aboutsummaryrefslogtreecommitdiff
path: root/vim/syntax/iptables.vim
diff options
context:
space:
mode:
Diffstat (limited to 'vim/syntax/iptables.vim')
-rw-r--r--vim/syntax/iptables.vim380
1 files changed, 380 insertions, 0 deletions
diff --git a/vim/syntax/iptables.vim b/vim/syntax/iptables.vim
new file mode 100644
index 0000000..0f65a61
--- /dev/null
+++ b/vim/syntax/iptables.vim
@@ -0,0 +1,380 @@
+"============================================================================
+"
+" Source: https://raw.githubusercontent.com/vim-scripts/iptables/master/syntax/iptables.vim
+" iptables-save/restore syntax highlighter
+"
+" Language: iptables-save/restore file
+" Version: Not Specified
+" Date: 07-Jun-2014
+" Maintainer: Eric Haarbauer <ehaar70{AT}gmail{DOT}com>
+" License: This file is placed in the public domain.
+"
+"============================================================================
+" Section: Notes {{{1
+"============================================================================
+"
+" This vim syntax script highlights files used by Harald Welte's iptables-save
+" and iptables-restore utilities. Both utilities are part of the iptables
+" application (http://www.netfilter.org/projects/iptables).
+"
+" Features:
+"
+" * Distinguishes commands, options, modules, targets and chains.
+" * Distinguishes numeric IP addresses from net masks.
+" * Highlights tokens that occur only in hand-edited files; for example,
+" "--append" and "destination-unreachable".
+" * Special handling for module names; for example, the tcp module is
+" colored differently from the tcp protocol.
+"
+" Options:
+"
+" Customize the behavior of this script by setting values for the following
+" options in your .vimrc file. (Type ":h vimrc" in vim for more information
+" on the .vimrc file.)
+"
+" g:Iptables_SpecialDelimiters
+" This variable, if set to a non-zero value, distinguishes numeric
+" delimiters, including the dots in IP addresses, the slash that separates
+" an IP address from a netmask, and the colon that separates the ends of a
+" port range. If not set, this option defaults to off.
+"
+" Known Issues:
+"
+" * Some special argument tokens are highlighted whether or not they are
+" used with the correct option. For example, "destination-unreachable"
+" gets special highlighting whether or not is used as an argument to the
+" --icmp-type option. In practice, this is rarely a problem.
+"
+" Reporting Issues:
+"
+" If you discover an iptables file that this script highlights incorrectly,
+" please email the author (address at the top of the script) with the
+" following information:
+"
+" * Problem iptables file WITH ANY SENSITIVE INFORMATION REMOVED
+" * The release version of this script (see top of the script)
+" * If possible, a patch to fix the problem
+"
+" Design Notes:
+"
+" Part of this script is autogenerated from the output of the iptables man
+" page. The source code for generating the script is available from the
+" author on request (see email address at the top of the script). The
+" script should build from source on most Linux systems with iptables
+" installed.
+"
+" The build system that generates this script strips special CVS tokens
+" (like "Id:") so that CVS no longer recognizes them. This allows users to
+" place the script in their own version control system without losing
+" information. The author encourages other vim script developers to adopt a
+" similar approach in their own scripts.
+"
+" Installation:
+"
+" Put this file in your user runtime syntax directory, usually ~/.vim/syntax
+" in *NIX or C:\Program Files\vim\vimfiles\syntax in Windows. Type ":h
+" syn-files" from within vim for more information.
+"
+" The iptables-save and iptables-restore applications do not specify a
+" naming standard for the files they use. However, iptables-save places a
+" comment in the first line of its output. Other applications, such as
+" Fedora's system-config-securitylevel uses the iptables-save/restore
+" format, but with a different leading comment. We can use these leading
+" comments to identify the filetype by placing the following code in the
+" scripts.vim file in your user runtime directory:
+"
+" if getline(1) =~ "^# Generated by iptables-save" ||
+" \ getline(1) =~ "^# Firewall configuration written by"
+" setfiletype iptables
+" set commentstring=#%s
+" finish
+" endif
+"
+" Setting the commentstring on line 4 allows Meikel Brandmeyer's
+" EnhancedCommentify script (vimscript #23) to work with iptables files.
+" (Advanced users may want to set the commentstring option in an ftplugin
+" file or in autocommands defined in .vimrc.)
+"
+"============================================================================
+" Source File: Id: iptables.src.vim 43 2014-06-08 03:21:32Z ehaar
+"============================================================================
+" Section: Initialization {{{1
+"============================================================================
+
+" For version 5.x: Clear all syntax items
+" For version 6.x: Quit when a syntax file was already loaded
+if !exists("main_syntax")
+ if version < 600
+ syntax clear
+ elseif exists("b:current_syntax")
+ finish
+ endif
+ let main_syntax = 'iptables'
+endif
+
+" Don't use standard HiLink, it will not work with included syntax files
+if version < 508
+ command! -nargs=+ IptablesHiLink highlight link <args>
+else
+ command! -nargs=+ IptablesHiLink highlight default link <args>
+endif
+
+syntax case match
+
+if version < 600
+ set iskeyword+=-
+else
+ setlocal iskeyword+=-
+endif
+
+" Initialize global public variables: {{{2
+
+" Support deprecated variable name used prior to release 1.07.
+if exists("g:iptablesSpecialDelimiters") &&
+\ !exists("g:Iptables_SpecialDelimiters")
+
+ let g:Iptables_SpecialDelimiters = g:iptablesSpecialDelimiters
+ unlet g:iptablesSpecialDelimiters
+ " echohl WarningMsg | echo "Warning:" | echohl None
+ " echo "The g:iptablesSpecialDelimiters variable is deprecated."
+ " echo "Please use g:Iptables_SpecialDelimiters in your .vimrc instead"
+
+endif
+
+if exists("g:Iptables_SpecialDelimiters")
+ let s:Iptables_SpecialDelimiters = g:Iptables_SpecialDelimiters
+else
+ let s:Iptables_SpecialDelimiters = 0
+endif
+
+"============================================================================
+" Section: Group Definitions {{{1
+"============================================================================
+
+syntax keyword iptablesSaveDirective COMMIT
+syntax match iptablesSaveOperation "^[:*]"
+
+syntax keyword iptablesTable filter nat mangle raw
+
+syntax keyword iptablesTarget
+ \ ACCEPT DROP QUEUE RETURN BALANCE CLASSIFY CLUSTERIP CONNMARK
+ \ CONNSECMARK CONNTRACK DNAT DSCP ECN IPMARK IPV4OPSSTRIP LOG
+ \ MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT
+ \ ROUTE SAME SECMARK SET SNAT TARPIT TCPMSS TOS TRACE TTL ULOG XOR
+
+syntax keyword iptablesBuiltinChain
+ \ INPUT OUTPUT FORWARD PREROUTING POSTROUTING
+
+syntax keyword iptablesCommand -A -D -I -R -L -F -Z -N -X -P -E
+ \ --append --delete --insert --replace --list --flush --zero
+ \ --new-chain --delete-chain --policy --rename-chain
+
+syntax keyword iptablesParam -p -s -d -j -i -o -f -c -t
+
+syntax match iptablesOperator "\s\zs!\ze\s"
+
+syntax keyword iptablesModuleName contained
+ \ account addrtype ah childlevel comment condition connbytes connlimit
+ \ connmark connrate conntrack dccp dscp dstlimit ecn esp fuzzy hashlimit
+ \ helper icmp iprange ipv4options length limit mac mark mport multiport
+ \ nth osf owner physdev pkttype policy psd quota random realm recent
+ \ sctp set state string tcp tcpmss time tos ttl u32 udp unclean
+
+syntax keyword iptablesModuleType
+ \ UNSPEC UNICAST LOCAL BROADCAST ANYCAST MULTICAST BLACKHOLE UNREACHABLE
+ \ PROHIBIT THROW NAT XRESOLVE INVALID ESTABLISHED NEW RELATED SYN ACK FIN
+ \ RST URG PSH ALL NONE
+
+" From --reject-with option
+syntax keyword iptablesModuleType
+ \ icmp-net-unreachable
+ \ icmp-host-unreachable
+ \ icmp-port-unreachable
+ \ icmp-proto-unreachable
+ \ icmp-net-prohibited
+ \ icmp-host-prohibited
+ \ icmp-admin-prohibited
+
+" From --icmp-type option
+syntax keyword iptablesModuleType
+ \ any
+ \ echo-reply
+ \ destination-unreachable
+ \ network-unreachable
+ \ host-unreachable
+ \ protocol-unreachable
+ \ port-unreachable
+ \ fragmentation-needed
+ \ source-route-failed
+ \ network-unknown
+ \ host-unknown
+ \ network-prohibited
+ \ host-prohibited
+ \ TOS-network-unreachable
+ \ TOS-host-unreachable
+ \ communication-prohibited
+ \ host-precedence-violation
+ \ precedence-cutoff
+ \ source-quench
+ \ redirect
+ \ network-redirect
+ \ host-redirect
+ \ TOS-network-redirect
+ \ TOS-host-redirect
+ \ echo-request
+ \ router-advertisement
+ \ router-solicitation
+ \ time-exceeded
+ \ ttl-zero-during-transit
+ \ ttl-zero-during-reassembly
+ \ parameter-problem
+ \ ip-header-bad
+ \ required-option-missing
+ \ timestamp-request
+ \ timestamp-reply
+ \ address-mask-request
+ \ address-mask-reply
+
+" If we used a keyword for this, port names would be colored the same
+" as modules with the same name (e.g. tcp, udp, icmp).
+syntax keyword iptablesParam -m --match skipwhite nextgroup=iptablesModuleName
+
+syntax region iptablesString start=+"+ skip=+\\"+ end=+"+ oneline
+
+syntax match iptablesComment "^#.*" contains=iptablesTodo
+syntax match iptablesBadComment "^\s\+\zs#.*" " Pound must be in first column
+
+syntax keyword iptablesTodo contained TODO FIXME XXX NOT NOTE
+
+" Special Delimiters: {{{2
+
+if s:Iptables_SpecialDelimiters != 0
+ syntax match iptablesNumber "\<[0-9./:]\+\>"
+ \ contains=iptablesMask,iptablesDelimiter
+ syntax match iptablesDelimiter "[./:]" contained
+ syntax match iptablesMask "/[0-9.]\+" contained
+ \ contains=iptablesDelimiter
+else " s:Iptables_SpecialDelimiters == 0
+ syntax match iptablesNumber "\<[0-9./]\+\>"
+ \ contains=iptablesMask,iptablesDelimiter
+ syntax match iptablesDelimiter "/" contained
+ syntax match iptablesMask "/[0-9.]\+" contained
+ \ contains=iptablesDelimiter
+endif
+
+"============================================================================
+" Section: Autogenerated Groups {{{2
+"============================================================================
+
+" Begin autogenerated section.
+" iptables2vim: "iptables2vim 43 2014-06-08 03:21:32Z ehaar"
+" iptables: "iptables v1.4.19.1"
+
+syntax keyword iptablesLongParam
+ \ --zone --xor-tos --xor-mark --weekdays --vproto --vportctl --vport
+ \ --vmethod --verbose --vdir --validmark --vaddr --update
+ \ --ulog-qthreshold --ulog-prefix --ulog-nlgroup --ulog-cprange
+ \ --uid-owner --u --type --tunnel-src --tunnel-dst --ttl-set --ttl-lt
+ \ --ttl-inc --ttl-gt --ttl-eq --ttl-dec --ttl --transparent --tproxy-mark
+ \ --total-nodes --tos --to-source --to-ports --to-port --to-destination
+ \ --to --timestop --timestart --timeout --tcp-option --tcp-flags --table
+ \ --syn --strip-options --string --strict --state --src-type --src-range
+ \ --src-pfx --src-group --src --sports --sport --spi --source-ports
+ \ --source-port --source --soft --socket-exists --set-xmark --set-tos
+ \ --set-mss --set-mark --set-dscp-class --set-dscp --set-counters
+ \ --set-class --set --selctx --seconds --save-mark --save --rttl --rt-type
+ \ --rt-segsleft --rt-len --rt- --rsource --return--nomatch --restore-mark
+ \ --restore --reqid --remove --reject-with --reap --realm --rdest --rcheck
+ \ --rateest-pps --rateest-name --rateest-lt --rateest-interval
+ \ --rateest-gt --rateest-ewmalog --rateest-eq --rateest-delta
+ \ --rateest-bps --rateest --random --quota --queue-num --queue-bypass
+ \ --queue-balance --protocol --proto --probability --ports --pol
+ \ --pkt-type --physdev-out --physdev-is-out --physdev-is-in
+ \ --physdev-is-bridged --physdev-in --persistent --packet --out-interface
+ \ --or-tos --or-mark --on-port --on-ip --numeric --notrack --nodst
+ \ --nflog-threshold --nflog-range --nflog-prefix --nflog-group
+ \ --nfacct-name --next --new --name --mss --monthdays --modprobe --mode
+ \ --mh-type --mask --mark --mangle-mac-d --mac-source --loose --log-uid
+ \ --log-tcp-sequence --log-tcp-options --log-prefix --log-level
+ \ --log-ip-options --log --local-node --line-numbers --limit-iface-out
+ \ --limit-iface-in --limit-burst --limit --length --led-trigger-id
+ \ --led-delay --led-always-blink --label --kerneltz --jump --ipvs --ipv
+ \ --invert --in-interface --icmpv --icmp-type --hmark-tuple
+ \ --hmark-src-prefix --hmark-sport-mask --hmark-spi-mask --hmark-rnd
+ \ --hmark-proto-mask --hmark-offset --hmark-mod --hmark-dst-prefix
+ \ --hmark-dport-mask --hl-set --hl-lt --hl-inc --hl-gt --hl-eq --hl-dec
+ \ --hitcount --hex-string --helper --help --header --hbh-opts --hbh-len
+ \ --hashmode --hashlimit-upto --hashlimit-srcmask --hashlimit-src
+ \ --hashlimit-name --hashlimit-mode --hashlimit-mask
+ \ --hashlimit-htable-size --hashlimit-htable-max
+ \ --hashlimit-htable-gcinterval --hashlimit-htable-expire
+ \ --hashlimit-dstmask --hashlimit-burst --hashlimit-above --hashlimit
+ \ --hash-init --h-length --goto --gid-owner --genre --gateway --from
+ \ --fragres --fragmore --fragment --fraglen --fraglast --fragid
+ \ --fragfirst --expevents --exist --exact --every --espspi
+ \ --ecn-tcp-remove --ecn-tcp-ece --ecn-tcp-cwr --ecn-ip-ect --dst-type
+ \ --dst-range --dst-pfx --dst-opts --dst-len --dst-group --dst
+ \ --dscp-class --dscp --dports --dport --dir --destination-ports
+ \ --destination-port --destination --del-set --dccp-types --dccp-option
+ \ --datestop --datestart --ctstatus --ctstate --ctreplsrcport --ctreplsrc
+ \ --ctrepldstport --ctrepldst --ctproto --ctorigsrcport --ctorigsrc
+ \ --ctorigdstport --ctorigdst --ctexpire --ctevents --ctdir --cpu
+ \ --contiguous --connlimit-upto --connlimit-saddr --connlimit-mask
+ \ --connlimit-daddr --connlimit-above --connbytes-mode --connbytes-dir
+ \ --connbytes --comment --clustermac --cluster-total-nodes
+ \ --cluster-local-nodemask --cluster-local-node --cluster-hash-seed --clus
+ \ --clamp-mss-to-pmtu --chunk-types --checksum-fill --check --bytecode
+ \ --and-tos --and-mark --algo --ahspi --ahres --ahlen --add-set
+ \ --accept-local
+" End autogenerated section.
+
+"============================================================================
+" Section: Group Linking {{{1
+"============================================================================
+
+IptablesHiLink iptablesSaveDirective PreProc
+IptablesHiLink iptablesSaveOperation PreProc
+
+IptablesHiLink iptablesTable Statement
+IptablesHiLink iptablesTarget Statement
+IptablesHiLink iptablesBuiltinChain Type
+
+IptablesHiLink iptablesCommand Operator
+
+IptablesHiLink iptablesModuleName Type
+IptablesHiLink iptablesModuleType Type
+
+IptablesHiLink iptablesOperator Operator
+IptablesHiLink iptablesParam Identifier
+IptablesHiLink iptablesLongParam Identifier
+
+IptablesHiLink iptablesNumber Constant
+
+if s:Iptables_SpecialDelimiters != 0
+ IptablesHiLink iptablesMask PreProc
+ IptablesHiLink iptablesDelimiter Delimiter
+else " s:Iptables_SpecialDelimiters == 0
+ IptablesHiLink iptablesMask Special
+ IptablesHiLink iptablesDelimiter None
+endif
+
+IptablesHiLink iptablesString Constant
+
+IptablesHiLink iptablesComment Comment
+IptablesHiLink iptablesBadComment Error
+IptablesHiLink iptablesTodo Todo
+
+"============================================================================
+" Section: Clean Up {{{1
+"============================================================================
+
+delcommand IptablesHiLink
+
+let b:current_syntax = "iptables"
+
+if main_syntax == 'iptables'
+ unlet main_syntax
+endif
+
+" Autoconfigure vim indentation settings
+" vim:ts=4:sw=4:sts=4:fdm=marker:iskeyword+=-