1 files changed, 75 insertions, 0 deletions

diff --git a/proto/firewall/config.Y b/proto/firewall/config.Y
new file mode 100644
index 00000000..805fc3fe
--- /dev/null
+++ b/proto/firewall/config.Y
@@ -0,0 +1,75 @@
+/*
+ *	BIRD -- Firewall Protocol Configuration
+ *
+ *	(c) 2011 Alexander V. Chernikov <<A HREF="http://trubka.network.cz/mailman/listinfo/bird-users">melifaro at FreeBSD.org</A>>
+ *
+ *	Can be freely distributed and used under the terms of the GNU GPL.
+ */
+
+CF_HDR
+
+#include "proto/firewall/firewall.h"
+
+CF_DEFINES
+
+#define FIREWALL_CFG ((struct firewall_config *) this_proto)
+
+CF_DECLS
+
+CF_KEYWORDS(FIREWALL, FWTABLE, FWTYPE, FW_VALUE, IPFW, PF, IPSET, FLUSH, ON, STARTUP, SHUTDOWN, ALWAYS)
+
+%type <i> firewall_type
+CF_GRAMMAR
+
+CF_ADDTO(proto, firewall_proto '}')
+
+firewall_proto_start: proto_start FIREWALL {
+     this_proto = proto_config_new(&proto_firewall, sizeof(struct firewall_config), $1);
+     this_proto->preference = 0;
+  }
+ ;
+
+firewall_proto:
+   firewall_proto_start proto_name '{'
+ | firewall_proto proto_item ';'
+ | firewall_proto firewall_proto_item ';'
+ ;
+
+firewall_proto_item:
+   FWTYPE firewall_type {
+	switch ($2)
+	  {
+#ifdef CONFIG_FIREWALL_IPFW
+	  case FWTYPE_IPFW:
+	    break;
+#endif
+#ifdef CONFIG_FIREWALL_PF
+	  case FWTYPE_PF:
+	    break;
+#endif
+#ifdef CONFIG_FIREWALL_IPSET
+	  case FWTYPE_IPSET:
+	    break;
+#endif
+	  default:
+	    cf_error("firewall type is not supported by your OS");
+	}
+	FIREWALL_CFG->fwtype = $2;
+  };
+ | FWTABLE TEXT { FIREWALL_CFG->fwtable = $2; }
+ | FLUSH ON STARTUP { FIREWALL_CFG->flush_start = 1; }
+ | FLUSH ON SHUTDOWN { FIREWALL_CFG->flush_shutdown = 1; }
+ | FLUSH ALWAYS { FIREWALL_CFG->flush_start = 1; FIREWALL_CFG->flush_shutdown = 1; }
+ ;
+
+firewall_type:
+   IPFW { $$ = FWTYPE_IPFW; }
+ | PF { $$ = FWTYPE_PF; }
+ | IPSET { $$ = FWTYPE_IPSET; }
+ ;
+ 
+CF_ADDTO(dynamic_attr, FW_VALUE { $$ = f_new_dynamic_attr(EAF_TYPE_INT, T_INT, EA_FIREWALL_VALUE); })
+
+CF_CODE
+
+CF_END