onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-18 17:27:20 +01:00
Code Issues Releases Wiki Activity

* NATCompiler_ipt.cpp (compile): see #2456 Added support for

Browse Source 
single object negation in "Inbound Interface" and "Outbound
Interface" columns in compiler for iptables.

* NATCompiler_pf.cpp (compile): see #2456 Added support for single
object negation in "Interface" rule element of PF NAT rules. Now
compiler can produce PF commands such as "nat on ! em0 ... " (for
PF <4.7) or "match on ! em0 ..." (for PF >= 4.7)

* Compiler.cpp (singleObjectNegation::processNext): moved rule
processor that processes single object negation in any rule
element to the base class Compiler.
This commit is contained in:
Vadim Kurland 2011-06-03 17:54:14 -07:00
parent 22b812fd4a
commit 15bab71f49
248 changed files with 1676 additions and 1522 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
doc/ChangeLog
View File

@ -1,3 +1,18 @@
2011-06-03 vadim <vadim@netcitadel.com>
* NATCompiler_ipt.cpp (compile): see #2456 Added support for
single object negation in "Inbound Interface" and "Outbound
Interface" columns in compiler for iptables.
* NATCompiler_pf.cpp (compile): see #2456 Added support for single
object negation in "Interface" rule element of PF NAT rules. Now
compiler can produce PF commands such as "nat on ! em0 ... " (for
PF <4.7) or "match on ! em0 ..." (for PF >= 4.7)
* Compiler.cpp (singleObjectNegation::processNext): moved rule
processor that processes single object negation in any rule
element to the base class Compiler.
2011-06-02 Vadim Kurland <vadim@netcitadel.com>
* pf.g (set_rule): see #2464 implemented import of PF "set timeout",

13
src/iptlib/NATCompiler_PrintRule.cpp
View File

@ -213,8 +213,17 @@ string NATCompiler_ipt::PrintRule::_printChainDirectionAndInterface(NATRule *rul
res << rule->getStr("ipt_chain").c_str();
if ( ! iface_in_name.isEmpty()) res << "-i" << iface_in_name;
if ( ! iface_out_name.isEmpty()) res << "-o" << iface_out_name;
if ( ! iface_in_name.isEmpty())
{
res << _printSingleOptionWithNegation(
"-i", itf_in_re, iface_in_name.toStdString()).c_str();
}
if ( ! iface_out_name.isEmpty())
{
res << _printSingleOptionWithNegation(
"-o", itf_out_re, iface_out_name.toStdString()).c_str();
}
res << "";

26
src/iptlib/NATCompiler_ipt.cpp
View File

@ -1482,30 +1482,6 @@ bool NATCompiler_ipt::splitMultipleICMP::processNext()
return true;
}
bool NATCompiler_ipt::singleObjectNegation::processNext()
{
NATRule *rule=getNext(); if (rule==NULL) return false;
RuleElement *rel = RuleElement::cast(rule->getFirstByType(re_type));
assert(rel);
if (rel->getNeg() && rel->size()==1)
{
FWObject *o = rel->front();
if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer();
Address *reladdr = Address::cast(o);
if ( reladdr && reladdr->countInetAddresses(true)==1 &&
!compiler->complexMatch(reladdr, compiler->fw))
{
rel->setNeg(false);
rel->setBool("single_object_negation", true);
}
}
tmp_queue.push_back(rule);
return true;
}
bool NATCompiler_ipt::doOSrcNegation::processNext()
{
NATRule *rule=getNext(); if (rule==NULL) return false;
@ -2428,12 +2404,14 @@ void NATCompiler_ipt::compile()
add(new replaceClusterInterfaceInItfInb(
"replace cluster interfaces with member interfaces in "
"the inbound Interface rule element"));
add(new singleObjectNegationItfInb("process single object negation in inbound Itf"));
add(new ItfInbNegation("process negation in inbound Itf"));
add(new expandGroupsInItfOutb("expand groups in outbound Interface"));
add(new replaceClusterInterfaceInItfOutb(
"replace cluster interfaces with member interfaces in "
"the outbound Interface rule element"));
add(new singleObjectNegationItfOutb("process single object negation in outbound Itf"));
add(new ItfOutbNegation("process negation in outbound Itf"));
add( new recursiveGroupsInOSrc("check for recursive groups in OSRC"));

34
src/iptlib/NATCompiler_ipt.h
View File

@ -307,40 +307,6 @@ namespace fwcompiler
*/
DECLARE_NAT_RULE_PROCESSOR(splitMultipleICMP);
/**
* prepare for negation of single objects in rule elements
*/
class singleObjectNegation : public NATRuleProcessor
{
std::string re_type;
public:
singleObjectNegation(const std::string &n,std::string _type):
NATRuleProcessor(n) { re_type=_type; }
virtual bool processNext();
};
/**
* single object negation in OSrc
*/
class singleObjectNegationOSrc : public singleObjectNegation
{
public:
singleObjectNegationOSrc(const std::string &n):
singleObjectNegation(n,libfwbuilder::RuleElementOSrc::TYPENAME)
{}
};
/**
* single object negation in ODst
*/
class singleObjectNegationODst : public singleObjectNegation
{
public:
singleObjectNegationODst(const std::string &n):
singleObjectNegation(n,libfwbuilder::RuleElementODst::TYPENAME)
{}
};
/**
* deals with negation in OSrc
*/

29
src/iptlib/PolicyCompiler_ipt.cpp
View File

@ -1083,26 +1083,6 @@ bool PolicyCompiler_ipt::printRuleElements::processNext()
return true;
}
bool PolicyCompiler_ipt::singleItfNegation::processNext()
{
PolicyRule *rule = getNext(); if (rule==NULL) return false;
RuleElementItf *itfrel = rule->getItf();
if (itfrel->getNeg() && itfrel->size()==1)
{
Interface *itf = compiler->getFirstItf(rule);
// note: itf can be NULL if object in this rule element is a group
if (itf!=NULL && itf->isChildOf(compiler->fw))
{
itfrel->setNeg(false);
itfrel->setBool("single_object_negation", true);
}
}
tmp_queue.push_back(rule);
return true;
}
bool PolicyCompiler_ipt::singleSrcNegation::processNext()
{
PolicyCompiler_ipt *ipt_comp=dynamic_cast<PolicyCompiler_ipt*>(compiler);
@ -4175,7 +4155,12 @@ void PolicyCompiler_ipt::compile()
add( new printTotalNumberOfRules());
// use full negation rule processor in shadowing detection.
// This rule processor replaces inetrface(s) object(s) with a
// complimentary set of "other" interfaces of the firewall.
//
add( new ItfNegation("process negation in Itf"));
add( new InterfacePolicyRules(
"process interface policy rules and store interface ids"));
add( new convertAnyToNotFWForShadowing("convert 'any' to '!fw'"));
@ -4276,7 +4261,9 @@ void PolicyCompiler_ipt::compile()
add( new expandGroupsInItf("expand groups in Interface" ));
add( new replaceClusterInterfaceInItf(
"replace cluster interfaces with member interfaces in the Interface rule element"));
add( new singleItfNegation("negation in Itf if it holds single object"));
add( new singleObjectNegationItf(
"negation in Itf if it holds single object"));
add( new ItfNegation("process negation in Itf"));
add( new decideOnChainForClassify("set chain for action is Classify"));

10
src/iptlib/PolicyCompiler_ipt.h
View File

@ -283,12 +283,10 @@ protected:
DECLARE_POLICY_RULE_PROCESSOR(convertAnyToNotFWForShadowing);
/**
* processes rules with negation in Itf if it holds only one object
*/
DECLARE_POLICY_RULE_PROCESSOR(singleItfNegation);
/**
* processes rules with negation in Src if it holds only one object
* processes rules with negation in Src if it holds only one
* object. Similar to PolicyCompiler::singleObjectNegationSrc
* but takes into account AddressTable objects if we compile
* with support for ipset module
*/
DECLARE_POLICY_RULE_PROCESSOR(singleSrcNegation);

41
src/libfwbuilder/src/fwcompiler/Compiler.cpp
View File

@ -916,6 +916,40 @@ bool Compiler::equalObj::operator()(FWObject *o)
return o->getId()==obj->getId();
}
bool Compiler::singleObjectNegation::processNext()
{
Rule *rule = prev_processor->getNextRule(); if (rule==NULL) return false;
RuleElement *rel = RuleElement::cast(rule->getFirstByType(re_type));
assert(rel);
if (rel->getNeg() && rel->size()==1)
{
if (rel->getTypeName() == RuleElementItfInb::TYPENAME ||
rel->getTypeName() == RuleElementItfOutb::TYPENAME ||
rel->getTypeName() == RuleElementItf::TYPENAME )
{
rel->setNeg(false);
rel->setBool("single_object_negation", true);
} else
{
FWObject *o = rel->front();
if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer();
Address *reladdr = Address::cast(o);
if ( reladdr && reladdr->countInetAddresses(true)==1 &&
!compiler->complexMatch(reladdr, compiler->fw))
{
rel->setNeg(false);
rel->setBool("single_object_negation", true);
}
}
}
tmp_queue.push_back(rule);
return true;
}
/*
* Process negation in the "Interface" rule element. Scan objects in
* this RE, replace cluster interfaces with interfaces of the member,
@ -927,8 +961,13 @@ bool Compiler::equalObj::operator()(FWObject *o)
* the RE. However I keep the code that deals with them in place to be
* able to use this processor without prior call to
* replaceClusterInterfaceInItf if necessary.
*
* TODO: make this code assert() if cluster interface appears in RE/
*
* Note that rule processor singleObjectNegationItf deals with single
* object negation in Interface rule elements.
*/
bool Compiler::interfaceNegationInRE::processNext()
bool Compiler::fullInterfaceNegationInRE::processNext()
{
Rule *rule = prev_processor->getNextRule(); if (rule==NULL) return false;
RuleElement *itfre = RuleElement::cast(rule->getFirstByType(re_type));

21
src/libfwbuilder/src/fwcompiler/Compiler.h
View File

@ -363,16 +363,31 @@ public:
virtual bool processNext();
};
class interfaceNegationInRE : public BasicRuleProcessor
/**
* prepare for negation of single objects in rule elements
*/
class singleObjectNegation : public BasicRuleProcessor
{
std::string re_type;
public:
interfaceNegationInRE(const std::string &n,
std::string _type) :
singleObjectNegation(const std::string &n,std::string _type):
BasicRuleProcessor(n) { re_type=_type; }
virtual bool processNext();
};
/*
* replace interfaces in the give RE with a set of all other
* interfaces of the firewall.
*/
class fullInterfaceNegationInRE : public BasicRuleProcessor
{
std::string re_type;
public:
fullInterfaceNegationInRE(const std::string &n, std::string _type) :
BasicRuleProcessor(n) { re_type=_type; }
virtual bool processNext();
};
/**
* replace cluster interface objects with inetrfaces of the member
* firewall in the Interface rule element

43
src/libfwbuilder/src/fwcompiler/NATCompiler.cpp
View File

@ -933,6 +933,17 @@ string NATCompiler::debugPrintRule(libfwbuilder::Rule *r)
string itf_inb = " ";
string itf_outb = " ";
if (osrcrel->getNeg()) osrc = "!";
if (odstrel->getNeg()) odst = "!";
if (osrvrel->getNeg()) osrv = "!";
if (tsrcrel->getNeg()) tsrc = "!";
if (tdstrel->getNeg()) tdst = "!";
if (tsrvrel->getNeg()) tsrv = "!";
if (itf_inb_rel->getNeg()) itf_inb = "!";
if (itf_outb_rel->getNeg()) itf_outb = "!";
int osrc_id = -1;
int odst_id = -1;
int osrv_id = -1;
@ -947,64 +958,64 @@ string NATCompiler::debugPrintRule(libfwbuilder::Rule *r)
if (i1!=osrcrel->end())
{
FWObject *o = FWReference::getObject(*i1);
osrc=o->getName();
osrc_id=o->getId();
osrc += o->getName();
osrc_id = o->getId();
}
if (i2!=odstrel->end())
{
FWObject *o = FWReference::getObject(*i2);
odst=o->getName();
odst_id=o->getId();
odst += o->getName();
odst_id = o->getId();
}
if (i3!=osrvrel->end())
{
FWObject *o = FWReference::getObject(*i3);
osrv=o->getName();
osrv_id=o->getId();
osrv += o->getName();
osrv_id = o->getId();
}
if (i4!=tsrcrel->end())
{
FWObject *o = FWReference::getObject(*i4);
tsrc=o->getName();
tsrc_id=o->getId();
tsrc += o->getName();
tsrc_id = o->getId();
}
if (i5!=tdstrel->end())
{
FWObject *o = FWReference::getObject(*i5);
tdst=o->getName();
tdst_id=o->getId();
tdst += o->getName();
tdst_id = o->getId();
}
if (i6!=tsrvrel->end())
{
FWObject *o = FWReference::getObject(*i6);
tsrv=o->getName();
tsrv_id=o->getId();
tsrv += o->getName();
tsrv_id = o->getId();
}
if (i7!=itf_inb_rel->end())
{
FWObject *o = FWReference::getObject(*i7);
itf_inb = o->getName();
itf_inb += o->getName();
itf_inb_id = o->getId();
}
if (i8!=itf_outb_rel->end())
{
FWObject *o = FWReference::getObject(*i8);
itf_outb = o->getName();
itf_outb += o->getName();
itf_outb_id = o->getId();
}
int w=0;
int w = 0;
if (no==0)
{
str << rule->getLabel();
w=rule->getLabel().length();
w = rule->getLabel().length();
}
str << setw(8-w) << setfill(' ') << " ";

52
src/libfwbuilder/src/fwcompiler/NATCompiler.h
View File

@ -186,25 +186,69 @@ namespace fwcompiler {
*/
DECLARE_NAT_RULE_PROCESSOR(ConvertToAtomic);
/**
* single object negation in OSrc
*/
class singleObjectNegationOSrc : public singleObjectNegation
{
public:
singleObjectNegationOSrc(const std::string &n):
singleObjectNegation(n,libfwbuilder::RuleElementOSrc::TYPENAME)
{}
};
/**
* single object negation in ODst
*/
class singleObjectNegationODst : public Compiler::singleObjectNegation
{
public:
singleObjectNegationODst(const std::string &n):
singleObjectNegation(n,libfwbuilder::RuleElementODst::TYPENAME)
{}
};
/**
* single object negation in ItfInb
*/
class singleObjectNegationItfInb : public Compiler::singleObjectNegation
{
public:
singleObjectNegationItfInb(const std::string &n):
singleObjectNegation(n,libfwbuilder::RuleElementItfInb::TYPENAME)
{}
};
/**
* single object negation in ItfOutb
*/
class singleObjectNegationItfOutb : public Compiler::singleObjectNegation
{
public:
singleObjectNegationItfOutb(const std::string &n):
singleObjectNegation(n,libfwbuilder::RuleElementItfOutb::TYPENAME)
{}
};
/**
* processes rules with negation in ItfOutb
*/
class ItfOutbNegation : public Compiler::interfaceNegationInRE
class ItfOutbNegation : public Compiler::fullInterfaceNegationInRE
{
public:
ItfOutbNegation(const std::string &name) :
interfaceNegationInRE(
fullInterfaceNegationInRE(
name, libfwbuilder::RuleElementItfOutb::TYPENAME) {}
};
/**
* processes rules with negation in ItfInb
*/
class ItfInbNegation : public Compiler::interfaceNegationInRE
class ItfInbNegation : public Compiler::fullInterfaceNegationInRE
{
public:
ItfInbNegation(const std::string &name) :
interfaceNegationInRE(
fullInterfaceNegationInRE(
name, libfwbuilder::RuleElementItfInb::TYPENAME) {}
};

41
src/libfwbuilder/src/fwcompiler/PolicyCompiler.h
View File

@ -207,15 +207,50 @@ namespace fwcompiler {
};
/**
* single object negation in Src
*/
class singleObjectNegationSrc : public singleObjectNegation
{
public:
singleObjectNegationSrc(const std::string &n):
singleObjectNegation(n, libfwbuilder::RuleElementSrc::TYPENAME)
{}
};
/**
* single object negation in Dst
*/
class singleObjectNegationDst : public Compiler::singleObjectNegation
{
public:
singleObjectNegationDst(const std::string &n):
singleObjectNegation(n, libfwbuilder::RuleElementDst::TYPENAME)
{}
};
/**
* single object negation in Itf
*/
class singleObjectNegationItf : public Compiler::singleObjectNegation
{
public:
singleObjectNegationItf(const std::string &n):
singleObjectNegation(n, libfwbuilder::RuleElementItf::TYPENAME)
{}
};
/**
* processes rules with negation in Itf
* processes rules with negation in Itf.
* Compiler::fullInterfaceNegationInRE replaces interface object
* with a set of "other" interfaces of the firewall.
*/
class ItfNegation : public Compiler::interfaceNegationInRE
class ItfNegation : public Compiler::fullInterfaceNegationInRE
{
public:
ItfNegation(const std::string &name) :
interfaceNegationInRE(
fullInterfaceNegationInRE(
name, libfwbuilder::RuleElementItf::TYPENAME) {}
};

2
src/pflib/NATCompiler_pf.cpp
View File

@ -1215,6 +1215,8 @@ void NATCompiler_pf::compile()
add(new replaceClusterInterfaceInItfOutb(
"replace cluster interfaces with member interfaces in "
"the Interface rule element"));
add(new singleObjectNegationItfOutb(
"process single object negation in inbound Itf"));
add(new ItfOutbNegation("process negation in Itf"));
add( new recursiveGroupsInOSrc("check for recursive groups in OSRC") );

3
src/pflib/NATCompiler_pf_writers.cpp
View File

@ -68,7 +68,7 @@ void NATCompiler_pf::PrintRule::_printInterface(NATRule *rule)
RuleElementItf *intf_re = rule->getItfOutb();
QStringList rule_interfaces;
if (!intf_re->isAny())
if ( ! intf_re->isAny())
{
for (FWObject::iterator it=intf_re->begin(); it!=intf_re->end(); ++it)
{
@ -81,6 +81,7 @@ void NATCompiler_pf::PrintRule::_printInterface(NATRule *rule)
rule_interfaces.push_back("}");
}
compiler->output << "on "
<< string((intf_re->getBool("single_object_negation")) ? "! " : " ")
<< rule_interfaces.join(" ").toStdString()
<< " ";
}

8
test/ipt/cluster1_secuwall-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:20 2011 PDT by vadim
# Generated Fri Jun 3 17:29:47 2011 PDT by vadim
#
# files: * cluster1_secuwall-1.fw /etc/cluster1_secuwall-1.fw
#
@ -336,7 +336,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
#
# Rule 1 (NAT)
#
@ -609,7 +609,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:20 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:47 2011 by vadim"
log "Database was cluster-tests.fwb"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-base-rulesets.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:25 2011 PDT by vadim
# Generated Fri Jun 3 17:28:56 2011 PDT by vadim
#
# files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
#
@ -466,7 +466,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:25 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:56 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:30 2011 PDT by vadim
# Generated Fri Jun 3 17:29:07 2011 PDT by vadim
#
# files: * firewall-ipv6-1.fw /etc/firewall-ipv6-1.fw
#
@ -723,7 +723,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:30 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:07 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:31 2011 PDT by vadim
# Generated Fri Jun 3 17:29:07 2011 PDT by vadim
#
# files: * firewall-ipv6-2.fw /etc/firewall-ipv6-2.fw
#
@ -987,7 +987,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:31 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:07 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall-ipv6-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:36 2011 PDT by vadim
# Generated Fri Jun 3 17:29:17 2011 PDT by vadim
#
# files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
#
@ -347,7 +347,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22
@ -617,7 +617,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:36 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:17 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/firewall-ipv6-4-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:41 2011 PDT by vadim
# Generated Fri Jun 3 17:29:28 2011 PDT by vadim
#
# files: * firewall-ipv6-4-1.fw /etc/firewall-ipv6-4-1.fw
#
@ -425,7 +425,7 @@ script_body() {
echo :OUTPUT ACCEPT [0:0]
#
# Rule 0 (NAT)
echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j MASQUERADE "
echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j MASQUERADE "
#
echo COMMIT
@ -500,7 +500,7 @@ script_body() {
echo :OUTPUT ACCEPT [0:0]
#
# Rule 0 (NAT)
echo "-A POSTROUTING -o eth1 -s fe80::/64 -j MASQUERADE "
echo "-A POSTROUTING -o eth1 -s fe80::/64 -j MASQUERADE "
#
echo COMMIT
@ -568,7 +568,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:41 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:28 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/firewall-ipv6-4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:36 2011 PDT by vadim
# Generated Fri Jun 3 17:29:17 2011 PDT by vadim
#
# files: * firewall-ipv6-4.fw /etc/firewall-ipv6-4.fw
#
@ -456,7 +456,7 @@ script_body() {
echo :OUTPUT ACCEPT [0:0]
#
# Rule 0 (NAT)
echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j MASQUERADE "
echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j MASQUERADE "
#
echo COMMIT
@ -536,7 +536,7 @@ script_body() {
echo :OUTPUT ACCEPT [0:0]
#
# Rule 0 (NAT)
echo "-A POSTROUTING -o eth1 -s fe80::/64 -j MASQUERADE "
echo "-A POSTROUTING -o eth1 -s fe80::/64 -j MASQUERADE "
#
echo COMMIT
@ -604,7 +604,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:36 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:17 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:40 2011 PDT by vadim
# Generated Fri Jun 3 17:29:19 2011 PDT by vadim
#
# files: * firewall-ipv6-5.fw /etc/firewall-ipv6-5.fw
#
@ -433,7 +433,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:40 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:19 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:44 2011 PDT by vadim
# Generated Fri Jun 3 17:29:21 2011 PDT by vadim
#
# files: * firewall-ipv6-6.fw /etc/firewall-ipv6-6.fw
#
@ -422,7 +422,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:44 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:21 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:45 2011 PDT by vadim
# Generated Fri Jun 3 17:29:23 2011 PDT by vadim
#
# files: * firewall-ipv6-7.fw /etc/firewall-ipv6-7.fw
#
@ -466,7 +466,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:45 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:23 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:47 2011 PDT by vadim
# Generated Fri Jun 3 17:29:24 2011 PDT by vadim
#
# files: * firewall-ipv6-8.fw /etc/firewall-ipv6-8.fw
#
@ -539,7 +539,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:47 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:49 2011 PDT by vadim
# Generated Fri Jun 3 17:29:26 2011 PDT by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-after-flush.fw /etc/firewall-ipv6-ipt-reset-prolog-after-flush.fw
#
@ -356,7 +356,7 @@ script_body() {
echo :OUTPUT ACCEPT [0:0]
#
# Rule 0 (NAT)
echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 "
echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 "
#
echo COMMIT
@ -463,7 +463,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:49 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:26 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:52 2011 PDT by vadim
# Generated Fri Jun 3 17:29:28 2011 PDT by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-after-interfaces.fw /etc/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw
#
@ -356,7 +356,7 @@ script_body() {
echo :OUTPUT ACCEPT [0:0]
#
# Rule 0 (NAT)
echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 "
echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 "
#
echo COMMIT
@ -463,7 +463,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:52 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:28 2011 by vadim"
check_tools
check_run_time_address_table_files

8
test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:53 2011 PDT by vadim
# Generated Fri Jun 3 17:29:30 2011 PDT by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-top.fw /etc/firewall-ipv6-ipt-reset-prolog-top.fw
#
@ -356,7 +356,7 @@ script_body() {
echo :OUTPUT ACCEPT [0:0]
#
# Rule 0 (NAT)
echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 "
echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 "
#
echo COMMIT
@ -463,7 +463,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:53 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:30 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-nd-ns-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:56 2011 PDT by vadim
# Generated Fri Jun 3 17:29:30 2011 PDT by vadim
#
# files: * firewall-ipv6-nd-ns-1.fw /etc/firewall-ipv6-nd-ns-1.fw
#
@ -463,7 +463,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:56 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:30 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-nd-ns-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:57 2011 PDT by vadim
# Generated Fri Jun 3 17:29:33 2011 PDT by vadim
#
# files: * firewall-ipv6-nd-ns-2.fw /etc/firewall-ipv6-nd-ns-2.fw
#
@ -467,7 +467,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:57 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:33 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall-ipv6-prolog-after-flush.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:59 2011 PDT by vadim
# Generated Fri Jun 3 17:29:33 2011 PDT by vadim
#
# files: * firewall-ipv6-prolog-after-flush.fw /etc/firewall-ipv6-prolog-after-flush.fw
#
@ -338,7 +338,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22
@ -441,7 +441,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:59 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:33 2011 by vadim"
check_tools
check_run_time_address_table_files

8
test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:00 2011 PDT by vadim
# Generated Fri Jun 3 17:29:35 2011 PDT by vadim
#
# files: * firewall-ipv6-prolog-after-interfaces.fw /etc/firewall-ipv6-prolog-after-interfaces.fw
#
@ -338,7 +338,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22
@ -441,7 +441,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:00 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:35 2011 by vadim"
check_tools
check_run_time_address_table_files

8
test/ipt/firewall-ipv6-prolog-top.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:03 2011 PDT by vadim
# Generated Fri Jun 3 17:29:35 2011 PDT by vadim
#
# files: * firewall-ipv6-prolog-top.fw /etc/firewall-ipv6-prolog-top.fw
#
@ -338,7 +338,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22
@ -441,7 +441,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:03 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:35 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-server-1-s.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:04 2011 PDT by vadim
# Generated Fri Jun 3 17:29:37 2011 PDT by vadim
#
# files: * firewall-server-1-s.fw /etc/fw/firewall-server-1-s.fw
#
@ -414,7 +414,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:04 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:37 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

36
test/ipt/firewall.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:24 2011 PDT by vadim
# Generated Fri Jun 3 17:27:07 2011 PDT by vadim
#
# files: * firewall.fw /etc/fw/firewall.fw
#
@ -379,7 +379,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.222
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.222
#
# Rule 1 (NAT)
#
@ -393,27 +393,27 @@ script_body() {
#
# firewall:NAT:2: warning: Adding of virtual address for address range is not implemented (object r-222.222.222.0)
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10/31 -j SNAT --to-source 222.222.222.10-222.222.222.100
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.12/30 -j SNAT --to-source 222.222.222.10-222.222.222.100
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.16/28 -j SNAT --to-source 222.222.222.10-222.222.222.100
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.32/27 -j SNAT --to-source 222.222.222.10-222.222.222.100
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.64/27 -j SNAT --to-source 222.222.222.10-222.222.222.100
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.96/30 -j SNAT --to-source 222.222.222.10-222.222.222.100
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.100 -j SNAT --to-source 222.222.222.10-222.222.222.100
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10/31 -j SNAT --to-source 222.222.222.10-222.222.222.100
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.12/30 -j SNAT --to-source 222.222.222.10-222.222.222.100
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.16/28 -j SNAT --to-source 222.222.222.10-222.222.222.100
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.32/27 -j SNAT --to-source 222.222.222.10-222.222.222.100
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.64/27 -j SNAT --to-source 222.222.222.10-222.222.222.100
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.96/30 -j SNAT --to-source 222.222.222.10-222.222.222.100
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.100 -j SNAT --to-source 222.222.222.10-222.222.222.100
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.20 --dport 80 -j DNAT --to-destination :3128
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s 192.168.1.0/24 --dport 3128 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s 192.168.1.0/24 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 5 (NAT)
#
echo "Rule 5 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 22.22.22.23 --dport 4000:4010 -j SNAT --to-source 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 22.22.22.23 --dport 3128 -j SNAT --to-source 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 22.22.22.23 --dport 4000:4010 -j SNAT --to-source 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 22.22.22.23 --dport 3128 -j SNAT --to-source 192.168.1.10
#
# Rule 6 (NAT)
#
@ -447,7 +447,7 @@ script_body() {
#
echo "Rule 10 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --sport 1000:1010 -j SNAT --to-source 222.222.222.222:1000-1010
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --sport 1000:1010 -j SNAT --to-source 222.222.222.222:1000-1010
#
# Rule 11 (NAT)
#
@ -455,7 +455,7 @@ script_body() {
#
# firewall:NAT:11: warning: SNAT rule can not match MAC address. Object CA(host-with-mac-1:1) removed from the rule
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 25 -j SNAT --to-source 222.222.222.222
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 25 -j SNAT --to-source 222.222.222.222
#
# Rule 12 (NAT)
#
@ -503,7 +503,7 @@ script_body() {
# firewall:NAT:16: warning: SNAT rule can not match MAC address. Object CA(host-with-mac-1:1) removed from the rule
$IPTABLES -t nat -N Cid445F52DE31658.0
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j Cid445F52DE31658.0
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j Cid445F52DE31658.0
$IPTABLES -t nat -A Cid445F52DE31658.0 -d 61.150.47.112 -j RETURN
$IPTABLES -t nat -A Cid445F52DE31658.0 -d 223.223.223.223 -j RETURN
$IPTABLES -t nat -A Cid445F52DE31658.0 -p tcp -m tcp --dport 80 -j SNAT --to-source 222.222.222.222
@ -533,7 +533,7 @@ script_body() {
#
echo "Rule 20 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 4000:4010 -j SNAT --to-source 222.222.222.222
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 4000:4010 -j SNAT --to-source 222.222.222.222
#
# Rule 21 (NAT)
#
@ -1397,7 +1397,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:24 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:07 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

48
test/ipt/firewall1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:27 2011 PDT by vadim
# Generated Fri Jun 3 17:27:08 2011 PDT by vadim
#
# files: * firewall1.fw /etc/fw/firewall1.fw
#
@ -334,57 +334,57 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s ! 192.168.1.0/24 -d 200.200.200.200 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s ! 192.168.1.0/24 -d 200.200.200.200 -j SNAT --to-source 22.22.22.23
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s ! 192.168.1.0/24 -d 200.200.200.200 --dport 80 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s ! 192.168.1.0/24 -d 200.200.200.200 --dport 80 -j SNAT --to-source 22.22.22.23
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
#
# Rule 5 (NAT)
#
echo "Rule 5 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
#
# Rule 6 (NAT)
#
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 22.22.23.23
#
# Rule 7 (NAT)
#
echo "Rule 7 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
#
# Rule 8 (NAT)
#
echo "Rule 8 (NAT)"
#
$IPTABLES -t nat -N Cid3CCA1B57.0
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid3CCA1B57.0
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j Cid3CCA1B57.0
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j Cid3CCA1B57.0
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid3CCA1B57.0
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j Cid3CCA1B57.0
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j Cid3CCA1B57.0
$IPTABLES -t nat -A Cid3CCA1B57.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid3CCA1B57.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid3CCA1B57.0 -j SNAT --to-source 22.22.22.22
@ -396,9 +396,9 @@ script_body() {
echo "Rule 9 (NAT)"
#
$IPTABLES -t nat -N Cid3EB38983.0
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid3EB38983.0
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j Cid3EB38983.0
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j Cid3EB38983.0
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid3EB38983.0
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j Cid3EB38983.0
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j Cid3EB38983.0
$IPTABLES -t nat -A Cid3EB38983.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid3EB38983.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid3EB38983.0 -j SNAT --to-source 22.22.22.22
@ -409,9 +409,9 @@ script_body() {
#
echo "Rule 10 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s ! 192.168.2.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s ! 192.168.2.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth0 -s ! 192.168.2.0/24 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth1 -s ! 192.168.2.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s ! 192.168.2.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth0 -s ! 192.168.2.0/24 -j SNAT --to-source 192.168.1.1
#
# Rule 11 (NAT)
#
@ -1269,7 +1269,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:27 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:08 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall10.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:27 2011 PDT by vadim
# Generated Fri Jun 3 17:27:08 2011 PDT by vadim
#
# files: * firewall10.fw /etc/fw/firewall10.fw
#
@ -494,7 +494,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:27 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:08 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall11.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:32 2011 PDT by vadim
# Generated Fri Jun 3 17:27:11 2011 PDT by vadim
#
# files: * firewall11.fw /etc/fw/firewall11.fw
#
@ -329,9 +329,9 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o br0 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 10.1.1.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o br0 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 10.1.1.1
#
# Rule 2 (NAT)
#
@ -342,7 +342,7 @@ script_body() {
# source port translation and dynamic interface
for i_br0 in $i_br0_list
do
test -n "$i_br0" && $IPTABLES -t nat -A POSTROUTING -o br0 -p tcp -m tcp -s 192.168.1.0/24 --sport 1000:1010 -j SNAT --to-source $i_br0:1000-1010
test -n "$i_br0" && $IPTABLES -t nat -A POSTROUTING -o br0 -p tcp -m tcp -s 192.168.1.0/24 --sport 1000:1010 -j SNAT --to-source $i_br0:1000-1010
done
#
# Rule 3 (NAT)
@ -614,7 +614,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:32 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:11 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

28
test/ipt/firewall12.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:32 2011 PDT by vadim
# Generated Fri Jun 3 17:27:11 2011 PDT by vadim
#
# files: * firewall12.fw /etc/fw/firewall12.fw
#
@ -389,13 +389,13 @@ script_body() {
echo "Rule 7 (NAT)"
#
# port-only translation
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp --sport 6767 -j SNAT --to-source :67
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp --sport 6767 -j SNAT --to-source :67
#
# Rule 8 (NAT)
#
echo "Rule 8 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp --sport 6767 -j SNAT --to-source 22.22.23.22:67
$IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp --sport 6767 -j SNAT --to-source 22.22.23.22:67
#
# Rule 9 (NAT)
#
@ -417,8 +417,8 @@ script_body() {
# SDNAT
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.0.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.168.1.1
#
# Rule 12 (NAT)
#
@ -427,8 +427,8 @@ script_body() {
# SDNAT with source port
$IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.168.1.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.0.2.1:5050
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1:5050
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.0.2.1:5050
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1:5050
#
# Rule 13 (NAT)
#
@ -436,8 +436,8 @@ script_body() {
#
# SDNAT with dest port
$IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --dport 53 -j DNAT --to-destination 192.168.1.10:1053
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1
#
# Rule 14 (NAT)
#
@ -447,14 +447,14 @@ script_body() {
# translate src and dst addresses
# and src and dst ports
$IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --sport 1024:65535 --dport 53 -j DNAT --to-destination 192.168.1.10:1053
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.0.2.1:32767-65535
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1:32767-65535
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.0.2.1:32767-65535
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1:32767-65535
#
# Rule 15 (NAT)
#
echo "Rule 15 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 --dport 53 -j SNAT --to-source :5050
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 --dport 53 -j SNAT --to-source :5050
@ -532,7 +532,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:32 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:11 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall13.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:37 2011 PDT by vadim
# Generated Fri Jun 3 17:27:14 2011 PDT by vadim
#
# files: * firewall13.fw /etc/fw/firewall13.fw
#
@ -406,7 +406,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:37 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:14 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

22
test/ipt/firewall14.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:37 2011 PDT by vadim
# Generated Fri Jun 3 17:27:14 2011 PDT by vadim
#
# files: * firewall14.fw /etc/fw/firewall14.fw
#
@ -331,45 +331,45 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.160
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.160
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 22.22.23.128/25 -j SNAT --to-source 22.22.23.160
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 22.22.23.128/25 -j SNAT --to-source 22.22.23.160
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.132
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.132
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.132
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.132
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
# I guess this rule does not make much sense
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.160
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.160
#
# Rule 5 (NAT)
#
echo "Rule 5 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.22
#
# Rule 6 (NAT)
#
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.40
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.40
}
ip_forward() {
@ -425,7 +425,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:37 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:14 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall15.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:42 2011 PDT by vadim
# Generated Fri Jun 3 17:27:16 2011 PDT by vadim
#
# files: * firewall15.fw /etc/fw/firewall15.fw
#
@ -409,7 +409,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:42 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:16 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

28
test/ipt/firewall16.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:42 2011 PDT by vadim
# Generated Fri Jun 3 17:27:16 2011 PDT by vadim
#
# files: * firewall16.fw /etc/fw/firewall16.fw
#
@ -346,8 +346,8 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
#
# Rule 2 (NAT)
#
@ -378,30 +378,30 @@ script_body() {
#
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 22.22.23.22 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.22 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 22.22.23.22 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.22 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22
#
# Rule 7 (NAT)
#
echo "Rule 7 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 22.22.23.22 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.22 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 22.22.23.22 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.22 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22
#
# Rule 8 (NAT)
#
echo "Rule 8 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22
#
# Rule 9 (NAT)
#
echo "Rule 9 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22
#
# Rule 10 (NAT)
#
@ -513,7 +513,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:42 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:16 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/firewall17.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:46 2011 PDT by vadim
# Generated Fri Jun 3 17:27:19 2011 PDT by vadim
#
# files: * firewall17.fw /etc/fw/firewall17.fw
#
@ -331,14 +331,14 @@ script_body() {
echo "Rule 0 (NAT)"
#
# compiler should add "-o eth2"
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.33
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.33
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
# compiler should add "-o eth2"
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 44.44.44.44
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 44.44.44.44
@ -492,7 +492,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:46 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:19 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

50
test/ipt/firewall18.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:46 2011 PDT by vadim
# Generated Fri Jun 3 17:27:19 2011 PDT by vadim
#
# files: * firewall18.fw /etc/fw/firewall18.fw
#
@ -343,11 +343,11 @@ script_body() {
#
for i_ppp0 in $i_ppp0_list
do
test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o eth1 -s $i_ppp0 -j SNAT --to-source 66.66.66.130
test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o eth1 -s $i_ppp0 -j SNAT --to-source 66.66.66.130
done
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.130 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.130 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.1 -j SNAT --to-source 66.66.66.130
#
# Rule 1 (NAT)
#
@ -355,23 +355,23 @@ script_body() {
#
for i_ppp0 in $i_ppp0_list
do
test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o eth1 -s $i_ppp0 -j SNAT --to-source 66.66.66.130
test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o eth1 -s $i_ppp0 -j SNAT --to-source 66.66.66.130
done
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.130 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.130 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.1 -j SNAT --to-source 66.66.66.130
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130
#
# Rule 4 (NAT)
#
@ -379,32 +379,32 @@ script_body() {
#
for i_ppp0 in $i_ppp0_list
do
test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o eth+ -s $i_ppp0 -j SNAT --to-source 66.66.66.130
test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o eth+ -s $i_ppp0 -j SNAT --to-source 66.66.66.130
done
for i_ppp0 in $i_ppp0_list
do
test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o ppp+ -s $i_ppp0 -j SNAT --to-source 66.66.66.130
test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o ppp+ -s $i_ppp0 -j SNAT --to-source 66.66.66.130
done
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 66.66.66.130 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 66.66.66.130 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 66.66.66.130 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 66.66.66.130 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.1 -j SNAT --to-source 66.66.66.130
#
# Rule 5 (NAT)
#
echo "Rule 5 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130
#
# Rule 6 (NAT)
#
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130
@ -527,7 +527,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:46 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:19 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall19.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:51 2011 PDT by vadim
# Generated Fri Jun 3 17:27:21 2011 PDT by vadim
#
# files: * firewall19.fw /etc/fw/firewall19.fw
#
@ -531,7 +531,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:51 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:21 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

180
test/ipt/firewall2-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:04 2011 PDT by vadim
# Generated Fri Jun 3 17:27:30 2011 PDT by vadim
#
# files: * firewall2-1.fw /etc/fw/firewall2-1.fw
#
@ -361,120 +361,120 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
#
# Rule 5 (NAT)
#
echo "Rule 5 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
#
# Rule 6 (NAT)
#
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
#
# Rule 7 (NAT)
#
echo "Rule 7 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25
#
# Rule 8 (NAT)
#
echo "Rule 8 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1
#
# Rule 9 (NAT)
#
@ -580,7 +580,7 @@ script_body() {
#
echo "Rule 18 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24
#
# Rule 19 (NAT)
#
@ -595,7 +595,7 @@ script_body() {
#
# firewall2-1:NAT:20: warning: Adding of virtual address for address range is not implemented (object ext_range)
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110
#
# Rule 21 (NAT)
#
@ -638,7 +638,7 @@ script_body() {
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1
#
# Rule 25 (NAT)
#
@ -703,7 +703,7 @@ script_body() {
#
echo "Rule 33 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 34 (NAT)
#
@ -712,7 +712,7 @@ script_body() {
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 35 (NAT)
#
@ -730,7 +730,7 @@ script_body() {
echo "Rule 36 (NAT)"
#
$IPTABLES -t nat -N Cid31949X1798.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid31949X1798.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid31949X1798.1
$IPTABLES -t nat -A Cid31949X1798.1 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid31949X1798.1 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -N Cid31949X1798.0
@ -743,7 +743,7 @@ script_body() {
echo "Rule 37 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 38 (NAT)
#
@ -751,8 +751,8 @@ script_body() {
#
# this is the "exception" rule
# used in support req. originally
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 39 (NAT)
#
@ -766,8 +766,8 @@ script_body() {
#
# "exception" rule in the pair
# from a support req.
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 41 (NAT)
#
@ -813,8 +813,8 @@ script_body() {
#
# "exception" rule in the pair
# from a support req.
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 45 (NAT)
#
@ -1451,7 +1451,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:04 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:30 2011 by vadim"
check_tools
check_run_time_address_table_files

180
test/ipt/firewall2-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:09 2011 PDT by vadim
# Generated Fri Jun 3 17:27:33 2011 PDT by vadim
#
# files: * firewall2-2.fw /etc/fw/firewall2-2.fw
#
@ -360,120 +360,120 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
#
# Rule 5 (NAT)
#
echo "Rule 5 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
#
# Rule 6 (NAT)
#
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
#
# Rule 7 (NAT)
#
echo "Rule 7 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25
#
# Rule 8 (NAT)
#
echo "Rule 8 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1
#
# Rule 9 (NAT)
#
@ -579,7 +579,7 @@ script_body() {
#
echo "Rule 18 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24
#
# Rule 19 (NAT)
#
@ -594,7 +594,7 @@ script_body() {
#
# firewall2-2:NAT:20: warning: Adding of virtual address for address range is not implemented (object ext_range)
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110
#
# Rule 21 (NAT)
#
@ -637,7 +637,7 @@ script_body() {
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1
#
# Rule 25 (NAT)
#
@ -702,7 +702,7 @@ script_body() {
#
echo "Rule 33 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 34 (NAT)
#
@ -711,7 +711,7 @@ script_body() {
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 35 (NAT)
#
@ -729,7 +729,7 @@ script_body() {
echo "Rule 36 (NAT)"
#
$IPTABLES -t nat -N Cid32905X1798.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid32905X1798.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid32905X1798.1
$IPTABLES -t nat -A Cid32905X1798.1 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid32905X1798.1 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -N Cid32905X1798.0
@ -742,7 +742,7 @@ script_body() {
echo "Rule 37 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 38 (NAT)
#
@ -750,8 +750,8 @@ script_body() {
#
# this is the "exception" rule
# used in support req. originally
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 39 (NAT)
#
@ -765,8 +765,8 @@ script_body() {
#
# "exception" rule in the pair
# from a support req.
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 41 (NAT)
#
@ -812,8 +812,8 @@ script_body() {
#
# "exception" rule in the pair
# from a support req.
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 45 (NAT)
#
@ -1280,7 +1280,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:09 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:33 2011 by vadim"
check_tools
check_run_time_address_table_files

180
test/ipt/firewall2-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:13 2011 PDT by vadim
# Generated Fri Jun 3 17:27:35 2011 PDT by vadim
#
# files: * firewall2-3.fw /etc/fw/firewall2-3.fw
#
@ -345,120 +345,120 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
#
# Rule 5 (NAT)
#
echo "Rule 5 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
#
# Rule 6 (NAT)
#
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
#
# Rule 7 (NAT)
#
echo "Rule 7 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25
#
# Rule 8 (NAT)
#
echo "Rule 8 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1
#
# Rule 9 (NAT)
#
@ -564,7 +564,7 @@ script_body() {
#
echo "Rule 18 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24
#
# Rule 19 (NAT)
#
@ -579,7 +579,7 @@ script_body() {
#
# firewall2-3:NAT:20: warning: Adding of virtual address for address range is not implemented (object ext_range)
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110
#
# Rule 21 (NAT)
#
@ -622,7 +622,7 @@ script_body() {
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1
#
# Rule 25 (NAT)
#
@ -687,7 +687,7 @@ script_body() {
#
echo "Rule 33 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 34 (NAT)
#
@ -696,7 +696,7 @@ script_body() {
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 35 (NAT)
#
@ -714,7 +714,7 @@ script_body() {
echo "Rule 36 (NAT)"
#
$IPTABLES -t nat -N Cid35898X1833.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid35898X1833.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid35898X1833.1
$IPTABLES -t nat -A Cid35898X1833.1 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid35898X1833.1 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -N Cid35898X1833.0
@ -727,7 +727,7 @@ script_body() {
echo "Rule 37 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 38 (NAT)
#
@ -735,8 +735,8 @@ script_body() {
#
# this is the "exception" rule
# used in support req. originally
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 39 (NAT)
#
@ -750,8 +750,8 @@ script_body() {
#
# "exception" rule in the pair
# from a support req.
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 41 (NAT)
#
@ -797,8 +797,8 @@ script_body() {
#
# "exception" rule in the pair
# from a support req.
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 45 (NAT)
#
@ -1139,7 +1139,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:13 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:35 2011 by vadim"
check_tools
check_run_time_address_table_files

12
test/ipt/firewall2-4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:18 2011 PDT by vadim
# Generated Fri Jun 3 17:27:37 2011 PDT by vadim
#
# files: * firewall2-4.fw /etc/fw/firewall2-4.fw
#
@ -360,8 +360,8 @@ script_body() {
#
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 192.168.1.20
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 192.168.1.20
#
# Rule 8 (NAT)
#
@ -373,7 +373,7 @@ script_body() {
#
echo "Rule 11 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1
@ -445,7 +445,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:18 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:37 2011 by vadim"
check_tools
check_run_time_address_table_files

26
test/ipt/firewall2-5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:22 2011 PDT by vadim
# Generated Fri Jun 3 17:27:40 2011 PDT by vadim
#
# files: * firewall2-5.fw /etc/fw/firewall2-5.fw
#
@ -349,22 +349,22 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.41
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.41
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.222
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.222
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.222
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.222
#
# Rule 4 (NAT)
#
@ -373,14 +373,14 @@ script_body() {
# should be -o eth1
# firewall2-5:NAT:4: warning: Adding of virtual address for address range is not implemented (object r-222.222.222.0)
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.10-222.222.222.100
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.10-222.222.222.100
#
# Rule 5 (NAT)
#
echo "Rule 5 (NAT)"
#
# should be -o eth2
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.1-33.33.33.3
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.1-33.33.33.3
#
# Rule 7 (NAT)
#
@ -389,22 +389,22 @@ script_body() {
# partially matches eth3
# firewall2-5:NAT:7: warning: Adding of virtual address for address range is not implemented (object range 33 30-33)
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.30-33.33.33.33
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.30-33.33.33.33
#
# Rule 8 (NAT)
#
echo "Rule 8 (NAT)"
#
# should be two rules: -o eth2 and -o eth3
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.1-33.33.33.33
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.1-33.33.33.33
#
# Rule 9 (NAT)
#
echo "Rule 9 (NAT)"
#
# should be -o eth2
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.3
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.4
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.3
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.4
@ -476,7 +476,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:22 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:40 2011 by vadim"
check_tools
check_run_time_address_table_files

34
test/ipt/firewall2-6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:27 2011 PDT by vadim
# Generated Fri Jun 3 17:27:42 2011 PDT by vadim
#
# files: * firewall2-6.fw /etc/fw/firewall2-6.fw
#
@ -359,39 +359,37 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
#
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o ! eth3 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
#
# Rule 5 (NAT)
#
echo "Rule 5 (NAT)"
#
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
#
# Rule 13 (NAT)
#
@ -404,34 +402,34 @@ script_body() {
#
echo "Rule 14 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -i eth1 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -i eth1 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10
#
# Rule 15 (NAT)
#
echo "Rule 15 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -i eth3 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -i eth3 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10
#
# Rule 16 (NAT)
#
echo "Rule 16 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -i eth1 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -i eth3 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -i eth1 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -i eth3 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10
#
# Rule 22 (NAT)
#
echo "Rule 22 (NAT)"
#
# rule for SF feature request 1954286
$IPTABLES -t nat -A PREROUTING -i eth2 -p tcp -m tcp --dport 3996:4000 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -i eth2 -p tcp -m tcp --dport 3996:4000 -j DNAT --to-destination 192.168.1.10
#
# Rule 23 (NAT)
#
echo "Rule 23 (NAT)"
#
# REDIRECT
$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
@ -503,7 +501,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:27 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:42 2011 by vadim"
check_tools
check_run_time_address_table_files

22
test/ipt/firewall2-7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:32 2011 PDT by vadim
# Generated Fri Jun 3 17:27:45 2011 PDT by vadim
#
# files: * firewall2-7.fw /etc/fw/firewall2-7.fw
#
@ -346,34 +346,30 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o bridge+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o vlan+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o bridge+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o vlan+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
#
$IPTABLES -t nat -A POSTROUTING -o vlan101 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o vlan101 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth4 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o bridge0 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o vlan101 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o ! eth3 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
# REDIRECT
$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
@ -445,7 +441,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:32 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:45 2011 by vadim"
check_tools
check_run_time_address_table_files

188
test/ipt/firewall2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:53 2011 PDT by vadim
# Generated Fri Jun 3 17:27:23 2011 PDT by vadim
#
# files: * firewall2.fw /etc/fw/firewall2.fw
#
@ -370,133 +370,133 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
#
# Rule 5 (NAT)
#
echo "Rule 5 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50
#
# Rule 6 (NAT)
#
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
#
# Rule 7 (NAT)
#
echo "Rule 7 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 --random
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24 --random
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25 --random
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 --random
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24 --random
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25 --random
#
# Rule 8 (NAT)
#
echo "Rule 8 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1
#
# Rule 9 (NAT)
#
echo "Rule 9 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1
#
# Rule 10 (NAT)
#
echo "Rule 10 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.40
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.40
#
# Rule 11 (NAT)
#
@ -602,7 +602,7 @@ script_body() {
#
echo "Rule 20 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24
#
# Rule 21 (NAT)
#
@ -617,7 +617,7 @@ script_body() {
#
# firewall2:NAT:22: warning: Adding of virtual address for address range is not implemented (object ext_range)
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110
#
# Rule 23 (NAT)
#
@ -660,7 +660,7 @@ script_body() {
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1
#
# Rule 27 (NAT)
#
@ -725,7 +725,7 @@ script_body() {
#
echo "Rule 35 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 36 (NAT)
#
@ -734,7 +734,7 @@ script_body() {
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 37 (NAT)
#
@ -752,7 +752,7 @@ script_body() {
echo "Rule 38 (NAT)"
#
$IPTABLES -t nat -N Cid40F1C52F.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid40F1C52F.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid40F1C52F.1
$IPTABLES -t nat -A Cid40F1C52F.1 -s 192.168.1.10 -j RETURN
$IPTABLES -t nat -A Cid40F1C52F.1 -s 192.168.1.20 -j RETURN
$IPTABLES -t nat -N Cid40F1C52F.0
@ -765,7 +765,7 @@ script_body() {
echo "Rule 39 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 40 (NAT)
#
@ -773,8 +773,8 @@ script_body() {
#
# this is the "exception" rule
# used in support req. originally
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 41 (NAT)
#
@ -788,8 +788,8 @@ script_body() {
#
# "exception" rule in the pair
# from a support req.
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 43 (NAT)
#
@ -835,8 +835,8 @@ script_body() {
#
# "exception" rule in the pair
# from a support req.
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22
#
# Rule 47 (NAT)
#
@ -856,7 +856,7 @@ script_body() {
echo "Rule 48 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 3050:3051 -j DNAT --to-destination :700
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s 192.168.1.0/24 --dport 700 -j SNAT --to-source 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s 192.168.1.0/24 --dport 700 -j SNAT --to-source 192.168.1.10
#
# Rule 49 (NAT)
#
@ -1503,7 +1503,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:53 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:23 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall20-ipv6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:57 2011 PDT by vadim
# Generated Fri Jun 3 17:27:25 2011 PDT by vadim
#
# files: * firewall20-ipv6.fw /etc/fw/firewall20-ipv6.fw
#
@ -477,7 +477,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:57 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:25 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

22
test/ipt/firewall20.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:54 2011 PDT by vadim
# Generated Fri Jun 3 17:27:23 2011 PDT by vadim
#
# files: * firewall20.fw /etc/fw/firewall20.fw
#
@ -327,27 +327,27 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE --random
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE --random
#
# Rule 4 (NAT)
#
@ -360,7 +360,7 @@ script_body() {
eval "addr_list=$cmd"
for addr in $addr_list
do
test -n "$addr" && $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source $addr
test -n "$addr" && $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source $addr
done
done
#
@ -386,7 +386,7 @@ script_body() {
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1
#
# Rule 7 (NAT)
#
@ -695,7 +695,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:54 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:23 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall21-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:02 2011 PDT by vadim
# Generated Fri Jun 3 17:27:28 2011 PDT by vadim
#
# files: * firewall21-1.fw /etc/fw/firewall21-1.fw
#
@ -352,13 +352,13 @@ script_body() {
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE --random
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE --random
#
# Rule 4 (NAT)
#
@ -366,7 +366,7 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --persistent
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --persistent
done
#
# Rule 5 (NAT)
@ -375,7 +375,7 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random --persistent
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random --persistent
done
@ -495,7 +495,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:02 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:28 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall21.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:14:58 2011 PDT by vadim
# Generated Fri Jun 3 17:27:26 2011 PDT by vadim
#
# files: * firewall21.fw /etc/fw/firewall21.fw
#
@ -351,13 +351,13 @@ script_body() {
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE --random
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE --random
#
# Rule 4 (NAT)
#
@ -365,7 +365,7 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0
done
#
# Rule 5 (NAT)
@ -374,7 +374,7 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random
done
@ -494,7 +494,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:14:58 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:26 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/firewall22.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:05 2011 PDT by vadim
# Generated Fri Jun 3 17:27:30 2011 PDT by vadim
#
# files: * firewall22.fw /etc/fw/firewall22.fw
#
@ -317,7 +317,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -m string --string test_pattern -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -m string --string test_pattern -j SNAT --to-source 192.168.2.1
#
# Rule 1 (NAT)
#
@ -330,7 +330,7 @@ script_body() {
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -m string --string test_pattern -j DNAT --to-destination 200.200.200.200
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 200.200.200.200 -m string --string test_pattern -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 200.200.200.200 -m string --string test_pattern -j SNAT --to-source 192.168.2.1
@ -411,7 +411,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:05 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:30 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall23-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:13 2011 PDT by vadim
# Generated Fri Jun 3 17:27:35 2011 PDT by vadim
#
# files: * firewall23-1.fw /etc/fw/firewall23-1.fw
#
@ -585,7 +585,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:13 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:35 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall23.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:08 2011 PDT by vadim
# Generated Fri Jun 3 17:27:32 2011 PDT by vadim
#
# files: * firewall23.fw /etc/fw/firewall23.fw
#
@ -497,7 +497,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:08 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:32 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall24.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:17 2011 PDT by vadim
# Generated Fri Jun 3 17:27:37 2011 PDT by vadim
#
# files: * firewall24.fw /etc/fw/firewall24.fw
#
@ -514,7 +514,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:17 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:37 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

16
test/ipt/firewall25.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:22 2011 PDT by vadim
# Generated Fri Jun 3 17:27:40 2011 PDT by vadim
#
# files: * firewall25.fw /etc/fw/firewall25.fw
#
@ -620,12 +620,12 @@ script_body() {
echo :OUTPUT ACCEPT [0:0]
#
# Rule 0 (NAT)
echo "-A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 "
echo "-A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 "
#
# Rule 1 (NAT)
echo "-A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 "
echo "-A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 "
echo "-A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 "
echo "-A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 "
#
# Rule 2 (NAT)
getinterfaces ppp | while read I; do
@ -643,7 +643,7 @@ script_body() {
#
# Rule 3 (NAT)
echo "-A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10 "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 "
#
echo COMMIT
@ -705,7 +705,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:22 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:40 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

16
test/ipt/firewall26.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:27 2011 PDT by vadim
# Generated Fri Jun 3 17:27:42 2011 PDT by vadim
#
# files: * firewall26.fw /etc/fw/firewall26.fw
#
@ -506,12 +506,12 @@ script_body() {
echo :OUTPUT ACCEPT [0:0]
#
# Rule 0 (NAT)
echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j MASQUERADE "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 "
echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j MASQUERADE "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 "
#
# Rule 1 (NAT)
echo "-A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 "
echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 "
echo "-A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 "
echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 "
#
# Rule 2 (NAT)
for i_ppp in $i_ppp_list
@ -523,7 +523,7 @@ script_body() {
#
# Rule 3 (NAT)
echo "-A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10 "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 "
#
echo COMMIT
@ -585,7 +585,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:27 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:42 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

16
test/ipt/firewall27.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:32 2011 PDT by vadim
# Generated Fri Jun 3 17:27:45 2011 PDT by vadim
#
# files: * firewall27.fw /etc/fw/firewall27.fw
#
@ -491,12 +491,12 @@ script_body() {
echo :OUTPUT ACCEPT [0:0]
#
# Rule 0 (NAT)
echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 "
echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 "
#
# Rule 1 (NAT)
echo "-A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 "
echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 "
echo "-A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 "
echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 "
#
# Rule 2 (NAT)
echo "-A PREROUTING -p tcp -m tcp -d 192.0.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 "
@ -505,7 +505,7 @@ script_body() {
#
# Rule 3 (NAT)
echo "-A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10 "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 "
#
echo COMMIT
@ -567,7 +567,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:32 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall28.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:36 2011 PDT by vadim
# Generated Fri Jun 3 17:27:47 2011 PDT by vadim
#
# files: * firewall28.fw /etc/fw/firewall28.fw
#
@ -328,7 +328,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22
@ -430,7 +430,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:36 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall29.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:36 2011 PDT by vadim
# Generated Fri Jun 3 17:27:47 2011 PDT by vadim
#
# files: * firewall29.fw /etc/fw/firewall29.fw
#
@ -465,7 +465,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:36 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

12
test/ipt/firewall3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:41 2011 PDT by vadim
# Generated Fri Jun 3 17:27:50 2011 PDT by vadim
#
# files: * firewall3.fw /etc/fw/firewall3.fw
#
@ -313,14 +313,14 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23
@ -599,7 +599,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:41 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:50 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall30.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:41 2011 PDT by vadim
# Generated Fri Jun 3 17:27:50 2011 PDT by vadim
#
# files: * firewall30.fw /etc/fw/firewall30.fw
#
@ -396,7 +396,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:41 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:50 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall31.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:45 2011 PDT by vadim
# Generated Fri Jun 3 17:27:52 2011 PDT by vadim
#
# files: * firewall31.fw /etc/fw/firewall31.fw
#
@ -468,7 +468,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:45 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:52 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall32.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:45 2011 PDT by vadim
# Generated Fri Jun 3 17:27:52 2011 PDT by vadim
#
# files: * firewall32.fw /etc/fw/firewall32.fw
#
@ -439,7 +439,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:45 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:52 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

16
test/ipt/firewall33-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:50 2011 PDT by vadim
# Generated Fri Jun 3 17:27:59 2011 PDT by vadim
#
# files: * firewall33-1.fw /etc/fw/firewall33-1.fw
#
@ -416,11 +416,11 @@ script_body() {
#
$IPTABLES -N Cid438728A918346.0
$IPTABLES -A Policy -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.112 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.113 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.114 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.115 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.116 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.48 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.49 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.50 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.51 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.52 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN
@ -546,7 +546,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:50 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:59 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

36
test/ipt/firewall33.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:51 2011 PDT by vadim
# Generated Fri Jun 3 17:27:59 2011 PDT by vadim
#
# files: * firewall33.fw /etc/fw/firewall33.fw
#
@ -333,32 +333,32 @@ script_body() {
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.224.25 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.224.26 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.226.25 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.226.26 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.255.18 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.255.19 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.224.25 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.224.26 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.226.25 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.226.26 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.255.18 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.255.19 -j MASQUERADE
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d www.cnn.com -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d www.cnn.com -j MASQUERADE
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d www.google.com -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d www.cnn.com -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d www.google.com -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -d www.cnn.com -j MASQUERADE
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
$IPTABLES -t nat -N Cid43876E7B18346.0
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -j Cid43876E7B18346.0
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -j Cid43876E7B18346.0
$IPTABLES -t nat -A Cid43876E7B18346.0 -d www.google.com -j RETURN
$IPTABLES -t nat -A Cid43876E7B18346.0 -d www.cnn.com -j RETURN
$IPTABLES -t nat -A Cid43876E7B18346.0 -j MASQUERADE
@ -466,11 +466,11 @@ script_body() {
$IPTABLES -A OUTPUT -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A INPUT -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A FORWARD -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.112 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.113 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.114 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.115 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.116 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.48 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.49 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.50 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.51 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.52 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN
@ -595,7 +595,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:51 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:27:59 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall34.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:55 2011 PDT by vadim
# Generated Fri Jun 3 17:28:02 2011 PDT by vadim
#
# files: * firewall34.fw /etc/fw/firewall34.fw
#
@ -338,7 +338,7 @@ script_body() {
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -N Cid43891B6E674.0
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -s 192.168.1.0/24 -j Cid43891B6E674.0
$IPTABLES -t nat -A POSTROUTING -o eth0.100 -s 192.168.1.0/24 -j Cid43891B6E674.0
grep -Ev '^#|^;|^\s*$' block-hosts.tbl | while read L ; do
set $L; at_block_these=$1; $IPTABLES -t nat -A Cid43891B6E674.0 -d $at_block_these -j RETURN
done
@ -671,7 +671,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:55 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:02 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall35.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:15:55 2011 PDT by vadim
# Generated Fri Jun 3 17:28:02 2011 PDT by vadim
#
# files: * firewall35.fw /etc/fw/firewall35.fw
#
@ -497,7 +497,7 @@ script_body() {
#
# Rule 1 (NAT)
echo ":Cid4392559D25682.0 - [0:0]"
echo "-A POSTROUTING -o eth0.100 -s 192.168.1.0/24 -j Cid4392559D25682.0 "
echo "-A POSTROUTING -o eth0.100 -s 192.168.1.0/24 -j Cid4392559D25682.0 "
grep -Ev '^#|^;|^\s*$' block-hosts.tbl | while read L ; do
set $L; at_block_these=$1; echo "-A Cid4392559D25682.0 -d $at_block_these -j RETURN "
done
@ -563,7 +563,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:15:55 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:02 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall36-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:00 2011 PDT by vadim
# Generated Fri Jun 3 17:28:04 2011 PDT by vadim
#
# files: * firewall36-1.fw /etc/firewall36-1.fw
#
@ -454,7 +454,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:00 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:04 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall36-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:04 2011 PDT by vadim
# Generated Fri Jun 3 17:28:06 2011 PDT by vadim
#
# files: * firewall36-2.fw /etc/firewall36-2.fw
#
@ -454,7 +454,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:04 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:06 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall36.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:00 2011 PDT by vadim
# Generated Fri Jun 3 17:28:04 2011 PDT by vadim
#
# files: * firewall36.fw /etc/firewall36.fw
#
@ -518,7 +518,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:00 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:04 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall37-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:07 2011 PDT by vadim
# Generated Fri Jun 3 17:28:08 2011 PDT by vadim
#
# files: * firewall37-1.fw /etc/fw/firewall37-1.fw
#
@ -987,7 +987,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:07 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:08 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall37-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:09 2011 PDT by vadim
# Generated Fri Jun 3 17:28:10 2011 PDT by vadim
#
# files: * firewall37-2.fw /etc/fw/firewall37-2.fw
#
@ -704,7 +704,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:09 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:10 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall37.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:05 2011 PDT by vadim
# Generated Fri Jun 3 17:28:11 2011 PDT by vadim
#
# files: * firewall37.fw /etc/fw/firewall37.fw
#
@ -1313,7 +1313,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:05 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:11 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

16
test/ipt/firewall38.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:11 2011 PDT by vadim
# Generated Fri Jun 3 17:28:12 2011 PDT by vadim
#
# files: * firewall38.fw /etc/fw/firewall38.fw
#
@ -472,13 +472,13 @@ script_body() {
echo :OUTPUT ACCEPT [0:0]
#
# Rule 0 (NAT)
echo "-A POSTROUTING -o eth1 -s 22.22.23.22 -j SNAT --to-source 22.22.23.22 "
echo "-A POSTROUTING -o eth1 -s 192.168.1.22 -j SNAT --to-source 22.22.23.22 "
echo "-A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22 "
echo "-A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22 "
echo "-A POSTROUTING -o eth1 -s 22.22.23.22 -j SNAT --to-source 22.22.23.22 "
echo "-A POSTROUTING -o eth1 -s 192.168.1.22 -j SNAT --to-source 22.22.23.22 "
echo "-A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22 "
echo "-A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22 "
#
# Rule 1 (NAT)
echo "-A POSTROUTING -o eth1 -s 192.168.1.0/24 -m mark --mark 16 -j SNAT --to-source 22.22.23.22 "
echo "-A POSTROUTING -o eth1 -s 192.168.1.0/24 -m mark --mark 16 -j SNAT --to-source 22.22.23.22 "
#
echo COMMIT
@ -540,7 +540,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:11 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:12 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall39.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:13 2011 PDT by vadim
# Generated Fri Jun 3 17:28:14 2011 PDT by vadim
#
# files: * firewall39.fw /etc/fw/firewall39.fw
#
@ -820,7 +820,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:13 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:14 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

34
test/ipt/firewall4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:14 2011 PDT by vadim
# Generated Fri Jun 3 17:28:14 2011 PDT by vadim
#
# files: * firewall4.fw /etc/fw/firewall4.fw
#
@ -317,30 +317,30 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.10 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.10 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.10 -j SNAT --to-source 222.222.222.222
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.10 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.10 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.10 -j SNAT --to-source 222.222.222.222
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.41
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.41
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.41
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.40
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.41
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 222.222.222.222
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 222.222.222.222
#
# Rule 4 (NAT)
#
@ -348,12 +348,12 @@ script_body() {
#
for i_eth1 in $i_eth1_list
do
test -n "$i_eth1" && $IPTABLES -t nat -A POSTROUTING -o eth1 -s $i_eth1 -j MASQUERADE
test -n "$i_eth1" && $IPTABLES -t nat -A POSTROUTING -o eth1 -s $i_eth1 -j MASQUERADE
done
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.1 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 222.222.222.222 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.1 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 222.222.222.222 -j MASQUERADE
#
# Rule 5 (NAT)
#
@ -733,7 +733,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:14 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:14 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall40-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:18 2011 PDT by vadim
# Generated Fri Jun 3 17:28:16 2011 PDT by vadim
#
# files: * firewall40-1.fw /etc/firewall40-1.fw
#
@ -338,7 +338,7 @@ script_body() {
#
# Translate source address
# for outgoing connections
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1
# ================ Table 'mangle', rule set Policy_1
#
@ -462,7 +462,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:18 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:16 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall40-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:20 2011 PDT by vadim
# Generated Fri Jun 3 17:28:18 2011 PDT by vadim
#
# files: * firewall40-2.fw /etc/firewall40-2.fw
#
@ -338,7 +338,7 @@ script_body() {
#
# Translate source address
# for outgoing connections
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1
# ================ Table 'mangle', rule set Policy_1
#
@ -449,7 +449,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:20 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:18 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall40.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:17 2011 PDT by vadim
# Generated Fri Jun 3 17:28:16 2011 PDT by vadim
#
# files: * firewall40.fw /etc/firewall40.fw
#
@ -338,7 +338,7 @@ script_body() {
#
# Translate source address
# for outgoing connections
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1
# ================ Table 'mangle', rule set Policy
#
@ -455,7 +455,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:17 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:16 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/firewall41-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:24 2011 PDT by vadim
# Generated Fri Jun 3 17:28:20 2011 PDT by vadim
#
# files: * firewall41-1.fw /etc/firewall41-1.fw
#
@ -456,14 +456,14 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -m set --set atbl.1 src -j SNAT --to-source 1.1.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -m set --set atbl.1 src -j SNAT --to-source 1.1.1.1
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -N Cid2287813X9995.0
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid2287813X9995.0
$IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid2287813X9995.0
$IPTABLES -t nat -A Cid2287813X9995.0 -m set --set atbl.1 src -j RETURN
$IPTABLES -t nat -A Cid2287813X9995.0 -j SNAT --to-source 1.1.1.1
#
@ -596,7 +596,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:24 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:20 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall41.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:22 2011 PDT by vadim
# Generated Fri Jun 3 17:28:20 2011 PDT by vadim
#
# files: * firewall41.fw /etc/firewall41.fw
#
@ -480,7 +480,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:22 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:20 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall42.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:28 2011 PDT by vadim
# Generated Fri Jun 3 17:28:22 2011 PDT by vadim
#
# files: * firewall42.fw /etc/fw/firewall42.fw
#
@ -405,7 +405,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:28 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

28
test/ipt/firewall5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:29 2011 PDT by vadim
# Generated Fri Jun 3 17:28:24 2011 PDT by vadim
#
# files: * firewall5.fw /etc/fw/firewall5.fw
#
@ -321,27 +321,27 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o ppp0 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o ppp1 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o ppp0 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o ppp1 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 77.77.77.77 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 77.77.77.77 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.1 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.1 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.2.1 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.2.1 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 77.77.77.77 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 77.77.77.77 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.1 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.1 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.2.1 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.2.1 -j SNAT --to-source 22.22.22.23
#
# Rule 3 (NAT)
#
@ -647,7 +647,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:29 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall50.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:31 2011 PDT by vadim
# Generated Fri Jun 3 17:28:25 2011 PDT by vadim
#
# files: * firewall50.fw /etc/fw/firewall50.fw
#
@ -439,7 +439,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:31 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:25 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall51.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:33 2011 PDT by vadim
# Generated Fri Jun 3 17:28:27 2011 PDT by vadim
#
# files: * firewall51.fw /etc/fw/firewall51.fw
#
@ -512,7 +512,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:33 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:27 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

34
test/ipt/firewall6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:35 2011 PDT by vadim
# Generated Fri Jun 3 17:28:27 2011 PDT by vadim
#
# files: * firewall6.fw /etc/fw/firewall6.fw
#
@ -321,7 +321,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.20 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.20 --dport 80 -j SNAT --to-source 192.168.1.1
#
# Rule 1 (NAT)
#
@ -337,23 +337,23 @@ script_body() {
# both source and destination
# this rule should be equivalent to two rules above
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 -d 22.22.23.24 --dport 80 -j DNAT --to-destination 192.168.1.20
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.20 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.20 --dport 80 -j SNAT --to-source 192.168.1.1
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1
#
# Rule 5 (NAT)
#
@ -363,15 +363,15 @@ script_body() {
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1
#
# Rule 6 (NAT)
#
echo "Rule 6 (NAT)"
#
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.100 --dport 80 -j DNAT --to-destination 192.168.1.100:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.100 -d 192.168.1.100 --dport 3128 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.100 -d 192.168.1.100 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 7 (NAT)
#
@ -382,21 +382,21 @@ script_body() {
$IPTABLES -t nat -A Cid3F9F8382.0 -d 222.222.222.40 -j RETURN
$IPTABLES -t nat -A Cid3F9F8382.0 -d 222.222.222.41 -j RETURN
$IPTABLES -t nat -A Cid3F9F8382.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.100:3128
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.100 --dport 3128 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.100 --dport 3128 -j SNAT --to-source 192.168.1.1
#
# Rule 8 (NAT)
#
echo "Rule 8 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1
#
# Rule 9 (NAT)
#
echo "Rule 9 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22
$IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23
$IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1
@ -534,7 +534,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:35 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:27 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall60.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:37 2011 PDT by vadim
# Generated Fri Jun 3 17:28:29 2011 PDT by vadim
#
# files: * firewall60.fw /etc/firewall60.fw
#
@ -440,7 +440,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:37 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:29 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.2.5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:38 2011 PDT by vadim
# Generated Fri Jun 3 17:28:29 2011 PDT by vadim
#
# files: * firewall61-1.2.5.fw /etc/firewall61-1.2.5.fw
#
@ -520,7 +520,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:38 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:29 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.2.6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:41 2011 PDT by vadim
# Generated Fri Jun 3 17:28:31 2011 PDT by vadim
#
# files: * firewall61-1.2.6.fw /etc/firewall61-1.2.6.fw
#
@ -526,7 +526,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:41 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:31 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.3.x.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:42 2011 PDT by vadim
# Generated Fri Jun 3 17:28:31 2011 PDT by vadim
#
# files: * firewall61-1.3.x.fw /etc/firewall61-1.3.x.fw
#
@ -513,7 +513,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:42 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:31 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:45 2011 PDT by vadim
# Generated Fri Jun 3 17:28:33 2011 PDT by vadim
#
# files: * firewall61-1.4.fw /etc/firewall61-1.4.fw
#
@ -514,7 +514,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:45 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:33 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall62.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:46 2011 PDT by vadim
# Generated Fri Jun 3 17:28:34 2011 PDT by vadim
#
# files: * firewall62.fw /etc/firewall62.fw
#
@ -590,7 +590,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:46 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:34 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall63.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:49 2011 PDT by vadim
# Generated Fri Jun 3 17:28:36 2011 PDT by vadim
#
# files: * firewall63.fw /etc/firewall63.fw
#
@ -410,7 +410,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:49 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:50 2011 PDT by vadim
# Generated Fri Jun 3 17:28:36 2011 PDT by vadim
#
# files: * firewall7.fw /etc/fw/firewall7.fw
#
@ -494,7 +494,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:50 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall70.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:52 2011 PDT by vadim
# Generated Fri Jun 3 17:28:38 2011 PDT by vadim
#
# files: * firewall70.fw iptables.sh
#
@ -433,7 +433,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:52 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:38 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall71.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:54 2011 PDT by vadim
# Generated Fri Jun 3 17:28:38 2011 PDT by vadim
#
# files: * firewall71.fw /etc/fw/firewall71.fw
#
@ -387,7 +387,7 @@ script_body() {
echo :OUTPUT ACCEPT [0:0]
#
# Rule 0 (NAT)
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 "
echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 "
#
echo COMMIT
@ -449,7 +449,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:54 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:38 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

22
test/ipt/firewall72-1.3.x.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:56 2011 PDT by vadim
# Generated Fri Jun 3 17:28:40 2011 PDT by vadim
#
# files: * firewall72-1.3.x.fw /etc/fw/firewall72-1.3.x.fw
#
@ -335,35 +335,35 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -s ! 192.168.1.0/24 -d 200.200.200.200 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -s ! 192.168.1.0/24 -d 200.200.200.200 -j SNAT --to-source 22.22.22.23
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s ! 192.168.1.0/24 -d 200.200.200.200 --dport 80 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s ! 192.168.1.0/24 -d 200.200.200.200 --dport 80 -j SNAT --to-source 22.22.22.23
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 33.33.33.33
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 172.16.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 33.33.33.33
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 172.16.1.1
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 33.33.33.33
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 172.16.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 33.33.33.33
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 172.16.1.1
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
$IPTABLES -t nat -N Cid212911X8629.0
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j Cid212911X8629.0
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid212911X8629.0
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j Cid212911X8629.0
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid212911X8629.0
$IPTABLES -t nat -A Cid212911X8629.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid212911X8629.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid212911X8629.0 -j SNAT --to-source 172.16.1.1
@ -581,7 +581,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:56 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:40 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

22
test/ipt/firewall72-1.4.3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:57 2011 PDT by vadim
# Generated Fri Jun 3 17:28:40 2011 PDT by vadim
#
# files: * firewall72-1.4.3.fw /etc/fw/firewall72-1.4.3.fw
#
@ -335,35 +335,35 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ ! -s 192.168.1.0/24 -d 200.200.200.200 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ ! -s 192.168.1.0/24 -d 200.200.200.200 -j SNAT --to-source 22.22.22.23
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp ! -s 192.168.1.0/24 -d 200.200.200.200 --dport 80 -j SNAT --to-source 22.22.22.23
$IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp ! -s 192.168.1.0/24 -d 200.200.200.200 --dport 80 -j SNAT --to-source 22.22.22.23
#
# Rule 2 (NAT)
#
echo "Rule 2 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 ! -d 192.168.2.0/24 -j SNAT --to-source 33.33.33.33
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 ! -d 192.168.2.0/24 -j SNAT --to-source 172.16.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 ! -d 192.168.2.0/24 -j SNAT --to-source 33.33.33.33
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 ! -d 192.168.2.0/24 -j SNAT --to-source 172.16.1.1
#
# Rule 3 (NAT)
#
echo "Rule 3 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 ! -d 192.168.2.0/24 --dport 80 -j SNAT --to-source 33.33.33.33
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 ! -d 192.168.2.0/24 --dport 80 -j SNAT --to-source 172.16.1.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 ! -d 192.168.2.0/24 --dport 80 -j SNAT --to-source 33.33.33.33
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 ! -d 192.168.2.0/24 --dport 80 -j SNAT --to-source 172.16.1.1
#
# Rule 4 (NAT)
#
echo "Rule 4 (NAT)"
#
$IPTABLES -t nat -N Cid213031X8629.0
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j Cid213031X8629.0
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid213031X8629.0
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j Cid213031X8629.0
$IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid213031X8629.0
$IPTABLES -t nat -A Cid213031X8629.0 -d 192.168.1.0/24 -j RETURN
$IPTABLES -t nat -A Cid213031X8629.0 -d 192.168.2.0/24 -j RETURN
$IPTABLES -t nat -A Cid213031X8629.0 -j SNAT --to-source 172.16.1.1
@ -581,7 +581,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:16:57 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:40 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall73.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:01 2011 PDT by vadim
# Generated Fri Jun 3 17:28:42 2011 PDT by vadim
#
# files: * firewall73.fw /etc/fw/firewall73.fw
#
@ -544,7 +544,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:01 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:42 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall74.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:01 2011 PDT by vadim
# Generated Fri Jun 3 17:28:43 2011 PDT by vadim
#
# files: * firewall74.fw /etc/fw/firewall74.fw
#
@ -396,7 +396,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:01 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:43 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:05 2011 PDT by vadim
# Generated Fri Jun 3 17:28:44 2011 PDT by vadim
#
# files: * firewall8.fw /etc/fw/firewall8.fw
#
@ -381,7 +381,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:05 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:44 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall80.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:05 2011 PDT by vadim
# Generated Fri Jun 3 17:28:45 2011 PDT by vadim
#
# files: * firewall80.fw /etc/fw/firewall80.fw
#
@ -328,7 +328,7 @@ script_body() {
#
# SNAT rule
$IPTABLES -t nat -N NAT_1_POSTROUTING
$IPTABLES -t nat -A NAT_1_POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A NAT_1_POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1
# ================ Table 'nat', rule set NAT
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:05 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/firewall81.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:08 2011 PDT by vadim
# Generated Fri Jun 3 17:28:47 2011 PDT by vadim
#
# files: * firewall81.fw /etc/fw/firewall81.fw
#
@ -355,7 +355,7 @@ script_body() {
#
# SNAT rule
$IPTABLES -t nat -N NAT_1_POSTROUTING
$IPTABLES -t nat -A NAT_1_POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A NAT_1_POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1
# ================ Table 'nat', rule set NAT_1
#
@ -371,7 +371,7 @@ script_body() {
echo "Rule NAT_1 1 (NAT)"
#
# SNAT rule
$IPTABLES -t nat -A NAT_1_POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A NAT_1_POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1
@ -441,7 +441,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:08 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/firewall82.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:09 2011 PDT by vadim
# Generated Fri Jun 3 17:28:47 2011 PDT by vadim
#
# files: * firewall82.fw /etc/firewall82.fw
#
@ -336,7 +336,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
@ -434,7 +434,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:09 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall82_A.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:12 2011 PDT by vadim
# Generated Fri Jun 3 17:28:49 2011 PDT by vadim
#
# files: * firewall82_A.fw /etc/fw/firewall82_A.fw
#
@ -421,7 +421,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:12 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall82_B.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:13 2011 PDT by vadim
# Generated Fri Jun 3 17:28:49 2011 PDT by vadim
#
# files: * firewall82_B.fw /etc/fw/firewall82_B.fw
#
@ -384,7 +384,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:13 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall9.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:16 2011 PDT by vadim
# Generated Fri Jun 3 17:28:51 2011 PDT by vadim
#
# files: * firewall9.fw /etc/fw/firewall9.fw
#
@ -642,7 +642,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:16 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:51 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall90.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:17 2011 PDT by vadim
# Generated Fri Jun 3 17:28:51 2011 PDT by vadim
#
# files: * firewall90.fw /etc/fw/firewall90.fw
#
@ -404,7 +404,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:17 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:51 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall91.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:20 2011 PDT by vadim
# Generated Fri Jun 3 17:28:53 2011 PDT by vadim
#
# files: * firewall91.fw /etc/fw/firewall91.fw
#
@ -404,7 +404,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:20 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:53 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall92.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:21 2011 PDT by vadim
# Generated Fri Jun 3 17:28:54 2011 PDT by vadim
#
# files: * firewall92.fw /etc/fw/firewall92.fw
#
@ -440,7 +440,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:21 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:54 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall93.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:17:25 2011 PDT by vadim
# Generated Fri Jun 3 17:28:56 2011 PDT by vadim
#
# files: * firewall93.fw /etc/fw/firewall93.fw
#
@ -483,7 +483,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:17:25 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:56 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/fw-A.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:08 2011 PDT by vadim
# Generated Fri Jun 3 17:29:40 2011 PDT by vadim
#
# files: * fw-A.fw /sw/FWbuilder/fw-A.fw
#
@ -745,7 +745,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:08 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:40 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

18
test/ipt/fw1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:07 2011 PDT by vadim
# Generated Fri Jun 3 17:29:38 2011 PDT by vadim
#
# files: * fw1.fw /etc/fw1.fw
#
@ -353,7 +353,7 @@ script_body() {
echo "Rule 1 (NAT)"
#
# source port only
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 --sport 123 -j SNAT --to-source :5050
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 --sport 123 -j SNAT --to-source :5050
#
# Rule 2 (NAT)
#
@ -369,7 +369,7 @@ script_body() {
# SDNAT
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.0.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.168.1.1
#
# Rule 4 (NAT)
#
@ -378,7 +378,7 @@ script_body() {
# SDNAT with source port
$IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.168.1.1 -j DNAT --to-destination 192.168.1.10
$IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1:5050
$IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1:5050
#
# Rule 5 (NAT)
#
@ -386,7 +386,7 @@ script_body() {
#
# SDNAT with dest port
$IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --dport 53 -j DNAT --to-destination 192.168.1.10:1053
$IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1
$IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1
#
# Rule 6 (NAT)
#
@ -396,13 +396,13 @@ script_body() {
# translate src and dst addresses
# and src and dst ports
$IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --sport 1024:65535 --dport 53 -j DNAT --to-destination 192.168.1.10:1053
$IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1:32767-65535
$IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1:32767-65535
#
# Rule 7 (NAT)
#
echo "Rule 7 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 --dport 53 -j SNAT --to-source :5050
$IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 --dport 53 -j SNAT --to-source :5050
@ -546,7 +546,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:07 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:38 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/fwbuilder.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:16:26 2011 PDT by vadim
# Generated Fri Jun 3 17:28:22 2011 PDT by vadim
#
# files: * fwbuilder.fw /etc/init.d/fwbuilder.fw
#
@ -336,7 +336,7 @@ script_body() {
echo "Rule 0 (NAT)"
#
grep -Ev '^#|^;|^\s*$' addr-table-1.tbl | while read L ; do
set $L; at_atbl_1=$1; $IPTABLES -t nat -A POSTROUTING -o eth+ -s $at_atbl_1 -j SNAT --to-source 1.1.1.1
set $L; at_atbl_1=$1; $IPTABLES -t nat -A POSTROUTING -o eth+ -s $at_atbl_1 -j SNAT --to-source 1.1.1.1
done
#
# Rule 1 (NAT)
@ -344,7 +344,7 @@ script_body() {
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -N Cid2101361X9995.0
$IPTABLES -t nat -A POSTROUTING -o eth+ -j Cid2101361X9995.0
$IPTABLES -t nat -A POSTROUTING -o eth+ -j Cid2101361X9995.0
grep -Ev '^#|^;|^\s*$' addr-table-1.tbl | while read L ; do
set $L; at_atbl_1=$1; $IPTABLES -t nat -A Cid2101361X9995.0 -s $at_atbl_1 -j RETURN
done
@ -504,7 +504,7 @@ status_action() {
}
start() {
log "Activating firewall script generated Thu May 26 14:16:26 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:28:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

12
test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:22 2011 PDT by vadim
# Generated Fri Jun 3 17:29:48 2011 PDT by vadim
#
# files: * heartbeat_cluster_1_d_linux-1-d.fw firewall.sh
#
@ -342,7 +342,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
#
# Rule 1 (NAT)
#
@ -350,7 +350,7 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0
done
#
# Rule 2 (NAT)
@ -359,7 +359,7 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random
done
#
# Rule 3 (NAT)
@ -747,7 +747,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

12
test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:22 2011 PDT by vadim
# Generated Fri Jun 3 17:29:48 2011 PDT by vadim
#
# files: * heartbeat_cluster_1_d_linux-2-d.fw firewall.sh
#
@ -347,7 +347,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
#
# Rule 1 (NAT)
#
@ -355,7 +355,7 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0
done
#
# Rule 2 (NAT)
@ -364,7 +364,7 @@ script_body() {
#
for i_eth0 in $i_eth0_list
do
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random
test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random
done
#
# Rule 3 (NAT)
@ -751,7 +751,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/heartbeat_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:21 2011 PDT by vadim
# Generated Fri Jun 3 17:29:48 2011 PDT by vadim
#
# files: * heartbeat_cluster_1_linux-1.fw /etc/heartbeat_cluster_1_linux-1.fw
#
@ -426,13 +426,13 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
#
# Rule 2 (NAT)
#
@ -864,7 +864,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:21 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/heartbeat_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:21 2011 PDT by vadim
# Generated Fri Jun 3 17:29:48 2011 PDT by vadim
#
# files: * heartbeat_cluster_1_linux-2.fw /etc/heartbeat_cluster_1_linux-2.fw
#
@ -331,13 +331,13 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
#
# Rule 2 (NAT)
#
@ -762,7 +762,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:21 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/heartbeat_cluster_2_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:22 2011 PDT by vadim
# Generated Fri Jun 3 17:29:48 2011 PDT by vadim
#
# files: * heartbeat_cluster_2_linux-1.fw /etc/heartbeat_cluster_2_linux-1.fw
#
@ -426,13 +426,13 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
@ -728,7 +728,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/heartbeat_cluster_2_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:23 2011 PDT by vadim
# Generated Fri Jun 3 17:29:48 2011 PDT by vadim
#
# files: * heartbeat_cluster_2_linux-2.fw /etc/heartbeat_cluster_2_linux-2.fw
#
@ -331,13 +331,13 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
#
# Rule 1 (NAT)
#
echo "Rule 1 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
@ -641,7 +641,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/host.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:11 2011 PDT by vadim
# Generated Fri Jun 3 17:29:40 2011 PDT by vadim
#
# files: * host.fw /etc/fw/host.fw
#
@ -443,7 +443,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:11 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:40 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

2
test/ipt/objects-for-regression-tests.fwb
View File

@ -61461,7 +61461,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id1430997X8221" host_OS="linux24" inactive="False" lastCompiled="1272404353" lastInstalled="1142003872" lastModified="1298252008" platform="iptables" version="" name="firewall2-6" comment="tests for nat rules with inbound and outbound interfaces" ro="False">
<Firewall id="id1430997X8221" host_OS="linux24" inactive="False" lastCompiled="1272404353" lastInstalled="1142003872" lastModified="1307144128" platform="iptables" version="" name="firewall2-6" comment="tests for nat rules with inbound and outbound interfaces" ro="False">
<NAT id="id1431063X8221" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id1431065X8221" disabled="False" group="" position="0" action="Translate" comment="NETMAP and no -o itf">
<OSrc neg="False">

8
test/ipt/openais_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:23 2011 PDT by vadim
# Generated Fri Jun 3 17:29:48 2011 PDT by vadim
#
# files: * openais_cluster_1_linux-1.fw /etc/openais_cluster_1_linux-1.fw
#
@ -426,7 +426,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
@ -728,7 +728,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/openais_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:23 2011 PDT by vadim
# Generated Fri Jun 3 17:29:48 2011 PDT by vadim
#
# files: * openais_cluster_1_linux-2.fw /etc/openais_cluster_1_linux-2.fw
#
@ -331,7 +331,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
@ -632,7 +632,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/rc.firewall.local
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:12 2011 PDT by vadim
# Generated Fri Jun 3 17:29:42 2011 PDT by vadim
#
# files: * rc.firewall.local /etc/rc.d//rc.firewall.local
#

6
test/ipt/rh90.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:15 2011 PDT by vadim
# Generated Fri Jun 3 17:29:42 2011 PDT by vadim
#
# files: * rh90.fw /etc/rh90.fw
#
@ -442,7 +442,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:15 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:42 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/secuwall_cluster_1_secuwall-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:23 2011 PDT by vadim
# Generated Fri Jun 3 17:29:49 2011 PDT by vadim
#
# files: * secuwall_cluster_1_secuwall-1.fw /etc/secuwall_cluster_1_secuwall-1.fw
#
@ -426,7 +426,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim"
log "Database was cluster-tests.fwb"
check_tools
check_run_time_address_table_files

6
test/ipt/server-cluster-1_server-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:23 2011 PDT by vadim
# Generated Fri Jun 3 17:29:49 2011 PDT by vadim
#
# files: * server-cluster-1_server-1.fw /etc/fw/server-cluster-1_server-1.fw
#
@ -421,7 +421,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/server-cluster-1_server-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:23 2011 PDT by vadim
# Generated Fri Jun 3 17:29:49 2011 PDT by vadim
#
# files: * server-cluster-1_server-2.fw /etc/fw/server-cluster-1_server-2.fw
#
@ -418,7 +418,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:19 2011 PDT by vadim
# Generated Fri Jun 3 17:29:45 2011 PDT by vadim
#
# files: * test-shadowing-1.fw /etc/test-shadowing-1.fw
#
@ -492,7 +492,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:19 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:20 2011 PDT by vadim
# Generated Fri Jun 3 17:29:47 2011 PDT by vadim
#
# files: * test-shadowing-2.fw /etc/test-shadowing-2.fw
#
@ -450,7 +450,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:20 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:22 2011 PDT by vadim
# Generated Fri Jun 3 17:29:47 2011 PDT by vadim
#
# files: * test-shadowing-3.fw /etc/test-shadowing-3.fw
#
@ -499,7 +499,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

10
test/ipt/test_fw.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:16 2011 PDT by vadim
# Generated Fri Jun 3 17:29:45 2011 PDT by vadim
#
# files: * test_fw.fw /etc/test_fw.fw
#
@ -346,8 +346,8 @@ script_body() {
#
# Translate source address
# for outgoing connections
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to-source 192.0.2.1
#
# Rule 2 (NAT)
#
@ -591,7 +591,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:16 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/vrrp_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:24 2011 PDT by vadim
# Generated Fri Jun 3 17:29:49 2011 PDT by vadim
#
# files: * vrrp_cluster_1_linux-1.fw /etc/vrrp_cluster_1_linux-1.fw
#
@ -426,7 +426,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
@ -731,7 +731,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/vrrp_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:24 2011 PDT by vadim
# Generated Fri Jun 3 17:29:49 2011 PDT by vadim
#
# files: * vrrp_cluster_1_linux-2.fw /etc/vrrp_cluster_1_linux-2.fw
#
@ -331,7 +331,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
@ -636,7 +636,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/vrrp_cluster_2_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:24 2011 PDT by vadim
# Generated Fri Jun 3 17:29:49 2011 PDT by vadim
#
# files: * vrrp_cluster_2_linux-1.fw /etc/vrrp_cluster_2_linux-1.fw
#
@ -426,7 +426,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
@ -663,7 +663,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/vrrp_cluster_2_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:24 2011 PDT by vadim
# Generated Fri Jun 3 17:29:49 2011 PDT by vadim
#
# files: * vrrp_cluster_2_linux-2.fw /etc/vrrp_cluster_2_linux-2.fw
#
@ -331,7 +331,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
@ -568,7 +568,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

8
test/ipt/vrrp_cluster_2_linux-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.3546
# Firewall Builder fwb_ipt v5.0.0.3547
#
# Generated Thu May 26 14:18:24 2011 PDT by vadim
# Generated Fri Jun 3 17:29:49 2011 PDT by vadim
#
# files: * vrrp_cluster_2_linux-3.fw /etc/vrrp_cluster_2_linux-3.fw
#
@ -331,7 +331,7 @@ script_body() {
#
echo "Rule 0 (NAT)"
#
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1
@ -544,7 +544,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/pf/firewall-base-rulesets.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:50 2011 PDT by vadim
# Generated Fri Jun 3 17:49:38 2011 PDT by vadim
#
# files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
# files: firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf
@ -169,7 +169,7 @@ configure_interfaces() {
update_addresses_of_interface "en2 192.168.100.1/0xffffff00" ""
}
log "Activating firewall script generated Mon May 30 21:58:50 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:38 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall-ipv6-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:50 2011 PDT by vadim
# Generated Fri Jun 3 17:49:39 2011 PDT by vadim
#
# files: * firewall-ipv6-1.fw pf-ipv6.fw
# files: firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf
@ -181,7 +181,7 @@ configure_interfaces() {
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon May 30 21:58:50 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:39 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall-ipv6-2.conf.orig
View File

@ -5,7 +5,7 @@
# Tables: (5)
table <tbl.r4.s> { 222.222.222.22 , 222.222.222.23 }
table <tbl.r4.sx> { 2001:5c0:0:2::24 , 3ffe:1200:2000::/36 , 3ffe:1200:2001:1:8000::1 }
table <tbl.r5.s> { 61.150.47.112 , 64.233.183.99 , 64.233.183.103 , 64.233.183.104 , 64.233.183.105 , 64.233.183.106 , 64.233.183.147 , 192.168.1.0 }
table <tbl.r5.s> { 61.150.47.112 , 74.125.224.48 , 74.125.224.49 , 74.125.224.50 , 74.125.224.51 , 74.125.224.52 , 192.168.1.0 }
table <tbl.r5.sx> { 2001:5c0:0:2::24 , 3ffe:1200:2001:1:8000::1 }
table <tbl.r7.s> { 61.150.47.112 , 192.168.1.0 }

6
test/pf/firewall-ipv6-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:51 2011 PDT by vadim
# Generated Fri Jun 3 17:49:39 2011 PDT by vadim
#
# files: * firewall-ipv6-2.fw pf.fw
# files: firewall-ipv6-2.conf pf.conf
@ -185,7 +185,7 @@ configure_interfaces() {
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon May 30 21:58:51 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:39 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall-ipv6-3.fw.orig
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:51 2011 PDT by vadim
# Generated Fri Jun 3 17:49:40 2011 PDT by vadim
#
# files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
# files: firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf

4
test/pf/firewall.conf.orig
View File

@ -32,8 +32,8 @@ table <tbl.r9.s> { 211.11.11.11 , 211.22.22.22 }
#
# Rule 0 (NAT)
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.222
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.222
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
#
# Rule 2 (NAT)
rdr proto tcp from any to <tbl.r2> port 25 -> 192.168.1.10 port 25

6
test/pf/firewall.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:24 2011 PDT by vadim
# Generated Fri Jun 3 17:49:13 2011 PDT by vadim
#
# files: * firewall.fw /etc/pf.fw
# files: firewall.conf /etc/pf.conf
@ -173,7 +173,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon May 30 21:58:24 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:13 2011 by vadim"
set_kernel_vars
configure_interfaces

38
test/pf/firewall1.conf.orig
View File

@ -38,14 +38,14 @@ nat proto {tcp udp icmp} from 192.168.1.10 to any -> 22.22.22.23
nat proto {tcp udp icmp} from ! 192.168.1.0/24 to 200.200.200.200 -> 22.22.22.23
#
# Rule 3 (NAT)
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23
#
# Rule 4 (NAT)
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23
#
# Rule 5 (NAT)
# more examples
@ -55,22 +55,22 @@ nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23
nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 22.22.22.50 , 22.22.22.51 }
#
# Rule 6 (NAT)
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.1.1
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 22.22.22.22
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.2.1
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 22.22.23.23
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.1.1
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 22.22.22.22
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.2.1
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 22.22.23.23
#
# Rule 7 (NAT)
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 192.168.1.1
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 22.22.22.22
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 192.168.2.1
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 22.22.23.23
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 192.168.1.1
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 22.22.22.22
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 192.168.2.1
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 22.22.23.23
#
# Rule 8 (NAT)
nat on eth0 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 192.168.1.1
nat on eth1 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 22.22.22.22
nat on eth2 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 192.168.2.1
nat on eth3 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 22.22.23.23
nat on eth0 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 192.168.1.1
nat on eth1 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 22.22.22.22
nat on eth2 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 192.168.2.1
nat on eth3 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 22.22.23.23
#
# Rule 9 (NAT)
rdr proto tcp from 192.168.1.0/24 to ! <tbl.r9> port 80 -> 127.0.0.1 port 3128
@ -96,7 +96,7 @@ rdr proto tcp from ! <tbl.r11> to <tbl.r7> port 80 -> 127.0.0.1 port 3128
rdr proto tcp from ! 192.168.1.10 to any port 80 -> 127.0.0.1 port 3128
#
# Rule 16 (NAT)
rdr on eth1 proto tcp from <tbl.r16> to 22.22.22.22 port 80 -> 192.168.1.10 port 80
rdr on eth1 proto tcp from <tbl.r16> to 22.22.22.22 port 80 -> 192.168.1.10 port 80
# Policy compiler errors and warnings:
# firewall1:Policy:10: warning: Changing rule direction due to self reference

6
test/pf/firewall1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:25 2011 PDT by vadim
# Generated Fri Jun 3 17:49:13 2011 PDT by vadim
#
# files: * firewall1.fw /etc/fw/firewall1.fw
# files: firewall1.conf /etc/fw/firewall1.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:25 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:13 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-1.conf.orig
View File

@ -7,7 +7,7 @@ scrub in all fragment reassemble
#
# Rule 1 (NAT)
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
#
# Rule backup ssh access rule

6
test/pf/firewall10-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:26 2011 PDT by vadim
# Generated Fri Jun 3 17:49:14 2011 PDT by vadim
#
# files: * firewall10-1.fw /etc/fw/firewall10-1.fw
# files: firewall10-1.conf /etc/fw/firewall10-1.conf
@ -74,7 +74,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:26 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:14 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-2.conf.orig
View File

@ -8,7 +8,7 @@ scrub in all fragment reassemble
#
# Rule 1 (NAT)
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
#
# Rule backup ssh access rule

6
test/pf/firewall10-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:26 2011 PDT by vadim
# Generated Fri Jun 3 17:49:15 2011 PDT by vadim
#
# files: * firewall10-2.fw /etc/fw/firewall10-2.fw
# files: firewall10-2.conf /etc/fw/firewall10-2.conf
@ -74,7 +74,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:26 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:15 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-3.conf.orig
View File

@ -7,7 +7,7 @@ scrub in all fragment reassemble
#
# Rule 1 (NAT)
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
#
# Rule backup ssh access rule

6
test/pf/firewall10-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:27 2011 PDT by vadim
# Generated Fri Jun 3 17:49:16 2011 PDT by vadim
#
# files: * firewall10-3.fw /etc/fw/firewall10-3.fw
# files: firewall10-3.conf /etc/fw/firewall10-3.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:27 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:16 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-4.conf.orig
View File

@ -8,7 +8,7 @@ scrub in all fragment reassemble
#
# Rule 1 (NAT)
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
#
# Rule backup ssh access rule

6
test/pf/firewall10-4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:29 2011 PDT by vadim
# Generated Fri Jun 3 17:49:18 2011 PDT by vadim
#
# files: * firewall10-4.fw /etc/fw/firewall10-4.fw
# files: firewall10-4.conf /etc/fw/firewall10-4.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:29 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:18 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-5.conf.orig
View File

@ -7,7 +7,7 @@ scrub in all fragment reassemble
#
# Rule 1 (NAT)
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
#
# Rule backup ssh access rule

6
test/pf/firewall10-5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:31 2011 PDT by vadim
# Generated Fri Jun 3 17:49:20 2011 PDT by vadim
#
# files: * firewall10-5.fw /etc/fw/firewall10-5.fw
# files: firewall10-5.conf /etc/fw/firewall10-5.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:31 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:20 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall10-6.conf.orig
View File

@ -8,7 +8,7 @@ scrub in all fragment reassemble
#
# Rule 1 (NAT)
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
#
# Rule backup ssh access rule

6
test/pf/firewall10-6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:32 2011 PDT by vadim
# Generated Fri Jun 3 17:49:20 2011 PDT by vadim
#
# files: * firewall10-6.fw /etc/fw/firewall10-6.fw
# files: firewall10-6.conf /etc/fw/firewall10-6.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:32 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:20 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall100.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:25 2011 PDT by vadim
# Generated Fri Jun 3 17:49:13 2011 PDT by vadim
#
# files: * firewall100.fw /etc/fw/pf.fw
# files: firewall100.conf /etc/fw/path\ with\ space/pf.conf
@ -167,7 +167,7 @@ configure_interfaces() {
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
}
log "Activating firewall script generated Mon May 30 21:58:25 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:13 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall101.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:26 2011 PDT by vadim
# Generated Fri Jun 3 17:49:14 2011 PDT by vadim
#
# files: * firewall101.fw /etc/fw/pf.fw
# files: firewall101.conf /etc/fw/path\ with\ space/pf.conf
@ -170,7 +170,7 @@ configure_interfaces() {
update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
}
log "Activating firewall script generated Mon May 30 21:58:26 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:14 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall102.fw.orig
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:26 2011 PDT by vadim
# Generated Fri Jun 3 17:49:15 2011 PDT by vadim
#
# files: * firewall102.fw /etc/fw/pf.fw
# files: firewall102.conf /etc/fw/path\ with\ space/pf.conf

6
test/pf/firewall103-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:28 2011 PDT by vadim
# Generated Fri Jun 3 17:49:17 2011 PDT by vadim
#
# files: * firewall103-1.fw /etc/fw/pf.fw
# files: firewall103-1.conf /etc/fw/path\ with\ space/pf.conf
@ -394,7 +394,7 @@ configure_interfaces() {
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
}
log "Activating firewall script generated Mon May 30 21:58:28 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:17 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall103-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:28 2011 PDT by vadim
# Generated Fri Jun 3 17:49:17 2011 PDT by vadim
#
# files: * firewall103-2.fw /etc/fw/pf.fw
# files: firewall103-2.conf /etc/fw/path\ with\ space/pf.conf
@ -394,7 +394,7 @@ configure_interfaces() {
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
}
log "Activating firewall script generated Mon May 30 21:58:28 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:17 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall103.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:27 2011 PDT by vadim
# Generated Fri Jun 3 17:49:16 2011 PDT by vadim
#
# files: * firewall103.fw /etc/fw/pf.fw
# files: firewall103.conf /etc/fw/path\ with\ space/pf.conf
@ -397,7 +397,7 @@ configure_interfaces() {
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
}
log "Activating firewall script generated Mon May 30 21:58:27 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:16 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall104-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:30 2011 PDT by vadim
# Generated Fri Jun 3 17:49:19 2011 PDT by vadim
#
# files: * firewall104-1.fw /etc/fw/pf.fw
# files: firewall104-1.conf /etc/fw/path\ with\ space/pf.conf
@ -393,7 +393,7 @@ configure_interfaces() {
$IFCONFIG bridge0 -stp em3
}
log "Activating firewall script generated Mon May 30 21:58:30 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:19 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall104.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:29 2011 PDT by vadim
# Generated Fri Jun 3 17:49:18 2011 PDT by vadim
#
# files: * firewall104.fw /etc/fw/pf.fw
# files: firewall104.conf /etc/fw/path\ with\ space/pf.conf
@ -396,7 +396,7 @@ configure_interfaces() {
$IFCONFIG bridge0 stp em3
}
log "Activating firewall script generated Mon May 30 21:58:29 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:18 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall105.fw.orig
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:30 2011 PDT by vadim
# Generated Fri Jun 3 17:49:19 2011 PDT by vadim
#
# files: * firewall105.fw /etc/fw/pf.fw
# files: firewall105.conf /etc/fw/path\ with\ space/pf.conf

4
test/pf/firewall106.fw.orig
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:31 2011 PDT by vadim
# Generated Fri Jun 3 17:49:20 2011 PDT by vadim
#
# files: * firewall106.fw /etc/fw/pf.fw
# files: firewall106.conf /etc/fw/path\ with\ space/pf.conf

6
test/pf/firewall107.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:32 2011 PDT by vadim
# Generated Fri Jun 3 17:49:21 2011 PDT by vadim
#
# files: * firewall107.fw /etc/fw/pf.fw
# files: firewall107.conf /etc/fw/path\ with\ space/pf.conf
@ -395,7 +395,7 @@ configure_interfaces() {
update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" ""
}
log "Activating firewall script generated Mon May 30 21:58:32 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:21 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall108.fw.orig
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:33 2011 PDT by vadim
# Generated Fri Jun 3 17:49:21 2011 PDT by vadim
#
# files: * firewall108.fw /etc/fw/pf.fw
# files: firewall108.conf /etc/fw/path\ with\ space/pf.conf

4
test/pf/firewall109-1.fw.orig
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:34 2011 PDT by vadim
# Generated Fri Jun 3 17:49:22 2011 PDT by vadim
#
# files: * firewall109-1.fw /etc/fw/pf.fw
# files: firewall109-1.conf /etc/fw/path\ with\ space/pf.conf

6
test/pf/firewall109-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:34 2011 PDT by vadim
# Generated Fri Jun 3 17:49:22 2011 PDT by vadim
#
# files: * firewall109-2.fw /etc/fw/pf.fw
# files: firewall109-2.conf /etc/fw/path\ with\ space/pf.conf
@ -400,7 +400,7 @@ configure_interfaces() {
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
}
log "Activating firewall script generated Mon May 30 21:58:34 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:22 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall109-3.fw.orig
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:34 2011 PDT by vadim
# Generated Fri Jun 3 17:49:23 2011 PDT by vadim
#
# files: * firewall109-3.fw /etc/fw/pf.fw
# files: firewall109-3.conf /etc/fw/path\ with\ space/pf.conf

6
test/pf/firewall109.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:33 2011 PDT by vadim
# Generated Fri Jun 3 17:49:21 2011 PDT by vadim
#
# files: * firewall109.fw /etc/fw/pf.fw
# files: firewall109.conf /etc/fw/path\ with\ space/pf.conf
@ -401,7 +401,7 @@ configure_interfaces() {
update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
}
log "Activating firewall script generated Mon May 30 21:58:33 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:21 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall11.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:34 2011 PDT by vadim
# Generated Fri Jun 3 17:49:23 2011 PDT by vadim
#
# files: * firewall11.fw /etc/firewall11.fw
# files: firewall11.conf /etc/firewall11.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:34 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:23 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall110.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:35 2011 PDT by vadim
# Generated Fri Jun 3 17:49:24 2011 PDT by vadim
#
# files: * firewall110.fw /etc/fw/firewall110.fw
# files: firewall110.conf /etc/fw/firewall110.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:35 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:24 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall111.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:35 2011 PDT by vadim
# Generated Fri Jun 3 17:49:24 2011 PDT by vadim
#
# files: * firewall111.fw /etc/fw/firewall111.fw
# files: firewall111.conf /etc/fw/firewall111.conf
@ -86,7 +86,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:35 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:24 2011 by vadim"
set_kernel_vars
configure_interfaces

24
test/pf/firewall12.conf.orig
View File

@ -10,8 +10,8 @@ table <tbl.r4> { 22.22.22.22 , 22.22.23.22 }
rdr proto tcp from any to <tbl.r4> port 80 -> 127.0.0.1 port 8080
#
# Rule 7 (NAT)
nat on en0 proto udp from any port 6767 to any -> 22.22.22.22 port 67
nat on en1 proto udp from any port 6767 to any -> 22.22.23.22 port 67
nat on en0 proto udp from any port 6767 to any -> 22.22.22.22 port 67
nat on en1 proto udp from any port 6767 to any -> 22.22.23.22 port 67
#
# Rule 9 (NAT)
rdr proto tcp from any to any port 80 -> 127.0.0.1 port 8080
@ -19,33 +19,33 @@ rdr proto tcp from any to any port 80 -> 127.0.0.1 port 8080
# Rule 10 (NAT)
# SDNAT
rdr proto tcp from any to <tbl.r4> port 22 -> 192.168.1.10 port 22
nat on en0 proto tcp from any to 192.168.1.10 port 22 -> 22.22.22.22
nat on en1 proto tcp from any to 192.168.1.10 port 22 -> 22.22.23.22
nat on en0 proto tcp from any to 192.168.1.10 port 22 -> 22.22.22.22
nat on en1 proto tcp from any to 192.168.1.10 port 22 -> 22.22.23.22
#
# Rule 11 (NAT)
# SDNAT with source port
rdr proto udp from any port 123 to <tbl.r4> -> 192.168.1.10
nat on en0 proto udp from any port 123 to 192.168.1.10 -> 22.22.22.22 port 5050
nat on en1 proto udp from any port 123 to 192.168.1.10 -> 22.22.23.22 port 5050
nat on en0 proto udp from any port 123 to 192.168.1.10 -> 22.22.22.22 port 5050
nat on en1 proto udp from any port 123 to 192.168.1.10 -> 22.22.23.22 port 5050
#
# Rule 12 (NAT)
# SDNAT with dest port
rdr proto udp from 192.168.1.0/24 to any port 53 -> 192.168.1.10 port 1053
nat on en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.22.22
nat on en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.23.22
nat on en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.22.22
nat on en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.23.22
#
# Rule 13 (NAT)
# SDNAT
# translate src and dst addresses
# and src and dst ports
rdr proto udp from 192.168.1.0/24 port 1024:65535 to any port 53 -> 192.168.1.10 port 1053
nat on en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.22.22 port 32767:*
nat on en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.23.22 port 32767:*
nat on en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.22.22 port 32767:*
nat on en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.23.22 port 32767:*
#
# Rule 14 (NAT)
# Matches destination port, translates source port
nat on en0 proto udp from 192.168.1.0/24 to any port 53 -> 22.22.22.22 port 5050
nat on en1 proto udp from 192.168.1.0/24 to any port 53 -> 22.22.23.22 port 5050
nat on en0 proto udp from 192.168.1.0/24 to any port 53 -> 22.22.22.22 port 5050
nat on en1 proto udp from 192.168.1.0/24 to any port 53 -> 22.22.23.22 port 5050
#
# Rule 0 (global)

6
test/pf/firewall12.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:36 2011 PDT by vadim
# Generated Fri Jun 3 17:49:25 2011 PDT by vadim
#
# files: * firewall12.fw /etc/fw/firewall12.fw
# files: firewall12.conf /etc/fw/firewall12.conf
@ -165,7 +165,7 @@ configure_interfaces() {
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon May 30 21:58:36 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:25 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall13.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:36 2011 PDT by vadim
# Generated Fri Jun 3 17:49:25 2011 PDT by vadim
#
# files: * firewall13.fw /etc/fw/firewall13.fw
# files: firewall13.conf /etc/fw/firewall13.conf
@ -88,7 +88,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:36 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:25 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall14-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:37 2011 PDT by vadim
# Generated Fri Jun 3 17:49:26 2011 PDT by vadim
#
# files: * firewall14-1.fw /etc/firewall14-1.fw
# files: firewall14-1.conf /etc/firewall14-1.conf
@ -248,7 +248,7 @@ configure_interfaces() {
update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
}
log "Activating firewall script generated Mon May 30 21:58:37 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:26 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall14.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:37 2011 PDT by vadim
# Generated Fri Jun 3 17:49:26 2011 PDT by vadim
#
# files: * firewall14.fw /etc/firewall14.fw
# files: firewall14.conf /etc/firewall14.conf
@ -248,7 +248,7 @@ configure_interfaces() {
update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
}
log "Activating firewall script generated Mon May 30 21:58:37 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:26 2011 by vadim"
set_kernel_vars
configure_interfaces

2
test/pf/firewall2-1.conf.orig
View File

@ -42,7 +42,7 @@ table <tbl.r0> { 22.22.22.22 , 192.168.1.1 }
# firewall2-1:NAT:17: warning: Translated Src, Dst and Srv are ignored in the NAT rule with action 'Branch'
#
# Rule 0 (NAT)
rdr on { eth1 eth0 } proto {tcp udp icmp} from any to <tbl.r0> -> 192.168.1.10
rdr on { eth1 eth0 } proto {tcp udp icmp} from any to <tbl.r0> -> 192.168.1.10
#
# Rule 8 (NAT)
no nat proto tcp from 192.168.1.0/24 to any

6
test/pf/firewall2-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:39 2011 PDT by vadim
# Generated Fri Jun 3 17:49:28 2011 PDT by vadim
#
# files: * firewall2-1.fw /etc/fw/firewall2-1.fw
# files: firewall2-1.conf /etc/fw/firewall2-1.conf
@ -88,7 +88,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:39 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:28 2011 by vadim"
set_kernel_vars
configure_interfaces

28
test/pf/firewall2-6.conf.orig
View File

@ -7,54 +7,54 @@
nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.0/24
#
# Rule 1 (NAT)
nat on em1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
nat on em1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
#
# Rule 2 (NAT)
#
nat on em3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
nat on em3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
#
# Rule 3 (NAT)
#
nat on { em1 em3 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
nat on { em1 em3 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
#
# Rule 4 (NAT)
nat on { em1 em3 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
nat on { em1 em3 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
#
# Rule 5 (NAT)
#
nat on { em0 em1 em2 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
nat on ! em3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
#
# Rule 6 (NAT)
#
nat on { em0 em2 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
nat on { em0 em2 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
#
# Rule 7 (NAT)
nat on { em0 em2 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
nat on { em0 em2 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40
#
# Rule 8 (NAT)
rdr proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10
#
# Rule 9 (NAT)
rdr on em0 proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10
rdr on em0 proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10
#
# Rule 10 (NAT)
rdr on { em0 em2 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10
rdr on { em0 em2 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10
#
# Rule 11 (NAT)
rdr on { em0 em2 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10
rdr on { em0 em2 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10
#
# Rule 12 (NAT)
rdr on { em1 em3 em2 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10
rdr on ! em0 proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10
#
# Rule 13 (NAT)
rdr on { em1 em3 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10
rdr on { em1 em3 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10
#
# Rule 14 (NAT)
rdr on { em1 em3 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10
rdr on { em1 em3 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10
#
# Rule 15 (NAT)
# REDIRECT
rdr on em0 proto tcp from any to any port 80 -> 127.0.0.1 port 3128
rdr on em0 proto tcp from any to any port 80 -> 127.0.0.1 port 3128
#
# Rule 0 (global)

6
test/pf/firewall2-6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:40 2011 PDT by vadim
# Generated Fri Jun 3 17:49:28 2011 PDT by vadim
#
# files: * firewall2-6.fw /etc/firewall2-6.fw
# files: firewall2-6.conf /etc/firewall2-6.conf
@ -170,7 +170,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon May 30 21:58:40 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:28 2011 by vadim"
set_kernel_vars
configure_interfaces

48
test/pf/firewall2.conf.orig
View File

@ -30,10 +30,10 @@ table <tbl.r5.s> { self , 192.168.1.0/24 }
#
# Rule 0 (NAT)
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1
nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23
nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1
#
# Rule 1 (NAT)
nat proto {tcp udp icmp} from <tbl.r1> to any -> 22.22.22.23
@ -42,10 +42,10 @@ nat proto {tcp udp icmp} from <tbl.r1> to any -> 22.22.22.23
nat proto {tcp udp icmp} from 192.168.1.0/24 to <tbl.r1> -> 192.168.1.1
#
# Rule 3 (NAT)
nat on eth0 proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.1.1
nat on eth1 proto tcp from 192.168.1.0/24 to any port 80 -> 22.22.22.22
nat on eth3 proto tcp from 192.168.1.0/24 to any port 80 -> 22.22.23.23
nat on eth2 proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.2.1
nat on eth0 proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.1.1
nat on eth1 proto tcp from 192.168.1.0/24 to any port 80 -> 22.22.22.22
nat on eth3 proto tcp from 192.168.1.0/24 to any port 80 -> 22.22.23.23
nat on eth2 proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.2.1
#
# Rule 4 (NAT)
nat proto tcp from <tbl.r1> to any port 80 -> 22.22.22.23
@ -54,10 +54,10 @@ nat proto tcp from <tbl.r1> to any port 80 -> 22.22.22.23
nat proto tcp from 192.168.1.0/24 to <tbl.r1> port 80 -> 192.168.1.1
#
# Rule 6 (NAT)
nat on eth0 proto 47 from 192.168.1.0/24 to any -> 192.168.1.1
nat on eth1 proto 47 from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth3 proto 47 from 192.168.1.0/24 to any -> 22.22.23.23
nat on eth2 proto 47 from 192.168.1.0/24 to any -> 192.168.2.1
nat on eth0 proto 47 from 192.168.1.0/24 to any -> 192.168.1.1
nat on eth1 proto 47 from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth3 proto 47 from 192.168.1.0/24 to any -> 22.22.23.23
nat on eth2 proto 47 from 192.168.1.0/24 to any -> 192.168.2.1
#
# Rule 7 (NAT)
nat proto icmp from <tbl.r1> to any -> 22.22.22.23
@ -82,10 +82,10 @@ nat proto {tcp udp icmp} from 192.168.1.20 to any -> 22.22.23.24
rdr proto {tcp udp icmp} from any to <tbl.r16> -> 192.168.1.10
#
# Rule 17 (NAT)
rdr on eth1 proto {tcp udp icmp} from any to 22.22.22.22 -> 192.168.1.10
rdr on eth1 proto {tcp udp icmp} from any to 22.22.22.22 -> 192.168.1.10
#
# Rule 18 (NAT)
rdr on eth1 proto {tcp udp icmp} from any to 22.22.22.22 -> 192.168.1.10
rdr on eth1 proto {tcp udp icmp} from any to 22.22.22.22 -> 192.168.1.10
#
# Rule 19 (NAT)
rdr proto 47 from any to <tbl.r16> -> 192.168.1.10
@ -94,14 +94,14 @@ rdr proto 47 from any to <tbl.r16> -> 192.168.1.10
rdr proto tcp from any to <tbl.r16> port 10000:11000 -> 192.168.1.10 port 10000:*
#
# Rule 21 (NAT)
rdr on eth1 proto tcp from any to 22.22.22.22 port 10000:11000 -> 192.168.1.10 port 10000:*
rdr on eth1 proto tcp from any to 22.22.22.22 port 10000:11000 -> 192.168.1.10 port 10000:*
#
# Rule 22 (NAT)
rdr on eth1 proto tcp from any to 22.22.22.22 port 10000:11000 -> 192.168.1.10 port 10000:*
rdr on eth1 proto tcp from any to 22.22.22.22 port 10000:11000 -> 192.168.1.10 port 10000:*
#
# Rule 23 (NAT)
rdr on eth1 proto tcp from any to 22.22.22.22 port 10000:11000 -> 192.168.1.10 port 10000:*
nat on eth0 proto tcp from any to 192.168.1.10 port 10000:11000 -> 192.168.1.1
rdr on eth1 proto tcp from any to 22.22.22.22 port 10000:11000 -> 192.168.1.10 port 10000:*
nat on eth0 proto tcp from any to 192.168.1.10 port 10000:11000 -> 192.168.1.1
#
# Rule 24 (NAT)
rdr proto tcp from any to 22.22.22.23 port 80 -> 192.168.1.10 port 25
@ -131,20 +131,20 @@ rdr proto tcp from 192.168.1.0/24 to ! <tbl.r29> port 80 -> 127.0.0.1 port 10000
# for bug 1111267: this custom service object has
# "proto ..." in the protocol string, compiler can put
# it in generated nat command in the right place.
nat on eth1 proto {tcp udp icmp gre} from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth1 proto {tcp udp icmp gre} from 192.168.1.0/24 to any -> 22.22.22.22
#
# Rule 32 (NAT)
# for bug 1111267: this custom service object
# has "proto .." in the code string but we can't insert
# it in the generated nat command b/c it would appear
# in the wrong place, after "from".
nat on eth1 from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth1 from 192.168.1.0/24 to any -> 22.22.22.22
#
# Rule 33 (NAT)
nat on eth1 proto tcp from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth1 proto udp from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth1 proto 47 from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth1 proto icmp from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth1 proto tcp from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth1 proto udp from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth1 proto 47 from 192.168.1.0/24 to any -> 22.22.22.22
nat on eth1 proto icmp from 192.168.1.0/24 to any -> 22.22.22.22
# Policy compiler errors and warnings:
# firewall2:Policy:12: warning: Changing rule direction due to self reference

6
test/pf/firewall2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:38 2011 PDT by vadim
# Generated Fri Jun 3 17:49:27 2011 PDT by vadim
#
# files: * firewall2.fw /etc/fw/firewall2.fw
# files: firewall2.conf /etc/fw/firewall2.conf
@ -73,7 +73,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:38 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:27 2011 by vadim"
set_kernel_vars
configure_interfaces

10
test/pf/firewall20.conf.orig
View File

@ -3,17 +3,17 @@
#
# Rule 0 (NAT)
nat on dc2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on { dc0 dc1 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 10.1.1.1 , 222.222.222.20 , 222.222.222.21 }
nat on dc2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on { dc0 dc1 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 10.1.1.1 , 222.222.222.20 , 222.222.222.21 }
#
# Rule 1 (NAT)
nat on dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.20
nat on dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.20
#
# Rule 2 (NAT)
nat on dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.20
nat on dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.20
#
# Rule 3 (NAT)
nat on dc0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.21
nat on dc0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.21
#
# Rule 0 (dc0)

6
test/pf/firewall20.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:38 2011 PDT by vadim
# Generated Fri Jun 3 17:49:27 2011 PDT by vadim
#
# files: * firewall20.fw /etc/fw/firewall20.fw
# files: firewall20.conf /etc/fw/firewall20.conf
@ -73,7 +73,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:38 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:27 2011 by vadim"
set_kernel_vars
configure_interfaces

4
test/pf/firewall21-NAT_1.conf.orig
View File

@ -1,5 +1,5 @@
#
# Rule NAT_1 0 (NAT)
nat on en1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1
nat on en1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1

6
test/pf/firewall21.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.3.0.3546
# Firewall Builder fwb_pf v5.0.0.3547
#
# Generated Mon May 30 21:58:39 2011 PDT by vadim
# Generated Fri Jun 3 17:49:27 2011 PDT by vadim
#
# files: * firewall21.fw /etc/fw/firewall21.fw
# files: firewall21.conf /etc/fw/firewall21.conf
@ -81,7 +81,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon May 30 21:58:39 2011 by vadim"
log "Activating firewall script generated Fri Jun 3 17:49:27 2011 by vadim"
set_kernel_vars
configure_interfaces

Some files were not shown because too many files have changed in this diff Show More