puffy 0.1.0

data/lib/puffy/parser.tab.rb

@@ -0,0 +1,1217 @@
+#
+# DO NOT MODIFY!!!!
+# This file is automatically generated by Racc 1.5.2
+# from Racc grammar file "".
+#
+
+require 'racc/parser.rb'
+
+
+require 'deep_merge'
+require 'strscan'
+
+module Puffy
+  class Parser < Racc::Parser
+
+module_eval(<<'...end parser.y/module_eval...', 'parser.y', 191)
+
+  attr_accessor :yydebug
+  attr_reader :policy, :filename
+  #attr_accessor :variables, :nodes, :services
+
+  def ipaddress?(s)
+    IPAddr.new(s.matched)
+  rescue IPAddr::InvalidAddressError
+    s.unscan
+    nil
+  end
+
+  def parse_file(filename)
+    @filename = filename
+    parse(File.read(filename))
+    @filename = nil
+  end
+
+  def parse(text)
+    @lineno = 1
+    s = StringScanner.new(text)
+
+    @tokens = []
+    @position = 0
+    @line = (s.check_until(/\n/) || '').chomp
+    until s.eos? do
+      case
+      when s.scan(/\n/)
+        @lineno += 1
+        @position = -1 # Current match "\n" length will be added before we read the first token
+        @line = (s.check_until(/\n/) || '').chomp
+      when s.scan(/#.*/) then # ignore comments
+      when s.scan(/\s+/) then # ignore blanks
+
+      when s.scan(/\//)
+        n = 0
+        while char = s.post_match[n]
+          case char
+          when /\\/
+            n += 1
+          when /\//
+            emit(:REGEX, Regexp.new(s.post_match[0...n]), s.matched_size)
+            s.pos += n + 1
+            break
+          end
+          n += 1
+        end
+      when s.scan(/=/) then         emit('=', s.matched)
+      when s.scan(/:/) then         emit(':', s.matched)
+      when s.scan(/,/) then         emit(',', s.matched)
+      when s.scan(/{/) then         emit('{', s.matched)
+      when s.scan(/}/) then         emit('}', s.matched)
+      when s.scan(/service\b/) then emit(:SERVICE, s.matched)
+      when s.scan(/client\b/) then  emit(:CLIENT, s.matched)
+      when s.scan(/server\b/) then  emit(:SERVER, s.matched)
+      when s.scan(/node\b/) then    emit(:NODE, s.matched)
+      when s.scan(/'[^'\n]*'/) then emit(:STRING, s.matched[1...-1], s.matched_size)
+      when s.scan(/"[^"\n]*"/) then emit(:STRING, s.matched[1...-1], s.matched_size)
+
+      when s.scan(/ipv4\b/) then    emit(:IPV4, s.matched)
+      when s.scan(/ipv6\b/) then    emit(:IPV6, s.matched)
+      when s.scan(/policy\b/) then  emit(:POLICY, s.matched)
+
+      when s.scan(/do\b/) then      emit(:DO, s.matched)
+      when s.scan(/end\b/) then     emit(:END, s.matched)
+
+      when s.scan(/\$\S+/) then     emit(:VARIABLE, s.matched[1..-1], s.matched_size)
+
+      when s.scan(/pass\b/) then    emit(:PASS, s.matched)
+      when s.scan(/block\b/) then   emit(:BLOCK, s.matched)
+      when s.scan(/in\b/) then      emit(:IN, s.matched)
+      when s.scan(/out\b/) then     emit(:OUT, s.matched)
+      when s.scan(/log\b/) then     emit(:LOG, s.matched)
+      when s.scan(/inet\b/) then    emit(:INET, s.matched)
+      when s.scan(/inet6\b/) then   emit(:INET6, s.matched)
+      when s.scan(/on\b/) then      emit(:ON, s.matched)
+      when s.scan(/proto\b/) then   emit(:PROTO, s.matched)
+      when s.scan(/from\b/) then    emit(:FROM, s.matched)
+      when s.scan(/to\b/) then      emit(:TO, s.matched)
+      when s.scan(/all\b/) then     emit(:ALL, s.matched)
+      when s.scan(/any\b/) then     emit(:ANY, s.matched)
+      when s.scan(/self\b/) then    emit(:SELF, s.matched)
+      when s.scan(/port\b/) then    emit(:PORT, s.matched)
+      when s.scan(/nat-to\b/) then  emit(:NAT_TO, s.matched)
+      when s.scan(/rdr-to\b/) then  emit(:RDR_TO, s.matched)
+
+      when s.scan(/\d+\.\d+\.\d+\.\d+(\/\d+)?/) && ip = ipaddress?(s) then           emit(:ADDRESS, ip, s.matched_size)
+      when s.scan(/[[:xdigit:]]*:[:[:xdigit:]]+(\/\d+)?/) && ip = ipaddress?(s) then emit(:ADDRESS, ip, s.matched_size)
+
+      when s.scan(/\d+/) then      emit(:INTEGER, s.matched.to_i, s.matched_size)
+      when s.scan(/\w[\w-]+/) then emit(:IDENTIFIER, s.matched)
+      else
+        raise SyntaxError.new('Syntax error', { filename: @filename, lineno: @lineno, position: @position, line: @line })
+      end
+      @position += s.matched_size if s.matched_size
+    end
+
+    begin
+      do_parse
+    rescue Racc::ParseError => e
+      raise ParseError.new("Parse error: unexpected token: #{@current_token[0]}", @current_token[1].merge(filename: @filename))
+    end
+  end
+
+  def emit(token, value, length = nil)
+    if token && length.nil?
+      raise "length must be explicitly passed when value is not a String (#{value.class.name})" unless value.is_a?(String)
+
+      length = value.length
+    end
+
+    exvalue = {
+      value: value,
+      line: @line,
+      lineno: @lineno,
+      position: @position,
+      length: length,
+    }
+    @tokens << [token, exvalue]
+  end
+
+  def next_token
+    @current_token = @tokens.shift
+  end
+
+  def initialize
+    super
+    @variables = {}
+    @nodes = {}
+    @saved_policies = {}
+    @services = {} 
+    @rule_factory = Puffy::RuleFactory.new
+  end
+
+  def nodes
+    @nodes.keys
+  end
+
+  def prefered_key_for_hostname(keys, hostname)
+    direct_mapping = []
+    regexp_mapping = []
+
+    keys.each do |key|
+      case key
+      when String
+        direct_mapping << key if key == hostname
+      when Regexp
+        regexp_mapping << key if key.match?(hostname)
+      when Array
+        key.each do |value|
+          case value
+          when String
+            direct_mapping << key if value == hostname
+          when Regexp
+            regexp_mapping << key if value.match?(hostname)
+          end
+        end
+      end
+    end
+
+    raise "Multiple definitions for #{hostname}" if direct_mapping.count > 1
+    raise "Multiple definitions match #{hostname}: #{regexp_mapping.join(', ')}" if regexp_mapping.count > 1
+
+    direct_mapping.first || regexp_mapping.first
+  end
+
+  def prefered_value_for_hostname(hash, hostname)
+    hash[(prefered_key_for_hostname(hash.keys, hostname))]
+  end
+
+  def ruleset_for(hostname)
+    rules = prefered_value_for_hostname(@nodes, hostname)
+    rule_factory = RuleFactory.new
+    rules.map do |r|
+      rule_factory.build(r)
+    end.flatten
+  end
+
+  def policy_for(hostname)
+    prefered_value_for_hostname(@saved_policies, hostname) || @default_policy || :block
+  end
+...end parser.y/module_eval...
+##### State transition tables begin ###
+
+racc_action_table = [
+   132,   132,   129,   132,   132,    24,   153,   154,   162,    74,
+    10,    25,    26,   107,    33,   107,   110,   111,   110,   111,
+   140,    15,    34,   110,   111,    17,   115,   116,    76,    77,
+    19,    18,   131,   131,    21,   131,   131,    22,   164,   165,
+   106,   109,   106,   109,    76,    77,    49,   139,   142,    89,
+    90,    91,    38,    47,    48,    50,    51,    49,    25,    26,
+    39,    30,    31,    67,    47,    48,    50,    51,    49,    25,
+    26,    66,    27,     9,    69,    47,    48,    50,    51,    49,
+    25,    26,    68,    62,     9,    38,    47,    48,    50,    51,
+    49,    25,    26,    39,    89,    90,    91,    47,    48,    50,
+    51,    49,    25,    26,    21,    30,    31,    22,    47,    48,
+    50,    51,    49,    25,    26,    59,    60,    30,    31,    47,
+    48,    50,    51,    49,    25,    26,    21,    76,    77,    22,
+    47,    48,    50,    51,    49,    25,    26,   133,   134,   110,
+   111,    47,    48,    50,    51,    49,    25,    26,   160,   134,
+   110,   111,    47,    48,    50,    51,    49,    25,    26,    89,
+    90,    91,    78,    47,    48,    50,    51,    49,    25,    26,
+    89,    90,    91,    96,    47,    48,    50,    51,    49,    25,
+    26,   150,    99,   148,   100,    47,    48,    50,    51,     6,
+    25,    26,     6,   110,   111,     6,     7,     8,     6,     7,
+     8,     9,     7,     8,     9,     7,     8,     9,     6,   101,
+     9,    54,    55,    17,    21,     7,     8,    22,    17,    18,
+     9,    17,    28,   102,    18,    30,    31,    18,   150,   124,
+   125,   166,   167,    76,    77,   110,   111,   110,   111,   164,
+   165,   103,   104,   114,   119,   119,   126,   128,   137,   145,
+   119,   156,   150,   170,   171,   150,   173,   174 ]
+
+racc_action_check = [
+   119,   129,   119,   143,   154,     9,   143,   143,   157,    52,
+     1,     9,     9,    89,    16,    90,    89,    89,    90,    90,
+   128,     6,    16,   128,   128,     7,    97,    97,    52,    52,
+     8,     7,   119,   129,     8,   143,   154,     8,   157,   157,
+    89,    89,    90,    90,    97,    97,    33,   128,   128,    70,
+    70,    70,    20,    33,    33,    33,    33,    34,    33,    33,
+    20,    28,    28,    47,    34,    34,    34,    34,    38,    34,
+    34,    47,    10,    38,    48,    38,    38,    38,    38,    39,
+    38,    38,    48,    43,    39,    54,    39,    39,    39,    39,
+    44,    39,    39,    54,    71,    71,    71,    44,    44,    44,
+    44,    45,    44,    44,    19,    60,    60,    19,    45,    45,
+    45,    45,    46,    45,    45,    41,    41,    41,    41,    46,
+    46,    46,    46,    57,    46,    46,    55,    74,    74,    55,
+    57,    57,    57,    57,    58,    57,    57,   120,   120,   120,
+   120,    58,    58,    58,    58,    66,    58,    58,   152,   152,
+   152,   152,    66,    66,    66,    66,    67,    66,    66,    72,
+    72,    72,    53,    67,    67,    67,    67,    68,    67,    67,
+   136,   136,   136,    73,    68,    68,    68,    68,    69,    68,
+    68,   137,    81,   137,    82,    69,    69,    69,    69,     0,
+    69,    69,     2,   107,   107,     3,     0,     0,     4,     2,
+     2,     0,     3,     3,     2,     4,     4,     3,     5,    84,
+     4,    35,    35,    49,    35,     5,     5,    35,    50,    49,
+     5,    51,    15,    85,    50,    15,    15,    51,   158,   113,
+   113,   158,   158,   116,   116,   134,   134,   140,   140,   162,
+   162,    86,    87,    95,   105,   112,   114,   118,   123,   131,
+   138,   145,   148,   164,   165,   167,   170,   173 ]
+
+racc_action_pointer = [
+   187,    10,   190,   193,   196,   206,    18,    23,    26,   -10,
+    72,   nil,   nil,   nil,   nil,   218,    10,   nil,   nil,    96,
+    48,   nil,   nil,   nil,   nil,   nil,   nil,   nil,    54,   nil,
+   nil,   nil,   nil,    37,    48,   206,   nil,   nil,    59,    70,
+   nil,   110,   nil,    78,    81,    92,   103,    59,    70,   211,
+   216,   219,     5,   149,    81,   118,   nil,   114,   125,   nil,
+    98,   nil,   nil,   nil,   nil,   nil,   136,   147,   158,   169,
+    21,    66,   131,   158,   104,   nil,   nil,   nil,   nil,   nil,
+   nil,   177,   171,   nil,   196,   218,   228,   237,   nil,     9,
+    11,   nil,   nil,   nil,   nil,   223,   nil,    21,   nil,   nil,
+   nil,   nil,   nil,   nil,   nil,   211,   nil,   186,   nil,   nil,
+   nil,   nil,   212,   204,   238,   nil,   210,   nil,   218,    -2,
+   132,   nil,   nil,   221,   nil,   nil,   nil,   nil,    16,    -1,
+   nil,   214,   nil,   nil,   228,   nil,   142,   179,   217,   nil,
+   230,   nil,   nil,     1,   nil,   217,   nil,   nil,   250,   nil,
+   nil,   nil,   143,   nil,     2,   nil,   nil,     2,   226,   nil,
+   nil,   nil,   203,   nil,   246,   247,   nil,   253,   nil,   nil,
+   223,   nil,   nil,   223,   nil ]
+
+racc_action_default = [
+    -5,  -102,    -5,    -5,    -5,    -5,  -102,  -102,  -102,  -102,
+  -102,    -1,    -2,    -3,    -4,  -102,  -102,   -14,   -15,  -102,
+  -102,   -21,   -22,   -32,   -33,   -46,   -47,   175,  -102,    -7,
+   -11,   -12,   -13,   -31,   -31,  -102,   -20,   -17,   -31,   -31,
+   -25,  -102,   -10,  -102,   -31,   -31,   -31,  -102,  -102,  -102,
+  -102,  -102,   -48,  -102,  -102,  -102,   -19,   -31,   -31,    -6,
+  -102,    -9,   -26,   -28,   -29,   -30,   -31,   -31,   -31,   -31,
+   -71,   -71,   -71,   -43,  -102,   -50,   -54,   -55,   -27,   -16,
+   -18,  -102,  -102,    -8,  -102,  -102,  -102,  -102,   -38,   -76,
+   -76,   -69,   -70,   -39,   -40,   -44,   -42,  -102,   -53,   -23,
+   -24,   -34,   -35,   -36,   -37,   -84,   -72,  -102,   -74,   -75,
+   -91,   -92,   -84,   -56,  -102,   -49,  -102,   -52,   -67,  -102,
+  -102,   -95,   -68,   -59,   -57,   -58,   -45,   -51,   -81,  -102,
+   -83,   -88,   -89,   -73,  -102,   -94,  -102,  -102,   -84,   -77,
+  -102,   -79,   -80,  -102,   -87,  -102,   -93,   -98,  -102,   -61,
+   -65,   -66,  -102,   -82,  -102,   -86,   -90,   -41,  -102,   -64,
+   -78,   -85,  -102,   -97,  -102,  -102,   -60,  -102,   -63,   -96,
+  -100,  -101,   -62,  -102,   -99 ]
+
+racc_goto_table = [
+    75,    20,   121,   130,    29,    37,   163,   120,    16,    53,
+    41,   169,    36,   144,    53,   135,    32,    42,    35,    63,
+    64,    65,    98,   141,   118,   149,    23,   155,    56,   146,
+    61,   122,    81,    82,    73,   121,   159,    95,   161,    79,
+   152,    84,    85,    86,    87,   117,   168,   135,    80,    83,
+    70,    71,    72,    57,    58,   172,     1,   151,    11,    12,
+    13,    14,   105,   112,   127,    88,    93,    94,   113,   123,
+   136,   147,   157,    97,   158,   138,   143 ]
+
+racc_goto_check = [
+    27,    12,    34,    36,     7,    11,    37,    33,     8,    13,
+     6,    37,    12,    36,    13,    34,     9,     7,    10,    13,
+    13,    13,    27,    34,    31,    29,    17,    36,    12,    34,
+     7,    31,    13,    13,    19,    34,    29,    20,    36,    11,
+    33,    13,    13,    13,    13,    27,    29,    34,    12,     7,
+     8,     8,     8,     4,     4,    29,     1,    31,     1,     1,
+     1,     1,    30,    30,    27,    18,    18,    18,    21,    22,
+    23,    24,    25,    26,    28,    32,    35 ]
+
+racc_goto_pointer = [
+   nil,    56,   nil,   nil,    15,   nil,   -18,   -11,     1,     0,
+    -1,   -15,    -7,   -25,   nil,   nil,   nil,    17,    -5,   -18,
+   -36,   -27,   -44,   -53,   -65,   -75,    -1,   -52,   -74,  -112,
+   -27,   -81,   -53,  -100,  -105,   -53,  -116,  -151 ]
+
+racc_goto_default = [
+   nil,   nil,     2,     3,     4,     5,   nil,   nil,   nil,    40,
+   nil,   nil,   nil,    43,    44,    45,    46,    52,   nil,   nil,
+   nil,   nil,   nil,   nil,    92,   nil,   nil,   nil,   nil,   nil,
+   nil,   nil,   nil,   nil,   108,   nil,   nil,   nil ]
+
+racc_reduce_table = [
+  0, 0, :racc_error,
+  2, 39, :_reduce_none,
+  2, 39, :_reduce_none,
+  2, 39, :_reduce_3,
+  2, 39, :_reduce_none,
+  0, 39, :_reduce_none,
+  5, 40, :_reduce_6,
+  3, 40, :_reduce_7,
+  3, 44, :_reduce_8,
+  2, 44, :_reduce_9,
+  1, 44, :_reduce_10,
+  1, 45, :_reduce_11,
+  1, 45, :_reduce_12,
+  3, 43, :_reduce_13,
+  1, 46, :_reduce_14,
+  1, 46, :_reduce_15,
+  5, 41, :_reduce_16,
+  3, 41, :_reduce_17,
+  3, 48, :_reduce_18,
+  2, 48, :_reduce_19,
+  1, 48, :_reduce_20,
+  1, 50, :_reduce_21,
+  1, 50, :_reduce_22,
+  4, 49, :_reduce_23,
+  4, 49, :_reduce_24,
+  1, 49, :_reduce_25,
+  3, 47, :_reduce_26,
+  3, 47, :_reduce_27,
+  2, 51, :_reduce_28,
+  2, 51, :_reduce_29,
+  2, 51, :_reduce_30,
+  0, 51, :_reduce_31,
+  2, 42, :_reduce_32,
+  2, 42, :_reduce_33,
+  4, 53, :_reduce_34,
+  4, 53, :_reduce_35,
+  4, 54, :_reduce_36,
+  4, 54, :_reduce_37,
+  3, 52, :_reduce_38,
+  3, 52, :_reduce_39,
+  3, 52, :_reduce_40,
+  8, 52, :_reduce_41,
+  1, 58, :_reduce_none,
+  0, 58, :_reduce_none,
+  0, 59, :_reduce_none,
+  2, 59, :_reduce_45,
+  1, 55, :_reduce_46,
+  1, 55, :_reduce_47,
+  0, 57, :_reduce_none,
+  3, 57, :_reduce_49,
+  1, 57, :_reduce_50,
+  3, 64, :_reduce_51,
+  2, 64, :_reduce_52,
+  1, 64, :_reduce_53,
+  1, 65, :_reduce_54,
+  1, 65, :_reduce_55,
+  0, 60, :_reduce_none,
+  1, 60, :_reduce_57,
+  1, 60, :_reduce_58,
+  0, 61, :_reduce_none,
+  4, 61, :_reduce_60,
+  2, 61, :_reduce_61,
+  3, 66, :_reduce_62,
+  2, 66, :_reduce_63,
+  1, 66, :_reduce_64,
+  1, 67, :_reduce_65,
+  6, 62, :_reduce_66,
+  3, 62, :_reduce_67,
+  3, 62, :_reduce_68,
+  1, 62, :_reduce_69,
+  1, 56, :_reduce_none,
+  0, 56, :_reduce_71,
+  1, 68, :_reduce_72,
+  3, 68, :_reduce_73,
+  1, 68, :_reduce_none,
+  1, 68, :_reduce_75,
+  0, 68, :_reduce_none,
+  1, 70, :_reduce_77,
+  3, 70, :_reduce_78,
+  1, 70, :_reduce_none,
+  1, 70, :_reduce_80,
+  0, 70, :_reduce_none,
+  4, 69, :_reduce_82,
+  2, 69, :_reduce_83,
+  0, 69, :_reduce_none,
+  3, 73, :_reduce_85,
+  2, 73, :_reduce_86,
+  1, 73, :_reduce_87,
+  1, 74, :_reduce_88,
+  1, 74, :_reduce_89,
+  3, 74, :_reduce_90,
+  1, 72, :_reduce_91,
+  1, 72, :_reduce_92,
+  3, 71, :_reduce_93,
+  2, 71, :_reduce_94,
+  1, 71, :_reduce_95,
+  3, 63, :_reduce_96,
+  2, 63, :_reduce_97,
+  0, 63, :_reduce_98,
+  4, 75, :_reduce_99,
+  2, 75, :_reduce_100,
+  2, 75, :_reduce_101 ]
+
+racc_reduce_n = 102
+
+racc_shift_n = 175
+
+racc_token_table = {
+  false => 0,
+  :error => 1,
+  :IDENTIFIER => 2,
+  "=" => 3,
+  "{" => 4,
+  "}" => 5,
+  "," => 6,
+  :ADDRESS => 7,
+  :STRING => 8,
+  :SERVICE => 9,
+  :NODE => 10,
+  :REGEX => 11,
+  :DO => 12,
+  :END => 13,
+  :POLICY => 14,
+  :LOG => 15,
+  :IPV4 => 16,
+  :IPV6 => 17,
+  :CLIENT => 18,
+  :SERVER => 19,
+  :ON => 20,
+  :BLOCK => 21,
+  :PASS => 22,
+  :IN => 23,
+  :OUT => 24,
+  :INET => 25,
+  :INET6 => 26,
+  :PROTO => 27,
+  :FROM => 28,
+  :TO => 29,
+  :ALL => 30,
+  :ANY => 31,
+  :VARIABLE => 32,
+  :PORT => 33,
+  :INTEGER => 34,
+  ":" => 35,
+  :RDR_TO => 36,
+  :NAT_TO => 37 }
+
+racc_nt_base = 38
+
+racc_use_result_var = true
+
+Racc_arg = [
+  racc_action_table,
+  racc_action_check,
+  racc_action_default,
+  racc_action_pointer,
+  racc_goto_table,
+  racc_goto_check,
+  racc_goto_default,
+  racc_goto_pointer,
+  racc_nt_base,
+  racc_reduce_table,
+  racc_token_table,
+  racc_shift_n,
+  racc_reduce_n,
+  racc_use_result_var ]
+
+Racc_token_to_s_table = [
+  "$end",
+  "error",
+  "IDENTIFIER",
+  "\"=\"",
+  "\"{\"",
+  "\"}\"",
+  "\",\"",
+  "ADDRESS",
+  "STRING",
+  "SERVICE",
+  "NODE",
+  "REGEX",
+  "DO",
+  "END",
+  "POLICY",
+  "LOG",
+  "IPV4",
+  "IPV6",
+  "CLIENT",
+  "SERVER",
+  "ON",
+  "BLOCK",
+  "PASS",
+  "IN",
+  "OUT",
+  "INET",
+  "INET6",
+  "PROTO",
+  "FROM",
+  "TO",
+  "ALL",
+  "ANY",
+  "VARIABLE",
+  "PORT",
+  "INTEGER",
+  "\":\"",
+  "RDR_TO",
+  "NAT_TO",
+  "$start",
+  "target",
+  "assignation",
+  "node",
+  "policy",
+  "service",
+  "variable_value_list",
+  "variable_value",
+  "service_name",
+  "block",
+  "node_name_list",
+  "block_with_policy",
+  "node_name",
+  "rules",
+  "pf_rule",
+  "ipv4_block",
+  "ipv6_block",
+  "action",
+  "optional_hosts",
+  "rule_direction",
+  "log",
+  "on_interface",
+  "rule_af",
+  "protospec",
+  "hosts",
+  "filteropts",
+  "direction_list",
+  "direction",
+  "protocol_list",
+  "protocol",
+  "hosts_from",
+  "hosts_port",
+  "hosts_to",
+  "host_list",
+  "host",
+  "port_list",
+  "port",
+  "filteropt" ]
+
+Racc_debug_parser = false
+
+##### State transition tables end #####
+
+# reduce 0 omitted
+
+# reduce 1 omitted
+
+# reduce 2 omitted
+
+module_eval(<<'.,.,', 'parser.y', 4)
+  def _reduce_3(val, _values, result)
+     @default_policy = val[0]
+    result
+  end
+.,.,
+
+# reduce 4 omitted
+
+# reduce 5 omitted
+
+module_eval(<<'.,.,', 'parser.y', 9)
+  def _reduce_6(val, _values, result)
+     @variables[val[0][:value]] = val[3].freeze
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 10)
+  def _reduce_7(val, _values, result)
+     @variables[val[0][:value]] = val[2].freeze
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 13)
+  def _reduce_8(val, _values, result)
+     result = val[0] + [val[2]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 14)
+  def _reduce_9(val, _values, result)
+     result = val[0] + [val[1]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 15)
+  def _reduce_10(val, _values, result)
+     result = [val[0]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 18)
+  def _reduce_11(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 19)
+  def _reduce_12(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 22)
+  def _reduce_13(val, _values, result)
+     @services[val[1]] = val[2]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 25)
+  def _reduce_14(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 26)
+  def _reduce_15(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 29)
+  def _reduce_16(val, _values, result)
+     @nodes[val[2]] = val[4]; @saved_policies[val[2]] = @policy
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 30)
+  def _reduce_17(val, _values, result)
+     @nodes[val[1]] = val[2]; @saved_policies[val[1]] = @policy
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 33)
+  def _reduce_18(val, _values, result)
+     result = val[0] + [val[2]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 34)
+  def _reduce_19(val, _values, result)
+     result = val[0] + [val[1]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 35)
+  def _reduce_20(val, _values, result)
+     result = [val[0]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 38)
+  def _reduce_21(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 39)
+  def _reduce_22(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 42)
+  def _reduce_23(val, _values, result)
+     @policy = val[1]; result = val[2]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 43)
+  def _reduce_24(val, _values, result)
+     @policy = val[1]; result = val[2]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 44)
+  def _reduce_25(val, _values, result)
+     @policy = nil; result = val[0]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 47)
+  def _reduce_26(val, _values, result)
+     result = val[1].freeze
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 48)
+  def _reduce_27(val, _values, result)
+     result = val[1].freeze
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 51)
+  def _reduce_28(val, _values, result)
+     result = val[0] + val[1]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 52)
+  def _reduce_29(val, _values, result)
+     result = val[0] + val[1]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 53)
+  def _reduce_30(val, _values, result)
+     result = val[0] + val[1]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 54)
+  def _reduce_31(val, _values, result)
+     result = []
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 57)
+  def _reduce_32(val, _values, result)
+     result = val[1][:action]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 58)
+  def _reduce_33(val, _values, result)
+     result = 'log'
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 61)
+  def _reduce_34(val, _values, result)
+     result = val[2].reject { |x| x[:af] == :inet6 }.map { |x| x[:af] = :inet ; x }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 62)
+  def _reduce_35(val, _values, result)
+     result = val[2].reject { |x| x[:af] == :inet6 }.map { |x| x[:af] = :inet ; x }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 65)
+  def _reduce_36(val, _values, result)
+     result = val[2].reject { |x| x[:af] == :inet }.map { |x| x[:af] = :inet6 ; x }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 66)
+  def _reduce_37(val, _values, result)
+     result = val[2].reject { |x| x[:af] == :inet }.map { |x| x[:af] = :inet6 ; x }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 69)
+  def _reduce_38(val, _values, result)
+     result = @services.fetch(val[1]).deep_dup.map { |x| x.merge(val[2]) }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 71)
+  def _reduce_39(val, _values, result)
+                 raise "service #{val[1]} cannot be used as client" if @services.fetch(val[1]).map { |x| x[:dir] }.compact.any?
+             result = @services.fetch(val[1]).deep_dup.map { |x| x.merge(dir: :out).deep_merge(val[2]) }
+
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 75)
+  def _reduce_40(val, _values, result)
+                 raise "service #{val[1]} cannot be used as server" if @services.fetch(val[1]).map { |x| x[:dir] }.compact.any?
+             result = @services.fetch(val[1]).deep_dup.map { |x| x.merge(dir: :in).deep_merge(val[2]) }
+
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 78)
+  def _reduce_41(val, _values, result)
+     result = [val.compact.inject(:merge)]
+    result
+  end
+.,.,
+
+# reduce 42 omitted
+
+# reduce 43 omitted
+
+# reduce 44 omitted
+
+module_eval(<<'.,.,', 'parser.y', 86)
+  def _reduce_45(val, _values, result)
+     result = { on: val[1][:value] }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 89)
+  def _reduce_46(val, _values, result)
+     result = { action: :block }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 90)
+  def _reduce_47(val, _values, result)
+     result = { action: :pass }
+    result
+  end
+.,.,
+
+# reduce 48 omitted
+
+module_eval(<<'.,.,', 'parser.y', 94)
+  def _reduce_49(val, _values, result)
+     result = { dir: val[1] }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 95)
+  def _reduce_50(val, _values, result)
+     result = { dir: val[0] }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 98)
+  def _reduce_51(val, _values, result)
+     result = val[0] + [val[2]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 99)
+  def _reduce_52(val, _values, result)
+     result = val[0] + [val[1]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 100)
+  def _reduce_53(val, _values, result)
+     result = [val[0]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 103)
+  def _reduce_54(val, _values, result)
+     result = :in
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 104)
+  def _reduce_55(val, _values, result)
+     result = :out
+    result
+  end
+.,.,
+
+# reduce 56 omitted
+
+module_eval(<<'.,.,', 'parser.y', 108)
+  def _reduce_57(val, _values, result)
+     result = { af: :inet }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 109)
+  def _reduce_58(val, _values, result)
+     result = { af: :inet6 }
+    result
+  end
+.,.,
+
+# reduce 59 omitted
+
+module_eval(<<'.,.,', 'parser.y', 113)
+  def _reduce_60(val, _values, result)
+     result = { proto: val[2] }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 114)
+  def _reduce_61(val, _values, result)
+     result = { proto: val[1] }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 117)
+  def _reduce_62(val, _values, result)
+     result = val[0] + [val[2]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 118)
+  def _reduce_63(val, _values, result)
+     result = val[0] + [val[1]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 119)
+  def _reduce_64(val, _values, result)
+     result = [val[0]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 122)
+  def _reduce_65(val, _values, result)
+     result = val[0][:value].to_sym
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 125)
+  def _reduce_66(val, _values, result)
+     result = { from: { host: val[1], port: val[2] }, to: { host: val[4], port: val[5] } }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 126)
+  def _reduce_67(val, _values, result)
+     result = { from: { host: val[1], port: val[2] } }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 127)
+  def _reduce_68(val, _values, result)
+     result = { to: { host: val[1], port: val[2] } }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 128)
+  def _reduce_69(val, _values, result)
+     result = {}
+    result
+  end
+.,.,
+
+# reduce 70 omitted
+
+module_eval(<<'.,.,', 'parser.y', 132)
+  def _reduce_71(val, _values, result)
+     result = {}
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 135)
+  def _reduce_72(val, _values, result)
+     result = nil
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 136)
+  def _reduce_73(val, _values, result)
+     result = val[1]
+    result
+  end
+.,.,
+
+# reduce 74 omitted
+
+module_eval(<<'.,.,', 'parser.y', 138)
+  def _reduce_75(val, _values, result)
+     result = @variables.fetch(val[0][:value])
+    result
+  end
+.,.,
+
+# reduce 76 omitted
+
+module_eval(<<'.,.,', 'parser.y', 142)
+  def _reduce_77(val, _values, result)
+     result = nil
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 143)
+  def _reduce_78(val, _values, result)
+     result = val[1]
+    result
+  end
+.,.,
+
+# reduce 79 omitted
+
+module_eval(<<'.,.,', 'parser.y', 145)
+  def _reduce_80(val, _values, result)
+     result = @variables.fetch(val[0][:value])
+    result
+  end
+.,.,
+
+# reduce 81 omitted
+
+module_eval(<<'.,.,', 'parser.y', 149)
+  def _reduce_82(val, _values, result)
+     result = val[2]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 150)
+  def _reduce_83(val, _values, result)
+     result = val[1]
+    result
+  end
+.,.,
+
+# reduce 84 omitted
+
+module_eval(<<'.,.,', 'parser.y', 154)
+  def _reduce_85(val, _values, result)
+     result = val[0] + [val[2]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 155)
+  def _reduce_86(val, _values, result)
+     result = val[0] + [val[1]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 156)
+  def _reduce_87(val, _values, result)
+     result = [val[0]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 159)
+  def _reduce_88(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 160)
+  def _reduce_89(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 161)
+  def _reduce_90(val, _values, result)
+     result = Range.new(val[0][:value], val[2][:value])
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 164)
+  def _reduce_91(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 165)
+  def _reduce_92(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 168)
+  def _reduce_93(val, _values, result)
+     result = val[0] + [val[2]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 169)
+  def _reduce_94(val, _values, result)
+     result = val[0] + [val[1]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 170)
+  def _reduce_95(val, _values, result)
+     result = [val[0]]
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 173)
+  def _reduce_96(val, _values, result)
+     result = val[0].merge(val[2])
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 174)
+  def _reduce_97(val, _values, result)
+     result = val[0].merge(val[1])
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 175)
+  def _reduce_98(val, _values, result)
+     result = {}
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 178)
+  def _reduce_99(val, _values, result)
+     result = { rdr_to: { host: val[1][:value], port: val[3][:value] } }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 179)
+  def _reduce_100(val, _values, result)
+     result = { rdr_to: { host: val[1][:value] } }
+    result
+  end
+.,.,
+
+module_eval(<<'.,.,', 'parser.y', 180)
+  def _reduce_101(val, _values, result)
+     result = { nat_to: val[1][:value] }
+    result
+  end
+.,.,
+
+def _reduce_none(val, _values, result)
+  val[0]
+end
+
+  end   # class Parser
+end   # module Puffy