onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2025-10-16 07:28:25 +02:00
Code Issues Releases Wiki Activity

* Compiler.cpp (expandGroupsInRuleElement): sorting objects in the

Browse Source 
rule element by name after group is expanded, this helps ensure
stable ordering of objects in generated configuration.

* Compiler.cpp (replaceClusterInterfaceInItfRE::processNext):
sorting objects in rule element after cluster interfaces have been
replaced, this helps ensure stable ordering of objects in generated
configuration.

* FWObject.h (FWObjectNameCmpPredicate): moved this class from
gui-specific module to libfwbuilder as it is universally useful.
It can compare FWObject objects by name and can optionally can
follow references; it can be used with std::sort() to sort lists
of FWObject pointers or directly sort rule elements.
This commit is contained in:
Vadim Kurland 2011-03-12 19:50:24 -08:00
parent 424708006b
commit 0aa3eac4d4
299 changed files with 1023 additions and 985 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
doc/ChangeLog
View File

@ -1,5 +1,20 @@
2011-03-12 vadim <vadim@netcitadel.com>
* Compiler.cpp (expandGroupsInRuleElement): sorting objects in the
rule element by name after group is expanded, this helps ensure
stable ordering of objects in generated configuration.
* Compiler.cpp (replaceClusterInterfaceInItfRE::processNext):
sorting objects in rule element after cluster interfaces have been
replaced, this helps ensure stable ordering of objects in generated
configuration.
* FWObject.h (FWObjectNameCmpPredicate): moved this class from
gui-specific module to libfwbuilder as it is universally useful.
It can compare FWObject objects by name and can optionally can
follow references; it can be used with std::sort() to sort lists
of FWObject pointers or directly sort rule elements.
* Compiler.cpp (_init): see #2212 "Performance improvement in
compilers". This change brings significant improvement in compile
time on large object trees. The speed-up is especially noticeable

18
src/libfwbuilder/src/fwbuilder/FWObject.cpp
View File

@ -1063,6 +1063,13 @@ void FWObject::destroyChildren()
//clear();
}
void FWObject::sortChildrenByName(bool follow_references)
{
if (!follow_references)
sort(FWObjectNameCmpPredicate());
}
/*
* Walks the tree, looking for objects that are referenced by two parents
*/
@ -1569,3 +1576,14 @@ void FWObject::_findDependencies_internal(FWObject *obj,
bool FWObject::isPrimaryObject() const { return false; }
FWObjectNameCmpPredicate::FWObjectNameCmpPredicate(bool follow_refs)
{
follow_references = follow_refs;
}
bool FWObjectNameCmpPredicate::operator()(FWObject *a, FWObject *b)
{
FWObject *o1 = (follow_references) ? FWReference::getObject(a) : a;
FWObject *o2 = (follow_references) ? FWReference::getObject(b) : b;
return o1->getName() < o2->getName();
}

19
src/libfwbuilder/src/fwbuilder/FWObject.h
View File

@ -435,6 +435,8 @@ public:
void clearChildren(bool recursive=true);
void sortChildrenByName(bool follow_references=false);
/**
* Walks the tree, looking for objects that are referenced by two parents
* or those with this->parent == NULL. Prints report to stderr and
@ -609,6 +611,23 @@ class FWObjectNameEQPredicate: public std::unary_function<FWObject*, bool>
}
};
struct FWObjectNameCmpPredicate :
public std::binary_function<FWObject*, FWObject*, bool>
{
bool follow_references;
FWObjectNameCmpPredicate(bool follow_refs=false);
bool operator()(FWObject *a,FWObject *b);
};
class findFWObjectIDPredicate : public std::unary_function<FWObject*, bool>
{
int _id;
public:
findFWObjectIDPredicate(int id):_id(id) {}
bool operator()(const FWObject *o) const
{return o->getId()==_id;}
};
/**
* Predicate class testing object pointers for type name eqivalence.
* name is obtained by calling getTypeName() method.

4
src/libfwbuilder/src/fwcompiler/Compiler.cpp
View File

@ -345,6 +345,8 @@ void Compiler::expandGroupsInRuleElement(RuleElement *s)
s->clearChildren();
//s->setAnyElement();
cl.sort(FWObjectNameCmpPredicate());
for(FWObject::iterator i2=cl.begin(); i2!=cl.end(); ++i2)
{
s->addRef( *i2 );
@ -984,6 +986,8 @@ bool Compiler::replaceClusterInterfaceInItfRE::processNext()
itfre->addRef(r->second);
}
itfre->sort(FWObjectNameCmpPredicate(true));
tmp_queue.push_back(rule);
return true;
}

18
src/libgui/utils_no_qt.h
View File

@ -39,24 +39,6 @@
/* Utility functions that do not depend on QT */
struct FWObjectNameCmpPredicate :
public std::binary_function<libfwbuilder::FWObject*, libfwbuilder::FWObject*, bool>
{
bool operator()(libfwbuilder::FWObject *a,libfwbuilder::FWObject *b)
{
return a->getName() < b->getName();
}
};
class findFWObjectIDPredicate : public std::unary_function<libfwbuilder::FWObject*, bool>
{
int _id;
public:
findFWObjectIDPredicate(int id):_id(id) {}
bool operator()(const libfwbuilder::FWObject *o) const
{return o->getId()==_id;}
};
extern void findFirewalls(libfwbuilder::FWObject *o,
std::list<libfwbuilder::FWObject*> &fwlist,
bool skip_system_libs=true);

2
test/iosacl/auto-interface-test.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:07:13 2011 PST by vadim
! Generated Sat Mar 12 19:44:06 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

2
test/iosacl/c3620.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:07:13 2011 PST by vadim
! Generated Sat Mar 12 19:44:06 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

8
test/iosacl/ccie4u-r1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:09:13 2011 PST by vadim
! Generated Sat Mar 12 19:44:06 2011 PST by vadim
!
! Compiled for iosacl 12.1
!
@ -29,15 +29,15 @@
! ccie4u-r1:r1-ipv6:9: error: Rule 'r1-ipv6 9 (global)' shadows rule 'r1-ipv6 12 (global)' below it
! ccie4u-r1:r1-ipv6:9: error: Rule 'r1-ipv6 9 (global)' shadows rule 'r1-ipv6 12 (global)' below it
! ccie4u-r1:r1-ipv6:9: error: Rule 'r1-ipv6 9 (global)' shadows rule 'r1-ipv6 13 (global)' below it
! ccie4u-r1:r1-ipv6:9: error: Rule 'r1-ipv6 9 (global)' shadows rule 'r1-ipv6 13 (global)' below it
! ccie4u-r1:r1-ipv6:9: error: Rule 'r1-ipv6 9 (global)' shadows rule 'r1-ipv6 13 (global)' below it
! ccie4u-r1:r1-ipv6:9: error: Rule 'r1-ipv6 9 (global)' shadows rule 'r1-ipv6 13 (global)' below it
! ccie4u-r1:r1-ipv6:1: error: Rule 'r1-ipv6 1 (global)' shadows rule 'r1-ipv6 13 (global)' below it
! ccie4u-r1:r1-ipv6:9: error: Rule 'r1-ipv6 9 (global)' shadows rule 'r1-ipv6 13 (global)' below it
! ccie4u-r1:r1-ipv6:9: error: Rule 'r1-ipv6 9 (global)' shadows rule 'r1-ipv6 13 (global)' below it
! ccie4u-r1:r1-ipv6:9: error: Rule 'r1-ipv6 9 (global)' shadows rule 'r1-ipv6 13 (global)' below it
! ccie4u-r1:r1-ipv6:9: error: Rule 'r1-ipv6 9 (global)' shadows rule 'r1-ipv6 13 (global)' below it
! ccie4u-r1:r1-ipv6:3: error: Rule 'r1-ipv6 3 (global)' shadows rule 'r1-ipv6 13 (global)' below it
! ccie4u-r1:r1-ipv6:9: error: Rule 'r1-ipv6 9 (global)' shadows rule 'r1-ipv6 13 (global)' below it
! ccie4u-r1:r1-ipv6:9: error: Rule 'r1-ipv6 9 (global)' shadows rule 'r1-ipv6 13 (global)' below it
! ccie4u-r1:r1-ipv6:9: error: Rule 'r1-ipv6 9 (global)' shadows rule 'r1-ipv6 13 (global)' below it
!
! Prolog script:

8
test/iosacl/dynamips1-og.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:07:13 2011 PST by vadim
! Generated Sat Mar 12 19:44:06 2011 PST by vadim
!
! Compiled for iosacl 12.4
!
@ -38,8 +38,8 @@ object-group network id29216X37699.src.net.0
exit
object-group service id29216X37699.srv.udp.0
udp eq 161
udp range 1024 65535
udp eq 161
exit
object-group network id18740X37673.dst.net.0
@ -150,10 +150,10 @@ ipv6 access-list ipv6_fe0_0_in
!
! Rule 1 (FastEthernet0/0)
! object-groups can not be used for ipv6
permit udp host 2001:5c0:0:2::24 host fe80::21d:9ff:fe8b:8e94 eq 161
permit udp host 2001:5c0:0:2::24 host fe80::21d:9ff:fe8b:8e94 gt 1024
permit udp host 3ffe:1200:2001:1:8000::1 host fe80::21d:9ff:fe8b:8e94 eq 161
permit udp host 2001:5c0:0:2::24 host fe80::21d:9ff:fe8b:8e94 eq 161
permit udp host 3ffe:1200:2001:1:8000::1 host fe80::21d:9ff:fe8b:8e94 gt 1024
permit udp host 3ffe:1200:2001:1:8000::1 host fe80::21d:9ff:fe8b:8e94 eq 161
!
! Rule 12 (global)
permit ipv6 any host fe80::21d:9ff:fe8b:8e94

8
test/iosacl/firewall-ipv6-1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:07:13 2011 PST by vadim
! Generated Sat Mar 12 19:44:06 2011 PST by vadim
!
! Compiled for iosacl 12.1
!
@ -27,15 +27,15 @@
! firewall-ipv6-1:fw-ipv6-1-ipv6:9: error: Rule 'fw-ipv6-1-ipv6 9 (global)' shadows rule 'fw-ipv6-1-ipv6 12 (global)' below it
! firewall-ipv6-1:fw-ipv6-1-ipv6:9: error: Rule 'fw-ipv6-1-ipv6 9 (global)' shadows rule 'fw-ipv6-1-ipv6 12 (global)' below it
! firewall-ipv6-1:fw-ipv6-1-ipv6:9: error: Rule 'fw-ipv6-1-ipv6 9 (global)' shadows rule 'fw-ipv6-1-ipv6 13 (global)' below it
! firewall-ipv6-1:fw-ipv6-1-ipv6:9: error: Rule 'fw-ipv6-1-ipv6 9 (global)' shadows rule 'fw-ipv6-1-ipv6 13 (global)' below it
! firewall-ipv6-1:fw-ipv6-1-ipv6:9: error: Rule 'fw-ipv6-1-ipv6 9 (global)' shadows rule 'fw-ipv6-1-ipv6 13 (global)' below it
! firewall-ipv6-1:fw-ipv6-1-ipv6:9: error: Rule 'fw-ipv6-1-ipv6 9 (global)' shadows rule 'fw-ipv6-1-ipv6 13 (global)' below it
! firewall-ipv6-1:fw-ipv6-1-ipv6:1: error: Rule 'fw-ipv6-1-ipv6 1 (global)' shadows rule 'fw-ipv6-1-ipv6 13 (global)' below it
! firewall-ipv6-1:fw-ipv6-1-ipv6:9: error: Rule 'fw-ipv6-1-ipv6 9 (global)' shadows rule 'fw-ipv6-1-ipv6 13 (global)' below it
! firewall-ipv6-1:fw-ipv6-1-ipv6:9: error: Rule 'fw-ipv6-1-ipv6 9 (global)' shadows rule 'fw-ipv6-1-ipv6 13 (global)' below it
! firewall-ipv6-1:fw-ipv6-1-ipv6:9: error: Rule 'fw-ipv6-1-ipv6 9 (global)' shadows rule 'fw-ipv6-1-ipv6 13 (global)' below it
! firewall-ipv6-1:fw-ipv6-1-ipv6:9: error: Rule 'fw-ipv6-1-ipv6 9 (global)' shadows rule 'fw-ipv6-1-ipv6 13 (global)' below it
! firewall-ipv6-1:fw-ipv6-1-ipv6:3: error: Rule 'fw-ipv6-1-ipv6 3 (global)' shadows rule 'fw-ipv6-1-ipv6 13 (global)' below it
! firewall-ipv6-1:fw-ipv6-1-ipv6:9: error: Rule 'fw-ipv6-1-ipv6 9 (global)' shadows rule 'fw-ipv6-1-ipv6 13 (global)' below it
! firewall-ipv6-1:fw-ipv6-1-ipv6:9: error: Rule 'fw-ipv6-1-ipv6 9 (global)' shadows rule 'fw-ipv6-1-ipv6 13 (global)' below it
! firewall-ipv6-1:fw-ipv6-1-ipv6:9: error: Rule 'fw-ipv6-1-ipv6 9 (global)' shadows rule 'fw-ipv6-1-ipv6 13 (global)' below it
!
! Prolog script:

8
test/iosacl/firewall-ipv6-2.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:10:42 2011 PST by vadim
! Generated Sat Mar 12 19:44:06 2011 PST by vadim
!
! Compiled for iosacl 12.1
!
@ -27,15 +27,15 @@
! firewall-ipv6-2:fw-ipv6-2-ipv6:9: error: Rule 'fw-ipv6-2-ipv6 9 (global)' shadows rule 'fw-ipv6-2-ipv6 12 (global)' below it
! firewall-ipv6-2:fw-ipv6-2-ipv6:9: error: Rule 'fw-ipv6-2-ipv6 9 (global)' shadows rule 'fw-ipv6-2-ipv6 12 (global)' below it
! firewall-ipv6-2:fw-ipv6-2-ipv6:9: error: Rule 'fw-ipv6-2-ipv6 9 (global)' shadows rule 'fw-ipv6-2-ipv6 13 (global)' below it
! firewall-ipv6-2:fw-ipv6-2-ipv6:9: error: Rule 'fw-ipv6-2-ipv6 9 (global)' shadows rule 'fw-ipv6-2-ipv6 13 (global)' below it
! firewall-ipv6-2:fw-ipv6-2-ipv6:9: error: Rule 'fw-ipv6-2-ipv6 9 (global)' shadows rule 'fw-ipv6-2-ipv6 13 (global)' below it
! firewall-ipv6-2:fw-ipv6-2-ipv6:9: error: Rule 'fw-ipv6-2-ipv6 9 (global)' shadows rule 'fw-ipv6-2-ipv6 13 (global)' below it
! firewall-ipv6-2:fw-ipv6-2-ipv6:1: error: Rule 'fw-ipv6-2-ipv6 1 (global)' shadows rule 'fw-ipv6-2-ipv6 13 (global)' below it
! firewall-ipv6-2:fw-ipv6-2-ipv6:9: error: Rule 'fw-ipv6-2-ipv6 9 (global)' shadows rule 'fw-ipv6-2-ipv6 13 (global)' below it
! firewall-ipv6-2:fw-ipv6-2-ipv6:9: error: Rule 'fw-ipv6-2-ipv6 9 (global)' shadows rule 'fw-ipv6-2-ipv6 13 (global)' below it
! firewall-ipv6-2:fw-ipv6-2-ipv6:9: error: Rule 'fw-ipv6-2-ipv6 9 (global)' shadows rule 'fw-ipv6-2-ipv6 13 (global)' below it
! firewall-ipv6-2:fw-ipv6-2-ipv6:9: error: Rule 'fw-ipv6-2-ipv6 9 (global)' shadows rule 'fw-ipv6-2-ipv6 13 (global)' below it
! firewall-ipv6-2:fw-ipv6-2-ipv6:3: error: Rule 'fw-ipv6-2-ipv6 3 (global)' shadows rule 'fw-ipv6-2-ipv6 13 (global)' below it
! firewall-ipv6-2:fw-ipv6-2-ipv6:9: error: Rule 'fw-ipv6-2-ipv6 9 (global)' shadows rule 'fw-ipv6-2-ipv6 13 (global)' below it
! firewall-ipv6-2:fw-ipv6-2-ipv6:9: error: Rule 'fw-ipv6-2-ipv6 9 (global)' shadows rule 'fw-ipv6-2-ipv6 13 (global)' below it
! firewall-ipv6-2:fw-ipv6-2-ipv6:9: error: Rule 'fw-ipv6-2-ipv6 9 (global)' shadows rule 'fw-ipv6-2-ipv6 13 (global)' below it
!
! Prolog script:

2
test/iosacl/firewall-ipv6-3.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:07:13 2011 PST by vadim
! Generated Sat Mar 12 19:44:07 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

2
test/iosacl/testios1-1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:07:14 2011 PST by vadim
! Generated Sat Mar 12 19:44:07 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

2
test/iosacl/testios1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:07:14 2011 PST by vadim
! Generated Sat Mar 12 19:44:07 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

2
test/iosacl/testios2.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:07:14 2011 PST by vadim
! Generated Sat Mar 12 19:44:07 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

2
test/iosacl/testios20-v12.3.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:07:14 2011 PST by vadim
! Generated Sat Mar 12 19:44:07 2011 PST by vadim
!
! Compiled for iosacl 12.3
!

2
test/iosacl/testios20.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:07:14 2011 PST by vadim
! Generated Sat Mar 12 19:44:07 2011 PST by vadim
!
! Compiled for iosacl 12.4
!

2
test/iosacl/testios3.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:07:14 2011 PST by vadim
! Generated Sat Mar 12 19:44:08 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

2
test/iosacl/testios4.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:07:14 2011 PST by vadim
! Generated Sat Mar 12 19:44:08 2011 PST by vadim
!
! Compiled for iosacl 12.4
!

4
test/iosacl/testios5-1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:07:15 2011 PST by vadim
! Generated Sat Mar 12 19:44:08 2011 PST by vadim
!
! Compiled for iosacl 12.4
!
@ -114,9 +114,9 @@ ip access-list extended e0_in
!
! Rule 10 (ethernet0)
permit tcp object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 match-all -urg +ack -psh -rst -syn -fin
permit tcp object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 match-all -urg +ack -psh -rst +syn -fin
permit tcp object-group id115999X79820.src.net.0 eq 80 object-group id115999X79820.dst.net.0 established
permit tcp object-group id115999X79820.src.net.0 eq 443 object-group id115999X79820.dst.net.0 established
permit tcp object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0 match-all -urg +ack -psh -rst +syn -fin
permit ip object-group id115999X79820.src.net.0 object-group id115999X79820.dst.net.0
!
! Rule 11 (ethernet0)

18
test/iosacl/testios5.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_iosacl v4.2.0.3499
!
! Generated Sat Mar 12 16:07:15 2011 PST by vadim
! Generated Sat Mar 12 19:44:08 2011 PST by vadim
!
! Compiled for iosacl 12.4
!
@ -122,17 +122,17 @@ ip access-list extended e0_in
!
! Rule 10 (ethernet0)
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 match-all -urg +ack -psh -rst -syn -fin
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
permit tcp 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 match-all -urg +ack -psh -rst -syn -fin
permit tcp 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
permit tcp 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 eq 80
permit tcp 22.22.21.0 0.0.0.255 10.10.11.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
permit tcp 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 match-all -urg +ack -psh -rst -syn -fin
permit tcp 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
permit tcp 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80
permit tcp 22.22.22.0 0.0.0.255 10.10.10.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
permit tcp 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 match-all -urg +ack -psh -rst -syn -fin
permit tcp 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
permit tcp 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 eq 80
permit tcp 22.22.22.0 0.0.0.255 10.10.11.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
!
! Rule 11 (ethernet0)
permit tcp 22.22.21.0 0.0.0.255 10.10.10.0 0.0.0.255
@ -253,17 +253,17 @@ ip access-list extended e0_out
!
! Rule 10 (ethernet0)
permit tcp 10.10.10.0 0.0.0.255 22.22.21.0 0.0.0.255 match-all -urg +ack -psh -rst -syn -fin
permit tcp 10.10.10.0 0.0.0.255 22.22.21.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
permit tcp 10.10.10.0 0.0.0.255 eq 80 22.22.21.0 0.0.0.255 established
permit tcp 10.10.10.0 0.0.0.255 22.22.21.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
permit tcp 10.10.10.0 0.0.0.255 22.22.22.0 0.0.0.255 match-all -urg +ack -psh -rst -syn -fin
permit tcp 10.10.10.0 0.0.0.255 22.22.22.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
permit tcp 10.10.10.0 0.0.0.255 eq 80 22.22.22.0 0.0.0.255 established
permit tcp 10.10.10.0 0.0.0.255 22.22.22.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
permit tcp 10.10.11.0 0.0.0.255 22.22.21.0 0.0.0.255 match-all -urg +ack -psh -rst -syn -fin
permit tcp 10.10.11.0 0.0.0.255 22.22.21.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
permit tcp 10.10.11.0 0.0.0.255 eq 80 22.22.21.0 0.0.0.255 established
permit tcp 10.10.11.0 0.0.0.255 22.22.21.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
permit tcp 10.10.11.0 0.0.0.255 22.22.22.0 0.0.0.255 match-all -urg +ack -psh -rst -syn -fin
permit tcp 10.10.11.0 0.0.0.255 22.22.22.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
permit tcp 10.10.11.0 0.0.0.255 eq 80 22.22.22.0 0.0.0.255 established
permit tcp 10.10.11.0 0.0.0.255 22.22.22.0 0.0.0.255 match-all -urg +ack -psh -rst +syn -fin
!
! Rule 11 (ethernet0)
permit tcp 10.10.10.0 0.0.0.255 22.22.21.0 0.0.0.255 established

92
test/ipf/firewall-ipf.conf.orig
View File

@ -77,30 +77,24 @@ pass out quick proto tcp from 211.11.11.11 to 192.168.1.10 port = 53 flags S
pass out quick proto tcp from 211.22.22.22 to 192.168.1.10 port = 53 flags S keep state
#
# Rule 12 (global)
pass in quick proto tcp from any to 192.168.1.10 port 9999 >< 10041 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 6667 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 3128 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 113 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 53 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 21 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 80 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 119 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 25 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 22 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 23 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 540 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 70 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 13 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 53 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 2105 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 21 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 70 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 80 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 443 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 143 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 993 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 6667 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 543 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 544 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 389 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 98 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 3306 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 2049 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 119 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 110 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 5432 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 515 flags S keep state
@ -109,34 +103,34 @@ pass in quick proto tcp from any to 192.168.1.10 port = 512 flags S keep sta
pass in quick proto tcp from any to 192.168.1.10 port = 513 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 514 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 4321 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 25 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 465 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 1080 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 3128 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 22 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 111 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 23 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port 9999 >< 10041 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 540 flags S keep state
pass in quick proto tcp from any to 192.168.1.10 port = 7100 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port 9999 >< 10041 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 6667 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 3128 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 113 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 53 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 21 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 80 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 119 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 25 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 22 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 23 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 540 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 70 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 13 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 53 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 2105 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 21 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 70 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 80 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 443 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 143 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 993 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 6667 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 543 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 544 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 389 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 98 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 3306 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 2049 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 119 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 110 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 5432 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 515 flags S keep state
@ -145,21 +139,27 @@ pass out quick proto tcp from any to 192.168.1.10 port = 512 flags S keep sta
pass out quick proto tcp from any to 192.168.1.10 port = 513 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 514 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 4321 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 25 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 465 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 1080 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 3128 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 22 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 111 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 23 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port 9999 >< 10041 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 540 flags S keep state
pass out quick proto tcp from any to 192.168.1.10 port = 7100 flags S keep state
#
# Rule 13 (global)
pass in quick proto icmp from any to 192.168.1.0/24 icmp-type 3 keep state
pass in quick proto icmp from any to 192.168.1.0/24 icmp-type 0 code 0 keep state
pass in quick proto icmp from any to 192.168.1.0/24 icmp-type 11 code 0 keep state
pass in quick proto icmp from any to 192.168.1.0/24 icmp-type 11 code 1 keep state
pass in quick proto icmp from any to 192.168.1.0/24 icmp-type 0 code 0 keep state
pass in quick proto icmp from any to 192.168.1.0/24 icmp-type 3 keep state
pass in quick proto tcp from any to 192.168.1.0/24 port = 3128 flags S keep state
pass out quick proto icmp from any to 192.168.1.0/24 icmp-type 3 keep state
pass out quick proto icmp from any to 192.168.1.0/24 icmp-type 0 code 0 keep state
pass out quick proto icmp from any to 192.168.1.0/24 icmp-type 11 code 0 keep state
pass out quick proto icmp from any to 192.168.1.0/24 icmp-type 11 code 1 keep state
pass out quick proto icmp from any to 192.168.1.0/24 icmp-type 0 code 0 keep state
pass out quick proto icmp from any to 192.168.1.0/24 icmp-type 3 keep state
pass out quick proto tcp from any to 192.168.1.0/24 port = 3128 flags S keep state
#
# Rule 14 (global)
@ -168,41 +168,41 @@ skip 1 in from any to 192.168.1.12/30
skip 8 in from any to any
pass in quick proto tcp from any to any port = 113 flags S keep state
pass in quick proto tcp from any to any port = 80 flags S keep state
pass in quick proto tcp from any to any port = 25 flags S keep state
pass in quick proto tcp from any to any port = 22 flags S keep state
pass in quick proto tcp from any to any port = 540 flags S keep state
pass in quick proto tcp from any to any port = 443 flags S keep state
pass in quick proto tcp from any to any port = 143 flags S keep state
pass in quick proto tcp from any to any port = 25 flags S keep state
pass in quick proto tcp from any to any port = 3128 flags S keep state
pass in quick proto tcp from any to any port = 22 flags S keep state
pass in quick proto tcp from any to any port = 540 flags S keep state
skip 2 out from any to 192.168.1.11
skip 1 out from any to 192.168.1.12/30
skip 8 out from any to any
pass out quick proto tcp from any to any port = 113 flags S keep state
pass out quick proto tcp from any to any port = 80 flags S keep state
pass out quick proto tcp from any to any port = 25 flags S keep state
pass out quick proto tcp from any to any port = 22 flags S keep state
pass out quick proto tcp from any to any port = 540 flags S keep state
pass out quick proto tcp from any to any port = 443 flags S keep state
pass out quick proto tcp from any to any port = 143 flags S keep state
pass out quick proto tcp from any to any port = 25 flags S keep state
pass out quick proto tcp from any to any port = 3128 flags S keep state
pass out quick proto tcp from any to any port = 22 flags S keep state
pass out quick proto tcp from any to any port = 540 flags S keep state
#
# Rule 15 (global)
pass in quick proto tcp from any to 192.168.1.11 port = 113 flags S keep state
pass in quick proto tcp from any to 192.168.1.11 port = 80 flags S keep state
pass in quick proto tcp from any to 192.168.1.11 port = 25 flags S keep state
pass in quick proto tcp from any to 192.168.1.11 port = 22 flags S keep state
pass in quick proto tcp from any to 192.168.1.11 port = 540 flags S keep state
pass in quick proto tcp from any to 192.168.1.11 port = 443 flags S keep state
pass in quick proto tcp from any to 192.168.1.11 port = 143 flags S keep state
pass in quick proto tcp from any to 192.168.1.11 port = 25 flags S keep state
pass in quick proto tcp from any to 192.168.1.11 port = 3128 flags S keep state
pass in quick proto tcp from any to 192.168.1.11 port = 22 flags S keep state
pass in quick proto tcp from any to 192.168.1.11 port = 540 flags S keep state
pass out quick proto tcp from any to 192.168.1.11 port = 113 flags S keep state
pass out quick proto tcp from any to 192.168.1.11 port = 80 flags S keep state
pass out quick proto tcp from any to 192.168.1.11 port = 25 flags S keep state
pass out quick proto tcp from any to 192.168.1.11 port = 22 flags S keep state
pass out quick proto tcp from any to 192.168.1.11 port = 540 flags S keep state
pass out quick proto tcp from any to 192.168.1.11 port = 443 flags S keep state
pass out quick proto tcp from any to 192.168.1.11 port = 143 flags S keep state
pass out quick proto tcp from any to 192.168.1.11 port = 25 flags S keep state
pass out quick proto tcp from any to 192.168.1.11 port = 3128 flags S keep state
pass out quick proto tcp from any to 192.168.1.11 port = 22 flags S keep state
pass out quick proto tcp from any to 192.168.1.11 port = 540 flags S keep state
#
# Rule 16 (global)
skip 5 in from any to 192.168.1.11
@ -213,12 +213,12 @@ skip 1 in from any to 192.168.1.15
skip 8 in from any to any
pass in quick proto tcp from any to any port = 113 flags S keep state
pass in quick proto tcp from any to any port = 80 flags S keep state
pass in quick proto tcp from any to any port = 25 flags S keep state
pass in quick proto tcp from any to any port = 22 flags S keep state
pass in quick proto tcp from any to any port = 540 flags S keep state
pass in quick proto tcp from any to any port = 443 flags S keep state
pass in quick proto tcp from any to any port = 143 flags S keep state
pass in quick proto tcp from any to any port = 25 flags S keep state
pass in quick proto tcp from any to any port = 3128 flags S keep state
pass in quick proto tcp from any to any port = 22 flags S keep state
pass in quick proto tcp from any to any port = 540 flags S keep state
skip 5 out from any to 192.168.1.11
skip 4 out from any to 192.168.1.12
skip 3 out from any to 192.168.1.13
@ -227,12 +227,12 @@ skip 1 out from any to 192.168.1.15
skip 8 out from any to any
pass out quick proto tcp from any to any port = 113 flags S keep state
pass out quick proto tcp from any to any port = 80 flags S keep state
pass out quick proto tcp from any to any port = 25 flags S keep state
pass out quick proto tcp from any to any port = 22 flags S keep state
pass out quick proto tcp from any to any port = 540 flags S keep state
pass out quick proto tcp from any to any port = 443 flags S keep state
pass out quick proto tcp from any to any port = 143 flags S keep state
pass out quick proto tcp from any to any port = 25 flags S keep state
pass out quick proto tcp from any to any port = 3128 flags S keep state
pass out quick proto tcp from any to any port = 22 flags S keep state
pass out quick proto tcp from any to any port = 540 flags S keep state
#
# Rule 17 (global)
pass in log level local0.warning quick proto icmp from 192.168.1.1 to 192.168.1.1 keep state

6
test/ipf/firewall.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3496
# Firewall Builder fwb_ipf v4.2.0.3499
#
# Generated Fri Mar 11 09:17:17 2011 PST by vadim
# Generated Sat Mar 12 19:44:26 2011 PST by vadim
#
# files: * firewall.fw ipf.fw
# files: firewall-ipf.conf ipf.conf
@ -175,7 +175,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Mar 11 09:17:17 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:26 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3496
# Firewall Builder fwb_ipf v4.2.0.3499
#
# Generated Fri Mar 11 09:17:17 2011 PST by vadim
# Generated Sat Mar 12 19:44:26 2011 PST by vadim
#
# files: * firewall1.fw /etc/ipf.fw
# files: firewall1-ipf.conf /etc/fw/ipf.conf
@ -83,7 +83,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:17:17 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:26 2011 by vadim"
set_kernel_vars
configure_interfaces

52
test/ipf/firewall10-ipf.conf.orig
View File

@ -17,10 +17,10 @@ skip 3 in from any to 192.168.2.20
skip 2 in from any to 192.168.2.30
skip 1 in from any to 192.168.2.40
skip 13 in from any to any
skip 12 in proto tcp from any to any port = 80
skip 11 in proto tcp from any to any port = 21
skip 10 in proto tcp from any to any port = 25
skip 9 in proto tcp from any to any port = 119
skip 12 in proto tcp from any to any port = 21
skip 11 in proto tcp from any to any port = 80
skip 10 in proto tcp from any to any port = 119
skip 9 in proto tcp from any to any port = 25
skip 5 out from 192.168.1.10 to any
skip 4 out from 192.168.1.20 to any
skip 3 out from 192.168.1.100 to any
@ -32,28 +32,28 @@ skip 3 out from any to 192.168.2.20
skip 2 out from any to 192.168.2.30
skip 1 out from any to 192.168.2.40
skip 13 out from any to any
skip 12 out proto tcp from any to any port = 80
skip 11 out proto tcp from any to any port = 21
skip 10 out proto tcp from any to any port = 25
skip 9 out proto tcp from any to any port = 119
skip 12 out proto tcp from any to any port = 21
skip 11 out proto tcp from any to any port = 80
skip 10 out proto tcp from any to any port = 119
skip 9 out proto tcp from any to any port = 25
skip 4 in from any to 192.168.2.10
skip 3 in from any to 192.168.2.20
skip 2 in from any to 192.168.2.30
skip 1 in from any to 192.168.2.40
skip 4 in from any to any
pass in quick proto tcp from any to any port = 80 flags S keep state
pass in quick proto tcp from any to any port = 21 flags S keep state
pass in quick proto tcp from any to any port = 25 flags S keep state
pass in quick proto tcp from any to any port = 80 flags S keep state
pass in quick proto tcp from any to any port = 119 flags S keep state
pass in quick proto tcp from any to any port = 25 flags S keep state
skip 4 out from any to 192.168.2.10
skip 3 out from any to 192.168.2.20
skip 2 out from any to 192.168.2.30
skip 1 out from any to 192.168.2.40
skip 4 out from any to any
pass out quick proto tcp from any to any port = 80 flags S keep state
pass out quick proto tcp from any to any port = 21 flags S keep state
pass out quick proto tcp from any to any port = 25 flags S keep state
pass out quick proto tcp from any to any port = 80 flags S keep state
pass out quick proto tcp from any to any port = 119 flags S keep state
pass out quick proto tcp from any to any port = 25 flags S keep state
#
# Rule 2 (global)
# firewall10:Policy:2: warning: Changing rule direction due to self reference
@ -64,10 +64,10 @@ skip 3 in from any to 22.22.22.22
skip 2 in from any to 192.168.1.1
skip 1 in from any to 192.168.2.0
skip 7 in from any to any
pass in quick proto icmp from any to any icmp-type 3 keep state
pass in quick proto icmp from any to any icmp-type 0 code 0 keep state
pass in quick proto icmp from any to any icmp-type 11 code 0 keep state
pass in quick proto icmp from any to any icmp-type 11 code 1 keep state
pass in quick proto icmp from any to any icmp-type 0 code 0 keep state
pass in quick proto icmp from any to any icmp-type 3 keep state
pass in quick proto tcp from 192.168.1.0/24 to 22.22.22.22 port = 22 flags S keep state
pass in quick proto tcp from 192.168.1.0/24 to 192.168.1.1 port = 22 flags S keep state
pass in quick proto tcp from 192.168.1.0/24 to 192.168.2.0 port = 22 flags S keep state
@ -84,10 +84,10 @@ skip 3 in from any to 192.168.2.20
skip 2 in from any to 192.168.2.30
skip 1 in from any to 192.168.2.40
skip 4 in from any to any
block in quick proto tcp from any to any port = 80
block in quick proto tcp from any to any port = 21
block in quick proto tcp from any to any port = 25
block in quick proto tcp from any to any port = 80
block in quick proto tcp from any to any port = 119
block in quick proto tcp from any to any port = 25
skip 5 out from 192.168.1.10 to any
skip 4 out from 192.168.1.20 to any
skip 3 out from 192.168.1.100 to any
@ -99,10 +99,10 @@ skip 3 out from any to 192.168.2.20
skip 2 out from any to 192.168.2.30
skip 1 out from any to 192.168.2.40
skip 4 out from any to any
block out quick proto tcp from any to any port = 80
block out quick proto tcp from any to any port = 21
block out quick proto tcp from any to any port = 25
block out quick proto tcp from any to any port = 80
block out quick proto tcp from any to any port = 119
block out quick proto tcp from any to any port = 25
#
# Rule 4 (global)
skip 1 in from 192.168.1.10 to any
@ -112,10 +112,10 @@ skip 3 in from any to 192.168.2.20
skip 2 in from any to 192.168.2.30
skip 1 in from any to 192.168.2.40
skip 4 in from any to any
block in quick proto tcp from any to any port = 80
block in quick proto tcp from any to any port = 21
block in quick proto tcp from any to any port = 25
block in quick proto tcp from any to any port = 80
block in quick proto tcp from any to any port = 119
block in quick proto tcp from any to any port = 25
skip 1 out from 192.168.1.10 to any
skip 9 out from any to any
skip 4 out from any to 192.168.2.10
@ -123,10 +123,10 @@ skip 3 out from any to 192.168.2.20
skip 2 out from any to 192.168.2.30
skip 1 out from any to 192.168.2.40
skip 4 out from any to any
block out quick proto tcp from any to any port = 80
block out quick proto tcp from any to any port = 21
block out quick proto tcp from any to any port = 25
block out quick proto tcp from any to any port = 80
block out quick proto tcp from any to any port = 119
block out quick proto tcp from any to any port = 25
#
# Rule 5 (global)
skip 5 in from 192.168.1.10 to any
@ -135,20 +135,20 @@ skip 3 in from 192.168.1.100 to any
skip 2 in from 192.168.1.110 to any
skip 1 in from 192.168.1.120 to any
skip 4 in from any to any
block in quick proto tcp from any to 192.168.2.10 port = 80
block in quick proto tcp from any to 192.168.2.10 port = 21
block in quick proto tcp from any to 192.168.2.10 port = 25
block in quick proto tcp from any to 192.168.2.10 port = 80
block in quick proto tcp from any to 192.168.2.10 port = 119
block in quick proto tcp from any to 192.168.2.10 port = 25
skip 5 out from 192.168.1.10 to any
skip 4 out from 192.168.1.20 to any
skip 3 out from 192.168.1.100 to any
skip 2 out from 192.168.1.110 to any
skip 1 out from 192.168.1.120 to any
skip 4 out from any to any
block out quick proto tcp from any to 192.168.2.10 port = 80
block out quick proto tcp from any to 192.168.2.10 port = 21
block out quick proto tcp from any to 192.168.2.10 port = 25
block out quick proto tcp from any to 192.168.2.10 port = 80
block out quick proto tcp from any to 192.168.2.10 port = 119
block out quick proto tcp from any to 192.168.2.10 port = 25
#
# Rule 6 (global)
skip 5 in from 192.168.1.10 to any

6
test/ipf/firewall10.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3496
# Firewall Builder fwb_ipf v4.2.0.3499
#
# Generated Fri Mar 11 09:17:17 2011 PST by vadim
# Generated Sat Mar 12 19:44:26 2011 PST by vadim
#
# files: * firewall10.fw /etc/firewall10.fw
# files: firewall10-ipf.conf /etc/firewall10-ipf.conf
@ -75,7 +75,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:17:17 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:26 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall11.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3496
# Firewall Builder fwb_ipf v4.2.0.3499
#
# Generated Fri Mar 11 09:17:17 2011 PST by vadim
# Generated Sat Mar 12 19:44:26 2011 PST by vadim
#
# files: * firewall11.fw /etc/firewall11.fw
# files: firewall11-ipf.conf /etc/firewall11-ipf.conf
@ -168,7 +168,7 @@ configure_interfaces() {
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Mar 11 09:17:17 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:26 2011 by vadim"
set_kernel_vars
configure_interfaces

10
test/ipf/firewall2-nat.conf.orig
View File

@ -30,14 +30,14 @@ map eth3 from 192.168.1.20/32 to any -> 22.22.22.23/32
map eth2 from 192.168.1.20/32 to any -> 22.22.22.23/32
#
# Rule 2 (NAT)
map eth1 from 192.168.1.0/24 to any port = 22 -> 22.22.22.22/32 portmap tcp/udp auto
map eth3 from 192.168.1.0/24 to any port = 22 -> 22.22.23.23/32 portmap tcp/udp auto
map eth0 from 192.168.1.0/24 to any port = 22 -> 192.168.1.1/32 portmap tcp/udp auto
map eth2 from 192.168.1.0/24 to any port = 22 -> 192.168.2.1/32 portmap tcp/udp auto
map eth1 from 192.168.1.0/24 to any -> 22.22.22.22/32 proxy port 21 ftp/tcp
map eth3 from 192.168.1.0/24 to any -> 22.22.23.23/32 proxy port 21 ftp/tcp
map eth0 from 192.168.1.0/24 to any -> 192.168.1.1/32 proxy port 21 ftp/tcp
map eth2 from 192.168.1.0/24 to any -> 192.168.2.1/32 proxy port 21 ftp/tcp
map eth1 from 192.168.1.0/24 to any port = 22 -> 22.22.22.22/32 portmap tcp/udp auto
map eth3 from 192.168.1.0/24 to any port = 22 -> 22.22.23.23/32 portmap tcp/udp auto
map eth0 from 192.168.1.0/24 to any port = 22 -> 192.168.1.1/32 portmap tcp/udp auto
map eth2 from 192.168.1.0/24 to any port = 22 -> 192.168.2.1/32 portmap tcp/udp auto
#
# Rule 3 (NAT)
map eth1 from 192.168.1.0/24 to any port = 22 -> 22.22.22.22/32 portmap tcp/udp auto
@ -289,8 +289,8 @@ rdr eth1 from any to 22.22.22.23/32 port = 80 -> 192.168.1.10 port 25 tcp
map eth2 from 192.168.1.0/24 to 192.168.2.0/24 -> 0/0 proxy port 21 ftp/tcp
#
# Rule 20 (NAT)
map eth2 from 192.168.1.0/24 to 192.168.2.0/24 -> 0/0 proxy port 21 ftp/tcp
map eth2 from 192.168.1.0/24 to 192.168.2.0/24 -> 0/0 proxy port 1720 h323/tcp
map eth2 from 192.168.1.0/24 to 192.168.2.0/24 -> 0/0 proxy port 21 ftp/tcp
#
# Rule 21 (NAT)
map eth2 from 192.168.1.0/24 to 192.168.2.0/24 port = 80 -> 0/0

6
test/ipf/firewall2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3496
# Firewall Builder fwb_ipf v4.2.0.3499
#
# Generated Fri Mar 11 09:17:19 2011 PST by vadim
# Generated Sat Mar 12 19:44:27 2011 PST by vadim
#
# files: * firewall2.fw /etc/fw/firewall2.fw
# files: firewall2-ipf.conf /etc/fw/firewall2-ipf.conf
@ -79,7 +79,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:17:19 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:27 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall34.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3496
# Firewall Builder fwb_ipf v4.2.0.3499
#
# Generated Fri Mar 11 09:17:19 2011 PST by vadim
# Generated Sat Mar 12 19:44:27 2011 PST by vadim
#
# files: * firewall34.fw /etc/fw/firewall34.fw
# files: firewall34-ipf.conf /etc/fw/firewall34-ipf.conf
@ -168,7 +168,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Mar 11 09:17:19 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:27 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall35.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3496
# Firewall Builder fwb_ipf v4.2.0.3499
#
# Generated Fri Mar 11 09:17:19 2011 PST by vadim
# Generated Sat Mar 12 19:44:27 2011 PST by vadim
#
# files: * firewall35.fw /etc/firewall35.fw
# files: firewall35-ipf.conf /etc/firewall35-ipf.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:17:19 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:27 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3496
# Firewall Builder fwb_ipf v4.2.0.3499
#
# Generated Fri Mar 11 09:17:19 2011 PST by vadim
# Generated Sat Mar 12 19:44:27 2011 PST by vadim
#
# files: * firewall4.fw /etc/fw/firewall4.fw
# files: firewall4-ipf.conf /etc/fw/firewall4-ipf.conf
@ -80,7 +80,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:17:19 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:27 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3496
# Firewall Builder fwb_ipf v4.2.0.3499
#
# Generated Fri Mar 11 09:17:19 2011 PST by vadim
# Generated Sat Mar 12 19:44:27 2011 PST by vadim
#
# files: * firewall5.fw /etc/firewall5.fw
# files: firewall5-ipf.conf /etc/firewall5-ipf.conf
@ -92,7 +92,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:17:19 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:27 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3496
# Firewall Builder fwb_ipf v4.2.0.3499
#
# Generated Fri Mar 11 09:17:20 2011 PST by vadim
# Generated Sat Mar 12 19:44:28 2011 PST by vadim
#
# files: * firewall7.fw /etc/fw/firewall7.fw
# files: firewall7-ipf.conf /etc/fw/firewall7-ipf.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:17:20 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:28 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3496
# Firewall Builder fwb_ipf v4.2.0.3499
#
# Generated Fri Mar 11 09:17:20 2011 PST by vadim
# Generated Sat Mar 12 19:44:28 2011 PST by vadim
#
# files: * firewall8.fw /etc/firewall8.fw
# files: firewall8-ipf.conf /etc/firewall8-ipf.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:17:20 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:28 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/ipf/firewall9-ipf.conf.orig
View File

@ -6,10 +6,10 @@ skip 1 in on le1 from 33.33.33.0/24 to any
block in log quick on le1 from any to any
#
# Rule 1 (le1)
pass in quick on le1 proto icmp from 33.33.33.0/24 to 192.168.1.10 icmp-type 3 keep state
pass in quick on le1 proto icmp from 33.33.33.0/24 to 192.168.1.10 icmp-type 0 code 0 keep state
pass in quick on le1 proto icmp from 33.33.33.0/24 to 192.168.1.10 icmp-type 11 code 0 keep state
pass in quick on le1 proto icmp from 33.33.33.0/24 to 192.168.1.10 icmp-type 11 code 1 keep state
pass in quick on le1 proto icmp from 33.33.33.0/24 to 192.168.1.10 icmp-type 0 code 0 keep state
pass in quick on le1 proto icmp from 33.33.33.0/24 to 192.168.1.10 icmp-type 3 keep state
pass in quick on le1 proto tcp from 33.33.33.0/24 to 192.168.1.10 port = 22 flags S keep state
#
# Rule 2 (le1)

6
test/ipf/firewall9.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3496
# Firewall Builder fwb_ipf v4.2.0.3499
#
# Generated Fri Mar 11 09:17:20 2011 PST by vadim
# Generated Sat Mar 12 19:44:28 2011 PST by vadim
#
# files: * firewall9.fw /etc/firewall9.fw
# files: firewall9-ipf.conf /etc/firewall9-ipf.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:17:20 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:28 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/host-ipf.conf.orig
View File

@ -79,10 +79,10 @@ block in log quick from any to 22.22.22.22 with short
# host:Policy:5: warning: Changing rule direction due to self reference
pass in quick proto icmp from any to 22.22.22.22 icmp-type 3 keep state
pass in quick proto tcp from any to 22.22.22.22 port = 25 keep state
pass in quick proto tcp from any to 22.22.22.22 port = 80 keep state
pass in quick proto tcp from any to 22.22.22.22 port = 22 keep state
pass in quick proto tcp from any to 22.22.22.22 port = 21 keep state
pass in quick proto tcp from any to 22.22.22.22 port = 80 keep state
pass in quick proto tcp from any to 22.22.22.22 port = 25 keep state
pass in quick proto tcp from any to 22.22.22.22 port = 22 keep state
pass in quick proto tcp from any to 22.22.22.22 port = 23 keep state
#
# Rule 6 (global)

6
test/ipf/host.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3496
# Firewall Builder fwb_ipf v4.2.0.3499
#
# Generated Fri Mar 11 09:17:20 2011 PST by vadim
# Generated Sat Mar 12 19:44:28 2011 PST by vadim
#
# files: * host.fw /etc/fw/host.fw
# files: host-ipf.conf /etc/fw/host-ipf.conf
@ -78,7 +78,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:17:20 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:28 2011 by vadim"
set_kernel_vars
configure_interfaces

30
test/ipfw/firewall.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3496
# Firewall Builder fwb_ipfw v4.2.0.3499
#
# Generated Fri Mar 11 09:18:23 2011 PST by vadim
# Generated Sat Mar 12 19:44:43 2011 PST by vadim
#
# files: * firewall.fw ipfw.fw
#
@ -81,7 +81,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:18:23 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:43 2011 by vadim"
set_kernel_vars
configure_interfaces
@ -150,31 +150,31 @@ prolog_commands
"$IPFW" add 180 set 1 permit tcp from 211.22.22.22 to 192.168.1.10 53 setup keep-state || exit 1
#
# Rule 13 (global)
"$IPFW" add 190 set 1 permit tcp from any to 192.168.1.10 10000-11000,6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443,143,993,6667,543,544,389,98,3306,2049,110,5432,515,26000,512,513,514,4321,465,1080,111,7100 setup keep-state || exit 1
"$IPFW" add 190 set 1 permit tcp from any to 192.168.1.10 10000-11000,113,13,53,2105,21,70,80,443,143,993,6667,6667,543,544,389,98,3306,2049,119,110,5432,515,26000,512,513,514,4321,25,465,1080,3128,22,111,23,540,7100 setup keep-state || exit 1
#
# Rule 14 (global)
"$IPFW" add 200 set 1 permit tcp from any to 192.168.1.11 113,80,25,22,540,443,143,3128 setup keep-state || exit 1
"$IPFW" add 200 set 1 permit tcp from any to 192.168.1.11 113,80,443,143,25,3128,22,540 setup keep-state || exit 1
#
# Rule 15 (global)
"$IPFW" add 210 set 1 permit tcp from any to 192.168.1.11 113,80,25,22,540,443,143,3128 setup keep-state || exit 1
"$IPFW" add 220 set 1 permit tcp from any to 192.168.1.12/30 113,80,25,22,540,443,143,3128 setup keep-state || exit 1
"$IPFW" add 210 set 1 permit tcp from any to 192.168.1.11 113,80,443,143,25,3128,22,540 setup keep-state || exit 1
"$IPFW" add 220 set 1 permit tcp from any to 192.168.1.12/30 113,80,443,143,25,3128,22,540 setup keep-state || exit 1
#
# Rule 16 (global)
"$IPFW" add 230 set 1 permit tcp from any to 192.168.1.11 113,80,25,22,540,443,143,3128 setup keep-state || exit 1
"$IPFW" add 240 set 1 permit tcp from any to 192.168.1.12 113,80,25,22,540,443,143,3128 setup keep-state || exit 1
"$IPFW" add 250 set 1 permit tcp from any to 192.168.1.13 113,80,25,22,540,443,143,3128 setup keep-state || exit 1
"$IPFW" add 260 set 1 permit tcp from any to 192.168.1.14 113,80,25,22,540,443,143,3128 setup keep-state || exit 1
"$IPFW" add 270 set 1 permit tcp from any to 192.168.1.15 113,80,25,22,540,443,143,3128 setup keep-state || exit 1
"$IPFW" add 230 set 1 permit tcp from any to 192.168.1.11 113,80,443,143,25,3128,22,540 setup keep-state || exit 1
"$IPFW" add 240 set 1 permit tcp from any to 192.168.1.12 113,80,443,143,25,3128,22,540 setup keep-state || exit 1
"$IPFW" add 250 set 1 permit tcp from any to 192.168.1.13 113,80,443,143,25,3128,22,540 setup keep-state || exit 1
"$IPFW" add 260 set 1 permit tcp from any to 192.168.1.14 113,80,443,143,25,3128,22,540 setup keep-state || exit 1
"$IPFW" add 270 set 1 permit tcp from any to 192.168.1.15 113,80,443,143,25,3128,22,540 setup keep-state || exit 1
#
# Rule 17 (global)
"$IPFW" add 280 set 1 permit icmp from any to 192.168.1.0/24 icmptypes 11,11,0,3 keep-state || exit 1
"$IPFW" add 280 set 1 permit icmp from any to 192.168.1.0/24 icmptypes 3,0,11,11 keep-state || exit 1
"$IPFW" add 290 set 1 permit tcp from any to 192.168.1.0/24 3128 setup keep-state || exit 1
#
# Rule 18 (global)
"$IPFW" add 300 set 1 permit icmp from any to 192.168.1.0/24 icmptypes 11,11,0,3 keep-state || exit 1
"$IPFW" add 300 set 1 permit icmp from any to 192.168.1.0/24 icmptypes 3,0,11,11 keep-state || exit 1
"$IPFW" add 310 set 1 permit tcp from any 20 to 192.168.1.0/24 1024-65535 setup keep-state || exit 1
"$IPFW" add 320 set 1 permit tcp from any to 192.168.1.0/24 10000-11000 setup keep-state || exit 1
"$IPFW" add 330 set 1 permit tcp from any to 192.168.1.0/24 6000-6063,3128,6667,113,53,21,80,119,25,22,23,540,70,13,2105,443,143,993,6667,543,544,389,98,3306,2049,110,5432,515,26000,512,513,514,4321,465,1080,111,7100 setup keep-state || exit 1
"$IPFW" add 330 set 1 permit tcp from any to 192.168.1.0/24 6000-6063,113,13,53,2105,21,70,80,443,143,993,6667,6667,543,544,389,98,3306,2049,119,110,5432,515,26000,512,513,514,4321,25,465,1080,3128,22,111,23,540,7100 setup keep-state || exit 1
#
# Rule 19 (global)
"$IPFW" add 340 set 1 permit log all from me to me keep-state || exit 1

6
test/ipfw/firewall1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3496
# Firewall Builder fwb_ipfw v4.2.0.3499
#
# Generated Fri Mar 11 09:18:23 2011 PST by vadim
# Generated Sat Mar 12 19:44:44 2011 PST by vadim
#
# files: * firewall1.fw /etc/firewall1.fw
#
@ -83,7 +83,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:18:23 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:44 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3496
# Firewall Builder fwb_ipfw v4.2.0.3499
#
# Generated Fri Mar 11 09:18:24 2011 PST by vadim
# Generated Sat Mar 12 19:44:44 2011 PST by vadim
#
# files: * firewall2.fw /etc/firewall2.fw
#
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:18:24 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:44 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall33.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3496
# Firewall Builder fwb_ipfw v4.2.0.3499
#
# Generated Fri Mar 11 09:18:24 2011 PST by vadim
# Generated Sat Mar 12 19:44:44 2011 PST by vadim
#
# files: * firewall33.fw /etc/fw/firewall33.fw
#
@ -169,7 +169,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Mar 11 09:18:24 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:44 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall34.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3496
# Firewall Builder fwb_ipfw v4.2.0.3499
#
# Generated Fri Mar 11 09:18:24 2011 PST by vadim
# Generated Sat Mar 12 19:44:44 2011 PST by vadim
#
# files: * firewall34.fw /etc/firewall34.fw
#
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:18:24 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:44 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3496
# Firewall Builder fwb_ipfw v4.2.0.3499
#
# Generated Fri Mar 11 09:18:24 2011 PST by vadim
# Generated Sat Mar 12 19:44:44 2011 PST by vadim
#
# files: * firewall4.fw /etc/firewall4.fw
#
@ -80,7 +80,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:18:24 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:44 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3496
# Firewall Builder fwb_ipfw v4.2.0.3499
#
# Generated Fri Mar 11 09:18:25 2011 PST by vadim
# Generated Sat Mar 12 19:44:44 2011 PST by vadim
#
# files: * firewall7.fw /etc/firewall7.fw
#
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:18:25 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:44 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3496
# Firewall Builder fwb_ipfw v4.2.0.3499
#
# Generated Fri Mar 11 09:18:25 2011 PST by vadim
# Generated Sat Mar 12 19:44:44 2011 PST by vadim
#
# files: * firewall8.fw /etc/firewall8.fw
#
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:18:25 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:44 2011 by vadim"
set_kernel_vars
configure_interfaces

8
test/ipfw/firewall9.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3496
# Firewall Builder fwb_ipfw v4.2.0.3499
#
# Generated Fri Mar 11 09:18:25 2011 PST by vadim
# Generated Sat Mar 12 19:44:44 2011 PST by vadim
#
# files: * firewall9.fw /etc/firewall9.fw
#
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:18:25 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:44 2011 by vadim"
set_kernel_vars
configure_interfaces
@ -98,7 +98,7 @@ prolog_commands
"$IPFW" add 20 set 1 drop log all from any to any in recv firewall9:eth1 || exit 1
#
# Rule 1 (firewall9:eth1)
"$IPFW" add 30 set 1 permit icmp from 33.33.33.0/24 to 192.168.1.10 icmptypes 11,11,0,3 in recv firewall9:eth1 keep-state || exit 1
"$IPFW" add 30 set 1 permit icmp from 33.33.33.0/24 to 192.168.1.10 icmptypes 3,0,11,11 in recv firewall9:eth1 keep-state || exit 1
"$IPFW" add 40 set 1 permit tcp from 33.33.33.0/24 to 192.168.1.10 22 in recv firewall9:eth1 setup keep-state || exit 1
#
# Rule 2 (firewall9:eth1)

8
test/ipfw/host.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3496
# Firewall Builder fwb_ipfw v4.2.0.3499
#
# Generated Fri Mar 11 09:18:25 2011 PST by vadim
# Generated Sat Mar 12 19:44:45 2011 PST by vadim
#
# files: * host.fw /etc/host.fw
#
@ -79,7 +79,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:18:25 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:45 2011 by vadim"
set_kernel_vars
configure_interfaces
@ -120,7 +120,7 @@ prolog_commands
# host:Policy:5: warning: Changing rule direction due to self reference
"$IPFW" add 60 set 1 permit icmp from any to me icmptypes 3 in keep-state || exit 1
"$IPFW" add 70 set 1 permit tcp from any to me 25,80,22,21,23 in setup keep-state || exit 1
"$IPFW" add 70 set 1 permit tcp from any to me 21,80,25,22,23 in setup keep-state || exit 1
#
# Rule 6 (global)
# allow all outgoing connections

14
test/ipfw/mac.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3496
# Firewall Builder fwb_ipfw v4.2.0.3499
#
# Generated Fri Mar 11 09:18:25 2011 PST by vadim
# Generated Sat Mar 12 19:44:45 2011 PST by vadim
#
# files: * mac.fw /etc/mac.fw
#
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Mar 11 09:18:25 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:44:45 2011 by vadim"
set_kernel_vars
configure_interfaces
@ -109,16 +109,16 @@ prolog_commands
# Rule 3 (global)
# mac:Policy:3: warning: Changing rule direction due to self reference
"$IPFW" add 50 set 1 permit icmp from any to me icmptypes 11,11,0,3 in keep-state || exit 1
"$IPFW" add 60 set 1 permit tcp from any to me 22,25 in setup keep-state || exit 1
"$IPFW" add 50 set 1 permit icmp from any to me icmptypes 3,0,11,11 in keep-state || exit 1
"$IPFW" add 60 set 1 permit tcp from any to me 25,22 in setup keep-state || exit 1
"$IPFW" add 70 set 1 permit udp from any to me in keep-state || exit 1
#
# Rule 4 (global)
# mac:Policy:4: warning: Changing rule direction due to self reference
"$IPFW" add 80 set 1 permit icmp from me to any icmptypes 11,11,0,3 out keep-state || exit 1
"$IPFW" add 80 set 1 permit icmp from me to any icmptypes 3,0,11,11 out keep-state || exit 1
"$IPFW" add 90 set 1 permit tcp from me to any out setup keep-state || exit 1
"$IPFW" add 100 set 1 permit udp from me to any 53,68,67 out keep-state || exit 1
"$IPFW" add 100 set 1 permit udp from me to any 68,67,53 out keep-state || exit 1
#
# Rule 5 (global)
"$IPFW" add 110 set 1 drop log all from any to any || exit 1

4
test/ipt/cluster1_secuwall-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:44 2011 PST by vadim
# Generated Sat Mar 12 19:42:47 2011 PST by vadim
#
# files: * cluster1_secuwall-1.fw /etc/cluster1_secuwall-1.fw
#
@ -588,7 +588,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:44 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:47 2011 by vadim"
log "Database was cluster-tests.fwb"
check_tools
check_run_time_address_table_files

4
test/ipt/firewall-base-rulesets.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:50 2011 PST by vadim
# Generated Sat Mar 12 19:42:09 2011 PST by vadim
#
# files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
#
@ -445,7 +445,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:50 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:09 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/firewall-ipv6-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:55 2011 PST by vadim
# Generated Sat Mar 12 19:42:16 2011 PST by vadim
#
# files: * firewall-ipv6-1.fw /etc/firewall-ipv6-1.fw
#
@ -561,8 +561,8 @@ script_body() {
# for bug 2462927, ipv6 networks with /32
# netmask
$IP6TABLES -A INPUT -s 2001:db8::/32 -j DROP
$IP6TABLES -A INPUT -s 3fff:ffff::/32 -j DROP
$IP6TABLES -A INPUT -s 3fff:ffff::/16 -j DROP
$IP6TABLES -A INPUT -s 3fff:ffff::/32 -j DROP
#
# Rule Policy_ipv6 6 (global)
#
@ -612,8 +612,8 @@ script_body() {
#
# firewall-ipv6-1:Policy_ipv6:10: warning: Making rule stateless because it matches ICMPv6
$IP6TABLES -A INPUT -p tcp -m tcp -m multiport --dports 139,135,42,445,88,389,636,3268,3269,53 -m state --state NEW -j ACCEPT
$IP6TABLES -A INPUT -p udp -m udp -m multiport --dports 138,137,53,88 -m state --state NEW -j ACCEPT
$IP6TABLES -A INPUT -p tcp -m tcp -m multiport --dports 3268,3269,445,42,53,88,389,636,135,139 -m state --state NEW -j ACCEPT
$IP6TABLES -A INPUT -p udp -m udp -m multiport --dports 53,88,138,137 -m state --state NEW -j ACCEPT
$IP6TABLES -A INPUT -p ipv6-icmp -j ACCEPT
#
# Rule Policy_ipv6 11 (global)
@ -702,7 +702,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:55 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:16 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall-ipv6-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 13:14:16 2011 PST by vadim
# Generated Sat Mar 12 19:42:17 2011 PST by vadim
#
# files: * firewall-ipv6-2.fw /etc/firewall-ipv6-2.fw
#
@ -966,7 +966,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 13:14:16 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:17 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall-ipv6-3.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:04 2011 PST by vadim
# Generated Sat Mar 12 19:42:24 2011 PST by vadim
#
# files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
#
@ -596,7 +596,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:04 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall-ipv6-4-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:13 2011 PST by vadim
# Generated Sat Mar 12 19:42:31 2011 PST by vadim
#
# files: * firewall-ipv6-4-1.fw /etc/firewall-ipv6-4-1.fw
#
@ -545,7 +545,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:13 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:31 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall-ipv6-4.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:08 2011 PST by vadim
# Generated Sat Mar 12 19:42:24 2011 PST by vadim
#
# files: * firewall-ipv6-4.fw /etc/firewall-ipv6-4.fw
#
@ -581,7 +581,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:08 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall-ipv6-5.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:11 2011 PST by vadim
# Generated Sat Mar 12 19:42:26 2011 PST by vadim
#
# files: * firewall-ipv6-5.fw /etc/firewall-ipv6-5.fw
#
@ -412,7 +412,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:11 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:26 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall-ipv6-6.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:15 2011 PST by vadim
# Generated Sat Mar 12 19:42:28 2011 PST by vadim
#
# files: * firewall-ipv6-6.fw /etc/firewall-ipv6-6.fw
#
@ -399,7 +399,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:15 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:28 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall-ipv6-7.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:16 2011 PST by vadim
# Generated Sat Mar 12 19:42:29 2011 PST by vadim
#
# files: * firewall-ipv6-7.fw /etc/firewall-ipv6-7.fw
#
@ -443,7 +443,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:16 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:29 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall-ipv6-8.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:19 2011 PST by vadim
# Generated Sat Mar 12 19:42:31 2011 PST by vadim
#
# files: * firewall-ipv6-8.fw /etc/firewall-ipv6-8.fw
#
@ -484,7 +484,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:19 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:31 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:20 2011 PST by vadim
# Generated Sat Mar 12 19:42:33 2011 PST by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-after-flush.fw /etc/firewall-ipv6-ipt-reset-prolog-after-flush.fw
#
@ -450,7 +450,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:20 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:33 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:22 2011 PST by vadim
# Generated Sat Mar 12 19:42:33 2011 PST by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-after-interfaces.fw /etc/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw
#
@ -450,7 +450,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:22 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:33 2011 by vadim"
check_tools
check_run_time_address_table_files

4
test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:24 2011 PST by vadim
# Generated Sat Mar 12 19:42:35 2011 PST by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-top.fw /etc/firewall-ipv6-ipt-reset-prolog-top.fw
#
@ -450,7 +450,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:24 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:35 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall-ipv6-prolog-after-flush.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:26 2011 PST by vadim
# Generated Sat Mar 12 19:42:35 2011 PST by vadim
#
# files: * firewall-ipv6-prolog-after-flush.fw /etc/firewall-ipv6-prolog-after-flush.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:26 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:35 2011 by vadim"
check_tools
check_run_time_address_table_files

4
test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:27 2011 PST by vadim
# Generated Sat Mar 12 19:42:37 2011 PST by vadim
#
# files: * firewall-ipv6-prolog-after-interfaces.fw /etc/firewall-ipv6-prolog-after-interfaces.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:27 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:37 2011 by vadim"
check_tools
check_run_time_address_table_files

4
test/ipt/firewall-ipv6-prolog-top.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:29 2011 PST by vadim
# Generated Sat Mar 12 19:42:37 2011 PST by vadim
#
# files: * firewall-ipv6-prolog-top.fw /etc/firewall-ipv6-prolog-top.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:29 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:37 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall-server-1-s.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:30 2011 PST by vadim
# Generated Sat Mar 12 19:42:39 2011 PST by vadim
#
# files: * firewall-server-1-s.fw /etc/fw/firewall-server-1-s.fw
#
@ -393,7 +393,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:30 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:39 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

62
test/ipt/firewall.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:22 2011 PST by vadim
# Generated Sat Mar 12 19:40:31 2011 PST by vadim
#
# files: * firewall.fw /etc/fw/firewall.fw
#
@ -520,9 +520,9 @@ script_body() {
# no more than 15 ports
# per rule
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 222.222.222.222 --dport 10000:11000 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 222.222.222.222 --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 222.222.222.222 --dports 143,993,6667,543,544,389,98,3306,2049,110,5432,515,26000,512,513 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 222.222.222.222 --dports 514,4321,465,1080,111,7100 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 222.222.222.222 --dports 113,13,53,2105,21,70,80,443,143,993,6667,6667,543,544,389 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 222.222.222.222 --dports 98,3306,2049,119,110,5432,515,26000,512,513,514,4321,25,465,1080 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 222.222.222.222 --dports 3128,22,111,23,540,7100 -j DNAT --to-destination 192.168.1.10
#
# Rule 24 (NAT)
#
@ -535,9 +535,9 @@ script_body() {
$IPTABLES -t nat -N Cid3EF4288E.0
$IPTABLES -t nat -A PREROUTING -d 222.222.222.222 -j Cid3EF4288E.0
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp --dport 10000:11000 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp -m multiport --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp -m multiport --dports 143,993,6667,543,544,389,98,3306,2049,110,5432,515,26000,512,513 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp -m multiport --dports 514,4321,465,1080,111,7100 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,143,993,6667,6667,543,544,389 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp -m multiport --dports 98,3306,2049,119,110,5432,515,26000,512,513,514,4321,25,465,1080 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -p tcp -m tcp -m multiport --dports 3128,22,111,23,540,7100 -j RETURN
$IPTABLES -t nat -A Cid3EF4288E.0 -j DNAT --to-destination 192.168.1.10
@ -784,17 +784,17 @@ script_body() {
#
$IPTABLES -N RULE_22
$IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type any -j RULE_22
$IPTABLES -A OUTPUT -p tcp -m tcp --tcp-flags ALL NONE -j RULE_22
$IPTABLES -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RULE_22
$IPTABLES -A OUTPUT -p tcp -m tcp --tcp-flags ALL ACK,RST,SYN,FIN -j RULE_22
$IPTABLES -A OUTPUT -p tcp -m tcp --tcp-flags ALL NONE -j RULE_22
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type any -j RULE_22
$IPTABLES -A INPUT -p tcp -m tcp --tcp-flags ALL NONE -j RULE_22
$IPTABLES -A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RULE_22
$IPTABLES -A INPUT -p tcp -m tcp --tcp-flags ALL ACK,RST,SYN,FIN -j RULE_22
$IPTABLES -A INPUT -p tcp -m tcp --tcp-flags ALL NONE -j RULE_22
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type any -j RULE_22
$IPTABLES -A FORWARD -p tcp -m tcp --tcp-flags ALL NONE -j RULE_22
$IPTABLES -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RULE_22
$IPTABLES -A FORWARD -p tcp -m tcp --tcp-flags ALL ACK,RST,SYN,FIN -j RULE_22
$IPTABLES -A FORWARD -p tcp -m tcp --tcp-flags ALL NONE -j RULE_22
$IPTABLES -A RULE_22 -m limit --limit 5/second -j LOG --log-level 7 --log-prefix "CUSTOM LOGGING"
$IPTABLES -A RULE_22 -j DROP
#
@ -979,9 +979,9 @@ script_body() {
$IPTABLES -N Cpol-firewall2-2.0
$IPTABLES -A FORWARD -p tcp -m tcp -d 192.168.1.10 --dport 10000:11000 -m state --state NEW -j Cpol-firewall2-2.0
$IPTABLES -A FORWARD -p tcp -m tcp -m multiport -d 192.168.1.10 --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -m state --state NEW -j Cpol-firewall2-2.0
$IPTABLES -A FORWARD -p tcp -m tcp -m multiport -d 192.168.1.10 --dports 143,993,6667,543,544,389,98,3306,2049,110,5432,515,26000,512,513 -m state --state NEW -j Cpol-firewall2-2.0
$IPTABLES -A FORWARD -p tcp -m tcp -m multiport -d 192.168.1.10 --dports 514,4321,465,1080,111,7100 -m state --state NEW -j Cpol-firewall2-2.0
$IPTABLES -A FORWARD -p tcp -m tcp -m multiport -d 192.168.1.10 --dports 113,13,53,2105,21,70,80,443,143,993,6667,6667,543,544,389 -m state --state NEW -j Cpol-firewall2-2.0
$IPTABLES -A FORWARD -p tcp -m tcp -m multiport -d 192.168.1.10 --dports 98,3306,2049,119,110,5432,515,26000,512,513,514,4321,25,465,1080 -m state --state NEW -j Cpol-firewall2-2.0
$IPTABLES -A FORWARD -p tcp -m tcp -m multiport -d 192.168.1.10 --dports 3128,22,111,23,540,7100 -m state --state NEW -j Cpol-firewall2-2.0
$IPTABLES -A Cpol-firewall2-2.0 -m mac --mac-source 00:10:4b:de:e9:70 -j ACCEPT
$IPTABLES -A Cpol-firewall2-2.0 -m mac --mac-source 00:10:4b:de:e9:71 -j ACCEPT
$IPTABLES -A Cpol-firewall2-2.0 -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT
@ -1037,9 +1037,9 @@ script_body() {
#
$IPTABLES -N Cid3FB8455E.0
$IPTABLES -A FORWARD -p tcp -m tcp --dport 10000:11000 -m state --state NEW -j Cid3FB8455E.0
$IPTABLES -A FORWARD -p tcp -m tcp -m multiport --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -m state --state NEW -j Cid3FB8455E.0
$IPTABLES -A FORWARD -p tcp -m tcp -m multiport --dports 143,993,6667,543,544,389,98,3306,2049,110,5432,515,26000,512,513 -m state --state NEW -j Cid3FB8455E.0
$IPTABLES -A FORWARD -p tcp -m tcp -m multiport --dports 514,4321,465,1080,111,7100 -m state --state NEW -j Cid3FB8455E.0
$IPTABLES -A FORWARD -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,143,993,6667,6667,543,544,389 -m state --state NEW -j Cid3FB8455E.0
$IPTABLES -A FORWARD -p tcp -m tcp -m multiport --dports 98,3306,2049,119,110,5432,515,26000,512,513,514,4321,25,465,1080 -m state --state NEW -j Cid3FB8455E.0
$IPTABLES -A FORWARD -p tcp -m tcp -m multiport --dports 3128,22,111,23,540,7100 -m state --state NEW -j Cid3FB8455E.0
$IPTABLES -N Cid3FB8455E.1
$IPTABLES -A Cid3FB8455E.0 -s 211.11.11.11 -j Cid3FB8455E.1
$IPTABLES -A Cid3FB8455E.0 -s 211.22.22.22 -j Cid3FB8455E.1
@ -1071,24 +1071,24 @@ script_body() {
#
$IPTABLES -N Cpol-firewall2-4.0
$IPTABLES -A OUTPUT -d 192.168.1.0/24 -m state --state NEW -j Cpol-firewall2-4.0
$IPTABLES -A Cpol-firewall2-4.0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.0 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.0 -p icmp -m icmp --icmp-type 11/0 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.0 -p icmp -m icmp --icmp-type 11/1 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.0 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.0 -m ip_conntrack_talk -m ip_nat_talk -j ACCEPT
$IPTABLES -N Cpol-firewall2-4.1
$IPTABLES -A INPUT -d 192.168.1.0/24 -m state --state NEW -j Cpol-firewall2-4.1
$IPTABLES -A Cpol-firewall2-4.1 -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.1 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.1 -p icmp -m icmp --icmp-type 11/0 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.1 -p icmp -m icmp --icmp-type 11/1 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.1 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.1 -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.1 -m ip_conntrack_talk -m ip_nat_talk -j ACCEPT
$IPTABLES -N Cpol-firewall2-4.2
$IPTABLES -A FORWARD -d 192.168.1.0/24 -m state --state NEW -j Cpol-firewall2-4.2
$IPTABLES -A Cpol-firewall2-4.2 -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.2 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.2 -p icmp -m icmp --icmp-type 11/0 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.2 -p icmp -m icmp --icmp-type 11/1 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.2 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.2 -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A Cpol-firewall2-4.2 -m ip_conntrack_talk -m ip_nat_talk -j ACCEPT
#
# Rule 47 (global)
@ -1098,17 +1098,17 @@ script_body() {
$IPTABLES -N Cid3CD8770E.0
$IPTABLES -A OUTPUT -d 192.168.1.11 -m state --state NEW -j Cid3CD8770E.0
$IPTABLES -A OUTPUT -d 192.168.1.12/30 -m state --state NEW -j Cid3CD8770E.0
$IPTABLES -A Cid3CD8770E.0 -p tcp -m tcp -m multiport --dports 113,80,25,22,540,443,143 -j ACCEPT
$IPTABLES -A Cid3CD8770E.0 -p tcp -m tcp -m multiport --dports 113,80,443,143,25,22,540 -j ACCEPT
$IPTABLES -A Cid3CD8770E.0 -m ip_conntrack_talk -m ip_nat_talk -j ACCEPT
$IPTABLES -N Cid3CD8770E.1
$IPTABLES -A INPUT -d 192.168.1.11 -m state --state NEW -j Cid3CD8770E.1
$IPTABLES -A INPUT -d 192.168.1.12/30 -m state --state NEW -j Cid3CD8770E.1
$IPTABLES -A Cid3CD8770E.1 -p tcp -m tcp -m multiport --dports 113,80,25,22,540,443,143 -j ACCEPT
$IPTABLES -A Cid3CD8770E.1 -p tcp -m tcp -m multiport --dports 113,80,443,143,25,22,540 -j ACCEPT
$IPTABLES -A Cid3CD8770E.1 -m ip_conntrack_talk -m ip_nat_talk -j ACCEPT
$IPTABLES -N Cid3CD8770E.2
$IPTABLES -A FORWARD -d 192.168.1.11 -m state --state NEW -j Cid3CD8770E.2
$IPTABLES -A FORWARD -d 192.168.1.12/30 -m state --state NEW -j Cid3CD8770E.2
$IPTABLES -A Cid3CD8770E.2 -p tcp -m tcp -m multiport --dports 113,80,25,22,540,443,143 -j ACCEPT
$IPTABLES -A Cid3CD8770E.2 -p tcp -m tcp -m multiport --dports 113,80,443,143,25,22,540 -j ACCEPT
$IPTABLES -A Cid3CD8770E.2 -m ip_conntrack_talk -m ip_nat_talk -j ACCEPT
#
# Rule 48 (global)
@ -1121,7 +1121,7 @@ script_body() {
$IPTABLES -A OUTPUT -d 192.168.1.13 -m state --state NEW -j Cid3CD87B1E.0
$IPTABLES -A OUTPUT -d 192.168.1.14 -m state --state NEW -j Cid3CD87B1E.0
$IPTABLES -A OUTPUT -d 192.168.1.15 -m state --state NEW -j Cid3CD87B1E.0
$IPTABLES -A Cid3CD87B1E.0 -p tcp -m tcp -m multiport --dports 113,80,25,22,540,443,143 -j ACCEPT
$IPTABLES -A Cid3CD87B1E.0 -p tcp -m tcp -m multiport --dports 113,80,443,143,25,22,540 -j ACCEPT
$IPTABLES -A Cid3CD87B1E.0 -m ip_conntrack_talk -m ip_nat_talk -j ACCEPT
$IPTABLES -N Cid3CD87B1E.1
$IPTABLES -A FORWARD -d 192.168.1.11 -m state --state NEW -j Cid3CD87B1E.1
@ -1129,7 +1129,7 @@ script_body() {
$IPTABLES -A FORWARD -d 192.168.1.13 -m state --state NEW -j Cid3CD87B1E.1
$IPTABLES -A FORWARD -d 192.168.1.14 -m state --state NEW -j Cid3CD87B1E.1
$IPTABLES -A FORWARD -d 192.168.1.15 -m state --state NEW -j Cid3CD87B1E.1
$IPTABLES -A Cid3CD87B1E.1 -p tcp -m tcp -m multiport --dports 113,80,25,22,540,443,143 -j ACCEPT
$IPTABLES -A Cid3CD87B1E.1 -p tcp -m tcp -m multiport --dports 113,80,443,143,25,22,540 -j ACCEPT
$IPTABLES -A Cid3CD87B1E.1 -m ip_conntrack_talk -m ip_nat_talk -j ACCEPT
#
# Rule 49 (global)
@ -1159,18 +1159,18 @@ script_body() {
# in the rule with a single service at all.
$IPTABLES -N Cid41D0F052.0
$IPTABLES -A OUTPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 10000:11000 -m state --state NEW -j Cid41D0F052.0
$IPTABLES -A OUTPUT -p tcp -m tcp -m multiport -s 192.168.1.0/24 --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -m state --state NEW -j Cid41D0F052.0
$IPTABLES -A OUTPUT -p tcp -m tcp -m multiport -s 192.168.1.0/24 --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -m state --state NEW -j Cid41D0F052.0
$IPTABLES -N RULE_50
$IPTABLES -A Cid41D0F052.0 -d 192.168.1.11 -j RULE_50
$IPTABLES -A Cid41D0F052.0 -d 192.168.1.12/30 -j RULE_50
$IPTABLES -N Cid41D0F052.1
$IPTABLES -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 10000:11000 -m state --state NEW -j Cid41D0F052.1
$IPTABLES -A INPUT -p tcp -m tcp -m multiport -s 192.168.1.0/24 --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -m state --state NEW -j Cid41D0F052.1
$IPTABLES -A INPUT -p tcp -m tcp -m multiport -s 192.168.1.0/24 --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -m state --state NEW -j Cid41D0F052.1
$IPTABLES -A Cid41D0F052.1 -d 192.168.1.11 -j RULE_50
$IPTABLES -A Cid41D0F052.1 -d 192.168.1.12/30 -j RULE_50
$IPTABLES -N Cid41D0F052.2
$IPTABLES -A FORWARD -p tcp -m tcp -s 192.168.1.0/24 --dport 10000:11000 -m state --state NEW -j Cid41D0F052.2
$IPTABLES -A FORWARD -p tcp -m tcp -m multiport -s 192.168.1.0/24 --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -m state --state NEW -j Cid41D0F052.2
$IPTABLES -A FORWARD -p tcp -m tcp -m multiport -s 192.168.1.0/24 --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -m state --state NEW -j Cid41D0F052.2
$IPTABLES -A Cid41D0F052.2 -d 192.168.1.11 -j RULE_50
$IPTABLES -A Cid41D0F052.2 -d 192.168.1.12/30 -j RULE_50
$IPTABLES -A RULE_50 -m limit --limit 5/second -j LOG --log-level 7 --log-prefix "CUSTOM LOGGING"
@ -1361,7 +1361,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:22 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:31 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:24 2011 PST by vadim
# Generated Sat Mar 12 19:40:32 2011 PST by vadim
#
# files: * firewall1.fw /etc/fw/firewall1.fw
#
@ -445,8 +445,8 @@ script_body() {
#
echo "Rule 16 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 5000 -d 22.22.22.23 --dport 5000:5010 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.23 --dport 4000:4010 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 5000 -d 22.22.22.23 --dport 5000:5010 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --sport 9000 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 6667,3128 -j DNAT --to-destination 192.168.1.10
#
@ -1252,7 +1252,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:24 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:32 2011 by vadim"
check_tools
check_run_time_address_table_files

4
test/ipt/firewall10.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:25 2011 PST by vadim
# Generated Sat Mar 12 19:40:32 2011 PST by vadim
#
# files: * firewall10.fw /etc/fw/firewall10.fw
#
@ -473,7 +473,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:25 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:32 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall11.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:27 2011 PST by vadim
# Generated Sat Mar 12 19:40:35 2011 PST by vadim
#
# files: * firewall11.fw /etc/fw/firewall11.fw
#
@ -589,7 +589,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:27 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:35 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall12.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:28 2011 PST by vadim
# Generated Sat Mar 12 19:40:35 2011 PST by vadim
#
# files: * firewall12.fw /etc/fw/firewall12.fw
#
@ -511,7 +511,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:28 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:35 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall13.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:29 2011 PST by vadim
# Generated Sat Mar 12 19:40:37 2011 PST by vadim
#
# files: * firewall13.fw /etc/fw/firewall13.fw
#
@ -385,7 +385,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:29 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:37 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall14.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:30 2011 PST by vadim
# Generated Sat Mar 12 19:40:37 2011 PST by vadim
#
# files: * firewall14.fw /etc/fw/firewall14.fw
#
@ -404,7 +404,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:30 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:37 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall15.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:32 2011 PST by vadim
# Generated Sat Mar 12 19:40:39 2011 PST by vadim
#
# files: * firewall15.fw /etc/fw/firewall15.fw
#
@ -388,7 +388,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:32 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:39 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall16.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:33 2011 PST by vadim
# Generated Sat Mar 12 19:40:39 2011 PST by vadim
#
# files: * firewall16.fw /etc/fw/firewall16.fw
#
@ -492,7 +492,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:33 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:39 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall17.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:35 2011 PST by vadim
# Generated Sat Mar 12 19:40:41 2011 PST by vadim
#
# files: * firewall17.fw /etc/fw/firewall17.fw
#
@ -471,7 +471,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:35 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall18.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:36 2011 PST by vadim
# Generated Sat Mar 12 19:40:41 2011 PST by vadim
#
# files: * firewall18.fw /etc/fw/firewall18.fw
#
@ -504,7 +504,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:36 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

12
test/ipt/firewall19.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:38 2011 PST by vadim
# Generated Sat Mar 12 19:40:43 2011 PST by vadim
#
# files: * firewall19.fw /etc/fw/firewall19.fw
#
@ -336,17 +336,17 @@ script_body() {
#
echo "Rule 1 (lo)"
#
$IPTABLES -A INPUT -i lo -d 66.66.66.1 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i lo -d 192.168.1.1 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i lo -d 66.66.66.130 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i lo -d 66.66.66.1 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i lo -d 127.0.0.1 -m state --state NEW -j ACCEPT
for i_ppp0 in $i_ppp0_list
do
test -n "$i_ppp0" && $IPTABLES -A INPUT -i lo -d $i_ppp0 -m state --state NEW -j ACCEPT
done
$IPTABLES -A OUTPUT -o lo -d 66.66.66.1 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o lo -d 192.168.1.1 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o lo -d 66.66.66.130 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o lo -d 66.66.66.1 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o lo -d 127.0.0.1 -m state --state NEW -j ACCEPT
for i_ppp0 in $i_ppp0_list
do
@ -438,10 +438,10 @@ script_body() {
#
echo "Rule 11 (global)"
#
$IPTABLES -A OUTPUT -p tcp -m tcp -d 127.0.0.1 --dport 3128 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp -d 66.66.66.130 --dport 3128 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -d 127.0.0.1 --dport 3128 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -m tcp -d 127.0.0.1 --dport 3128 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -d 66.66.66.130 --dport 3128 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp -d 127.0.0.1 --dport 3128 -m state --state NEW -j ACCEPT
#
# Rule 12 (global)
#
@ -508,7 +508,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:38 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:43 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

56
test/ipt/firewall2-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:47 2011 PST by vadim
# Generated Sat Mar 12 19:40:50 2011 PST by vadim
#
# files: * firewall2-1.fw /etc/fw/firewall2-1.fw
#
@ -350,6 +350,16 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
@ -360,16 +370,6 @@ script_body() {
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
@ -380,6 +380,16 @@ script_body() {
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
@ -390,16 +400,6 @@ script_body() {
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
@ -498,17 +498,17 @@ script_body() {
#
echo "Rule 11 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
@ -517,10 +517,10 @@ script_body() {
#
echo "Rule 12 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --destination-port 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 13 (NAT)
@ -1430,7 +1430,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:47 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:50 2011 by vadim"
check_tools
check_run_time_address_table_files

56
test/ipt/firewall2-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:51 2011 PST by vadim
# Generated Sat Mar 12 19:40:54 2011 PST by vadim
#
# files: * firewall2-2.fw /etc/fw/firewall2-2.fw
#
@ -349,6 +349,16 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
@ -359,16 +369,6 @@ script_body() {
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
@ -379,6 +379,16 @@ script_body() {
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
@ -389,16 +399,6 @@ script_body() {
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
@ -497,17 +497,17 @@ script_body() {
#
echo "Rule 11 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
@ -516,10 +516,10 @@ script_body() {
#
echo "Rule 12 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 13 (NAT)
@ -1259,7 +1259,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:51 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:54 2011 by vadim"
check_tools
check_run_time_address_table_files

56
test/ipt/firewall2-3.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:55 2011 PST by vadim
# Generated Sat Mar 12 19:40:55 2011 PST by vadim
#
# files: * firewall2-3.fw /etc/fw/firewall2-3.fw
#
@ -334,6 +334,16 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
@ -344,16 +354,6 @@ script_body() {
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
@ -364,6 +364,16 @@ script_body() {
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
@ -374,16 +384,6 @@ script_body() {
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
@ -482,17 +482,17 @@ script_body() {
#
echo "Rule 11 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
@ -501,10 +501,10 @@ script_body() {
#
echo "Rule 12 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 13 (NAT)
@ -1118,7 +1118,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:55 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:55 2011 by vadim"
check_tools
check_run_time_address_table_files

4
test/ipt/firewall2-4.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:59 2011 PST by vadim
# Generated Sat Mar 12 19:40:58 2011 PST by vadim
#
# files: * firewall2-4.fw /etc/fw/firewall2-4.fw
#
@ -424,7 +424,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:59 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:58 2011 by vadim"
check_tools
check_run_time_address_table_files

4
test/ipt/firewall2-5.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:02 2011 PST by vadim
# Generated Sat Mar 12 19:41:00 2011 PST by vadim
#
# files: * firewall2-5.fw /etc/fw/firewall2-5.fw
#
@ -455,7 +455,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:02 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:00 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-6.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:05 2011 PST by vadim
# Generated Sat Mar 12 19:41:02 2011 PST by vadim
#
# files: * firewall2-6.fw /etc/fw/firewall2-6.fw
#
@ -395,8 +395,8 @@ script_body() {
#
echo "Rule 16 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -i eth3 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -i eth1 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -i eth3 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10
#
# Rule 22 (NAT)
#
@ -482,7 +482,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:05 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:02 2011 by vadim"
check_tools
check_run_time_address_table_files

4
test/ipt/firewall2-7.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:09 2011 PST by vadim
# Generated Sat Mar 12 19:41:04 2011 PST by vadim
#
# files: * firewall2-7.fw /etc/fw/firewall2-7.fw
#
@ -424,7 +424,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:09 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:04 2011 by vadim"
check_tools
check_run_time_address_table_files

56
test/ipt/firewall2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:40 2011 PST by vadim
# Generated Sat Mar 12 19:40:45 2011 PST by vadim
#
# files: * firewall2.fw /etc/fw/firewall2.fw
#
@ -359,6 +359,16 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
@ -369,16 +379,6 @@ script_body() {
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
@ -389,6 +389,16 @@ script_body() {
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
@ -399,16 +409,6 @@ script_body() {
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
@ -520,17 +520,17 @@ script_body() {
#
echo "Rule 13 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 50 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p 88 -d 22.22.22.23 -j DNAT --to-destination 192.168.1.10
@ -539,10 +539,10 @@ script_body() {
#
echo "Rule 14 (NAT)"
#
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 11/1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 0/0 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p icmp -m icmp -d 22.22.22.23 --icmp-type 3 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -m multiport -d 22.22.22.23 --dports 80,119 -j DNAT --to-destination 192.168.1.10
#
# Rule 15 (NAT)
@ -1482,7 +1482,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:40 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:45 2011 by vadim"
check_tools
check_run_time_address_table_files

4
test/ipt/firewall20-ipv6.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:43 2011 PST by vadim
# Generated Sat Mar 12 19:40:47 2011 PST by vadim
#
# files: * firewall20-ipv6.fw /etc/fw/firewall20-ipv6.fw
#
@ -456,7 +456,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:43 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall20.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:41 2011 PST by vadim
# Generated Sat Mar 12 19:40:45 2011 PST by vadim
#
# files: * firewall20.fw /etc/fw/firewall20.fw
#
@ -674,7 +674,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:41 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall21-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:47 2011 PST by vadim
# Generated Sat Mar 12 19:40:49 2011 PST by vadim
#
# files: * firewall21-1.fw /etc/fw/firewall21-1.fw
#
@ -470,7 +470,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:47 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall21.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:44 2011 PST by vadim
# Generated Sat Mar 12 19:40:47 2011 PST by vadim
#
# files: * firewall21.fw /etc/fw/firewall21.fw
#
@ -469,7 +469,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:44 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall22.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:50 2011 PST by vadim
# Generated Sat Mar 12 19:40:51 2011 PST by vadim
#
# files: * firewall22.fw /etc/fw/firewall22.fw
#
@ -390,7 +390,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:50 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:51 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall23-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:56 2011 PST by vadim
# Generated Sat Mar 12 19:40:55 2011 PST by vadim
#
# files: * firewall23-1.fw /etc/fw/firewall23-1.fw
#
@ -561,7 +561,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:56 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:55 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall23.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:53 2011 PST by vadim
# Generated Sat Mar 12 19:40:53 2011 PST by vadim
#
# files: * firewall23.fw /etc/fw/firewall23.fw
#
@ -476,7 +476,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:53 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:53 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall24.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:49:58 2011 PST by vadim
# Generated Sat Mar 12 19:40:57 2011 PST by vadim
#
# files: * firewall24.fw /etc/fw/firewall24.fw
#
@ -493,7 +493,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:49:58 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall25.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:02 2011 PST by vadim
# Generated Sat Mar 12 19:40:59 2011 PST by vadim
#
# files: * firewall25.fw /etc/fw/firewall25.fw
#
@ -689,7 +689,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:02 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:40:59 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall26.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:05 2011 PST by vadim
# Generated Sat Mar 12 19:41:02 2011 PST by vadim
#
# files: * firewall26.fw /etc/fw/firewall26.fw
#
@ -562,7 +562,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:05 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:02 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall27.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:08 2011 PST by vadim
# Generated Sat Mar 12 19:41:04 2011 PST by vadim
#
# files: * firewall27.fw /etc/fw/firewall27.fw
#
@ -546,7 +546,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:08 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:04 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall28.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:11 2011 PST by vadim
# Generated Sat Mar 12 19:41:06 2011 PST by vadim
#
# files: * firewall28.fw /etc/fw/firewall28.fw
#
@ -409,7 +409,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:11 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:06 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

24
test/ipt/firewall29.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:12 2011 PST by vadim
# Generated Sat Mar 12 19:41:06 2011 PST by vadim
#
# files: * firewall29.fw /etc/fw/firewall29.fw
#
@ -300,14 +300,14 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
for i_eth0_200 in $i_eth0_200_list
do
test -n "$i_eth0_200" && $IPTABLES -t nat -A PREROUTING -d $i_eth0_200 -j DNAT --to-destination 192.168.1.10
done
for i_eth0_100 in $i_eth0_100_list
do
test -n "$i_eth0_100" && $IPTABLES -t nat -A PREROUTING -d $i_eth0_100 -j DNAT --to-destination 192.168.1.10
done
for i_eth0_200 in $i_eth0_200_list
do
test -n "$i_eth0_200" && $IPTABLES -t nat -A PREROUTING -d $i_eth0_200 -j DNAT --to-destination 192.168.1.10
done
@ -326,23 +326,23 @@ script_body() {
#
echo "Rule 1 (global)"
#
for i_eth0_200 in $i_eth0_200_list
do
test -n "$i_eth0_200" && $IPTABLES -A INPUT -s $i_eth0_200 -m state --state NEW -j ACCEPT
done
for i_eth0_100 in $i_eth0_100_list
do
test -n "$i_eth0_100" && $IPTABLES -A INPUT -s $i_eth0_100 -m state --state NEW -j ACCEPT
done
$IPTABLES -A INPUT -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
for i_eth0_200 in $i_eth0_200_list
do
test -n "$i_eth0_200" && $IPTABLES -A OUTPUT -s $i_eth0_200 -m state --state NEW -j ACCEPT
test -n "$i_eth0_200" && $IPTABLES -A INPUT -s $i_eth0_200 -m state --state NEW -j ACCEPT
done
$IPTABLES -A INPUT -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
for i_eth0_100 in $i_eth0_100_list
do
test -n "$i_eth0_100" && $IPTABLES -A OUTPUT -s $i_eth0_100 -m state --state NEW -j ACCEPT
done
for i_eth0_200 in $i_eth0_200_list
do
test -n "$i_eth0_200" && $IPTABLES -A OUTPUT -s $i_eth0_200 -m state --state NEW -j ACCEPT
done
$IPTABLES -A OUTPUT -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
#
@ -440,7 +440,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:12 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:06 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall3.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:14 2011 PST by vadim
# Generated Sat Mar 12 19:41:09 2011 PST by vadim
#
# files: * firewall3.fw /etc/fw/firewall3.fw
#
@ -520,8 +520,8 @@ script_body() {
#
# this rule should go only to the FORWARD
# chain but should have "-i eth" clause
$IPTABLES -A FORWARD -i eth1 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i eth2 -m state --state NEW -j ACCEPT
}
@ -578,7 +578,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:14 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:09 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall30.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:15 2011 PST by vadim
# Generated Sat Mar 12 19:41:09 2011 PST by vadim
#
# files: * firewall30.fw /etc/fw/firewall30.fw
#
@ -375,7 +375,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:15 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:09 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall31.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:17 2011 PST by vadim
# Generated Sat Mar 12 19:41:11 2011 PST by vadim
#
# files: * firewall31.fw /etc/fw/firewall31.fw
#
@ -445,7 +445,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:17 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:11 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall32.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:18 2011 PST by vadim
# Generated Sat Mar 12 19:41:11 2011 PST by vadim
#
# files: * firewall32.fw /etc/fw/firewall32.fw
#
@ -416,7 +416,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:18 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:11 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall33-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:24 2011 PST by vadim
# Generated Sat Mar 12 19:41:17 2011 PST by vadim
#
# files: * firewall33-1.fw /etc/fw/firewall33-1.fw
#
@ -395,11 +395,11 @@ script_body() {
#
$IPTABLES -N Cid438728A918346.0
$IPTABLES -A Policy -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.16 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.17 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.18 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.19 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.20 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.48 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.49 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.50 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.51 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.52 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN
@ -525,7 +525,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:24 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:17 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall33.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:24 2011 PST by vadim
# Generated Sat Mar 12 19:41:17 2011 PST by vadim
#
# files: * firewall33.fw /etc/fw/firewall33.fw
#
@ -443,11 +443,11 @@ script_body() {
$IPTABLES -A OUTPUT -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A INPUT -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A FORWARD -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.16 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.17 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.18 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.19 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.20 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.48 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.49 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.50 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.51 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.52 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN
@ -572,7 +572,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:24 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:17 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall34.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:28 2011 PST by vadim
# Generated Sat Mar 12 19:41:20 2011 PST by vadim
#
# files: * firewall34.fw /etc/fw/firewall34.fw
#
@ -648,7 +648,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:28 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:20 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall35.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:28 2011 PST by vadim
# Generated Sat Mar 12 19:41:20 2011 PST by vadim
#
# files: * firewall35.fw /etc/fw/firewall35.fw
#
@ -540,7 +540,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:28 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:20 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall36-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:31 2011 PST by vadim
# Generated Sat Mar 12 19:41:22 2011 PST by vadim
#
# files: * firewall36-1.fw /etc/firewall36-1.fw
#
@ -433,7 +433,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:31 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall36-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:34 2011 PST by vadim
# Generated Sat Mar 12 19:41:24 2011 PST by vadim
#
# files: * firewall36-2.fw /etc/firewall36-2.fw
#
@ -433,7 +433,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:34 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall36.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:31 2011 PST by vadim
# Generated Sat Mar 12 19:41:22 2011 PST by vadim
#
# files: * firewall36.fw /etc/firewall36.fw
#
@ -535,7 +535,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:31 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall37-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:37 2011 PST by vadim
# Generated Sat Mar 12 19:41:26 2011 PST by vadim
#
# files: * firewall37-1.fw /etc/fw/firewall37-1.fw
#
@ -567,7 +567,7 @@ script_body() {
$IPTABLES -t mangle -A Cid45AB5BC825451.0 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A Cid45AB5BC825451.0 -j ACCEPT
$IPTABLES -N Cid45AB5BC825451.1 -t mangle
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -j Cid45AB5BC825451.1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j Cid45AB5BC825451.1
$IPTABLES -t mangle -A Cid45AB5BC825451.1 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A Cid45AB5BC825451.1 -j ACCEPT
$IPTABLES -N Cid45AB5BC825451.2 -t mangle
@ -646,7 +646,7 @@ script_body() {
$IPTABLES -t mangle -A Cid45AB5C1425451.0 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A Cid45AB5C1425451.0 -j ACCEPT
$IPTABLES -N Cid45AB5C1425451.1 -t mangle
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -j Cid45AB5C1425451.1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j Cid45AB5C1425451.1
$IPTABLES -t mangle -A Cid45AB5C1425451.1 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A Cid45AB5C1425451.1 -j ACCEPT
$IPTABLES -N Cid45AB5C1425451.2 -t mangle
@ -769,7 +769,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:37 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:26 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall37.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:39 2011 PST by vadim
# Generated Sat Mar 12 19:41:28 2011 PST by vadim
#
# files: * firewall37.fw /etc/fw/firewall37.fw
#
@ -798,7 +798,7 @@ script_body() {
$IPTABLES -t mangle -A Cid459A875F19324.0 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A Cid459A875F19324.0 -j ACCEPT
$IPTABLES -N Cid459A875F19324.1 -t mangle
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 6667,3128,113,53,21,80,119,25,22,23,540,70,13,2105,443 -j Cid459A875F19324.1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j Cid459A875F19324.1
$IPTABLES -t mangle -A Cid459A875F19324.1 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A Cid459A875F19324.1 -j ACCEPT
$IPTABLES -N Cid459A875F19324.2 -t mangle
@ -1050,7 +1050,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:39 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:28 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall38.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:40 2011 PST by vadim
# Generated Sat Mar 12 19:41:28 2011 PST by vadim
#
# files: * firewall38.fw /etc/fw/firewall38.fw
#
@ -498,7 +498,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:40 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:28 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall39.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:46 2011 PST by vadim
# Generated Sat Mar 12 19:41:30 2011 PST by vadim
#
# files: * firewall39.fw /etc/fw/firewall39.fw
#
@ -895,7 +895,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:46 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:30 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall4.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:43 2011 PST by vadim
# Generated Sat Mar 12 19:41:30 2011 PST by vadim
#
# files: * firewall4.fw /etc/fw/firewall4.fw
#
@ -710,7 +710,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:43 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:30 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall40-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:50 2011 PST by vadim
# Generated Sat Mar 12 19:41:32 2011 PST by vadim
#
# files: * firewall40-1.fw /etc/firewall40-1.fw
#
@ -450,7 +450,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:50 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:32 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall40-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:50 2011 PST by vadim
# Generated Sat Mar 12 19:41:34 2011 PST by vadim
#
# files: * firewall40-2.fw /etc/firewall40-2.fw
#
@ -437,7 +437,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:50 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:34 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall40.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:46 2011 PST by vadim
# Generated Sat Mar 12 19:41:32 2011 PST by vadim
#
# files: * firewall40.fw /etc/firewall40.fw
#
@ -439,7 +439,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:46 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:32 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall41-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:53 2011 PST by vadim
# Generated Sat Mar 12 19:41:36 2011 PST by vadim
#
# files: * firewall41-1.fw /etc/firewall41-1.fw
#
@ -575,7 +575,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:53 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall41.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:53 2011 PST by vadim
# Generated Sat Mar 12 19:41:35 2011 PST by vadim
#
# files: * firewall41.fw /etc/firewall41.fw
#
@ -451,7 +451,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:53 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:35 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall42.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:57 2011 PST by vadim
# Generated Sat Mar 12 19:41:39 2011 PST by vadim
#
# files: * firewall42.fw /etc/fw/firewall42.fw
#
@ -382,7 +382,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:50:57 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:39 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall5.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:00 2011 PST by vadim
# Generated Sat Mar 12 19:41:39 2011 PST by vadim
#
# files: * firewall5.fw /etc/fw/firewall5.fw
#
@ -376,10 +376,10 @@ script_body() {
echo "Rule 2 (ppp1,ppp0)"
#
$IPTABLES -N Cid212010X42308.0
$IPTABLES -A INPUT -i ppp1 -j Cid212010X42308.0
$IPTABLES -A INPUT -i ppp0 -j Cid212010X42308.0
$IPTABLES -A FORWARD -i ppp1 -j Cid212010X42308.0
$IPTABLES -A INPUT -i ppp1 -j Cid212010X42308.0
$IPTABLES -A FORWARD -i ppp0 -j Cid212010X42308.0
$IPTABLES -A FORWARD -i ppp1 -j Cid212010X42308.0
for i_ppp0 in $i_ppp0_list
do
test -n "$i_ppp0" && $IPTABLES -A Cid212010X42308.0 -s $i_ppp0 -j RETURN
@ -622,7 +622,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:00 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:39 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall50.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:01 2011 PST by vadim
# Generated Sat Mar 12 19:41:41 2011 PST by vadim
#
# files: * firewall50.fw /etc/fw/firewall50.fw
#
@ -407,7 +407,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:01 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall51.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:06 2011 PST by vadim
# Generated Sat Mar 12 19:41:41 2011 PST by vadim
#
# files: * firewall51.fw /etc/fw/firewall51.fw
#
@ -491,7 +491,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:06 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall6.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:04 2011 PST by vadim
# Generated Sat Mar 12 19:41:43 2011 PST by vadim
#
# files: * firewall6.fw /etc/fw/firewall6.fw
#
@ -513,7 +513,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:04 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:43 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall60.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:07 2011 PST by vadim
# Generated Sat Mar 12 19:41:43 2011 PST by vadim
#
# files: * firewall60.fw /etc/firewall60.fw
#
@ -419,7 +419,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:07 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:43 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall61-1.2.5.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:10 2011 PST by vadim
# Generated Sat Mar 12 19:41:45 2011 PST by vadim
#
# files: * firewall61-1.2.5.fw /etc/firewall61-1.2.5.fw
#
@ -499,7 +499,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:10 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall61-1.2.6.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:11 2011 PST by vadim
# Generated Sat Mar 12 19:41:45 2011 PST by vadim
#
# files: * firewall61-1.2.6.fw /etc/firewall61-1.2.6.fw
#
@ -505,7 +505,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:11 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall61-1.3.x.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:14 2011 PST by vadim
# Generated Sat Mar 12 19:41:47 2011 PST by vadim
#
# files: * firewall61-1.3.x.fw /etc/firewall61-1.3.x.fw
#
@ -492,7 +492,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:14 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall61-1.4.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:14 2011 PST by vadim
# Generated Sat Mar 12 19:41:47 2011 PST by vadim
#
# files: * firewall61-1.4.fw /etc/firewall61-1.4.fw
#
@ -493,7 +493,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:14 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

12
test/ipt/firewall62.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:17 2011 PST by vadim
# Generated Sat Mar 12 19:41:49 2011 PST by vadim
#
# files: * firewall62.fw /etc/firewall62.fw
#
@ -421,8 +421,8 @@ script_body() {
# bug 2186568
# firewall62:Policy:10: warning: Iptables does not support module 'owner' in a chain other than OUTPUT
$IPTABLES -A OUTPUT -m owner --uid-owner 500 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -m owner --uid-owner 2000 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -m owner --uid-owner 500 -m state --state NEW -j ACCEPT
#
# Rule 11 (global)
#
@ -432,8 +432,8 @@ script_body() {
# firewall62:Policy:11: warning: Iptables does not support module 'owner' in a chain other than OUTPUT
$IPTABLES -N Cid55369X1137.0
$IPTABLES -A OUTPUT -m owner --uid-owner 500 -m state --state NEW -j Cid55369X1137.0
$IPTABLES -A OUTPUT -m owner --uid-owner 2000 -m state --state NEW -j Cid55369X1137.0
$IPTABLES -A OUTPUT -m owner --uid-owner 500 -m state --state NEW -j Cid55369X1137.0
$IPTABLES -A Cid55369X1137.0 -d 192.168.1.1 -j ACCEPT
$IPTABLES -A Cid55369X1137.0 -d 222.222.222.222 -j ACCEPT
#
@ -467,8 +467,8 @@ script_body() {
$IPTABLES -A INPUT -s 192.168.1.1 -m state --state NEW -j Cid124556X1137.0
$IPTABLES -A INPUT -s 222.222.222.222 -m state --state NEW -j Cid124556X1137.0
$IPTABLES -A OUTPUT -m state --state NEW -j Cid124556X1137.0
$IPTABLES -A Cid124556X1137.0 -m owner --uid-owner 500 -j RETURN
$IPTABLES -A Cid124556X1137.0 -m owner --uid-owner 2000 -j RETURN
$IPTABLES -A Cid124556X1137.0 -m owner --uid-owner 500 -j RETURN
$IPTABLES -A Cid124556X1137.0 -j ACCEPT
#
# Rule 15 (global)
@ -480,8 +480,8 @@ script_body() {
$IPTABLES -A OUTPUT -d 192.168.1.1 -m state --state NEW -j Cid124573X1137.0
$IPTABLES -A OUTPUT -d 222.222.222.222 -m state --state NEW -j Cid124573X1137.0
$IPTABLES -A INPUT -m state --state NEW -j Cid124573X1137.0
$IPTABLES -A Cid124573X1137.0 -m owner --uid-owner 500 -j RETURN
$IPTABLES -A Cid124573X1137.0 -m owner --uid-owner 2000 -j RETURN
$IPTABLES -A Cid124573X1137.0 -m owner --uid-owner 500 -j RETURN
$IPTABLES -A Cid124573X1137.0 -j ACCEPT
#
# Rule 16 (global)
@ -569,7 +569,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:17 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall63.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:17 2011 PST by vadim
# Generated Sat Mar 12 19:41:49 2011 PST by vadim
#
# files: * firewall63.fw /etc/firewall63.fw
#
@ -389,7 +389,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:17 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall7.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:19 2011 PST by vadim
# Generated Sat Mar 12 19:41:51 2011 PST by vadim
#
# files: * firewall7.fw /etc/fw/firewall7.fw
#
@ -473,7 +473,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:19 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:51 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall70.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:21 2011 PST by vadim
# Generated Sat Mar 12 19:41:51 2011 PST by vadim
#
# files: * firewall70.fw iptables.sh
#
@ -412,7 +412,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:21 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:51 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall71.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:23 2011 PST by vadim
# Generated Sat Mar 12 19:41:53 2011 PST by vadim
#
# files: * firewall71.fw /etc/fw/firewall71.fw
#
@ -428,7 +428,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:23 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:53 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall72-1.3.x.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:24 2011 PST by vadim
# Generated Sat Mar 12 19:41:53 2011 PST by vadim
#
# files: * firewall72-1.3.x.fw /etc/fw/firewall72-1.3.x.fw
#
@ -560,7 +560,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:24 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:53 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall72-1.4.3.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:26 2011 PST by vadim
# Generated Sat Mar 12 19:41:55 2011 PST by vadim
#
# files: * firewall72-1.4.3.fw /etc/fw/firewall72-1.4.3.fw
#
@ -560,7 +560,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:26 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:55 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall73.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:27 2011 PST by vadim
# Generated Sat Mar 12 19:41:55 2011 PST by vadim
#
# files: * firewall73.fw /etc/fw/firewall73.fw
#
@ -523,7 +523,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:27 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:55 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall74.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:29 2011 PST by vadim
# Generated Sat Mar 12 19:41:57 2011 PST by vadim
#
# files: * firewall74.fw /etc/fw/firewall74.fw
#
@ -375,7 +375,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:29 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall8.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:30 2011 PST by vadim
# Generated Sat Mar 12 19:41:57 2011 PST by vadim
#
# files: * firewall8.fw /etc/fw/firewall8.fw
#
@ -358,7 +358,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:30 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall80.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:32 2011 PST by vadim
# Generated Sat Mar 12 19:41:59 2011 PST by vadim
#
# files: * firewall80.fw /etc/fw/firewall80.fw
#
@ -399,7 +399,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:32 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:59 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall81.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:34 2011 PST by vadim
# Generated Sat Mar 12 19:41:59 2011 PST by vadim
#
# files: * firewall81.fw /etc/fw/firewall81.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:34 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:59 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall82.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:36 2011 PST by vadim
# Generated Sat Mar 12 19:42:01 2011 PST by vadim
#
# files: * firewall82.fw /etc/firewall82.fw
#
@ -411,7 +411,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:36 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:01 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall82_A.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:37 2011 PST by vadim
# Generated Sat Mar 12 19:42:02 2011 PST by vadim
#
# files: * firewall82_A.fw /etc/fw/firewall82_A.fw
#
@ -400,7 +400,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:37 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:02 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall82_B.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:39 2011 PST by vadim
# Generated Sat Mar 12 19:42:03 2011 PST by vadim
#
# files: * firewall82_B.fw /etc/fw/firewall82_B.fw
#
@ -363,7 +363,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:39 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:03 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall9.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:40 2011 PST by vadim
# Generated Sat Mar 12 19:42:04 2011 PST by vadim
#
# files: * firewall9.fw /etc/fw/firewall9.fw
#
@ -621,7 +621,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:40 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:04 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall90.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:41 2011 PST by vadim
# Generated Sat Mar 12 19:42:05 2011 PST by vadim
#
# files: * firewall90.fw /etc/fw/firewall90.fw
#
@ -383,7 +383,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:41 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:05 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall91.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:43 2011 PST by vadim
# Generated Sat Mar 12 19:42:06 2011 PST by vadim
#
# files: * firewall91.fw /etc/fw/firewall91.fw
#
@ -383,7 +383,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:43 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:06 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall92.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:45 2011 PST by vadim
# Generated Sat Mar 12 19:42:07 2011 PST by vadim
#
# files: * firewall92.fw /etc/fw/firewall92.fw
#
@ -419,7 +419,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:45 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:07 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/firewall93.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:51:47 2011 PST by vadim
# Generated Sat Mar 12 19:42:08 2011 PST by vadim
#
# files: * firewall93.fw /etc/fw/firewall93.fw
#
@ -458,7 +458,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:51:47 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:08 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/fw-A.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:33 2011 PST by vadim
# Generated Sat Mar 12 19:42:41 2011 PST by vadim
#
# files: * fw-A.fw /sw/FWbuilder/fw-A.fw
#
@ -724,7 +724,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:33 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/fw1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:33 2011 PST by vadim
# Generated Sat Mar 12 19:42:39 2011 PST by vadim
#
# files: * fw1.fw /etc/fw1.fw
#
@ -525,7 +525,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:33 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:39 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/fwbuilder.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:50:57 2011 PST by vadim
# Generated Sat Mar 12 19:41:37 2011 PST by vadim
#
# files: * fwbuilder.fw /etc/init.d/fwbuilder.fw
#
@ -483,7 +483,7 @@ status_action() {
}
start() {
log "Activating firewall script generated Thu Mar 10 21:50:57 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:41:37 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:45 2011 PST by vadim
# Generated Sat Mar 12 19:42:48 2011 PST by vadim
#
# files: * heartbeat_cluster_1_d_linux-1-d.fw firewall.sh
#
@ -722,7 +722,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:45 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:46 2011 PST by vadim
# Generated Sat Mar 12 19:42:48 2011 PST by vadim
#
# files: * heartbeat_cluster_1_d_linux-2-d.fw firewall.sh
#
@ -726,7 +726,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:46 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/heartbeat_cluster_1_linux-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:44 2011 PST by vadim
# Generated Sat Mar 12 19:42:48 2011 PST by vadim
#
# files: * heartbeat_cluster_1_linux-1.fw /etc/heartbeat_cluster_1_linux-1.fw
#
@ -843,7 +843,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:44 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/heartbeat_cluster_1_linux-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:45 2011 PST by vadim
# Generated Sat Mar 12 19:42:48 2011 PST by vadim
#
# files: * heartbeat_cluster_1_linux-2.fw /etc/heartbeat_cluster_1_linux-2.fw
#
@ -741,7 +741,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:45 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/heartbeat_cluster_2_linux-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:46 2011 PST by vadim
# Generated Sat Mar 12 19:42:48 2011 PST by vadim
#
# files: * heartbeat_cluster_2_linux-1.fw /etc/heartbeat_cluster_2_linux-1.fw
#
@ -707,7 +707,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:46 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/heartbeat_cluster_2_linux-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:46 2011 PST by vadim
# Generated Sat Mar 12 19:42:48 2011 PST by vadim
#
# files: * heartbeat_cluster_2_linux-2.fw /etc/heartbeat_cluster_2_linux-2.fw
#
@ -620,7 +620,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:46 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/host.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:36 2011 PST by vadim
# Generated Sat Mar 12 19:42:41 2011 PST by vadim
#
# files: * host.fw /etc/fw/host.fw
#
@ -422,7 +422,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:36 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/openais_cluster_1_linux-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:47 2011 PST by vadim
# Generated Sat Mar 12 19:42:48 2011 PST by vadim
#
# files: * openais_cluster_1_linux-1.fw /etc/openais_cluster_1_linux-1.fw
#
@ -707,7 +707,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:47 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/openais_cluster_1_linux-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:47 2011 PST by vadim
# Generated Sat Mar 12 19:42:48 2011 PST by vadim
#
# files: * openais_cluster_1_linux-2.fw /etc/openais_cluster_1_linux-2.fw
#
@ -611,7 +611,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:47 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

2
test/ipt/rc.firewall.local
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Sat Mar 12 15:36:58 2011 PST by vadim
# Generated Sat Mar 12 19:42:43 2011 PST by vadim
#
# files: * rc.firewall.local /etc/rc.d//rc.firewall.local
#

16
test/ipt/rh90.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:39 2011 PST by vadim
# Generated Sat Mar 12 19:42:43 2011 PST by vadim
#
# files: * rh90.fw /etc/rh90.fw
#
@ -336,17 +336,17 @@ script_body() {
# types; ping request
$IPTABLES -N Cid41528C32.0
$IPTABLES -A OUTPUT -d 10.3.14.58 -m state --state NEW -j Cid41528C32.0
$IPTABLES -A Cid41528C32.0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A Cid41528C32.0 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
$IPTABLES -A Cid41528C32.0 -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
$IPTABLES -A Cid41528C32.0 -p icmp -m icmp --icmp-type 11/0 -j ACCEPT
$IPTABLES -A Cid41528C32.0 -p icmp -m icmp --icmp-type 11/1 -j ACCEPT
$IPTABLES -A Cid41528C32.0 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
$IPTABLES -A Cid41528C32.0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A Cid41528C32.0 -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
$IPTABLES -A Cid41528C32.0 -p tcp -m tcp --dport 22 -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 0/0 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 8/0 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 11/0 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 11/1 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 0/0 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 8/0 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
#
# Rule 3 (global)
@ -421,7 +421,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:39 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:43 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/secuwall_cluster_1_secuwall-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:47 2011 PST by vadim
# Generated Sat Mar 12 19:42:49 2011 PST by vadim
#
# files: * secuwall_cluster_1_secuwall-1.fw /etc/secuwall_cluster_1_secuwall-1.fw
#
@ -405,7 +405,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:47 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:49 2011 by vadim"
log "Database was cluster-tests.fwb"
check_tools
check_run_time_address_table_files

4
test/ipt/server-cluster-1_server-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:48 2011 PST by vadim
# Generated Sat Mar 12 19:42:49 2011 PST by vadim
#
# files: * server-cluster-1_server-1.fw /etc/fw/server-cluster-1_server-1.fw
#
@ -400,7 +400,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:48 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/server-cluster-1_server-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:48 2011 PST by vadim
# Generated Sat Mar 12 19:42:49 2011 PST by vadim
#
# files: * server-cluster-1_server-2.fw /etc/fw/server-cluster-1_server-2.fw
#
@ -397,7 +397,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:48 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/test-shadowing-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:42 2011 PST by vadim
# Generated Sat Mar 12 19:42:45 2011 PST by vadim
#
# files: * test-shadowing-1.fw /etc/test-shadowing-1.fw
#
@ -471,7 +471,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:42 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/test-shadowing-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:43 2011 PST by vadim
# Generated Sat Mar 12 19:42:47 2011 PST by vadim
#
# files: * test-shadowing-2.fw /etc/test-shadowing-2.fw
#
@ -429,7 +429,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:43 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/test-shadowing-3.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:47 2011 PST by vadim
# Generated Sat Mar 12 19:42:47 2011 PST by vadim
#
# files: * test-shadowing-3.fw /etc/test-shadowing-3.fw
#
@ -478,7 +478,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:47 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/test_fw.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:40 2011 PST by vadim
# Generated Sat Mar 12 19:42:45 2011 PST by vadim
#
# files: * test_fw.fw /etc/test_fw.fw
#
@ -570,7 +570,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:40 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/vrrp_cluster_1_linux-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:48 2011 PST by vadim
# Generated Sat Mar 12 19:42:49 2011 PST by vadim
#
# files: * vrrp_cluster_1_linux-1.fw /etc/vrrp_cluster_1_linux-1.fw
#
@ -710,7 +710,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:48 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/vrrp_cluster_1_linux-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:48 2011 PST by vadim
# Generated Sat Mar 12 19:42:49 2011 PST by vadim
#
# files: * vrrp_cluster_1_linux-2.fw /etc/vrrp_cluster_1_linux-2.fw
#
@ -615,7 +615,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:48 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/vrrp_cluster_2_linux-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:48 2011 PST by vadim
# Generated Sat Mar 12 19:42:49 2011 PST by vadim
#
# files: * vrrp_cluster_2_linux-1.fw /etc/vrrp_cluster_2_linux-1.fw
#
@ -642,7 +642,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:48 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/vrrp_cluster_2_linux-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:49 2011 PST by vadim
# Generated Sat Mar 12 19:42:49 2011 PST by vadim
#
# files: * vrrp_cluster_2_linux-2.fw /etc/vrrp_cluster_2_linux-2.fw
#
@ -547,7 +547,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:49 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/vrrp_cluster_2_linux-3.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_ipt v4.2.0.3499
#
# Generated Thu Mar 10 21:52:49 2011 PST by vadim
# Generated Sat Mar 12 19:42:49 2011 PST by vadim
#
# files: * vrrp_cluster_2_linux-3.fw /etc/vrrp_cluster_2_linux-3.fw
#
@ -523,7 +523,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu Mar 10 21:52:49 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:42:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/pf/firewall-base-rulesets.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:44:17 2011 PST by vadim
# Generated Sat Mar 12 19:45:27 2011 PST by vadim
#
# files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
# files: firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf
@ -169,7 +169,7 @@ configure_interfaces() {
update_addresses_of_interface "en2 192.168.100.1/0xffffff00" ""
}
log "Activating firewall script generated Sat Mar 12 15:44:17 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:45:27 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall-ipv6-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:44:18 2011 PST by vadim
# Generated Sat Mar 12 19:45:28 2011 PST by vadim
#
# files: * firewall-ipv6-1.fw pf-ipv6.fw
# files: firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf
@ -181,7 +181,7 @@ configure_interfaces() {
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Sat Mar 12 15:44:18 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:45:28 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall-ipv6-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:44:18 2011 PST by vadim
# Generated Sat Mar 12 19:45:28 2011 PST by vadim
#
# files: * firewall-ipv6-2.fw pf.fw
# files: firewall-ipv6-2.conf pf.conf
@ -185,7 +185,7 @@ configure_interfaces() {
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Sat Mar 12 15:44:18 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:45:28 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall-ipv6-3.fw.orig
View File

@ -3,7 +3,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:44:18 2011 PST by vadim
# Generated Sat Mar 12 19:45:28 2011 PST by vadim
#
# files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
# files: firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf

8
test/pf/firewall.conf.orig
View File

@ -89,16 +89,16 @@ pass quick inet proto tcp from <tbl.r9.s> to 192.168.1.10 port 53 flags S/SA
#
# Rule 10 (global)
pass quick inet proto tcp from 33.33.33.0/24 port 20 to 192.168.1.10 port >= 1024 flags S/SA modulate state label "RULE 10 - ACCEPT"
pass quick inet proto tcp from 33.33.33.0/24 to 192.168.1.10 port { 113, 80, 25, 22, 540, 443, 143 } flags S/SA modulate state label "RULE 10 - ACCEPT"
pass quick inet proto tcp from 33.33.33.0/24 to 192.168.1.10 port { 113, 80, 443, 143, 25, 22, 540 } flags S/SA modulate state label "RULE 10 - ACCEPT"
#
# Rule 11 (global)
pass quick inet proto tcp from any to 192.168.1.10 port { 9999 >< 11001, 6667, 3128, 113, 53, 21, 80, 119, 25, 22, 23, 540, 70, 13, 2105, 443, 143, 993, 6667, 543, 544, 389, 98, 3306, 2049, 110, 5432, 515, 26000, 512, 513, 514, 4321, 465, 1080, 111, 7100 } flags S/SA modulate state ( max-src-nodes 10, max-src-states 10, max-src-conn-rate 3/15 ) label "RULE 11 - ACCEPT"
pass quick inet proto tcp from any to 192.168.1.10 port { 113, 13, 53, 2105, 21, 70, 80, 443, 143, 993, 6667, 6667, 543, 544, 389, 98, 3306, 2049, 119, 110, 5432, 515, 26000, 512, 513, 514, 4321, 25, 465, 1080, 3128, 22, 111, 23, 9999 >< 11001, 540, 7100 } flags S/SA modulate state ( max-src-nodes 10, max-src-states 10, max-src-conn-rate 3/15 ) label "RULE 11 - ACCEPT"
#
# Rule 12 (global)
pass quick inet proto tcp from any to <tbl.r12.d> port { 113, 80, 25, 22, 540, 443, 143, 3128 } flags S/SA modulate state ( max 10, max-src-nodes 75, max-src-states 2 ) label "RULE 12 - ACCEPT"
pass quick inet proto tcp from any to <tbl.r12.d> port { 113, 80, 443, 143, 25, 3128, 22, 540 } flags S/SA modulate state ( max 10, max-src-nodes 75, max-src-states 2 ) label "RULE 12 - ACCEPT"
#
# Rule 14 (global)
pass quick inet proto icmp from any to 192.168.1.0/24 icmp-type { 11 code 0 , 11 code 1 , 0 code 0 , 3 } keep state label "RULE 14 - ACCEPT"
pass quick inet proto icmp from any to 192.168.1.0/24 icmp-type { 3 , 0 code 0 , 11 code 0 , 11 code 1 } keep state label "RULE 14 - ACCEPT"
pass quick inet proto tcp from any to 192.168.1.0/24 port 3128 flags S/SA modulate state label "RULE 14 - ACCEPT"
#
# Rule 16 (global)

4
test/pf/firewall.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:43:54 2011 PST by vadim
# Generated Sat Mar 12 19:45:04 2011 PST by vadim
#
# files: * firewall.fw /etc/pf.fw
# files: firewall.conf /etc/pf.conf
@ -173,7 +173,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Sat Mar 12 15:43:54 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:45:04 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:43:55 2011 PST by vadim
# Generated Sat Mar 12 19:45:05 2011 PST by vadim
#
# files: * firewall1.fw /etc/fw/firewall1.fw
# files: firewall1.conf /etc/fw/firewall1.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Sat Mar 12 15:43:55 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:45:05 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-1.conf.orig
View File

@ -15,7 +15,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 flags S/SA keep state
#
# Rule 0 (eth0)
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 22, 80 } flags S/SA keep state
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } flags S/SA keep state
#
# Rule 1 (lo0)
pass quick on lo0 inet from any to any

4
test/pf/firewall10-1.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:43:56 2011 PST by vadim
# Generated Sat Mar 12 19:45:06 2011 PST by vadim
#
# files: * firewall10-1.fw /etc/fw/firewall10-1.fw
# files: firewall10-1.conf /etc/fw/firewall10-1.conf
@ -74,7 +74,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Sat Mar 12 15:43:56 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:45:06 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-2.conf.orig
View File

@ -16,7 +16,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 modulate state
#
# Rule 0 (eth0)
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 22, 80 } modulate state
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } modulate state
#
# Rule 1 (lo0)
pass quick on lo0 inet from any to any no state

4
test/pf/firewall10-2.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:43:57 2011 PST by vadim
# Generated Sat Mar 12 19:45:06 2011 PST by vadim
#
# files: * firewall10-2.fw /etc/fw/firewall10-2.fw
# files: firewall10-2.conf /etc/fw/firewall10-2.conf
@ -74,7 +74,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Sat Mar 12 15:43:57 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:45:06 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-3.conf.orig
View File

@ -15,7 +15,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 keep state
#
# Rule 0 (eth0)
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 22, 80 } keep state
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } keep state
#
# Rule 1 (lo0)
pass quick on lo0 inet from any to any

4
test/pf/firewall10-3.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:43:58 2011 PST by vadim
# Generated Sat Mar 12 19:45:07 2011 PST by vadim
#
# files: * firewall10-3.fw /etc/fw/firewall10-3.fw
# files: firewall10-3.conf /etc/fw/firewall10-3.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Sat Mar 12 15:43:58 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:45:07 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-4.conf.orig
View File

@ -16,7 +16,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 flags any
#
# Rule 0 (eth0)
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 22, 80 } flags any
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } flags any
#
# Rule 1 (lo0)
pass quick on lo0 inet from any to any no state

4
test/pf/firewall10-4.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:43:59 2011 PST by vadim
# Generated Sat Mar 12 19:45:09 2011 PST by vadim
#
# files: * firewall10-4.fw /etc/fw/firewall10-4.fw
# files: firewall10-4.conf /etc/fw/firewall10-4.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Sat Mar 12 15:43:59 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:45:09 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-5.conf.orig
View File

@ -23,7 +23,7 @@ pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 keep
pass out quick on enc0 inet from any to any keep state
#
# Rule 1 (eth0)
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 22, 80 } keep state
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } keep state
#
# Rule 2 (lo0)
pass quick on lo0 inet from any to any

4
test/pf/firewall10-5.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:44:01 2011 PST by vadim
# Generated Sat Mar 12 19:45:10 2011 PST by vadim
#
# files: * firewall10-5.fw /etc/fw/firewall10-5.fw
# files: firewall10-5.conf /etc/fw/firewall10-5.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Sat Mar 12 15:44:01 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:45:10 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-6.conf.orig
View File

@ -16,7 +16,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
pass in quick inet proto tcp from 192.168.1.100 to 192.168.1.1 port 22 flags any
#
# Rule 0 (eth0)
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 22, 80 } flags any
pass in quick on eth0 inet proto tcp from 192.168.1.0/24 to any port { 80, 22 } flags any
#
# Rule 1 (lo0)
pass quick on lo0 inet from any to any no state

4
test/pf/firewall10-6.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:44:02 2011 PST by vadim
# Generated Sat Mar 12 19:45:11 2011 PST by vadim
#
# files: * firewall10-6.fw /etc/fw/firewall10-6.fw
# files: firewall10-6.conf /etc/fw/firewall10-6.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Sat Mar 12 15:44:02 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:45:11 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall100.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:43:55 2011 PST by vadim
# Generated Sat Mar 12 19:45:05 2011 PST by vadim
#
# files: * firewall100.fw /etc/fw/pf.fw
# files: firewall100.conf /etc/fw/path\ with\ space/pf.conf
@ -167,7 +167,7 @@ configure_interfaces() {
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
}
log "Activating firewall script generated Sat Mar 12 15:43:55 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:45:05 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall101.fw.orig
View File

@ -4,7 +4,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:43:56 2011 PST by vadim
# Generated Sat Mar 12 19:45:05 2011 PST by vadim
#
# files: * firewall101.fw /etc/fw/pf.fw
# files: firewall101.conf /etc/fw/path\ with\ space/pf.conf
@ -170,7 +170,7 @@ configure_interfaces() {
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
}
log "Activating firewall script generated Sat Mar 12 15:43:56 2011 by vadim"
log "Activating firewall script generated Sat Mar 12 19:45:05 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall102.fw.orig
View File

@ -3,7 +3,7 @@
#
# Firewall Builder fwb_pf v4.2.0.3499
#
# Generated Sat Mar 12 15:43:57 2011 PST by vadim
# Generated Sat Mar 12 19:45:06 2011 PST by vadim
#
# files: * firewall102.fw /etc/fw/pf.fw
# files: firewall102.conf /etc/fw/path\ with\ space/pf.conf

Some files were not shown because too many files have changed in this diff Show More