Subject: Re: Regular expression question...
eclectric@ftml.net
Date: Sun Aug 17 2003 - 22:33:15 AKDT
On Fri, 15 Aug 2003 22:22:03 -0800, "David J. Weller-Fahy"
<dave-lists-aklug@weller-fahy.com> said:
>
> I'm attempting to remove all the entries that iptables have put into my
> 'messages' firewall log that do not contain my external IP address as
> the destination address.
>
> Here is the best regular expression that I've been able to come up with
> so far:
>
> ^.*IN=eth1.*DST=[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[^2][^3][^2].*$
>
> As I understand REs (that is: not very well) this should match:
>
> BOL(anything)IN=eth1(anything)xxx.xxx.xxx.(anything but 232)(anything)EOL
>
> In the previous pattern, everything that is not anything should match
> the first occurence, not the last. Now, I know I'm incorrect, because
> it's not working when I try it in an s/// pattern in vim.
>
> Can anyone give a suggestion that would work better, or point out the
> error of my RE?
well, the first error is the backslashes in front of the curly braces..
they shouldn't be there as they keep the braces from being recognized as
metacharaters (which they need to be for your regex to work).
fixing that should make your regex MOSTLY work... except for the 232
bit.. the [^2][^3][^2] sequence will also exclude 2xy, x3y and xy2 for
all digits x and y. I'm not coming up with a solution to this one off
the top of my head for a normal regex, but maybe someone else can offer
one.
James
-- http://www.fastmail.fm - One of many happy users: http://www.fastmail.fm/docs/quotes.html --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Sun Aug 17 2003 - 22:33:20 AKDT