"============================================================================ " " iptables-save/restore syntax highlighter " " Language: iptables-save/restore file " Version: Not Specified " Date: 07-Jun-2014 " Maintainer: Eric Haarbauer " License: This file is placed in the public domain. " "============================================================================ " Section: Notes {{{1 "============================================================================ " " This vim syntax script highlights files used by Harald Welte's iptables-save " and iptables-restore utilities. Both utilities are part of the iptables " application (http://www.netfilter.org/projects/iptables). " " Features: " " * Distinguishes commands, options, modules, targets and chains. " * Distinguishes numeric IP addresses from net masks. " * Highlights tokens that occur only in hand-edited files; for example, " "--append" and "destination-unreachable". " * Special handling for module names; for example, the tcp module is " colored differently from the tcp protocol. " " Options: " " Customize the behavior of this script by setting values for the following " options in your .vimrc file. (Type ":h vimrc" in vim for more information " on the .vimrc file.) " " g:Iptables_SpecialDelimiters " This variable, if set to a non-zero value, distinguishes numeric " delimiters, including the dots in IP addresses, the slash that separates " an IP address from a netmask, and the colon that separates the ends of a " port range. If not set, this option defaults to off. " " Known Issues: " " * Some special argument tokens are highlighted whether or not they are " used with the correct option. For example, "destination-unreachable" " gets special highlighting whether or not is used as an argument to the " --icmp-type option. In practice, this is rarely a problem. " " Reporting Issues: " " If you discover an iptables file that this script highlights incorrectly, " please email the author (address at the top of the script) with the " following information: " " * Problem iptables file WITH ANY SENSITIVE INFORMATION REMOVED " * The release version of this script (see top of the script) " * If possible, a patch to fix the problem " " Design Notes: " " Part of this script is autogenerated from the output of the iptables man " page. The source code for generating the script is available from the " author on request (see email address at the top of the script). The " script should build from source on most Linux systems with iptables " installed. " " The build system that generates this script strips special CVS tokens " (like "Id:") so that CVS no longer recognizes them. This allows users to " place the script in their own version control system without losing " information. The author encourages other vim script developers to adopt a " similar approach in their own scripts. " " Installation: " " Put this file in your user runtime syntax directory, usually ~/.vim/syntax " in *NIX or C:\Program Files\vim\vimfiles\syntax in Windows. Type ":h " syn-files" from within vim for more information. " " The iptables-save and iptables-restore applications do not specify a " naming standard for the files they use. However, iptables-save places a " comment in the first line of its output. Other applications, such as " Fedora's system-config-securitylevel uses the iptables-save/restore " format, but with a different leading comment. We can use these leading " comments to identify the filetype by placing the following code in the " scripts.vim file in your user runtime directory: " " if getline(1) =~ "^# Generated by iptables-save" || " \ getline(1) =~ "^# Firewall configuration written by" " setfiletype iptables " set commentstring=#%s " finish " endif " " Setting the commentstring on line 4 allows Meikel Brandmeyer's " EnhancedCommentify script (vimscript #23) to work with iptables files. " (Advanced users may want to set the commentstring option in an ftplugin " file or in autocommands defined in .vimrc.) " "============================================================================ " Source File: Id: iptables.src.vim 43 2014-06-08 03:21:32Z ehaar "============================================================================ " Section: Initialization {{{1 "============================================================================ " For version 5.x: Clear all syntax items " For version 6.x: Quit when a syntax file was already loaded if !exists("main_syntax") if version < 600 syntax clear elseif exists("b:current_syntax") finish endif let main_syntax = 'iptables' endif " Don't use standard HiLink, it will not work with included syntax files if version < 508 command! -nargs=+ IptablesHiLink highlight link else command! -nargs=+ IptablesHiLink highlight default link endif syntax case match if version < 600 set iskeyword+=- else setlocal iskeyword+=- endif " Initialize global public variables: {{{2 " Support deprecated variable name used prior to release 1.07. if exists("g:iptablesSpecialDelimiters") && \ !exists("g:Iptables_SpecialDelimiters") let g:Iptables_SpecialDelimiters = g:iptablesSpecialDelimiters unlet g:iptablesSpecialDelimiters " echohl WarningMsg | echo "Warning:" | echohl None " echo "The g:iptablesSpecialDelimiters variable is deprecated." " echo "Please use g:Iptables_SpecialDelimiters in your .vimrc instead" endif if exists("g:Iptables_SpecialDelimiters") let s:Iptables_SpecialDelimiters = g:Iptables_SpecialDelimiters else let s:Iptables_SpecialDelimiters = 0 endif "============================================================================ " Section: Group Definitions {{{1 "============================================================================ syntax keyword iptablesSaveDirective COMMIT syntax match iptablesSaveOperation "^[:*]" syntax keyword iptablesTable filter nat mangle raw syntax keyword iptablesTarget \ ACCEPT DROP QUEUE RETURN BALANCE CLASSIFY CLUSTERIP CONNMARK \ CONNSECMARK CONNTRACK DNAT DSCP ECN IPMARK IPV4OPSSTRIP LOG \ MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT \ ROUTE SAME SECMARK SET SNAT TARPIT TCPMSS TOS TRACE TTL ULOG XOR syntax keyword iptablesBuiltinChain \ INPUT OUTPUT FORWARD PREROUTING POSTROUTING syntax keyword iptablesCommand -A -D -I -R -L -F -Z -N -X -P -E \ --append --delete --insert --replace --list --flush --zero \ --new-chain --delete-chain --policy --rename-chain syntax keyword iptablesParam -p -s -d -j -i -o -f -c -t syntax match iptablesOperator "\s\zs!\ze\s" syntax keyword iptablesModuleName contained \ account addrtype ah childlevel comment condition connbytes connlimit \ connmark connrate conntrack dccp dscp dstlimit ecn esp fuzzy hashlimit \ helper icmp iprange ipv4options length limit mac mark mport multiport \ nth osf owner physdev pkttype policy psd quota random realm recent \ sctp set state string tcp tcpmss time tos ttl u32 udp unclean syntax keyword iptablesModuleType \ UNSPEC UNICAST LOCAL BROADCAST ANYCAST MULTICAST BLACKHOLE UNREACHABLE \ PROHIBIT THROW NAT XRESOLVE INVALID ESTABLISHED NEW RELATED SYN ACK FIN \ RST URG PSH ALL NONE " From --reject-with option syntax keyword iptablesModuleType \ icmp-net-unreachable \ icmp-host-unreachable \ icmp-port-unreachable \ icmp-proto-unreachable \ icmp-net-prohibited \ icmp-host-prohibited \ icmp-admin-prohibited " From --icmp-type option syntax keyword iptablesModuleType \ any \ echo-reply \ destination-unreachable \ network-unreachable \ host-unreachable \ protocol-unreachable \ port-unreachable \ fragmentation-needed \ source-route-failed \ network-unknown \ host-unknown \ network-prohibited \ host-prohibited \ TOS-network-unreachable \ TOS-host-unreachable \ communication-prohibited \ host-precedence-violation \ precedence-cutoff \ source-quench \ redirect \ network-redirect \ host-redirect \ TOS-network-redirect \ TOS-host-redirect \ echo-request \ router-advertisement \ router-solicitation \ time-exceeded \ ttl-zero-during-transit \ ttl-zero-during-reassembly \ parameter-problem \ ip-header-bad \ required-option-missing \ timestamp-request \ timestamp-reply \ address-mask-request \ address-mask-reply " If we used a keyword for this, port names would be colored the same " as modules with the same name (e.g. tcp, udp, icmp). syntax keyword iptablesParam -m --match skipwhite nextgroup=iptablesModuleName syntax region iptablesString start=+"+ skip=+\\"+ end=+"+ oneline syntax match iptablesComment "^#.*" contains=iptablesTodo syntax match iptablesBadComment "^\s\+\zs#.*" " Pound must be in first column syntax keyword iptablesTodo contained TODO FIXME XXX NOT NOTE " Special Delimiters: {{{2 if s:Iptables_SpecialDelimiters != 0 syntax match iptablesNumber "\<[0-9./:]\+\>" \ contains=iptablesMask,iptablesDelimiter syntax match iptablesDelimiter "[./:]" contained syntax match iptablesMask "/[0-9.]\+" contained \ contains=iptablesDelimiter else " s:Iptables_SpecialDelimiters == 0 syntax match iptablesNumber "\<[0-9./]\+\>" \ contains=iptablesMask,iptablesDelimiter syntax match iptablesDelimiter "/" contained syntax match iptablesMask "/[0-9.]\+" contained \ contains=iptablesDelimiter endif "============================================================================ " Section: Autogenerated Groups {{{2 "============================================================================ " Begin autogenerated section. " iptables2vim: "iptables2vim 43 2014-06-08 03:21:32Z ehaar" " iptables: "iptables v1.4.19.1" syntax keyword iptablesLongParam \ --zone --xor-tos --xor-mark --weekdays --vproto --vportctl --vport \ --vmethod --verbose --vdir --validmark --vaddr --update \ --ulog-qthreshold --ulog-prefix --ulog-nlgroup --ulog-cprange \ --uid-owner --u --type --tunnel-src --tunnel-dst --ttl-set --ttl-lt \ --ttl-inc --ttl-gt --ttl-eq --ttl-dec --ttl --transparent --tproxy-mark \ --total-nodes --tos --to-source --to-ports --to-port --to-destination \ --to --timestop --timestart --timeout --tcp-option --tcp-flags --table \ --syn --strip-options --string --strict --state --src-type --src-range \ --src-pfx --src-group --src --sports --sport --spi --source-ports \ --source-port --source --soft --socket-exists --set-xmark --set-tos \ --set-mss --set-mark --set-dscp-class --set-dscp --set-counters \ --set-class --set --selctx --seconds --save-mark --save --rttl --rt-type \ --rt-segsleft --rt-len --rt- --rsource --return--nomatch --restore-mark \ --restore --reqid --remove --reject-with --reap --realm --rdest --rcheck \ --rateest-pps --rateest-name --rateest-lt --rateest-interval \ --rateest-gt --rateest-ewmalog --rateest-eq --rateest-delta \ --rateest-bps --rateest --random --quota --queue-num --queue-bypass \ --queue-balance --protocol --proto --probability --ports --pol \ --pkt-type --physdev-out --physdev-is-out --physdev-is-in \ --physdev-is-bridged --physdev-in --persistent --packet --out-interface \ --or-tos --or-mark --on-port --on-ip --numeric --notrack --nodst \ --nflog-threshold --nflog-range --nflog-prefix --nflog-group \ --nfacct-name --next --new --name --mss --monthdays --modprobe --mode \ --mh-type --mask --mark --mangle-mac-d --mac-source --loose --log-uid \ --log-tcp-sequence --log-tcp-options --log-prefix --log-level \ --log-ip-options --log --local-node --line-numbers --limit-iface-out \ --limit-iface-in --limit-burst --limit --length --led-trigger-id \ --led-delay --led-always-blink --label --kerneltz --jump --ipvs --ipv \ --invert --in-interface --icmpv --icmp-type --hmark-tuple \ --hmark-src-prefix --hmark-sport-mask --hmark-spi-mask --hmark-rnd \ --hmark-proto-mask --hmark-offset --hmark-mod --hmark-dst-prefix \ --hmark-dport-mask --hl-set --hl-lt --hl-inc --hl-gt --hl-eq --hl-dec \ --hitcount --hex-string --helper --help --header --hbh-opts --hbh-len \ --hashmode --hashlimit-upto --hashlimit-srcmask --hashlimit-src \ --hashlimit-name --hashlimit-mode --hashlimit-mask \ --hashlimit-htable-size --hashlimit-htable-max \ --hashlimit-htable-gcinterval --hashlimit-htable-expire \ --hashlimit-dstmask --hashlimit-burst --hashlimit-above --hashlimit \ --hash-init --h-length --goto --gid-owner --genre --gateway --from \ --fragres --fragmore --fragment --fraglen --fraglast --fragid \ --fragfirst --expevents --exist --exact --every --espspi \ --ecn-tcp-remove --ecn-tcp-ece --ecn-tcp-cwr --ecn-ip-ect --dst-type \ --dst-range --dst-pfx --dst-opts --dst-len --dst-group --dst \ --dscp-class --dscp --dports --dport --dir --destination-ports \ --destination-port --destination --del-set --dccp-types --dccp-option \ --datestop --datestart --ctstatus --ctstate --ctreplsrcport --ctreplsrc \ --ctrepldstport --ctrepldst --ctproto --ctorigsrcport --ctorigsrc \ --ctorigdstport --ctorigdst --ctexpire --ctevents --ctdir --cpu \ --contiguous --connlimit-upto --connlimit-saddr --connlimit-mask \ --connlimit-daddr --connlimit-above --connbytes-mode --connbytes-dir \ --connbytes --comment --clustermac --cluster-total-nodes \ --cluster-local-nodemask --cluster-local-node --cluster-hash-seed --clus \ --clamp-mss-to-pmtu --chunk-types --checksum-fill --check --bytecode \ --and-tos --and-mark --algo --ahspi --ahres --ahlen --add-set \ --accept-local " End autogenerated section. "============================================================================ " Section: Group Linking {{{1 "============================================================================ IptablesHiLink iptablesSaveDirective PreProc IptablesHiLink iptablesSaveOperation PreProc IptablesHiLink iptablesTable Statement IptablesHiLink iptablesTarget Statement IptablesHiLink iptablesBuiltinChain Type IptablesHiLink iptablesCommand Operator IptablesHiLink iptablesModuleName Type IptablesHiLink iptablesModuleType Type IptablesHiLink iptablesOperator Operator IptablesHiLink iptablesParam Identifier IptablesHiLink iptablesLongParam Identifier IptablesHiLink iptablesNumber Constant if s:Iptables_SpecialDelimiters != 0 IptablesHiLink iptablesMask PreProc IptablesHiLink iptablesDelimiter Delimiter else " s:Iptables_SpecialDelimiters == 0 IptablesHiLink iptablesMask Special IptablesHiLink iptablesDelimiter None endif IptablesHiLink iptablesString Constant IptablesHiLink iptablesComment Comment IptablesHiLink iptablesBadComment Error IptablesHiLink iptablesTodo Todo "============================================================================ " Section: Clean Up {{{1 "============================================================================ delcommand IptablesHiLink let b:current_syntax = "iptables" if main_syntax == 'iptables' unlet main_syntax endif " Autoconfigure vim indentation settings " vim:ts=4:sw=4:sts=4:fdm=marker:iskeyword+=-