com3 or com4)'
ECOMPORT        = '()|(RE:COMPORT)'
                : 'should be empty or contain a valid com device (com1, com2, com3 or com4)'
PARPORT_ADDS    = '0x0*([23]78|3[BbDd][Cc])'
                : 'must be a valid parallel port address (0x378, 0x278, 0x3BC or 0x3DC)'
OPT_REGEXP_ID   = '[ug]id=[0-9A-Za-z]+' : ''
OPT_REGEXP_MODE = 'mode=[0-7]{3,4}' : ''
OPT_REGEXP_FLAGS= 'flags=(sh|utxt|dtxt)' : ''
OPT_REGEXP_NAME = 'name=/?(RE:REL_PATH)' : ''
OPT_REGEXP_OPT  = '(RE:OPT_REGEXP_NAME)|(RE:OPT_REGEXP_ID)|(RE:OPT_REGEXP_MODE)|(RE:OPT_REGEXP_FLAGS)' : ''
OPT_REGEXP      = '([[:space:]]*(RE:OPT_REGEXP_OPT)([[:space:]]+(RE:OPT_REGEXP_OPT))*)*' : 'wrong option for file, please read developer documentation to find out about possible options and their values'