IPFW Why does ipfw require netbios\-ns and not netbios-ns?

[mikhail1]

My query is as described in the comments in the script shown below.
TL;DR Why does ipfw require netbios\-ns and not netbios-ns?
Same thing happens for dhcpv6\\-server.

# Working example script.

set -x

cmd_add="/sbin/ipfw -n add"
int="igb0"
ns3="169.1.1.1"

# As I understand it:
#   The opening brace, {, needs to be escape as its a keyword for the shell.
#   The backslash is removed by the shell on evaluation with the resultant line used as input to the ipfw command.
#   It all seems to work as required.
${cmd_add} 1010 set 1 allow  proto ip4 src-ip ${ns3} src-port any \{ not dst-ip me not dst-ip 255.255.255.255 not dst-ip 192.168.64.0/24 \} dst-port any in recv ${int} record-state

# HOWEVER THE LINE BELOW DOES NOT.
${cmd_add} 1020 set 1 deny proto udp src-ip 192.168.64.0/24 src-port netbios-ns dst-ip 192.168.64.255 dst-port netbios-ns in recv ${int} record-state
#
# ipfw seems to complain about it NOT the shell.
#
# To get it to work for ipfw it needs to be:
${cmd_add} 1020 set 1 deny proto udp src-ip 192.168.64.0/24 src-port netbios\-ns dst-ip 192.168.64.255 dst-port netbios\-ns in recv ${int} record-state
#
# To stop the shell complaining about the backslash it needs to be escaped with the end result being:
${cmd_add} 1020 set 1 deny proto udp src-ip 192.168.64.0/24 src-port netbios\\-ns dst-ip 192.168.64.255 dst-port netbios\\-ns in recv ${int} record-state

# So, why does ipfw require netbios\-ns?

Output from script:
+ cmd_add='/sbin/ipfw -n add'
+ int=igb0
+ ns3=169.1.1.1
+ /sbin/ipfw -n add 1010 set 1 allow proto ip4 src-ip 169.1.1.1 src-port any { not dst-ip me not dst-ip 255.255.255.255 not dst-ip 192.168.64.0/24 } dst-port any in recv igb0 record-state
01010 allow proto ip4 src-ip 169.1.1.1 not dst-ip me not dst-ip 255.255.255.255 not dst-ip 192.168.64.0/24 in recv igb0 record-state :default
+ /sbin/ipfw -n add 1020 set 1 deny proto udp src-ip 192.168.64.0/24 src-port netbios-ns dst-ip 192.168.64.255 dst-port netbios-ns in recv igb0 record-state
ipfw: invalid source port netbios-ns
+ /sbin/ipfw -n add 1020 set 1 deny proto udp src-ip 192.168.64.0/24 src-port netbios-ns dst-ip 192.168.64.255 dst-port netbios-ns in recv igb0 record-state
ipfw: invalid source port netbios-ns
+ /sbin/ipfw -n add 1020 set 1 deny proto udp src-ip 192.168.64.0/24 src-port 'netbios\-ns' dst-ip 192.168.64.255 dst-port 'netbios\-ns' in recv igb0 record-state
01020 deny proto udp src-ip 192.168.64.0/24 src-port 137 dst-ip 192.168.64.255 dst-port 137 in recv igb0 record-state :default

 

[Emrion]

From ipfw man page, ipfw(8)

ports: {port | port-port}[,ports]
For protocols which support port numbers (such as SCTP, TCP and
UDP), optional ports may be specified as one or more ports or
port ranges, separated by commas but no spaces, and an optional
not operator. The `-' notation specifies a range of ports (in-
cluding boundaries).

Service names (from /etc/services) may be used instead of nu-
meric port values. The length of the port list is limited to
30 ports or ranges, though one can specify larger ranges by us-
ing an or-block in the options section of the rule.

A backslash (`\') can be used to escape the dash (`-') charac-
ter in a service name (from a shell, the backslash must be
typed twice to avoid the shell itself interpreting it as an es-
cape character).

ipfw add count tcp from any ftp\\-data-ftp to any

Is this the answer you're looking for?

 

[mikhail1]

I suspect it is, thanks.
Another set of eyes always helps .