pf.conf(5) support

docs/css-classes-reference.rst

@@ -1338,3 +1338,14 @@ Dockerfile ("dockerfile", "docker")
 * ``comment``:          comment
 * ``number``:           number
 * ``string``:           string
+
+PF ("pf", "pf.conf")
+--------------------
+
+* ``built_in``:         top level action, e.g. block/match/pass
+* ``keyword``:          some parameter/modifier to an action (in, on, nat-to, most reserved words)
+* ``literal``:          words representing special values, e.g. all, egress
+* ``comment``:          comment
+* ``number``:           number
+* ``string``:           string
+* ``variable``:         used for both macros and tables

src/languages/pf.js

@@ -0,0 +1,58 @@
+/*
+Language: pf
+Category: config
+Author: Peter Piwowarski <oldlaptop654@aol.com>
+Description: The pf.conf(5) format as of OpenBSD 5.6
+*/
+
+function(hljs) {
+  var MACRO = {
+    className: 'variable',
+    begin: /\$[\w\d#@][\w\d_]*/
+  };
+  var TABLE = {
+    className: 'variable',
+    begin: /</, end: />/
+  };
+  var QUOTE_STRING = {
+    className: 'string',
+    begin: /"/, end: /"/
+  };
+
+  return {
+    aliases: ['pf.conf'],
+    lexemes: /[a-z0-9_<>-]+/,
+    keywords: {
+      built_in: /* block match pass are "actions" in pf.conf(5), the rest are
+                 * lexically similar top-level commands.
+                 */
+        'block match pass load anchor|5 antispoof|10 set table',
+      keyword:
+        'in out log quick on rdomain inet inet6 proto from port os to route' +
+        'allow-opts divert-packet divert-reply divert-to flags group icmp-type' +
+        'icmp6-type label once probability recieved-on rtable prio queue' +
+        'tos tag tagged user keep fragment for os drop' +
+        'af-to|10 binat-to|10 nat-to|10 rdr-to|10 bitmask least-stats random round-robin' +
+        'source-hash static-port' +
+        'dup-to reply-to route-to' +
+        'parent bandwidth default min max qlimit' +
+        'block-policy debug fingerprints hostid limit loginterface optimization' +
+        'reassemble ruleset-optimization basic none profile skip state-defaults' +
+        'state-policy timeout' +
+        'const counters persist' +
+        'no modulate synproxy state|5 floating if-bound no-sync pflow|10 sloppy' +
+        'source-track global rule max-src-nodes max-src-states max-src-conn' +
+        'max-src-conn-rate overload flush' +
+        'scrub|5 max-mss min-ttl no-df|10 random-id',
+      literal:
+        'all any no-route self urpf-failed egress|5 unknown',
+    },
+    contains: [
+      hljs.HASH_COMMENT_MODE,
+      hljs.NUMBER_MODE,
+      hljs.QUOTE_STRING_MODE,
+      MACRO,
+      TABLE,
+    ]
+  };
+}

src/styles/default.css

@@ -37,6 +37,7 @@ Original style from softwaremaniacs.org (c) Ivan Sagalaev <Maniac@SoftwareManiac
 .hljs-flow,
 .hljs-stream,
 .bash .hljs-variable,
+.pf .hljs-variable,
 .apache .hljs-tag,
 .apache .hljs-cbracket,
 .tex .hljs-command,
@@ -120,6 +121,7 @@ Original style from softwaremaniacs.org (c) Ivan Sagalaev <Maniac@SoftwareManiac
 .smalltalk .hljs-class,
 .hljs-winutils,
 .bash .hljs-variable,
+.pf .hljs-variable,
 .apache .hljs-tag,
 .hljs-type,
 .hljs-typename,

test/detect/pf/default.txt

@@ -0,0 +1,43 @@
+# from the PF FAQ: http://www.openbsd.org/faq/pf/example1.html
+
+# macros
+
+int_if="xl0"
+
+tcp_services="{ 22, 113 }"
+icmp_types="echoreq"
+
+comp3="192.168.0.3"
+
+# options
+
+set block-policy return
+set loginterface egress
+set skip on lo
+
+# FTP Proxy rules
+
+anchor "ftp-proxy/*"
+
+pass in quick on $int_if inet proto tcp to any port ftp \
+    divert-to 127.0.0.1 port 8021
+
+# match rules
+
+match out on egress inet from !(egress:network) to any nat-to (egress:0)
+
+# filter rules
+
+block in log
+pass out quick
+
+antispoof quick for { lo $int_if }
+
+pass in on egress inet proto tcp from any to (egress) \
+    port $tcp_services
+
+pass in on egress inet proto tcp to (egress) port 80 rdr-to $comp3
+
+pass in inet proto icmp all icmp-type $icmp_types
+
+pass in on $int_if