From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 5595 invoked from network); 13 Apr 2021 23:33:01 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 13 Apr 2021 23:33:01 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20200801; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Message-ID:Date:Content-ID: Content-Type:MIME-Version:Subject:To:From:Reply-To:Cc: Content-Transfer-Encoding:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References; bh=M9DPTghD7rwCykTp2cyeL1XixhFyF5C3KnCmzMIWMpw=; b=i1AyVgClBDbLJxpyS3rAa7+Zwr OAnXsdhzHo2Iz/n71mijJBF0BBAb5MBTQfNq2aDdlGB/PfT9gTdKk+yctHaCpJZdmaXsRnsFcnyfY fuR6HZdgb3bTdPoLqsyeUDa8+r8I/hJNw2fkqiwc4hnFSbwWwzT2MnFI+gH0uS1197MM4zBWvq0Qd DuhixRmEEsGVy6UReXSQ1gf6VFzHXZGR082+f2Vr8Y5MTwuFy6NI0kPqn32HgopHnvd08DqCU5kK0 gT2mULNjyUf5IgGRsXG/LkToQRfcwLi9icEhMREWgW00QPehiJ/Ta2XounyTie6K/Mwe3Wf6PlXV5 nrvcLISQ==; Received: from authenticated user by zero.zsh.org with local id 1lWSWi-00011l-T8; Tue, 13 Apr 2021 23:33:00 +0000 Received: from authenticated user by zero.zsh.org with esmtpsa (TLS1.3:TLS_AES_256_GCM_SHA384:256) id 1lWSWW-0000l8-HD; Tue, 13 Apr 2021 23:32:48 +0000 Received: from [192.168.178.21] (helo=hydra) by mail.kiddle.eu with esmtp(Exim 4.93.0.4) (envelope-from ) id 1lWSWU-000DUp-1A for zsh-workers@zsh.org; Wed, 14 Apr 2021 01:32:47 +0200 From: Oliver Kiddle To: Zsh workers Subject: PATCH: new ipfw completion MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <51881.1618356766.1@hydra> Date: Wed, 14 Apr 2021 01:32:46 +0200 Message-ID: <51882-1618356766.033560@mJ95.5F1T.uwom> X-Seq: 48556 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: List-Subscribe: List-Unsubscribe: List-Post: List-Owner: List-Archive: This adds completion for ipfw which is one of the firewall options on FreeBSD. We do already have a completion for pf. This handles the fact that ipfw allows the whole line to be quoted, e.g: ipfw '-n add 01000 allow ip from any to any' We should probably be parsing /etc/protocols and offering all the protocols from there but I'm not sure how useful that really would be. For now, this just lists the main ones. Oliver diff --git a/Completion/BSD/Command/_ipfw b/Completion/BSD/Command/_ipfw new file mode 100644 index 000000000..2354a70fe --- /dev/null +++ b/Completion/BSD/Command/_ipfw @@ -0,0 +1,325 @@ +#compdef ipfw + +local word=$'/[^ \t\0]#[ \t\0]/' comma next pqs nat +local -a actions address pathname ropts ca +local -A opt_args nat_options + +_ipfw_tables() { + local -a expl match opts all + zparseopts -D -E -a opts M+: x+: X+: J+: V+: o+: 1 2 a=all + _description -x ipfw-tables expl 'table' + match=( ${${${(M)${(f)"$(_call_program ipfw-tables + ipfw table all info 2>/dev/null)"}:#-*}#*\(}%%\)*} ) + if (( $#all )); then + match+=( all ) + compadd -D match -a match + [[ $#PREFIX -eq 0 && $#match -eq 1 && $match[1] = all ]] && compstate[insert]='' + fi + compadd "$opts[@]" "$expl[@]" "$@" -a match +} + +_ipfw_rules() { + local -a rules + rules=( ${${(f)"$(_call_program ipfw-rules ipfw list)"}/ /:} ) + _describe -x -t ipfw-rules rule rules "$@" +} + +ropts=( # rule options + bridged + defer-{immediate-,}action diverted{,-loopback,-output} + dst-{ip{,6,v6},port} established ext6hdr + fib flow flow-id frag gid jail + icmptypes icmp6types in out + ipid iplen ipoptions ipprecedence ipsec iptos dscp ipttl ipversion + keep-state layer2 limit lookup + MAC mac-type proto record-state recv xmit via + set-limit setup sockarg + src-{ip,ip6,port} tagged + tcpack tcpdatalen tcpflags tcpmss tcpseq tcpwin tcpoptions + uid verrevpath versrcreach antispoof +) + +nat_options=( + nat64lsn "prefix4 prefix6 states_chunk host_del_age pg_del_age tcp_syn_age tcp_est_age tcp_close_age udp_age icmp_age log -log allow_private -allow_private" + nat64stl "prefix6 table4 table6 log -log allow_private -allow_private" + nat64clat "clat_prefix plat_prefix log -log allow_private -allow_private" + nptv6 "int_prefix ext_prefix ext_if prefixlen" +) + +ca=( compadd -S " " -r " $compstate[quote]\t\n\-" ) + +address=( + \( $'/not[ \t\0]/' ':operators:operator:$ca not' \| \) + \( $'/(any|me|me6)[ \t\0]/' ':addresses:address:$ca any me me6' + \| '/table??/' ':tables:table:compadd -S "" -s\( table' + $word ':tables:table:_ipfw_tables -s\) -S ""' + \| // -'comma=0' + \( + // -'(( ! comma ))' + \( $'/[^, \t\0]#/' $'%[, \t\0]%' ':hosts:ip or host:_hosts -S, -r "/: \t\n\-"' + \| $'/[^},/:]##//' '/[]/' ': _message -e numbers "mask length"' + \| $'/[^},/:]##:/' '/[]/' ': _message -e numbers "mask"' + \| $'/([0-9]##.)(#c3)[0-9]##/' '/[]/' ':symbols:symbol:compadd -S "" / : ,' + \| // '%[1-9]%' '/[]/' ': _message -e ip-addresses "IP address"' \) + \( /,/ -'comma=0' \| // -'comma=1' \) + $'/([ \t\0]|)/' + \) \# + // -'(( comma ))' + \) +) +address=( + \( $'/[({][ \t]\0/' -'next=1' ':symbols:symbol:$ca - {' + \( // -'(( next ))' $address + \( $'/or[ \t\0]/' -'next=1' ':symbols:symbol:$ca - or \}' \| // -'next=0' \) + \) \# + $'/[})][ \t\0]/' + \| $address \) + \( + \( $'/not[ \t\0]/' ':specifiers:specifier:$ca - not' \| \) + $word -$'[[ $match != to? && -z ${(M)ropts:#${match%?}} ]]' ':ports:port:_sequence _ports' + \| \) +) + +actions=( + $'/[^\0]##\0(-[a-zA-Z0-9]##[ \t]#)#/' # skip over options, completed by _arguments but can + \( # be quoted in one argument which that doesn't handle + $'/add[ \t\0]/' ':firewall-commands:firewall configuration:$ca add' + \( $'/<->[ \t\0]/' ': _guard "[0-9]#" "rule number (00000-65535)"' \| \) + \( $'/set[ \t\0]/' ':specifiers:specifier:$ca set' $word ':sets:set:$ca -o numeric {0..31}' \| \) + \( $'/prob[ \t\0]/' ':specifiers:specifier:$ca prob' $word ': _message -e probabilities "match probability (0.0-1.0)"' \| \) + \( # rule actions + $'/check-state[ \t\0]/' $word ': _message -e flow-names "flow name"' + \| + \( $'/(divert|tee)[ \t\0]/' $word ': _message -e ports port' + \| $'/(fwd|forward)[ \t\0]/' + \( $word ': _guard "[0-9]#" "ip address"' + \| '/[^\0]#,/' ':specials:special:compadd -qS, tablearg' + $word ':ports:port:_ports -qS " "' \) + \| $'/(nat*|nptv6)[ \t\0]/' + \( $word ': _guard "[0-9]#" "nat instance"' + \| $word ':specials:special:$ca global tablearg' \) + \| $'/pipe[ \t\0]/' $word ': _message -e pipes "dummynet pipe"' + \| $'/queue[ \t\0]/' $word ': _message -e queues "dummynet queue"' + \| $'/(skipto|call)[ \t\0]/' \( /t/+ $word ':specials:special:$ca tablearg' \| '/[]/' ':ipfw-rules:rule:_ipfw_rules -qS " "' \) + \| $'/unreach[ \t\0]/' $word ':codes:code:$ca net host protocol port needfrag srcfail net-unknown host-unknown isolated net-prohib host-prohib tosnet toshost filter-prohib host-precedence precedence-cutoff' + \| $'/unreach6[ \t\0]/' $word ':codes:code:$ca no-route admin-prohib address port' + \| $'/(netgraph|ngtee)[ \t\0]/' $word ': _message -e cookies cookie' + \| $'/setfib[ \t\0]/' \( $word ': _guard "[0-9]#" "routing table"' \| '/[]/' ':specials:special:$ca tablearg' \) + \| $'/setdscp[ \t\0]/' \( $word ':dscps:dscp:$ca cs{0..7} af{1,2,3,4}{1,2,3} ef be' \| '/[]/' ':specials:special:$ca tablearg' \) + \| $'/tcp-setmss[ \t\0]/' $word ': _message -e mss mss' + \| $word \) + \( $'/log[ \t\0]/' ':specifiers:specifier:$ca log' + \( $'/logamount[ \t\0]/' ':specifiers:specifier:$ca logamount' $word ': _message -e limits "maximum count"' \| \) + \| \) + \( $'/altq[ \t\0]/' ':specifiers:specifier:$ca altq' $word ': _message -e queues queue' \| \) + \( $'/(tag|untag)[ \t\0]/' ':specifiers:specifier:$ca tag untag' $word ': _message -e numbers "tag (1-65534)"' \| \) + # rule body + \( \( $'/not[ \t\0]/' ':operators:operator:$ca not' \| \) + $'/(ip(v|)(4|6|)|all|icmp|ip|tcp|udp|sctp)[ \t\0]/' ':protocols:protocol:$ca ip ip4 ipv4 ip6 ipv6 all icmp tcp udp sctp' + $'/from[ \t\0]/' ':specifiers:specifier:$ca from' + $address + $'/to[ \t\0]/' ':specifiers:specifier:$ca to' + $address + \| \) + # rule options + \( $'///[ \t\0]/' ':rule-options:rule option:((//\:comment))' // ': _message -e comments comment' + \| $'/(dst|src)-ip(|6|v6)[ \t\0]/' $word ': _message -e addresses address' + \| $'/(dst|src)-port[ \t\0]/' $word ':ports:port:_sequence _ports' + \| $'/ext6hdr[ \t\0]/' $word ':headers:extended header:_sequence compadd - frag hopopt route rthdr0 rthdr2 dstopt ah esp' + \| $'/fib[ \t\0]/' $word ': _message -e routing-tables "routing table"' + \| $'/flow[ \t\0]/' '/table??/' ':tables:table:compadd -S "" -s\( table' + $word ':tables:table:_ipfw_tables -s\) -S ""' + \| $'/flow-id[ \t\0]/' $word ': _message -e flow-labels "flow label"' + \| $'/frag[ \t\0]/' $word ':fragmentation options:fragmentation option:_sequence compadd - df mf rf offset' + \| $'/gid[ \t\0]/' $word ':groups:group:_groups' + \| $'/jail[ \t\0]/' $word ':jails:jail:_jails' + \| $'/ipoptions[ \t\0]/' $word ':ip-options:ip option:_sequence compadd - ssrr lsrr rr ts' + \| $'/iptos[ \t\0]/' $word ':tos-fields:tos field:_sequence compadd - lowdelay throughput reliability mincost congestion' + \| $'/(set-|)limit[ \t\0]/' $word ':parameters:parameter to limit:$ca {src,dsr}-{addr,port}' + $word ': _message -e numbers "connection limit"' + \| $'/lookup[ \t\0]/' $word ':fields:field:$ca {src,dst}-{ip,port} uid jail' + $word ': _message -e names name' + \| $'/(#i)mac[ \t\0]/' $word ': _message -e mac-addresses "destination mac"' + $word ': _message -e mac-addresses "source mac"' + \| $'/proto[ \t\0]/' $word ': _message -e protocols "IP protocol"' + \| $'/(recv|xmit|via)[ \t\0]/' + \( $word ':interfaces:interface:_net_interfaces -qS " "' + \| $word ':ipfw-tables:table:_ipfw_tables -qS " "' + \| $'/any[ \t\0]/' ':interfaces:interface:$ca any' \) + \| $'/tcpflags[ \t\0]/' $word ':tcp-flags:tcp flag:_sequence compadd - fin syn rst psh ack urg' + \| $'/tcpoptions[ \t\0]/' $word ':tcp-options:tcp option:_sequence compadd - mss window sack ts cc' + \| $'/uid[ \t\0]/' $word ':users:user:_users -qS " "' + \| $'/(icmp(|6)types|ipid|iplen|ipprecedence|dscp|ipttl|ipversion|keep-state|mac-type|tagged|tcp(ack|datalen|mss|pack|seq|win))[ \t\0]/' $word ': _message -e values value' + \| $word ':rule-options:rule option:$ca -a ropts' + \) \# + \| + '/[]/' ':actions:action:$ca allow check-state count deny divert forward nat nat64lsn nat64stl nat64clat nptv6 pipe queue reset reset6 skipto call return tee unreach unreach6 netgraph setfib ngtee setfib setdscp tcp-setmss reass abort abort6' + \) + \| $'/set[ \t\0]show[ \t\0]/' + \| $'/set[ \t\0]move[ \t\0]/' + \( // %r% $'/rule[ \t\0]/' ': $ca rule' \| \) + $word ':ipfw-rules: :_ipfw_rules -qS " "' + $'/to[ \t\0]/' ': $ca to' + $word ':ipfw-rules: :_ipfw_rules' + \| $'/set[ \t\0]swap[ \t\0]/' + $word ':ipfw-sets:set:$ca -o numeric {0..31}' + $word ':ipfw-sets:set:compadd -o numeric {0..31}' + \| $'/set[ \t\0]/' '%[ed]%' + \( + $'/(en|dis)able[ \t\0]/' ':set-commands:set command:$ca -F line enable disable' + $'/<->[ \t\0]/' ':ipfw-sets:set:$ca -o numeric {0..31}' + $'/<->[ \t\0]/' ':ipfw-sets:set:$ca -o numeric {0..31}' \# + \) \# + \| + \( $'/set[ \t\0]/' ':firewall-commands:firewall configuration:$ca set' + \( $'/<->[ \t\0]/' ':sets:set:$ca -o numeric {0..31}' + \| '/[]/' ':set-commands:set command:$ca move swap show enable disable' \) + \| \) + \( $'/(list|show|delete)[ \t\0]/' ':firewall-commands:firewall configuration:$ca list show delete zero resetlog' + \( $'/[0-9]##-/' $word ':ipfw-rules: :_ipfw_rules -qS " "' + \| $word ':ipfw-rules: :_ipfw_rules -qS "-"' \) \# + \| $'/(zero|resetlog)[ \t\0]/' $word ':ipfw-rules: :_ipfw_rules -qS " "' \# + \| $'/flush[ \t\0]/' ':firewall-commands:firewall configuration:(flush)' + \| $'/table[ \t\0]/' ':commands:command:$ca table' + \( # lookup tables + $'/all[ \t\0]/' $word ':commands:table command:compadd destroy list info detail flush' + \| + $word ':tables:table:_ipfw_tables -a -qS " "' + \( $'/create[ \t\0]/' + \( $'/type[ \t\0]/' $word ':types:type:(addr iface number flow)' + \| $'/valtype[ \t\0]([^ \t\0]#,|)/' $word ':value-types:value type:compadd -qS, skipto pipe fib nat dscp tag divert netgraph limit ipv4 ipv6' + \| $'/algo[ \t\0]/' $word ':algorithms:lookup algorithm:$ca addr\:radix addr\:hash iface\:array number\:array flow\:hash' + \| $'/limit[ \t\0]/' $word ': _message -e numbers "maximum number of items"' + \| $word ':options:option:$ca -F line type valtype algo limit locked missing or-flush' \) \# + \| $'/modify[ \t\0]/' + $'/limit[ \t\0]/' ':options:option:$ca limit' + $word ': _message -e numbers "maximum number of items"' + \| $'/swap[ \t\0]/' + $word ':tables:table:_ipfw_tables -a' + \| $'/(atomic[ \t\0]|)add[ \t\0]/' \( + $word ': _message -e table-keys "table key"' + $word ': _message -e values value' \) \# + \| $'/delete[ \t\0]/' $word ': _message -e table-keys "table key"' \# + \| $'/lookup[ \t\0]/' $word ': _message -e addresses address' + \| + '/[]/' ':commands:table command:compadd - destroy lock unlock list info detail flush' + \| + $word ':commands:table command:$ca -Q - create modify swap add atomic\ add delete lookup' + \) + \) + \| $'/(nat64(lsn|stl|clat)|nptv6)[ \t\0]/' -'nat=${match%?}' ':commands:command:$ca nat64lsn nat64stl nat64clat nptv6' + $word ': _message -e names name' + \( $'/(config|create)[ \t\0]/' + \( $'/[^\0]#prefix([46]|)[ \t\0]/' $word ': _message -e prefixes prefix' + \| $'/states_chunks[ \t\0]/' $word ': _message -e numbers number' + \| $'/[^\0]#_age[ \t\0]/' ': _message -e seconds "age (seconds)"' + \| $'/table[46][ \t\0]/' $word ':ipfw-tables:ipfw table:_ipfw_tables -qS " "' + \| $'/ext_if[ \t\0]/' $word ':interfaces:interface:_net_interfaces -qS " "' + \| $'/prefixlen[ \t\0]/' ': _message -e lengths length' + \| $word ':options:option:$ca -F line $=nat_options[$nat]' \) \# + \| $'/(list|show)[ \t\0]/' + \( // -'[[ $nat = *lsn]' $word ':states:state:(states)' + \| // -'[[ $nat != *lsn]' \) + \| $'/stats[ \t\0]/' $word ':commands:command:(reset)' + \| + $word ':commands:command:$ca create config list show destroy stats' + \) + \) + \| # in-kernel NAT + $'/nat[ \t\0]/' ':commands:command:$ca nat' + $word ': _message -e numbers "nat instance"' + \( $'/config[ \t\0]/' + \( $'/if[ \t\0]/' $word ':interfaces:interface:_net_interfaces -qS " "' + \| $'/ip[ \t\0]/' $word ': _message -e ip-addresses "ip address"' + \| $'/redirect_addr[ \t\0]/' + $word ': _message -e ip-addresses "IP address"' + $word ': _message -e ip-addresses "IP address"' + \| $'/redirect_port[ \t\0]/' $word ':protocols:protocol:$ca sctp tcp udp' + '/[^:]##:/' ': _message -e ip-addresses "IP address"' + $word ':ports:port:_ports' + $word ':ports:port:_sequence _ports' + \| $'/redirect_proto[ \t\0]/' $word ':protocols:protocol:$ca sctp tcp udp' + $word ': _message -e ip-addresses "IP address"' + $word ': _message -e ip-addresses "IP address"' + \| $word ':parameters:config parameter:$ca ip if log deny_in same_ports unreg_only unreg_cgn reset reverse proxy_only skip_global redirect_port redirect_addr redirect_proto' + \) \# + \| $'/show[ \t\0]/' $word ':actions:action:(config log)' + \| '/[]/' ':commands:command:$ca config show' \) + \| # dummynet configuration + $'/(pipe|queue|sched)[ \t\0]/' -'pqs=${match%?}' ':dummynet-commands:dummynet configuration:$ca pipe queue sched' + $word ': _message -e numbers number' + $word ':options:config:$ca config' + \( $'/bw[ \t\0]/' \( $'/<->/' ': _guard "[0-9]#" bandwidth' + $word ':units:unit:compadd -M "m:{a-z}={A-Z}" {K,M,G}{bit,Byte}/s' + \| $word ':devices:device:_net_interfaces -qS " "' \) + \| $'/delay[ \t\0]/' $word ': _message -e numbers "propagation delay (ms)"' + \| $'/burst[ \t\0]/' $word ': _message -e numbers "size (bytes)"' + \| $'/profile[ \t\0]/' $word ':files:file:_files -qS " "' + \| $'/pipe[ \t\0]/' $word ': _message -e pipes pipe' + \| $'/weight[ \t\0]/' $word ': _message -e weights "weight (1-100) [1]"' + \| $'/type[ \t\0]/-' + \( $'/fq_(pie|codel)[ \t\0]/' + \( $'/limit[ \t\0]/' $word ': _message -e numbers "limit (packets) [10240]"' + \| $'/flows[ \t\0]/' $word ': _message -e numbers "flow queues [1024]"' + \| $'/quantum[ \t\0]/' ':parameters:parameter:$ca -F line quantum limit flows' \) \# + '/[]/' + \| $word ':types:scheduling algorithm:$ca fifo wf2q+ rr qfq fq_codel fq_pie fq_codel' \) + \| $'/buckets[ \t\0]/' $word ': _message -e sizes "hash table size (16-65536)"' + \| $'/mask[ \t\0]/' $word ':mask-specifiers:mask specifier:$ca dst-ip dst-ip6 src-ip src-ip6 dst-port src-port flow-id proto all' + \| $'/plr[ \t\0]/' $word ': _message -e numbers "packet loss rate (0.0-1.0)"' + \| $'/queue[ \t\0]/' $word ': _message -e sizes "queue size"' + \| $'/(red|gred)[ \t\0]/' $word ': _message -e thresholds thresholds' + \| $'/codel[ \t\0]/' + \( $'/(target|interval)[ \t\0]/' $word ': _message -e times "time (ms)"' + \| $'/(ecn|noecn)[ \t\0]/' ':options:option:$ca -F line target interval ecn noecn' \) \# + '/[]/' + \| $'/pie[ \t\0]/' + \( $'/(target|tupdate|max_burst)[ \t\0]/' $word ': _message -e times "time"' + \| $'/(alpha|beta)[ \t\0]/' $word ': _message -e weights weight' + \| $'/max_ecnth[ \t\0]/' $word ': _message -e probabilities probability' + \| $word ':options:option:$ca -F line alpha beta max_burst max_ecnth {,no}{ecn,capdrop,drand} onoff dre ts' \) \# + '/[]/' + \| // '-[[ $pqs = pipe ]]' $'/noerror[ \t\0]/' ':options:option:$ca -F line bw delay burst profile buckets mask noerror plr queue red gred codel pie' + \| // '-[[ $pqs = queue ]]' $'/noerror[ \t\0]/' ':options:option:$ca -F line pipe weight buckets mask noerror plr queue red gred codel pie' + \| // '-[[ $pqs = sched ]]' $'/[]/' ':options:option:$ca -F line type bw delay burst profile' + \) \# + \| # sysctl shortcuts + $'/(en|dis)able[ \t\0]/' ':sysctl-shortcuts:sysctl shortcut:$ca enable disable' + $word ':values:value:(firewall altq one_pass debug verbose dyn_keepalive)' + \| + $'/internal[ \t\0]/' ':commands:command:$ca internal' + $word ':lists:list:(iflist talist vlist)' + \) +) + +if (( $words[(I)-p*] )); then + pathname=( ':path:_files -P / -W /' ) +fi + +_regex_arguments _ipfw_actions "$actions[@]" + +if [[ -prefix *[$' \t']* ]]; then + # This allows from things like ipfw "-n add..." + _ipfw_actions + return +fi + +_arguments -s $pathname \ + '(-p)-a[show counter values when listing rules (implied by show)]' \ + '(-p)-b[show only the action and the comment]' \ + '-c[show rules in compact form]' \ + '(-p)-d[show dynamic rules in addition to static ones]' \ + '(-p)-D[act on dynamic states only]' \ + '-f[run without confirmation]' \ + '(- *)-h[display syntax summary]' \ + '(-p)-i[format values as IP addresses in table listings]' \ + '-n[only check syntax, make no changes]' \ + '-N[resolve addresses and service names in output]' \ + '-q[quiet output]' \ + '-S[show the set each rule belongs to]' \ + '(-p)-s+[sort pipes by field]:field (negative reverses):((0\:unsorted 1\:packets 2\:bytes 3\:total\ packets 4\:total\ bytes))' \ + '(-p -T)-t[show timestamp of last match, ctime() format]' \ + '(-p -t)-T[show timestamp of last match as seconds since epoch]' \ + '(-a -b -d -D -i -s -t -T *)-p+[specify preprocessor]:preprocessor:_command_names -e' \ + '*:::actions:= _ipfw_actions' +