RubyGems - puffy - Versions diffs - 0.1.0 - Mend

puffy 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

checksums.yaml +7 -0
data/.github/workflows/ci.yml +36 -0
data/.gitignore +5 -0
data/.rspec +2 -0
data/.rubocop.yml +39 -0
data/.simplecov +8 -0
data/Gemfile +6 -0
data/README.md +51 -0
data/Rakefile +20 -0
data/bin/puffy +17 -0
data/lib/core_ext.rb +76 -0
data/lib/puffy/cli.rb +132 -0
data/lib/puffy/formatters/base.rb +95 -0
data/lib/puffy/formatters/netfilter.rb +263 -0
data/lib/puffy/formatters/netfilter4.rb +23 -0
data/lib/puffy/formatters/netfilter6.rb +23 -0
data/lib/puffy/formatters/pf.rb +132 -0
data/lib/puffy/parser.tab.rb +1217 -0
data/lib/puffy/puppet.rb +73 -0
data/lib/puffy/resolver.rb +76 -0
data/lib/puffy/rule.rb +220 -0
data/lib/puffy/rule_factory.rb +117 -0
data/lib/puffy/version.rb +5 -0
data/lib/puffy.rb +62 -0
data/puffy.gemspec +47 -0
metadata +254 -0

data/lib/puffy/parser.tab.rb ADDED Viewed

@@ -0,0 +1,1217 @@
+#
+# DO NOT MODIFY!!!!
+# This file is automatically generated by Racc 1.5.2
+# from Racc grammar file "".
+#
+require 'racc/parser.rb'
+require 'deep_merge'
+require 'strscan'
+module Puffy
+  class Parser < Racc::Parser
+module_eval(<<'...end parser.y/module_eval...', 'parser.y', 191)
+  attr_accessor :yydebug
+  attr_reader :policy, :filename
+  #attr_accessor :variables, :nodes, :services
+  def ipaddress?(s)
+    IPAddr.new(s.matched)
+  rescue IPAddr::InvalidAddressError
+    s.unscan
+    nil
+  end
+  def parse_file(filename)
+    @filename = filename
+    parse(File.read(filename))
+    @filename = nil
+  end
+  def parse(text)
+    @lineno = 1
+    s = StringScanner.new(text)
+    @tokens = []
+    @position = 0
+    @line = (s.check_until(/\n/) || '').chomp
+    until s.eos? do
+      case
+      when s.scan(/\n/)
+        @lineno += 1
+        @position = -1 # Current match "\n" length will be added before we read the first token
+        @line = (s.check_until(/\n/) || '').chomp
+      when s.scan(/#.*/) then # ignore comments
+      when s.scan(/\s+/) then # ignore blanks
+      when s.scan(/\//)
+        n = 0
+        while char = s.post_match[n]
+          case char
+          when /\\/
+            n += 1
+          when /\//
+            emit(:REGEX, Regexp.new(s.post_match[0...n]), s.matched_size)
+            s.pos += n + 1
+            break
+          end
+          n += 1
+        end
+      when s.scan(/=/) then         emit('=', s.matched)
+      when s.scan(/:/) then         emit(':', s.matched)
+      when s.scan(/,/) then         emit(',', s.matched)
+      when s.scan(/{/) then         emit('{', s.matched)
+      when s.scan(/}/) then         emit('}', s.matched)
+      when s.scan(/service\b/) then emit(:SERVICE, s.matched)
+      when s.scan(/client\b/) then  emit(:CLIENT, s.matched)
+      when s.scan(/server\b/) then  emit(:SERVER, s.matched)
+      when s.scan(/node\b/) then    emit(:NODE, s.matched)
+      when s.scan(/'[^'\n]*'/) then emit(:STRING, s.matched[1...-1], s.matched_size)
+      when s.scan(/"[^"\n]*"/) then emit(:STRING, s.matched[1...-1], s.matched_size)
+      when s.scan(/ipv4\b/) then    emit(:IPV4, s.matched)
+      when s.scan(/ipv6\b/) then    emit(:IPV6, s.matched)
+      when s.scan(/policy\b/) then  emit(:POLICY, s.matched)
+      when s.scan(/do\b/) then      emit(:DO, s.matched)
+      when s.scan(/end\b/) then     emit(:END, s.matched)
+      when s.scan(/\$\S+/) then     emit(:VARIABLE, s.matched[1..-1], s.matched_size)
+      when s.scan(/pass\b/) then    emit(:PASS, s.matched)
+      when s.scan(/block\b/) then   emit(:BLOCK, s.matched)
+      when s.scan(/in\b/) then      emit(:IN, s.matched)
+      when s.scan(/out\b/) then     emit(:OUT, s.matched)
+      when s.scan(/log\b/) then     emit(:LOG, s.matched)
+      when s.scan(/inet\b/) then    emit(:INET, s.matched)
+      when s.scan(/inet6\b/) then   emit(:INET6, s.matched)
+      when s.scan(/on\b/) then      emit(:ON, s.matched)
+      when s.scan(/proto\b/) then   emit(:PROTO, s.matched)
+      when s.scan(/from\b/) then    emit(:FROM, s.matched)
+      when s.scan(/to\b/) then      emit(:TO, s.matched)
+      when s.scan(/all\b/) then     emit(:ALL, s.matched)
+      when s.scan(/any\b/) then     emit(:ANY, s.matched)
+      when s.scan(/self\b/) then    emit(:SELF, s.matched)
+      when s.scan(/port\b/) then    emit(:PORT, s.matched)
+      when s.scan(/nat-to\b/) then  emit(:NAT_TO, s.matched)
+      when s.scan(/rdr-to\b/) then  emit(:RDR_TO, s.matched)
+      when s.scan(/\d+\.\d+\.\d+\.\d+(\/\d+)?/) && ip = ipaddress?(s) then           emit(:ADDRESS, ip, s.matched_size)
+      when s.scan(/[[:xdigit:]]*:[:[:xdigit:]]+(\/\d+)?/) && ip = ipaddress?(s) then emit(:ADDRESS, ip, s.matched_size)
+      when s.scan(/\d+/) then      emit(:INTEGER, s.matched.to_i, s.matched_size)
+      when s.scan(/\w[\w-]+/) then emit(:IDENTIFIER, s.matched)
+      else
+        raise SyntaxError.new('Syntax error', { filename: @filename, lineno: @lineno, position: @position, line: @line })
+      end
+      @position += s.matched_size if s.matched_size
+    end
+    begin
+      do_parse
+    rescue Racc::ParseError => e
+      raise ParseError.new("Parse error: unexpected token: #{@current_token[0]}", @current_token[1].merge(filename: @filename))
+    end
+  end
+  def emit(token, value, length = nil)
+    if token && length.nil?
+      raise "length must be explicitly passed when value is not a String (#{value.class.name})" unless value.is_a?(String)
+      length = value.length
+    end
+    exvalue = {
+      value: value,
+      line: @line,
+      lineno: @lineno,
+      position: @position,
+      length: length,
+    }
+    @tokens << [token, exvalue]
+  end
+  def next_token
+    @current_token = @tokens.shift
+  end
+  def initialize
+    super
+    @variables = {}
+    @nodes = {}
+    @saved_policies = {}
+    @services = {}
+    @rule_factory = Puffy::RuleFactory.new
+  end
+  def nodes
+    @nodes.keys
+  end
+  def prefered_key_for_hostname(keys, hostname)
+    direct_mapping = []
+    regexp_mapping = []
+    keys.each do |key|
+      case key
+      when String
+        direct_mapping << key if key == hostname
+      when Regexp
+        regexp_mapping << key if key.match?(hostname)
+      when Array
+        key.each do |value|
+          case value
+          when String
+            direct_mapping << key if value == hostname
+          when Regexp
+            regexp_mapping << key if value.match?(hostname)
+          end
+        end
+      end
+    end
+    raise "Multiple definitions for #{hostname}" if direct_mapping.count > 1
+    raise "Multiple definitions match #{hostname}: #{regexp_mapping.join(', ')}" if regexp_mapping.count > 1
+    direct_mapping.first || regexp_mapping.first
+  end
+  def prefered_value_for_hostname(hash, hostname)
+    hash[(prefered_key_for_hostname(hash.keys, hostname))]
+  end
+  def ruleset_for(hostname)
+    rules = prefered_value_for_hostname(@nodes, hostname)
+    rule_factory = RuleFactory.new
+    rules.map do |r|
+      rule_factory.build(r)
+    end.flatten
+  end
+  def policy_for(hostname)
+    prefered_value_for_hostname(@saved_policies, hostname) || @default_policy || :block
+  end
+...end parser.y/module_eval...
+##### State transition tables begin ###
+racc_action_table = [
+   132,   132,   129,   132,   132,    24,   153,   154,   162,    74,
+    10,    25,    26,   107,    33,   107,   110,   111,   110,   111,
+   140,    15,    34,   110,   111,    17,   115,   116,    76,    77,
+    19,    18,   131,   131,    21,   131,   131,    22,   164,   165,
+   106,   109,   106,   109,    76,    77,    49,   139,   142,    89,
+    90,    91,    38,    47,    48,    50,    51,    49,    25,    26,
+    39,    30,    31,    67,    47,    48,    50,    51,    49,    25,
+    26,    66,    27,     9,    69,    47,    48,    50,    51,    49,
+    25,    26,    68,    62,     9,    38,    47,    48,    50,    51,
+    49,    25,    26,    39,    89,    90,    91,    47,    48,    50,
+    51,    49,    25,    26,    21,    30,    31,    22,    47,    48,
+    50,    51,    49,    25,    26,    59,    60,    30,    31,    47,
+    48,    50,    51,    49,    25,    26,    21,    76,    77,    22,
+    47,    48,    50,    51,    49,    25,    26,   133,   134,   110,
+   111,    47,    48,    50,    51,    49,    25,    26,   160,   134,
+   110,   111,    47,    48,    50,    51,    49,    25,    26,    89,
+    90,    91,    78,    47,    48,    50,    51,    49,    25,    26,
+    89,    90,    91,    96,    47,    48,    50,    51,    49,    25,
+    26,   150,    99,   148,   100,    47,    48,    50,    51,     6,
+    25,    26,     6,   110,   111,     6,     7,     8,     6,     7,
+     8,     9,     7,     8,     9,     7,     8,     9,     6,   101,
+     9,    54,    55,    17,    21,     7,     8,    22,    17,    18,
+     9,    17,    28,   102,    18,    30,    31,    18,   150,   124,
+   125,   166,   167,    76,    77,   110,   111,   110,   111,   164,
+   165,   103,   104,   114,   119,   119,   126,   128,   137,   145,
+   119,   156,   150,   170,   171,   150,   173,   174 ]
+racc_action_check = [
+   119,   129,   119,   143,   154,     9,   143,   143,   157,    52,
+     1,     9,     9,    89,    16,    90,    89,    89,    90,    90,
+   128,     6,    16,   128,   128,     7,    97,    97,    52,    52,
+     8,     7,   119,   129,     8,   143,   154,     8,   157,   157,
+    89,    89,    90,    90,    97,    97,    33,   128,   128,    70,
+    70,    70,    20,    33,    33,    33,    33,    34,    33,    33,
+    20,    28,    28,    47,    34,    34,    34,    34,    38,    34,
+    34,    47,    10,    38,    48,    38,    38,    38,    38,    39,
+    38,    38,    48,    43,    39,    54,    39,    39,    39,    39,
+    44,    39,    39,    54,    71,    71,    71,    44,    44,    44,
+    44,    45,    44,    44,    19,    60,    60,    19,    45,    45,
+    45,    45,    46,    45,    45,    41,    41,    41,    41,    46,
+    46,    46,    46,    57,    46,    46,    55,    74,    74,    55,
+    57,    57,    57,    57,    58,    57,    57,   120,   120,   120,
+   120,    58,    58,    58,    58,    66,    58,    58,   152,   152,
+   152,   152,    66,    66,    66,    66,    67,    66,    66,    72,
+    72,    72,    53,    67,    67,    67,    67,    68,    67,    67,
+   136,   136,   136,    73,    68,    68,    68,    68,    69,    68,
+    68,   137,    81,   137,    82,    69,    69,    69,    69,     0,
+    69,    69,     2,   107,   107,     3,     0,     0,     4,     2,
+     2,     0,     3,     3,     2,     4,     4,     3,     5,    84,
+     4,    35,    35,    49,    35,     5,     5,    35,    50,    49,
+     5,    51,    15,    85,    50,    15,    15,    51,   158,   113,
+   113,   158,   158,   116,   116,   134,   134,   140,   140,   162,
+   162,    86,    87,    95,   105,   112,   114,   118,   123,   131,
+   138,   145,   148,   164,   165,   167,   170,   173 ]
+racc_action_pointer = [
+   187,    10,   190,   193,   196,   206,    18,    23,    26,   -10,
+    72,   nil,   nil,   nil,   nil,   218,    10,   nil,   nil,    96,
+    48,   nil,   nil,   nil,   nil,   nil,   nil,   nil,    54,   nil,
+   nil,   nil,   nil,    37,    48,   206,   nil,   nil,    59,    70,
+   nil,   110,   nil,    78,    81,    92,   103,    59,    70,   211,
+   216,   219,     5,   149,    81,   118,   nil,   114,   125,   nil,
+    98,   nil,   nil,   nil,   nil,   nil,   136,   147,   158,   169,
+    21,    66,   131,   158,   104,   nil,   nil,   nil,   nil,   nil,
+   nil,   177,   171,   nil,   196,   218,   228,   237,   nil,     9,
+    11,   nil,   nil,   nil,   nil,   223,   nil,    21,   nil,   nil,
+   nil,   nil,   nil,   nil,   nil,   211,   nil,   186,   nil,   nil,
+   nil,   nil,   212,   204,   238,   nil,   210,   nil,   218,    -2,
+   132,   nil,   nil,   221,   nil,   nil,   nil,   nil,    16,    -1,
+   nil,   214,   nil,   nil,   228,   nil,   142,   179,   217,   nil,
+   230,   nil,   nil,     1,   nil,   217,   nil,   nil,   250,   nil,
+   nil,   nil,   143,   nil,     2,   nil,   nil,     2,   226,   nil,
+   nil,   nil,   203,   nil,   246,   247,   nil,   253,   nil,   nil,
+   223,   nil,   nil,   223,   nil ]
+racc_action_default = [
+    -5,  -102,    -5,    -5,    -5,    -5,  -102,  -102,  -102,  -102,
+  -102,    -1,    -2,    -3,    -4,  -102,  -102,   -14,   -15,  -102,
+  -102,   -21,   -22,   -32,   -33,   -46,   -47,   175,  -102,    -7,
+   -11,   -12,   -13,   -31,   -31,  -102,   -20,   -17,   -31,   -31,
+   -25,  -102,   -10,  -102,   -31,   -31,   -31,  -102,  -102,  -102,
+  -102,  -102,   -48,  -102,  -102,  -102,   -19,   -31,   -31,    -6,
+  -102,    -9,   -26,   -28,   -29,   -30,   -31,   -31,   -31,   -31,
+   -71,   -71,   -71,   -43,  -102,   -50,   -54,   -55,   -27,   -16,
+   -18,  -102,  -102,    -8,  -102,  -102,  -102,  -102,   -38,   -76,
+   -76,   -69,   -70,   -39,   -40,   -44,   -42,  -102,   -53,   -23,
+   -24,   -34,   -35,   -36,   -37,   -84,   -72,  -102,   -74,   -75,
+   -91,   -92,   -84,   -56,  -102,   -49,  -102,   -52,   -67,  -102,
+  -102,   -95,   -68,   -59,   -57,   -58,   -45,   -51,   -81,  -102,
+   -83,   -88,   -89,   -73,  -102,   -94,  -102,  -102,   -84,   -77,
+  -102,   -79,   -80,  -102,   -87,  -102,   -93,   -98,  -102,   -61,
+   -65,   -66,  -102,   -82,  -102,   -86,   -90,   -41,  -102,   -64,
+   -78,   -85,  -102,   -97,  -102,  -102,   -60,  -102,   -63,   -96,
+  -100,  -101,   -62,  -102,   -99 ]
+racc_goto_table = [
+    75,    20,   121,   130,    29,    37,   163,   120,    16,    53,
+    41,   169,    36,   144,    53,   135,    32,    42,    35,    63,
+    64,    65,    98,   141,   118,   149,    23,   155,    56,   146,
+    61,   122,    81,    82,    73,   121,   159,    95,   161,    79,
+   152,    84,    85,    86,    87,   117,   168,   135,    80,    83,
+    70,    71,    72,    57,    58,   172,     1,   151,    11,    12,
+    13,    14,   105,   112,   127,    88,    93,    94,   113,   123,
+   136,   147,   157,    97,   158,   138,   143 ]
+racc_goto_check = [
+    27,    12,    34,    36,     7,    11,    37,    33,     8,    13,
+     6,    37,    12,    36,    13,    34,     9,     7,    10,    13,
+    13,    13,    27,    34,    31,    29,    17,    36,    12,    34,
+     7,    31,    13,    13,    19,    34,    29,    20,    36,    11,
+    33,    13,    13,    13,    13,    27,    29,    34,    12,     7,
+     8,     8,     8,     4,     4,    29,     1,    31,     1,     1,
+     1,     1,    30,    30,    27,    18,    18,    18,    21,    22,
+    23,    24,    25,    26,    28,    32,    35 ]
+racc_goto_pointer = [
+   nil,    56,   nil,   nil,    15,   nil,   -18,   -11,     1,     0,
+    -1,   -15,    -7,   -25,   nil,   nil,   nil,    17,    -5,   -18,
+   -36,   -27,   -44,   -53,   -65,   -75,    -1,   -52,   -74,  -112,
+   -27,   -81,   -53,  -100,  -105,   -53,  -116,  -151 ]
+racc_goto_default = [
+   nil,   nil,     2,     3,     4,     5,   nil,   nil,   nil,    40,
+   nil,   nil,   nil,    43,    44,    45,    46,    52,   nil,   nil,
+   nil,   nil,   nil,   nil,    92,   nil,   nil,   nil,   nil,   nil,
+   nil,   nil,   nil,   nil,   108,   nil,   nil,   nil ]
+racc_reduce_table = [
+  0, 0, :racc_error,
+  2, 39, :_reduce_none,
+  2, 39, :_reduce_none,
+  2, 39, :_reduce_3,
+  2, 39, :_reduce_none,
+  0, 39, :_reduce_none,
+  5, 40, :_reduce_6,
+  3, 40, :_reduce_7,
+  3, 44, :_reduce_8,
+  2, 44, :_reduce_9,
+  1, 44, :_reduce_10,
+  1, 45, :_reduce_11,
+  1, 45, :_reduce_12,
+  3, 43, :_reduce_13,
+  1, 46, :_reduce_14,
+  1, 46, :_reduce_15,
+  5, 41, :_reduce_16,
+  3, 41, :_reduce_17,
+  3, 48, :_reduce_18,
+  2, 48, :_reduce_19,
+  1, 48, :_reduce_20,
+  1, 50, :_reduce_21,
+  1, 50, :_reduce_22,
+  4, 49, :_reduce_23,
+  4, 49, :_reduce_24,
+  1, 49, :_reduce_25,
+  3, 47, :_reduce_26,
+  3, 47, :_reduce_27,
+  2, 51, :_reduce_28,
+  2, 51, :_reduce_29,
+  2, 51, :_reduce_30,
+  0, 51, :_reduce_31,
+  2, 42, :_reduce_32,
+  2, 42, :_reduce_33,
+  4, 53, :_reduce_34,
+  4, 53, :_reduce_35,
+  4, 54, :_reduce_36,
+  4, 54, :_reduce_37,
+  3, 52, :_reduce_38,
+  3, 52, :_reduce_39,
+  3, 52, :_reduce_40,
+  8, 52, :_reduce_41,
+  1, 58, :_reduce_none,
+  0, 58, :_reduce_none,
+  0, 59, :_reduce_none,
+  2, 59, :_reduce_45,
+  1, 55, :_reduce_46,
+  1, 55, :_reduce_47,
+  0, 57, :_reduce_none,
+  3, 57, :_reduce_49,
+  1, 57, :_reduce_50,
+  3, 64, :_reduce_51,
+  2, 64, :_reduce_52,
+  1, 64, :_reduce_53,
+  1, 65, :_reduce_54,
+  1, 65, :_reduce_55,
+  0, 60, :_reduce_none,
+  1, 60, :_reduce_57,
+  1, 60, :_reduce_58,
+  0, 61, :_reduce_none,
+  4, 61, :_reduce_60,
+  2, 61, :_reduce_61,
+  3, 66, :_reduce_62,
+  2, 66, :_reduce_63,
+  1, 66, :_reduce_64,
+  1, 67, :_reduce_65,
+  6, 62, :_reduce_66,
+  3, 62, :_reduce_67,
+  3, 62, :_reduce_68,
+  1, 62, :_reduce_69,
+  1, 56, :_reduce_none,
+  0, 56, :_reduce_71,
+  1, 68, :_reduce_72,
+  3, 68, :_reduce_73,
+  1, 68, :_reduce_none,
+  1, 68, :_reduce_75,
+  0, 68, :_reduce_none,
+  1, 70, :_reduce_77,
+  3, 70, :_reduce_78,
+  1, 70, :_reduce_none,
+  1, 70, :_reduce_80,
+  0, 70, :_reduce_none,
+  4, 69, :_reduce_82,
+  2, 69, :_reduce_83,
+  0, 69, :_reduce_none,
+  3, 73, :_reduce_85,
+  2, 73, :_reduce_86,
+  1, 73, :_reduce_87,
+  1, 74, :_reduce_88,
+  1, 74, :_reduce_89,
+  3, 74, :_reduce_90,
+  1, 72, :_reduce_91,
+  1, 72, :_reduce_92,
+  3, 71, :_reduce_93,
+  2, 71, :_reduce_94,
+  1, 71, :_reduce_95,
+  3, 63, :_reduce_96,
+  2, 63, :_reduce_97,
+  0, 63, :_reduce_98,
+  4, 75, :_reduce_99,
+  2, 75, :_reduce_100,
+  2, 75, :_reduce_101 ]
+racc_reduce_n = 102
+racc_shift_n = 175
+racc_token_table = {
+  false => 0,
+  :error => 1,
+  :IDENTIFIER => 2,
+  "=" => 3,
+  "{" => 4,
+  "}" => 5,
+  "," => 6,
+  :ADDRESS => 7,
+  :STRING => 8,
+  :SERVICE => 9,
+  :NODE => 10,
+  :REGEX => 11,
+  :DO => 12,
+  :END => 13,
+  :POLICY => 14,
+  :LOG => 15,
+  :IPV4 => 16,
+  :IPV6 => 17,
+  :CLIENT => 18,
+  :SERVER => 19,
+  :ON => 20,
+  :BLOCK => 21,
+  :PASS => 22,
+  :IN => 23,
+  :OUT => 24,
+  :INET => 25,
+  :INET6 => 26,
+  :PROTO => 27,
+  :FROM => 28,
+  :TO => 29,
+  :ALL => 30,
+  :ANY => 31,
+  :VARIABLE => 32,
+  :PORT => 33,
+  :INTEGER => 34,
+  ":" => 35,
+  :RDR_TO => 36,
+  :NAT_TO => 37 }
+racc_nt_base = 38
+racc_use_result_var = true
+Racc_arg = [
+  racc_action_table,
+  racc_action_check,
+  racc_action_default,
+  racc_action_pointer,
+  racc_goto_table,
+  racc_goto_check,
+  racc_goto_default,
+  racc_goto_pointer,
+  racc_nt_base,
+  racc_reduce_table,
+  racc_token_table,
+  racc_shift_n,
+  racc_reduce_n,
+  racc_use_result_var ]
+Racc_token_to_s_table = [
+  "$end",
+  "error",
+  "IDENTIFIER",
+  "\"=\"",
+  "\"{\"",
+  "\"}\"",
+  "\",\"",
+  "ADDRESS",
+  "STRING",
+  "SERVICE",
+  "NODE",
+  "REGEX",
+  "DO",
+  "END",
+  "POLICY",
+  "LOG",
+  "IPV4",
+  "IPV6",
+  "CLIENT",
+  "SERVER",
+  "ON",
+  "BLOCK",
+  "PASS",
+  "IN",
+  "OUT",
+  "INET",
+  "INET6",
+  "PROTO",
+  "FROM",
+  "TO",
+  "ALL",
+  "ANY",
+  "VARIABLE",
+  "PORT",
+  "INTEGER",
+  "\":\"",
+  "RDR_TO",
+  "NAT_TO",
+  "$start",
+  "target",
+  "assignation",
+  "node",
+  "policy",
+  "service",
+  "variable_value_list",
+  "variable_value",
+  "service_name",
+  "block",
+  "node_name_list",
+  "block_with_policy",
+  "node_name",
+  "rules",
+  "pf_rule",
+  "ipv4_block",
+  "ipv6_block",
+  "action",
+  "optional_hosts",
+  "rule_direction",
+  "log",
+  "on_interface",
+  "rule_af",
+  "protospec",
+  "hosts",
+  "filteropts",
+  "direction_list",
+  "direction",
+  "protocol_list",
+  "protocol",
+  "hosts_from",
+  "hosts_port",
+  "hosts_to",
+  "host_list",
+  "host",
+  "port_list",
+  "port",
+  "filteropt" ]
+Racc_debug_parser = false
+##### State transition tables end #####
+# reduce 0 omitted
+# reduce 1 omitted
+# reduce 2 omitted
+module_eval(<<'.,.,', 'parser.y', 4)
+  def _reduce_3(val, _values, result)
+     @default_policy = val[0]
+    result
+  end
+.,.,
+# reduce 4 omitted
+# reduce 5 omitted
+module_eval(<<'.,.,', 'parser.y', 9)
+  def _reduce_6(val, _values, result)
+     @variables[val[0][:value]] = val[3].freeze
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 10)
+  def _reduce_7(val, _values, result)
+     @variables[val[0][:value]] = val[2].freeze
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 13)
+  def _reduce_8(val, _values, result)
+     result = val[0] + [val[2]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 14)
+  def _reduce_9(val, _values, result)
+     result = val[0] + [val[1]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 15)
+  def _reduce_10(val, _values, result)
+     result = [val[0]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 18)
+  def _reduce_11(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 19)
+  def _reduce_12(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 22)
+  def _reduce_13(val, _values, result)
+     @services[val[1]] = val[2]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 25)
+  def _reduce_14(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 26)
+  def _reduce_15(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 29)
+  def _reduce_16(val, _values, result)
+     @nodes[val[2]] = val[4]; @saved_policies[val[2]] = @policy
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 30)
+  def _reduce_17(val, _values, result)
+     @nodes[val[1]] = val[2]; @saved_policies[val[1]] = @policy
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 33)
+  def _reduce_18(val, _values, result)
+     result = val[0] + [val[2]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 34)
+  def _reduce_19(val, _values, result)
+     result = val[0] + [val[1]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 35)
+  def _reduce_20(val, _values, result)
+     result = [val[0]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 38)
+  def _reduce_21(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 39)
+  def _reduce_22(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 42)
+  def _reduce_23(val, _values, result)
+     @policy = val[1]; result = val[2]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 43)
+  def _reduce_24(val, _values, result)
+     @policy = val[1]; result = val[2]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 44)
+  def _reduce_25(val, _values, result)
+     @policy = nil; result = val[0]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 47)
+  def _reduce_26(val, _values, result)
+     result = val[1].freeze
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 48)
+  def _reduce_27(val, _values, result)
+     result = val[1].freeze
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 51)
+  def _reduce_28(val, _values, result)
+     result = val[0] + val[1]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 52)
+  def _reduce_29(val, _values, result)
+     result = val[0] + val[1]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 53)
+  def _reduce_30(val, _values, result)
+     result = val[0] + val[1]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 54)
+  def _reduce_31(val, _values, result)
+     result = []
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 57)
+  def _reduce_32(val, _values, result)
+     result = val[1][:action]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 58)
+  def _reduce_33(val, _values, result)
+     result = 'log'
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 61)
+  def _reduce_34(val, _values, result)
+     result = val[2].reject { |x| x[:af] == :inet6 }.map { |x| x[:af] = :inet ; x }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 62)
+  def _reduce_35(val, _values, result)
+     result = val[2].reject { |x| x[:af] == :inet6 }.map { |x| x[:af] = :inet ; x }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 65)
+  def _reduce_36(val, _values, result)
+     result = val[2].reject { |x| x[:af] == :inet }.map { |x| x[:af] = :inet6 ; x }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 66)
+  def _reduce_37(val, _values, result)
+     result = val[2].reject { |x| x[:af] == :inet }.map { |x| x[:af] = :inet6 ; x }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 69)
+  def _reduce_38(val, _values, result)
+     result = @services.fetch(val[1]).deep_dup.map { |x| x.merge(val[2]) }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 71)
+  def _reduce_39(val, _values, result)
+                 raise "service #{val[1]} cannot be used as client" if @services.fetch(val[1]).map { |x| x[:dir] }.compact.any?
+             result = @services.fetch(val[1]).deep_dup.map { |x| x.merge(dir: :out).deep_merge(val[2]) }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 75)
+  def _reduce_40(val, _values, result)
+                 raise "service #{val[1]} cannot be used as server" if @services.fetch(val[1]).map { |x| x[:dir] }.compact.any?
+             result = @services.fetch(val[1]).deep_dup.map { |x| x.merge(dir: :in).deep_merge(val[2]) }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 78)
+  def _reduce_41(val, _values, result)
+     result = [val.compact.inject(:merge)]
+    result
+  end
+.,.,
+# reduce 42 omitted
+# reduce 43 omitted
+# reduce 44 omitted
+module_eval(<<'.,.,', 'parser.y', 86)
+  def _reduce_45(val, _values, result)
+     result = { on: val[1][:value] }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 89)
+  def _reduce_46(val, _values, result)
+     result = { action: :block }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 90)
+  def _reduce_47(val, _values, result)
+     result = { action: :pass }
+    result
+  end
+.,.,
+# reduce 48 omitted
+module_eval(<<'.,.,', 'parser.y', 94)
+  def _reduce_49(val, _values, result)
+     result = { dir: val[1] }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 95)
+  def _reduce_50(val, _values, result)
+     result = { dir: val[0] }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 98)
+  def _reduce_51(val, _values, result)
+     result = val[0] + [val[2]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 99)
+  def _reduce_52(val, _values, result)
+     result = val[0] + [val[1]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 100)
+  def _reduce_53(val, _values, result)
+     result = [val[0]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 103)
+  def _reduce_54(val, _values, result)
+     result = :in
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 104)
+  def _reduce_55(val, _values, result)
+     result = :out
+    result
+  end
+.,.,
+# reduce 56 omitted
+module_eval(<<'.,.,', 'parser.y', 108)
+  def _reduce_57(val, _values, result)
+     result = { af: :inet }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 109)
+  def _reduce_58(val, _values, result)
+     result = { af: :inet6 }
+    result
+  end
+.,.,
+# reduce 59 omitted
+module_eval(<<'.,.,', 'parser.y', 113)
+  def _reduce_60(val, _values, result)
+     result = { proto: val[2] }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 114)
+  def _reduce_61(val, _values, result)
+     result = { proto: val[1] }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 117)
+  def _reduce_62(val, _values, result)
+     result = val[0] + [val[2]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 118)
+  def _reduce_63(val, _values, result)
+     result = val[0] + [val[1]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 119)
+  def _reduce_64(val, _values, result)
+     result = [val[0]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 122)
+  def _reduce_65(val, _values, result)
+     result = val[0][:value].to_sym
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 125)
+  def _reduce_66(val, _values, result)
+     result = { from: { host: val[1], port: val[2] }, to: { host: val[4], port: val[5] } }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 126)
+  def _reduce_67(val, _values, result)
+     result = { from: { host: val[1], port: val[2] } }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 127)
+  def _reduce_68(val, _values, result)
+     result = { to: { host: val[1], port: val[2] } }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 128)
+  def _reduce_69(val, _values, result)
+     result = {}
+    result
+  end
+.,.,
+# reduce 70 omitted
+module_eval(<<'.,.,', 'parser.y', 132)
+  def _reduce_71(val, _values, result)
+     result = {}
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 135)
+  def _reduce_72(val, _values, result)
+     result = nil
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 136)
+  def _reduce_73(val, _values, result)
+     result = val[1]
+    result
+  end
+.,.,
+# reduce 74 omitted
+module_eval(<<'.,.,', 'parser.y', 138)
+  def _reduce_75(val, _values, result)
+     result = @variables.fetch(val[0][:value])
+    result
+  end
+.,.,
+# reduce 76 omitted
+module_eval(<<'.,.,', 'parser.y', 142)
+  def _reduce_77(val, _values, result)
+     result = nil
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 143)
+  def _reduce_78(val, _values, result)
+     result = val[1]
+    result
+  end
+.,.,
+# reduce 79 omitted
+module_eval(<<'.,.,', 'parser.y', 145)
+  def _reduce_80(val, _values, result)
+     result = @variables.fetch(val[0][:value])
+    result
+  end
+.,.,
+# reduce 81 omitted
+module_eval(<<'.,.,', 'parser.y', 149)
+  def _reduce_82(val, _values, result)
+     result = val[2]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 150)
+  def _reduce_83(val, _values, result)
+     result = val[1]
+    result
+  end
+.,.,
+# reduce 84 omitted
+module_eval(<<'.,.,', 'parser.y', 154)
+  def _reduce_85(val, _values, result)
+     result = val[0] + [val[2]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 155)
+  def _reduce_86(val, _values, result)
+     result = val[0] + [val[1]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 156)
+  def _reduce_87(val, _values, result)
+     result = [val[0]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 159)
+  def _reduce_88(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 160)
+  def _reduce_89(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 161)
+  def _reduce_90(val, _values, result)
+     result = Range.new(val[0][:value], val[2][:value])
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 164)
+  def _reduce_91(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 165)
+  def _reduce_92(val, _values, result)
+     result = val[0][:value]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 168)
+  def _reduce_93(val, _values, result)
+     result = val[0] + [val[2]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 169)
+  def _reduce_94(val, _values, result)
+     result = val[0] + [val[1]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 170)
+  def _reduce_95(val, _values, result)
+     result = [val[0]]
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 173)
+  def _reduce_96(val, _values, result)
+     result = val[0].merge(val[2])
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 174)
+  def _reduce_97(val, _values, result)
+     result = val[0].merge(val[1])
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 175)
+  def _reduce_98(val, _values, result)
+     result = {}
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 178)
+  def _reduce_99(val, _values, result)
+     result = { rdr_to: { host: val[1][:value], port: val[3][:value] } }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 179)
+  def _reduce_100(val, _values, result)
+     result = { rdr_to: { host: val[1][:value] } }
+    result
+  end
+.,.,
+module_eval(<<'.,.,', 'parser.y', 180)
+  def _reduce_101(val, _values, result)
+     result = { nat_to: val[1][:value] }
+    result
+  end
+.,.,
+def _reduce_none(val, _values, result)
+  val[0]
+end
+  end   # class Parser
+end   # module Puffy