On Fri, Sep 4, 2020 at 10:51 AM Tommy Nevtelen <to...@nevtelen.com> wrote: > > Hi there misc! > > Is there an external pfctl linter? we have bunch pf firwalls for which > we generate rules but also write some manual ones that get merged. Would > be nice if we could lint the rules before committed to vcs.. (yes we > test before they are applied on the machines as well but that is way too > late in a sane pipeline imho) > > Problem is that pfctl expects that all interfaces and everything is > correct (which makes sense for pfctl before loading). BUT it is hard to > run on a build machine or my laptop to get a general idea on where I'm > at (unless I'm missing some tricks somewhere) > > So I've been looking into parse.y in pfctl. It's been a long time since > I've messed around with very simple yacc stuff so kind of lost. > > Has anyone done anything like this? Would be good to know before I sink > more time into this (and probably fail) :) > > /T >
I wonder if you plug the BNF at the end of the man to something like https://github.com/josephwecker/autohighlight if you can have a 'linter' -- -- --------------------------------------------------------------------------------------------------------------------- Knowing is not enough; we must apply. Willing is not enough; we must do
