mirror of
https://github.com/fwbuilder/fwbuilder
synced 2025-10-17 16:07:48 +02:00
fixes #603 added command line switch -xc to compilers
This commit is contained in:
Vadim Kurland
parent
c4fff812dc
commit
011ca8ca27
@ -4,13 +4,19 @@ fwb_ipt \- Policy compiler for iptables
|
||||
.SH SYNOPSIS
|
||||
|
||||
.B fwb_ipt
|
||||
.RB [-wvV]
|
||||
.RB [-d wdir]
|
||||
.RB [-o output.fw]
|
||||
.RB -f data_file.xml
|
||||
.RB [-4]
|
||||
.RB [-6]
|
||||
.RB [-V]
|
||||
.RB [-d wdir]
|
||||
.RB [-i]
|
||||
.RB -f data_file.xml
|
||||
.RB [-o output.fw]
|
||||
.RB [-O fw1_id,fw1_output.fw[,fw2_id,fw2_output.fw]]
|
||||
.RB [-v]
|
||||
.RB [-xc]
|
||||
.RB [-xn N]
|
||||
.RB [-xp N]
|
||||
.RB [-xt]
|
||||
object_name
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
@ -47,6 +53,11 @@ Specify the name of the data file to be processed.
|
||||
.IP "-o output.fw"
|
||||
Specify output file name
|
||||
|
||||
.IP "-O fw1_id,fw1_output.fw[,fw2_id,fw2_output.fw]"
|
||||
The argument is a comma separated list of firewall object IDs and
|
||||
corresponding output file names. This option is used by fwbuilder GUI
|
||||
while compiling firewall clusters.
|
||||
|
||||
.IP "-d wdir"
|
||||
Specify working directory. Compiler creates file with iptables script
|
||||
in this directory. If this parameter is missing, then iptables script
|
||||
@ -62,6 +73,27 @@ Print version number and quit.
|
||||
When this option is present, the last argument on the command line is
|
||||
supposed to be firewall object ID rather than its name
|
||||
|
||||
.IP "-xc"
|
||||
When output file name is determined automatically (i.e. flags -o or -O
|
||||
are not present), the file name is composed of the cluster name and
|
||||
member firewall name rather than just member firewall name. This is
|
||||
used mostly for testing when the same member firewall object can be a
|
||||
part of different clusters with different configurations.
|
||||
|
||||
.IP "-xt"
|
||||
This flag makes compiler treat all fatal errors as warnings and
|
||||
continue processing rules. Generated configuration script most likely
|
||||
will be incorrect but will include error message as a comment; this
|
||||
flag is used for testing and debugging.
|
||||
|
||||
.IP "-xp N"
|
||||
Debugging flag: this causes compiler to print detailed description of
|
||||
the policy rule number "N" as it precesses it, step by step.
|
||||
|
||||
.IP "-xn N"
|
||||
Debugging flag: this causes compiler to print detailed description of
|
||||
the NAT rule number "N" as it precesses it, step by step.
|
||||
|
||||
.SH URL
|
||||
Firewall Builder home page is located at the following URL:
|
||||
.B http://www.fwbuilder.org/
|
||||
|
||||
@ -8,9 +8,13 @@ fwb_ipt \- Policy compiler for Cisco PIX
|
||||
.SH SYNOPSIS
|
||||
|
||||
.B fwb_pix
|
||||
.B [-vVi]
|
||||
.B [-d wdir]
|
||||
.B -f data_file.xml
|
||||
.RB -f data_file.xml
|
||||
.RB [-V]
|
||||
.RB [-d wdir]
|
||||
.RB [-i]
|
||||
.RB [-v]
|
||||
.RB [-xc]
|
||||
.RB [-xt]
|
||||
object_name
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
@ -45,6 +49,19 @@ Print version number and quit.
|
||||
When this option is present, the last argument on the command line is
|
||||
supposed to be firewall object ID rather than its name
|
||||
|
||||
.IP "-xc"
|
||||
When output file name is determined automatically (i.e. flags -o or -O
|
||||
are not present), the file name is composed of the cluster name and
|
||||
member firewall name rather than just member firewall name. This is
|
||||
used mostly for testing when the same member firewall object can be a
|
||||
part of different clusters with different configurations.
|
||||
|
||||
.IP "-xt"
|
||||
This flag makes compiler treat all fatal errors as warnings and
|
||||
continue processing rules. Generated configuration script most likely
|
||||
will be incorrect but will include error message as a comment; this
|
||||
flag is used for testing and debugging.
|
||||
|
||||
.SH URL
|
||||
Firewall Builder home page is located at the following URL:
|
||||
.B http://www.fwbuilder.org/
|
||||
|
||||
@ -57,9 +57,12 @@ protected:
|
||||
std::string safetyNetInstall(libfwbuilder::Firewall *fw);
|
||||
void printProlog(QTextStream &file, const std::string &prolog_code);
|
||||
|
||||
virtual QString assembleManifest(libfwbuilder::Firewall* fw, bool cluster_member);
|
||||
virtual QString assembleManifest(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall* fw,
|
||||
bool cluster_member);
|
||||
virtual QString printActivationCommands(libfwbuilder::Firewall *fw);
|
||||
virtual QString assembleFwScript(libfwbuilder::Firewall* fw,
|
||||
virtual QString assembleFwScript(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall* fw,
|
||||
bool cluster_member,
|
||||
OSConfigurator *ocsnf);
|
||||
|
||||
|
||||
@ -87,11 +87,11 @@ using namespace libfwbuilder;
|
||||
using namespace fwcompiler;
|
||||
|
||||
|
||||
QString CompilerDriver_iosacl::assembleManifest(Firewall* fw, bool cluster_member)
|
||||
QString CompilerDriver_iosacl::assembleManifest(Cluster *cluster, Firewall* fw, bool cluster_member)
|
||||
{
|
||||
QString script_buffer;
|
||||
QTextStream script(&script_buffer, QIODevice::WriteOnly);
|
||||
QString ofname = determineOutputFileName(fw, cluster_member, ".fw");
|
||||
QString ofname = determineOutputFileName(cluster, fw, cluster_member, ".fw");
|
||||
script << "!" << MANIFEST_MARKER << "* " << ofname << endl;
|
||||
return script_buffer;
|
||||
}
|
||||
@ -101,7 +101,8 @@ QString CompilerDriver_iosacl::printActivationCommands(Firewall*)
|
||||
return "";
|
||||
}
|
||||
|
||||
QString CompilerDriver_iosacl::assembleFwScript(Firewall *fw,
|
||||
QString CompilerDriver_iosacl::assembleFwScript(Cluster *cluster,
|
||||
Firewall *fw,
|
||||
bool cluster_member,
|
||||
OSConfigurator *oscnf)
|
||||
{
|
||||
@ -117,7 +118,7 @@ QString CompilerDriver_iosacl::assembleFwScript(Firewall *fw,
|
||||
options->setStr("prolog_script", options->getStr("iosacl_prolog_script"));
|
||||
options->setStr("epilog_script", options->getStr("iosacl_epilog_script"));
|
||||
|
||||
assembleFwScriptInternal(fw, cluster_member, oscnf, &script_skeleton, &top_comment, "!");
|
||||
assembleFwScriptInternal(cluster, fw, cluster_member, oscnf, &script_skeleton, &top_comment, "!");
|
||||
return script_skeleton.expand();
|
||||
}
|
||||
|
||||
@ -143,7 +144,7 @@ string CompilerDriver_iosacl::run(const std::string &cluster_id,
|
||||
// firewall fw This happens when we compile a member of a cluster
|
||||
current_firewall_name = fw->getName().c_str();
|
||||
|
||||
QString ofname = determineOutputFileName(fw, !cluster_id.empty(), ".fw");
|
||||
QString ofname = determineOutputFileName(cluster, fw, !cluster_id.empty(), ".fw");
|
||||
|
||||
FWOptions* options = fw->getOptionsObject();
|
||||
|
||||
@ -322,7 +323,8 @@ string CompilerDriver_iosacl::run(const std::string &cluster_id,
|
||||
policy_script + routing_script;
|
||||
}
|
||||
|
||||
QString script_buffer = assembleFwScript(fw, !cluster_id.empty(), oscnf.get());
|
||||
QString script_buffer = assembleFwScript(
|
||||
cluster, fw, !cluster_id.empty(), oscnf.get());
|
||||
|
||||
info("Output file name: " + ofname.toStdString());
|
||||
|
||||
|
||||
@ -61,9 +61,12 @@ protected:
|
||||
std::string safetyNetInstall(libfwbuilder::Firewall *fw);
|
||||
void printProlog(QTextStream &file, const std::string &prolog_code);
|
||||
|
||||
virtual QString assembleManifest(libfwbuilder::Firewall* fw, bool cluster_member);
|
||||
virtual QString assembleManifest(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall* fw,
|
||||
bool cluster_member);
|
||||
virtual QString printActivationCommands(libfwbuilder::Firewall *fw);
|
||||
virtual QString assembleFwScript(libfwbuilder::Firewall* fw,
|
||||
virtual QString assembleFwScript(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall* fw,
|
||||
bool cluster_member,
|
||||
OSConfigurator *ocsnf);
|
||||
|
||||
|
||||
@ -107,11 +107,11 @@ class sort_by_net_zone {
|
||||
}
|
||||
};
|
||||
|
||||
QString CompilerDriver_pix::assembleManifest(Firewall* fw, bool cluster_member)
|
||||
QString CompilerDriver_pix::assembleManifest(Cluster *cluster, Firewall* fw, bool cluster_member)
|
||||
{
|
||||
QString script_buffer;
|
||||
QTextStream script(&script_buffer, QIODevice::WriteOnly);
|
||||
QString ofname = determineOutputFileName(fw, cluster_member, ".fw");
|
||||
QString ofname = determineOutputFileName(cluster, fw, cluster_member, ".fw");
|
||||
script << "!" << MANIFEST_MARKER << "* " << ofname << endl;
|
||||
return script_buffer;
|
||||
}
|
||||
@ -121,7 +121,8 @@ QString CompilerDriver_pix::printActivationCommands(Firewall*)
|
||||
return "";
|
||||
}
|
||||
|
||||
QString CompilerDriver_pix::assembleFwScript(Firewall* fw,
|
||||
QString CompilerDriver_pix::assembleFwScript(Cluster *cluster,
|
||||
Firewall* fw,
|
||||
bool cluster_member,
|
||||
OSConfigurator *oscnf)
|
||||
{
|
||||
@ -152,7 +153,7 @@ QString CompilerDriver_pix::assembleFwScript(Firewall* fw,
|
||||
script_skeleton.setVariable("nat_script", nat_script.c_str());
|
||||
script_skeleton.setVariable("routing_script", routing_script.c_str());
|
||||
|
||||
assembleFwScriptInternal(fw, cluster_member, oscnf, &script_skeleton, &top_comment, "!");
|
||||
assembleFwScriptInternal(cluster, fw, cluster_member, oscnf, &script_skeleton, &top_comment, "!");
|
||||
return script_skeleton.expand();
|
||||
}
|
||||
|
||||
@ -228,7 +229,7 @@ string CompilerDriver_pix::run(const std::string &cluster_id,
|
||||
#endif
|
||||
|
||||
|
||||
QString ofname = determineOutputFileName(fw, !cluster_id.empty(), ".fw");
|
||||
QString ofname = determineOutputFileName(cluster, fw, !cluster_id.empty(), ".fw");
|
||||
FWOptions* options = fw->getOptionsObject();
|
||||
|
||||
QString script_buffer;
|
||||
@ -554,7 +555,8 @@ string CompilerDriver_pix::run(const std::string &cluster_id,
|
||||
if (r->haveErrorsAndWarnings())
|
||||
all_errors.push_back(r->getErrors("R ").c_str());
|
||||
|
||||
script_buffer = assembleFwScript(fw, !cluster_id.empty(), oscnf.get());
|
||||
script_buffer = assembleFwScript(
|
||||
cluster, fw, !cluster_id.empty(), oscnf.get());
|
||||
}
|
||||
catch (FatalErrorInSingleRuleCompileMode &ex)
|
||||
{
|
||||
|
||||
@ -84,6 +84,7 @@ CompilerDriver::CompilerDriver(FWObjectDatabase *db) : BaseCompiler()
|
||||
drp = -1;
|
||||
rule_debug_on = false;
|
||||
single_rule_compile_on = false;
|
||||
prepend_cluster_name_to_output_file = false;
|
||||
drn = -1;
|
||||
verbose = 0;
|
||||
have_dynamic_interfaces = false;
|
||||
@ -184,6 +185,12 @@ bool CompilerDriver::configure(const QStringList &args)
|
||||
continue;
|
||||
}
|
||||
|
||||
if (arg == "-xc")
|
||||
{
|
||||
prepend_cluster_name_to_output_file = true;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (arg == "-xt")
|
||||
{
|
||||
setTestMode();
|
||||
@ -502,7 +509,8 @@ Firewall* CompilerDriver::locateObject()
|
||||
*
|
||||
* Returns determined output file name
|
||||
*/
|
||||
QString CompilerDriver::determineOutputFileName(Firewall *current_fw,
|
||||
QString CompilerDriver::determineOutputFileName(Cluster *cluster,
|
||||
Firewall *current_fw,
|
||||
bool cluster_member,
|
||||
const QString &ext)
|
||||
{
|
||||
@ -522,7 +530,13 @@ QString CompilerDriver::determineOutputFileName(Firewall *current_fw,
|
||||
if (member_file_names.contains(fw_id))
|
||||
return member_file_names[fw_id];
|
||||
else
|
||||
return current_firewall_name + ext;
|
||||
{
|
||||
if (prepend_cluster_name_to_output_file && cluster!=NULL)
|
||||
return QString("%1_%2%3").arg(cluster->getName().c_str())
|
||||
.arg(current_firewall_name).arg(ext);
|
||||
else
|
||||
return current_firewall_name + ext;
|
||||
}
|
||||
}
|
||||
|
||||
/* Find rulesets that belong to other firewall objects but are
|
||||
|
||||
@ -81,6 +81,7 @@ protected:
|
||||
int drp;
|
||||
bool rule_debug_on;
|
||||
bool single_rule_compile_on;
|
||||
bool prepend_cluster_name_to_output_file;
|
||||
std::string single_rule_id;
|
||||
int drn;
|
||||
int verbose;
|
||||
@ -97,7 +98,8 @@ protected:
|
||||
|
||||
libfwbuilder::FWObjectDatabase *objdb;
|
||||
|
||||
QString determineOutputFileName(libfwbuilder::Firewall *current_fw,
|
||||
QString determineOutputFileName(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall *current_fw,
|
||||
bool cluster_member,
|
||||
const QString &ext);
|
||||
bool isSupported(std::list<std::string> *protocols,
|
||||
@ -118,9 +120,12 @@ protected:
|
||||
|
||||
virtual QString printActivationCommands(libfwbuilder::Firewall *fw);
|
||||
|
||||
virtual QString assembleManifest(libfwbuilder::Firewall* fw, bool cluster_member);
|
||||
virtual QString assembleManifest(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall* fw,
|
||||
bool cluster_member);
|
||||
|
||||
virtual void assembleFwScriptInternal(libfwbuilder::Firewall* fw,
|
||||
virtual void assembleFwScriptInternal(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall* fw,
|
||||
bool cluster_member,
|
||||
OSConfigurator *ocsnf,
|
||||
Configlet *script_skeleton,
|
||||
|
||||
@ -68,12 +68,13 @@ QString CompilerDriver::printActivationCommands(Firewall*)
|
||||
return "";
|
||||
}
|
||||
|
||||
QString CompilerDriver::assembleManifest(Firewall*, bool)
|
||||
QString CompilerDriver::assembleManifest(Cluster*, Firewall*, bool)
|
||||
{
|
||||
return "";
|
||||
}
|
||||
|
||||
void CompilerDriver::assembleFwScriptInternal(Firewall* fw,
|
||||
void CompilerDriver::assembleFwScriptInternal(Cluster *cluster,
|
||||
Firewall* fw,
|
||||
bool cluster_member,
|
||||
OSConfigurator *oscnf,
|
||||
Configlet *script_skeleton,
|
||||
@ -136,7 +137,7 @@ void CompilerDriver::assembleFwScriptInternal(Firewall* fw,
|
||||
|
||||
QFileInfo fw_file_info(fw_file_name);
|
||||
|
||||
top_comment->setVariable("manifest", assembleManifest(fw, cluster_member));
|
||||
top_comment->setVariable("manifest", assembleManifest(cluster, fw, cluster_member));
|
||||
top_comment->setVariable("platform", platform.c_str());
|
||||
top_comment->setVariable("fw_version", fw_version.c_str());
|
||||
top_comment->setVariable("comment", prepend(comment_char + " ", fw->getComment().c_str()));
|
||||
|
||||
@ -130,7 +130,7 @@ string CompilerDriver_ipt::run(const std::string &cluster_id,
|
||||
// firewall fw This happens when we compile a member of a cluster
|
||||
current_firewall_name = fw->getName().c_str();
|
||||
|
||||
fw_file_name = determineOutputFileName(fw, !cluster_id.empty(), ".fw");
|
||||
fw_file_name = determineOutputFileName(cluster, fw, !cluster_id.empty(), ".fw");
|
||||
|
||||
if (fw->getOptionsObject()->getStr("prolog_place") == "after_flush" &&
|
||||
fw->getOptionsObject()->getBool("use_iptables_restore"))
|
||||
|
||||
@ -61,9 +61,12 @@ protected:
|
||||
|
||||
QString printActivationCommandWithSubstitution(libfwbuilder::Firewall *fw);
|
||||
|
||||
virtual QString assembleManifest(libfwbuilder::Firewall* fw, bool cluster_member);
|
||||
virtual QString assembleManifest(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall* fw,
|
||||
bool cluster_member);
|
||||
virtual QString printActivationCommands(libfwbuilder::Firewall *fw);
|
||||
virtual QString assembleFwScript(libfwbuilder::Firewall* fw,
|
||||
virtual QString assembleFwScript(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall* fw,
|
||||
bool cluster_member,
|
||||
OSConfigurator *ocsnf);
|
||||
|
||||
|
||||
@ -109,7 +109,7 @@ QString CompilerDriver_ipf::composeActivationCommand(libfwbuilder::Firewall *fw,
|
||||
return act.expand();
|
||||
}
|
||||
|
||||
QString CompilerDriver_ipf::assembleManifest(Firewall* fw, bool )
|
||||
QString CompilerDriver_ipf::assembleManifest(Cluster *cluster, Firewall* fw, bool )
|
||||
{
|
||||
FWOptions* options = fw->getOptionsObject();
|
||||
QFileInfo fw_file_info(fw_file_name);
|
||||
@ -151,13 +151,16 @@ QString CompilerDriver_ipf::assembleManifest(Firewall* fw, bool )
|
||||
return script_buffer;
|
||||
}
|
||||
|
||||
QString CompilerDriver_ipf::assembleFwScript(Firewall* fw, bool cluster_member, OSConfigurator *oscnf)
|
||||
QString CompilerDriver_ipf::assembleFwScript(Cluster *cluster,
|
||||
Firewall* fw,
|
||||
bool cluster_member,
|
||||
OSConfigurator *oscnf)
|
||||
{
|
||||
Configlet script_skeleton(fw, "ipf", "script_skeleton");
|
||||
Configlet top_comment(fw, "ipf", "top_comment");
|
||||
|
||||
assembleFwScriptInternal(
|
||||
fw, cluster_member, oscnf, &script_skeleton, &top_comment, "#");
|
||||
cluster, fw, cluster_member, oscnf, &script_skeleton, &top_comment, "#");
|
||||
return script_skeleton.expand();
|
||||
}
|
||||
|
||||
@ -191,7 +194,7 @@ string CompilerDriver_ipf::run(const std::string &cluster_id,
|
||||
// firewall fw This happens when we compile a member of a cluster
|
||||
current_firewall_name = fw->getName().c_str();
|
||||
|
||||
fw_file_name = determineOutputFileName(fw, !cluster_id.empty(), ".fw");
|
||||
fw_file_name = determineOutputFileName(cluster, fw, !cluster_id.empty(), ".fw");
|
||||
|
||||
QFileInfo finfo(fw_file_name);
|
||||
QString ipf_file_name = finfo.completeBaseName() + "-ipf.conf";
|
||||
@ -400,7 +403,8 @@ string CompilerDriver_ipf::run(const std::string &cluster_id,
|
||||
/*
|
||||
* assemble the script and then perhaps post-process it if needed
|
||||
*/
|
||||
QString script_buffer = assembleFwScript(fw, !cluster_id.empty(), oscnf.get());
|
||||
QString script_buffer = assembleFwScript(
|
||||
cluster, fw, !cluster_id.empty(), oscnf.get());
|
||||
|
||||
|
||||
info("Output file name: " + fw_file_name.toStdString());
|
||||
|
||||
@ -53,9 +53,12 @@ namespace fwcompiler {
|
||||
QStringList activation_commands;
|
||||
|
||||
protected:
|
||||
virtual QString assembleManifest(libfwbuilder::Firewall* fw, bool cluster_member);
|
||||
virtual QString assembleManifest(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall* fw,
|
||||
bool cluster_member);
|
||||
virtual QString printActivationCommands(libfwbuilder::Firewall *fw);
|
||||
virtual QString assembleFwScript(libfwbuilder::Firewall* fw,
|
||||
virtual QString assembleFwScript(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall* fw,
|
||||
bool cluster_member,
|
||||
OSConfigurator *ocsnf);
|
||||
|
||||
|
||||
@ -85,7 +85,7 @@ using namespace libfwbuilder;
|
||||
using namespace fwcompiler;
|
||||
|
||||
|
||||
QString CompilerDriver_ipfw::assembleManifest(Firewall* fw, bool )
|
||||
QString CompilerDriver_ipfw::assembleManifest(Cluster *cluster, Firewall* fw, bool )
|
||||
{
|
||||
QString script_buffer;
|
||||
QTextStream script(&script_buffer, QIODevice::WriteOnly);
|
||||
@ -103,13 +103,16 @@ QString CompilerDriver_ipfw::printActivationCommands(Firewall*)
|
||||
return activation_commands.join("\n");
|
||||
}
|
||||
|
||||
QString CompilerDriver_ipfw::assembleFwScript(Firewall* fw, bool cluster_member, OSConfigurator *oscnf)
|
||||
QString CompilerDriver_ipfw::assembleFwScript(Cluster *cluster,
|
||||
Firewall* fw,
|
||||
bool cluster_member,
|
||||
OSConfigurator *oscnf)
|
||||
{
|
||||
Configlet script_skeleton(fw, "ipfw", "script_skeleton");
|
||||
Configlet top_comment(fw, "ipfw", "top_comment");
|
||||
|
||||
assembleFwScriptInternal(
|
||||
fw, cluster_member, oscnf, &script_skeleton, &top_comment, "#");
|
||||
cluster, fw, cluster_member, oscnf, &script_skeleton, &top_comment, "#");
|
||||
return script_skeleton.expand();
|
||||
}
|
||||
|
||||
@ -137,7 +140,7 @@ string CompilerDriver_ipfw::run(const std::string &cluster_id,
|
||||
// firewall fw This happens when we compile a member of a cluster
|
||||
current_firewall_name = fw->getName().c_str();
|
||||
|
||||
fw_file_name = determineOutputFileName(fw, !cluster_id.empty(), ".fw");
|
||||
fw_file_name = determineOutputFileName(cluster, fw, !cluster_id.empty(), ".fw");
|
||||
|
||||
string s;
|
||||
|
||||
@ -310,7 +313,8 @@ string CompilerDriver_ipfw::run(const std::string &cluster_id,
|
||||
/*
|
||||
* assemble the script and then perhaps post-process it if needed
|
||||
*/
|
||||
QString script_buffer = assembleFwScript(fw, !cluster_id.empty(), oscnf.get());
|
||||
QString script_buffer = assembleFwScript(
|
||||
cluster, fw, !cluster_id.empty(), oscnf.get());
|
||||
|
||||
info("Output file name: " + fw_file_name.toStdString());
|
||||
|
||||
|
||||
@ -120,10 +120,13 @@ protected:
|
||||
|
||||
virtual QString printActivationCommands(libfwbuilder::Firewall *fw);
|
||||
|
||||
virtual QString assembleFwScript(libfwbuilder::Firewall* fw,
|
||||
virtual QString assembleFwScript(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall* fw,
|
||||
bool cluster_member,
|
||||
OSConfigurator *ocsnf);
|
||||
virtual QString assembleManifest(libfwbuilder::Firewall* fw, bool cluster_member);
|
||||
virtual QString assembleManifest(libfwbuilder::Cluster *cluster,
|
||||
libfwbuilder::Firewall* fw,
|
||||
bool cluster_member);
|
||||
|
||||
public:
|
||||
|
||||
|
||||
@ -144,7 +144,7 @@ QString CompilerDriver_pf::printActivationCommands(Firewall *fw)
|
||||
return activation_commands.join("\n");
|
||||
}
|
||||
|
||||
QString CompilerDriver_pf::assembleManifest(Firewall* fw, bool )
|
||||
QString CompilerDriver_pf::assembleManifest(Cluster *cluster, Firewall* fw, bool )
|
||||
{
|
||||
QFileInfo fw_file_info(fw_file_name);
|
||||
QString script_buffer;
|
||||
@ -169,14 +169,17 @@ QString CompilerDriver_pf::assembleManifest(Firewall* fw, bool )
|
||||
return script_buffer;
|
||||
}
|
||||
|
||||
QString CompilerDriver_pf::assembleFwScript(Firewall* fw, bool cluster_member, OSConfigurator *oscnf)
|
||||
QString CompilerDriver_pf::assembleFwScript(Cluster *cluster,
|
||||
Firewall* fw,
|
||||
bool cluster_member,
|
||||
OSConfigurator *oscnf)
|
||||
{
|
||||
FWOptions* options = fw->getOptionsObject();
|
||||
Configlet script_skeleton(fw, "pf", "script_skeleton");
|
||||
Configlet top_comment(fw, "pf", "top_comment");
|
||||
|
||||
assembleFwScriptInternal(
|
||||
fw, cluster_member, oscnf, &script_skeleton, &top_comment, "#");
|
||||
cluster, fw, cluster_member, oscnf, &script_skeleton, &top_comment, "#");
|
||||
|
||||
if (fw->getStr("platform") == "pf")
|
||||
{
|
||||
@ -217,7 +220,7 @@ string CompilerDriver_pf::run(const std::string &cluster_id,
|
||||
// firewall fw This happens when we compile a member of a cluster
|
||||
current_firewall_name = fw->getName().c_str();
|
||||
|
||||
fw_file_name = determineOutputFileName(fw, !cluster_id.empty(), ".fw");
|
||||
fw_file_name = determineOutputFileName(cluster, fw, !cluster_id.empty(), ".fw");
|
||||
|
||||
string firewall_dir = options->getStr("firewall_dir");
|
||||
if (firewall_dir=="") firewall_dir="/etc/fw";
|
||||
@ -572,7 +575,8 @@ string CompilerDriver_pf::run(const std::string &cluster_id,
|
||||
/*
|
||||
* assemble the script and then perhaps post-process it if needed
|
||||
*/
|
||||
QString script_buffer = assembleFwScript(fw, !cluster_id.empty(), oscnf.get());
|
||||
QString script_buffer = assembleFwScript(
|
||||
cluster, fw, !cluster_id.empty(), oscnf.get());
|
||||
|
||||
// clear() calls destructors of all elements in the container
|
||||
table_factories.clear();
|
||||
|
||||
@ -1,12 +1,28 @@
|
||||
#!/bin/sh
|
||||
|
||||
|
||||
XMLFILE=$1
|
||||
DIFFCMD="diff -C 5 -c -b -B -w -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_ipt v' -I 'Can not find file' -I '====' -I 'log '"
|
||||
|
||||
fwbedit list -f $XMLFILE -o /User/Firewalls -c -F%name% | sort | while read fwobj; do
|
||||
for f in $(ls *.fw.orig)
|
||||
do
|
||||
V="$f <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
|
||||
echo "echo \"$V\" | cut -c1-72"
|
||||
new_f=$(echo $f | sed 's/.org//')
|
||||
echo "$DIFFCMD $f $new_f"
|
||||
done
|
||||
exit 0
|
||||
|
||||
run_diffs_for_file() {
|
||||
xmlfile=$1
|
||||
folder=$2
|
||||
fwbedit list -f $xmlfile -o $folder -c -F%name% | sort | while read fwobj; do
|
||||
V="$fwobj <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
|
||||
echo "echo \"$V\" | cut -c1-72"
|
||||
echo "$DIFFCMD ${fwobj}.fw.orig ${fwobj}.fw"
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
run_diffs_for_file objects-for-regression-tests.fwb /User/Firewalls
|
||||
# run_diffs_for_file cluster-tests.fwb /User/Clusters
|
||||
|
||||
|
||||
@ -1,25 +1,20 @@
|
||||
#!/bin/sh
|
||||
|
||||
XMLFILE=$1
|
||||
|
||||
fwbedit list -f $XMLFILE -o /User/Firewalls -c -F%name% | sort | while read fwobj; do
|
||||
XMLFILE="objects-for-regression-tests.fwb"
|
||||
fwbedit list -f $XMLFILE -o /User/Firewalls -c -F%name% | \
|
||||
sort | while read fwobj
|
||||
do
|
||||
echo "echo"
|
||||
echo "echo \"============================ $fwobj\""
|
||||
echo "fwb_ipt -v -f $XMLFILE -xt $fwobj"
|
||||
done
|
||||
|
||||
exit 0
|
||||
|
||||
while (<>) {
|
||||
$str=$_;
|
||||
while ( $str=~ /<Firewall / ) {
|
||||
$str=~ /<Firewall [^>]+name="([^"]*).*$"/;
|
||||
$fw=$1;
|
||||
printf "\n";
|
||||
printf "echo '***** $fw'\n";
|
||||
printf "fwb_ipt -v -f $XMLFILE -xt $fw\n";
|
||||
$str=~ s/^.*<Firewall [^>]+name="$fw"[^>]+>//;
|
||||
}
|
||||
}
|
||||
|
||||
XMLFILE="cluster-tests.fwb"
|
||||
fwbedit list -f $XMLFILE -o /User/Clusters -c -F%name% | \
|
||||
sort | while read fwobj
|
||||
do
|
||||
echo "echo"
|
||||
echo "echo \"============================ $fwobj\""
|
||||
echo "fwb_ipt -v -f $XMLFILE -xt -xc $fwobj"
|
||||
done
|
||||
|
||||
|
||||
@ -1,21 +1,12 @@
|
||||
#!/bin/sh
|
||||
|
||||
|
||||
XMLFILE=$1
|
||||
DIFFCMD="diff -C 1 -c -b -B -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_pf v' -I 'Can not find file' -I '====' -I 'log '"
|
||||
DIFFCMD="diff -C 5 -c -b -B -w -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_pf v' -I 'Can not find file' -I '====' -I 'log '"
|
||||
|
||||
for f in *.conf
|
||||
for f in $(ls *.fw.orig *.conf.orig)
|
||||
do
|
||||
echo "$DIFFCMD ${f}.orig $f"
|
||||
V="$f <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
|
||||
echo "echo \"$V\" | cut -c1-72"
|
||||
new_f=$(echo $f | sed 's/.org//')
|
||||
echo "$DIFFCMD $f $new_f"
|
||||
done
|
||||
|
||||
for f in *.fw
|
||||
do
|
||||
echo "$DIFFCMD ${f}.orig $f"
|
||||
done
|
||||
|
||||
#fwbedit list -f $XMLFILE -o /User/Firewalls -c -F%name% | sort | while read fwobj; do
|
||||
# echo "$DIFFCMD ${fwobj}.fw.orig ${fwobj}.fw"
|
||||
# echo "$DIFFCMD ${fwobj}.conf.orig ${fwobj}.conf"
|
||||
#done
|
||||
|
||||
|
||||
@ -1,10 +1,20 @@
|
||||
#!/bin/sh
|
||||
|
||||
XMLFILE=$1
|
||||
|
||||
fwbedit list -f $XMLFILE -o /User/Firewalls -c -F%name% | sort | while read fwobj; do
|
||||
XMLFILE="objects-for-regression-tests.fwb"
|
||||
fwbedit list -f $XMLFILE -o /User/Firewalls -c -F%name% | \
|
||||
sort | while read fwobj
|
||||
do
|
||||
echo "echo"
|
||||
echo "echo \"============================ $fwobj\""
|
||||
echo "fwb_pf -v -f $XMLFILE -xt $fwobj"
|
||||
done
|
||||
|
||||
XMLFILE="cluster-tests.fwb"
|
||||
fwbedit list -f $XMLFILE -o /User/Clusters -c -F%name% | \
|
||||
sort | while read fwobj
|
||||
do
|
||||
echo "echo"
|
||||
echo "echo \"============================ $fwobj\""
|
||||
echo "fwb_pf -v -f $XMLFILE -xt -xc $fwobj"
|
||||
done
|
||||
|
||||
|
||||
@ -1,17 +1,12 @@
|
||||
#!/usr/bin/perl
|
||||
#!/bin/sh
|
||||
|
||||
$XMLFILE=@ARGV[0];
|
||||
|
||||
$DIFFCMD="diff -C 1 -c -b -B -I \"! Generated\" -I 'Activating ' -I '! Firewall Builder fwb_pix v' -I 'Can not find file'";
|
||||
DIFFCMD="diff -C 5 -c -b -B -w -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_pix v' -I 'Can not find file' -I '====' -I 'log '"
|
||||
|
||||
#$DIFFCMD="diff -u -b -B -I \"! Generated\" ";
|
||||
|
||||
while (<>) {
|
||||
$str=$_;
|
||||
while ( $str=~ /<Firewall / ) {
|
||||
$str=~ /<Firewall [^>]+name="([^"]*).*$"/;
|
||||
$fw=$1;
|
||||
printf "$DIFFCMD %s.fw.orig %s.fw\n",$fw,$fw;
|
||||
$str=~ s/^.*<Firewall [^>]+name="$fw"[^>]+>//;
|
||||
}
|
||||
}
|
||||
for f in $(ls *.fw.orig)
|
||||
do
|
||||
V="$f <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
|
||||
echo "echo \"$V\" | cut -c1-72"
|
||||
new_f=$(echo $f | sed 's/.org//')
|
||||
echo "$DIFFCMD $f $new_f"
|
||||
done
|
||||
|
||||
@ -1,17 +1,20 @@
|
||||
#!/usr/bin/perl
|
||||
#!/bin/sh
|
||||
|
||||
$XMLFILE=@ARGV[0];
|
||||
|
||||
|
||||
while (<>) {
|
||||
$str=$_;
|
||||
while ( $str=~ /<Firewall / ) {
|
||||
$str=~ /<Firewall [^>]+name="([^"]*).*$"/;
|
||||
$fw=$1;
|
||||
printf "echo ====================== $fw =========================================\n";
|
||||
printf "fwb_pix -v -xt -f $XMLFILE $fw \n";
|
||||
$str=~ s/^.*<Firewall [^>]+name="$fw"[^>]+>//;
|
||||
}
|
||||
}
|
||||
XMLFILE="objects-for-regression-tests.fwb"
|
||||
fwbedit list -f $XMLFILE -o /User/Firewalls -c -F%name% | \
|
||||
sort | while read fwobj
|
||||
do
|
||||
echo "echo"
|
||||
echo "echo \"============================ $fwobj\""
|
||||
echo "fwb_pix -v -f $XMLFILE -xt $fwobj"
|
||||
done
|
||||
|
||||
XMLFILE="cluster-tests.fwb"
|
||||
fwbedit list -f $XMLFILE -o /User/Clusters -c -F%name% | \
|
||||
sort | while read fwobj
|
||||
do
|
||||
echo "echo"
|
||||
echo "echo \"============================ $fwobj\""
|
||||
echo "fwb_pix -v -f $XMLFILE -xt -xc $fwobj"
|
||||
done
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user