onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-05-01 22:57:33 +02:00
Code Issues Releases Wiki Activity

* ../src/iptlib/NATCompiler_ipt.cpp (VerifyRules2::processNext):

Browse Source 
fixes #1109: "rules that do not pass verifyRules() checks may
cause compiler crash in test mode or gui crash in single rule
compile mode"
This commit is contained in:
Vadim Kurland 2010-01-20 02:55:38 +00:00
parent 264060a541
commit 0ee88506b5
19 changed files with 7756 additions and 6503 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 2387
#define BUILD_NUM 2390

10
doc/ChangeLog
View File

@ -1,5 +1,15 @@
2010-01-19 vadim <vadim@vk.crocodile.org>
* ../src/iptlib/NATCompiler_ipt.cpp (VerifyRules2::processNext):
fixes #1109: "rules that do not pass verifyRules() checks may
cause compiler crash in test mode or gui crash in single rule
compile mode"
* CompilerDriver.cpp (CompilerDriver::formSingleRuleCompileOutput):
fixes #1110: "when compiler detects fatal error and drops the rule
that caused it, the error does not appear in the single rule
compile output".
* ../src/pflib/TableFactory.cpp (TableFactory::createTablesForRE):
fixes #1111: "NAT compiler for PF does not recognize dynamic
interface of the firewall in rule element". Compiler issued an

11
src/iptlib/CompilerDriver_ipt_nat.cpp
View File

@ -106,11 +106,6 @@ bool CompilerDriver_ipt::processNatRuleSet(
<< " rule set "
<< branch_name << "\n";
if (nat_compiler->haveErrorsAndWarnings())
{
all_errors.push_back(nat_compiler->getErrors("").c_str());
}
if (nat->isTop())
{
if (flush_and_set_default_policy)
@ -125,6 +120,12 @@ bool CompilerDriver_ipt::processNatRuleSet(
branch_ruleset_to_chain_mapping[branch_name] = nat_compiler->getUsedChains();
}
if (nat_compiler->haveErrorsAndWarnings())
{
all_errors.push_back(nat_compiler->getErrors("").c_str());
}
return empty_output;
}

22
src/iptlib/CompilerDriver_ipt_policy.cpp
View File

@ -150,12 +150,6 @@ bool CompilerDriver_ipt::processPolicyRuleSet(
if (mangle_compiler->getCompiledScriptLength() > 0)
{
ostringstream tmp;
if (mangle_compiler->haveErrorsAndWarnings())
{
all_errors.push_back(mangle_compiler->getErrors("").c_str());
// tmp << "# Policy compiler errors and warnings:" << "\n";
// tmp << mangle_compiler->getErrors("# ");
}
tmp << mangle_compiler->getCompiledScript();
@ -170,6 +164,11 @@ bool CompilerDriver_ipt::processPolicyRuleSet(
}
}
if (mangle_compiler->haveErrorsAndWarnings())
{
all_errors.push_back(mangle_compiler->getErrors("").c_str());
}
if (m_str_pos!=mangle_table_stream.tellp())
{
mangle_table_stream << "\n";
@ -201,12 +200,6 @@ bool CompilerDriver_ipt::processPolicyRuleSet(
{
ostringstream tmp;
if (policy_compiler->haveErrorsAndWarnings())
{
all_errors.push_back(policy_compiler->getErrors("").c_str());
// tmp << "# Policy compiler errors and warnings:" << "\n";
// tmp << policy_compiler->getErrors("# ");
}
tmp << policy_compiler->getCompiledScript();
if (tmp.tellp() > 0)
@ -220,6 +213,11 @@ bool CompilerDriver_ipt::processPolicyRuleSet(
filter_table_stream << tmp.str();
}
}
if (policy_compiler->haveErrorsAndWarnings())
{
all_errors.push_back(policy_compiler->getErrors("").c_str());
}
}
/* bug #2550074: "Automatic rules for filter table included twice

135
src/pflib/NATCompiler_pf.cpp
View File

@ -368,7 +368,6 @@ bool NATCompiler_pf::splitSDNATRule::processNext()
bool NATCompiler_pf::VerifyRules::processNext()
{
NATRule *rule=getNext(); if (rule==NULL) return false;
tmp_queue.push_back(rule);
RuleElementOSrc *osrc=rule->getOSrc(); assert(osrc);
RuleElementODst *odst=rule->getODst(); assert(odst);
@ -378,23 +377,21 @@ bool NATCompiler_pf::VerifyRules::processNext()
RuleElementTDst *tdst=rule->getTDst(); assert(tdst);
RuleElementTSrv *tsrv=rule->getTSrv(); assert(tsrv);
// if (rule->getRuleType()==NATRule::LB)
// compiler->abort("Load balancing rules are not supported. Rule "+rule->getLabel());
if (rule->getRuleType()==NATRule::DNAT && odst->size()!=1)
{
compiler->abort(
rule,
"There should be no more than one object in original destination");
// if (rule->getRuleType()==NATRule::SNAT && tsrc->size()!=1)
// compiler->abort("There should be no more than one object in translated source in the rule "+rule->getLabel());
rule,
"There should be no more than one object in original destination");
return true;
}
if (osrv->getNeg())
{
compiler->abort(
rule,
"Negation in original service is not supported.");
rule,
"Negation in original service is not supported.");
return true;
}
/* bug #1276083: "Destination NAT rules". this restriction is not
* true at least as of OpenBSD 3.5
@ -404,43 +401,55 @@ bool NATCompiler_pf::VerifyRules::processNext()
*/
if (rule->getRuleType()==NATRule::DNAT && osrv->isAny() && !tsrv->isAny())
{
compiler->abort(
rule,
"Can not translate 'any' into a specific service.");
rule,
"Can not translate 'any' into a specific service.");
return true;
}
if (tsrc->getNeg())
{
compiler->abort(
rule,
"Can not use negation in translated source.");
rule,
"Can not use negation in translated source.");
return true;
}
if (tdst->getNeg())
{
compiler->abort(
rule,
"Can not use negation in translated destination.");
rule,
"Can not use negation in translated destination.");
return true;
}
if (tsrv->getNeg())
{
compiler->abort(
rule,
"Can not use negation in translated service.");
rule,
"Can not use negation in translated service.");
return true;
}
if (tsrv->size()!=1)
{
compiler->abort(
rule,
"Translated service should be 'Original' or should contain single object.");
rule,
"Translated service should be 'Original' or should contain single object.");
return true;
}
FWObject *o=tsrv->front();
if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer();
if ( Group::cast(o)!=NULL)
{
compiler->abort(
rule,
"Can not use group in translated service.");
rule,
"Can not use group in translated service.");
return true;
}
#if 0
if (rule->getRuleType()==NATRule::SNAT )
@ -454,35 +463,52 @@ bool NATCompiler_pf::VerifyRules::processNext()
if (rule->getRuleType()==NATRule::SNAT )
{
if (tsrc->isAny())
{
compiler->abort(rule,
"Source translation rule needs an address in "
"Translated Source.");
return true;
}
FWObject *o = FWReference::getObject(tsrc->front());
if (Interface::isA(o) && Interface::cast(o)->isUnnumbered())
{
compiler->abort(rule,
"Can not use unnumbered interface in "
"Translated Source of a Source translation rule.");
return true;
}
}
if (rule->getRuleType()==NATRule::DNAT || rule->getRuleType()==NATRule::Redirect )
{
if (tdst->isAny())
compiler->abort(rule,
"Destination translation rule needs an address in "
"Translated Destination.");
{
compiler->abort(
rule,
"Destination translation rule needs an address in "
"Translated Destination.");
return true;
}
if ( tdst->size()!=1)
{
compiler->abort(
rule,
"There should be no more than one object in translated destination");
rule,
"There should be no more than one object in translated destination");
return true;
}
Address* o1=compiler->getFirstTDst(rule);
if ( Network::cast(o1)!=NULL || AddressRange::cast(o1)!=NULL )
{
compiler->abort(
rule,
"Can not use network or address range object in translated destination.");
rule,
"Can not use network or address range object in translated destination.");
return true;
}
}
@ -492,10 +518,13 @@ bool NATCompiler_pf::VerifyRules::processNext()
Network *a2=Network::cast(compiler->getFirstTSrc(rule));
if ( a1==NULL || a2==NULL ||
a1->getNetmaskPtr()->getLength()!=a2->getNetmaskPtr()->getLength() )
{
compiler->abort(
rule,
"Original and translated source should both be networks of the same size.");
rule,
"Original and translated source should both be networks of the same size.");
return true;
}
}
if (rule->getRuleType()==NATRule::DNetnat && !tsrc->isAny() )
@ -504,29 +533,39 @@ bool NATCompiler_pf::VerifyRules::processNext()
Network *a2=Network::cast(compiler->getFirstTDst(rule));
if ( a1==NULL || a2==NULL ||
a1->getNetmaskPtr()->getLength()!=a2->getNetmaskPtr()->getLength() )
{
compiler->abort(
rule,
"Original and translated destination should both be networks of the same size.");
rule,
"Original and translated destination should both be networks of the same size.");
return true;
}
}
if (rule->getRuleType()==NATRule::NATBranch )
{
RuleSet *branch = rule->getBranch();
if (branch == NULL)
{
compiler->abort(
rule,
"Action 'Branch' needs NAT rule set to point to");
else
return true;
} else
{
if (!NAT::isA(branch))
{
compiler->abort(
rule,
"Action 'Branch' must point to a NAT rule set "
"(points to " + branch->getTypeName() + ")");
return true;
}
}
}
tmp_queue.push_back(rule);
return true;
}

2
test/iosacl/cluster-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="15" lastModified="1253911075" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="1253911075" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<StateSyncClusterGroup id="id3505X94039" type="conntrack" name="State Sync Group-1" comment="">
<ClusterGroupOptions/>

408
test/iosacl/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="15" lastModified="1263599937" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="1263599937" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<Interface id="id19433X65694" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id19434X65694" name="firewall-ipv6-1:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
@ -140,34 +140,34 @@
<ServiceGroup id="id4511637123682" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id4511637223682" name="Custom" comment="" ro="False">
<CustomService id="id4226X64279" name="dscp af11" comment="" ro="False" protocol="tcp" address_family="ipv4">
<CustomServiceCommand platform="fwsm"></CustomServiceCommand>
<CustomServiceCommand platform="fwsm"/>
<CustomServiceCommand platform="iosacl">dscp af11</CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="iptables"></CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"/>
<CustomServiceCommand platform="ipfw"/>
<CustomServiceCommand platform="iptables"/>
<CustomServiceCommand platform="pf"/>
<CustomServiceCommand platform="pix"/>
<CustomServiceCommand platform="unknown"/>
</CustomService>
<CustomService id="id8888X64279" name="esp dscp af12" comment="" ro="False" protocol="50" address_family="ipv4">
<CustomServiceCommand platform="fwsm"></CustomServiceCommand>
<CustomServiceCommand platform="fwsm"/>
<CustomServiceCommand platform="iosacl">dscp af12</CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="iptables"></CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"/>
<CustomServiceCommand platform="ipfw"/>
<CustomServiceCommand platform="iptables"/>
<CustomServiceCommand platform="pf"/>
<CustomServiceCommand platform="pix"/>
<CustomServiceCommand platform="unknown"/>
</CustomService>
<CustomService id="id26068X65694" name="esp dscp af11 ipv6" comment="" ro="False" protocol="50" address_family="ipv6">
<CustomServiceCommand platform="fwsm"></CustomServiceCommand>
<CustomServiceCommand platform="fwsm"/>
<CustomServiceCommand platform="iosacl">dscp af11</CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="iptables"></CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"/>
<CustomServiceCommand platform="ipfw"/>
<CustomServiceCommand platform="iptables"/>
<CustomServiceCommand platform="pf"/>
<CustomServiceCommand platform="pix"/>
<CustomServiceCommand platform="unknown"/>
</CustomService>
</ServiceGroup>
<ServiceGroup id="id4511637323682" name="TagServices" comment="" ro="False"/>
@ -665,10 +665,10 @@
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="compiler"></Option>
<Option name="compiler"/>
<Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="filesystem">/etc</Option>
@ -697,8 +697,8 @@
<Option name="iosacl_logging_trap_level">3</Option>
<Option name="iosacl_prolog_script">! This is prolog</Option>
<Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"></Option>
<Option name="iosacl_syslog_host"></Option>
<Option name="iosacl_syslog_facility"/>
<Option name="iosacl_syslog_host"/>
<Option name="iosacl_use_acl_remarks">False</Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_value">0</Option>
@ -713,7 +713,7 @@
<Option name="mgmt_addr">1.1.1.100</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
@ -734,9 +734,9 @@
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="scpArgs"></Option>
<Option name="scpArgs"/>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_nlgroup">1</Option>
<Option name="use_scp">False</Option>
<Option name="verify_interfaces">true</Option>
@ -1123,10 +1123,10 @@
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="compiler"></Option>
<Option name="compiler"/>
<Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="firewall_dir">/etc</Option>
@ -1139,21 +1139,21 @@
<Option name="iosacl_acl_basic">True</Option>
<Option name="iosacl_acl_no_clear">False</Option>
<Option name="iosacl_acl_substitution">False</Option>
<Option name="iosacl_acl_temp_addr"></Option>
<Option name="iosacl_acl_temp_addr"/>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"></Option>
<Option name="iosacl_epilog_script"/>
<Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option>
<Option name="iosacl_logging_buffered_level"></Option>
<Option name="iosacl_logging_buffered_level"/>
<Option name="iosacl_logging_console">False</Option>
<Option name="iosacl_logging_console_level"></Option>
<Option name="iosacl_logging_console_level"/>
<Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level"></Option>
<Option name="iosacl_prolog_script"></Option>
<Option name="iosacl_logging_trap_level"/>
<Option name="iosacl_prolog_script"/>
<Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"></Option>
<Option name="iosacl_syslog_host"></Option>
<Option name="iosacl_syslog_facility"/>
<Option name="iosacl_syslog_host"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option>
@ -1163,10 +1163,10 @@
<Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">true</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
@ -1188,7 +1188,7 @@
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
@ -1638,8 +1638,8 @@
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option>
@ -1657,7 +1657,7 @@
<Option name="iosacl_acl_temp_addr">10.10.10.0/24</Option>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"></Option>
<Option name="iosacl_epilog_script"/>
<Option name="iosacl_generate_logging_commands">False</Option>
<Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option>
@ -1666,10 +1666,10 @@
<Option name="iosacl_logging_console_level">3</Option>
<Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level">3</Option>
<Option name="iosacl_prolog_script"></Option>
<Option name="iosacl_prolog_script"/>
<Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"></Option>
<Option name="iosacl_syslog_host"></Option>
<Option name="iosacl_syslog_facility"/>
<Option name="iosacl_syslog_host"/>
<Option name="iosacl_use_acl_remarks">False</Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_value">0</Option>
@ -1684,7 +1684,7 @@
<Option name="mgmt_addr">10.10.10.0/24</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
@ -1705,9 +1705,9 @@
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="scpArgs"></Option>
<Option name="scpArgs"/>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_nlgroup">1</Option>
<Option name="use_scp">False</Option>
<Option name="verify_interfaces">true</Option>
@ -2030,8 +2030,8 @@
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option>
@ -2043,10 +2043,10 @@
<Option name="iosacl_acl_basic">True</Option>
<Option name="iosacl_acl_no_clear">False</Option>
<Option name="iosacl_acl_substitution">False</Option>
<Option name="iosacl_acl_temp_addr"></Option>
<Option name="iosacl_acl_temp_addr"/>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"></Option>
<Option name="iosacl_epilog_script"/>
<Option name="iosacl_generate_logging_commands">True</Option>
<Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">True</Option>
@ -2055,10 +2055,10 @@
<Option name="iosacl_logging_console_level">5</Option>
<Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level">2</Option>
<Option name="iosacl_prolog_script"></Option>
<Option name="iosacl_prolog_script"/>
<Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"></Option>
<Option name="iosacl_syslog_host"></Option>
<Option name="iosacl_syslog_facility"/>
<Option name="iosacl_syslog_host"/>
<Option name="iosacl_use_acl_remarks">True</Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_value">0</Option>
@ -2073,7 +2073,7 @@
<Option name="mgmt_addr">10.3.14.40</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
@ -2094,9 +2094,9 @@
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="scpArgs"></Option>
<Option name="scpArgs"/>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
@ -2453,34 +2453,34 @@
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject"></Option>
<Option name="activationCmd"></Option>
<Option name="action_on_reject"/>
<Option name="activationCmd"/>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="classify_mark_terminating">False</Option>
<Option name="cmdline">-xt</Option>
<Option name="compiler"></Option>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="enable_ipv6">True</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_ip_redirect"></Option>
<Option name="freebsd_ip_sourceroute"></Option>
<Option name="freebsd_ip_redirect"/>
<Option name="freebsd_ip_sourceroute"/>
<Option name="freebsd_ipv6_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipfw"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipfw"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="iosacl_acl_basic">False</Option>
@ -2489,7 +2489,7 @@
<Option name="iosacl_acl_temp_addr">fe80::21d:9ff:aaaa:bbbb</Option>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"></Option>
<Option name="iosacl_epilog_script"/>
<Option name="iosacl_generate_logging_commands">False</Option>
<Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option>
@ -2498,13 +2498,13 @@
<Option name="iosacl_logging_console_level">0</Option>
<Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level">0</Option>
<Option name="iosacl_prolog_script"></Option>
<Option name="iosacl_prolog_script"/>
<Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"></Option>
<Option name="iosacl_syslog_host"></Option>
<Option name="ipt_mangle_only_rulesets"></Option>
<Option name="iosacl_syslog_facility"/>
<Option name="iosacl_syslog_host"/>
<Option name="ipt_mangle_only_rulesets"/>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">True</Option>
@ -2519,18 +2519,18 @@
<Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="no_ipv6_default_policy">False</Option>
<Option name="openbsd_ip_directed_broadcast"></Option>
<Option name="openbsd_ip_directed_broadcast"/>
<Option name="openbsd_ip_forward">1</Option>
<Option name="openbsd_ip_redirect"></Option>
<Option name="openbsd_ip_sourceroute"></Option>
<Option name="openbsd_ip_redirect"/>
<Option name="openbsd_ip_sourceroute"/>
<Option name="openbsd_ipv6_forward">1</Option>
<Option name="openbsd_path_pfctl"></Option>
<Option name="openbsd_path_sysctl"></Option>
<Option name="output_file"></Option>
<Option name="openbsd_path_pfctl"/>
<Option name="openbsd_path_sysctl"/>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
@ -2549,7 +2549,7 @@
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_optimization"/>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
@ -2601,12 +2601,12 @@
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="prolog_script"/>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="scpArgs"></Option>
<Option name="scpArgs"/>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
@ -2968,34 +2968,34 @@
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject"></Option>
<Option name="activationCmd"></Option>
<Option name="action_on_reject"/>
<Option name="activationCmd"/>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="classify_mark_terminating">False</Option>
<Option name="cmdline">-xt</Option>
<Option name="compiler"></Option>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="enable_ipv6">True</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_ip_redirect"></Option>
<Option name="freebsd_ip_sourceroute"></Option>
<Option name="freebsd_ip_redirect"/>
<Option name="freebsd_ip_sourceroute"/>
<Option name="freebsd_ipv6_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipfw"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipfw"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="iosacl_acl_basic">False</Option>
@ -3004,7 +3004,7 @@
<Option name="iosacl_acl_temp_addr">1.1.1.0/24</Option>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"></Option>
<Option name="iosacl_epilog_script"/>
<Option name="iosacl_generate_logging_commands">False</Option>
<Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option>
@ -3013,13 +3013,13 @@
<Option name="iosacl_logging_console_level">2</Option>
<Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level">2</Option>
<Option name="iosacl_prolog_script"></Option>
<Option name="iosacl_prolog_script"/>
<Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"></Option>
<Option name="iosacl_syslog_host"></Option>
<Option name="ipt_mangle_only_rulesets"></Option>
<Option name="iosacl_syslog_facility"/>
<Option name="iosacl_syslog_host"/>
<Option name="ipt_mangle_only_rulesets"/>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">True</Option>
@ -3038,14 +3038,14 @@
<Option name="mgmt_ssh">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_ipv6_default_policy">False</Option>
<Option name="openbsd_ip_directed_broadcast"></Option>
<Option name="openbsd_ip_directed_broadcast"/>
<Option name="openbsd_ip_forward">1</Option>
<Option name="openbsd_ip_redirect"></Option>
<Option name="openbsd_ip_sourceroute"></Option>
<Option name="openbsd_ip_redirect"/>
<Option name="openbsd_ip_sourceroute"/>
<Option name="openbsd_ipv6_forward">1</Option>
<Option name="openbsd_path_pfctl"></Option>
<Option name="openbsd_path_sysctl"></Option>
<Option name="output_file"></Option>
<Option name="openbsd_path_pfctl"/>
<Option name="openbsd_path_sysctl"/>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
@ -3064,7 +3064,7 @@
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_optimization"/>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
@ -3116,12 +3116,12 @@
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="prolog_script"/>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="scpArgs"></Option>
<Option name="scpArgs"/>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
@ -3510,34 +3510,34 @@
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject"></Option>
<Option name="activationCmd"></Option>
<Option name="action_on_reject"/>
<Option name="activationCmd"/>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="classify_mark_terminating">False</Option>
<Option name="cmdline">-xt</Option>
<Option name="compiler"></Option>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="enable_ipv6">True</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_ip_redirect"></Option>
<Option name="freebsd_ip_sourceroute"></Option>
<Option name="freebsd_ip_redirect"/>
<Option name="freebsd_ip_sourceroute"/>
<Option name="freebsd_ipv6_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipfw"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipfw"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="iosacl_acl_basic">False</Option>
@ -3546,7 +3546,7 @@
<Option name="iosacl_acl_temp_addr">10.1.1.0</Option>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"></Option>
<Option name="iosacl_epilog_script"/>
<Option name="iosacl_generate_logging_commands">False</Option>
<Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option>
@ -3555,13 +3555,13 @@
<Option name="iosacl_logging_console_level">2</Option>
<Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level">2</Option>
<Option name="iosacl_prolog_script"></Option>
<Option name="iosacl_prolog_script"/>
<Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"></Option>
<Option name="iosacl_syslog_host"></Option>
<Option name="ipt_mangle_only_rulesets"></Option>
<Option name="iosacl_syslog_facility"/>
<Option name="iosacl_syslog_host"/>
<Option name="ipt_mangle_only_rulesets"/>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">True</Option>
@ -3580,14 +3580,14 @@
<Option name="mgmt_ssh">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_ipv6_default_policy">False</Option>
<Option name="openbsd_ip_directed_broadcast"></Option>
<Option name="openbsd_ip_directed_broadcast"/>
<Option name="openbsd_ip_forward">1</Option>
<Option name="openbsd_ip_redirect"></Option>
<Option name="openbsd_ip_sourceroute"></Option>
<Option name="openbsd_ip_redirect"/>
<Option name="openbsd_ip_sourceroute"/>
<Option name="openbsd_ipv6_forward">1</Option>
<Option name="openbsd_path_pfctl"></Option>
<Option name="openbsd_path_sysctl"></Option>
<Option name="output_file"></Option>
<Option name="openbsd_path_pfctl"/>
<Option name="openbsd_path_sysctl"/>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
@ -3606,7 +3606,7 @@
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_optimization"/>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
@ -3658,12 +3658,12 @@
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="prolog_script"/>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="scpArgs"></Option>
<Option name="scpArgs"/>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
@ -3804,34 +3804,34 @@
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject"></Option>
<Option name="activationCmd"></Option>
<Option name="action_on_reject"/>
<Option name="activationCmd"/>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="classify_mark_terminating">False</Option>
<Option name="cmdline">-xt</Option>
<Option name="compiler"></Option>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="enable_ipv6">True</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_ip_redirect"></Option>
<Option name="freebsd_ip_sourceroute"></Option>
<Option name="freebsd_ip_redirect"/>
<Option name="freebsd_ip_sourceroute"/>
<Option name="freebsd_ipv6_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipfw"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipfw"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="iosacl_acl_basic">False</Option>
@ -3840,7 +3840,7 @@
<Option name="iosacl_acl_temp_addr">fe80::21d:9ff:aaaa:bbbb/64</Option>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"></Option>
<Option name="iosacl_epilog_script"/>
<Option name="iosacl_generate_logging_commands">False</Option>
<Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option>
@ -3849,13 +3849,13 @@
<Option name="iosacl_logging_console_level">1</Option>
<Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level">1</Option>
<Option name="iosacl_prolog_script"></Option>
<Option name="iosacl_prolog_script"/>
<Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"></Option>
<Option name="iosacl_syslog_host"></Option>
<Option name="ipt_mangle_only_rulesets"></Option>
<Option name="iosacl_syslog_facility"/>
<Option name="iosacl_syslog_host"/>
<Option name="ipt_mangle_only_rulesets"/>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">True</Option>
@ -3870,18 +3870,18 @@
<Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="no_ipv6_default_policy">False</Option>
<Option name="openbsd_ip_directed_broadcast"></Option>
<Option name="openbsd_ip_directed_broadcast"/>
<Option name="openbsd_ip_forward">1</Option>
<Option name="openbsd_ip_redirect"></Option>
<Option name="openbsd_ip_sourceroute"></Option>
<Option name="openbsd_ip_redirect"/>
<Option name="openbsd_ip_sourceroute"/>
<Option name="openbsd_ipv6_forward">1</Option>
<Option name="openbsd_path_pfctl"></Option>
<Option name="openbsd_path_sysctl"></Option>
<Option name="output_file"></Option>
<Option name="openbsd_path_pfctl"/>
<Option name="openbsd_path_sysctl"/>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
@ -3900,7 +3900,7 @@
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_optimization"></Option>
<Option name="pf_optimization"/>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
@ -3952,12 +3952,12 @@
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prolog_place">fw_file</Option>
<Option name="prolog_script"></Option>
<Option name="prolog_script"/>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="scpArgs"></Option>
<Option name="scpArgs"/>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
@ -4284,10 +4284,10 @@
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="compiler"></Option>
<Option name="compiler"/>
<Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="firewall_dir">/etc</Option>
@ -4300,21 +4300,21 @@
<Option name="iosacl_acl_basic">True</Option>
<Option name="iosacl_acl_no_clear">False</Option>
<Option name="iosacl_acl_substitution">False</Option>
<Option name="iosacl_acl_temp_addr"></Option>
<Option name="iosacl_acl_temp_addr"/>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"></Option>
<Option name="iosacl_epilog_script"/>
<Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option>
<Option name="iosacl_logging_buffered_level"></Option>
<Option name="iosacl_logging_buffered_level"/>
<Option name="iosacl_logging_console">False</Option>
<Option name="iosacl_logging_console_level"></Option>
<Option name="iosacl_logging_console_level"/>
<Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level"></Option>
<Option name="iosacl_prolog_script"></Option>
<Option name="iosacl_logging_trap_level"/>
<Option name="iosacl_prolog_script"/>
<Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"></Option>
<Option name="iosacl_syslog_host"></Option>
<Option name="iosacl_syslog_facility"/>
<Option name="iosacl_syslog_host"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option>
@ -4324,10 +4324,10 @@
<Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">true</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
@ -4349,7 +4349,7 @@
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
@ -4482,8 +4482,8 @@
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="configure_interfaces">true</Option>
<Option name="eliminate_duplicates">true</Option>
@ -4501,7 +4501,7 @@
<Option name="iosacl_acl_temp_addr">10.10.10.0/24</Option>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_epilog_script"></Option>
<Option name="iosacl_epilog_script"/>
<Option name="iosacl_generate_logging_commands">False</Option>
<Option name="iosacl_include_comments">True</Option>
<Option name="iosacl_logging_buffered">False</Option>
@ -4510,10 +4510,10 @@
<Option name="iosacl_logging_console_level">3</Option>
<Option name="iosacl_logging_timestamp">False</Option>
<Option name="iosacl_logging_trap_level">3</Option>
<Option name="iosacl_prolog_script"></Option>
<Option name="iosacl_prolog_script"/>
<Option name="iosacl_regroup_commands">False</Option>
<Option name="iosacl_syslog_facility"></Option>
<Option name="iosacl_syslog_host"></Option>
<Option name="iosacl_syslog_facility"/>
<Option name="iosacl_syslog_host"/>
<Option name="iosacl_use_acl_remarks">False</Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_value">0</Option>
@ -4528,7 +4528,7 @@
<Option name="mgmt_addr">10.10.10.0/24</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
@ -4549,9 +4549,9 @@
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="scpArgs"></Option>
<Option name="scpArgs"/>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="sshArgs"/>
<Option name="ulog_nlgroup">1</Option>
<Option name="use_scp">False</Option>
<Option name="verify_interfaces">true</Option>
@ -4595,16 +4595,16 @@
<IPService id="ip-IP_Fragments" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="True" ssrr="False" ts="False" name="ip_fragments" comment="'Short' fragments" ro="False"/>
</ServiceGroup>
<CustomService id="stdid14_1" name="ESTABLISHED" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
</CustomService>
<CustomService id="stdid14_2" name="ESTABLISHED ipv6" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv6">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
</CustomService>

2
test/iosacl/quick-cmp.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh
DIFFCMD="diff -C 5 -c -b -B -w -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_ipt v' -I 'Can not find file' -I '====' -I 'log '"
DIFFCMD="diff -C 5 -c -b -B -w -I \"Generated\" -I 'Activating ' -I 'Firewall Builder fwb_iosacl v' -I 'Can not find file' -I '====' -I 'log '"
for f in $(ls *.fw.orig)
do

34
test/ipf/large_policy_test.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="15" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False"/>
<Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects" ro="False">
<ObjectGroup id="stdid01_1_clusters" name="Clusters" comment="" ro="False"/>
@ -209,20 +209,20 @@
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
@ -230,14 +230,14 @@
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="linux24_path_ip"></Option>
<Option name="linux24_path_iptables"></Option>
<Option name="linux24_path_logger"></Option>
<Option name="linux24_path_lsmod"></Option>
<Option name="linux24_path_modprobe"></Option>
<Option name="linux24_path_ip"/>
<Option name="linux24_path_iptables"/>
<Option name="linux24_path_logger"/>
<Option name="linux24_path_lsmod"/>
<Option name="linux24_path_modprobe"/>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">True</Option>
@ -252,9 +252,9 @@
<Option name="loopback_interface">lo</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>

750
test/ipf/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="15" lastModified="1257363322" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="1257363322" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<ICMP6Service id="idE0C27650" code="0" type="1" name="ipv6 dest unreachable" comment="No route to destination" ro="False"/>
</Library>
@ -133,9 +133,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -151,9 +151,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
@ -168,9 +168,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -186,9 +186,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -243,9 +243,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">True</Option>
</HostOptions>
</Host>
@ -320,9 +320,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -338,9 +338,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -356,9 +356,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -374,9 +374,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -392,9 +392,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -410,9 +410,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -428,9 +428,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -484,9 +484,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
@ -599,9 +599,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
@ -703,8 +703,8 @@
</ServiceGroup>
<ServiceGroup id="stdid13_1" name="Custom" comment="" ro="False">
<CustomService id="id3B64FE22" name="talk" comment="Talk support" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="iptables">-m ip_conntrack_talk -m ip_nat_talk</CustomServiceCommand>
</CustomService>
</ServiceGroup>
@ -950,10 +950,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="log_limit_suffix"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -977,7 +977,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="stateless">True</Option>
@ -1020,10 +1020,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3BF1B44E" disabled="True" log="False" position="10" action="Accept" direction="Both" comment="">
@ -1043,10 +1043,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-3" disabled="False" log="False" position="11" action="Accept" direction="Both" comment="">
@ -1069,10 +1069,10 @@
<IntervalRef ref="id3C63479E"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-2" disabled="False" log="False" position="12" action="Accept" direction="Both" comment="">
@ -1092,10 +1092,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-4" disabled="False" log="False" position="13" action="Accept" direction="Both" comment="">
@ -1116,10 +1116,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CD8770E" disabled="False" log="False" position="14" action="Accept" direction="Both" comment="">
@ -1140,10 +1140,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D98E652" disabled="False" log="False" position="15" action="Accept" direction="Both" comment="">
@ -1164,10 +1164,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CD87B1E" disabled="False" log="False" position="16" action="Accept" direction="Both" comment="">
@ -1188,10 +1188,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B58E180" disabled="False" log="True" position="17" action="Accept" direction="Both" comment="">
@ -1272,10 +1272,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-7" disabled="False" log="True" position="21" action="Deny" direction="Both" comment="Automatically generated 'catch all' rule">
@ -1295,15 +1295,15 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_log_facility">daemon</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_level">alert</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="log_limit_suffix"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -1333,30 +1333,30 @@
<Option name="accept_established">False</Option>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP port unreachable</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline">-v</Option>
<Option name="compiler"></Option>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="dynAddr">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="epilog_script"></Option>
<Option name="firewall_dir"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_conf_file_name_on_firewall">ipf.conf</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility">local0</Option>
@ -1384,7 +1384,7 @@
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
@ -1399,17 +1399,17 @@
<Option name="openbsd_ip_redirect">0</Option>
<Option name="openbsd_ip_sourceroute">0</Option>
<Option name="optimize">True</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="script_env_path"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="script_env_path"/>
<Option name="script_name_on_firewall">ipf.fw</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
@ -1858,10 +1858,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix">/minute</Option>
<Option name="limit_value">10</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -2083,34 +2083,34 @@
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="dynAddr">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="epilog_script"></Option>
<Option name="firewall_dir"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_conf_file_name_on_firewall">/etc/fw/ipf.conf</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ekshell_proxy">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
@ -2134,29 +2134,29 @@
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="nat_conf_file_name_on_firewall">/etc/fw/nat.conf</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="optimize">False</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="prolog_script"></Option>
<Option name="prolog_script"/>
<Option name="proxy_arp">False</Option>
<Option name="scpArgs"></Option>
<Option name="script_env_path"></Option>
<Option name="scpArgs"/>
<Option name="script_env_path"/>
<Option name="script_name_on_firewall">/etc/ipf.fw</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
@ -2183,7 +2183,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3AFB66D6" disabled="False" position="1" action="Translate" comment="">
@ -2207,7 +2207,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3DE9CA86" disabled="False" position="2" action="Translate" comment="">
@ -2466,7 +2466,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3BD6757E" disabled="True" position="14" action="Translate" comment="">
@ -2698,8 +2698,8 @@
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
@ -2720,8 +2720,8 @@
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
@ -2744,7 +2744,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -2768,7 +2768,7 @@
<Option name="action_on_reject">TCP RST</Option>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">IDENT</Option>
<Option name="stateless">True</Option>
@ -2791,10 +2791,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">IDENT</Option>
<Option name="stateless">True</Option>
@ -2855,7 +2855,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3C447B8D" disabled="False" log="True" position="8" action="Accept" direction="Both" comment="host-fw2 has the same address as &#10; one of the firewall's interfaces">
@ -2911,7 +2911,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -2951,26 +2951,26 @@
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="id"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="id"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">True</Option>
<Option name="ipf_nat_h323_proxy">True</Option>
@ -3006,10 +3006,10 @@
<Option name="pf_return_icmp_as_dest">True</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">True</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">True</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
@ -3036,7 +3036,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D758531" disabled="False" position="1" action="Translate" comment="">
@ -3059,7 +3059,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D75869D" disabled="False" position="2" action="Translate" comment="">
@ -3082,7 +3082,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D7586D1" disabled="False" position="3" action="Translate" comment="">
@ -3105,7 +3105,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3B0C6390" disabled="True" position="4" action="Translate" comment="negation in NAT is not supported&#10;in ipf yet">
@ -3128,7 +3128,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3B202AFF" disabled="False" position="5" action="Translate" comment="">
@ -3350,7 +3350,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63A9" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="testing negation in the policy rule">
@ -3371,7 +3371,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -3393,7 +3393,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -3416,7 +3416,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -3437,7 +3437,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D85069A" disabled="True" log="True" position="9" action="Accept" direction="Both" comment="">
@ -3476,7 +3476,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -3514,34 +3514,34 @@
<Option name="accept_established">False</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="dynAddr">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="epilog_script"></Option>
<Option name="firewall_dir"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf">/usr/sbin/ipf</Option>
<Option name="freebsd_path_ipnat">/usr/sbin/ipnat</Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="id"></Option>
<Option name="freebsd_path_sysctl"/>
<Option name="id"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">True</Option>
<Option name="ipf_nat_h323_proxy">True</Option>
@ -3562,26 +3562,26 @@
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="optimize">False</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="prolog_script"></Option>
<Option name="prolog_script"/>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
@ -3684,24 +3684,24 @@
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
@ -3718,7 +3718,7 @@
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
@ -3728,10 +3728,10 @@
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
@ -3906,23 +3906,23 @@
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
@ -3937,9 +3937,9 @@
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_limit_suffix"/>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">False</Option>
@ -3948,10 +3948,10 @@
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
@ -4271,20 +4271,20 @@
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
@ -4292,9 +4292,9 @@
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id3DF3D0AD" host_OS="freebsd" lastCompiled="1157929213" lastInstalled="0" lastModified="0" platform="ipf" name="firewall9" comment="" ro="False">
@ -4691,20 +4691,20 @@
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
@ -4714,9 +4714,9 @@
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id3FCA516A" host_OS="freebsd" inactive="False" lastCompiled="1157929196" lastInstalled="0" lastModified="1156049389" platform="ipf" version="" name="firewall10" comment="" ro="False">
@ -4951,21 +4951,21 @@
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">False</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
@ -4976,9 +4976,9 @@
<Option name="manage_virtual_addr">False</Option>
<Option name="optimize">True</Option>
<Option name="pass_all_out">True</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id3FF5DC0E" host_OS="freebsd" lastCompiled="1172425374" lastInstalled="0" lastModified="0" platform="ipf" name="firewall11" comment="" ro="False">
@ -5092,21 +5092,21 @@
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
@ -5119,9 +5119,9 @@
<Option name="manage_virtual_addr">True</Option>
<Option name="optimize">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id424A636E" host_OS="freebsd" lastCompiled="1157929209" lastInstalled="0" lastModified="0" platform="ipf" version="" name="firewall5" comment="Dynamic interface ppp0" ro="False">
@ -5457,27 +5457,27 @@
<FirewallOptions>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="dynAddr">True</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
@ -5486,15 +5486,15 @@
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="optimize">False</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="prolog_script"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="prolog_script"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id43867C1018346" host_OS="freebsd" lastCompiled="1157929202" lastInstalled="0" lastModified="0" platform="ipf" version="" name="firewall33" comment="testing DNSName object" ro="False">
@ -5838,50 +5838,50 @@
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"></Option>
<Option name="firewall_dir"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects"></Option>
<Option name="linux24_accept_source_route"></Option>
<Option name="linux24_icmp_echo_ignore_all"></Option>
<Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
<Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
<Option name="linux24_ip_dynaddr"></Option>
<Option name="linux24_ip_forward"></Option>
<Option name="linux24_log_martians"></Option>
<Option name="linux24_path_ip"></Option>
<Option name="linux24_path_iptables"></Option>
<Option name="linux24_path_logger"></Option>
<Option name="linux24_path_lsmod"></Option>
<Option name="linux24_path_modprobe"></Option>
<Option name="linux24_rp_filter"></Option>
<Option name="linux24_tcp_ecn"></Option>
<Option name="linux24_tcp_fack"></Option>
<Option name="linux24_accept_redirects"/>
<Option name="linux24_accept_source_route"/>
<Option name="linux24_icmp_echo_ignore_all"/>
<Option name="linux24_icmp_echo_ignore_broadcasts"/>
<Option name="linux24_icmp_ignore_bogus_error_responses"/>
<Option name="linux24_ip_dynaddr"/>
<Option name="linux24_ip_forward"/>
<Option name="linux24_log_martians"/>
<Option name="linux24_path_ip"/>
<Option name="linux24_path_iptables"/>
<Option name="linux24_path_logger"/>
<Option name="linux24_path_lsmod"/>
<Option name="linux24_path_modprobe"/>
<Option name="linux24_rp_filter"/>
<Option name="linux24_tcp_ecn"/>
<Option name="linux24_tcp_fack"/>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="linux24_tcp_sack"></Option>
<Option name="linux24_tcp_syncookies"></Option>
<Option name="linux24_tcp_timestamps"></Option>
<Option name="linux24_tcp_window_scaling"></Option>
<Option name="linux24_tcp_sack"/>
<Option name="linux24_tcp_syncookies"/>
<Option name="linux24_tcp_timestamps"/>
<Option name="linux24_tcp_window_scaling"/>
<Option name="load_modules">False</Option>
<Option name="local_nat">False</Option>
<Option name="log_all">False</Option>
@ -5895,20 +5895,20 @@
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="platform">iptables</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"></Option>
<Option name="prolog_script"/>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
@ -6186,50 +6186,50 @@
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"></Option>
<Option name="firewall_dir"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects"></Option>
<Option name="linux24_accept_source_route"></Option>
<Option name="linux24_icmp_echo_ignore_all"></Option>
<Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
<Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
<Option name="linux24_ip_dynaddr"></Option>
<Option name="linux24_ip_forward"></Option>
<Option name="linux24_log_martians"></Option>
<Option name="linux24_path_ip"></Option>
<Option name="linux24_path_iptables"></Option>
<Option name="linux24_path_logger"></Option>
<Option name="linux24_path_lsmod"></Option>
<Option name="linux24_path_modprobe"></Option>
<Option name="linux24_rp_filter"></Option>
<Option name="linux24_tcp_ecn"></Option>
<Option name="linux24_tcp_fack"></Option>
<Option name="linux24_accept_redirects"/>
<Option name="linux24_accept_source_route"/>
<Option name="linux24_icmp_echo_ignore_all"/>
<Option name="linux24_icmp_echo_ignore_broadcasts"/>
<Option name="linux24_icmp_ignore_bogus_error_responses"/>
<Option name="linux24_ip_dynaddr"/>
<Option name="linux24_ip_forward"/>
<Option name="linux24_log_martians"/>
<Option name="linux24_path_ip"/>
<Option name="linux24_path_iptables"/>
<Option name="linux24_path_logger"/>
<Option name="linux24_path_lsmod"/>
<Option name="linux24_path_modprobe"/>
<Option name="linux24_rp_filter"/>
<Option name="linux24_tcp_ecn"/>
<Option name="linux24_tcp_fack"/>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="linux24_tcp_sack"></Option>
<Option name="linux24_tcp_syncookies"></Option>
<Option name="linux24_tcp_timestamps"></Option>
<Option name="linux24_tcp_window_scaling"></Option>
<Option name="linux24_tcp_sack"/>
<Option name="linux24_tcp_syncookies"/>
<Option name="linux24_tcp_timestamps"/>
<Option name="linux24_tcp_window_scaling"/>
<Option name="load_modules">False</Option>
<Option name="local_nat">False</Option>
<Option name="log_all">False</Option>
@ -6243,20 +6243,20 @@
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="platform">iptables</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"></Option>
<Option name="prolog_script"/>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
@ -6499,15 +6499,15 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str">auth</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="rule_name_accounting"></Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"></Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7D90631168" disabled="False" log="False" position="1" action="Custom" direction="Inbound" comment="">
@ -6527,15 +6527,15 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str">auth</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="rule_name_accounting"></Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"></Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7D91731168" disabled="False" log="False" position="2" action="Accept" direction="Inbound" comment="">
@ -6601,20 +6601,20 @@
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
@ -6624,9 +6624,9 @@
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
</ObjectGroup>

716
test/ipfw/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="15" lastModified="1257365069" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="1257365069" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<ICMP6Service id="idE0C27650" code="0" type="1" name="ipv6 dest unreachable" comment="No route to destination" ro="False"/>
<Library id="id40E233F3" color="#FFFFFF" name="West Coast" comment="" ro="False">
@ -138,9 +138,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -156,9 +156,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
@ -173,9 +173,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -191,9 +191,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -248,9 +248,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">True</Option>
</HostOptions>
</Host>
@ -325,9 +325,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -343,9 +343,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -361,9 +361,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -379,9 +379,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -397,9 +397,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -415,9 +415,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -433,9 +433,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -489,9 +489,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
@ -601,26 +601,26 @@
</ServiceGroup>
<ServiceGroup id="stdid13_1" name="Custom_Services" comment="" ro="False">
<CustomService id="id3B64FE22" name="talk" comment="Talk support" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="fwsm"></CustomServiceCommand>
<CustomServiceCommand platform="iosacl"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="fwsm"/>
<CustomServiceCommand platform="iosacl"/>
<CustomServiceCommand platform="ipf"/>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="ipfw"/>
<CustomServiceCommand platform="iptables">-m ip_conntrack_talk -m ip_nat_talk</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
<CustomServiceCommand platform="pf"/>
<CustomServiceCommand platform="pix"/>
<CustomServiceCommand platform="unknown"/>
</CustomService>
<CustomService id="id3F162C44" name="establ" comment="" ro="False" protocol="tcp" address_family="ipv4">
<CustomServiceCommand platform="fwsm"></CustomServiceCommand>
<CustomServiceCommand platform="iosacl"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="fwsm"/>
<CustomServiceCommand platform="iosacl"/>
<CustomServiceCommand platform="ipf"/>
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
<CustomServiceCommand platform="iptables"></CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
<CustomServiceCommand platform="iptables"/>
<CustomServiceCommand platform="pf"/>
<CustomServiceCommand platform="pix"/>
<CustomServiceCommand platform="unknown"/>
</CustomService>
</ServiceGroup>
<ServiceGroup id="stdid05_1_userservices" name="Users" comment="" ro="False"/>
@ -846,10 +846,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="log_limit_suffix"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -870,7 +870,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="stateless">True</Option>
@ -893,7 +893,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="stateless">True</Option>
@ -919,7 +919,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="stateless">True</Option>
@ -962,10 +962,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3BF1B44E" disabled="True" log="False" position="11" action="Accept" direction="Both" comment="">
@ -985,10 +985,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-3" disabled="False" log="False" position="12" action="Accept" direction="Both" comment="">
@ -1011,10 +1011,10 @@
<IntervalRef ref="id3C63479E"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-2" disabled="False" log="False" position="13" action="Accept" direction="Both" comment="">
@ -1034,10 +1034,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D98E652" disabled="False" log="False" position="14" action="Accept" direction="Both" comment="">
@ -1058,10 +1058,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CD8770E" disabled="False" log="False" position="15" action="Accept" direction="Both" comment="">
@ -1082,10 +1082,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CD87B1E" disabled="False" log="False" position="16" action="Accept" direction="Both" comment="">
@ -1106,10 +1106,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-4" disabled="False" log="False" position="17" action="Accept" direction="Both" comment="">
@ -1130,10 +1130,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id41D514D2" disabled="False" log="False" position="18" action="Accept" direction="Both" comment="">
@ -1157,10 +1157,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B58E180" disabled="False" log="True" position="19" action="Accept" direction="Both" comment="">
@ -1199,10 +1199,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-7" disabled="False" log="True" position="21" action="Deny" direction="Both" comment="Automatically generated 'catch all' rule">
@ -1222,11 +1222,11 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="log_limit_suffix"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -1252,37 +1252,37 @@
<Option name="accept_established">False</Option>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP port unreachable</Option>
<Option name="activationCmd"></Option>
<Option name="activationCmd"/>
<Option name="add_check_state_rule">True</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline">-v</Option>
<Option name="compiler"></Option>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">True</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="epilog_script"></Option>
<Option name="firewall_dir"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_ip_forward"></Option>
<Option name="freebsd_ip_redirect"></Option>
<Option name="freebsd_ip_sourceroute"></Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_ip_forward"/>
<Option name="freebsd_ip_redirect"/>
<Option name="freebsd_ip_sourceroute"/>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipfw">/usr/sbin/ipfw</Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">True</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
@ -1302,7 +1302,7 @@
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
@ -1315,17 +1315,17 @@
<Option name="openbsd_ip_forward">1</Option>
<Option name="openbsd_ip_redirect">0</Option>
<Option name="openbsd_ip_sourceroute">0</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="script_env_path"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="script_env_path"/>
<Option name="script_name_on_firewall">ipfw.fw</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
@ -1752,10 +1752,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix">/minute</Option>
<Option name="limit_value">10</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -1998,29 +1998,29 @@
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_ip_forward"></Option>
<Option name="freebsd_ip_redirect"></Option>
<Option name="freebsd_ip_sourceroute"></Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_ip_forward"/>
<Option name="freebsd_ip_redirect"/>
<Option name="freebsd_ip_sourceroute"/>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipfw">/Library/Application Support/PeerGuardian/ipfwFast</Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
@ -2037,7 +2037,7 @@
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
@ -2047,10 +2047,10 @@
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
@ -2077,7 +2077,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3AFB66D6" disabled="False" position="1" action="Translate" comment="">
@ -2101,7 +2101,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3DE9CA86" disabled="False" position="2" action="Translate" comment="">
@ -2339,7 +2339,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3BD6757E" disabled="True" position="13" action="Translate" comment="">
@ -2566,8 +2566,8 @@
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
@ -2588,8 +2588,8 @@
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
@ -2612,7 +2612,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -2636,7 +2636,7 @@
<Option name="action_on_reject">TCP RST</Option>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">IDENT</Option>
<Option name="stateless">True</Option>
@ -2659,10 +2659,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">IDENT</Option>
<Option name="stateless">True</Option>
@ -2723,7 +2723,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3C447B8D" disabled="False" log="True" position="11" action="Accept" direction="Both" comment="host-fw2 has the same address as &#10; one of the firewall's interfaces">
@ -2779,7 +2779,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -2819,26 +2819,26 @@
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="id"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="id"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">True</Option>
<Option name="ipf_nat_h323_proxy">True</Option>
@ -2874,10 +2874,10 @@
<Option name="pf_return_icmp_as_dest">True</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">True</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">True</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
@ -2904,7 +2904,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D758531" disabled="False" position="1" action="Translate" comment="">
@ -2927,7 +2927,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D75869D" disabled="False" position="2" action="Translate" comment="">
@ -2950,7 +2950,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D7586D1" disabled="False" position="3" action="Translate" comment="">
@ -2973,7 +2973,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3B0C6390" disabled="True" position="4" action="Translate" comment="negation in NAT is not supported&#10;in ipf yet">
@ -2996,7 +2996,7 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3B202AFF" disabled="False" position="5" action="Translate" comment="">
@ -3176,7 +3176,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63A9" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="testing negation in the policy rule">
@ -3197,7 +3197,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -3219,7 +3219,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -3242,7 +3242,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -3263,7 +3263,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D85069A" disabled="True" log="True" position="9" action="Accept" direction="Both" comment="">
@ -3302,7 +3302,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -3342,8 +3342,8 @@
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
@ -3352,16 +3352,16 @@
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf">/usr/sbin/ipf</Option>
<Option name="freebsd_path_ipnat">/usr/sbin/ipnat</Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="id"></Option>
<Option name="freebsd_path_sysctl"/>
<Option name="id"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
@ -3378,7 +3378,7 @@
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
@ -3388,10 +3388,10 @@
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
@ -3494,25 +3494,25 @@
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
@ -3529,7 +3529,7 @@
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
@ -3539,10 +3539,10 @@
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
@ -3717,24 +3717,24 @@
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
@ -3749,9 +3749,9 @@
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_limit_suffix"/>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">False</Option>
@ -3760,10 +3760,10 @@
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
@ -4076,20 +4076,20 @@
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
@ -4097,9 +4097,9 @@
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id3DF3D0AD" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="1230496425" platform="ipfw" name="firewall9" comment="" ro="False">
@ -4447,7 +4447,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -4492,20 +4492,20 @@
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
@ -4515,9 +4515,9 @@
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id3E51AF8E" host_OS="macosx" lastCompiled="0" lastInstalled="0" lastModified="0" platform="ipfw" version="" name="mac" comment="" ro="False">
@ -4665,20 +4665,20 @@
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">True</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">True</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
@ -4690,13 +4690,13 @@
<Option name="macosx_ip_forward">1</Option>
<Option name="macosx_ip_redirect">0</Option>
<Option name="macosx_ip_sourceroute">0</Option>
<Option name="macosx_path_ipfw"></Option>
<Option name="macosx_path_sysctl"></Option>
<Option name="macosx_path_ipfw"/>
<Option name="macosx_path_sysctl"/>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id43867C1018346" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="ipfw" version="" name="firewall33" comment="testing DNSName object" ro="False">
@ -5040,50 +5040,50 @@
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"></Option>
<Option name="firewall_dir"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects"></Option>
<Option name="linux24_accept_source_route"></Option>
<Option name="linux24_icmp_echo_ignore_all"></Option>
<Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
<Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
<Option name="linux24_ip_dynaddr"></Option>
<Option name="linux24_ip_forward"></Option>
<Option name="linux24_log_martians"></Option>
<Option name="linux24_path_ip"></Option>
<Option name="linux24_path_iptables"></Option>
<Option name="linux24_path_logger"></Option>
<Option name="linux24_path_lsmod"></Option>
<Option name="linux24_path_modprobe"></Option>
<Option name="linux24_rp_filter"></Option>
<Option name="linux24_tcp_ecn"></Option>
<Option name="linux24_tcp_fack"></Option>
<Option name="linux24_accept_redirects"/>
<Option name="linux24_accept_source_route"/>
<Option name="linux24_icmp_echo_ignore_all"/>
<Option name="linux24_icmp_echo_ignore_broadcasts"/>
<Option name="linux24_icmp_ignore_bogus_error_responses"/>
<Option name="linux24_ip_dynaddr"/>
<Option name="linux24_ip_forward"/>
<Option name="linux24_log_martians"/>
<Option name="linux24_path_ip"/>
<Option name="linux24_path_iptables"/>
<Option name="linux24_path_logger"/>
<Option name="linux24_path_lsmod"/>
<Option name="linux24_path_modprobe"/>
<Option name="linux24_rp_filter"/>
<Option name="linux24_tcp_ecn"/>
<Option name="linux24_tcp_fack"/>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="linux24_tcp_sack"></Option>
<Option name="linux24_tcp_syncookies"></Option>
<Option name="linux24_tcp_timestamps"></Option>
<Option name="linux24_tcp_window_scaling"></Option>
<Option name="linux24_tcp_sack"/>
<Option name="linux24_tcp_syncookies"/>
<Option name="linux24_tcp_timestamps"/>
<Option name="linux24_tcp_window_scaling"/>
<Option name="load_modules">False</Option>
<Option name="local_nat">False</Option>
<Option name="log_all">False</Option>
@ -5097,20 +5097,20 @@
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="platform">iptables</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"></Option>
<Option name="prolog_script"/>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
@ -5332,29 +5332,29 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"></Option>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str"/>
<Option name="ipf_route_opt_addr"/>
<Option name="ipf_route_opt_if"/>
<Option name="ipf_route_option">Route through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">8668</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"></Option>
<Option name="ipt_iif"></Option>
<Option name="ipt_gw"/>
<Option name="ipt_iif"/>
<Option name="ipt_mark_connections">False</Option>
<Option name="ipt_mark_prerouting">False</Option>
<Option name="ipt_oif"></Option>
<Option name="ipt_oif"/>
<Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_opt_addr"/>
<Option name="pf_route_opt_if"/>
<Option name="pf_route_option">Route through</Option>
<Option name="rule_name_accounting"></Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"></Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45275D7A5394" disabled="False" log="False" position="1" action="Custom" direction="Both" comment="rule doing divert to natd (8668) should go before check-state&#10;">
@ -5374,27 +5374,27 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str">check-state</Option>
<Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"></Option>
<Option name="ipf_route_opt_addr"/>
<Option name="ipf_route_opt_if"/>
<Option name="ipf_route_option">Route through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"></Option>
<Option name="ipt_iif"></Option>
<Option name="ipt_gw"/>
<Option name="ipt_iif"/>
<Option name="ipt_mark_connections">False</Option>
<Option name="ipt_mark_prerouting">False</Option>
<Option name="ipt_oif"></Option>
<Option name="ipt_oif"/>
<Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_opt_addr"/>
<Option name="pf_route_opt_if"/>
<Option name="pf_route_option">Route through</Option>
<Option name="rule_name_accounting"></Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -5415,15 +5415,15 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str"/>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">1234</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="rule_name_accounting"></Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"></Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7AC9D23738" disabled="False" log="False" position="3" action="Classify" direction="Both" comment="">
@ -5443,16 +5443,16 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str"/>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_method">1</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">2</Option>
<Option name="rule_name_accounting"></Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"></Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7ACAE23738" disabled="False" log="False" position="4" action="Classify" direction="Both" comment="">
@ -5472,17 +5472,17 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str"/>
<Option name="ipfw_classify_method">1</Option>
<Option name="ipfw_classify_port_num">1</Option>
<Option name="ipfw_pipe_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">1</Option>
<Option name="rule_name_accounting"></Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"></Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7C4D723738" disabled="False" log="True" position="5" action="Custom" direction="Both" comment="">
@ -5502,14 +5502,14 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str">prob .80</Option>
<Option name="ipfw_pipe_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="rule_name_accounting"></Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"></Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7AB1B23738" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
@ -5553,42 +5553,42 @@
</Management>
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="activationCmd"></Option>
<Option name="activationCmd"/>
<Option name="add_check_state_rule">False</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">True</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="prolog_script"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="prolog_script"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
</FirewallOptions>
</Firewall>
</ObjectGroup>
@ -5694,9 +5694,9 @@
<ICMPService id="icmp-ping_reply" code="0" type="0" name="ping reply" comment="" ro="False"/>
</ServiceGroup>
<CustomService id="stdid14_1" name="ESTABLISHED" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
</CustomService>

2
test/ipfw/quick-cmp.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh
DIFFCMD="diff -C 5 -c -b -B -w -I \"# Generated\" -I 'Activating ' -I '# Firewall Builder fwb_ipt v' -I 'Can not find file' -I '====' -I 'log '"
DIFFCMD="diff -C 5 -c -b -B -w -I \"Generated\" -I 'Activating ' -I 'Firewall Builder fwb_ipfw v' -I 'Can not find file' -I '====' -I 'log '"
for f in $(ls *.fw.orig)
do

2
test/ipt/cluster-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="15" lastModified="1253911075" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="1253911075" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<StateSyncClusterGroup id="id3505X94039" type="conntrack" name="State Sync Group-1" comment="">
<ClusterGroupOptions/>

882
test/ipt/large_policy_test.fwb
View File

@ -1,281 +1,273 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="10" lastModified="1220934384" id="root">
<Library id="sysid99" ro="False" name="Deleted Objects" comment="">
<ICMP6Service id="idE0C27650" code="0" type="1" name="ipv6 dest unreachable" comment="No route to destination"/>
<IPv4 id="id1168X3773" name="student1" comment="" address="10.1.1.1" netmask="255.255.255.0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="id3F9A1BCA"/>
<ServiceRef ref="sysid1"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ObjectRef ref="sysid0"/>
<ServiceRef ref="sysid1"/>
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<ICMP6Service id="idE0C27650" code="0" type="1" name="ipv6 dest unreachable" comment="No route to destination" ro="False"/>
<IPv4 id="id1168X3773" name="student1" comment="" ro="False" address="10.1.1.1" netmask="255.255.255.0"/>
</Library>
<Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects">
<ObjectGroup id="stdid01_1" name="Objects" comment="">
<ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables" comment=""/>
<ObjectGroup id="stdid01_1_og_dnsn_1" name="DNS Names" comment=""/>
<ObjectGroup id="stdid16_1" name="Addresses" comment="">
<IPv4 id="id1170X3825" name="student1" comment="" address="10.1.1.1" netmask="255.255.255.0"/>
<IPv4 id="id1172X3826" name="student2" comment="" address="10.1.1.2" netmask="255.255.255.0"/>
<IPv4 id="id1174X3827" name="student3" comment="" address="10.1.1.3" netmask="255.255.255.0"/>
<IPv4 id="id1176X3828" name="student4" comment="" address="10.1.1.4" netmask="255.255.255.0"/>
<IPv4 id="id1178X3829" name="student5" comment="" address="10.1.1.5" netmask="255.255.255.0"/>
<IPv4 id="id1180X3830" name="student6" comment="" address="10.1.1.6" netmask="255.255.255.0"/>
<IPv4 id="id1182X3831" name="student7" comment="" address="10.1.1.7" netmask="255.255.255.0"/>
<IPv4 id="id1184X3832" name="student8" comment="" address="10.1.1.8" netmask="255.255.255.0"/>
<IPv4 id="id1186X3833" name="student9" comment="" address="10.1.1.9" netmask="255.255.255.0"/>
<IPv4 id="id1188X3834" name="student10" comment="" address="10.1.1.10" netmask="255.255.255.0"/>
<IPv4 id="id1190X3835" name="student11" comment="" address="10.1.1.11" netmask="255.255.255.0"/>
<IPv4 id="id1192X3836" name="student12" comment="" address="10.1.1.12" netmask="255.255.255.0"/>
<IPv4 id="id1194X3837" name="student13" comment="" address="10.1.1.13" netmask="255.255.255.0"/>
<IPv4 id="id1196X3838" name="student14" comment="" address="10.1.1.14" netmask="255.255.255.0"/>
<IPv4 id="id1198X3839" name="student15" comment="" address="10.1.1.15" netmask="255.255.255.0"/>
<IPv4 id="id1200X3840" name="student16" comment="" address="10.1.1.16" netmask="255.255.255.0"/>
<IPv4 id="id1202X3841" name="student17" comment="" address="10.1.1.17" netmask="255.255.255.0"/>
<IPv4 id="id1204X3842" name="student18" comment="" address="10.1.1.18" netmask="255.255.255.0"/>
<IPv4 id="id1206X3843" name="student19" comment="" address="10.1.1.19" netmask="255.255.255.0"/>
<IPv4 id="id1208X3844" name="student20" comment="" address="10.1.1.20" netmask="255.255.255.0"/>
<IPv4 id="id1210X3845" name="student21" comment="" address="10.1.1.21" netmask="255.255.255.0"/>
<IPv4 id="id1212X3846" name="student22" comment="" address="10.1.1.22" netmask="255.255.255.0"/>
<IPv4 id="id1214X3847" name="student23" comment="" address="10.1.1.23" netmask="255.255.255.0"/>
<IPv4 id="id1216X3848" name="student24" comment="" address="10.1.1.24" netmask="255.255.255.0"/>
<IPv4 id="id1218X3849" name="student25" comment="" address="10.1.1.25" netmask="255.255.255.0"/>
<IPv4 id="id1220X3850" name="student26" comment="" address="10.1.1.26" netmask="255.255.255.0"/>
<IPv4 id="id1222X3851" name="student27" comment="" address="10.1.1.27" netmask="255.255.255.0"/>
<IPv4 id="id1224X3852" name="student28" comment="" address="10.1.1.28" netmask="255.255.255.0"/>
<IPv4 id="id1226X3853" name="student29" comment="" address="10.1.1.29" netmask="255.255.255.0"/>
<IPv4 id="id1228X3854" name="student30" comment="" address="10.1.1.30" netmask="255.255.255.0"/>
<IPv4 id="id1230X3855" name="student31" comment="" address="10.1.1.31" netmask="255.255.255.0"/>
<IPv4 id="id1232X3856" name="student32" comment="" address="10.1.1.32" netmask="255.255.255.0"/>
<IPv4 id="id1234X3857" name="student33" comment="" address="10.1.1.33" netmask="255.255.255.0"/>
<IPv4 id="id1236X3858" name="student34" comment="" address="10.1.1.34" netmask="255.255.255.0"/>
<IPv4 id="id1238X3859" name="student35" comment="" address="10.1.1.35" netmask="255.255.255.0"/>
<IPv4 id="id1240X3860" name="student36" comment="" address="10.1.1.36" netmask="255.255.255.0"/>
<IPv4 id="id1242X3861" name="student37" comment="" address="10.1.1.37" netmask="255.255.255.0"/>
<IPv4 id="id1244X3862" name="student38" comment="" address="10.1.1.38" netmask="255.255.255.0"/>
<IPv4 id="id1246X3863" name="student39" comment="" address="10.1.1.39" netmask="255.255.255.0"/>
<IPv4 id="id1248X3864" name="student40" comment="" address="10.1.1.40" netmask="255.255.255.0"/>
<IPv4 id="id1250X3865" name="student41" comment="" address="10.1.1.41" netmask="255.255.255.0"/>
<IPv4 id="id1252X3866" name="student42" comment="" address="10.1.1.42" netmask="255.255.255.0"/>
<IPv4 id="id1254X3867" name="student43" comment="" address="10.1.1.43" netmask="255.255.255.0"/>
<IPv4 id="id1256X3868" name="student44" comment="" address="10.1.1.44" netmask="255.255.255.0"/>
<IPv4 id="id1258X3869" name="student45" comment="" address="10.1.1.45" netmask="255.255.255.0"/>
<IPv4 id="id1260X3870" name="student46" comment="" address="10.1.1.46" netmask="255.255.255.0"/>
<IPv4 id="id1262X3871" name="student47" comment="" address="10.1.1.47" netmask="255.255.255.0"/>
<IPv4 id="id1264X3872" name="student48" comment="" address="10.1.1.48" netmask="255.255.255.0"/>
<IPv4 id="id1266X3873" name="student49" comment="" address="10.1.1.49" netmask="255.255.255.0"/>
<IPv4 id="id1268X3874" name="student50" comment="" address="10.1.1.50" netmask="255.255.255.0"/>
<IPv4 id="id1270X3875" name="student51" comment="" address="10.1.1.51" netmask="255.255.255.0"/>
<IPv4 id="id1272X3876" name="student52" comment="" address="10.1.1.52" netmask="255.255.255.0"/>
<IPv4 id="id1274X3877" name="student53" comment="" address="10.1.1.53" netmask="255.255.255.0"/>
<IPv4 id="id1276X3878" name="student54" comment="" address="10.1.1.54" netmask="255.255.255.0"/>
<IPv4 id="id1278X3879" name="student55" comment="" address="10.1.1.55" netmask="255.255.255.0"/>
<IPv4 id="id1280X3880" name="student56" comment="" address="10.1.1.56" netmask="255.255.255.0"/>
<IPv4 id="id1282X3881" name="student57" comment="" address="10.1.1.57" netmask="255.255.255.0"/>
<IPv4 id="id1284X3882" name="student58" comment="" address="10.1.1.58" netmask="255.255.255.0"/>
<IPv4 id="id1286X3883" name="student59" comment="" address="10.1.1.59" netmask="255.255.255.0"/>
<IPv4 id="id1288X3884" name="student60" comment="" address="10.1.1.60" netmask="255.255.255.0"/>
<IPv4 id="id1290X3885" name="student61" comment="" address="10.1.1.61" netmask="255.255.255.0"/>
<IPv4 id="id1292X3886" name="student62" comment="" address="10.1.1.62" netmask="255.255.255.0"/>
<IPv4 id="id1294X3887" name="student63" comment="" address="10.1.1.63" netmask="255.255.255.0"/>
<IPv4 id="id1296X3888" name="student64" comment="" address="10.1.1.64" netmask="255.255.255.0"/>
<IPv4 id="id1298X3889" name="student65" comment="" address="10.1.1.65" netmask="255.255.255.0"/>
<IPv4 id="id1300X3890" name="student66" comment="" address="10.1.1.66" netmask="255.255.255.0"/>
<IPv4 id="id1302X3891" name="student67" comment="" address="10.1.1.67" netmask="255.255.255.0"/>
<IPv4 id="id1304X3892" name="student68" comment="" address="10.1.1.68" netmask="255.255.255.0"/>
<IPv4 id="id1306X3893" name="student69" comment="" address="10.1.1.69" netmask="255.255.255.0"/>
<IPv4 id="id1308X3894" name="student70" comment="" address="10.1.1.70" netmask="255.255.255.0"/>
<IPv4 id="id1310X3895" name="student71" comment="" address="10.1.1.71" netmask="255.255.255.0"/>
<IPv4 id="id1312X3896" name="student72" comment="" address="10.1.1.72" netmask="255.255.255.0"/>
<IPv4 id="id1314X3897" name="student73" comment="" address="10.1.1.73" netmask="255.255.255.0"/>
<IPv4 id="id1316X3898" name="student74" comment="" address="10.1.1.74" netmask="255.255.255.0"/>
<IPv4 id="id1318X3899" name="student75" comment="" address="10.1.1.75" netmask="255.255.255.0"/>
<IPv4 id="id1320X3900" name="student76" comment="" address="10.1.1.76" netmask="255.255.255.0"/>
<IPv4 id="id1322X3901" name="student77" comment="" address="10.1.1.77" netmask="255.255.255.0"/>
<IPv4 id="id1324X3902" name="student78" comment="" address="10.1.1.78" netmask="255.255.255.0"/>
<IPv4 id="id1326X3903" name="student79" comment="" address="10.1.1.79" netmask="255.255.255.0"/>
<IPv4 id="id1328X3904" name="student80" comment="" address="10.1.1.80" netmask="255.255.255.0"/>
<IPv4 id="id1330X3905" name="student81" comment="" address="10.1.1.81" netmask="255.255.255.0"/>
<IPv4 id="id1332X3906" name="student82" comment="" address="10.1.1.82" netmask="255.255.255.0"/>
<IPv4 id="id1334X3907" name="student83" comment="" address="10.1.1.83" netmask="255.255.255.0"/>
<IPv4 id="id1336X3908" name="student84" comment="" address="10.1.1.84" netmask="255.255.255.0"/>
<IPv4 id="id1338X3909" name="student85" comment="" address="10.1.1.85" netmask="255.255.255.0"/>
<IPv4 id="id1340X3910" name="student86" comment="" address="10.1.1.86" netmask="255.255.255.0"/>
<IPv4 id="id1342X3911" name="student87" comment="" address="10.1.1.87" netmask="255.255.255.0"/>
<IPv4 id="id1344X3912" name="student88" comment="" address="10.1.1.88" netmask="255.255.255.0"/>
<IPv4 id="id1346X3913" name="student89" comment="" address="10.1.1.89" netmask="255.255.255.0"/>
<IPv4 id="id1348X3914" name="student90" comment="" address="10.1.1.90" netmask="255.255.255.0"/>
<IPv4 id="id1350X3915" name="student91" comment="" address="10.1.1.91" netmask="255.255.255.0"/>
<IPv4 id="id1352X3916" name="student92" comment="" address="10.1.1.92" netmask="255.255.255.0"/>
<IPv4 id="id1354X3917" name="student93" comment="" address="10.1.1.93" netmask="255.255.255.0"/>
<IPv4 id="id1356X3918" name="student94" comment="" address="10.1.1.94" netmask="255.255.255.0"/>
<IPv4 id="id1358X3919" name="student95" comment="" address="10.1.1.95" netmask="255.255.255.0"/>
<IPv4 id="id1360X3920" name="student96" comment="" address="10.1.1.96" netmask="255.255.255.0"/>
<IPv4 id="id1362X3921" name="student97" comment="" address="10.1.1.97" netmask="255.255.255.0"/>
<IPv4 id="id1364X3922" name="student98" comment="" address="10.1.1.98" netmask="255.255.255.0"/>
<IPv4 id="id1366X3923" name="student99" comment="" address="10.1.1.99" netmask="255.255.255.0"/>
<IPv4 id="id1368X3924" name="student100" comment="" address="10.1.1.100" netmask="255.255.255.0"/>
<IPv4 id="id1370X3925" name="student101" comment="" address="10.1.1.101" netmask="255.255.255.0"/>
<IPv4 id="id1372X3926" name="student102" comment="" address="10.1.1.102" netmask="255.255.255.0"/>
<IPv4 id="id1374X3927" name="student103" comment="" address="10.1.1.103" netmask="255.255.255.0"/>
<IPv4 id="id1376X3928" name="student104" comment="" address="10.1.1.104" netmask="255.255.255.0"/>
<IPv4 id="id1378X3929" name="student105" comment="" address="10.1.1.105" netmask="255.255.255.0"/>
<IPv4 id="id1380X3930" name="student106" comment="" address="10.1.1.106" netmask="255.255.255.0"/>
<IPv4 id="id1382X3931" name="student107" comment="" address="10.1.1.107" netmask="255.255.255.0"/>
<IPv4 id="id1384X3932" name="student108" comment="" address="10.1.1.108" netmask="255.255.255.0"/>
<IPv4 id="id1386X3933" name="student109" comment="" address="10.1.1.109" netmask="255.255.255.0"/>
<IPv4 id="id1388X3934" name="student110" comment="" address="10.1.1.110" netmask="255.255.255.0"/>
<IPv4 id="id1390X3935" name="student111" comment="" address="10.1.1.111" netmask="255.255.255.0"/>
<IPv4 id="id1392X3936" name="student112" comment="" address="10.1.1.112" netmask="255.255.255.0"/>
<IPv4 id="id1394X3937" name="student113" comment="" address="10.1.1.113" netmask="255.255.255.0"/>
<IPv4 id="id1396X3938" name="student114" comment="" address="10.1.1.114" netmask="255.255.255.0"/>
<IPv4 id="id1398X3939" name="student115" comment="" address="10.1.1.115" netmask="255.255.255.0"/>
<IPv4 id="id1400X3940" name="student116" comment="" address="10.1.1.116" netmask="255.255.255.0"/>
<IPv4 id="id1402X3941" name="student117" comment="" address="10.1.1.117" netmask="255.255.255.0"/>
<IPv4 id="id1404X3942" name="student118" comment="" address="10.1.1.118" netmask="255.255.255.0"/>
<IPv4 id="id1406X3943" name="student119" comment="" address="10.1.1.119" netmask="255.255.255.0"/>
<IPv4 id="id1408X3944" name="student120" comment="" address="10.1.1.120" netmask="255.255.255.0"/>
<IPv4 id="id1410X3945" name="student121" comment="" address="10.1.1.121" netmask="255.255.255.0"/>
<IPv4 id="id1412X3946" name="student122" comment="" address="10.1.1.122" netmask="255.255.255.0"/>
<IPv4 id="id1414X3947" name="student123" comment="" address="10.1.1.123" netmask="255.255.255.0"/>
<IPv4 id="id1416X3948" name="student124" comment="" address="10.1.1.124" netmask="255.255.255.0"/>
<IPv4 id="id1418X3949" name="student125" comment="" address="10.1.1.125" netmask="255.255.255.0"/>
<IPv4 id="id1420X3950" name="student126" comment="" address="10.1.1.126" netmask="255.255.255.0"/>
<IPv4 id="id1422X3951" name="student127" comment="" address="10.1.1.127" netmask="255.255.255.0"/>
<IPv4 id="id1424X3952" name="student128" comment="" address="10.1.1.128" netmask="255.255.255.0"/>
<IPv4 id="id1426X3953" name="student129" comment="" address="10.1.1.129" netmask="255.255.255.0"/>
<IPv4 id="id1428X3954" name="student130" comment="" address="10.1.1.130" netmask="255.255.255.0"/>
<IPv4 id="id1430X3955" name="student131" comment="" address="10.1.1.131" netmask="255.255.255.0"/>
<IPv4 id="id1432X3956" name="student132" comment="" address="10.1.1.132" netmask="255.255.255.0"/>
<IPv4 id="id1434X3957" name="student133" comment="" address="10.1.1.133" netmask="255.255.255.0"/>
<IPv4 id="id1436X3958" name="student134" comment="" address="10.1.1.134" netmask="255.255.255.0"/>
<IPv4 id="id1438X3959" name="student135" comment="" address="10.1.1.135" netmask="255.255.255.0"/>
<IPv4 id="id1440X3960" name="student136" comment="" address="10.1.1.136" netmask="255.255.255.0"/>
<IPv4 id="id1442X3961" name="student137" comment="" address="10.1.1.137" netmask="255.255.255.0"/>
<IPv4 id="id1444X3962" name="student138" comment="" address="10.1.1.138" netmask="255.255.255.0"/>
<IPv4 id="id1446X3963" name="student139" comment="" address="10.1.1.139" netmask="255.255.255.0"/>
<IPv4 id="id1448X3964" name="student140" comment="" address="10.1.1.140" netmask="255.255.255.0"/>
<IPv4 id="id1450X3965" name="student141" comment="" address="10.1.1.141" netmask="255.255.255.0"/>
<IPv4 id="id1452X3966" name="student142" comment="" address="10.1.1.142" netmask="255.255.255.0"/>
<IPv4 id="id1454X3967" name="student143" comment="" address="10.1.1.143" netmask="255.255.255.0"/>
<IPv4 id="id1456X3968" name="student144" comment="" address="10.1.1.144" netmask="255.255.255.0"/>
<IPv4 id="id1458X3969" name="student145" comment="" address="10.1.1.145" netmask="255.255.255.0"/>
<IPv4 id="id1460X3970" name="student146" comment="" address="10.1.1.146" netmask="255.255.255.0"/>
<IPv4 id="id1462X3971" name="student147" comment="" address="10.1.1.147" netmask="255.255.255.0"/>
<IPv4 id="id1464X3972" name="student148" comment="" address="10.1.1.148" netmask="255.255.255.0"/>
<IPv4 id="id1466X3973" name="student149" comment="" address="10.1.1.149" netmask="255.255.255.0"/>
<IPv4 id="id1468X3974" name="student150" comment="" address="10.1.1.150" netmask="255.255.255.0"/>
<IPv4 id="id1470X3975" name="student151" comment="" address="10.1.1.151" netmask="255.255.255.0"/>
<IPv4 id="id1472X3976" name="student152" comment="" address="10.1.1.152" netmask="255.255.255.0"/>
<IPv4 id="id1474X3977" name="student153" comment="" address="10.1.1.153" netmask="255.255.255.0"/>
<IPv4 id="id1476X3978" name="student154" comment="" address="10.1.1.154" netmask="255.255.255.0"/>
<IPv4 id="id1478X3979" name="student155" comment="" address="10.1.1.155" netmask="255.255.255.0"/>
<IPv4 id="id1480X3980" name="student156" comment="" address="10.1.1.156" netmask="255.255.255.0"/>
<IPv4 id="id1482X3981" name="student157" comment="" address="10.1.1.157" netmask="255.255.255.0"/>
<IPv4 id="id1484X3982" name="student158" comment="" address="10.1.1.158" netmask="255.255.255.0"/>
<IPv4 id="id1486X3983" name="student159" comment="" address="10.1.1.159" netmask="255.255.255.0"/>
<IPv4 id="id1488X3984" name="student160" comment="" address="10.1.1.160" netmask="255.255.255.0"/>
<IPv4 id="id1490X3985" name="student161" comment="" address="10.1.1.161" netmask="255.255.255.0"/>
<IPv4 id="id1492X3986" name="student162" comment="" address="10.1.1.162" netmask="255.255.255.0"/>
<IPv4 id="id1494X3987" name="student163" comment="" address="10.1.1.163" netmask="255.255.255.0"/>
<IPv4 id="id1496X3988" name="student164" comment="" address="10.1.1.164" netmask="255.255.255.0"/>
<IPv4 id="id1498X3989" name="student165" comment="" address="10.1.1.165" netmask="255.255.255.0"/>
<IPv4 id="id1500X3990" name="student166" comment="" address="10.1.1.166" netmask="255.255.255.0"/>
<IPv4 id="id1502X3991" name="student167" comment="" address="10.1.1.167" netmask="255.255.255.0"/>
<IPv4 id="id1504X3992" name="student168" comment="" address="10.1.1.168" netmask="255.255.255.0"/>
<IPv4 id="id1506X3993" name="student169" comment="" address="10.1.1.169" netmask="255.255.255.0"/>
<IPv4 id="id1508X3994" name="student170" comment="" address="10.1.1.170" netmask="255.255.255.0"/>
<IPv4 id="id1510X3995" name="student171" comment="" address="10.1.1.171" netmask="255.255.255.0"/>
<IPv4 id="id1512X3996" name="student172" comment="" address="10.1.1.172" netmask="255.255.255.0"/>
<IPv4 id="id1514X3997" name="student173" comment="" address="10.1.1.173" netmask="255.255.255.0"/>
<IPv4 id="id1516X3998" name="student174" comment="" address="10.1.1.174" netmask="255.255.255.0"/>
<IPv4 id="id1518X3999" name="student175" comment="" address="10.1.1.175" netmask="255.255.255.0"/>
<IPv4 id="id1520X4000" name="student176" comment="" address="10.1.1.176" netmask="255.255.255.0"/>
<IPv4 id="id1522X4001" name="student177" comment="" address="10.1.1.177" netmask="255.255.255.0"/>
<IPv4 id="id1524X4002" name="student178" comment="" address="10.1.1.178" netmask="255.255.255.0"/>
<IPv4 id="id1526X4003" name="student179" comment="" address="10.1.1.179" netmask="255.255.255.0"/>
<IPv4 id="id1528X4004" name="student180" comment="" address="10.1.1.180" netmask="255.255.255.0"/>
<IPv4 id="id1530X4005" name="student181" comment="" address="10.1.1.181" netmask="255.255.255.0"/>
<IPv4 id="id1532X4006" name="student182" comment="" address="10.1.1.182" netmask="255.255.255.0"/>
<IPv4 id="id1534X4007" name="student183" comment="" address="10.1.1.183" netmask="255.255.255.0"/>
<IPv4 id="id1536X4008" name="student184" comment="" address="10.1.1.184" netmask="255.255.255.0"/>
<IPv4 id="id1538X4009" name="student185" comment="" address="10.1.1.185" netmask="255.255.255.0"/>
<IPv4 id="id1540X4010" name="student186" comment="" address="10.1.1.186" netmask="255.255.255.0"/>
<IPv4 id="id1542X4011" name="student187" comment="" address="10.1.1.187" netmask="255.255.255.0"/>
<IPv4 id="id1544X4012" name="student188" comment="" address="10.1.1.188" netmask="255.255.255.0"/>
<IPv4 id="id1546X4013" name="student189" comment="" address="10.1.1.189" netmask="255.255.255.0"/>
<IPv4 id="id1548X4014" name="student190" comment="" address="10.1.1.190" netmask="255.255.255.0"/>
<IPv4 id="id1550X4015" name="student191" comment="" address="10.1.1.191" netmask="255.255.255.0"/>
<IPv4 id="id1552X4016" name="student192" comment="" address="10.1.1.192" netmask="255.255.255.0"/>
<IPv4 id="id1554X4017" name="student193" comment="" address="10.1.1.193" netmask="255.255.255.0"/>
<IPv4 id="id1556X4018" name="student194" comment="" address="10.1.1.194" netmask="255.255.255.0"/>
<IPv4 id="id1558X4019" name="student195" comment="" address="10.1.1.195" netmask="255.255.255.0"/>
<IPv4 id="id1560X4020" name="student196" comment="" address="10.1.1.196" netmask="255.255.255.0"/>
<IPv4 id="id1562X4021" name="student197" comment="" address="10.1.1.197" netmask="255.255.255.0"/>
<IPv4 id="id1564X4022" name="student198" comment="" address="10.1.1.198" netmask="255.255.255.0"/>
<IPv4 id="id1566X4023" name="student199" comment="" address="10.1.1.199" netmask="255.255.255.0"/>
<IPv4 id="id1568X4024" name="student200" comment="" address="10.1.1.200" netmask="255.255.255.0"/>
<IPv4 id="id1570X4025" name="student201" comment="" address="10.1.1.201" netmask="255.255.255.0"/>
<IPv4 id="id1572X4026" name="student202" comment="" address="10.1.1.202" netmask="255.255.255.0"/>
<IPv4 id="id1574X4027" name="student203" comment="" address="10.1.1.203" netmask="255.255.255.0"/>
<IPv4 id="id1576X4028" name="student204" comment="" address="10.1.1.204" netmask="255.255.255.0"/>
<IPv4 id="id1578X4029" name="student205" comment="" address="10.1.1.205" netmask="255.255.255.0"/>
<IPv4 id="id1580X4030" name="student206" comment="" address="10.1.1.206" netmask="255.255.255.0"/>
<IPv4 id="id1582X4031" name="student207" comment="" address="10.1.1.207" netmask="255.255.255.0"/>
<IPv4 id="id1584X4032" name="student208" comment="" address="10.1.1.208" netmask="255.255.255.0"/>
<IPv4 id="id1586X4033" name="student209" comment="" address="10.1.1.209" netmask="255.255.255.0"/>
<IPv4 id="id1588X4034" name="student210" comment="" address="10.1.1.210" netmask="255.255.255.0"/>
<IPv4 id="id1590X4035" name="student211" comment="" address="10.1.1.211" netmask="255.255.255.0"/>
<IPv4 id="id1592X4036" name="student212" comment="" address="10.1.1.212" netmask="255.255.255.0"/>
<IPv4 id="id1594X4037" name="student213" comment="" address="10.1.1.213" netmask="255.255.255.0"/>
<IPv4 id="id1596X4038" name="student214" comment="" address="10.1.1.214" netmask="255.255.255.0"/>
<IPv4 id="id1598X4039" name="student215" comment="" address="10.1.1.215" netmask="255.255.255.0"/>
<IPv4 id="id1600X4040" name="student216" comment="" address="10.1.1.216" netmask="255.255.255.0"/>
<IPv4 id="id1602X4041" name="student217" comment="" address="10.1.1.217" netmask="255.255.255.0"/>
<IPv4 id="id1604X4042" name="student218" comment="" address="10.1.1.218" netmask="255.255.255.0"/>
<IPv4 id="id1606X4043" name="student219" comment="" address="10.1.1.219" netmask="255.255.255.0"/>
<IPv4 id="id1608X4044" name="student220" comment="" address="10.1.1.220" netmask="255.255.255.0"/>
<IPv4 id="id1610X4045" name="student221" comment="" address="10.1.1.221" netmask="255.255.255.0"/>
<IPv4 id="id1612X4046" name="student222" comment="" address="10.1.1.222" netmask="255.255.255.0"/>
<IPv4 id="id1614X4047" name="student223" comment="" address="10.1.1.223" netmask="255.255.255.0"/>
<IPv4 id="id1616X4048" name="student224" comment="" address="10.1.1.224" netmask="255.255.255.0"/>
<IPv4 id="id1618X4049" name="student225" comment="" address="10.1.1.225" netmask="255.255.255.0"/>
<IPv4 id="id1620X4050" name="student226" comment="" address="10.1.1.226" netmask="255.255.255.0"/>
<IPv4 id="id1622X4051" name="student227" comment="" address="10.1.1.227" netmask="255.255.255.0"/>
<IPv4 id="id1624X4052" name="student228" comment="" address="10.1.1.228" netmask="255.255.255.0"/>
<IPv4 id="id1626X4053" name="student229" comment="" address="10.1.1.229" netmask="255.255.255.0"/>
<IPv4 id="id1628X4054" name="student230" comment="" address="10.1.1.230" netmask="255.255.255.0"/>
<IPv4 id="id1630X4055" name="student231" comment="" address="10.1.1.231" netmask="255.255.255.0"/>
<IPv4 id="id1632X4056" name="student232" comment="" address="10.1.1.232" netmask="255.255.255.0"/>
<IPv4 id="id1634X4057" name="student233" comment="" address="10.1.1.233" netmask="255.255.255.0"/>
<IPv4 id="id1636X4058" name="student234" comment="" address="10.1.1.234" netmask="255.255.255.0"/>
<IPv4 id="id1638X4059" name="student235" comment="" address="10.1.1.235" netmask="255.255.255.0"/>
<IPv4 id="id1640X4060" name="student236" comment="" address="10.1.1.236" netmask="255.255.255.0"/>
<IPv4 id="id1642X4061" name="student237" comment="" address="10.1.1.237" netmask="255.255.255.0"/>
<IPv4 id="id1644X4062" name="student238" comment="" address="10.1.1.238" netmask="255.255.255.0"/>
<IPv4 id="id1646X4063" name="student239" comment="" address="10.1.1.239" netmask="255.255.255.0"/>
<IPv4 id="id1648X4064" name="student240" comment="" address="10.1.1.240" netmask="255.255.255.0"/>
<IPv4 id="id1650X4065" name="student241" comment="" address="10.1.1.241" netmask="255.255.255.0"/>
<IPv4 id="id1652X4066" name="student242" comment="" address="10.1.1.242" netmask="255.255.255.0"/>
<IPv4 id="id1654X4067" name="student243" comment="" address="10.1.1.243" netmask="255.255.255.0"/>
<IPv4 id="id1656X4068" name="student244" comment="" address="10.1.1.244" netmask="255.255.255.0"/>
<IPv4 id="id1658X4069" name="student245" comment="" address="10.1.1.245" netmask="255.255.255.0"/>
<IPv4 id="id1660X4070" name="student246" comment="" address="10.1.1.246" netmask="255.255.255.0"/>
<IPv4 id="id1662X4071" name="student247" comment="" address="10.1.1.247" netmask="255.255.255.0"/>
<IPv4 id="id1664X4072" name="student248" comment="" address="10.1.1.248" netmask="255.255.255.0"/>
<IPv4 id="id1666X4073" name="student249" comment="" address="10.1.1.249" netmask="255.255.255.0"/>
<IPv4 id="id1668X4074" name="student250" comment="" address="10.1.1.250" netmask="255.255.255.0"/>
<IPv4 id="id1670X4075" name="student251" comment="" address="10.1.1.251" netmask="255.255.255.0"/>
<IPv4 id="id1672X4076" name="student252" comment="" address="10.1.1.252" netmask="255.255.255.0"/>
<IPv4 id="id1674X4077" name="student253" comment="" address="10.1.1.253" netmask="255.255.255.0"/>
<IPv4 id="id1676X4078" name="student254" comment="" address="10.1.1.254" netmask="255.255.255.0"/>
<Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects" ro="False">
<ObjectGroup id="stdid01_1_clusters" name="Clusters" comment="" ro="False"/>
<ObjectGroup id="stdid01_1" name="Objects" comment="" ro="False">
<ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="stdid01_1_og_dnsn_1" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="stdid16_1" name="Addresses" comment="" ro="False">
<IPv4 id="id1170X3825" name="student1" comment="" ro="False" address="10.1.1.1" netmask="255.255.255.0"/>
<IPv4 id="id1172X3826" name="student2" comment="" ro="False" address="10.1.1.2" netmask="255.255.255.0"/>
<IPv4 id="id1174X3827" name="student3" comment="" ro="False" address="10.1.1.3" netmask="255.255.255.0"/>
<IPv4 id="id1176X3828" name="student4" comment="" ro="False" address="10.1.1.4" netmask="255.255.255.0"/>
<IPv4 id="id1178X3829" name="student5" comment="" ro="False" address="10.1.1.5" netmask="255.255.255.0"/>
<IPv4 id="id1180X3830" name="student6" comment="" ro="False" address="10.1.1.6" netmask="255.255.255.0"/>
<IPv4 id="id1182X3831" name="student7" comment="" ro="False" address="10.1.1.7" netmask="255.255.255.0"/>
<IPv4 id="id1184X3832" name="student8" comment="" ro="False" address="10.1.1.8" netmask="255.255.255.0"/>
<IPv4 id="id1186X3833" name="student9" comment="" ro="False" address="10.1.1.9" netmask="255.255.255.0"/>
<IPv4 id="id1188X3834" name="student10" comment="" ro="False" address="10.1.1.10" netmask="255.255.255.0"/>
<IPv4 id="id1190X3835" name="student11" comment="" ro="False" address="10.1.1.11" netmask="255.255.255.0"/>
<IPv4 id="id1192X3836" name="student12" comment="" ro="False" address="10.1.1.12" netmask="255.255.255.0"/>
<IPv4 id="id1194X3837" name="student13" comment="" ro="False" address="10.1.1.13" netmask="255.255.255.0"/>
<IPv4 id="id1196X3838" name="student14" comment="" ro="False" address="10.1.1.14" netmask="255.255.255.0"/>
<IPv4 id="id1198X3839" name="student15" comment="" ro="False" address="10.1.1.15" netmask="255.255.255.0"/>
<IPv4 id="id1200X3840" name="student16" comment="" ro="False" address="10.1.1.16" netmask="255.255.255.0"/>
<IPv4 id="id1202X3841" name="student17" comment="" ro="False" address="10.1.1.17" netmask="255.255.255.0"/>
<IPv4 id="id1204X3842" name="student18" comment="" ro="False" address="10.1.1.18" netmask="255.255.255.0"/>
<IPv4 id="id1206X3843" name="student19" comment="" ro="False" address="10.1.1.19" netmask="255.255.255.0"/>
<IPv4 id="id1208X3844" name="student20" comment="" ro="False" address="10.1.1.20" netmask="255.255.255.0"/>
<IPv4 id="id1210X3845" name="student21" comment="" ro="False" address="10.1.1.21" netmask="255.255.255.0"/>
<IPv4 id="id1212X3846" name="student22" comment="" ro="False" address="10.1.1.22" netmask="255.255.255.0"/>
<IPv4 id="id1214X3847" name="student23" comment="" ro="False" address="10.1.1.23" netmask="255.255.255.0"/>
<IPv4 id="id1216X3848" name="student24" comment="" ro="False" address="10.1.1.24" netmask="255.255.255.0"/>
<IPv4 id="id1218X3849" name="student25" comment="" ro="False" address="10.1.1.25" netmask="255.255.255.0"/>
<IPv4 id="id1220X3850" name="student26" comment="" ro="False" address="10.1.1.26" netmask="255.255.255.0"/>
<IPv4 id="id1222X3851" name="student27" comment="" ro="False" address="10.1.1.27" netmask="255.255.255.0"/>
<IPv4 id="id1224X3852" name="student28" comment="" ro="False" address="10.1.1.28" netmask="255.255.255.0"/>
<IPv4 id="id1226X3853" name="student29" comment="" ro="False" address="10.1.1.29" netmask="255.255.255.0"/>
<IPv4 id="id1228X3854" name="student30" comment="" ro="False" address="10.1.1.30" netmask="255.255.255.0"/>
<IPv4 id="id1230X3855" name="student31" comment="" ro="False" address="10.1.1.31" netmask="255.255.255.0"/>
<IPv4 id="id1232X3856" name="student32" comment="" ro="False" address="10.1.1.32" netmask="255.255.255.0"/>
<IPv4 id="id1234X3857" name="student33" comment="" ro="False" address="10.1.1.33" netmask="255.255.255.0"/>
<IPv4 id="id1236X3858" name="student34" comment="" ro="False" address="10.1.1.34" netmask="255.255.255.0"/>
<IPv4 id="id1238X3859" name="student35" comment="" ro="False" address="10.1.1.35" netmask="255.255.255.0"/>
<IPv4 id="id1240X3860" name="student36" comment="" ro="False" address="10.1.1.36" netmask="255.255.255.0"/>
<IPv4 id="id1242X3861" name="student37" comment="" ro="False" address="10.1.1.37" netmask="255.255.255.0"/>
<IPv4 id="id1244X3862" name="student38" comment="" ro="False" address="10.1.1.38" netmask="255.255.255.0"/>
<IPv4 id="id1246X3863" name="student39" comment="" ro="False" address="10.1.1.39" netmask="255.255.255.0"/>
<IPv4 id="id1248X3864" name="student40" comment="" ro="False" address="10.1.1.40" netmask="255.255.255.0"/>
<IPv4 id="id1250X3865" name="student41" comment="" ro="False" address="10.1.1.41" netmask="255.255.255.0"/>
<IPv4 id="id1252X3866" name="student42" comment="" ro="False" address="10.1.1.42" netmask="255.255.255.0"/>
<IPv4 id="id1254X3867" name="student43" comment="" ro="False" address="10.1.1.43" netmask="255.255.255.0"/>
<IPv4 id="id1256X3868" name="student44" comment="" ro="False" address="10.1.1.44" netmask="255.255.255.0"/>
<IPv4 id="id1258X3869" name="student45" comment="" ro="False" address="10.1.1.45" netmask="255.255.255.0"/>
<IPv4 id="id1260X3870" name="student46" comment="" ro="False" address="10.1.1.46" netmask="255.255.255.0"/>
<IPv4 id="id1262X3871" name="student47" comment="" ro="False" address="10.1.1.47" netmask="255.255.255.0"/>
<IPv4 id="id1264X3872" name="student48" comment="" ro="False" address="10.1.1.48" netmask="255.255.255.0"/>
<IPv4 id="id1266X3873" name="student49" comment="" ro="False" address="10.1.1.49" netmask="255.255.255.0"/>
<IPv4 id="id1268X3874" name="student50" comment="" ro="False" address="10.1.1.50" netmask="255.255.255.0"/>
<IPv4 id="id1270X3875" name="student51" comment="" ro="False" address="10.1.1.51" netmask="255.255.255.0"/>
<IPv4 id="id1272X3876" name="student52" comment="" ro="False" address="10.1.1.52" netmask="255.255.255.0"/>
<IPv4 id="id1274X3877" name="student53" comment="" ro="False" address="10.1.1.53" netmask="255.255.255.0"/>
<IPv4 id="id1276X3878" name="student54" comment="" ro="False" address="10.1.1.54" netmask="255.255.255.0"/>
<IPv4 id="id1278X3879" name="student55" comment="" ro="False" address="10.1.1.55" netmask="255.255.255.0"/>
<IPv4 id="id1280X3880" name="student56" comment="" ro="False" address="10.1.1.56" netmask="255.255.255.0"/>
<IPv4 id="id1282X3881" name="student57" comment="" ro="False" address="10.1.1.57" netmask="255.255.255.0"/>
<IPv4 id="id1284X3882" name="student58" comment="" ro="False" address="10.1.1.58" netmask="255.255.255.0"/>
<IPv4 id="id1286X3883" name="student59" comment="" ro="False" address="10.1.1.59" netmask="255.255.255.0"/>
<IPv4 id="id1288X3884" name="student60" comment="" ro="False" address="10.1.1.60" netmask="255.255.255.0"/>
<IPv4 id="id1290X3885" name="student61" comment="" ro="False" address="10.1.1.61" netmask="255.255.255.0"/>
<IPv4 id="id1292X3886" name="student62" comment="" ro="False" address="10.1.1.62" netmask="255.255.255.0"/>
<IPv4 id="id1294X3887" name="student63" comment="" ro="False" address="10.1.1.63" netmask="255.255.255.0"/>
<IPv4 id="id1296X3888" name="student64" comment="" ro="False" address="10.1.1.64" netmask="255.255.255.0"/>
<IPv4 id="id1298X3889" name="student65" comment="" ro="False" address="10.1.1.65" netmask="255.255.255.0"/>
<IPv4 id="id1300X3890" name="student66" comment="" ro="False" address="10.1.1.66" netmask="255.255.255.0"/>
<IPv4 id="id1302X3891" name="student67" comment="" ro="False" address="10.1.1.67" netmask="255.255.255.0"/>
<IPv4 id="id1304X3892" name="student68" comment="" ro="False" address="10.1.1.68" netmask="255.255.255.0"/>
<IPv4 id="id1306X3893" name="student69" comment="" ro="False" address="10.1.1.69" netmask="255.255.255.0"/>
<IPv4 id="id1308X3894" name="student70" comment="" ro="False" address="10.1.1.70" netmask="255.255.255.0"/>
<IPv4 id="id1310X3895" name="student71" comment="" ro="False" address="10.1.1.71" netmask="255.255.255.0"/>
<IPv4 id="id1312X3896" name="student72" comment="" ro="False" address="10.1.1.72" netmask="255.255.255.0"/>
<IPv4 id="id1314X3897" name="student73" comment="" ro="False" address="10.1.1.73" netmask="255.255.255.0"/>
<IPv4 id="id1316X3898" name="student74" comment="" ro="False" address="10.1.1.74" netmask="255.255.255.0"/>
<IPv4 id="id1318X3899" name="student75" comment="" ro="False" address="10.1.1.75" netmask="255.255.255.0"/>
<IPv4 id="id1320X3900" name="student76" comment="" ro="False" address="10.1.1.76" netmask="255.255.255.0"/>
<IPv4 id="id1322X3901" name="student77" comment="" ro="False" address="10.1.1.77" netmask="255.255.255.0"/>
<IPv4 id="id1324X3902" name="student78" comment="" ro="False" address="10.1.1.78" netmask="255.255.255.0"/>
<IPv4 id="id1326X3903" name="student79" comment="" ro="False" address="10.1.1.79" netmask="255.255.255.0"/>
<IPv4 id="id1328X3904" name="student80" comment="" ro="False" address="10.1.1.80" netmask="255.255.255.0"/>
<IPv4 id="id1330X3905" name="student81" comment="" ro="False" address="10.1.1.81" netmask="255.255.255.0"/>
<IPv4 id="id1332X3906" name="student82" comment="" ro="False" address="10.1.1.82" netmask="255.255.255.0"/>
<IPv4 id="id1334X3907" name="student83" comment="" ro="False" address="10.1.1.83" netmask="255.255.255.0"/>
<IPv4 id="id1336X3908" name="student84" comment="" ro="False" address="10.1.1.84" netmask="255.255.255.0"/>
<IPv4 id="id1338X3909" name="student85" comment="" ro="False" address="10.1.1.85" netmask="255.255.255.0"/>
<IPv4 id="id1340X3910" name="student86" comment="" ro="False" address="10.1.1.86" netmask="255.255.255.0"/>
<IPv4 id="id1342X3911" name="student87" comment="" ro="False" address="10.1.1.87" netmask="255.255.255.0"/>
<IPv4 id="id1344X3912" name="student88" comment="" ro="False" address="10.1.1.88" netmask="255.255.255.0"/>
<IPv4 id="id1346X3913" name="student89" comment="" ro="False" address="10.1.1.89" netmask="255.255.255.0"/>
<IPv4 id="id1348X3914" name="student90" comment="" ro="False" address="10.1.1.90" netmask="255.255.255.0"/>
<IPv4 id="id1350X3915" name="student91" comment="" ro="False" address="10.1.1.91" netmask="255.255.255.0"/>
<IPv4 id="id1352X3916" name="student92" comment="" ro="False" address="10.1.1.92" netmask="255.255.255.0"/>
<IPv4 id="id1354X3917" name="student93" comment="" ro="False" address="10.1.1.93" netmask="255.255.255.0"/>
<IPv4 id="id1356X3918" name="student94" comment="" ro="False" address="10.1.1.94" netmask="255.255.255.0"/>
<IPv4 id="id1358X3919" name="student95" comment="" ro="False" address="10.1.1.95" netmask="255.255.255.0"/>
<IPv4 id="id1360X3920" name="student96" comment="" ro="False" address="10.1.1.96" netmask="255.255.255.0"/>
<IPv4 id="id1362X3921" name="student97" comment="" ro="False" address="10.1.1.97" netmask="255.255.255.0"/>
<IPv4 id="id1364X3922" name="student98" comment="" ro="False" address="10.1.1.98" netmask="255.255.255.0"/>
<IPv4 id="id1366X3923" name="student99" comment="" ro="False" address="10.1.1.99" netmask="255.255.255.0"/>
<IPv4 id="id1368X3924" name="student100" comment="" ro="False" address="10.1.1.100" netmask="255.255.255.0"/>
<IPv4 id="id1370X3925" name="student101" comment="" ro="False" address="10.1.1.101" netmask="255.255.255.0"/>
<IPv4 id="id1372X3926" name="student102" comment="" ro="False" address="10.1.1.102" netmask="255.255.255.0"/>
<IPv4 id="id1374X3927" name="student103" comment="" ro="False" address="10.1.1.103" netmask="255.255.255.0"/>
<IPv4 id="id1376X3928" name="student104" comment="" ro="False" address="10.1.1.104" netmask="255.255.255.0"/>
<IPv4 id="id1378X3929" name="student105" comment="" ro="False" address="10.1.1.105" netmask="255.255.255.0"/>
<IPv4 id="id1380X3930" name="student106" comment="" ro="False" address="10.1.1.106" netmask="255.255.255.0"/>
<IPv4 id="id1382X3931" name="student107" comment="" ro="False" address="10.1.1.107" netmask="255.255.255.0"/>
<IPv4 id="id1384X3932" name="student108" comment="" ro="False" address="10.1.1.108" netmask="255.255.255.0"/>
<IPv4 id="id1386X3933" name="student109" comment="" ro="False" address="10.1.1.109" netmask="255.255.255.0"/>
<IPv4 id="id1388X3934" name="student110" comment="" ro="False" address="10.1.1.110" netmask="255.255.255.0"/>
<IPv4 id="id1390X3935" name="student111" comment="" ro="False" address="10.1.1.111" netmask="255.255.255.0"/>
<IPv4 id="id1392X3936" name="student112" comment="" ro="False" address="10.1.1.112" netmask="255.255.255.0"/>
<IPv4 id="id1394X3937" name="student113" comment="" ro="False" address="10.1.1.113" netmask="255.255.255.0"/>
<IPv4 id="id1396X3938" name="student114" comment="" ro="False" address="10.1.1.114" netmask="255.255.255.0"/>
<IPv4 id="id1398X3939" name="student115" comment="" ro="False" address="10.1.1.115" netmask="255.255.255.0"/>
<IPv4 id="id1400X3940" name="student116" comment="" ro="False" address="10.1.1.116" netmask="255.255.255.0"/>
<IPv4 id="id1402X3941" name="student117" comment="" ro="False" address="10.1.1.117" netmask="255.255.255.0"/>
<IPv4 id="id1404X3942" name="student118" comment="" ro="False" address="10.1.1.118" netmask="255.255.255.0"/>
<IPv4 id="id1406X3943" name="student119" comment="" ro="False" address="10.1.1.119" netmask="255.255.255.0"/>
<IPv4 id="id1408X3944" name="student120" comment="" ro="False" address="10.1.1.120" netmask="255.255.255.0"/>
<IPv4 id="id1410X3945" name="student121" comment="" ro="False" address="10.1.1.121" netmask="255.255.255.0"/>
<IPv4 id="id1412X3946" name="student122" comment="" ro="False" address="10.1.1.122" netmask="255.255.255.0"/>
<IPv4 id="id1414X3947" name="student123" comment="" ro="False" address="10.1.1.123" netmask="255.255.255.0"/>
<IPv4 id="id1416X3948" name="student124" comment="" ro="False" address="10.1.1.124" netmask="255.255.255.0"/>
<IPv4 id="id1418X3949" name="student125" comment="" ro="False" address="10.1.1.125" netmask="255.255.255.0"/>
<IPv4 id="id1420X3950" name="student126" comment="" ro="False" address="10.1.1.126" netmask="255.255.255.0"/>
<IPv4 id="id1422X3951" name="student127" comment="" ro="False" address="10.1.1.127" netmask="255.255.255.0"/>
<IPv4 id="id1424X3952" name="student128" comment="" ro="False" address="10.1.1.128" netmask="255.255.255.0"/>
<IPv4 id="id1426X3953" name="student129" comment="" ro="False" address="10.1.1.129" netmask="255.255.255.0"/>
<IPv4 id="id1428X3954" name="student130" comment="" ro="False" address="10.1.1.130" netmask="255.255.255.0"/>
<IPv4 id="id1430X3955" name="student131" comment="" ro="False" address="10.1.1.131" netmask="255.255.255.0"/>
<IPv4 id="id1432X3956" name="student132" comment="" ro="False" address="10.1.1.132" netmask="255.255.255.0"/>
<IPv4 id="id1434X3957" name="student133" comment="" ro="False" address="10.1.1.133" netmask="255.255.255.0"/>
<IPv4 id="id1436X3958" name="student134" comment="" ro="False" address="10.1.1.134" netmask="255.255.255.0"/>
<IPv4 id="id1438X3959" name="student135" comment="" ro="False" address="10.1.1.135" netmask="255.255.255.0"/>
<IPv4 id="id1440X3960" name="student136" comment="" ro="False" address="10.1.1.136" netmask="255.255.255.0"/>
<IPv4 id="id1442X3961" name="student137" comment="" ro="False" address="10.1.1.137" netmask="255.255.255.0"/>
<IPv4 id="id1444X3962" name="student138" comment="" ro="False" address="10.1.1.138" netmask="255.255.255.0"/>
<IPv4 id="id1446X3963" name="student139" comment="" ro="False" address="10.1.1.139" netmask="255.255.255.0"/>
<IPv4 id="id1448X3964" name="student140" comment="" ro="False" address="10.1.1.140" netmask="255.255.255.0"/>
<IPv4 id="id1450X3965" name="student141" comment="" ro="False" address="10.1.1.141" netmask="255.255.255.0"/>
<IPv4 id="id1452X3966" name="student142" comment="" ro="False" address="10.1.1.142" netmask="255.255.255.0"/>
<IPv4 id="id1454X3967" name="student143" comment="" ro="False" address="10.1.1.143" netmask="255.255.255.0"/>
<IPv4 id="id1456X3968" name="student144" comment="" ro="False" address="10.1.1.144" netmask="255.255.255.0"/>
<IPv4 id="id1458X3969" name="student145" comment="" ro="False" address="10.1.1.145" netmask="255.255.255.0"/>
<IPv4 id="id1460X3970" name="student146" comment="" ro="False" address="10.1.1.146" netmask="255.255.255.0"/>
<IPv4 id="id1462X3971" name="student147" comment="" ro="False" address="10.1.1.147" netmask="255.255.255.0"/>
<IPv4 id="id1464X3972" name="student148" comment="" ro="False" address="10.1.1.148" netmask="255.255.255.0"/>
<IPv4 id="id1466X3973" name="student149" comment="" ro="False" address="10.1.1.149" netmask="255.255.255.0"/>
<IPv4 id="id1468X3974" name="student150" comment="" ro="False" address="10.1.1.150" netmask="255.255.255.0"/>
<IPv4 id="id1470X3975" name="student151" comment="" ro="False" address="10.1.1.151" netmask="255.255.255.0"/>
<IPv4 id="id1472X3976" name="student152" comment="" ro="False" address="10.1.1.152" netmask="255.255.255.0"/>
<IPv4 id="id1474X3977" name="student153" comment="" ro="False" address="10.1.1.153" netmask="255.255.255.0"/>
<IPv4 id="id1476X3978" name="student154" comment="" ro="False" address="10.1.1.154" netmask="255.255.255.0"/>
<IPv4 id="id1478X3979" name="student155" comment="" ro="False" address="10.1.1.155" netmask="255.255.255.0"/>
<IPv4 id="id1480X3980" name="student156" comment="" ro="False" address="10.1.1.156" netmask="255.255.255.0"/>
<IPv4 id="id1482X3981" name="student157" comment="" ro="False" address="10.1.1.157" netmask="255.255.255.0"/>
<IPv4 id="id1484X3982" name="student158" comment="" ro="False" address="10.1.1.158" netmask="255.255.255.0"/>
<IPv4 id="id1486X3983" name="student159" comment="" ro="False" address="10.1.1.159" netmask="255.255.255.0"/>
<IPv4 id="id1488X3984" name="student160" comment="" ro="False" address="10.1.1.160" netmask="255.255.255.0"/>
<IPv4 id="id1490X3985" name="student161" comment="" ro="False" address="10.1.1.161" netmask="255.255.255.0"/>
<IPv4 id="id1492X3986" name="student162" comment="" ro="False" address="10.1.1.162" netmask="255.255.255.0"/>
<IPv4 id="id1494X3987" name="student163" comment="" ro="False" address="10.1.1.163" netmask="255.255.255.0"/>
<IPv4 id="id1496X3988" name="student164" comment="" ro="False" address="10.1.1.164" netmask="255.255.255.0"/>
<IPv4 id="id1498X3989" name="student165" comment="" ro="False" address="10.1.1.165" netmask="255.255.255.0"/>
<IPv4 id="id1500X3990" name="student166" comment="" ro="False" address="10.1.1.166" netmask="255.255.255.0"/>
<IPv4 id="id1502X3991" name="student167" comment="" ro="False" address="10.1.1.167" netmask="255.255.255.0"/>
<IPv4 id="id1504X3992" name="student168" comment="" ro="False" address="10.1.1.168" netmask="255.255.255.0"/>
<IPv4 id="id1506X3993" name="student169" comment="" ro="False" address="10.1.1.169" netmask="255.255.255.0"/>
<IPv4 id="id1508X3994" name="student170" comment="" ro="False" address="10.1.1.170" netmask="255.255.255.0"/>
<IPv4 id="id1510X3995" name="student171" comment="" ro="False" address="10.1.1.171" netmask="255.255.255.0"/>
<IPv4 id="id1512X3996" name="student172" comment="" ro="False" address="10.1.1.172" netmask="255.255.255.0"/>
<IPv4 id="id1514X3997" name="student173" comment="" ro="False" address="10.1.1.173" netmask="255.255.255.0"/>
<IPv4 id="id1516X3998" name="student174" comment="" ro="False" address="10.1.1.174" netmask="255.255.255.0"/>
<IPv4 id="id1518X3999" name="student175" comment="" ro="False" address="10.1.1.175" netmask="255.255.255.0"/>
<IPv4 id="id1520X4000" name="student176" comment="" ro="False" address="10.1.1.176" netmask="255.255.255.0"/>
<IPv4 id="id1522X4001" name="student177" comment="" ro="False" address="10.1.1.177" netmask="255.255.255.0"/>
<IPv4 id="id1524X4002" name="student178" comment="" ro="False" address="10.1.1.178" netmask="255.255.255.0"/>
<IPv4 id="id1526X4003" name="student179" comment="" ro="False" address="10.1.1.179" netmask="255.255.255.0"/>
<IPv4 id="id1528X4004" name="student180" comment="" ro="False" address="10.1.1.180" netmask="255.255.255.0"/>
<IPv4 id="id1530X4005" name="student181" comment="" ro="False" address="10.1.1.181" netmask="255.255.255.0"/>
<IPv4 id="id1532X4006" name="student182" comment="" ro="False" address="10.1.1.182" netmask="255.255.255.0"/>
<IPv4 id="id1534X4007" name="student183" comment="" ro="False" address="10.1.1.183" netmask="255.255.255.0"/>
<IPv4 id="id1536X4008" name="student184" comment="" ro="False" address="10.1.1.184" netmask="255.255.255.0"/>
<IPv4 id="id1538X4009" name="student185" comment="" ro="False" address="10.1.1.185" netmask="255.255.255.0"/>
<IPv4 id="id1540X4010" name="student186" comment="" ro="False" address="10.1.1.186" netmask="255.255.255.0"/>
<IPv4 id="id1542X4011" name="student187" comment="" ro="False" address="10.1.1.187" netmask="255.255.255.0"/>
<IPv4 id="id1544X4012" name="student188" comment="" ro="False" address="10.1.1.188" netmask="255.255.255.0"/>
<IPv4 id="id1546X4013" name="student189" comment="" ro="False" address="10.1.1.189" netmask="255.255.255.0"/>
<IPv4 id="id1548X4014" name="student190" comment="" ro="False" address="10.1.1.190" netmask="255.255.255.0"/>
<IPv4 id="id1550X4015" name="student191" comment="" ro="False" address="10.1.1.191" netmask="255.255.255.0"/>
<IPv4 id="id1552X4016" name="student192" comment="" ro="False" address="10.1.1.192" netmask="255.255.255.0"/>
<IPv4 id="id1554X4017" name="student193" comment="" ro="False" address="10.1.1.193" netmask="255.255.255.0"/>
<IPv4 id="id1556X4018" name="student194" comment="" ro="False" address="10.1.1.194" netmask="255.255.255.0"/>
<IPv4 id="id1558X4019" name="student195" comment="" ro="False" address="10.1.1.195" netmask="255.255.255.0"/>
<IPv4 id="id1560X4020" name="student196" comment="" ro="False" address="10.1.1.196" netmask="255.255.255.0"/>
<IPv4 id="id1562X4021" name="student197" comment="" ro="False" address="10.1.1.197" netmask="255.255.255.0"/>
<IPv4 id="id1564X4022" name="student198" comment="" ro="False" address="10.1.1.198" netmask="255.255.255.0"/>
<IPv4 id="id1566X4023" name="student199" comment="" ro="False" address="10.1.1.199" netmask="255.255.255.0"/>
<IPv4 id="id1568X4024" name="student200" comment="" ro="False" address="10.1.1.200" netmask="255.255.255.0"/>
<IPv4 id="id1570X4025" name="student201" comment="" ro="False" address="10.1.1.201" netmask="255.255.255.0"/>
<IPv4 id="id1572X4026" name="student202" comment="" ro="False" address="10.1.1.202" netmask="255.255.255.0"/>
<IPv4 id="id1574X4027" name="student203" comment="" ro="False" address="10.1.1.203" netmask="255.255.255.0"/>
<IPv4 id="id1576X4028" name="student204" comment="" ro="False" address="10.1.1.204" netmask="255.255.255.0"/>
<IPv4 id="id1578X4029" name="student205" comment="" ro="False" address="10.1.1.205" netmask="255.255.255.0"/>
<IPv4 id="id1580X4030" name="student206" comment="" ro="False" address="10.1.1.206" netmask="255.255.255.0"/>
<IPv4 id="id1582X4031" name="student207" comment="" ro="False" address="10.1.1.207" netmask="255.255.255.0"/>
<IPv4 id="id1584X4032" name="student208" comment="" ro="False" address="10.1.1.208" netmask="255.255.255.0"/>
<IPv4 id="id1586X4033" name="student209" comment="" ro="False" address="10.1.1.209" netmask="255.255.255.0"/>
<IPv4 id="id1588X4034" name="student210" comment="" ro="False" address="10.1.1.210" netmask="255.255.255.0"/>
<IPv4 id="id1590X4035" name="student211" comment="" ro="False" address="10.1.1.211" netmask="255.255.255.0"/>
<IPv4 id="id1592X4036" name="student212" comment="" ro="False" address="10.1.1.212" netmask="255.255.255.0"/>
<IPv4 id="id1594X4037" name="student213" comment="" ro="False" address="10.1.1.213" netmask="255.255.255.0"/>
<IPv4 id="id1596X4038" name="student214" comment="" ro="False" address="10.1.1.214" netmask="255.255.255.0"/>
<IPv4 id="id1598X4039" name="student215" comment="" ro="False" address="10.1.1.215" netmask="255.255.255.0"/>
<IPv4 id="id1600X4040" name="student216" comment="" ro="False" address="10.1.1.216" netmask="255.255.255.0"/>
<IPv4 id="id1602X4041" name="student217" comment="" ro="False" address="10.1.1.217" netmask="255.255.255.0"/>
<IPv4 id="id1604X4042" name="student218" comment="" ro="False" address="10.1.1.218" netmask="255.255.255.0"/>
<IPv4 id="id1606X4043" name="student219" comment="" ro="False" address="10.1.1.219" netmask="255.255.255.0"/>
<IPv4 id="id1608X4044" name="student220" comment="" ro="False" address="10.1.1.220" netmask="255.255.255.0"/>
<IPv4 id="id1610X4045" name="student221" comment="" ro="False" address="10.1.1.221" netmask="255.255.255.0"/>
<IPv4 id="id1612X4046" name="student222" comment="" ro="False" address="10.1.1.222" netmask="255.255.255.0"/>
<IPv4 id="id1614X4047" name="student223" comment="" ro="False" address="10.1.1.223" netmask="255.255.255.0"/>
<IPv4 id="id1616X4048" name="student224" comment="" ro="False" address="10.1.1.224" netmask="255.255.255.0"/>
<IPv4 id="id1618X4049" name="student225" comment="" ro="False" address="10.1.1.225" netmask="255.255.255.0"/>
<IPv4 id="id1620X4050" name="student226" comment="" ro="False" address="10.1.1.226" netmask="255.255.255.0"/>
<IPv4 id="id1622X4051" name="student227" comment="" ro="False" address="10.1.1.227" netmask="255.255.255.0"/>
<IPv4 id="id1624X4052" name="student228" comment="" ro="False" address="10.1.1.228" netmask="255.255.255.0"/>
<IPv4 id="id1626X4053" name="student229" comment="" ro="False" address="10.1.1.229" netmask="255.255.255.0"/>
<IPv4 id="id1628X4054" name="student230" comment="" ro="False" address="10.1.1.230" netmask="255.255.255.0"/>
<IPv4 id="id1630X4055" name="student231" comment="" ro="False" address="10.1.1.231" netmask="255.255.255.0"/>
<IPv4 id="id1632X4056" name="student232" comment="" ro="False" address="10.1.1.232" netmask="255.255.255.0"/>
<IPv4 id="id1634X4057" name="student233" comment="" ro="False" address="10.1.1.233" netmask="255.255.255.0"/>
<IPv4 id="id1636X4058" name="student234" comment="" ro="False" address="10.1.1.234" netmask="255.255.255.0"/>
<IPv4 id="id1638X4059" name="student235" comment="" ro="False" address="10.1.1.235" netmask="255.255.255.0"/>
<IPv4 id="id1640X4060" name="student236" comment="" ro="False" address="10.1.1.236" netmask="255.255.255.0"/>
<IPv4 id="id1642X4061" name="student237" comment="" ro="False" address="10.1.1.237" netmask="255.255.255.0"/>
<IPv4 id="id1644X4062" name="student238" comment="" ro="False" address="10.1.1.238" netmask="255.255.255.0"/>
<IPv4 id="id1646X4063" name="student239" comment="" ro="False" address="10.1.1.239" netmask="255.255.255.0"/>
<IPv4 id="id1648X4064" name="student240" comment="" ro="False" address="10.1.1.240" netmask="255.255.255.0"/>
<IPv4 id="id1650X4065" name="student241" comment="" ro="False" address="10.1.1.241" netmask="255.255.255.0"/>
<IPv4 id="id1652X4066" name="student242" comment="" ro="False" address="10.1.1.242" netmask="255.255.255.0"/>
<IPv4 id="id1654X4067" name="student243" comment="" ro="False" address="10.1.1.243" netmask="255.255.255.0"/>
<IPv4 id="id1656X4068" name="student244" comment="" ro="False" address="10.1.1.244" netmask="255.255.255.0"/>
<IPv4 id="id1658X4069" name="student245" comment="" ro="False" address="10.1.1.245" netmask="255.255.255.0"/>
<IPv4 id="id1660X4070" name="student246" comment="" ro="False" address="10.1.1.246" netmask="255.255.255.0"/>
<IPv4 id="id1662X4071" name="student247" comment="" ro="False" address="10.1.1.247" netmask="255.255.255.0"/>
<IPv4 id="id1664X4072" name="student248" comment="" ro="False" address="10.1.1.248" netmask="255.255.255.0"/>
<IPv4 id="id1666X4073" name="student249" comment="" ro="False" address="10.1.1.249" netmask="255.255.255.0"/>
<IPv4 id="id1668X4074" name="student250" comment="" ro="False" address="10.1.1.250" netmask="255.255.255.0"/>
<IPv4 id="id1670X4075" name="student251" comment="" ro="False" address="10.1.1.251" netmask="255.255.255.0"/>
<IPv4 id="id1672X4076" name="student252" comment="" ro="False" address="10.1.1.252" netmask="255.255.255.0"/>
<IPv4 id="id1674X4077" name="student253" comment="" ro="False" address="10.1.1.253" netmask="255.255.255.0"/>
<IPv4 id="id1676X4078" name="student254" comment="" ro="False" address="10.1.1.254" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="stdid04_1" name="Groups" comment="">
<ObjectGroup id="id4510X3737" name="Students_net_10_1" comment="">
<ObjectGroup id="stdid04_1" name="Groups" comment="" ro="False">
<ObjectGroup id="id4510X3737" name="Students_net_10_1" comment="" ro="False">
<ObjectRef ref="id1170X3825"/>
<ObjectRef ref="id1170X3825"/>
<ObjectRef ref="id1172X3826"/>
@ -533,23 +525,23 @@
<ObjectRef ref="id1676X4078"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="stdid02_1" name="Hosts" comment=""/>
<ObjectGroup id="stdid03_1" name="Networks" comment="">
<Network id="id3F9A1BC7" name="net A" comment="" address="192.168.0.0" netmask="255.255.255.0"/>
<Network id="id3F9A1BC8" name="net B" comment="" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id3F9A1BC9" name="net C" comment="" address="192.168.2.0" netmask="255.255.255.0"/>
<ObjectGroup id="stdid02_1" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="stdid03_1" name="Networks" comment="" ro="False">
<Network id="id3F9A1BC7" name="net A" comment="" ro="False" address="192.168.0.0" netmask="255.255.255.0"/>
<Network id="id3F9A1BC8" name="net B" comment="" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id3F9A1BC9" name="net C" comment="" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="stdid15_1" name="Address Ranges" comment="">
<AddressRange id="id3F9A1BCA" name="range A" comment="" start_address="192.168.0.10" end_address="192.168.0.250"/>
<AddressRange id="id3F9A1BCB" name="range B" comment="" start_address="192.168.1.10" end_address="192.168.1.250"/>
<AddressRange id="id3F9A1BCC" name="range C" comment="" start_address="192.168.2.10" end_address="192.168.2.250"/>
<ObjectGroup id="stdid15_1" name="Address Ranges" comment="" ro="False">
<AddressRange id="id3F9A1BCA" name="range A" comment="" ro="False" start_address="192.168.0.10" end_address="192.168.0.250"/>
<AddressRange id="id3F9A1BCB" name="range B" comment="" ro="False" start_address="192.168.1.10" end_address="192.168.1.250"/>
<AddressRange id="id3F9A1BCC" name="range C" comment="" ro="False" start_address="192.168.2.10" end_address="192.168.2.250"/>
</ObjectGroup>
</ObjectGroup>
<ServiceGroup id="stdid05_1" name="Services" comment="">
<ServiceGroup id="stdid05_1_userservices" name="Users" comment=""/>
<ServiceGroup id="stdid05_1_og_tag_1" name="TagServices" comment=""/>
<ServiceGroup id="stdid10_1" name="Groups" comment="">
<ServiceGroup id="id8427X3737" name="lots of tcp services" comment="">
<ServiceGroup id="stdid05_1" name="Services" comment="" ro="False">
<ServiceGroup id="stdid05_1_userservices" name="Users" comment="" ro="False"/>
<ServiceGroup id="stdid05_1_og_tag_1" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="stdid10_1" name="Groups" comment="" ro="False">
<ServiceGroup id="id8427X3737" name="lots of tcp services" comment="" ro="False">
<ServiceRef ref="id3D703C8B"/>
<ServiceRef ref="id3D703C93"/>
<ServiceRef ref="id3B4FF09A"/>
@ -634,7 +626,7 @@
<ServiceRef ref="id3E7553BC"/>
<ServiceRef ref="tcp-HTTP"/>
</ServiceGroup>
<ServiceGroup id="id9342X3737" name="lots of udp services" comment="">
<ServiceGroup id="id9342X3737" name="lots of udp services" comment="" ro="False">
<ServiceRef ref="id3B4FEDA1"/>
<ServiceRef ref="udp-bootpc"/>
<ServiceRef ref="udp-bootps"/>
@ -671,16 +663,16 @@
<ServiceRef ref="id41291883"/>
</ServiceGroup>
</ServiceGroup>
<ServiceGroup id="stdid07_1" name="ICMP" comment=""/>
<ServiceGroup id="stdid06_1" name="IP" comment=""/>
<ServiceGroup id="stdid09_1" name="TCP" comment=""/>
<ServiceGroup id="stdid08_1" name="UDP" comment=""/>
<ServiceGroup id="stdid13_1" name="Custom" comment=""/>
<ServiceGroup id="stdid07_1" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="stdid06_1" name="IP" comment="" ro="False"/>
<ServiceGroup id="stdid09_1" name="TCP" comment="" ro="False"/>
<ServiceGroup id="stdid08_1" name="UDP" comment="" ro="False"/>
<ServiceGroup id="stdid13_1" name="Custom" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="stdid12_1" name="Firewalls" comment="">
<Firewall id="id3F9A1BD2" host_OS="linux24" lastCompiled="0" lastInstalled="0" lastModified="1220934384" platform="iptables" ro="False" name="test" comment="">
<NAT id="id3F9A1BD6" name="NAT" comment="" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id10279X3737" disabled="False" position="0" comment="">
<ObjectGroup id="stdid12_1" name="Firewalls" comment="" ro="False">
<Firewall id="id3F9A1BD2" host_OS="linux24" lastCompiled="0" lastInstalled="0" lastModified="1220934384" platform="iptables" name="test" comment="" ro="False">
<NAT id="id3F9A1BD6" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id10279X3737" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="id4510X3737"/>
</OSrc>
@ -701,7 +693,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id11212X3737" disabled="False" position="1" comment="">
<NATRule id="id11212X3737" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="id3F9A1BCA"/>
</OSrc>
@ -722,9 +714,10 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id3F9A1BD5" name="Policy" comment="" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id6439X3737" action="Deny" direction="Both" disabled="False" group="" log="True" position="0" comment="">
<Policy id="id3F9A1BD5" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id6439X3737" disabled="False" group="" log="True" position="0" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id4510X3737"/>
<ObjectRef ref="id3F9A1BCA"/>
@ -751,7 +744,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3F9A1CE7" action="Accept" disabled="False" log="False" position="1" comment="">
<PolicyRule id="id3F9A1CE7" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3F9A1BC7"/>
</Src>
@ -769,7 +762,7 @@
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F9A1BF6" action="Accept" disabled="False" log="False" position="2" comment="">
<PolicyRule id="id3F9A1BF6" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3F9A1BCA"/>
</Src>
@ -787,7 +780,7 @@
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F9A1BEC" action="Accept" disabled="False" log="False" position="3" comment="">
<PolicyRule id="id3F9A1BEC" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3F9A1BCA"/>
</Src>
@ -805,7 +798,7 @@
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F9A1C2E" action="Accept" disabled="False" log="False" position="4" comment="">
<PolicyRule id="id3F9A1C2E" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3F9A1BCB"/>
</Src>
@ -823,7 +816,7 @@
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F9A1C96" action="Accept" disabled="False" log="False" position="5" comment="">
<PolicyRule id="id3F9A1C96" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id3F9A1BC7"/>
</Src>
@ -841,7 +834,7 @@
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule id="id3F9A1C3A" action="Deny" disabled="False" log="True" position="6" comment="">
<PolicyRule id="id3F9A1C3A" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -861,22 +854,25 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id3F9A1BD2-routing" name="Routing" comment="" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3F9A1BD9" bridgeport="False" dyn="False" label="" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth0" comment="">
<IPv4 id="id3F9A1BDB" name="test:eth0(ip)" comment="" address="192.0.2.1" netmask="255.255.255.0"/>
<Routing id="id3F9A1BD2-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id3F9A1BD9" dedicated_failover="False" dyn="False" label="" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3F9A1BDB" name="test:eth0(ip)" comment="" ro="False" address="192.0.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3F9A1BDC" bridgeport="False" dyn="False" label="" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="eth1" comment="">
<IPv4 id="id3F9A1BDE" name="test:eth1(ip)" comment="" address="192.168.0.1" netmask="255.255.255.0"/>
<Interface id="id3F9A1BDC" dedicated_failover="False" dyn="False" label="" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3F9A1BDE" name="test:eth1(ip)" comment="" ro="False" address="192.168.0.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3F9A1BDF" bridgeport="False" dyn="False" label="" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="eth2" comment="">
<IPv4 id="id3F9A1BE1" name="test:eth2(ip)" comment="" address="192.168.1.1" netmask="255.255.255.0"/>
<Interface id="id3F9A1BDF" dedicated_failover="False" dyn="False" label="" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3F9A1BE1" name="test:eth2(ip)" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3F9A1BE2" bridgeport="False" dyn="False" label="" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="eth3" comment="">
<IPv4 id="id3F9A1BE4" name="test:eth3(ip)" comment="" address="192.168.2.1" netmask="255.255.255.0"/>
<Interface id="id3F9A1BE2" dedicated_failover="False" dyn="False" label="" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
<IPv4 id="id3F9A1BE4" name="test:eth3(ip)" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface id="id3F9A1BE5" bridgeport="False" dyn="False" label="" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="lo" comment="">
<IPv4 id="id3F9A1BE7" name="test:lo(ip)" comment="" address="127.0.0.1" netmask="255.0.0.0"/>
<Interface id="id3F9A1BE5" dedicated_failover="False" dyn="False" label="" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3F9A1BE7" name="test:lo(ip)" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -928,134 +924,134 @@
</FirewallOptions>
</Firewall>
</ObjectGroup>
<IntervalGroup id="stdid11_1" name="Time" comment=""/>
<IntervalGroup id="stdid11_1" name="Time" comment="" ro="False"/>
</Library>
<Library id="syslib000" color="#d4f8ff" ro="True" name="Standard" comment="Standard objects">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service"/>
<ServiceGroup id="stdid05" name="Services" comment="">
<ServiceGroup id="stdid09" name="TCP" comment="">
<TCPService id="id3D703C8B" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Real-Audio" comment="RealNetworks PNA Protocol" src_range_start="0" src_range_end="0" dst_range_start="7070" dst_range_end="7070"/>
<TCPService id="id3D703C93" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="RealSecure" comment="" src_range_start="0" src_range_end="0" dst_range_start="2998" dst_range_end="2998"/>
<TCPService id="id3B4FF09A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="squid" comment="" src_range_start="0" src_range_end="0" dst_range_start="3128" dst_range_end="3128"/>
<TCPService id="tcp-SSH" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ssh" comment="" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id3AEDBE00" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="sunrpc" comment="" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
<TCPService id="tcp-TCP-SYN" ack_flag="False" ack_flag_mask="True" fin_flag="False" fin_flag_mask="True" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True" name="tcp-syn" comment="" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="tcp-Telnet" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="telnet" comment="" src_range_start="0" src_range_end="0" dst_range_start="23" dst_range_end="23"/>
<TCPService id="id3B4FEE76" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="socks" comment="" src_range_start="0" src_range_end="0" dst_range_start="1080" dst_range_end="1080"/>
<TCPService id="id3D703C87" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="sqlnet1" comment="" src_range_start="0" src_range_end="0" dst_range_start="1521" dst_range_end="1521"/>
<TCPService id="tcp-FTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp" comment="" src_range_start="0" src_range_end="0" dst_range_start="21" dst_range_end="21"/>
<TCPService id="tcp-FTP_data" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp data" comment="FTP data channel.&#10; Note: FTP protocol does not really require server to use source port 20 for the data channel, &#10; but many ftp server implementations do so." src_range_start="20" src_range_end="20" dst_range_start="1024" dst_range_end="65535"/>
<TCPService id="id41291788" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-0" comment="Regular VNC viewer, display 0" src_range_start="0" src_range_end="0" dst_range_start="5900" dst_range_end="5900"/>
<TCPService id="id41291887" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-java-1" comment="Java VNC viewer, display 1" src_range_start="0" src_range_end="0" dst_range_start="5801" dst_range_end="5801"/>
<TCPService id="id41291888" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-1" comment="Regular VNC viewer, display 1" src_range_start="0" src_range_end="0" dst_range_start="5901" dst_range_end="5901"/>
<TCPService id="id3E7E4039" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="LDAP GC" comment="" src_range_start="0" src_range_end="0" dst_range_start="3268" dst_range_end="3268"/>
<TCPService id="id3E7E403A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="LDAP GC SSL" comment="" src_range_start="0" src_range_end="0" dst_range_start="3269" dst_range_end="3269"/>
<TCPService id="id3D703C97" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="lpr" comment="" src_range_start="0" src_range_end="0" dst_range_start="515" dst_range_end="515"/>
<TCPService id="id3DC8C8BB" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="microsoft-rpc" comment="" src_range_start="0" src_range_end="0" dst_range_start="135" dst_range_end="135"/>
<TCPService id="id3D703C98" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ms-sql" comment="Microsoft SQL Server" src_range_start="0" src_range_end="0" dst_range_start="1433" dst_range_end="1433"/>
<TCPService id="id3B4FEE7A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nfs" comment="" src_range_start="0" src_range_end="0" dst_range_start="2049" dst_range_end="2049"/>
<TCPService id="tcp-NNTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntp" comment="" src_range_start="0" src_range_end="0" dst_range_start="119" dst_range_end="119"/>
<TCPService id="id3E7553BB" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntps" comment="NNTP over SSL" src_range_start="0" src_range_end="0" dst_range_start="563" dst_range_end="563"/>
<TCPService id="id3B4FEE1D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="pop3" comment="" src_range_start="0" src_range_end="0" dst_range_start="110" dst_range_end="110"/>
<TCPService id="id3E7553BA" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="pop3s" comment="POP-3 over SSL" src_range_start="0" src_range_end="0" dst_range_start="995" dst_range_end="995"/>
<TCPService id="id3B4FF0EA" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="postgres" comment="" src_range_start="0" src_range_end="0" dst_range_start="5432" dst_range_end="5432"/>
<TCPService id="id3AECF782" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="printer" comment="" src_range_start="0" src_range_end="0" dst_range_start="515" dst_range_end="515"/>
<TCPService id="id3B4FEF7C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="quake" comment="" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
<TCPService id="id4127EDF6" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="whois" comment="" src_range_start="0" src_range_end="0" dst_range_start="43" dst_range_end="43"/>
<TCPService id="id4127F04F" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="bgp" comment="" src_range_start="0" src_range_end="0" dst_range_start="179" dst_range_end="179"/>
<TCPService id="id3AECF77A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rexec" comment="" src_range_start="0" src_range_end="0" dst_range_start="512" dst_range_end="512"/>
<TCPService id="id3AECF77C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rlogin" comment="" src_range_start="0" src_range_end="0" dst_range_start="513" dst_range_end="513"/>
<TCPService id="id3AECF77E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rshell" comment="" src_range_start="0" src_range_end="0" dst_range_start="514" dst_range_end="514"/>
<TCPService id="id4127F146" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="radius" comment="Radius protocol" src_range_start="0" src_range_end="0" dst_range_start="1812" dst_range_end="1812"/>
<TCPService id="id4127F147" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="radius acct" comment="Radius Accounting" src_range_start="0" src_range_end="0" dst_range_start="1813" dst_range_end="1813"/>
<TCPService id="id41291784" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="upnp" comment="" src_range_start="0" src_range_end="0" dst_range_start="5000" dst_range_end="5000"/>
<TCPService id="id3D703C99" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rtsp" comment="Real Time Streaming Protocol" src_range_start="0" src_range_end="0" dst_range_start="554" dst_range_end="554"/>
<TCPService id="id3B4FEF34" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rwhois" comment="" src_range_start="0" src_range_end="0" dst_range_start="4321" dst_range_end="4321"/>
<TCPService id="id3C685B2B" ack_flag="True" ack_flag_mask="True" fin_flag="True" fin_flag_mask="True" psh_flag="True" psh_flag_mask="True" rst_flag="True" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="True" urg_flag_mask="True" name="xmas scan - full" comment="This service object matches TCP packet with all six flags set." src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id4127E949" ack_flag="False" ack_flag_mask="True" fin_flag="True" fin_flag_mask="True" psh_flag="True" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="False" syn_flag_mask="True" urg_flag="True" urg_flag_mask="True" name="xmas scan" comment="This service object matches TCP packet with flags FIN, PSH and URG set and other flags cleared. This is a &quot;christmas scan&quot; as defined in snort rules. Nmap can generate this scan, too." src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id3D703C89" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="securidprop" comment="" src_range_start="0" src_range_end="0" dst_range_start="5510" dst_range_end="5510"/>
<TCPService id="tcp-SMTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtp" comment="" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
<TCPService id="id3B4FF04C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtps" comment="" src_range_start="0" src_range_end="0" dst_range_start="465" dst_range_end="465"/>
<TCPService id="id4127EA72" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rsync" comment="" src_range_start="0" src_range_end="0" dst_range_start="873" dst_range_end="873"/>
<TCPService id="id4127EBAC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="distcc" comment="distributed compiler" src_range_start="0" src_range_end="0" dst_range_start="3632" dst_range_end="3632"/>
<TCPService id="id4127ECF1" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="cvspserver" comment="CVS client/server operations" src_range_start="0" src_range_end="0" dst_range_start="2401" dst_range_end="2401"/>
<TCPService id="id3CB131C4" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Citrix-ICA" comment="" src_range_start="0" src_range_end="0" dst_range_start="1494" dst_range_end="1494"/>
<TCPService id="id41291785" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="upnp-5431" comment="Although UPnP specification say it should use TCP port 5000, Linksys running Sveasoft firmware listens on port 5431" src_range_start="0" src_range_end="0" dst_range_start="5431" dst_range_end="5431"/>
<TCPService id="id41291787" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-java-0" comment="Java VNC viewer, display 0" src_range_start="0" src_range_end="0" dst_range_start="5800" dst_range_end="5800"/>
<TCPService id="id3B4FED69" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="https" comment="" src_range_start="0" src_range_end="0" dst_range_start="443" dst_range_end="443"/>
<TCPService id="id3AECF776" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imap" comment="" src_range_start="0" src_range_end="0" dst_range_start="143" dst_range_end="143"/>
<TCPService id="id3B4FED9F" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imaps" comment="" src_range_start="0" src_range_end="0" dst_range_start="993" dst_range_end="993"/>
<TCPService id="id3D703C90" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ldaps" comment="Lightweight Directory Access Protocol over TLS/SSL" src_range_start="0" src_range_end="0" dst_range_start="636" dst_range_end="636"/>
<TCPService id="id3B4FF000" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="linuxconf" comment="" src_range_start="0" src_range_end="0" dst_range_start="98" dst_range_end="98"/>
<TCPService id="id3B4FF13C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="irc" comment="" src_range_start="0" src_range_end="0" dst_range_start="6667" dst_range_end="6667"/>
<TCPService id="id3E7E3EA2" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="kerberos" comment="" src_range_start="0" src_range_end="0" dst_range_start="88" dst_range_end="88"/>
<TCPService id="id3B4FEE21" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="klogin" comment="" src_range_start="0" src_range_end="0" dst_range_start="543" dst_range_end="543"/>
<TCPService id="id3B4FEE23" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ksh" comment="" src_range_start="0" src_range_end="0" dst_range_start="544" dst_range_end="544"/>
<TCPService id="id3AECF778" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ldap" comment="" src_range_start="0" src_range_end="0" dst_range_start="389" dst_range_end="389"/>
<TCPService id="id4127ECF2" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="cvsup" comment="CVSup file transfer/John Polstra/FreeBSD" src_range_start="0" src_range_end="0" dst_range_start="5999" dst_range_end="5999"/>
<TCPService id="id4127ED5E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="afp" comment="AFP (Apple file sharing) over TCP" src_range_start="0" src_range_end="0" dst_range_start="548" dst_range_end="548"/>
<TCPService id="tcp-uucp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="uucp" comment="" src_range_start="0" src_range_end="0" dst_range_start="540" dst_range_end="540"/>
<TCPService id="id3CB131C6" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="winterm" comment="Windows Terminal Services" src_range_start="0" src_range_end="0" dst_range_start="3389" dst_range_end="3389"/>
<TCPService id="id3B4FF1B8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xfs" comment="" src_range_start="0" src_range_end="0" dst_range_start="7100" dst_range_end="7100"/>
<TCPService id="id3B4FEEEE" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="mysql" comment="" src_range_start="0" src_range_end="0" dst_range_start="3306" dst_range_end="3306"/>
<TCPService id="id3E755609" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="netbios-ssn" comment="" src_range_start="0" src_range_end="0" dst_range_start="139" dst_range_end="139"/>
<TCPService id="tcp-Auth" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="auth" comment="" src_range_start="0" src_range_end="0" dst_range_start="113" dst_range_end="113"/>
<TCPService id="id3AEDBE6E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="daytime" comment="" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
<TCPService id="id3E7E3D58" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="WINS replication" comment="" src_range_start="0" src_range_end="0" dst_range_start="42" dst_range_end="42"/>
<TCPService id="id3D703C82" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="X11" comment="X Window System" src_range_start="0" src_range_end="0" dst_range_start="6000" dst_range_end="6063"/>
<TCPService id="id3DC8C8BC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="SMB" comment="SMB over TCP (without NETBIOS)&#10;" src_range_start="0" src_range_end="0" dst_range_start="445" dst_range_end="445"/>
<TCPService id="id3D703C8D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="TACACSplus" comment="" src_range_start="0" src_range_end="0" dst_range_start="49" dst_range_end="49"/>
<TCPService id="id3D703C84" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="TCP high ports" comment="TCP high ports" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="65535"/>
<TCPService id="id3D703C83" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="OpenWindows" comment="Open Windows" src_range_start="0" src_range_end="0" dst_range_start="2000" dst_range_end="2000"/>
<TCPService id="id3CB131C8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="PCAnywhere-data" comment="data channel for PCAnywhere v7.52 and later " src_range_start="0" src_range_end="0" dst_range_start="5631" dst_range_end="5631"/>
<TCPService id="tcp-DNS" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="domain" comment="" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<TCPService id="id3B4FEDA3" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="eklogin" comment="" src_range_start="0" src_range_end="0" dst_range_start="2105" dst_range_end="2105"/>
<TCPService id="id3AECF774" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="finger" comment="" src_range_start="0" src_range_end="0" dst_range_start="79" dst_range_end="79"/>
<TCPService id="id3D703C91" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Entrust-Admin" comment="Entrust CA Administration Service" src_range_start="0" src_range_end="0" dst_range_start="709" dst_range_end="709"/>
<TCPService id="id3D703C92" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Entrust-KeyMgmt" comment="Entrust CA Key Management Service" src_range_start="0" src_range_end="0" dst_range_start="710" dst_range_end="710"/>
<TCPService id="id3AEDBEAC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="H323" comment="" src_range_start="0" src_range_end="0" dst_range_start="1720" dst_range_end="1720"/>
<TCPService id="id412Z18A9" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="icslap" comment="Sometimes this protocol is called icslap, but Microsoft does not call it that and just says that DSPP uses port 2869 in Windows XP SP2" src_range_start="0" src_range_end="0" dst_range_start="2869" dst_range_end="2869"/>
<TCPService id="id3E7553BC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp data passive" comment="FTP data channel for passive mode transfers&#10;" src_range_start="0" src_range_end="0" dst_range_start="20" dst_range_end="20"/>
<TCPService id="tcp-HTTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="http" comment="" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
<ServiceGroup id="stdid05" name="Services" comment="" ro="False">
<ServiceGroup id="stdid09" name="TCP" comment="" ro="False">
<TCPService id="id3D703C8B" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Real-Audio" comment="RealNetworks PNA Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7070" dst_range_end="7070"/>
<TCPService id="id3D703C93" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="RealSecure" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2998" dst_range_end="2998"/>
<TCPService id="id3B4FF09A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="squid" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3128" dst_range_end="3128"/>
<TCPService id="tcp-SSH" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ssh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id3AEDBE00" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="sunrpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
<TCPService id="tcp-TCP-SYN" ack_flag="False" ack_flag_mask="True" fin_flag="False" fin_flag_mask="True" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True" name="tcp-syn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="tcp-Telnet" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="telnet" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="23" dst_range_end="23"/>
<TCPService id="id3B4FEE76" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="socks" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1080" dst_range_end="1080"/>
<TCPService id="id3D703C87" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="sqlnet1" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1521" dst_range_end="1521"/>
<TCPService id="tcp-FTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="21" dst_range_end="21"/>
<TCPService id="tcp-FTP_data" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp data" comment="FTP data channel.&#10; Note: FTP protocol does not really require server to use source port 20 for the data channel, &#10; but many ftp server implementations do so." ro="False" src_range_start="20" src_range_end="20" dst_range_start="1024" dst_range_end="65535"/>
<TCPService id="id41291788" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-0" comment="Regular VNC viewer, display 0" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5900" dst_range_end="5900"/>
<TCPService id="id41291887" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-java-1" comment="Java VNC viewer, display 1" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5801" dst_range_end="5801"/>
<TCPService id="id41291888" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-1" comment="Regular VNC viewer, display 1" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5901" dst_range_end="5901"/>
<TCPService id="id3E7E4039" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="LDAP GC" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3268" dst_range_end="3268"/>
<TCPService id="id3E7E403A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="LDAP GC SSL" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3269" dst_range_end="3269"/>
<TCPService id="id3D703C97" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="lpr" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="515" dst_range_end="515"/>
<TCPService id="id3DC8C8BB" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="microsoft-rpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="135" dst_range_end="135"/>
<TCPService id="id3D703C98" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ms-sql" comment="Microsoft SQL Server" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1433" dst_range_end="1433"/>
<TCPService id="id3B4FEE7A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2049" dst_range_end="2049"/>
<TCPService id="tcp-NNTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="119" dst_range_end="119"/>
<TCPService id="id3E7553BB" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntps" comment="NNTP over SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="563" dst_range_end="563"/>
<TCPService id="id3B4FEE1D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="pop3" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="110" dst_range_end="110"/>
<TCPService id="id3E7553BA" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="pop3s" comment="POP-3 over SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="995" dst_range_end="995"/>
<TCPService id="id3B4FF0EA" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="postgres" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5432" dst_range_end="5432"/>
<TCPService id="id3AECF782" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="printer" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="515" dst_range_end="515"/>
<TCPService id="id3B4FEF7C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="quake" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
<TCPService id="id4127EDF6" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="whois" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="43" dst_range_end="43"/>
<TCPService id="id4127F04F" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="bgp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="179" dst_range_end="179"/>
<TCPService id="id3AECF77A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rexec" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="512" dst_range_end="512"/>
<TCPService id="id3AECF77C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rlogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="513" dst_range_end="513"/>
<TCPService id="id3AECF77E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rshell" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="514" dst_range_end="514"/>
<TCPService id="id4127F146" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="radius" comment="Radius protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1812" dst_range_end="1812"/>
<TCPService id="id4127F147" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="radius acct" comment="Radius Accounting" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1813" dst_range_end="1813"/>
<TCPService id="id41291784" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="upnp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5000" dst_range_end="5000"/>
<TCPService id="id3D703C99" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rtsp" comment="Real Time Streaming Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="554" dst_range_end="554"/>
<TCPService id="id3B4FEF34" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rwhois" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4321" dst_range_end="4321"/>
<TCPService id="id3C685B2B" ack_flag="True" ack_flag_mask="True" fin_flag="True" fin_flag_mask="True" psh_flag="True" psh_flag_mask="True" rst_flag="True" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="True" urg_flag_mask="True" name="xmas scan - full" comment="This service object matches TCP packet with all six flags set." ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id4127E949" ack_flag="False" ack_flag_mask="True" fin_flag="True" fin_flag_mask="True" psh_flag="True" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="False" syn_flag_mask="True" urg_flag="True" urg_flag_mask="True" name="xmas scan" comment="This service object matches TCP packet with flags FIN, PSH and URG set and other flags cleared. This is a &quot;christmas scan&quot; as defined in snort rules. Nmap can generate this scan, too." ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id3D703C89" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="securidprop" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5510" dst_range_end="5510"/>
<TCPService id="tcp-SMTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
<TCPService id="id3B4FF04C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="465" dst_range_end="465"/>
<TCPService id="id4127EA72" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rsync" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="873" dst_range_end="873"/>
<TCPService id="id4127EBAC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="distcc" comment="distributed compiler" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3632" dst_range_end="3632"/>
<TCPService id="id4127ECF1" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="cvspserver" comment="CVS client/server operations" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2401" dst_range_end="2401"/>
<TCPService id="id3CB131C4" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Citrix-ICA" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1494" dst_range_end="1494"/>
<TCPService id="id41291785" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="upnp-5431" comment="Although UPnP specification say it should use TCP port 5000, Linksys running Sveasoft firmware listens on port 5431" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5431" dst_range_end="5431"/>
<TCPService id="id41291787" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-java-0" comment="Java VNC viewer, display 0" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5800" dst_range_end="5800"/>
<TCPService id="id3B4FED69" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="https" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="443" dst_range_end="443"/>
<TCPService id="id3AECF776" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="143" dst_range_end="143"/>
<TCPService id="id3B4FED9F" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imaps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="993" dst_range_end="993"/>
<TCPService id="id3D703C90" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ldaps" comment="Lightweight Directory Access Protocol over TLS/SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="636" dst_range_end="636"/>
<TCPService id="id3B4FF000" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="linuxconf" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="98" dst_range_end="98"/>
<TCPService id="id3B4FF13C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="irc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6667" dst_range_end="6667"/>
<TCPService id="id3E7E3EA2" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="kerberos" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="88" dst_range_end="88"/>
<TCPService id="id3B4FEE21" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="klogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="543" dst_range_end="543"/>
<TCPService id="id3B4FEE23" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ksh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="544" dst_range_end="544"/>
<TCPService id="id3AECF778" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ldap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="389" dst_range_end="389"/>
<TCPService id="id4127ECF2" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="cvsup" comment="CVSup file transfer/John Polstra/FreeBSD" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5999" dst_range_end="5999"/>
<TCPService id="id4127ED5E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="afp" comment="AFP (Apple file sharing) over TCP" ro="False" src_range_start="0" src_range_end="0" dst_range_start="548" dst_range_end="548"/>
<TCPService id="tcp-uucp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="uucp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="540" dst_range_end="540"/>
<TCPService id="id3CB131C6" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="winterm" comment="Windows Terminal Services" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3389" dst_range_end="3389"/>
<TCPService id="id3B4FF1B8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7100" dst_range_end="7100"/>
<TCPService id="id3B4FEEEE" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="mysql" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3306" dst_range_end="3306"/>
<TCPService id="id3E755609" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="netbios-ssn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="139" dst_range_end="139"/>
<TCPService id="tcp-Auth" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="auth" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="113" dst_range_end="113"/>
<TCPService id="id3AEDBE6E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="daytime" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
<TCPService id="id3E7E3D58" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="WINS replication" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="42" dst_range_end="42"/>
<TCPService id="id3D703C82" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="X11" comment="X Window System" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6000" dst_range_end="6063"/>
<TCPService id="id3DC8C8BC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="SMB" comment="SMB over TCP (without NETBIOS)&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="445" dst_range_end="445"/>
<TCPService id="id3D703C8D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="TACACSplus" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="49" dst_range_end="49"/>
<TCPService id="id3D703C84" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="TCP high ports" comment="TCP high ports" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="65535"/>
<TCPService id="id3D703C83" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="OpenWindows" comment="Open Windows" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2000" dst_range_end="2000"/>
<TCPService id="id3CB131C8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="PCAnywhere-data" comment="data channel for PCAnywhere v7.52 and later " ro="False" src_range_start="0" src_range_end="0" dst_range_start="5631" dst_range_end="5631"/>
<TCPService id="tcp-DNS" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="domain" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<TCPService id="id3B4FEDA3" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="eklogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2105" dst_range_end="2105"/>
<TCPService id="id3AECF774" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="finger" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="79" dst_range_end="79"/>
<TCPService id="id3D703C91" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Entrust-Admin" comment="Entrust CA Administration Service" ro="False" src_range_start="0" src_range_end="0" dst_range_start="709" dst_range_end="709"/>
<TCPService id="id3D703C92" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Entrust-KeyMgmt" comment="Entrust CA Key Management Service" ro="False" src_range_start="0" src_range_end="0" dst_range_start="710" dst_range_end="710"/>
<TCPService id="id3AEDBEAC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="H323" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1720" dst_range_end="1720"/>
<TCPService id="id412Z18A9" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="icslap" comment="Sometimes this protocol is called icslap, but Microsoft does not call it that and just says that DSPP uses port 2869 in Windows XP SP2" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2869" dst_range_end="2869"/>
<TCPService id="id3E7553BC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp data passive" comment="FTP data channel for passive mode transfers&#10;" ro="False" src_range_start="0" src_range_end="0" dst_range_start="20" dst_range_end="20"/>
<TCPService id="tcp-HTTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="http" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
</ServiceGroup>
<ServiceGroup id="stdid08" name="UDP" comment="">
<UDPService id="id3B4FEDA1" name="afs" comment="" src_range_start="0" src_range_end="0" dst_range_start="7000" dst_range_end="7009"/>
<UDPService id="udp-bootpc" name="bootpc" comment="" src_range_start="0" src_range_end="0" dst_range_start="68" dst_range_end="68"/>
<UDPService id="udp-bootps" name="bootps" comment="" src_range_start="0" src_range_end="0" dst_range_start="67" dst_range_end="67"/>
<UDPService id="id3AEDBE70" name="daytime" comment="" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
<UDPService id="udp-DNS" name="domain" comment="" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<UDPService id="id3D703C8A" name="interphone" comment="VocalTec Internet Phone" src_range_start="0" src_range_end="0" dst_range_start="22555" dst_range_end="22555"/>
<UDPService id="id3B4FEDA5" name="kerberos" comment="" src_range_start="0" src_range_end="0" dst_range_start="88" dst_range_end="88"/>
<UDPService id="id3D703C96" name="ICQ" comment="" src_range_start="0" src_range_end="0" dst_range_start="4000" dst_range_end="4000"/>
<UDPService id="id3CB129D2" name="IKE" comment="" src_range_start="0" src_range_end="0" dst_range_start="500" dst_range_end="500"/>
<UDPService id="id3CB131CA" name="PCAnywhere-status" comment="status channel for PCAnywhere v7.52 and later" src_range_start="0" src_range_end="0" dst_range_start="5632" dst_range_end="5632"/>
<UDPService id="id3AED0D6B" name="RIP" comment="routing protocol RIP" src_range_start="0" src_range_end="0" dst_range_start="520" dst_range_end="520"/>
<UDPService id="id3D703C8C" name="Radius" comment="" src_range_start="0" src_range_end="0" dst_range_start="1645" dst_range_end="1645"/>
<UDPService id="id3D703C85" name="UDP high ports" comment="" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="65535"/>
<UDPService id="id3D703C86" name="Who" comment="" src_range_start="0" src_range_end="0" dst_range_start="513" dst_range_end="513"/>
<UDPService id="id3B4FEDA9" name="kerberos-adm" comment="" src_range_start="0" src_range_end="0" dst_range_start="749" dst_range_end="750"/>
<UDPService id="id3B4FEDA7" name="kpasswd" comment="" src_range_start="0" src_range_end="0" dst_range_start="464" dst_range_end="464"/>
<UDPService id="id3B4FEDAB" name="krb524" comment="" src_range_start="0" src_range_end="0" dst_range_start="4444" dst_range_end="4444"/>
<UDPService id="id3F865B0D" name="microsoft-rpc" comment="" src_range_start="0" src_range_end="0" dst_range_start="135" dst_range_end="135"/>
<UDPService id="udp-netbios-dgm" name="netbios-dgm" comment="" src_range_start="0" src_range_end="0" dst_range_start="138" dst_range_end="138"/>
<UDPService id="udp-netbios-ns" name="netbios-ns" comment="" src_range_start="0" src_range_end="0" dst_range_start="137" dst_range_end="137"/>
<UDPService id="udp-netbios-ssn" name="netbios-ssn" comment="" src_range_start="0" src_range_end="0" dst_range_start="139" dst_range_end="139"/>
<UDPService id="id3B4FEE78" name="nfs" comment="" src_range_start="0" src_range_end="0" dst_range_start="2049" dst_range_end="2049"/>
<UDPService id="udp-ntp" name="ntp" comment="" src_range_start="0" src_range_end="0" dst_range_start="123" dst_range_end="123"/>
<UDPService id="id3B4FEF7E" name="quake" comment="" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
<UDPService id="id3D703C88" name="secureid-udp" comment="" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="1024"/>
<UDPService id="udp-SNMP" name="snmp" comment="" src_range_start="0" src_range_end="0" dst_range_start="161" dst_range_end="161"/>
<UDPService id="id3AED0D69" name="snmp-trap" comment="" src_range_start="0" src_range_end="0" dst_range_start="162" dst_range_end="162"/>
<UDPService id="id3AEDBE19" name="sunrpc" comment="" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
<UDPService id="id3AECF780" name="syslog" comment="" src_range_start="0" src_range_end="0" dst_range_start="514" dst_range_end="514"/>
<UDPService id="id3AED0D67" name="tftp" comment="" src_range_start="0" src_range_end="0" dst_range_start="69" dst_range_end="69"/>
<UDPService id="id3AED0D8C" name="traceroute" comment="" src_range_start="0" src_range_end="0" dst_range_start="33434" dst_range_end="33524"/>
<UDPService id="id4127EA73" name="rsync" comment="" src_range_start="0" src_range_end="0" dst_range_start="873" dst_range_end="873"/>
<UDPService id="id41291783" name="SSDP" comment="Simple Service Discovery Protocol (used for UPnP)" src_range_start="0" src_range_end="0" dst_range_start="1900" dst_range_end="1900"/>
<UDPService id="id41291883" name="OpenVPN" comment="" src_range_start="0" src_range_end="0" dst_range_start="1194" dst_range_end="1194"/>
<ServiceGroup id="stdid08" name="UDP" comment="" ro="False">
<UDPService id="id3B4FEDA1" name="afs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7000" dst_range_end="7009"/>
<UDPService id="udp-bootpc" name="bootpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="68" dst_range_end="68"/>
<UDPService id="udp-bootps" name="bootps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="67" dst_range_end="67"/>
<UDPService id="id3AEDBE70" name="daytime" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
<UDPService id="udp-DNS" name="domain" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<UDPService id="id3D703C8A" name="interphone" comment="VocalTec Internet Phone" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22555" dst_range_end="22555"/>
<UDPService id="id3B4FEDA5" name="kerberos" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="88" dst_range_end="88"/>
<UDPService id="id3D703C96" name="ICQ" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4000" dst_range_end="4000"/>
<UDPService id="id3CB129D2" name="IKE" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="500" dst_range_end="500"/>
<UDPService id="id3CB131CA" name="PCAnywhere-status" comment="status channel for PCAnywhere v7.52 and later" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5632" dst_range_end="5632"/>
<UDPService id="id3AED0D6B" name="RIP" comment="routing protocol RIP" ro="False" src_range_start="0" src_range_end="0" dst_range_start="520" dst_range_end="520"/>
<UDPService id="id3D703C8C" name="Radius" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1645" dst_range_end="1645"/>
<UDPService id="id3D703C85" name="UDP high ports" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="65535"/>
<UDPService id="id3D703C86" name="Who" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="513" dst_range_end="513"/>
<UDPService id="id3B4FEDA9" name="kerberos-adm" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="749" dst_range_end="750"/>
<UDPService id="id3B4FEDA7" name="kpasswd" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="464" dst_range_end="464"/>
<UDPService id="id3B4FEDAB" name="krb524" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4444" dst_range_end="4444"/>
<UDPService id="id3F865B0D" name="microsoft-rpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="135" dst_range_end="135"/>
<UDPService id="udp-netbios-dgm" name="netbios-dgm" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="138" dst_range_end="138"/>
<UDPService id="udp-netbios-ns" name="netbios-ns" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="137" dst_range_end="137"/>
<UDPService id="udp-netbios-ssn" name="netbios-ssn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="139" dst_range_end="139"/>
<UDPService id="id3B4FEE78" name="nfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2049" dst_range_end="2049"/>
<UDPService id="udp-ntp" name="ntp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="123" dst_range_end="123"/>
<UDPService id="id3B4FEF7E" name="quake" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
<UDPService id="id3D703C88" name="secureid-udp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="1024"/>
<UDPService id="udp-SNMP" name="snmp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="161" dst_range_end="161"/>
<UDPService id="id3AED0D69" name="snmp-trap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="162" dst_range_end="162"/>
<UDPService id="id3AEDBE19" name="sunrpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
<UDPService id="id3AECF780" name="syslog" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="514" dst_range_end="514"/>
<UDPService id="id3AED0D67" name="tftp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="69" dst_range_end="69"/>
<UDPService id="id3AED0D8C" name="traceroute" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="33434" dst_range_end="33524"/>
<UDPService id="id4127EA73" name="rsync" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="873" dst_range_end="873"/>
<UDPService id="id41291783" name="SSDP" comment="Simple Service Discovery Protocol (used for UPnP)" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1900" dst_range_end="1900"/>
<UDPService id="id41291883" name="OpenVPN" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1194" dst_range_end="1194"/>
</ServiceGroup>
</ServiceGroup>
<AnyInterval id="sysid2" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1" name="Any" comment="Any Interval"/>
<AnyInterval id="sysid2" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1" name="Any" comment="Any Interval" ro="False"/>
</Library>
</FWObjectDatabase>

9505
test/ipt/objects-for-regression-tests.fwb
View File

File diff suppressed because it is too large Load Diff

1170
test/ipt/optimizer_test.fwb
View File

@ -1,15 +1,17 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="2.0.3" lastModified="1095039616" id="root">
<Library color="#d2ffd0" id="id413EEA4C" name="User">
<ObjectGroup id="id413EEA4D" name="Objects">
<ObjectGroup id="id413EEA4E" name="Addresses"/>
<ObjectGroup id="id413EEA4F" name="Groups"/>
<ObjectGroup id="id413EEA50" name="Hosts">
<Host comment="" id="id413EEA6D" name="Inside Host 1">
<Interface dyn="False" id="id413EEA6F" label="" name="eth0" security_level="0" unnum="False">
<IPv4 address="10.0.1.1" comment="" id="id413EEA71" name="Inside Host 1:eth0:ip" netmask="255.255.255.0"/>
<InterfacePolicy id="id413EEA70"/>
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" id="root">
<Library id="id413EEA4C" color="#d2ffd0" name="User" comment="" ro="False">
<ObjectGroup id="id413EEA4D_clusters" name="Clusters" comment="" ro="False"/>
<ObjectGroup id="id413EEA4D" name="Objects" comment="" ro="False">
<ObjectGroup id="id413EEA4D_og_ats_1" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id413EEA4D_og_dnsn_1" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id413EEA4E" name="Addresses" comment="" ro="False"/>
<ObjectGroup id="id413EEA4F" name="Groups" comment="" ro="False"/>
<ObjectGroup id="id413EEA50" name="Hosts" comment="" ro="False">
<Host id="id413EEA6D" name="Inside Host 1" comment="" ro="False">
<Interface id="id413EEA6F" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id413EEA71" name="Inside Host 1:eth0:ip" comment="" ro="False" address="10.0.1.1" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -20,10 +22,9 @@
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id413EEA7C" name="Inside Host 2">
<Interface dyn="False" id="id413EEA7F" label="" name="eth0" security_level="0" unnum="False">
<IPv4 address="10.0.1.2" comment="" id="id413EEA81" name="Inside Host 2:eth0:ip" netmask="255.255.255.0"/>
<InterfacePolicy id="id413EEA80"/>
<Host id="id413EEA7C" name="Inside Host 2" comment="" ro="False">
<Interface id="id413EEA7F" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id413EEA81" name="Inside Host 2:eth0:ip" comment="" ro="False" address="10.0.1.2" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -34,10 +35,9 @@
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id413EEA8C" name="Inside Host 3">
<Interface dyn="False" id="id413EEA8F" label="" name="eth0" security_level="0" unnum="False">
<IPv4 address="10.0.1.3" comment="" id="id413EEA91" name="Inside Host 3:eth0:ip" netmask="255.255.255.0"/>
<InterfacePolicy id="id413EEA90"/>
<Host id="id413EEA8C" name="Inside Host 3" comment="" ro="False">
<Interface id="id413EEA8F" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id413EEA91" name="Inside Host 3:eth0:ip" comment="" ro="False" address="10.0.1.3" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -48,10 +48,9 @@
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id413EEA94" name="Inside Host 4">
<Interface dyn="False" id="id413EEA97" label="" name="eth0" security_level="0" unnum="False">
<IPv4 address="10.0.1.4" comment="" id="id413EEA99" name="Inside Host 4:eth0:ip" netmask="255.255.255.0"/>
<InterfacePolicy id="id413EEA98"/>
<Host id="id413EEA94" name="Inside Host 4" comment="" ro="False">
<Interface id="id413EEA97" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id413EEA99" name="Inside Host 4:eth0:ip" comment="" ro="False" address="10.0.1.4" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -62,10 +61,9 @@
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id413EEAA4" name="Outside Host 1">
<Interface dyn="False" id="id413EEAA7" label="" name="eth0" security_level="0" unnum="False">
<IPv4 address="10.0.0.1" comment="" id="id413EEAA9" name="Outside Host 1:eth0:ip" netmask="255.255.255.0"/>
<InterfacePolicy id="id413EEAA8"/>
<Host id="id413EEAA4" name="Outside Host 1" comment="" ro="False">
<Interface id="id413EEAA7" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id413EEAA9" name="Outside Host 1:eth0:ip" comment="" ro="False" address="10.0.0.1" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -76,10 +74,9 @@
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id413EEAB4" name="Outside Host 3">
<Interface dyn="False" id="id413EEAB7" label="" name="eth0" security_level="0" unnum="False">
<IPv4 address="10.0.0.3" comment="" id="id413EEAB9" name="Outside Host 3:eth0:ip" netmask="255.255.255.0"/>
<InterfacePolicy id="id413EEAB8"/>
<Host id="id413EEAB4" name="Outside Host 3" comment="" ro="False">
<Interface id="id413EEAB7" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id413EEAB9" name="Outside Host 3:eth0:ip" comment="" ro="False" address="10.0.0.3" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -90,10 +87,9 @@
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id413EEABC" name="Outside Host 4">
<Interface dyn="False" id="id413EEABF" label="" name="eth0" security_level="0" unnum="False">
<IPv4 address="10.0.0.4" comment="" id="id413EEAC1" name="Outside Host 4:eth0:ip" netmask="255.255.255.0"/>
<InterfacePolicy id="id413EEAC0"/>
<Host id="id413EEABC" name="Outside Host 4" comment="" ro="False">
<Interface id="id413EEABF" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id413EEAC1" name="Outside Host 4:eth0:ip" comment="" ro="False" address="10.0.0.4" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -104,10 +100,9 @@
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id413EEAC4" name="Outside Host 2">
<Interface dyn="False" id="id413EEAC7" label="" name="eth0" security_level="0" unnum="False">
<IPv4 address="10.0.0.2" comment="" id="id413EEAC9" name="Outside Host 2:eth0:ip" netmask="255.255.255.0"/>
<InterfacePolicy id="id413EEAC8"/>
<Host id="id413EEAC4" name="Outside Host 2" comment="" ro="False">
<Interface id="id413EEAC7" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id413EEAC9" name="Outside Host 2:eth0:ip" comment="" ro="False" address="10.0.0.2" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -119,43 +114,30 @@
</HostOptions>
</Host>
</ObjectGroup>
<ObjectGroup id="id413EEA51" name="Networks">
<Network comment="" id="id413EEACC" name="Test Network 1" address="10.0.3.0" netmask="255.255.255.0"/>
<Network comment="DMZ net - using NAT" id="id4145F2F8" name="dmz_net" address="192.168.2.0" netmask="255.255.255.0"/>
<Network comment="" id="id4145F2F7" name="Internal_net" address="192.168.1.0" netmask="255.255.255.0"/>
<ObjectGroup id="id413EEA51" name="Networks" comment="" ro="False">
<Network id="id413EEACC" name="Test Network 1" comment="" ro="False" address="10.0.3.0" netmask="255.255.255.0"/>
<Network id="id4145F2F8" name="dmz_net" comment="DMZ net - using NAT" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<Network id="id4145F2F7" name="Internal_net" comment="" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="id413EEA52" name="Address Ranges"/>
<ObjectGroup id="id413EEA52" name="Address Ranges" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id413EEA53" name="Services">
<ServiceGroup id="id413EEA54" name="Groups"/>
<ServiceGroup id="id413EEA55" name="ICMP"/>
<ServiceGroup id="id413EEA56" name="IP"/>
<ServiceGroup id="id413EEA57" name="TCP"/>
<ServiceGroup id="id413EEA58" name="UDP"/>
<ServiceGroup id="id413EEA59" name="Custom"/>
<ServiceGroup id="id413EEA53" name="Services" comment="" ro="False">
<ServiceGroup id="id413EEA53_userservices" name="Users" comment="" ro="False"/>
<ServiceGroup id="id413EEA53_og_tag_1" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id413EEA54" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id413EEA55" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id413EEA56" name="IP" comment="" ro="False"/>
<ServiceGroup id="id413EEA57" name="TCP" comment="" ro="False"/>
<ServiceGroup id="id413EEA58" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id413EEA59" name="Custom" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id413EEA5A" name="Firewalls">
<Firewall comment="" host_OS="linux24" id="id413EEA5C" name="optitest" platform="iptables" version="1.2.9">
<NAT id="id413EEA60"/>
<Policy id="id413EEA5F">
<PolicyRule action="Accept" comment="Test 0 : Don't Optimize 1 src" disabled="False" id="id413EEF55" log="False" position="0">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 1 : Don't Optimize 1 dst" disabled="False" id="id413EEF0A" log="False" position="1">
<ObjectGroup id="id413EEA5A" name="Firewalls" comment="" ro="False">
<Firewall id="id413EEA5C" host_OS="linux24" lastCompiled="0" lastInstalled="0" lastModified="0" platform="iptables" version="1.2.9" name="optitest" comment="" ro="False">
<NAT id="id413EEA60" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id413EEA5F" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id4145343B" disabled="False" log="False" position="0" action="Accept" direction="Both" comment="Test 1 : Don't Optimize 1 dst">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -165,6 +147,9 @@
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -172,7 +157,7 @@
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 2 : Don't Optimize 1 service" disabled="False" id="id413EEEFF" log="False" position="2">
<PolicyRule id="id41453449" disabled="False" log="False" position="1" action="Accept" direction="Both" comment="Test 2 : Don't Optimize 1 service">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -182,6 +167,9 @@
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -189,7 +177,7 @@
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 3 : Don't Optimize 1 src &amp; 1 dst" disabled="False" id="id413EEF80" log="False" position="3">
<PolicyRule id="id41453457" disabled="False" log="False" position="2" action="Accept" direction="Both" comment="Test 3 : Don't Optimize 1 src &amp; 1 dst">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
@ -199,6 +187,9 @@
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -206,7 +197,7 @@
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 4 : Don't Optimize 1 src &amp; 1 service" disabled="False" id="id413EEFE0" log="False" position="4">
<PolicyRule id="id41453465" disabled="False" log="False" position="3" action="Accept" direction="Both" comment="Test 4 : Don't Optimize 1 src &amp; 1 service">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
@ -216,6 +207,9 @@
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -223,7 +217,7 @@
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 5 : Don't Optimize 1 dst &amp; 1 service" disabled="False" id="id413EEFB4" log="False" position="5">
<PolicyRule id="id41453473" disabled="False" log="False" position="4" action="Accept" direction="Both" comment="Test 5 : Don't Optimize 1 dst &amp; 1 service">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -233,6 +227,9 @@
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -240,7 +237,7 @@
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 6 : Don't Optimize 1 src, 1 dst &amp; 1 service" disabled="False" id="id413EF013" log="False" position="6">
<PolicyRule id="id41453481" disabled="False" log="False" position="5" action="Accept" direction="Both" comment="Test 6 : Don't Optimize 1 src, 1 dst &amp; 1 service">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
@ -250,6 +247,9 @@
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -257,7 +257,7 @@
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 7 : Optimize : src, dst, svc\nTime should appear on the src rules in the FORWARD table\n+Logging\n" disabled="False" id="id413FD6F5" log="True" position="7">
<PolicyRule id="id4145348F" disabled="False" log="True" position="6" action="Accept" direction="Both" comment="Test 7 : Optimize : src, dst, svc&#10;Time should appear on the src rules in the FORWARD table&#10;+Logging&#10;">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
@ -270,6 +270,9 @@
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="id4127EA73"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="id413EEACD"/>
</When>
@ -277,7 +280,7 @@
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 7 : Optimize on service - dsts -&gt; user chain" disabled="False" id="id413EF03D" log="False" position="8">
<PolicyRule id="id414534A0" disabled="False" log="False" position="7" action="Accept" direction="Both" comment="Test 7 : Optimize on service - dsts -&gt; user chain">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -289,6 +292,9 @@
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -296,7 +302,7 @@
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 8 : Optimize on service - srcs -&gt; user chain" disabled="False" id="id413EF062" log="False" position="9">
<PolicyRule id="id414534B0" disabled="False" log="False" position="8" action="Accept" direction="Both" comment="Test 8 : Optimize on service - srcs -&gt; user chain">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
@ -308,6 +314,9 @@
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -315,7 +324,7 @@
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Reject" comment="Test 9 : Optimize on service - srcs -&gt; user chain\n Dst to stay on rule in FORWARD table\n\n+ options TCP RST Reject Test" disabled="False" id="id413EF08B" log="False" position="10">
<PolicyRule id="id414534C0" disabled="False" log="False" position="9" action="Reject" direction="Both" comment="Test 9 : Optimize on service - srcs -&gt; user chain&#10; Dst to stay on rule in FORWARD table&#10;&#10;+ options TCP RST Reject Test">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
@ -327,6 +336,9 @@
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -339,11 +351,11 @@
<Option name="limit_value">0</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">False</Option>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 10 : Optimize on src &amp; dst, services -&gt; user chain\n+ Logging " disabled="False" id="id413F033B" log="True" position="11">
<PolicyRule id="id414534D0" disabled="False" log="True" position="10" action="Accept" direction="Both" comment="Test 10 : Optimize on src &amp; dst, services -&gt; user chain&#10;+ Logging ">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
@ -355,6 +367,9 @@
<ServiceRef ref="id4127EA73"/>
<ServiceRef ref="id3C20EEB5"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -362,7 +377,7 @@
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 11 : Special case - with multiport we shouldn't\noptimize here as all services are TCP and we have &lt;15\nof them\n\nNOT OPTIMUM - We've split before multiport which re-merges multiple services of the same type\nSOLUTION ?" disabled="False" id="id413F0486" log="False" position="12">
<PolicyRule id="id414534E0" disabled="False" log="False" position="11" action="Accept" direction="Both" comment="Test 11 : Special case - with multiport we shouldn't&#10;optimize here as all services are TCP and we have &lt;15&#10;of them&#10;&#10;NOT OPTIMUM - We've split before multiport which re-merges multiple services of the same type&#10;SOLUTION ?">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
@ -373,6 +388,9 @@
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -380,7 +398,7 @@
<Option name="color">#C86E6E</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 12 : Optimize : src, dst, svc\n+ options limit test\n+ logging" disabled="False" id="id413EEACF" log="True" position="13">
<PolicyRule id="id414534EF" disabled="False" log="True" position="12" action="Accept" direction="Both" comment="Test 12 : Optimize : src, dst, svc&#10;+ options limit test&#10;+ logging">
<Src neg="False">
<ObjectRef ref="id413EEA7C"/>
</Src>
@ -395,6 +413,9 @@
<ServiceRef ref="id4127EA73"/>
<ServiceRef ref="id3CB12797"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -411,7 +432,7 @@
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 13 : Optimize : src, dst, svc\nTime should appear on the src rules in the FORWARD table\n+Logging\n\nNOT OPTIMUM : Time appears in Logging\nSOLUTION : Patch logging not to include time?" disabled="False" id="id413EEDC5" log="True" position="14">
<PolicyRule id="id41453502" disabled="False" log="True" position="13" action="Accept" direction="Both" comment="Test 13 : Optimize : src, dst, svc&#10;Time should appear on the src rules in the FORWARD table&#10;+Logging&#10;&#10;NOT OPTIMUM : Time appears in Logging&#10;SOLUTION : Patch logging not to include time?">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
@ -427,6 +448,9 @@
<ServiceRef ref="id4127EA73"/>
<ServiceRef ref="id3CB12797"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="id413EEACD"/>
</When>
@ -434,7 +458,7 @@
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 14 : Optimize : src, dst, svc\nTime should appear on the service rules\nsince we there are two of them and we don't optimize\nfor time (yet!)\n+ Logging\n\nNOT OPTIMUM : Time appears in Logging\nSOLUTION : Patch logging not to include time?" disabled="False" id="id413EEE2D" log="False" position="15">
<PolicyRule id="id41453516" disabled="False" log="False" position="14" action="Accept" direction="Both" comment="Test 14 : Optimize : src, dst, svc&#10;Time should appear on the service rules&#10;since we there are two of them and we don't optimize&#10;for time (yet!)&#10;+ Logging&#10;&#10;NOT OPTIMUM : Time appears in Logging&#10;SOLUTION : Patch logging not to include time?">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
@ -450,6 +474,9 @@
<ServiceRef ref="id4127EA73"/>
<ServiceRef ref="id3CB12797"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="id413EEACD"/>
<IntervalRef ref="id413EEACE"/>
@ -458,7 +485,7 @@
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Reject" comment="Test 15 : Don't optimize if we have limit options" disabled="False" id="id413F065C" log="False" position="16">
<PolicyRule id="id4145352B" disabled="False" log="False" position="15" action="Reject" direction="Both" comment="Test 15 : Don't optimize if we have limit options">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
@ -468,6 +495,9 @@
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -480,11 +510,11 @@
<Option name="limit_value">8</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">False</Option>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="Test 16 : Check INPUT/OUPUT with FW part of rule" disabled="False" id="id413F0C67" log="True" position="17">
<PolicyRule id="id41453539" disabled="False" log="True" position="16" action="Deny" direction="Both" comment="Test 16 : Check INPUT/OUPUT with FW part of rule">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -495,6 +525,215 @@
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4145342D" disabled="False" log="False" position="17" action="Accept" direction="Both" comment="Test 0 : Don't Optimize 1 src">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id413EEA61"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413EEF55" disabled="False" log="False" position="18" action="Accept" direction="Both" comment="Test 0 : Don't Optimize 1 src">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413EEF0A" disabled="False" log="False" position="19" action="Accept" direction="Both" comment="Test 1 : Don't Optimize 1 dst">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413EEEFF" disabled="False" log="False" position="20" action="Accept" direction="Both" comment="Test 2 : Don't Optimize 1 service">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413EEF80" disabled="False" log="False" position="21" action="Accept" direction="Both" comment="Test 3 : Don't Optimize 1 src &amp; 1 dst">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413EEFE0" disabled="False" log="False" position="22" action="Accept" direction="Both" comment="Test 4 : Don't Optimize 1 src &amp; 1 service">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413EEFB4" disabled="False" log="False" position="23" action="Accept" direction="Both" comment="Test 5 : Don't Optimize 1 dst &amp; 1 service">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413EF013" disabled="False" log="False" position="24" action="Accept" direction="Both" comment="Test 6 : Don't Optimize 1 src, 1 dst &amp; 1 service">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413FD6F5" disabled="False" log="True" position="25" action="Accept" direction="Both" comment="Test 7 : Optimize : src, dst, svc&#10;Time should appear on the src rules in the FORWARD table&#10;+Logging&#10;">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
<ObjectRef ref="id413EEAC4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="id4127EA73"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="id413EEACD"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413EF03D" disabled="False" log="False" position="26" action="Accept" direction="Both" comment="Test 7 : Optimize on service - dsts -&gt; user chain">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
<ObjectRef ref="id413EEAC4"/>
<ObjectRef ref="id413EEAB4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -502,383 +741,253 @@
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413EF062" disabled="False" log="False" position="27" action="Accept" direction="Both" comment="Test 8 : Optimize on service - srcs -&gt; user chain">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
<ObjectRef ref="id413EEA8C"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413EF08B" disabled="False" log="False" position="28" action="Reject" direction="Both" comment="Test 9 : Optimize on service - srcs -&gt; user chain&#10; Dst to stay on rule in FORWARD table&#10;&#10;+ options TCP RST Reject Test">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
<ObjectRef ref="id413EEA8C"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject">TCP RST</Option>
<Option name="color">#8BC065</Option>
<Option name="firewall_is_part_of_any_and_networks">False</Option>
<Option name="limit_burst">0</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413F033B" disabled="False" log="True" position="29" action="Accept" direction="Both" comment="Test 10 : Optimize on src &amp; dst, services -&gt; user chain&#10;+ Logging ">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="id4127EA73"/>
<ServiceRef ref="id3C20EEB5"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413F0486" disabled="False" log="False" position="30" action="Accept" direction="Both" comment="Test 11 : Special case - with multiport we shouldn't&#10;optimize here as all services are TCP and we have &lt;15&#10;of them&#10;&#10;NOT OPTIMUM - We've split before multiport which re-merges multiple services of the same type&#10;SOLUTION ?">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413EEACF" disabled="False" log="True" position="31" action="Accept" direction="Both" comment="Test 12 : Optimize : src, dst, svc&#10;+ options limit test&#10;+ logging">
<Src neg="False">
<ObjectRef ref="id413EEA7C"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
<ObjectRef ref="id413EEAC4"/>
<ObjectRef ref="id413EEAB4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="id3C20EEB5"/>
<ServiceRef ref="id4127EA73"/>
<ServiceRef ref="id3CB12797"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="color">#8BC065</Option>
<Option name="firewall_is_part_of_any_and_networks">False</Option>
<Option name="limit_burst">4</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">8</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413EEDC5" disabled="False" log="True" position="32" action="Accept" direction="Both" comment="Test 13 : Optimize : src, dst, svc&#10;Time should appear on the src rules in the FORWARD table&#10;+Logging&#10;&#10;NOT OPTIMUM : Time appears in Logging&#10;SOLUTION : Patch logging not to include time?">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
<ObjectRef ref="id413EEAC4"/>
<ObjectRef ref="id413EEAB4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="id3C20EEB5"/>
<ServiceRef ref="id4127EA73"/>
<ServiceRef ref="id3CB12797"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="id413EEACD"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413EEE2D" disabled="False" log="False" position="33" action="Accept" direction="Both" comment="Test 14 : Optimize : src, dst, svc&#10;Time should appear on the service rules&#10;since we there are two of them and we don't optimize&#10;for time (yet!)&#10;+ Logging&#10;&#10;NOT OPTIMUM : Time appears in Logging&#10;SOLUTION : Patch logging not to include time?">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
<ObjectRef ref="id413EEAC4"/>
<ObjectRef ref="id413EEAB4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="id3C20EEB5"/>
<ServiceRef ref="id4127EA73"/>
<ServiceRef ref="id3CB12797"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="id413EEACD"/>
<IntervalRef ref="id413EEACE"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413F065C" disabled="False" log="False" position="34" action="Reject" direction="Both" comment="Test 15 : Don't optimize if we have limit options">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAC4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject">TCP RST</Option>
<Option name="color">#7694C0</Option>
<Option name="firewall_is_part_of_any_and_networks">False</Option>
<Option name="limit_burst">4</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">8</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id413F0C67" disabled="False" log="True" position="35" action="Deny" direction="Both" comment="Test 16 : Check INPUT/OUPUT with FW part of rule">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEA5C"/>
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Interface dyn="False" id="id413EEA61" label="Outside" name="eth0" security_level="0" unnum="False">
<IPv4 address="10.0.0.254" comment="" id="id413EEA63" name="optitest:eth0:ip" netmask="255.255.255.0"/>
<InterfacePolicy id="id413EEA62">
<PolicyRule action="Accept" comment="Test 1 : Don't Optimize 1 dst" direction="Both" disabled="False" id="id4145343B" log="False" position="0">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 2 : Don't Optimize 1 service" direction="Both" disabled="False" id="id41453449" log="False" position="1">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 3 : Don't Optimize 1 src &amp; 1 dst" direction="Both" disabled="False" id="id41453457" log="False" position="2">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 4 : Don't Optimize 1 src &amp; 1 service" direction="Both" disabled="False" id="id41453465" log="False" position="3">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 5 : Don't Optimize 1 dst &amp; 1 service" direction="Both" disabled="False" id="id41453473" log="False" position="4">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 6 : Don't Optimize 1 src, 1 dst &amp; 1 service" direction="Both" disabled="False" id="id41453481" log="False" position="5">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 7 : Optimize : src, dst, svc\nTime should appear on the src rules in the FORWARD table\n+Logging\n" direction="Both" disabled="False" id="id4145348F" log="True" position="6">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
<ObjectRef ref="id413EEAC4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="id4127EA73"/>
</Srv>
<When neg="False">
<IntervalRef ref="id413EEACD"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 7 : Optimize on service - dsts -&gt; user chain" direction="Both" disabled="False" id="id414534A0" log="False" position="7">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
<ObjectRef ref="id413EEAC4"/>
<ObjectRef ref="id413EEAB4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 8 : Optimize on service - srcs -&gt; user chain" direction="Both" disabled="False" id="id414534B0" log="False" position="8">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
<ObjectRef ref="id413EEA8C"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Reject" comment="Test 9 : Optimize on service - srcs -&gt; user chain\n Dst to stay on rule in FORWARD table\n\n+ options TCP RST Reject Test" direction="Both" disabled="False" id="id414534C0" log="False" position="9">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
<ObjectRef ref="id413EEA8C"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject">TCP RST</Option>
<Option name="color">#8BC065</Option>
<Option name="firewall_is_part_of_any_and_networks">False</Option>
<Option name="limit_burst">0</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 10 : Optimize on src &amp; dst, services -&gt; user chain\n+ Logging " direction="Both" disabled="False" id="id414534D0" log="True" position="10">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="id4127EA73"/>
<ServiceRef ref="id3C20EEB5"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 11 : Special case - with multiport we shouldn't\noptimize here as all services are TCP and we have &lt;15\nof them\n\nNOT OPTIMUM - We've split before multiport which re-merges multiple services of the same type\nSOLUTION ?" direction="Both" disabled="False" id="id414534E0" log="False" position="11">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C86E6E</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 12 : Optimize : src, dst, svc\n+ options limit test\n+ logging" direction="Both" disabled="False" id="id414534EF" log="True" position="12">
<Src neg="False">
<ObjectRef ref="id413EEA7C"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
<ObjectRef ref="id413EEAC4"/>
<ObjectRef ref="id413EEAB4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="id3C20EEB5"/>
<ServiceRef ref="id4127EA73"/>
<ServiceRef ref="id3CB12797"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="color">#8BC065</Option>
<Option name="firewall_is_part_of_any_and_networks">False</Option>
<Option name="limit_burst">4</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">8</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 13 : Optimize : src, dst, svc\nTime should appear on the src rules in the FORWARD table\n+Logging\n\nNOT OPTIMUM : Time appears in Logging\nSOLUTION : Patch logging not to include time?" direction="Both" disabled="False" id="id41453502" log="True" position="13">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
<ObjectRef ref="id413EEAC4"/>
<ObjectRef ref="id413EEAB4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="id3C20EEB5"/>
<ServiceRef ref="id4127EA73"/>
<ServiceRef ref="id3CB12797"/>
</Srv>
<When neg="False">
<IntervalRef ref="id413EEACD"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 14 : Optimize : src, dst, svc\nTime should appear on the service rules\nsince we there are two of them and we don't optimize\nfor time (yet!)\n+ Logging\n\nNOT OPTIMUM : Time appears in Logging\nSOLUTION : Patch logging not to include time?" direction="Both" disabled="False" id="id41453516" log="False" position="14">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
<ObjectRef ref="id413EEA7C"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAA4"/>
<ObjectRef ref="id413EEAC4"/>
<ObjectRef ref="id413EEAB4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
<ServiceRef ref="id3C20EEB5"/>
<ServiceRef ref="id4127EA73"/>
<ServiceRef ref="id3CB12797"/>
</Srv>
<When neg="False">
<IntervalRef ref="id413EEACD"/>
<IntervalRef ref="id413EEACE"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Reject" comment="Test 15 : Don't optimize if we have limit options" direction="Both" disabled="False" id="id4145352B" log="False" position="15">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEAC4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject">TCP RST</Option>
<Option name="color">#7694C0</Option>
<Option name="firewall_is_part_of_any_and_networks">False</Option>
<Option name="limit_burst">4</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">8</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">False</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" comment="Test 16 : Check INPUT/OUPUT with FW part of rule" direction="Both" disabled="False" id="id41453539" log="True" position="16">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id413EEA5C"/>
<ObjectRef ref="id413EEAA4"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-FTP"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#8BC065</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="Test 0 : Don't Optimize 1 src" direction="Both" disabled="False" id="id4145342D" log="False" position="17">
<Src neg="False">
<ObjectRef ref="id413EEA6D"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#7694C0</Option>
</PolicyRuleOptions>
</PolicyRule>
</InterfacePolicy>
<Routing id="id413EEA5C-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id413EEA61" dedicated_failover="False" dyn="False" label="Outside" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id413EEA63" name="optitest:eth0:ip" comment="" ro="False" address="10.0.0.254" netmask="255.255.255.0"/>
</Interface>
<Interface comment="" dyn="False" id="id413EEA64" label="Inside" mgmt="True" name="eth1" security_level="100" unnum="False">
<IPv4 address="10.0.1.254" comment="" id="id413EEA66" name="optitest:eth1:ip" netmask="255.255.255.0"/>
<InterfacePolicy id="id413EEA65"/>
<Interface id="id413EEA64" dedicated_failover="False" dyn="False" label="Inside" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id413EEA66" name="optitest:eth1:ip" comment="" ro="False" address="10.0.1.254" netmask="255.255.255.0"/>
</Interface>
<Interface dyn="False" id="id413EEA67" label="DMZ" name="eth2" security_level="100" unnum="False">
<IPv4 address="10.0.2.254" comment="" id="id413EEA69" name="optitest:eth2:ip" netmask="255.255.255.0"/>
<InterfacePolicy id="id413EEA68"/>
<Interface id="id413EEA67" dedicated_failover="False" dyn="False" label="DMZ" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id413EEA69" name="optitest:eth2:ip" comment="" ro="False" address="10.0.2.254" netmask="255.255.255.0"/>
</Interface>
<Management address="10.0.1.254">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -972,10 +1081,12 @@
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="testing rules with action-on-reject &quot;TCP reset&quot;\n" host_OS="linux24" id="id4145F25F" name="firewall99" platform="iptables" version="">
<NAT id="id4145F2E2"/>
<Policy id="id4145F264">
<PolicyRule action="Reject" disabled="False" id="id4145F2B5" log="False" position="0">
<Firewall id="id4145F25F" host_OS="linux24" lastCompiled="0" lastInstalled="0" lastModified="0" platform="iptables" version="" name="firewall99" comment="testing rules with action-on-reject &quot;TCP reset&quot;&#10;" ro="False">
<NAT id="id4145F2E2" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id4145F264" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id4145F2B5" disabled="False" log="False" position="0" action="Reject" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id4145F2F7"/>
</Src>
@ -985,6 +1096,9 @@
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -996,11 +1110,11 @@
<Option name="limit_value">0</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">False</Option>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Reject" comment="" disabled="False" id="id4145F2BF" log="False" position="1">
<PolicyRule id="id4145F2BF" disabled="False" log="False" position="1" action="Reject" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id4145F2F7"/>
<ObjectRef ref="id4145F2F8"/>
@ -1011,6 +1125,9 @@
<Srv neg="False">
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -1022,11 +1139,11 @@
<Option name="limit_value">0</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">False</Option>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Reject" comment="" disabled="False" id="id4145F2CA" log="False" position="2">
<PolicyRule id="id4145F2CA" disabled="False" log="False" position="2" action="Reject" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id4145F2F7"/>
<ObjectRef ref="id4145F2F8"/>
@ -1038,6 +1155,9 @@
<ServiceRef ref="tcp-HTTP"/>
<ServiceRef ref="icmp-Unreachables"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -1049,11 +1169,11 @@
<Option name="limit_value">0</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">False</Option>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Reject" comment="" disabled="False" id="id4145F2D6" log="False" position="3">
<PolicyRule id="id4145F2D6" disabled="False" log="False" position="3" action="Reject" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="id4145F2F7"/>
<ObjectRef ref="id4145F2F8"/>
@ -1065,6 +1185,9 @@
<ServiceRef ref="icmp-Unreachables"/>
<ServiceRef ref="tcp-FTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
@ -1076,22 +1199,23 @@
<Option name="limit_value">0</Option>
<Option name="log_level"></Option>
<Option name="log_prefix"></Option>
<Option name="stateless">False</Option>
<Option name="stateless">True</Option>
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Interface comment="" dyn="False" id="id4145F2E3" label="" mgmt="True" name="eth0" security_level="100" unnum="False">
<IPv4 address="192.168.1.1" id="id4145F2E7" name="firewall99:eth0:ip" netmask="255.255.255.0"/>
<InterfacePolicy id="id4145F2E6"/>
<Routing id="id4145F25F-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id4145F2E3" dedicated_failover="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id4145F2E7" name="firewall99:eth0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface dyn="False" id="id4145F2E8" name="eth1" security_level="0" unnum="False">
<IPv4 address="22.22.22.22" id="id4145F2EC" name="firewall99:eth1:ip" netmask="255.255.255.0"/>
<InterfacePolicy id="id4145F2EB"/>
<Interface id="id4145F2E8" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id4145F2EC" name="firewall99:eth1:ip" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface dyn="False" id="id4145F2ED" name="lo" security_level="100" unnum="False">
<IPv4 address="127.0.0.1" id="id4145F2F1" name="firewall99:lo:ip" netmask="255.0.0.0"/>
<InterfacePolicy id="id4145F2F0"/>
<Interface id="id4145F2ED" dedicated_failover="False" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id4145F2F1" name="firewall99:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -1156,51 +1280,57 @@
</FirewallOptions>
</Firewall>
</ObjectGroup>
<IntervalGroup id="id413EEA5B" name="Time">
<Interval comment="" from_day="28" from_hour="0" from_minute="0" from_month="2" from_weekday="-1" from_year="2935093" id="id413EEACD" name="Mornings Only" to_day="28" to_hour="11" to_minute="59" to_month="2" to_weekday="-1" to_year="2935093"/>
<Interval comment="" from_day="28" from_hour="12" from_minute="0" from_month="2" from_weekday="-1" from_year="2935093" id="id413EEACE" name="Afternoons Only" to_day="28" to_hour="23" to_minute="59" to_month="2" to_weekday="-1" to_year="2935093"/>
<IntervalGroup id="id413EEA5B" name="Time" comment="" ro="False">
<Interval id="id413EEACD" days_of_week="0,1,2,3,4,5,6" from_day="28" from_hour="0" from_minute="0" from_month="2" from_weekday="-1" from_year="2935093" to_day="28" to_hour="11" to_minute="59" to_month="2" to_weekday="-1" to_year="2935093" name="Mornings Only" comment="" ro="False"/>
<Interval id="id413EEACE" days_of_week="0,1,2,3,4,5,6" from_day="28" from_hour="12" from_minute="0" from_month="2" from_weekday="-1" from_year="2935093" to_day="28" to_hour="23" to_minute="59" to_month="2" to_weekday="-1" to_year="2935093" name="Afternoons Only" comment="" ro="False"/>
</IntervalGroup>
</Library>
<Library id="sysid99" name="Deleted Objects" ro="False">
<ObjectRef ref="sysid0"/>
<Library color="#FFFFFF" comment="" id="id4145F24F" name="tmp" ro="False">
<ObjectGroup id="id4145F250" name="Objects">
<ObjectGroup id="id4145F251" name="Addresses"/>
<ObjectGroup id="id4145F252" name="Groups"/>
<ObjectGroup id="id4145F253" name="Hosts"/>
<ObjectGroup id="id4145F254" name="Networks"/>
<ObjectGroup id="id4145F255" name="Address Ranges"/>
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<Library id="id4145F24F" color="#FFFFFF" name="tmp" comment="" ro="False">
<ObjectGroup id="id4145F250_clusters" name="Clusters" comment="" ro="False"/>
<ObjectGroup id="id4145F250" name="Objects" comment="" ro="False">
<ObjectGroup id="id4145F250_og_ats_1" name="Address Tables" comment="" ro="False"/>
<ObjectGroup id="id4145F250_og_dnsn_1" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id4145F251" name="Addresses" comment="" ro="False"/>
<ObjectGroup id="id4145F252" name="Groups" comment="" ro="False"/>
<ObjectGroup id="id4145F253" name="Hosts" comment="" ro="False"/>
<ObjectGroup id="id4145F254" name="Networks" comment="" ro="False"/>
<ObjectGroup id="id4145F255" name="Address Ranges" comment="" ro="False"/>
</ObjectGroup>
<ServiceGroup id="id4145F256" name="Services">
<ServiceGroup id="id4145F257" name="Groups"/>
<ServiceGroup id="id4145F258" name="ICMP"/>
<ServiceGroup id="id4145F259" name="IP"/>
<ServiceGroup id="id4145F25A" name="TCP"/>
<ServiceGroup id="id4145F25B" name="UDP"/>
<ServiceGroup id="id4145F25C" name="Custom"/>
<ServiceGroup id="id4145F256" name="Services" comment="" ro="False">
<ServiceGroup id="id4145F256_userservices" name="Users" comment="" ro="False"/>
<ServiceGroup id="id4145F256_og_tag_1" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="id4145F257" name="Groups" comment="" ro="False"/>
<ServiceGroup id="id4145F258" name="ICMP" comment="" ro="False"/>
<ServiceGroup id="id4145F259" name="IP" comment="" ro="False"/>
<ServiceGroup id="id4145F25A" name="TCP" comment="" ro="False"/>
<ServiceGroup id="id4145F25B" name="UDP" comment="" ro="False"/>
<ServiceGroup id="id4145F25C" name="Custom" comment="" ro="False"/>
</ServiceGroup>
<ObjectGroup id="id4145F25D" name="Firewalls"/>
<IntervalGroup id="id4145F25E" name="Time"/>
<ObjectGroup id="id4145F25D" name="Firewalls" comment="" ro="False"/>
<IntervalGroup id="id4145F25E" name="Time" comment="" ro="False"/>
</Library>
</Library>
<Library color="#d4f8ff" comment="Standard objects" id="syslib000" name="Standard" ro="True">
<AnyNetwork comment="Any Network" id="sysid0" name="Any" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService comment="Any IP Service" id="sysid1" name="Any" protocol_num="0"/>
<AnyInterval comment="Any Interval" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" id="sysid2" name="Any" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1"/>
<ServiceGroup id="stdid05" name="Services">
<ServiceGroup id="stdid09" name="TCP">
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="80" dst_range_start="80" fin_flag="False" fin_flag_mask="False" id="tcp-HTTP" name="http" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="21" dst_range_start="21" fin_flag="False" fin_flag_mask="False" id="tcp-FTP" name="ftp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
<AnyInterval id="sysid2" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1" name="Any" comment="Any Interval" ro="False"/>
<ServiceGroup id="stdid05" name="Services" comment="" ro="False">
<ServiceGroup id="stdid05_userservices" name="Users" comment="" ro="False"/>
<ServiceGroup id="stdid05_og_tag_1" name="TagServices" comment="" ro="False"/>
<ServiceGroup id="stdid09" name="TCP" comment="" ro="False">
<TCPService id="tcp-HTTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="http" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
<TCPService id="tcp-FTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="21" dst_range_end="21"/>
</ServiceGroup>
<ServiceGroup id="stdid08" name="UDP">
<UDPService comment="" dst_range_end="873" dst_range_start="873" id="id4127EA73" name="rsync" src_range_end="0" src_range_start="0"/>
<ServiceGroup id="stdid08" name="UDP" comment="" ro="False">
<UDPService id="id4127EA73" name="rsync" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="873" dst_range_end="873"/>
</ServiceGroup>
<ServiceGroup id="stdid07" name="ICMP">
<ICMPService code="-1" comment="" id="id3C20EEB5" name="any ICMP" type="-1"/>
<ICMPService code="-1" comment="" id="icmp-Unreachables" name="all ICMP unreachables" type="3"/>
<ServiceGroup id="stdid07" name="ICMP" comment="" ro="False">
<ICMPService id="id3C20EEB5" code="-1" type="-1" name="any ICMP" comment="" ro="False"/>
<ICMPService id="icmp-Unreachables" code="-1" type="3" name="all ICMP unreachables" comment="" ro="False"/>
</ServiceGroup>
<ServiceGroup id="stdid06" name="IP">
<IPService comment="IPSEC Authentication Header Protocol" fragm="False" id="id3CB12797" lsrr="False" name="AH" protocol_num="51" rr="False" short_fragm="False" ssrr="False" ts="False"/>
<ServiceGroup id="stdid06" name="IP" comment="" ro="False">
<IPService id="id3CB12797" fragm="False" lsrr="False" protocol_num="51" rr="False" short_fragm="False" ssrr="False" ts="False" name="AH" comment="IPSEC Authentication Header Protocol" ro="False"/>
</ServiceGroup>
</ServiceGroup>
</Library>

2
test/pf/cluster-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="15" lastModified="1247165520" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="1247165520" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<StateSyncClusterGroup id="id3505X94039" type="conntrack" name="State Sync Group-1" comment="">
<ClusterGroupOptions/>

602
test/pf/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="15" lastModified="1263599226" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="1263953850" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<ICMP6Service id="idE0C27650" code="0" type="1" name="ipv6 dest unreachable" comment="No route to destination" ro="False"/>
<Library id="id40E233F3" color="#FFFFFF" name="West Coast" comment="" ro="False">
@ -1088,6 +1088,7 @@
</FirewallOptions>
</Firewall>
<IPv4 id="id20241X55531" name="firewall80:en1:ip-1" comment="" ro="False" address="33.33.33.33" netmask="255.255.255.0"/>
<IPv4 id="id20710X27133" name="fw2:eth3:ip" comment="" ro="False" address="22.22.23.23" netmask="255.255.255.0"/>
</Library>
<Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects" ro="False">
<ObjectGroup id="stdid01_1_clusters" name="Clusters" comment="" ro="False"/>
@ -1634,6 +1635,7 @@
<TCPService id="id79496X23273" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0-0:22-22" comment="Imported from &quot;c3620&quot;&#10;0-0:22-22" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
<TCPService id="id80030X23273" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="False" name="New TCP Service 1" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1" dst_range_end="1"/>
<TCPService id="id45517X93766" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp-proxy" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="8021" dst_range_end="8021"/>
<TCPService id="id438265X27177" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="src-tcp" comment="port range" ro="False" src_range_start="1000" src_range_end="2000" dst_range_start="0" dst_range_end="0"/>
</ServiceGroup>
<ServiceGroup id="stdid08_1" name="UDP" comment="" ro="False">
<UDPService id="id78911X23273" name="udp-src-6767" comment="" ro="False" src_range_start="6767" src_range_end="6767" dst_range_start="0" dst_range_end="0"/>
@ -4756,7 +4758,7 @@
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3B0C6380" host_OS="openbsd" inactive="False" lastCompiled="1261961538" lastInstalled="0" lastModified="1261961517" platform="pf" version="" name="firewall4" comment="this object is used to test a configuration where firewall has dynamic address " ro="False">
<Firewall id="id3B0C6380" host_OS="openbsd" inactive="False" lastCompiled="1261961538" lastInstalled="0" lastModified="1263950493" platform="pf" version="" name="firewall4" comment="this object is used to test a configuration where firewall has dynamic address " ro="False">
<NAT id="id3B0C6381" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3B0C6382" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
@ -17703,6 +17705,602 @@
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id20689X27133" host_OS="openbsd" inactive="False" lastCompiled="1261961536" lastInstalled="0" lastModified="1263954178" platform="pf" version="" name="firewall2-1" comment="testing different errors in NATCompiler_pf::VerifyRules&#10;" ro="False">
<NAT id="id20900X27133" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id85391X27133" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id20697X27133"/>
<ObjectRef ref="id20702X27133"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id21433X27133" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id20702X27133"/>
</ODst>
<OSrv neg="True">
<ServiceRef ref="id3B5009F7"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id195657X27133" disabled="False" group="" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id20702X27133"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id389298X27133" disabled="False" group="" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="True">
<ObjectRef ref="id20702X27133"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id20910X27177" disabled="False" group="" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id20702X27133"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="True">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id169032X27177" disabled="False" group="" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id20702X27133"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="True">
<ServiceRef ref="id78996X23273"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id271008X27177" disabled="False" group="" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id20702X27133"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3E59AD29"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3B5009F7"/>
<ServiceRef ref="id78996X23273"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id326659X27177" disabled="False" group="" position="7" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id20702X27133"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3E59AD29"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="id3CD878C8"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id382417X27177" disabled="False" group="" position="8" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id438265X27177"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id503211X27177" disabled="False" group="" position="9" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id20707X27133"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id559169X27177" disabled="False" group="" position="10" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id20702X27133"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3E59AD29"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id615239X27177" disabled="False" group="" position="11" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id20702X27133"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3E59AD29"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="host-hostB"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id671450X27177" disabled="False" group="" position="12" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id20702X27133"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3E59AD29"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="id43F7DCF831316"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id727757X27177" disabled="False" group="" position="13" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id20702X27133"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3E59AD29"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="net-Internal_net"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id831403X27177" disabled="False" group="" position="14" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id43F7DCF631316"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id887931X27177" disabled="False" group="" position="15" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id43F7DCF631316"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="net-Internal_net"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id944562X27177" disabled="False" group="" position="16" action="NATBranch" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3E59AD29"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id1001336X27177" disabled="False" group="" position="17" action="NATBranch" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id3E59AD29"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="branch_id">id20900X27133</Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"></Option>
<Option name="ipf_route_option">route_through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"></Option>
<Option name="ipt_iif"></Option>
<Option name="ipt_mark_connections">False</Option>
<Option name="ipt_oif"></Option>
<Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_route_load_option">none</Option>
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_option">none</Option>
<Option name="rule_name_accounting"></Option>
</NATRuleOptions>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id20722X27133" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id20887X27133" disabled="False" log="True" position="0" action="Deny" direction="Both" comment="'catch all' rule">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id21346X27133" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id20697X27133" dedicated_failover="False" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id20700X27133" name="fw2:eth0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id20702X27133" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id20705X27133" name="fw2:eth1:ip" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id20707X27133" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="True" unprotected="False" name="eth3" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id20712X27133" dedicated_failover="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id20715X27133" name="fw2:eth2:ip" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id20717X27133" dedicated_failover="False" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id20720X27133" name="lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.2.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="conf_file_name_on_firewall"></Option>
<Option name="configure_carp_interfaces">False</Option>
<Option name="configure_interfaces">False</Option>
<Option name="configure_pfsync_interfaces">False</Option>
<Option name="configure_vlan_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"></Option>
<Option name="fallback_log">False</Option>
<Option name="firewall_dir"></Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="id"></Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix">/second</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects">0</Option>
<Option name="linux24_accept_source_route">0</Option>
<Option name="linux24_icmp_echo_ignore_all">1</Option>
<Option name="linux24_icmp_ignore_bogus_error_responses">1</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="linux24_log_martians">1</Option>
<Option name="linux24_rp_filter">1</Option>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="load_modules">False</Option>
<Option name="log_all_dropped">True</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix">RULE %N - %A **</Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr">192.168.1.100</Option>
<Option name="mgmt_ssh">True</Option>
<Option name="modulate_state">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="openbsd_path_pfctl"></Option>
<Option name="openbsd_path_sysctl"></Option>
<Option name="output_file"></Option>
<Option name="pass_all_out">False</Option>
<Option name="pf_adaptive_end">0</Option>
<Option name="pf_adaptive_start">0</Option>
<Option name="pf_do_limit_frags">True</Option>
<Option name="pf_do_limit_src_nodes">False</Option>
<Option name="pf_do_limit_states">True</Option>
<Option name="pf_do_limit_table_entries">False</Option>
<Option name="pf_do_limit_tables">False</Option>
<Option name="pf_do_scrub">True</Option>
<Option name="pf_do_timeout_frag">False</Option>
<Option name="pf_do_timeout_interval">False</Option>
<Option name="pf_flush_states">False</Option>
<Option name="pf_icmp_error">0</Option>
<Option name="pf_icmp_first">0</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_src_nodes">0</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_limit_table_entries">0</Option>
<Option name="pf_limit_tables">0</Option>
<Option name="pf_modulate_state">False</Option>
<Option name="pf_optimization">aggressive</Option>
<Option name="pf_other_first">0</Option>
<Option name="pf_other_multiple">0</Option>
<Option name="pf_other_single">0</Option>
<Option name="pf_scrub_fragm_crop">False</Option>
<Option name="pf_scrub_fragm_drop_ovl">False</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_scrub_minttl">32</Option>
<Option name="pf_scrub_no_df">True</Option>
<Option name="pf_scrub_random_id">True</Option>
<Option name="pf_scrub_reassemble">True</Option>
<Option name="pf_scrub_use_maxmss">True</Option>
<Option name="pf_scrub_use_minttl">True</Option>
<Option name="pf_set_adaptive">False</Option>
<Option name="pf_set_icmp_error">False</Option>
<Option name="pf_set_icmp_first">False</Option>
<Option name="pf_set_other_first">False</Option>
<Option name="pf_set_other_multiple">False</Option>
<Option name="pf_set_other_single">False</Option>
<Option name="pf_set_tcp_closed">False</Option>
<Option name="pf_set_tcp_closing">False</Option>
<Option name="pf_set_tcp_established">True</Option>
<Option name="pf_set_tcp_finwait">False</Option>
<Option name="pf_set_tcp_first">True</Option>
<Option name="pf_set_tcp_opening">True</Option>
<Option name="pf_set_udp_first">False</Option>
<Option name="pf_set_udp_multiple">False</Option>
<Option name="pf_set_udp_single">False</Option>
<Option name="pf_state_policy"></Option>
<Option name="pf_tcp_closed">0</Option>
<Option name="pf_tcp_closing">0</Option>
<Option name="pf_tcp_established">10</Option>
<Option name="pf_tcp_finwait">0</Option>
<Option name="pf_tcp_first">5</Option>
<Option name="pf_tcp_opening">5</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pf_udp_first">0</Option>
<Option name="pf_udp_multiple">0</Option>
<Option name="pf_udp_single">0</Option>
<Option name="platform">iptables</Option>
<Option name="prolog_place">pf_file_after_set</Option>
<Option name="prolog_script"># prolog
# prolog commands go after set commands
</Option>
<Option name="proxy_arp">True</Option>
<Option name="scpArgs"></Option>
<Option name="script_env_path"></Option>
<Option name="script_name_on_firewall"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="use_ip_tool">True</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<IntervalGroup id="stdid11_1" name="Time" comment="" ro="False"/>
</Library>

2
test/pix/cluster-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="15" lastModified="1258406412" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="1258406412" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<Interface id="id3213X42281" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="vrrp2" comment="" ro="False">
<InterfaceOptions>