From nobody@FreeBSD.org  Tue Dec  5 16:34:24 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 8B27916A416
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  5 Dec 2006 16:34:24 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 74C4343C9D
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  5 Dec 2006 16:33:44 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id kB5GYOwE025843
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 5 Dec 2006 16:34:24 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id kB5GYOaS025825;
	Tue, 5 Dec 2006 16:34:24 GMT
	(envelope-from nobody)
Message-Id: <200612051634.kB5GYOaS025825@www.freebsd.org>
Date: Tue, 5 Dec 2006 16:34:24 GMT
From: Joao Rocha Braga Filho<goffredo@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: parentesis bug in IPFW command
X-Send-Pr-Version: www-3.0

>Number:         106382
>Category:       bin
>Synopsis:       parenthesis bug in ipfw(8)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 05 16:40:21 GMT 2006
>Closed-Date:    Wed Feb 21 15:17:52 GMT 2007
>Last-Modified:  Wed Feb 21 15:17:52 GMT 2007
>Originator:     Joao Rocha Braga Filho
>Release:        6.2 RC1
>Organization:
Paratyinfo
>Environment:
FreeBSD goffredo.paratyinfo.com.br 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #3: Sat Dec  2 10:45:17 BRST 2006     goffredo@goffredo.paratyinfo.com.br:/usr/obj/usr/src/sys/GOFFREDO  amd64

>Description:
The man page says

"
     Additionally, sets of alternative match patterns (or-blocks) can be con-
     structed by putting the patterns in lists enclosed between parentheses (
     ) or braces { }, and using the or operator as follows:

           ipfw add 100 allow ip from { x or not y or z } to any
"

but when I use

root:goffredo[627] ipfw add 2 count tcp from any to '(' any 22 to any 23 ')'
ipfw: missing ")"

root:goffredo[628] ipfw add 2 count tcp from any to \( any 22 to any 23 \)
ipfw: missing ")"

root:goffredo[629] ipfw add 2 count tcp from any to '{' any 22 to any 23 '}'
ipfw: missing ")"

root:goffredo[630] ipfw add 2 count tcp from any to \{ any 22 to any 23 \}
ipfw: missing ")"


>How-To-Repeat:
Repeat the command.
>Fix:

>Release-Note:
>Audit-Trail:

From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To: Joao Rocha Braga Filho <goffredo@gmail.com>
Cc: freebsd-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Subject: Re: bin/106382: parentesis bug in IPFW command
Date: Tue, 5 Dec 2006 18:52:15 +0000 (UTC)

 On Tue, 5 Dec 2006, Joao Rocha Braga Filho wrote:
 
 > but when I use
 >
 > root:goffredo[627] ipfw add 2 count tcp from any to '(' any 22 to any 23 ')'
 > ipfw: missing ")"
 >
 > root:goffredo[628] ipfw add 2 count tcp from any to \( any 22 to any 23 \)
 > ipfw: missing ")"
 >
 > root:goffredo[629] ipfw add 2 count tcp from any to '{' any 22 to any 23 '}'
 > ipfw: missing ")"
 >
 > root:goffredo[630] ipfw add 2 count tcp from any to \{ any 22 to any 23 \}
 > ipfw: missing ")"
 
 
 that's a bad output from the parser giving you a false impression of
 the error. The command is wrong. it says
  	to any 22 to any 23
 you mean s,to,or, inside the () so it would be
  	to any 22
  	or
  	to any 23
 
 Could you try this:
 
 ipfw add 2 count tcp from any to any \( 22 or 23 \)
 
 ?
 
 -- 
 Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT

From: Maxim Konovalov <maxim@macomnet.ru>
To: Joao Rocha Braga Filho <goffredo@gmail.com>
Cc: bug-followup@freebsd.org
Subject: Re: bin/106382: parentesis bug in IPFW command
Date: Tue, 2 Jan 2007 13:24:10 +0300 (MSK)

 Hi,
 
 [...]
 > The man page says
 >
 > "  Additionally, sets of alternative match patterns (or-blocks) can
 > be constructed by putting the patterns in lists enclosed between
 > parentheses ( ) or braces { }, and using the or operator as follows:
 > ipfw add 100 allow ip from { x or not y or z } to any"
 >
 > but when I use
 >
 > root:goffredo[627] ipfw add 2 count tcp from any to '(' any 22 to any 23 ')'
 > ipfw: missing ")"
 >
 > root:goffredo[628] ipfw add 2 count tcp from any to \( any 22 to any 23 \)
 > ipfw: missing ")"
 >
 > root:goffredo[629] ipfw add 2 count tcp from any to '{' any 22 to any 23 '}'
 > ipfw: missing ")"
 >
 > root:goffredo[630] ipfw add 2 count tcp from any to \{ any 22 to any 23 \}
 > ipfw: missing ")"
 
 What does
 
 "from any to \{ any 22 to any 23 \}"
 
 mean in plain English?
 
 I think you need something like
 
 ipfw -n add 2 count tcp from any to any 22,23
 
 or
 
 ipfw -n add 2 count tcp from any to \{ 2.2.2.2 or 1.1.1.1 \} 22,23
 
 -- 
 Maxim Konovalov
State-Changed-From-To: open->closed 
State-Changed-By: remko 
State-Changed-When: Wed Feb 21 15:17:51 UTC 2007 
State-Changed-Why:  
After two requests for feedback, no feedback came. Close the pr ticket 

http://www.freebsd.org/cgi/query-pr.cgi?pr=106382 
>Unformatted:
