7 Appendix B: Full ABNF Grammar

The following sections list the complete grammar rules of the policy setting that are encoded using ABNF syntax for implementers of Group Policy: Firewall and Advanced Security Group Policy Extension Encoding.

 PROFILE_VAL = "Domain" / "Private" / "Public"
  
 PORT_RANGE_VAL = BEGINPORT "-" ENDPORT
 PORT_VAL = SINGLEPORT
  
 BEGINPORT = PORT
 ENDPORT = PORT
 SINGLEPORT = PORT
  
 PORT = 1*5DIGIT
  
 LPORT_KEYWORD_VAL = "RPC" / "RPC-EPMap" / "Teredo" 
 LPORT_KEYWORD_VAL_2_10 = "IPTLSIn" / "IPHTTPSIn"
 RPORT_KEYWORD_VAL_2_10 = "IPTLSOut" / "IPHTTPSOut"
  
 DIR_VAL = "In" / "Out"
  
 ACTION_VAL = "Allow" / "Block" / "ByPass"
  
 IFSECURE_VAL = "Authenticate" / "AuthenticateEncrypt"
 IFSECUIRE2_9_VAL = "An-NoEncap"
 IFSECURE2_10_VAL = "AnE-Nego"
  
 IF_VAL = GUID
  
 IFTYPE_VAL = "Lan" / "Wireless" / "RemoteAccess"
  
 ADDRESSV4_RANGE_VAL = BEGINADDRV4 "-" ENDADDRV4
 ADDRESSV4_RANGE_VAL = SINGLEADDRV4
  
 BEGINADDRV4 = ADDRV4
 ENDADDRV4 = ADDRV4
 SINGLEADDRV4 = ADDRV4
  
 ADDRV4 = 1*3DIGIT "."1*3DIGIT "."1*3DIGIT "."1*3DIGIT
  
 ADDRESSV4_SUBNET_VAL = SUBNET_ADDRV4 "/" V4PREFIX_LENGHT
 ADDRESSV4_SUBNET_VAL = SUBNET_ADDRV4 "/" MASK_ADDRV4
  
 V4PREFIX_LENGHT = 1*2DIGIT
  
 SUBNET_ADDRV4 = ADDRV4
 MASK_ADDRV4 = ADDRV4
  
 ADDRESSV6_RANGE_VAL = BEGINADDRV6 "-" ENDADDRV6
 ADDRESSV6_RANGE_VAL = SINGLEADDRV6
  
 BEGINADDRV6 = ADDRV6
 ENDADDRV6 = ADDRV6
 SINGLEADDRV6 = ADDRV6
  
 ADDRESSV6_SUBNET_VAL = SUBNET_ADDRV6 "/" V6PREFIX_LENGHT
  
 V6PREFIX_LENGHT = 1*3DIGIT
  
 SUBNET_ADDRV6 = ADDRV6
  
 ADDRESS_KEYWORD_VAL = "LocalSubnet" / "DNS" / "DHCP" / "WINS" / DefaultGateway"
  
 BOOL_VAL = "TRUE" / "FALSE"
  
 DEFER_VAL = "App" / "User"
  
 ICMP_TYPE_CODE_VAL = TYPE ":" CODE
  
 TYPE = 1*3DIGIT
  
 CODE = 1*3DIGIT
 CODE =/ "*"
  
 PLATFORM_VAL = PLATFORM ":" OS_MAJOR_VER ":" OS_MINOR_VER
  
 PLATFORM = 1DIGIT
 OS_MAJOR_VER = 1*3DIGIT
 OS_MINOR_VER = 1*3DIGIT
  
 PLATFORM_OP_VAL = "GTEQ"
  
 RULE = "v" VERSION "|" 1*FIELD
  
 FIELD = TYPE_VALUE "|"
  
 TYPE_VALUE =  "Action=" ACTION_VAL
 TYPE_VALUE =/ "Dir=" DIR_VAL
 TYPE_VALUE =/ "Profile=" PROFILE_VAL
 TYPE_VALUE =/ "Protocol=" 1*3DIGIT                ; protocol is maximum 3 digits (255)
 TYPE_VALUE =/ "LPort=" ( PORT_VAL / LPORT_KEYWORD_VAL )
 TYPE_VALUE =/ "RPort=" PORT_VAL
 TYPE_VALUE =/ "LPort2_10=" ( PORT_RANGE_VAL / LPORT_KEYWORD_VAL_2_10 )
 TYPE_VALUE =/ "RPort2_10=" ( PORT_RANGE_VAL / RPORT_KEYWORD_VAL_2_10 )
 TYPE_VALUE =/ "Security=" IFSECURE_VAL
 TYPE_VALUE =/ "Security2_9=" IFSECURE2_9_VAL
 TYPE_VALUE =/ "Security2=" IFSECURE2_10_VAL 
 TYPE_VALUE =/ "IF=" IF_VAL
 TYPE_VALUE =/ "IFType=" IFTYPE_VAL
 TYPE_VALUE =/ "App=" APP_VAL
 TYPE_VALUE =/ "Svc=" SVC_VAL
 TYPE_VALUE =/ "LA4=" ( ADDRESSV4_RANGE_VAL / ADDRESSV4_SUBNET_VAL )
 TYPE_VALUE =/ "RA4=" ( ADDRESSV4_RANGE_VAL / ADDRESSV4_SUBNET_VAL / ADDRESS_KEYWORD_VAL )
 TYPE_VALUE =/ "LA6=" ( ADDRESSV6_RANGE_VAL / ADDRESSV6_SUBNET_VAL )
 TYPE_VALUE =/ "RA6=" ( ADDRESSV6_RANGE_VAL / ADDRESSV6_SUBNET_VAL / ADDRESS_KEYWORD_VAL )
 TYPE_VALUE =/ "Name=" STR_VAL
 TYPE_VALUE =/ "Desc=" STR_VAL
 TYPE_VALUE =/ "EmbedCtxt=" STR_VAL
 TYPE_VALUE =/ "Edge=" BOOL_VAL
 TYPE_VALUE =/ "Defer=" DEFER_VAL
 TYPE_VALUE =/ "LSM=" BOOL_VAL
 TYPE_VALUE =/ "Active=" BOOL_VAL
 TYPE_VALUE =/ "ICMP4=" ICMP_TYPE_CODE_VAL
 TYPE_VALUE =/ "ICMP6=" ICMP_TYPE_CODE_VAL
 TYPE_VALUE =/ "Platform=" PLATFORM_VAL
 TYPE_VALUE =/ "RMauth=" STR_VAL
 TYPE_VALUE =/ "RUAuth=" STR_VAL
 TYPE_VALUE =/ "AuthByPassOut=" BOOL_VAL
 TYPE_VALUE =/ "SkipVer=" VERSION
  
 VERSION = MAJOR_VER "." MINOR_VER
  
 MAJOR_VER = 1*3DIGIT
 MINOR_VER = 1*3DIGIT
  
 APP_VAL = 1*ALPHANUM
 SVC_VAL = "*" / 1*ALPHANUM
  
 STR_VAL = 1*ALPHANUM
  
  
 INTERFACES_VAL = [ *1INTF_FIELD / INTF_FIELD 1*INTF_FIELD_SEQ ]
 INTF_FIELD = "{" GUID "}"
 INTF_FIELD_SEQ = "," INTF_FIELD
  
 PHASE1_AUTH_METHOD_VAL = "Anonymous" / "MachineKerb" / "MachineCert" 
 PHASE1_AUTH_METHOD_VAL =/ "MachineSHKey" / "MachineNtlm"
  
 PHASE2_AUTH_METHOD_VAL = "Anonymous" / "MachineCert" / "UserKerb" 
 PHASE2_AUTH_METHOD_VAL =/ "UserCert" / "UserNtlm"
  
 TIMEOUT_MIN_VAL = 1*8DIGIT
 TIMEOUT_SESS_VAL = 1*10DIGIT
 PFS_VAL = "Disable" / "EnableDHFromPhase1" / "ReKeyDH1" / "ReKeyDH2" / "ReKeyDH2048" 
 PFS_VAL =/ "ReKeyECDH256" / "ReKeyECDH384"
  
 KEY_EXCHANGE_VAL = "DH1" / "DH2" / "DH2048" / "ECDH-256" / "ECDH-384"
 ENCRYPTION_VAL = "DES" / "3DES" / "AES-128" / "AES-192" / "AES-256"
 HASH_VAL = "MD5" / "SHA1"
 HASH2_1_VAL = "SHA256" / "SHA384"
 PROTOCOL_VAL = "AH" / "ESP" / "AH&ESP"
 ENCRYPTION2_1_VAL = "AES-GCM128" / "AES-GCM192" / "AES-GCM256"
 AH_ESP_HASH2_1_VAL = "SHA256" / "AES-GCM128" / "AES-GCM192" / "AES-GCM256"
 PROTOCOL2_9_VAL = "AUTH_NO_ENCAP"
  
 CS_ACTION_VAL = "SecureServer" / "Boundary" / "Secure" / "DoNotSecure"
  
 CSRULE = "v" VERSION "|" 1*FIELD
  
 FIELD = TYPE_VALUE "|"
  
 TYPE_VALUE =  "Action=" CS_ACTION_VAL
 TYPE_VALUE =/ "Profile=" PROFILE_VAL
 TYPE_VALUE =/ "Protocol=" 1*3DIGIT                ; protocol is maximum 3 digits (255)
 TYPE_VALUE =/ "EP1Port=" PORT_VAL
 TYPE_VALUE =/ "EP2Port=" PORT_VAL
 TYPE_VALUE =/ "EP1Port2_10=" PORT_RANGE_VAL
 TYPE_VALUE =/ "EP2Port2_10=" PORT_RANGE_VAL
 TYPE_VALUE =/ "IF=" IF_VAL
 TYPE_VALUE =/ "IFType=" IFTYPE_VAL
 TYPE_VALUE =/ "Auth1Set=" STR_VAL
 TYPE_VALUE =/ "Auth2Set=" STR_VAL
 TYPE_VALUE =/ "Crypto2Set=" STR_VAL
 TYPE_VALUE =/ "EP1_4=" ( ADDRESSV4_RANGE_VAL / ADDRESSV4_SUBNET_VAL / ADDRESS_KEYWORD_VAL )
 TYPE_VALUE =/ "EP2_4=" ( ADDRESSV4_RANGE_VAL / ADDRESSV4_SUBNET_VAL / ADDRESS_KEYWORD_VAL )
 TYPE_VALUE =/ "EP1_6=" ( ADDRESSV6_RANGE_VAL / ADDRESSV6_SUBNET_VAL / ADDRESS_KEYWORD_VAL )
 TYPE_VALUE =/ "EP2_6=" ( ADDRESSV6_RANGE_VAL / ADDRESSV6_SUBNET_VAL / ADDRESS_KEYWORD_VAL )
 TYPE_VALUE =/ "Name=" STR_VAL
 TYPE_VALUE =/ "Desc=" STR_VAL
 TYPE_VALUE =/ "EmbedCtxt=" STR_VAL
 TYPE_VALUE =/ "Active=" BOOL_VAL
 TYPE_VALUE =/ "Platform=" PLATFORM_VAL
 TYPE_VALUE =/ "SkipVer=" VERSION
 TYPE_VALUE =/ "Platform2=" PLATFORM_OP_VAL
 TYPE_VALUE =/ "SecureInClearOut=" BOOL_VAL
 TYPE_VALUE =/ "ByPassTunnel=" BOOL_VAL
 TYPE_VALUE =/ "Authz=" BOOL_VAL
 TYPE_VALUE =/ "RTunnel4=" ADDRV4
 TYPE_VALUE =/ "RTunnel6=" ADDRV6
 TYPE_VALUE =/ "LTunnel4=" ADDRV4
 TYPE_VALUE =/ "LTunnel6=" ADDRV6
 TYPE_VALUE =/ "RTunnel4_2=" ADDRV4
 TYPE_VALUE =/ "RTunnel6_2=" ADDRV6
 TYPE_VALUE =/ "LTunnel4_2=" ADDRV4
 TYPE_VALUE =/ "LTunnel6_2=" ADDRV6
  
  
  
 MMRULE = "v" VERSION "|" 1*FIELD
  
 FIELD = TYPE_VALUE "|"
  
 TYPE_VALUE =/ "Profile=" PROFILE_VAL
 TYPE_VALUE =/ "Auth1Set=" STR_VAL
 TYPE_VALUE =/ "Crypto1Set=" STR_VAL
 TYPE_VALUE =/ "EP1_4=" ( ADDRESSV4_RANGE_VAL / ADDRESSV4_SUBNET_VAL / ADDRESS_KEYWORD_VAL )
 TYPE_VALUE =/ "EP2_4=" ( ADDRESSV4_RANGE_VAL / ADDRESSV4_SUBNET_VAL / ADDRESS_KEYWORD_VAL )
 TYPE_VALUE =/ "EP1_6=" ( ADDRESSV6_RANGE_VAL / ADDRESSV6_SUBNET_VAL / ADDRESS_KEYWORD_VAL )
 TYPE_VALUE =/ "EP2_6=" ( ADDRESSV6_RANGE_VAL / ADDRESSV6_SUBNET_VAL / ADDRESS_KEYWORD_VAL )
 TYPE_VALUE =/ "Name=" STR_VAL
 TYPE_VALUE =/ "Desc=" STR_VAL
 TYPE_VALUE =/ "EmbedCtxt=" STR_VAL
 TYPE_VALUE =/ "Active=" BOOL_VAL
 TYPE_VALUE =/ "Platform=" PLATFORM_VAL
 TYPE_VALUE =/ "SkipVer=" VERSION
Show: