onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-05-01 22:57:33 +02:00
Code Issues Releases Wiki Activity

test case, refs #1928

Browse Source
This commit is contained in:
Vadim Kurland 2011-01-13 18:03:54 -08:00
parent a04135be61
commit 0f99325869
36 changed files with 160 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
test/pix/cluster1-1_pix1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:42 2011 PST by vadim
! Generated Thu Jan 13 18:02:32 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/cluster1-1_pix2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:42 2011 PST by vadim
! Generated Thu Jan 13 18:02:32 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/cluster1_pix1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:42 2011 PST by vadim
! Generated Thu Jan 13 18:02:32 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/cluster1_pix2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:42 2011 PST by vadim
! Generated Thu Jan 13 18:02:32 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:18 2011 PST by vadim
! Generated Thu Jan 13 18:02:07 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:19 2011 PST by vadim
! Generated Thu Jan 13 18:02:08 2011 PST by vadim
!
! Compiled for pix 6.1
! Outbound ACLs: not supported

4
test/pix/firewall10.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:19 2011 PST by vadim
! Generated Thu Jan 13 18:02:09 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall11.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:20 2011 PST by vadim
! Generated Thu Jan 13 18:02:10 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall12.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:21 2011 PST by vadim
! Generated Thu Jan 13 18:02:10 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall13.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:21 2011 PST by vadim
! Generated Thu Jan 13 18:02:11 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall14.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:22 2011 PST by vadim
! Generated Thu Jan 13 18:02:12 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:23 2011 PST by vadim
! Generated Thu Jan 13 18:02:12 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall20.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:23 2011 PST by vadim
! Generated Thu Jan 13 18:02:13 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall21-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:25 2011 PST by vadim
! Generated Thu Jan 13 18:02:14 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall21.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:24 2011 PST by vadim
! Generated Thu Jan 13 18:02:14 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall22.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:26 2011 PST by vadim
! Generated Thu Jan 13 18:02:15 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:26 2011 PST by vadim
! Generated Thu Jan 13 18:02:16 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall33.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:27 2011 PST by vadim
! Generated Thu Jan 13 18:02:17 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall34.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:28 2011 PST by vadim
! Generated Thu Jan 13 18:02:18 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall4.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:29 2011 PST by vadim
! Generated Thu Jan 13 18:02:18 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall50.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:29 2011 PST by vadim
! Generated Thu Jan 13 18:02:19 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall6.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:30 2011 PST by vadim
! Generated Thu Jan 13 18:02:20 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall8.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:31 2011 PST by vadim
! Generated Thu Jan 13 18:02:21 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

4
test/pix/firewall80.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:32 2011 PST by vadim
! Generated Thu Jan 13 18:02:21 2011 PST by vadim
!
! Compiled for pix 8.2
! Outbound ACLs: supported

4
test/pix/firewall81.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:32 2011 PST by vadim
! Generated Thu Jan 13 18:02:22 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/firewall82.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:33 2011 PST by vadim
! Generated Thu Jan 13 18:02:23 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/firewall83.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:34 2011 PST by vadim
! Generated Thu Jan 13 18:02:23 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/firewall9.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:34 2011 PST by vadim
! Generated Thu Jan 13 18:02:24 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

67
test/pix/firewall90.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:35 2011 PST by vadim
! Generated Thu Jan 13 18:02:25 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -16,8 +16,8 @@
! testing new style ASA 8.3 nat commands
! SNAT rules
! N firewall90:NAT:12: error: Option 'translate dns' can not be used in combination with destination matching or translation
! N firewall90:NAT:13: error: Option 'translate dns' can not be used in combination with service matching or translation
! N firewall90:NAT:13: error: Option 'translate dns' can not be used in combination with destination matching or translation
! N firewall90:NAT:14: error: Option 'translate dns' can not be used in combination with service matching or translation
!
! Prolog script:
@ -267,88 +267,95 @@ nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:i
nat (inside,outside) source dynamic internal_subnet_2 firewall90:FastEthernet1:ip-1 service smtp smtp
!
! Rule 4 (NAT)
nat (inside,outside) source dynamic test_range_1 firewall90:FastEthernet1:ip-1 destination static spamhost1 spamhost1 service smtp smtp
! for #1928
! note that group in OSrc includes another group
nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1 service smtp smtp
nat (inside,outside) source dynamic Internal_net firewall90:FastEthernet1:ip-1 service smtp smtp
nat (inside,outside) source dynamic internal_subnet_2 firewall90:FastEthernet1:ip-1 service smtp smtp
!
! Rule 5 (NAT)
nat (inside,outside) source static hostA:eth0 firewall90:FastEthernet1:ip-1 destination static spamhost1 external_gw_1 service smtp smtp
nat (inside,outside) source dynamic test_range_1 firewall90:FastEthernet1:ip-1 destination static spamhost1 spamhost1 service smtp smtp
!
! Rule 6 (NAT)
! For #1907
nat (inside,outside) source dynamic hostA:eth0 outside.id130599X29063.tsrc.net.0 service smtp smtp
nat (inside,outside) source static hostA:eth0 firewall90:FastEthernet1:ip-1 destination static spamhost1 external_gw_1 service smtp smtp
!
! Rule 7 (NAT)
! For #1907
nat (inside,outside) source dynamic hostA:eth0 outside.id20720X27505.tsrc.net.0 interface service smtp smtp
nat (inside,outside) source dynamic hostA:eth0 outside.id130599X29063.tsrc.net.0 service smtp smtp
!
! Rule 8 (NAT)
! For #1907
nat (inside,outside) source dynamic hostA:eth0 outside.id241772X29764.tsrc.net.0 interface service smtp smtp
nat (inside,outside) source dynamic hostA:eth0 outside.id20720X27505.tsrc.net.0 interface service smtp smtp
!
! Rule 9 (NAT)
! For #1907
nat (inside,outside) source static hostA:eth0 hostA:eth0 service smtp smtp
nat (inside,outside) source dynamic hostA:eth0 outside.id241772X29764.tsrc.net.0 interface service smtp smtp
!
! Rule 10 (NAT)
! For #1907
nat (inside,outside) source dynamic hostA:eth0 outside.id643092X27990.tsrc.net.0 interface service smtp smtp
nat (inside,outside) source static hostA:eth0 hostA:eth0 service smtp smtp
!
! Rule 11 (NAT)
! for #1902
nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1 dns
! For #1907
nat (inside,outside) source dynamic hostA:eth0 outside.id643092X27990.tsrc.net.0 interface service smtp smtp
!
! Rule 12 (NAT)
! for #1902
! can't use dns with destination matching or translation
! firewall90:NAT:12: error: Option 'translate dns' can not be used in combination with destination matching or translation
nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1 destination static spamhost1 spamhost1 dns
nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1 dns
!
! Rule 13 (NAT)
! for #1902
! cant use dns with service translation either
! firewall90:NAT:13: error: Option 'translate dns' can not be used in combination with service matching or translation
nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1 service smtp smtp dns
! can't use dns with destination matching or translation
! firewall90:NAT:13: error: Option 'translate dns' can not be used in combination with destination matching or translation
nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1 destination static spamhost1 spamhost1 dns
!
! Rule 14 (NAT)
! for #1908
! "static" vs "dynamic"
nat (inside,outside) source static hostA:eth0 firewall90:FastEthernet1:ip-1
! for #1902
! cant use dns with service translation either
! firewall90:NAT:14: error: Option 'translate dns' can not be used in combination with service matching or translation
nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1 service smtp smtp dns
!
! Rule 15 (NAT)
! for #1908
! "static" vs "dynamic"
nat (inside,outside) source dynamic hostA:eth0 outside_range
nat (inside,outside) source static hostA:eth0 firewall90:FastEthernet1:ip-1
!
! Rule 16 (NAT)
! for #1908
! "static" vs "dynamic"
nat (inside,outside) source dynamic hostA:eth0 outside_range
!
! Rule 17 (NAT)
! for #1908 "static" vs "dynamic"
! for #1885 "named object" - create
! for #1907 "multiple objects in TSrc"
! network object to define address range, then add it to object-group
nat (inside,outside) source dynamic hostA:eth0 outside.id21121X3710.tsrc.net.0 interface
!
! Rule 17 (NAT)
! Rule 18 (NAT)
! for #1908, #1916 "static" vs "dynamic"
! for #1907 "multiple objects in TSrc"
nat (inside,outside) source dynamic hostA:eth0 outside.id21177X3720.tsrc.net.0 interface
!
! Rule 18 (NAT)
! Rule 19 (NAT)
! for #1908
! "static" vs "dynamic"
nat (outside,outside) source dynamic outside_range firewall90:FastEthernet1:ip-1
!
! Rule 19 (NAT)
! Rule 20 (NAT)
! for #1908
! "static" vs "dynamic"
nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1
!
! Rule 20 (NAT)
! Rule 21 (NAT)
! for #1908
! "static" vs "dynamic"
nat (inside,outside) source static internal_subnet_1 firewall90:FastEthernet1:ip-1
!
! Rule 21 (NAT)
! Rule 22 (NAT)
nat (outside,inside) source static any any destination static interface hostA:eth0 service http squid
!
! Rule 22 (NAT)
! Rule 23 (NAT)
! multiple objects in OSrc, ODst, OSrv and TSrc in various combinations
nat (inside,outside) source dynamic internal_subnet_1 outside.id77971X5929.tsrc.net.0 interface destination static spamhost1 spamhost1 service smtp smtp
nat (inside,outside) source dynamic internal_subnet_1 outside.id77971X5929.tsrc.net.1 interface destination static spamhost1 spamhost1 service smtps smtps

4
test/pix/firewall91.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:36 2011 PST by vadim
! Generated Thu Jan 13 18:02:25 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/firewall92.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:36 2011 PST by vadim
! Generated Thu Jan 13 18:02:26 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

4
test/pix/fwsm1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:37 2011 PST by vadim
! Generated Thu Jan 13 18:02:27 2011 PST by vadim
!
! Compiled for fwsm 2.3
! Outbound ACLs: supported

4
test/pix/fwsm2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:38 2011 PST by vadim
! Generated Thu Jan 13 18:02:28 2011 PST by vadim
!
! Compiled for fwsm 4.x
! Outbound ACLs: supported

76
test/pix/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1294953234" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1294970408" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -535,6 +535,14 @@
<ObjectRef ref="id19852X26146"/>
<ObjectRef ref="id21130X3720"/>
</ObjectGroup>
<ObjectGroup id="id21286X4994" name="inside_group" comment="" ro="False">
<ObjectRef ref="id178241X29963"/>
<ObjectRef ref="id178250X29963"/>
<ObjectRef ref="id21304X4994"/>
</ObjectGroup>
<ObjectGroup id="id21304X4994" name="inside_group_2" comment="" ro="False">
<ObjectRef ref="net-Internal_net"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="stdid02_1" name="Hosts" comment="" ro="False">
<Host id="id3F8F9622" name="DMZhost1" comment="" ro="False">
@ -18263,7 +18271,7 @@ no sysopt nodnsalias outbound
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294948743" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
<Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294970497" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
<NAT id="id19920X26146" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id19921X26146" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
@ -18352,7 +18360,31 @@ no sysopt nodnsalias outbound
<Option name="asa8_nat_dns">False</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id20069X32406" disabled="False" group="" position="4" action="Translate" comment="">
<NATRule id="id21353X4994" disabled="False" group="" position="4" action="Translate" comment="for #1928&#10;note that group in OSrc includes another group&#10;">
<OSrc neg="False">
<ObjectRef ref="id21286X4994"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id20049X29963"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="asa8_nat_auto">True</Option>
<Option name="asa8_nat_dns">False</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id20069X32406" disabled="False" group="" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="id3CD8769F"/>
</OSrc>
@ -18375,7 +18407,7 @@ no sysopt nodnsalias outbound
<Option name="asa8_nat_dns">False</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id178073X29963" disabled="False" group="" position="5" action="Translate" comment="">
<NATRule id="id178073X29963" disabled="False" group="" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -18396,7 +18428,7 @@ no sysopt nodnsalias outbound
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id130599X29063" disabled="False" group="" position="6" action="Translate" comment="For #1907&#10;">
<NATRule id="id130599X29063" disabled="False" group="" position="7" action="Translate" comment="For #1907&#10;">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -18421,7 +18453,7 @@ no sysopt nodnsalias outbound
<Option name="color">#C0BA44</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id20720X27505" disabled="False" group="" position="7" action="Translate" comment="For #1907&#10;">
<NATRule id="id20720X27505" disabled="False" group="" position="8" action="Translate" comment="For #1907&#10;">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -18446,7 +18478,7 @@ no sysopt nodnsalias outbound
<Option name="color">#C0BA44</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id241772X29764" disabled="False" group="" position="8" action="Translate" comment="For #1907&#10;">
<NATRule id="id241772X29764" disabled="False" group="" position="9" action="Translate" comment="For #1907&#10;">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -18470,7 +18502,7 @@ no sysopt nodnsalias outbound
<Option name="color">#C0BA44</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id643024X27990" disabled="False" group="" position="9" action="Translate" comment="For #1907&#10;">
<NATRule id="id643024X27990" disabled="False" group="" position="10" action="Translate" comment="For #1907&#10;">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -18493,7 +18525,7 @@ no sysopt nodnsalias outbound
<Option name="color">#C0BA44</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id643092X27990" disabled="False" group="" position="10" action="Translate" comment="For #1907&#10;">
<NATRule id="id643092X27990" disabled="False" group="" position="11" action="Translate" comment="For #1907&#10;">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -18516,7 +18548,7 @@ no sysopt nodnsalias outbound
<Option name="color">#C0BA44</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id168272X32146" disabled="False" group="" position="11" action="Translate" comment="for #1902&#10;">
<NATRule id="id168272X32146" disabled="False" group="" position="12" action="Translate" comment="for #1902&#10;">
<OSrc neg="False">
<ObjectRef ref="id178241X29963"/>
</OSrc>
@ -18536,11 +18568,12 @@ no sysopt nodnsalias outbound
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="asa8_nat_auto">True</Option>
<Option name="asa8_nat_dns">True</Option>
<Option name="color">#8BC065</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id168336X32146" disabled="False" group="" position="12" action="Translate" comment="for #1902&#10;can't use dns with destination matching or translation&#10;">
<NATRule id="id168336X32146" disabled="False" group="" position="13" action="Translate" comment="for #1902&#10;can't use dns with destination matching or translation&#10;">
<OSrc neg="False">
<ObjectRef ref="id178241X29963"/>
</OSrc>
@ -18560,11 +18593,12 @@ no sysopt nodnsalias outbound
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="asa8_nat_auto">True</Option>
<Option name="asa8_nat_dns">True</Option>
<Option name="color">#8BC065</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id168390X32146" disabled="False" group="" position="13" action="Translate" comment="for #1902&#10;cant use dns with service translation either&#10;">
<NATRule id="id168390X32146" disabled="False" group="" position="14" action="Translate" comment="for #1902&#10;cant use dns with service translation either&#10;">
<OSrc neg="False">
<ObjectRef ref="id178241X29963"/>
</OSrc>
@ -18589,7 +18623,7 @@ no sysopt nodnsalias outbound
<Option name="color">#8BC065</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id20877X22142" disabled="False" group="" position="14" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<NATRule id="id20877X22142" disabled="False" group="" position="15" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -18616,7 +18650,7 @@ no sysopt nodnsalias outbound
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id76573X22142" disabled="False" group="" position="15" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<NATRule id="id76573X22142" disabled="False" group="" position="16" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -18643,7 +18677,7 @@ no sysopt nodnsalias outbound
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id21121X3710" disabled="False" group="" position="16" action="Translate" comment="for #1908 &quot;static&quot; vs &quot;dynamic&quot;&#10;for #1885 &quot;named object&quot; - create &#10;for #1907 &quot;multiple objects in TSrc&quot;&#10;network object to define address range, then add it to object-group">
<NATRule id="id21121X3710" disabled="False" group="" position="17" action="Translate" comment="for #1908 &quot;static&quot; vs &quot;dynamic&quot;&#10;for #1885 &quot;named object&quot; - create &#10;for #1907 &quot;multiple objects in TSrc&quot;&#10;network object to define address range, then add it to object-group">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -18670,7 +18704,7 @@ no sysopt nodnsalias outbound
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id21177X3720" disabled="False" group="" position="17" action="Translate" comment="for #1908, #1916 &quot;static&quot; vs &quot;dynamic&quot;&#10;for #1907 &quot;multiple objects in TSrc&quot;&#10;">
<NATRule id="id21177X3720" disabled="False" group="" position="18" action="Translate" comment="for #1908, #1916 &quot;static&quot; vs &quot;dynamic&quot;&#10;for #1907 &quot;multiple objects in TSrc&quot;&#10;">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -18697,7 +18731,7 @@ no sysopt nodnsalias outbound
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id132365X22142" disabled="False" group="" position="18" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<NATRule id="id132365X22142" disabled="False" group="" position="19" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<OSrc neg="False">
<ObjectRef ref="id3D196750"/>
</OSrc>
@ -18724,7 +18758,7 @@ no sysopt nodnsalias outbound
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id188268X22142" disabled="False" group="" position="19" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<NATRule id="id188268X22142" disabled="False" group="" position="20" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<OSrc neg="False">
<ObjectRef ref="id178241X29963"/>
</OSrc>
@ -18748,7 +18782,7 @@ no sysopt nodnsalias outbound
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id244282X22142" disabled="False" group="" position="20" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<NATRule id="id244282X22142" disabled="False" group="" position="21" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
<OSrc neg="False">
<ObjectRef ref="id178241X29963"/>
</OSrc>
@ -18775,7 +18809,7 @@ no sysopt nodnsalias outbound
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id301880X21607" disabled="False" group="" position="21" action="Translate" comment="">
<NATRule id="id301880X21607" disabled="False" group="" position="22" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -18802,7 +18836,7 @@ no sysopt nodnsalias outbound
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id77971X5929" disabled="False" group="" position="22" action="Translate" comment="multiple objects in OSrc, ODst, OSrv and TSrc in various combinations&#10;">
<NATRule id="id77971X5929" disabled="False" group="" position="23" action="Translate" comment="multiple objects in OSrc, ODst, OSrv and TSrc in various combinations&#10;">
<OSrc neg="False">
<ObjectRef ref="id178241X29963"/>
<ObjectRef ref="id178250X29963"/>

4
test/pix/pix515.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:39 2011 PST by vadim
! Generated Thu Jan 13 18:02:29 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/real.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3430
! Firewall Builder fwb_pix v4.2.0.3431
!
! Generated Thu Jan 13 13:27:40 2011 PST by vadim
! Generated Thu Jan 13 18:02:30 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported