" Vim syntax file " Language: PIX ver =< 6.3 " Maintainer: Omar Gani (omarg@deepsh.it) http://www.deepsh.it " Last Change: Feb 21, 2004 " The Latest version can be found at: http://www.deepsh.it/vimsyntax/vimsyntax.html " "TODO: permit, deny, no <--- green & red "TODO: IP addr <--- some color?? "TODO: inside, outside, dmz <--- some color?? " Remove any old syntax stuff hanging around syn clear " syntax is case sensitive syn case match " This is a work in process!!! syn match configComment "!.*$" " Service stuff syn match Servicetype "^service" syn match Servicetype "timestamps\|password-encryption\|compress-config\|" syn match Route "ip \+route" "PIX interface syn match Pixinterface "inside\|outside\|perimeter\|dmz[0-9]*\|DMZ[0-9]*" syn match Pixinterface "interface \+ethernet[0-9]\+ \+\(auto\|aui\|bnc\)" syn match Pixinterface "interface \+ethernet[0-9]\+ \+\(10baset\|10full\|100basetx\|100full\)" syn match Pixinterface "interface \+ethernet[0-9]\+ \+\(1000auto\|1000full\|1000full nonegotiate\)" syn match Pixinterface "interface \+gb-ethernet[0-9]\+ \+\(auto\|aui\|bnc\)" syn match Pixinterface "interface \+gb-ethernet[0-9]\+ \+\(10baset\|10full\|100basetx\|100full\)" syn match Pixinterface "interface \+gb-ethernet[0-9]\+ \+\(1000auto\|1000full\|1000full nonegotiate\)" syn match Pixinterface " shutdown" syn match Pixinterface " logical\|physical" syn match Pixinterface " change-vlan " "nameif cmd for security level syn match Pixinterface "nameif \+ethernet[0-9]\+ \+[0-9A-Za-z-_\.]\+ \+\(security[0-9]\{1,2}\|sec[0-9]\{1,2}\)" syn match Pixinterface "nameif \+ethernet[0-9]\+ \+[0-9A-Za-z-_\.]\+ \+\(security100\|sec100\)" syn match Pixinterface "nameif \+gb-ethernet[0-9]\+ \+[0-9A-Za-z-_\.]\+ \+\(security[0-9]\{1,2}\|sec[0-9]\{1,2}\)" syn match Pixinterface "nameif \+gb-ethernet[0-9]\+ \+[0-9A-Za-z-_\.]\+ \+\(security100\|sec100\)" syn match Pixinterface "nameif \+vlan[0-9]\+ \+[0-9A-Za-z-_\.]\+ \+\(security[0-9]\{1,2}\|sec[0-9]\{1,2}\)" syn match Pixinterface "nameif \+vlan[0-9]\+ \+[0-9A-Za-z-_\.]\+ \+\(security100\|sec100\)" "IP address syn match Ipaddress "^ip \+address\|ip \+nat\|ip \+access-group\|ip \+access-class" syn match Ipaddress ".*ip \+local \+pool \+[0-9A-Za-z-_\.]\+" "name/names cmd syn match Ipaddress "name " syn match Ipaddress "names " " syn match Ipaddress "domain-name " syn match Ipaddress "hostname " "DHCP related to IP address syn match Ipaddress "dhcpd \+address" syn match Ipaddress "dhcpd \+auto_config" syn match Ipaddress "dhcpd \+dns" syn match Ipaddress "dhcpd \+wins" syn match Ipaddress "dhcpd \+lease" syn match Ipaddress "dhcpd \+domain" syn match Ipaddress "dhcpd \+enable" syn match Ipaddress "dhcpd \+option \+66 \+ascii " syn match Ipaddress "dhcpd \+option \+150 \+ip " syn match Ipaddress "dhcpd \+ping_timeout " syn match Ipaddress "dhcprelay \+enable" syn match Ipaddress "dhcprelay \+server " syn match Ipaddress "dhcprelay \+setroute " syn match Ipaddress "dhcprelay \+timeout " syn match Ipaddress "vpdn group " syn match Ipaddress " accept dialin pptp\| request dialout pppoe" syn match Ipaddress " ppp \+authentication \+\(pap\|chap\|mschap\)" syn match Ipaddress " ppp \+encryption \+mppe \+\(40\|128\|auto\) " syn match Ipaddress " client \+configuration \+address \+local " syn match Ipaddress " client \+configuration \+dns " syn match Ipaddress " client \+configuration\+ wins " syn match Ipaddress " client \+authentication \+\(local\|aaa\) " syn match Ipaddress " client \+accounting " syn match Ipaddress " pptp \+echo " syn match Ipaddress " l2tp \+tunnel \+hello " syn match Ipaddress " vpdn \+username " syn match Ipaddress " password " syn match Ipaddress " store-local " syn match Ipaddress "vpdn \+enable " syn match Ipaddress "hostname " "route syn match Ipaddress "route " "network syn match Ipaddress "network" "route-map syn match Ipaddress "route-map " syn match Ipaddress "match " syn match Ipaddress "set \+metric \+[0-9]\+" syn match Ipaddress "set \+metric \+\(type-1\|type-2\|internal\|external\)" syn match Ipaddress "set \+ip \+next-hop" "global syn match Ipaddress "global " "RIP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Rip "rip " syn match Rip " passive" syn match Rip " default" syn match Rip " passive \+version \+[123]" syn match Rip " default \+version \+[123]" "OSPF ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Ospf "router \+ospf " syn match Ospf "area \+[0-9]\+" syn match Ospf "authentication \+message-digest" syn match Ospf "default-cost \+[0-9]\+" syn match Ospf "filter-list \+prefix " syn match Ospf "nssa" syn match Ospf "no-redistribution " syn match Ospf "default-information-originate " syn match Ospf "metric-type \+[12] " syn match Ospf "advertise" syn match Ospf "not-advertise" syn match Ospf "stub" syn match Ospf "no-summary" syn match Ospf "virtual-link " syn match Ospf "hello-interval \+[0-9]\+ " syn match Ospf "restransmit-interval \+[0-9]\+ " syn match Ospf "transmit-delay \+[0-9]\+ " syn match Ospf "dead-interval \+[0-9]\+ " syn match Ospf "authentication-key \+[0-9A-Za-z-_\.]\+" syn match Ospf "message-digest-key \+[0-9]\+ \+md5 \+[0-9A-Za-z-_\.]\+" syn match Ospf "compatible \+rfc1583" syn match Ospf "default-information \+originate" syn match Ospf "always" syn match Ospf "metric \+[0-9]\+" syn match Ospf "metric-type \+\(1\|2\)" syn match Ospf "distance \+ospf " syn match Ospf "intra-area \+[0-9]\+" syn match Ospf "inter-area \+[0-9]\+" syn match Ospf "external \+[0-9]\+" syn match Ospf "log-adj-changes" syn match Ospf "log-adj-changes \+detail" syn match Ospf "redistribute \+\(static\|connected\)" syn match Ospf "tag \+[0-9A-Za-z-_\.]\+" syn match Ospf "subnets" syn match Ospf "router-id " syn match Ospf "summary-address " syn match Ospf "not-advertise " syn match Ospf "timer \+spf \+[0-9]\+ \+[0-9]\+" syn match Ospf "timer \+lsa-group-pacing \+[0-9]\+" "Routing Interface ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Ospf "routing \+interface" syn match Ospf "ospf \+authentication" syn match Ospf "ospf \+authentication \+message-digest" syn match Ospf "ospf \+authenticationo \+null" syn match Ospf "ospf cost \+[0-9]\+" syn match Ospf "ospf database-filter \+all \+out" syn match Ospf "ospf mtu-ignore" syn match Ospf "ospf priority \+[0-9]\+" "IP address and number syn match configNumber /\d\{1,2}:\d\{1,2}:\d\{1,2}/ syn match configNumber /\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}/ syn match configNumber "any" "PERMIT & DENY syn match Permit " permit " syn match Permit "icmp \+permit \+any" syn match Permit "icmp \+permit \+host \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}" syn match Permit "icmp \+permit \+\(\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\|\ \+\)\{3,3}" syn match Deny " deny " syn match Deny "disable" syn match Deny "icmp \+deny \+any" syn match Deny "icmp \+deny \+host \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}" syn match Deny "icmp \+deny \+\(\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\|\ \+\)\{3,3}" syn match Deny "^no \|" "syn match Deny "^ no \|" syn match Protocol " ip " syn match Protocol "eq.*[0-9]\|eq.*[a-z]" syn match Protocol "gt.*[0-9]\|eq.*[a-z]" syn match Protocol "lt.*[0-9]\|eq.*[a-z]" syn match Protocol "range.*[0-9].*[0-9]\|range.*[a-z].*[a-z]" syn match Protocol " aol\| bgp\| biff\| bootpc\| bootps\| chargen\| citrix-ica\| cmd\| ctiqbe\| daytime" syn match Protocol " discard\| domain\| dnsix\| echo\| exec\| finger\| ftp\| ftp-data\| gopher" syn match Protocol " https\| h323\| hostname\| ident\| imap4\| irc\| isakmp\| kerberos\| klogin" syn match Protocol " kshell\| ldap\| ldaps\| lpd\| login\| lotusnotes\| mobile-ip\| nameserver\| netbios-ns" syn match Protocol " netbios-dgm\| netbios-ssn\| nntp\| ntp\| pcanywhere-status\| pcanywhere-data\| pim-auto-rp\| pop2" syn match Protocol " pop3\| pptp\| radius\| radius-acct\| rip\| secureid-udp\| smtp\| snmp\| snmptrap" syn match Protocol " sqlnet\| ssh\| rpc\| sunrpc\| syslog\| tacacs\| tacacs+\| talk\| telnet\| tftp" syn match Protocol " time\| uucp\| who\| whois\| www\| xdmcp\| established" syn match Protocol " ah\| eigrp\| esp\| gre\| icmp \| igmp\| igrp\| ipinip\| nos\|ospf" syn match Protocol " pcp\| snp\| tcp \| udp " syn match Protocol " icmp*\| \| tcp \| udp " "icmp protocol syn match Protocol " echo\| unreachable\| source-quench\| redirect\| alternate-address" syn match Protocol " echo-reply\| router-advertisement\| router-solicitation\| time-exceeded" syn match Protocol " parameter-problem\| timestamp-request\| timestamp-reply" syn match Protocol " information-request\| information-reply" syn match Protocol " mask-request\| mask-reply\| conversion-error\| mobile-redirect" "http - specifies the clients that are permitted to access it syn match Protocol "http \+\(\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\| \)\+ \+[0-9A-Za-z-_\.]\+" syn match Protocol "http \+0 \+0 \+[0-9A-Za-z-_\.]\+" syn match Protocol "http \+server \+enable" "access-list ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match ACL "access-list" syn match ACL "conduit \(permit\|deny\)" syn match ACL "access-group" syn match ACL "object-group" syn match ACL "^established " syn match ACL " permitto " syn match ACL " permitfrom " "NTP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Ntp "ntp \+authenticate" syn match Ntp "ntp \+authentication-key \+[0-9A-Za-z-_\.]\+ \+md5 \+[0-9]\+" syn match Ntp "ntp \+trusted-key \+[0-9]\+" syn match Ntp "ntp \+server " syn match Ntp " key \+[0-9]\+ \+source" syn match Ntp " prefer" "arp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Arp "arp" syn match Arp "arp timeout" "auto-update ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Autoupdate "auto-update \+device-id \(hardware-serial\|hostname\|ipaddress\|mac-address\|string\)" syn match Autoupdate "auto-update \+poll-period" syn match Autoupdate "auto-update \+server" syn match Autoupdate "auto-update \+timeout" "IPSec ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Ipsec "ipsec-isakmp" syn match Ipsec "isakmp " syn match Ipsec "isakmp \+policy " syn match Ipsec "authentication" syn match Ipsec " encryption" syn match Ipsec " hash" syn match Ipsec " group" syn match Ipsec " lifetime" syn match Ipsec "crypto" syn match Ipsec "crypto \+map " syn match Ipsec "crypto \+ipsec transform-set " syn match Ipsec "crypto \+dynamic-map " syn match Ipsec "crypto \+transform-set " syn match Ipsec " ah-md5-hmac" syn match Ipsec " ah-sha-hmac" syn match Ipsec " esp-aes" syn match Ipsec " esp-aes-192" syn match Ipsec " esp-aes-256" syn match Ipsec " esp-des" syn match Ipsec " esp-3des" syn match Ipsec " esp-null" syn match Ipsec " esp-md5-hmac" syn match Ipsec " esp-sha-hmac" syn match Ipsec " group[1257]" syn match Ipsec " match \+address \| set \+transform-set \| set \+peer \| set \+pfs \+group[1257] \| set \+security-association lifetime \+\(seconds\|kilobytes\) \+\| set \+session-key \+\(inbound\|outbound\) \+ah \| set \+session-key \+\(inbound\|outbound\) \+esp " syn match Ipsec " cipher " syn match Ipsec "crypto \+ipsec \+security-association \+lifetime \+\(seconds\|kilobytes\)" syn match Ipsec " mode \+transport" syn match Ipsec " client " syn match Ipsec " client \+configuration \+address \+\(initiate\|respond\)" syn match Ipsec " ipsec-isakmp" syn match Ipsec " ipsec-manual" syn match Ipsec " dynamic " "CA syn match Ipsec " ca " syn match Ipsec " ra " syn match Ipsec " crloptional " syn match Ipsec "ca \+authenticate" syn match Ipsec "ca \+configure" syn match Ipsec "ca \+crl \+request" syn match Ipsec "ca \+enroll" syn match Ipsec "ca \+identity" syn match Ipsec "ca \+subject-name" syn match Ipsec "ca \+verifycertdn" syn match Ipsec "permit-ipsec" "AAA ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match AAA "aaa \+accounting \+\(include\|exclude\)" syn match AAA "aaa \+accounting \+match" syn match AAA "aaa \+authentication \+\(include\|exclude\)" syn match AAA "aaa \+authentication \+match" syn match AAA "aaa \+authentication \+secure-http-client" syn match AAA "aaa \+authentication \+\(serial\|enable\|telnet\|ssh\|http\) console" syn match AAA "aaa \+authorization \+command" syn match AAA "aaa \+authorization \+\(include\|exclude\)" syn match AAA "aaa \+authorization \+match" syn match AAA "aaa \+mac-exempt \+match" syn match AAA "aaa \+proxy-limit " syn match AAA "aaa-server " syn match AAA "aaa-server \+radius-acctport " syn match AAA "aaa-server \+radius-authport " syn match AAA "tacacs+ " syn match AAA "radius " syn match AAA "auth-prompt \+\(accept\|reject\|prompt\)" "banner ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~! syn match Banner "banner \+\(exec\|login\|motd\)" "Failover ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Failover "failover " "failover ip address if_name ip_address syn match Failover "failover \+ip \+address \+[0-9A-Za-z-_\.]\+ \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}" "failover lan unit primary \| secondary syn match Failover "failover \+lan \+unit \+\(primary\|secondary\)" "failover lan interface lan_if_name syn match Failover "failover \+lan \+interface \+[0-9A-Za-z-_\.]\+" "failover lan key key_secret syn match Failover "failover \+lan \+key \+[0-9A-Za-z-_\.]\+" "failover lan enable syn match Failover "failover \+lan \+enable" "failover link [stateful_if_name] syn match Failover "failover \+link[ 0-9A-Za-z-_\.]*" "failover mac address mif_name act_mac stn_mac syn match Failover "failover \+mac \+address *[0-9A-Za-z-_\.]\+ *[0-9A-Za-z-_\.]\+ *[0-9A-Za-z-_\.]\+" "failover poll seconds syn match Failover "failover \+poll \+[0-9]\+" syn match Failover "failover \+replicate \+http" "Filter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Filter "filter \+activex \+[0-9A-Za-z-_\.]\+ \+[0-9 \.]*" "filter ftp dest-port local_ip local_mask foreign_ip foreign_mask [allow] [interact-block] "syn match Filter "filter \+\(activex\|ftp\|java\|http\|https\|url\|url.except\) \+[0-9A-Za-z-_\.]\+ \+[0-9 \.]*" syn match Number "filter \+\(activex\|ftp\|java\|http\|https\|url\|url.except\) \+[0-9A-Za-z-_\.]\+ [0-9 \.]*" syn match Filter " interact-block\| proxy-block\| longurl-deny\| cgi-truncate\| longurl-truncate" "Fixup ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Fixup "fixup.protocol \+\(ctiqbe.2748\|dns.*\|esp-ike\|ftp.*\|ftp.strict.*\|http.*\|h323.*\)" syn match Fixup "fixup.protocol \+\(icmp.error.*\|ils.*\|mgcp.*\|pptp.1723\|rsh.*\|rtsp.*\|sip.*\)" syn match Fixup "fixup.protocol \+\(skinny.*\|smtp.*\|sqlnet.*\|tftp.*\)" "Floodguard ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Floodguard "floodguard \+\(enable\|disable\)" "Fragment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Fragment "fragment \+\(size\|chain\|timeout\) " "IDS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match IDS "ip \+audit \+\(attack\|info\|interface\|name\|signature\)" syn match IDS "action" syn match IDS "alarm" syn match IDS "drop" syn match IDS "reset" syn match IDS " attact \| info " syn match IDS "XXXXXXXXX" syn match IDS "XXXXXXXXX" syn match IDS "XXXXXXXXX" syn match IDS "XXXXXXXXX" "Verify ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Verify ".*ip \+verify \+reverse-path interface \+[0-9A-Za-z-_\.]\+" "Logging ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Logging "logging \+\(on\|buffered\|console\|facility\|history\|monitor\|queue\|standby\|timestamp\|trap\)" syn match Logging "logging \+device-id \+\(hostname\|ipaddress\|string\)" syn match Logging "logging \+host \+[0-9A-Za-z-_\.]\+" syn match Logging "logging \+message \+[0-9]\+" syn match Logging "logging \+message \+[0-9]\+ \+level \+[0-9]\+" "MAC ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match MAC "mac-list \+[0-9A-Za-z-_\.]\+" "syn match MAC "mac-list \+[0-9A-Za-z-_\.]\+ \+\(permit\|deny\)" "Mgmtaccess ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Mgmtaccess "management-access \+[0-9A-Za-z-_\.]\+" "Mgcp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Mgcp "mgcp \+call-agent \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3} \+[0-9A-Za-z-_\.]\+" syn match Mgcp "mgcp \+command-queue \+[0-9]\+" syn match Mgcp "mgcp \+gateway \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3} \+[0-9A-Za-z-_\.]\+" "Mtu ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Mtu "mtu \+[0-9A-Za-z-_\.]\+ \+[0-9]\+" "Multicast ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Multicast "mroute " syn match Multicast "multicast \+interface \+[0-9A-Za-z-_\.]\+" syn match Multicast "igmp \+forward \+interface \+[0-9A-Za-z-_\.]\+" syn match Multicast "igmp \+access-group \+[0-9]\+" syn match Multicast "igmp \+version \+[123]" syn match Multicast "igmp \+join-group \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}" syn match Multicast "igmp \+max-groups \+[0-9]\+" syn match Multicast "igmp \+query-interval \+[0-9]\+" syn match Multicast "igmp \+query-max-response-time \+[0-9]\+" "NAT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match NAT "nat " syn match NAT "static " syn match NAT " norandomseq" "ObjectGroup ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "general object-group cmd syn match ObjectGroup "description " syn match ObjectGroup "group-object \+[0-9A-Za-z-_\.]\+" "object-group icmp-type syn match ObjectGroup "object-group \+icmp-type \+[0-9A-Za-z-_\.]\+" syn match ObjectGroup "icmp-object " " object-group network syn match ObjectGroup "network-object \+host \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}" syn match ObjectGroup "network-object \+host \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3} \+d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}" "object-group protocol syn match ObjectGroup "object-group \+protocol \+[0-9A-Za-z-_\.]\+" syn match ObjectGroup "protocol-object " "object-group service syn match ObjectGroup "object-group \+service \+[0-9A-Za-z-_\.]\+" syn match ObjectGroup "object-group \+service \+[0-9A-Za-z-_\.]\+ \+\(tcp\|udp\|tcp-upd\)" syn match ObjectGroup "port-object \+range \+[0-9]\+ \+[0-9]\+" syn match ObjectGroup "port-object \+eq" "outbound/apply ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match OutboundApply "outbound" syn match OutboundApply "apply" syn match OutboundApply "\(outgoing_src\|outgoing_dest\)" syn match OutboundApply " except " "pager ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Pager "pager \+lines \+[0-9]\+" "password ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Pwd "password " syn match Pwd "passwd " syn match Pwd " encrypted" "PDM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Pdm "pdm \+history \+enable" syn match Pdm "pdm \+group \+[0-9A-Za-z-_\.]\+" syn match Pdm " reference \+[0-9A-Za-z-_\.]\+" syn match Pdm "pdm \+location " syn match Pdm "pdm \+logging " "perfmon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Perfmon "perfmon \+verbose" syn match Perfmon "perfmon \+interval \+[0-9]\+" syn match Perfmon "perfmon \+quiet" "privilege ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match privilege "Privilege \+\(show\|clear\|configure\) level \+[0-9]\+ \+command" syn match privilege "Privilege \+\(show\|clear\|configure\) level \+[0-9]\+ \+mode \+\(enable\|configure\) \+command" "Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Service "service \+\(resetinbound\|resetoutside\)" "Session enable (deprecated) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Deprecated "session \+enable" "Shun ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Number "shun " syn match Number "shun \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}" syn match Number "shun \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3} \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}" syn match Number "shun \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3} \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3} \+[0-9]\+" syn match Number "shun \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3} \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3} \+[0-9]\+ \+[0-9]\+" "SNMP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Snmp "snmp-server \+community \+[0-9A-Za-z-_\.]\+" syn match Snmp "snmp-server \+\(contact\|location\)" syn match Snmp "snmp-server \+\(contact\|location\) \+[0-9A-Za-z-_\.]\+" syn match Snmp "snmp-server host " syn match Snmp "trap " syn match Snmp "poll " syn match Snmp "snmp-server \+enable \+traps" "SSH ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match SSH "ssh \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3} \+\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}" syn match SSh "ssh \+timeout \+[0-9]\+" "Sysopt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ syn match Sysopt "sysopt \+connection \+\(permit-pptp\|permit-l2tp\|permit-ipsec\)" syn match Sysopt "sysopt \+connection \+tcpmss" syn match Sysopt "sysopt \+connection \+tcpmss \+[0-9]\+" syn match Sysopt "sysopt \+connection \+tcpmss \+minimum \+[0-9]\+" syn match Sysopt "sysopt \+connection \+timewait" syn match Sysopt "sysopt \+ipsec \+pl-compatible" syn match Sysopt "sysopt \+nodnsalias \+\(inbound\|outbound\)" syn match Sysopt "sysopt \+noproxyarp" syn match Sysopt "sysopt \+radius \+ignore-secret" syn match Sysopt "sysopt \+uauth \+allow-http-cache" syn match Sysopt "sysopt \+nodnsalias" "deprecated Sysopt syn match Deprecated "sysopt \+route \+dnat" syn match Deprecated "sysopt \+security \+fragguard"