http://src.iws.cs.ovgu.de/source/xref/illumos-gate/usr/src/cmd/ipf/tools/ippool_y.y

N .. decnumber
S .. string
EOL    .. ';'
IPv6   .. IP v6 address
LSB    .. a semicolon or comma separated list of expressions always enclosed in
		  _curly_ braces.

file:
	[ S '=' S ';' ]*									// variable assignment
	[{ table | groupmap } EOL]*

table:
	'table'
	'role =' { 'ipf' | 'nat' | 'auth' | 'count'}
	{
		'type = tree' ['number =' N |'name =' S]  LSB([!]addr)
		|'type = hash' ['number =' N |'name =' S] [hashopts] LSB(addr)
	}

groupmap:
	'group-map' {'in' | 'out'}
	'role =' { 'ipf' | 'nat' | 'auth' | 'count'}
	['number =' N |'name =' S ]							//  poolName
	{
		'group =' {N|S} [hashopts] LSB(addr [', group =' {N|S}])
		| [hashopts] LSB(addr  ', group =' {N|S})
	}

hashopts:
	'size' '=' N		// size of the hash table
	|'seed' '=' N		// both are allowed as well
	|'size' '=' N 'seed' '=' N

addr:
	{ N[.N.N.N] | IPv6 | S } ['/' N[.N.N.N]]			// S = a hostname


NOTE: hash = (ntohl(addr->s_addr) & msk) * msk % size
	  msk is initially 0xffffffff (4 byte) and gets modified if lookup fails.
	  tables may have a number or name as identifier. Unfortunately you can
	  not use names in ipf.conf in ipfilter < v.5 to refer to the required
	  table!