xref: /netbsd-src/external/ibm-public/postfix/dist/proto/cidr_table (revision afab4e300d3a9fb07dd8c80daf53d0feb3345706)

#++
# NAME
#	cidr_table 5
# SUMMARY
#	format of Postfix CIDR tables
# SYNOPSIS
#	\fBpostmap -q "\fIstring\fB" cidr:/etc/postfix/\fIfilename\fR
#
#	\fBpostmap -q - cidr:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
# DESCRIPTION
#	The Postfix mail system uses optional lookup tables.
#	These tables are usually in \fBdbm\fR or \fBdb\fR format.
#	Alternatively, lookup tables can be specified in CIDR
#	(Classless Inter-Domain Routing) form. In this case, each
#	input is compared against a list of patterns. When a match
#	is found, the corresponding result is returned and the search
#	is terminated.
#
#	To find out what types of lookup tables your Postfix system
#	supports use the "\fBpostconf -m\fR" command.
#
#	To test lookup tables, use the "\fBpostmap -q\fR" command as
#	described in the SYNOPSIS above.
# TABLE FORMAT
# .ad
# .fi
#	The general form of a Postfix CIDR table is:
# .IP "\fIpattern     result\fR"
#	When a search string matches the specified \fIpattern\fR, use
#	the corresponding \fIresult\fR value. The \fIpattern\fR must be
#	in \fInetwork/prefix\fR or \fInetwork_address\fR form (see
#	ADDRESS PATTERN SYNTAX below).
# .IP "\fB!\fIpattern	result\fR"
#	When a search string does not match the specified \fIpattern\fR,
#	use the specified \fIresult\fR value. The \fIpattern\fR must
#	be in \fInetwork/prefix\fR or \fInetwork_address\fR form (see
#	ADDRESS PATTERN SYNTAX below).
# .sp
#	This feature is available in Postfix 3.2 and later.
# .IP "\fBif \fIpattern\fR"
# .IP "\fBendif\fR"
#	When a search string matches the specified \fIpattern\fR, match
#	that search string against the patterns between \fBif\fR and
#	\fBendif\fR.  The \fIpattern\fR must be in \fInetwork/prefix\fR or
#	\fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The
#	\fBif\fR..\fBendif\fR can nest.
# .sp
#	Note: do not prepend whitespace to text between
#	\fBif\fR..\fBendif\fR.
# .sp
#	This feature is available in Postfix 3.2 and later.
# .IP "\fBif !\fIpattern\fR"
# .IP "\fBendif\fR"
#	When a search string does not match the specified \fIpattern\fR,
#	match that search string against the patterns between \fBif\fR and
#	\fBendif\fR. The \fIpattern\fR must be in \fInetwork/prefix\fR or
#	\fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The
#	\fBif\fR..\fBendif\fR can nest.
# .sp
#	Note: do not prepend whitespace to text between
#	\fBif\fR..\fBendif\fR.
# .sp
#	This feature is available in Postfix 3.2 and later.
# .IP "blank lines and comments"
#	Empty lines and whitespace-only lines are ignored, as
#	are lines whose first non-whitespace character is a `#'.
# .IP "multi-line text"
#	A logical line starts with non-whitespace text. A line that
#	starts with whitespace continues a logical line.
# TABLE SEARCH ORDER
# .ad
# .fi
#	Patterns are applied in the order as specified in the table, until a
#	pattern is found that matches the search string.
# ADDRESS PATTERN SYNTAX
# .ad
# .fi
#	Postfix CIDR tables are pattern-based.	A pattern is either
#	a \fInetwork_address\fR which requires an exact match, or a
#	\fInetwork_address/prefix_length\fR where the \fIprefix_length\fR
#	part specifies the length of the \fInetwork_address\fR prefix
#	that must be matched (the other bits in the \fInetwork_address\fR
#	part must be zero).
#
#	An IPv4 network address is a sequence of four decimal octets
#	separated by ".", and an IPv6 network address is a sequence
#	of three to eight hexadecimal octet pairs separated by ":"
#	or "::", where the latter is short-hand for a sequence of
#	one or more all-zero octet pairs. The pattern 0.0.0.0/0
#	matches every IPv4 address, and ::/0 matches every IPv6
#	address.  IPv6 support is available in Postfix 2.2 and
#	later.
#
#	Before comparisons are made, lookup keys and table entries
#	are converted from string to binary. Therefore, IPv6 patterns
#	will be matched regardless of leading zeros (a leading zero in
#	an IPv4 address octet indicates octal notation).
#
#	Note: address information may be enclosed inside "[]" but
#	this form is not required.
# INLINE SPECIFICATION
# .ad
# .fi
#	The contents of a table may be specified in the table name.
#	The basic syntax is:
#
# .nf
#	main.cf:
#	    \fIparameter\fR \fB= .. cidr:{ { \fIrule-1\fB }, { \fIrule-2\fB } .. } ..\fR
#
#	master.cf:
#	    \fB.. -o { \fIparameter\fR \fB= .. cidr:{ { \fIrule-1\fB }, { \fIrule-2\fB } .. } .. } ..\fR
# .fi
#
#	Postfix ignores whitespace after '{' and before '}', and
#	writes each \fIrule\fR as one text line to an in-memory
#	file:
#
# .nf
#	in-memory file:
#	    rule-1
#	    rule-2
#	    ..
# .fi
#
#	Postfix parses the result as if it is a file in /etc/postfix.
#
#	Note: if a rule contains \fB$\fR, specify \fB$$\fR to keep
#	Postfix from trying to do \fI$name\fR expansion as it
#	evaluates a parameter value.
# EXAMPLE SMTPD ACCESS MAP
# .nf
#	/etc/postfix/main.cf:
#	    smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ...
#
#	/etc/postfix/client.cidr:
#	    # Rule order matters. Put more specific allowlist entries
#	    # before more general denylist entries.
#	    192.168.1.1             OK
#	    192.168.0.0/16          REJECT
#	    2001:db8::1             OK
#	    2001:db8::/32           REJECT
# .fi
# SEE ALSO
#	postmap(1), Postfix lookup table manager
#	regexp_table(5), format of regular expression tables
#	pcre_table(5), format of PCRE tables
# README FILES
# .ad
# .fi
#	Use "\fBpostconf readme_directory\fR" or
#	"\fBpostconf html_directory\fR" to locate this information.
# .na
# .nf
#	DATABASE_README, Postfix lookup table overview
# HISTORY
#	CIDR table support was introduced with Postfix version 2.1.
# AUTHOR(S)
#	The CIDR table lookup code was originally written by:
#	Jozsef Kadlecsik
#	KFKI Research Institute for Particle and Nuclear Physics
#	POB. 49
#	1525 Budapest, Hungary
#
#	Adopted and adapted by:
#	Wietse Venema
#	IBM T.J. Watson Research
#	P.O. Box 704
#	Yorktown Heights, NY 10598, USA
#
#	Wietse Venema
#	Google, Inc.
#	111 8th Avenue
#	New York, NY 10011, USA
#--