From 15bab71f49f53198f2064de53342f927c4004606 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Fri, 3 Jun 2011 17:54:14 -0700 Subject: [PATCH] * NATCompiler_ipt.cpp (compile): see #2456 Added support for single object negation in "Inbound Interface" and "Outbound Interface" columns in compiler for iptables. * NATCompiler_pf.cpp (compile): see #2456 Added support for single object negation in "Interface" rule element of PF NAT rules. Now compiler can produce PF commands such as "nat on ! em0 ... " (for PF <4.7) or "match on ! em0 ..." (for PF >= 4.7) * Compiler.cpp (singleObjectNegation::processNext): moved rule processor that processes single object negation in any rule element to the base class Compiler. --- doc/ChangeLog | 15 ++ src/iptlib/NATCompiler_PrintRule.cpp | 13 +- src/iptlib/NATCompiler_ipt.cpp | 26 +-- src/iptlib/NATCompiler_ipt.h | 34 ---- src/iptlib/PolicyCompiler_ipt.cpp | 29 +-- src/iptlib/PolicyCompiler_ipt.h | 10 +- src/libfwbuilder/src/fwcompiler/Compiler.cpp | 41 +++- src/libfwbuilder/src/fwcompiler/Compiler.h | 21 +- .../src/fwcompiler/NATCompiler.cpp | 43 ++-- src/libfwbuilder/src/fwcompiler/NATCompiler.h | 52 ++++- .../src/fwcompiler/PolicyCompiler.h | 41 +++- src/pflib/NATCompiler_pf.cpp | 2 + src/pflib/NATCompiler_pf_writers.cpp | 3 +- test/ipt/cluster1_secuwall-1.fw.orig | 8 +- test/ipt/firewall-base-rulesets.fw.orig | 6 +- test/ipt/firewall-ipv6-1.fw.orig | 6 +- test/ipt/firewall-ipv6-2.fw.orig | 6 +- test/ipt/firewall-ipv6-3.fw.orig | 8 +- test/ipt/firewall-ipv6-4-1.fw.orig | 10 +- test/ipt/firewall-ipv6-4.fw.orig | 10 +- test/ipt/firewall-ipv6-5.fw.orig | 6 +- test/ipt/firewall-ipv6-6.fw.orig | 6 +- test/ipt/firewall-ipv6-7.fw.orig | 6 +- test/ipt/firewall-ipv6-8.fw.orig | 6 +- ...-ipv6-ipt-reset-prolog-after-flush.fw.orig | 8 +- ...-ipt-reset-prolog-after-interfaces.fw.orig | 8 +- ...firewall-ipv6-ipt-reset-prolog-top.fw.orig | 8 +- test/ipt/firewall-ipv6-nd-ns-1.fw.orig | 6 +- test/ipt/firewall-ipv6-nd-ns-2.fw.orig | 6 +- .../firewall-ipv6-prolog-after-flush.fw.orig | 8 +- ...ewall-ipv6-prolog-after-interfaces.fw.orig | 8 +- test/ipt/firewall-ipv6-prolog-top.fw.orig | 8 +- test/ipt/firewall-server-1-s.fw.orig | 6 +- test/ipt/firewall.fw.orig | 36 ++-- test/ipt/firewall1.fw.orig | 48 ++--- test/ipt/firewall10.fw.orig | 6 +- test/ipt/firewall11.fw.orig | 14 +- test/ipt/firewall12.fw.orig | 28 +-- test/ipt/firewall13.fw.orig | 6 +- test/ipt/firewall14.fw.orig | 22 +- test/ipt/firewall15.fw.orig | 6 +- test/ipt/firewall16.fw.orig | 28 +-- test/ipt/firewall17.fw.orig | 10 +- test/ipt/firewall18.fw.orig | 50 ++--- test/ipt/firewall19.fw.orig | 6 +- test/ipt/firewall2-1.fw.orig | 180 ++++++++--------- test/ipt/firewall2-2.fw.orig | 180 ++++++++--------- test/ipt/firewall2-3.fw.orig | 180 ++++++++--------- test/ipt/firewall2-4.fw.orig | 12 +- test/ipt/firewall2-5.fw.orig | 26 +-- test/ipt/firewall2-6.fw.orig | 34 ++-- test/ipt/firewall2-7.fw.orig | 22 +- test/ipt/firewall2.fw.orig | 188 +++++++++--------- test/ipt/firewall20-ipv6.fw.orig | 6 +- test/ipt/firewall20.fw.orig | 22 +- test/ipt/firewall21-1.fw.orig | 14 +- test/ipt/firewall21.fw.orig | 14 +- test/ipt/firewall22.fw.orig | 10 +- test/ipt/firewall23-1.fw.orig | 6 +- test/ipt/firewall23.fw.orig | 6 +- test/ipt/firewall24.fw.orig | 6 +- test/ipt/firewall25.fw.orig | 16 +- test/ipt/firewall26.fw.orig | 16 +- test/ipt/firewall27.fw.orig | 16 +- test/ipt/firewall28.fw.orig | 8 +- test/ipt/firewall29.fw.orig | 6 +- test/ipt/firewall3.fw.orig | 12 +- test/ipt/firewall30.fw.orig | 6 +- test/ipt/firewall31.fw.orig | 6 +- test/ipt/firewall32.fw.orig | 6 +- test/ipt/firewall33-1.fw.orig | 16 +- test/ipt/firewall33.fw.orig | 36 ++-- test/ipt/firewall34.fw.orig | 8 +- test/ipt/firewall35.fw.orig | 8 +- test/ipt/firewall36-1.fw.orig | 6 +- test/ipt/firewall36-2.fw.orig | 6 +- test/ipt/firewall36.fw.orig | 6 +- test/ipt/firewall37-1.fw.orig | 6 +- test/ipt/firewall37-2.fw.orig | 6 +- test/ipt/firewall37.fw.orig | 6 +- test/ipt/firewall38.fw.orig | 16 +- test/ipt/firewall39.fw.orig | 6 +- test/ipt/firewall4.fw.orig | 34 ++-- test/ipt/firewall40-1.fw.orig | 8 +- test/ipt/firewall40-2.fw.orig | 8 +- test/ipt/firewall40.fw.orig | 8 +- test/ipt/firewall41-1.fw.orig | 10 +- test/ipt/firewall41.fw.orig | 6 +- test/ipt/firewall42.fw.orig | 6 +- test/ipt/firewall5.fw.orig | 28 +-- test/ipt/firewall50.fw.orig | 6 +- test/ipt/firewall51.fw.orig | 6 +- test/ipt/firewall6.fw.orig | 34 ++-- test/ipt/firewall60.fw.orig | 6 +- test/ipt/firewall61-1.2.5.fw.orig | 6 +- test/ipt/firewall61-1.2.6.fw.orig | 6 +- test/ipt/firewall61-1.3.x.fw.orig | 6 +- test/ipt/firewall61-1.4.fw.orig | 6 +- test/ipt/firewall62.fw.orig | 6 +- test/ipt/firewall63.fw.orig | 6 +- test/ipt/firewall7.fw.orig | 6 +- test/ipt/firewall70.fw.orig | 6 +- test/ipt/firewall71.fw.orig | 8 +- test/ipt/firewall72-1.3.x.fw.orig | 22 +- test/ipt/firewall72-1.4.3.fw.orig | 22 +- test/ipt/firewall73.fw.orig | 6 +- test/ipt/firewall74.fw.orig | 6 +- test/ipt/firewall8.fw.orig | 6 +- test/ipt/firewall80.fw.orig | 8 +- test/ipt/firewall81.fw.orig | 10 +- test/ipt/firewall82.fw.orig | 8 +- test/ipt/firewall82_A.fw.orig | 6 +- test/ipt/firewall82_B.fw.orig | 6 +- test/ipt/firewall9.fw.orig | 6 +- test/ipt/firewall90.fw.orig | 6 +- test/ipt/firewall91.fw.orig | 6 +- test/ipt/firewall92.fw.orig | 6 +- test/ipt/firewall93.fw.orig | 6 +- test/ipt/fw-A.fw.orig | 6 +- test/ipt/fw1.fw.orig | 18 +- test/ipt/fwbuilder.fw.orig | 10 +- .../heartbeat_cluster_1_d_linux-1-d.fw.orig | 12 +- .../heartbeat_cluster_1_d_linux-2-d.fw.orig | 12 +- test/ipt/heartbeat_cluster_1_linux-1.fw.orig | 10 +- test/ipt/heartbeat_cluster_1_linux-2.fw.orig | 10 +- test/ipt/heartbeat_cluster_2_linux-1.fw.orig | 10 +- test/ipt/heartbeat_cluster_2_linux-2.fw.orig | 10 +- test/ipt/host.fw.orig | 6 +- test/ipt/objects-for-regression-tests.fwb | 2 +- test/ipt/openais_cluster_1_linux-1.fw.orig | 8 +- test/ipt/openais_cluster_1_linux-2.fw.orig | 8 +- test/ipt/rc.firewall.local | 4 +- test/ipt/rh90.fw.orig | 6 +- .../ipt/secuwall_cluster_1_secuwall-1.fw.orig | 6 +- test/ipt/server-cluster-1_server-1.fw.orig | 6 +- test/ipt/server-cluster-1_server-2.fw.orig | 6 +- test/ipt/test-shadowing-1.fw.orig | 6 +- test/ipt/test-shadowing-2.fw.orig | 6 +- test/ipt/test-shadowing-3.fw.orig | 6 +- test/ipt/test_fw.fw.orig | 10 +- test/ipt/vrrp_cluster_1_linux-1.fw.orig | 8 +- test/ipt/vrrp_cluster_1_linux-2.fw.orig | 8 +- test/ipt/vrrp_cluster_2_linux-1.fw.orig | 8 +- test/ipt/vrrp_cluster_2_linux-2.fw.orig | 8 +- test/ipt/vrrp_cluster_2_linux-3.fw.orig | 8 +- test/pf/firewall-base-rulesets.fw.orig | 6 +- test/pf/firewall-ipv6-1.fw.orig | 6 +- test/pf/firewall-ipv6-2.conf.orig | 2 +- test/pf/firewall-ipv6-2.fw.orig | 6 +- test/pf/firewall-ipv6-3.fw.orig | 4 +- test/pf/firewall.conf.orig | 4 +- test/pf/firewall.fw.orig | 6 +- test/pf/firewall1.conf.orig | 38 ++-- test/pf/firewall1.fw.orig | 6 +- test/pf/firewall10-1.conf.orig | 2 +- test/pf/firewall10-1.fw.orig | 6 +- test/pf/firewall10-2.conf.orig | 2 +- test/pf/firewall10-2.fw.orig | 6 +- test/pf/firewall10-3.conf.orig | 2 +- test/pf/firewall10-3.fw.orig | 6 +- test/pf/firewall10-4.conf.orig | 2 +- test/pf/firewall10-4.fw.orig | 6 +- test/pf/firewall10-5.conf.orig | 2 +- test/pf/firewall10-5.fw.orig | 6 +- test/pf/firewall10-6.conf.orig | 2 +- test/pf/firewall10-6.fw.orig | 6 +- test/pf/firewall100.fw.orig | 6 +- test/pf/firewall101.fw.orig | 6 +- test/pf/firewall102.fw.orig | 4 +- test/pf/firewall103-1.fw.orig | 6 +- test/pf/firewall103-2.fw.orig | 6 +- test/pf/firewall103.fw.orig | 6 +- test/pf/firewall104-1.fw.orig | 6 +- test/pf/firewall104.fw.orig | 6 +- test/pf/firewall105.fw.orig | 4 +- test/pf/firewall106.fw.orig | 4 +- test/pf/firewall107.fw.orig | 6 +- test/pf/firewall108.fw.orig | 4 +- test/pf/firewall109-1.fw.orig | 4 +- test/pf/firewall109-2.fw.orig | 6 +- test/pf/firewall109-3.fw.orig | 4 +- test/pf/firewall109.fw.orig | 6 +- test/pf/firewall11.fw.orig | 6 +- test/pf/firewall110.fw.orig | 6 +- test/pf/firewall111.fw.orig | 6 +- test/pf/firewall12.conf.orig | 24 +-- test/pf/firewall12.fw.orig | 6 +- test/pf/firewall13.fw.orig | 6 +- test/pf/firewall14-1.fw.orig | 6 +- test/pf/firewall14.fw.orig | 6 +- test/pf/firewall2-1.conf.orig | 2 +- test/pf/firewall2-1.fw.orig | 6 +- test/pf/firewall2-6.conf.orig | 28 +-- test/pf/firewall2-6.fw.orig | 6 +- test/pf/firewall2.conf.orig | 48 ++--- test/pf/firewall2.fw.orig | 6 +- test/pf/firewall20.conf.orig | 10 +- test/pf/firewall20.fw.orig | 6 +- test/pf/firewall21-NAT_1.conf.orig | 4 +- test/pf/firewall21.fw.orig | 6 +- test/pf/firewall22.fw.orig | 6 +- test/pf/firewall3.conf.orig | 4 +- test/pf/firewall3.fw.orig | 6 +- test/pf/firewall33.conf.orig | 10 +- test/pf/firewall33.fw.orig | 6 +- test/pf/firewall34.conf.orig | 8 +- test/pf/firewall34.fw.orig | 6 +- test/pf/firewall38.conf.orig | 8 +- test/pf/firewall38.fw.orig | 6 +- test/pf/firewall39.conf.orig | 8 +- test/pf/firewall39.fw.orig | 6 +- test/pf/firewall4.conf.orig | 24 +-- test/pf/firewall4.fw.orig | 6 +- test/pf/firewall40-1.conf.orig | 4 +- test/pf/firewall40-1.fw.orig | 6 +- test/pf/firewall40.conf.orig | 4 +- test/pf/firewall40.fw.orig | 6 +- test/pf/firewall41.fw.orig | 6 +- test/pf/firewall5.fw.orig | 6 +- test/pf/firewall51.fw.orig | 6 +- test/pf/firewall6.fw.orig | 6 +- test/pf/firewall62.fw.orig | 6 +- test/pf/firewall63.fw.orig | 6 +- test/pf/firewall7.fw.orig | 6 +- test/pf/firewall70.fw.orig | 6 +- test/pf/firewall8.conf.orig | 18 +- test/pf/firewall8.fw.orig | 6 +- test/pf/firewall80-4.5.fw.orig | 6 +- test/pf/firewall80.fw.orig | 6 +- test/pf/firewall9.conf.orig | 2 +- test/pf/firewall9.fw.orig | 6 +- test/pf/firewall91.fw.orig | 6 +- test/pf/firewall92.conf.orig | 12 +- test/pf/firewall92.fw.orig | 8 +- test/pf/objects-for-regression-tests.fwb | 56 +++++- test/pf/pf_cluster_1_openbsd-1.conf.orig | 12 +- test/pf/pf_cluster_1_openbsd-1.fw.orig | 6 +- test/pf/pf_cluster_1_openbsd-2.conf.orig | 12 +- test/pf/pf_cluster_1_openbsd-2.fw.orig | 6 +- test/pf/pf_cluster_2_freebsd-1.fw.orig | 6 +- test/pf/pf_cluster_2_freebsd-2.fw.orig | 6 +- test/pf/pf_cluster_3_openbsd-3.fw.orig | 6 +- test/pf/pf_cluster_3_openbsd-4.fw.orig | 6 +- test/pf/pf_cluster_4_rc.conf.local | 4 +- test/pf/pf_cluster_5_openbsd-3.conf.orig | 2 +- test/pf/pf_cluster_5_openbsd-3.fw.orig | 6 +- test/pf/pf_cluster_5_openbsd-4.conf.orig | 2 +- test/pf/pf_cluster_5_openbsd-4.fw.orig | 6 +- 248 files changed, 1676 insertions(+), 1522 deletions(-) diff --git a/doc/ChangeLog b/doc/ChangeLog index 7060bc7be..1bca3eadb 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,18 @@ +2011-06-03 vadim + + * NATCompiler_ipt.cpp (compile): see #2456 Added support for + single object negation in "Inbound Interface" and "Outbound + Interface" columns in compiler for iptables. + + * NATCompiler_pf.cpp (compile): see #2456 Added support for single + object negation in "Interface" rule element of PF NAT rules. Now + compiler can produce PF commands such as "nat on ! em0 ... " (for + PF <4.7) or "match on ! em0 ..." (for PF >= 4.7) + + * Compiler.cpp (singleObjectNegation::processNext): moved rule + processor that processes single object negation in any rule + element to the base class Compiler. + 2011-06-02 Vadim Kurland * pf.g (set_rule): see #2464 implemented import of PF "set timeout", diff --git a/src/iptlib/NATCompiler_PrintRule.cpp b/src/iptlib/NATCompiler_PrintRule.cpp index 818bfa42c..6bac2a3ee 100644 --- a/src/iptlib/NATCompiler_PrintRule.cpp +++ b/src/iptlib/NATCompiler_PrintRule.cpp @@ -213,8 +213,17 @@ string NATCompiler_ipt::PrintRule::_printChainDirectionAndInterface(NATRule *rul res << rule->getStr("ipt_chain").c_str(); - if ( ! iface_in_name.isEmpty()) res << "-i" << iface_in_name; - if ( ! iface_out_name.isEmpty()) res << "-o" << iface_out_name; + if ( ! iface_in_name.isEmpty()) + { + res << _printSingleOptionWithNegation( + "-i", itf_in_re, iface_in_name.toStdString()).c_str(); + } + + if ( ! iface_out_name.isEmpty()) + { + res << _printSingleOptionWithNegation( + "-o", itf_out_re, iface_out_name.toStdString()).c_str(); + } res << ""; diff --git a/src/iptlib/NATCompiler_ipt.cpp b/src/iptlib/NATCompiler_ipt.cpp index e9305022f..bd4e170c0 100644 --- a/src/iptlib/NATCompiler_ipt.cpp +++ b/src/iptlib/NATCompiler_ipt.cpp @@ -1482,30 +1482,6 @@ bool NATCompiler_ipt::splitMultipleICMP::processNext() return true; } -bool NATCompiler_ipt::singleObjectNegation::processNext() -{ - NATRule *rule=getNext(); if (rule==NULL) return false; - - RuleElement *rel = RuleElement::cast(rule->getFirstByType(re_type)); - assert(rel); - - if (rel->getNeg() && rel->size()==1) - { - FWObject *o = rel->front(); - if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); - Address *reladdr = Address::cast(o); - if ( reladdr && reladdr->countInetAddresses(true)==1 && - !compiler->complexMatch(reladdr, compiler->fw)) - { - rel->setNeg(false); - rel->setBool("single_object_negation", true); - } - } - - tmp_queue.push_back(rule); - return true; -} - bool NATCompiler_ipt::doOSrcNegation::processNext() { NATRule *rule=getNext(); if (rule==NULL) return false; @@ -2428,12 +2404,14 @@ void NATCompiler_ipt::compile() add(new replaceClusterInterfaceInItfInb( "replace cluster interfaces with member interfaces in " "the inbound Interface rule element")); + add(new singleObjectNegationItfInb("process single object negation in inbound Itf")); add(new ItfInbNegation("process negation in inbound Itf")); add(new expandGroupsInItfOutb("expand groups in outbound Interface")); add(new replaceClusterInterfaceInItfOutb( "replace cluster interfaces with member interfaces in " "the outbound Interface rule element")); + add(new singleObjectNegationItfOutb("process single object negation in outbound Itf")); add(new ItfOutbNegation("process negation in outbound Itf")); add( new recursiveGroupsInOSrc("check for recursive groups in OSRC")); diff --git a/src/iptlib/NATCompiler_ipt.h b/src/iptlib/NATCompiler_ipt.h index 4aa71fa08..653058873 100644 --- a/src/iptlib/NATCompiler_ipt.h +++ b/src/iptlib/NATCompiler_ipt.h @@ -307,40 +307,6 @@ namespace fwcompiler */ DECLARE_NAT_RULE_PROCESSOR(splitMultipleICMP); - /** - * prepare for negation of single objects in rule elements - */ - class singleObjectNegation : public NATRuleProcessor - { - std::string re_type; - public: - singleObjectNegation(const std::string &n,std::string _type): - NATRuleProcessor(n) { re_type=_type; } - virtual bool processNext(); - }; - - /** - * single object negation in OSrc - */ - class singleObjectNegationOSrc : public singleObjectNegation - { - public: - singleObjectNegationOSrc(const std::string &n): - singleObjectNegation(n,libfwbuilder::RuleElementOSrc::TYPENAME) - {} - }; - - /** - * single object negation in ODst - */ - class singleObjectNegationODst : public singleObjectNegation - { - public: - singleObjectNegationODst(const std::string &n): - singleObjectNegation(n,libfwbuilder::RuleElementODst::TYPENAME) - {} - }; - /** * deals with negation in OSrc */ diff --git a/src/iptlib/PolicyCompiler_ipt.cpp b/src/iptlib/PolicyCompiler_ipt.cpp index dd44ba921..b9ea48a6f 100644 --- a/src/iptlib/PolicyCompiler_ipt.cpp +++ b/src/iptlib/PolicyCompiler_ipt.cpp @@ -1083,26 +1083,6 @@ bool PolicyCompiler_ipt::printRuleElements::processNext() return true; } -bool PolicyCompiler_ipt::singleItfNegation::processNext() -{ - PolicyRule *rule = getNext(); if (rule==NULL) return false; - RuleElementItf *itfrel = rule->getItf(); - - if (itfrel->getNeg() && itfrel->size()==1) - { - Interface *itf = compiler->getFirstItf(rule); - // note: itf can be NULL if object in this rule element is a group - if (itf!=NULL && itf->isChildOf(compiler->fw)) - { - itfrel->setNeg(false); - itfrel->setBool("single_object_negation", true); - } - } - - tmp_queue.push_back(rule); - return true; -} - bool PolicyCompiler_ipt::singleSrcNegation::processNext() { PolicyCompiler_ipt *ipt_comp=dynamic_cast(compiler); @@ -4175,7 +4155,12 @@ void PolicyCompiler_ipt::compile() add( new printTotalNumberOfRules()); + // use full negation rule processor in shadowing detection. + // This rule processor replaces inetrface(s) object(s) with a + // complimentary set of "other" interfaces of the firewall. + // add( new ItfNegation("process negation in Itf")); + add( new InterfacePolicyRules( "process interface policy rules and store interface ids")); add( new convertAnyToNotFWForShadowing("convert 'any' to '!fw'")); @@ -4276,7 +4261,9 @@ void PolicyCompiler_ipt::compile() add( new expandGroupsInItf("expand groups in Interface" )); add( new replaceClusterInterfaceInItf( "replace cluster interfaces with member interfaces in the Interface rule element")); - add( new singleItfNegation("negation in Itf if it holds single object")); + + add( new singleObjectNegationItf( + "negation in Itf if it holds single object")); add( new ItfNegation("process negation in Itf")); add( new decideOnChainForClassify("set chain for action is Classify")); diff --git a/src/iptlib/PolicyCompiler_ipt.h b/src/iptlib/PolicyCompiler_ipt.h index 87b1dfbaa..4db64744b 100644 --- a/src/iptlib/PolicyCompiler_ipt.h +++ b/src/iptlib/PolicyCompiler_ipt.h @@ -283,12 +283,10 @@ protected: DECLARE_POLICY_RULE_PROCESSOR(convertAnyToNotFWForShadowing); /** - * processes rules with negation in Itf if it holds only one object - */ - DECLARE_POLICY_RULE_PROCESSOR(singleItfNegation); - - /** - * processes rules with negation in Src if it holds only one object + * processes rules with negation in Src if it holds only one + * object. Similar to PolicyCompiler::singleObjectNegationSrc + * but takes into account AddressTable objects if we compile + * with support for ipset module */ DECLARE_POLICY_RULE_PROCESSOR(singleSrcNegation); diff --git a/src/libfwbuilder/src/fwcompiler/Compiler.cpp b/src/libfwbuilder/src/fwcompiler/Compiler.cpp index 814b9bff3..1a5e70327 100644 --- a/src/libfwbuilder/src/fwcompiler/Compiler.cpp +++ b/src/libfwbuilder/src/fwcompiler/Compiler.cpp @@ -916,6 +916,40 @@ bool Compiler::equalObj::operator()(FWObject *o) return o->getId()==obj->getId(); } +bool Compiler::singleObjectNegation::processNext() +{ + Rule *rule = prev_processor->getNextRule(); if (rule==NULL) return false; + + RuleElement *rel = RuleElement::cast(rule->getFirstByType(re_type)); + assert(rel); + + if (rel->getNeg() && rel->size()==1) + { + if (rel->getTypeName() == RuleElementItfInb::TYPENAME || + rel->getTypeName() == RuleElementItfOutb::TYPENAME || + rel->getTypeName() == RuleElementItf::TYPENAME ) + { + rel->setNeg(false); + rel->setBool("single_object_negation", true); + } else + { + FWObject *o = rel->front(); + if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + Address *reladdr = Address::cast(o); + if ( reladdr && reladdr->countInetAddresses(true)==1 && + !compiler->complexMatch(reladdr, compiler->fw)) + { + rel->setNeg(false); + rel->setBool("single_object_negation", true); + } + } + } + + tmp_queue.push_back(rule); + return true; +} + + /* * Process negation in the "Interface" rule element. Scan objects in * this RE, replace cluster interfaces with interfaces of the member, @@ -927,8 +961,13 @@ bool Compiler::equalObj::operator()(FWObject *o) * the RE. However I keep the code that deals with them in place to be * able to use this processor without prior call to * replaceClusterInterfaceInItf if necessary. + * + * TODO: make this code assert() if cluster interface appears in RE/ + * + * Note that rule processor singleObjectNegationItf deals with single + * object negation in Interface rule elements. */ -bool Compiler::interfaceNegationInRE::processNext() +bool Compiler::fullInterfaceNegationInRE::processNext() { Rule *rule = prev_processor->getNextRule(); if (rule==NULL) return false; RuleElement *itfre = RuleElement::cast(rule->getFirstByType(re_type)); diff --git a/src/libfwbuilder/src/fwcompiler/Compiler.h b/src/libfwbuilder/src/fwcompiler/Compiler.h index 08f5b0565..b9e233d47 100644 --- a/src/libfwbuilder/src/fwcompiler/Compiler.h +++ b/src/libfwbuilder/src/fwcompiler/Compiler.h @@ -363,16 +363,31 @@ public: virtual bool processNext(); }; - class interfaceNegationInRE : public BasicRuleProcessor + /** + * prepare for negation of single objects in rule elements + */ + class singleObjectNegation : public BasicRuleProcessor { std::string re_type; public: - interfaceNegationInRE(const std::string &n, - std::string _type) : + singleObjectNegation(const std::string &n,std::string _type): BasicRuleProcessor(n) { re_type=_type; } virtual bool processNext(); }; + /* + * replace interfaces in the give RE with a set of all other + * interfaces of the firewall. + */ + class fullInterfaceNegationInRE : public BasicRuleProcessor + { + std::string re_type; + public: + fullInterfaceNegationInRE(const std::string &n, std::string _type) : + BasicRuleProcessor(n) { re_type=_type; } + virtual bool processNext(); + }; + /** * replace cluster interface objects with inetrfaces of the member * firewall in the Interface rule element diff --git a/src/libfwbuilder/src/fwcompiler/NATCompiler.cpp b/src/libfwbuilder/src/fwcompiler/NATCompiler.cpp index d5e3ed0cd..e23fcb493 100644 --- a/src/libfwbuilder/src/fwcompiler/NATCompiler.cpp +++ b/src/libfwbuilder/src/fwcompiler/NATCompiler.cpp @@ -933,6 +933,17 @@ string NATCompiler::debugPrintRule(libfwbuilder::Rule *r) string itf_inb = " "; string itf_outb = " "; + if (osrcrel->getNeg()) osrc = "!"; + if (odstrel->getNeg()) odst = "!"; + if (osrvrel->getNeg()) osrv = "!"; + + if (tsrcrel->getNeg()) tsrc = "!"; + if (tdstrel->getNeg()) tdst = "!"; + if (tsrvrel->getNeg()) tsrv = "!"; + + if (itf_inb_rel->getNeg()) itf_inb = "!"; + if (itf_outb_rel->getNeg()) itf_outb = "!"; + int osrc_id = -1; int odst_id = -1; int osrv_id = -1; @@ -947,64 +958,64 @@ string NATCompiler::debugPrintRule(libfwbuilder::Rule *r) if (i1!=osrcrel->end()) { FWObject *o = FWReference::getObject(*i1); - osrc=o->getName(); - osrc_id=o->getId(); + osrc += o->getName(); + osrc_id = o->getId(); } if (i2!=odstrel->end()) { FWObject *o = FWReference::getObject(*i2); - odst=o->getName(); - odst_id=o->getId(); + odst += o->getName(); + odst_id = o->getId(); } if (i3!=osrvrel->end()) { FWObject *o = FWReference::getObject(*i3); - osrv=o->getName(); - osrv_id=o->getId(); + osrv += o->getName(); + osrv_id = o->getId(); } if (i4!=tsrcrel->end()) { FWObject *o = FWReference::getObject(*i4); - tsrc=o->getName(); - tsrc_id=o->getId(); + tsrc += o->getName(); + tsrc_id = o->getId(); } if (i5!=tdstrel->end()) { FWObject *o = FWReference::getObject(*i5); - tdst=o->getName(); - tdst_id=o->getId(); + tdst += o->getName(); + tdst_id = o->getId(); } if (i6!=tsrvrel->end()) { FWObject *o = FWReference::getObject(*i6); - tsrv=o->getName(); - tsrv_id=o->getId(); + tsrv += o->getName(); + tsrv_id = o->getId(); } if (i7!=itf_inb_rel->end()) { FWObject *o = FWReference::getObject(*i7); - itf_inb = o->getName(); + itf_inb += o->getName(); itf_inb_id = o->getId(); } if (i8!=itf_outb_rel->end()) { FWObject *o = FWReference::getObject(*i8); - itf_outb = o->getName(); + itf_outb += o->getName(); itf_outb_id = o->getId(); } - int w=0; + int w = 0; if (no==0) { str << rule->getLabel(); - w=rule->getLabel().length(); + w = rule->getLabel().length(); } str << setw(8-w) << setfill(' ') << " "; diff --git a/src/libfwbuilder/src/fwcompiler/NATCompiler.h b/src/libfwbuilder/src/fwcompiler/NATCompiler.h index 4c8a34528..e97f17b16 100644 --- a/src/libfwbuilder/src/fwcompiler/NATCompiler.h +++ b/src/libfwbuilder/src/fwcompiler/NATCompiler.h @@ -186,25 +186,69 @@ namespace fwcompiler { */ DECLARE_NAT_RULE_PROCESSOR(ConvertToAtomic); + /** + * single object negation in OSrc + */ + class singleObjectNegationOSrc : public singleObjectNegation + { + public: + singleObjectNegationOSrc(const std::string &n): + singleObjectNegation(n,libfwbuilder::RuleElementOSrc::TYPENAME) + {} + }; + + /** + * single object negation in ODst + */ + class singleObjectNegationODst : public Compiler::singleObjectNegation + { + public: + singleObjectNegationODst(const std::string &n): + singleObjectNegation(n,libfwbuilder::RuleElementODst::TYPENAME) + {} + }; + + /** + * single object negation in ItfInb + */ + class singleObjectNegationItfInb : public Compiler::singleObjectNegation + { + public: + singleObjectNegationItfInb(const std::string &n): + singleObjectNegation(n,libfwbuilder::RuleElementItfInb::TYPENAME) + {} + }; + + /** + * single object negation in ItfOutb + */ + class singleObjectNegationItfOutb : public Compiler::singleObjectNegation + { + public: + singleObjectNegationItfOutb(const std::string &n): + singleObjectNegation(n,libfwbuilder::RuleElementItfOutb::TYPENAME) + {} + }; + /** * processes rules with negation in ItfOutb */ - class ItfOutbNegation : public Compiler::interfaceNegationInRE + class ItfOutbNegation : public Compiler::fullInterfaceNegationInRE { public: ItfOutbNegation(const std::string &name) : - interfaceNegationInRE( + fullInterfaceNegationInRE( name, libfwbuilder::RuleElementItfOutb::TYPENAME) {} }; /** * processes rules with negation in ItfInb */ - class ItfInbNegation : public Compiler::interfaceNegationInRE + class ItfInbNegation : public Compiler::fullInterfaceNegationInRE { public: ItfInbNegation(const std::string &name) : - interfaceNegationInRE( + fullInterfaceNegationInRE( name, libfwbuilder::RuleElementItfInb::TYPENAME) {} }; diff --git a/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h b/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h index 310ba1d11..ce87e92bf 100644 --- a/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h +++ b/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h @@ -207,15 +207,50 @@ namespace fwcompiler { }; + /** + * single object negation in Src + */ + class singleObjectNegationSrc : public singleObjectNegation + { + public: + singleObjectNegationSrc(const std::string &n): + singleObjectNegation(n, libfwbuilder::RuleElementSrc::TYPENAME) + {} + }; + + /** + * single object negation in Dst + */ + class singleObjectNegationDst : public Compiler::singleObjectNegation + { + public: + singleObjectNegationDst(const std::string &n): + singleObjectNegation(n, libfwbuilder::RuleElementDst::TYPENAME) + {} + }; + + /** + * single object negation in Itf + */ + class singleObjectNegationItf : public Compiler::singleObjectNegation + { + public: + singleObjectNegationItf(const std::string &n): + singleObjectNegation(n, libfwbuilder::RuleElementItf::TYPENAME) + {} + }; + /** - * processes rules with negation in Itf + * processes rules with negation in Itf. + * Compiler::fullInterfaceNegationInRE replaces interface object + * with a set of "other" interfaces of the firewall. */ - class ItfNegation : public Compiler::interfaceNegationInRE + class ItfNegation : public Compiler::fullInterfaceNegationInRE { public: ItfNegation(const std::string &name) : - interfaceNegationInRE( + fullInterfaceNegationInRE( name, libfwbuilder::RuleElementItf::TYPENAME) {} }; diff --git a/src/pflib/NATCompiler_pf.cpp b/src/pflib/NATCompiler_pf.cpp index 7b94e03ae..f56ccfc10 100644 --- a/src/pflib/NATCompiler_pf.cpp +++ b/src/pflib/NATCompiler_pf.cpp @@ -1215,6 +1215,8 @@ void NATCompiler_pf::compile() add(new replaceClusterInterfaceInItfOutb( "replace cluster interfaces with member interfaces in " "the Interface rule element")); + add(new singleObjectNegationItfOutb( + "process single object negation in inbound Itf")); add(new ItfOutbNegation("process negation in Itf")); add( new recursiveGroupsInOSrc("check for recursive groups in OSRC") ); diff --git a/src/pflib/NATCompiler_pf_writers.cpp b/src/pflib/NATCompiler_pf_writers.cpp index 5d3b416ed..7b199fe61 100644 --- a/src/pflib/NATCompiler_pf_writers.cpp +++ b/src/pflib/NATCompiler_pf_writers.cpp @@ -68,7 +68,7 @@ void NATCompiler_pf::PrintRule::_printInterface(NATRule *rule) RuleElementItf *intf_re = rule->getItfOutb(); QStringList rule_interfaces; - if (!intf_re->isAny()) + if ( ! intf_re->isAny()) { for (FWObject::iterator it=intf_re->begin(); it!=intf_re->end(); ++it) { @@ -81,6 +81,7 @@ void NATCompiler_pf::PrintRule::_printInterface(NATRule *rule) rule_interfaces.push_back("}"); } compiler->output << "on " + << string((intf_re->getBool("single_object_negation")) ? "! " : " ") << rule_interfaces.join(" ").toStdString() << " "; } diff --git a/test/ipt/cluster1_secuwall-1.fw.orig b/test/ipt/cluster1_secuwall-1.fw.orig index 1ceb38c04..50947d06d 100755 --- a/test/ipt/cluster1_secuwall-1.fw.orig +++ b/test/ipt/cluster1_secuwall-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:20 2011 PDT by vadim +# Generated Fri Jun 3 17:29:47 2011 PDT by vadim # # files: * cluster1_secuwall-1.fw /etc/cluster1_secuwall-1.fw # @@ -336,7 +336,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 # # Rule 1 (NAT) # @@ -609,7 +609,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:20 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:47 2011 by vadim" log "Database was cluster-tests.fwb" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-base-rulesets.fw.orig b/test/ipt/firewall-base-rulesets.fw.orig index d96d2d797..49d196440 100755 --- a/test/ipt/firewall-base-rulesets.fw.orig +++ b/test/ipt/firewall-base-rulesets.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:25 2011 PDT by vadim +# Generated Fri Jun 3 17:28:56 2011 PDT by vadim # # files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw # @@ -466,7 +466,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:25 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:56 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-1.fw.orig b/test/ipt/firewall-ipv6-1.fw.orig index eca0fe218..e169b3d77 100755 --- a/test/ipt/firewall-ipv6-1.fw.orig +++ b/test/ipt/firewall-ipv6-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:30 2011 PDT by vadim +# Generated Fri Jun 3 17:29:07 2011 PDT by vadim # # files: * firewall-ipv6-1.fw /etc/firewall-ipv6-1.fw # @@ -723,7 +723,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:30 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:07 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-2.fw.orig b/test/ipt/firewall-ipv6-2.fw.orig index 06f3d0003..f4f1b445b 100755 --- a/test/ipt/firewall-ipv6-2.fw.orig +++ b/test/ipt/firewall-ipv6-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:31 2011 PDT by vadim +# Generated Fri Jun 3 17:29:07 2011 PDT by vadim # # files: * firewall-ipv6-2.fw /etc/firewall-ipv6-2.fw # @@ -987,7 +987,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:31 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:07 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-3.fw.orig b/test/ipt/firewall-ipv6-3.fw.orig index f27a7476d..6753263f9 100755 --- a/test/ipt/firewall-ipv6-3.fw.orig +++ b/test/ipt/firewall-ipv6-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:36 2011 PDT by vadim +# Generated Fri Jun 3 17:29:17 2011 PDT by vadim # # files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw # @@ -347,7 +347,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 @@ -617,7 +617,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:36 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:17 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-4-1.fw.orig b/test/ipt/firewall-ipv6-4-1.fw.orig index e8e4c6bbc..71d15b585 100755 --- a/test/ipt/firewall-ipv6-4-1.fw.orig +++ b/test/ipt/firewall-ipv6-4-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:41 2011 PDT by vadim +# Generated Fri Jun 3 17:29:28 2011 PDT by vadim # # files: * firewall-ipv6-4-1.fw /etc/firewall-ipv6-4-1.fw # @@ -425,7 +425,7 @@ script_body() { echo :OUTPUT ACCEPT [0:0] # # Rule 0 (NAT) - echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j MASQUERADE " + echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j MASQUERADE " # echo COMMIT @@ -500,7 +500,7 @@ script_body() { echo :OUTPUT ACCEPT [0:0] # # Rule 0 (NAT) - echo "-A POSTROUTING -o eth1 -s fe80::/64 -j MASQUERADE " + echo "-A POSTROUTING -o eth1 -s fe80::/64 -j MASQUERADE " # echo COMMIT @@ -568,7 +568,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:41 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:28 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-4.fw.orig b/test/ipt/firewall-ipv6-4.fw.orig index 2e82bb2a8..6e5e137fd 100755 --- a/test/ipt/firewall-ipv6-4.fw.orig +++ b/test/ipt/firewall-ipv6-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:36 2011 PDT by vadim +# Generated Fri Jun 3 17:29:17 2011 PDT by vadim # # files: * firewall-ipv6-4.fw /etc/firewall-ipv6-4.fw # @@ -456,7 +456,7 @@ script_body() { echo :OUTPUT ACCEPT [0:0] # # Rule 0 (NAT) - echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j MASQUERADE " + echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j MASQUERADE " # echo COMMIT @@ -536,7 +536,7 @@ script_body() { echo :OUTPUT ACCEPT [0:0] # # Rule 0 (NAT) - echo "-A POSTROUTING -o eth1 -s fe80::/64 -j MASQUERADE " + echo "-A POSTROUTING -o eth1 -s fe80::/64 -j MASQUERADE " # echo COMMIT @@ -604,7 +604,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:36 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:17 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-5.fw.orig b/test/ipt/firewall-ipv6-5.fw.orig index 5be080249..60f803492 100755 --- a/test/ipt/firewall-ipv6-5.fw.orig +++ b/test/ipt/firewall-ipv6-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:40 2011 PDT by vadim +# Generated Fri Jun 3 17:29:19 2011 PDT by vadim # # files: * firewall-ipv6-5.fw /etc/firewall-ipv6-5.fw # @@ -433,7 +433,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:40 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:19 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-6.fw.orig b/test/ipt/firewall-ipv6-6.fw.orig index b14aba8a5..f87964c43 100755 --- a/test/ipt/firewall-ipv6-6.fw.orig +++ b/test/ipt/firewall-ipv6-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:44 2011 PDT by vadim +# Generated Fri Jun 3 17:29:21 2011 PDT by vadim # # files: * firewall-ipv6-6.fw /etc/firewall-ipv6-6.fw # @@ -422,7 +422,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:44 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:21 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-7.fw.orig b/test/ipt/firewall-ipv6-7.fw.orig index a366b49ea..385cef703 100755 --- a/test/ipt/firewall-ipv6-7.fw.orig +++ b/test/ipt/firewall-ipv6-7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:45 2011 PDT by vadim +# Generated Fri Jun 3 17:29:23 2011 PDT by vadim # # files: * firewall-ipv6-7.fw /etc/firewall-ipv6-7.fw # @@ -466,7 +466,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:45 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:23 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-8.fw.orig b/test/ipt/firewall-ipv6-8.fw.orig index ed94cd6c4..0797b0dfa 100755 --- a/test/ipt/firewall-ipv6-8.fw.orig +++ b/test/ipt/firewall-ipv6-8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:47 2011 PDT by vadim +# Generated Fri Jun 3 17:29:24 2011 PDT by vadim # # files: * firewall-ipv6-8.fw /etc/firewall-ipv6-8.fw # @@ -539,7 +539,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:47 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:24 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig index a37791c74..86b5a7be1 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:49 2011 PDT by vadim +# Generated Fri Jun 3 17:29:26 2011 PDT by vadim # # files: * firewall-ipv6-ipt-reset-prolog-after-flush.fw /etc/firewall-ipv6-ipt-reset-prolog-after-flush.fw # @@ -356,7 +356,7 @@ script_body() { echo :OUTPUT ACCEPT [0:0] # # Rule 0 (NAT) - echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 " + echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 " # echo COMMIT @@ -463,7 +463,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:49 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:26 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig index a1eb41ab7..31243227b 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:52 2011 PDT by vadim +# Generated Fri Jun 3 17:29:28 2011 PDT by vadim # # files: * firewall-ipv6-ipt-reset-prolog-after-interfaces.fw /etc/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw # @@ -356,7 +356,7 @@ script_body() { echo :OUTPUT ACCEPT [0:0] # # Rule 0 (NAT) - echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 " + echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 " # echo COMMIT @@ -463,7 +463,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:52 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:28 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig index 7b3ea7652..c73bb9dd2 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:53 2011 PDT by vadim +# Generated Fri Jun 3 17:29:30 2011 PDT by vadim # # files: * firewall-ipv6-ipt-reset-prolog-top.fw /etc/firewall-ipv6-ipt-reset-prolog-top.fw # @@ -356,7 +356,7 @@ script_body() { echo :OUTPUT ACCEPT [0:0] # # Rule 0 (NAT) - echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 " + echo "-A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 " # echo COMMIT @@ -463,7 +463,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:53 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:30 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-nd-ns-1.fw.orig b/test/ipt/firewall-ipv6-nd-ns-1.fw.orig index cc2563f6b..53069be1e 100755 --- a/test/ipt/firewall-ipv6-nd-ns-1.fw.orig +++ b/test/ipt/firewall-ipv6-nd-ns-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:56 2011 PDT by vadim +# Generated Fri Jun 3 17:29:30 2011 PDT by vadim # # files: * firewall-ipv6-nd-ns-1.fw /etc/firewall-ipv6-nd-ns-1.fw # @@ -463,7 +463,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:56 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:30 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-nd-ns-2.fw.orig b/test/ipt/firewall-ipv6-nd-ns-2.fw.orig index 525943567..10049839a 100755 --- a/test/ipt/firewall-ipv6-nd-ns-2.fw.orig +++ b/test/ipt/firewall-ipv6-nd-ns-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:57 2011 PDT by vadim +# Generated Fri Jun 3 17:29:33 2011 PDT by vadim # # files: * firewall-ipv6-nd-ns-2.fw /etc/firewall-ipv6-nd-ns-2.fw # @@ -467,7 +467,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:57 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:33 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig b/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig index b96b11a4c..5f21c436e 100755 --- a/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:59 2011 PDT by vadim +# Generated Fri Jun 3 17:29:33 2011 PDT by vadim # # files: * firewall-ipv6-prolog-after-flush.fw /etc/firewall-ipv6-prolog-after-flush.fw # @@ -338,7 +338,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 @@ -441,7 +441,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:59 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:33 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig b/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig index 9b077ee0a..6d6274348 100755 --- a/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:00 2011 PDT by vadim +# Generated Fri Jun 3 17:29:35 2011 PDT by vadim # # files: * firewall-ipv6-prolog-after-interfaces.fw /etc/firewall-ipv6-prolog-after-interfaces.fw # @@ -338,7 +338,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 @@ -441,7 +441,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:00 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:35 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-top.fw.orig b/test/ipt/firewall-ipv6-prolog-top.fw.orig index 89df16c58..e7fe93feb 100755 --- a/test/ipt/firewall-ipv6-prolog-top.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-top.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:03 2011 PDT by vadim +# Generated Fri Jun 3 17:29:35 2011 PDT by vadim # # files: * firewall-ipv6-prolog-top.fw /etc/firewall-ipv6-prolog-top.fw # @@ -338,7 +338,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 1.1.1.0/24 -j SNAT --to-source 22.22.22.22 @@ -441,7 +441,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:03 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:35 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-server-1-s.fw.orig b/test/ipt/firewall-server-1-s.fw.orig index 50032af01..bed20d93f 100755 --- a/test/ipt/firewall-server-1-s.fw.orig +++ b/test/ipt/firewall-server-1-s.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:04 2011 PDT by vadim +# Generated Fri Jun 3 17:29:37 2011 PDT by vadim # # files: * firewall-server-1-s.fw /etc/fw/firewall-server-1-s.fw # @@ -414,7 +414,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:04 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:37 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall.fw.orig b/test/ipt/firewall.fw.orig index 2b636b8f9..03e13f936 100755 --- a/test/ipt/firewall.fw.orig +++ b/test/ipt/firewall.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:24 2011 PDT by vadim +# Generated Fri Jun 3 17:27:07 2011 PDT by vadim # # files: * firewall.fw /etc/fw/firewall.fw # @@ -379,7 +379,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.222 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.222 # # Rule 1 (NAT) # @@ -393,27 +393,27 @@ script_body() { # # firewall:NAT:2: warning: Adding of virtual address for address range is not implemented (object r-222.222.222.0) - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10/31 -j SNAT --to-source 222.222.222.10-222.222.222.100 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.12/30 -j SNAT --to-source 222.222.222.10-222.222.222.100 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.16/28 -j SNAT --to-source 222.222.222.10-222.222.222.100 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.32/27 -j SNAT --to-source 222.222.222.10-222.222.222.100 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.64/27 -j SNAT --to-source 222.222.222.10-222.222.222.100 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.96/30 -j SNAT --to-source 222.222.222.10-222.222.222.100 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.100 -j SNAT --to-source 222.222.222.10-222.222.222.100 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10/31 -j SNAT --to-source 222.222.222.10-222.222.222.100 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.12/30 -j SNAT --to-source 222.222.222.10-222.222.222.100 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.16/28 -j SNAT --to-source 222.222.222.10-222.222.222.100 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.32/27 -j SNAT --to-source 222.222.222.10-222.222.222.100 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.64/27 -j SNAT --to-source 222.222.222.10-222.222.222.100 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.96/30 -j SNAT --to-source 222.222.222.10-222.222.222.100 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.100 -j SNAT --to-source 222.222.222.10-222.222.222.100 # # Rule 4 (NAT) # echo "Rule 4 (NAT)" # $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.20 --dport 80 -j DNAT --to-destination :3128 - $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s 192.168.1.0/24 --dport 3128 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s 192.168.1.0/24 --dport 3128 -j SNAT --to-source 192.168.1.1 # # Rule 5 (NAT) # echo "Rule 5 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 22.22.22.23 --dport 4000:4010 -j SNAT --to-source 192.168.1.10 - $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 22.22.22.23 --dport 3128 -j SNAT --to-source 192.168.1.10 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 22.22.22.23 --dport 4000:4010 -j SNAT --to-source 192.168.1.10 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 22.22.22.23 --dport 3128 -j SNAT --to-source 192.168.1.10 # # Rule 6 (NAT) # @@ -447,7 +447,7 @@ script_body() { # echo "Rule 10 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --sport 1000:1010 -j SNAT --to-source 222.222.222.222:1000-1010 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --sport 1000:1010 -j SNAT --to-source 222.222.222.222:1000-1010 # # Rule 11 (NAT) # @@ -455,7 +455,7 @@ script_body() { # # firewall:NAT:11: warning: SNAT rule can not match MAC address. Object CA(host-with-mac-1:1) removed from the rule - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 25 -j SNAT --to-source 222.222.222.222 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 25 -j SNAT --to-source 222.222.222.222 # # Rule 12 (NAT) # @@ -503,7 +503,7 @@ script_body() { # firewall:NAT:16: warning: SNAT rule can not match MAC address. Object CA(host-with-mac-1:1) removed from the rule $IPTABLES -t nat -N Cid445F52DE31658.0 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j Cid445F52DE31658.0 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j Cid445F52DE31658.0 $IPTABLES -t nat -A Cid445F52DE31658.0 -d 61.150.47.112 -j RETURN $IPTABLES -t nat -A Cid445F52DE31658.0 -d 223.223.223.223 -j RETURN $IPTABLES -t nat -A Cid445F52DE31658.0 -p tcp -m tcp --dport 80 -j SNAT --to-source 222.222.222.222 @@ -533,7 +533,7 @@ script_body() { # echo "Rule 20 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 4000:4010 -j SNAT --to-source 222.222.222.222 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 4000:4010 -j SNAT --to-source 222.222.222.222 # # Rule 21 (NAT) # @@ -1397,7 +1397,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:24 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:07 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall1.fw.orig b/test/ipt/firewall1.fw.orig index e81081066..b445a0536 100755 --- a/test/ipt/firewall1.fw.orig +++ b/test/ipt/firewall1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:27 2011 PDT by vadim +# Generated Fri Jun 3 17:27:08 2011 PDT by vadim # # files: * firewall1.fw /etc/fw/firewall1.fw # @@ -334,57 +334,57 @@ script_body() { # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s ! 192.168.1.0/24 -d 200.200.200.200 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s ! 192.168.1.0/24 -d 200.200.200.200 -j SNAT --to-source 22.22.22.23 # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s ! 192.168.1.0/24 -d 200.200.200.200 --dport 80 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s ! 192.168.1.0/24 -d 200.200.200.200 --dport 80 -j SNAT --to-source 22.22.22.23 # # Rule 4 (NAT) # echo "Rule 4 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 # # Rule 5 (NAT) # echo "Rule 5 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 # # Rule 6 (NAT) # echo "Rule 6 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 22.22.23.23 # # Rule 7 (NAT) # echo "Rule 7 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 # # Rule 8 (NAT) # echo "Rule 8 (NAT)" # $IPTABLES -t nat -N Cid3CCA1B57.0 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid3CCA1B57.0 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j Cid3CCA1B57.0 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j Cid3CCA1B57.0 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid3CCA1B57.0 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j Cid3CCA1B57.0 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j Cid3CCA1B57.0 $IPTABLES -t nat -A Cid3CCA1B57.0 -d 192.168.1.0/24 -j RETURN $IPTABLES -t nat -A Cid3CCA1B57.0 -d 192.168.2.0/24 -j RETURN $IPTABLES -t nat -A Cid3CCA1B57.0 -j SNAT --to-source 22.22.22.22 @@ -396,9 +396,9 @@ script_body() { echo "Rule 9 (NAT)" # $IPTABLES -t nat -N Cid3EB38983.0 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid3EB38983.0 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j Cid3EB38983.0 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j Cid3EB38983.0 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid3EB38983.0 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j Cid3EB38983.0 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j Cid3EB38983.0 $IPTABLES -t nat -A Cid3EB38983.0 -d 192.168.1.0/24 -j RETURN $IPTABLES -t nat -A Cid3EB38983.0 -d 192.168.2.0/24 -j RETURN $IPTABLES -t nat -A Cid3EB38983.0 -j SNAT --to-source 22.22.22.22 @@ -409,9 +409,9 @@ script_body() { # echo "Rule 10 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s ! 192.168.2.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s ! 192.168.2.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth0 -s ! 192.168.2.0/24 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s ! 192.168.2.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s ! 192.168.2.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s ! 192.168.2.0/24 -j SNAT --to-source 192.168.1.1 # # Rule 11 (NAT) # @@ -1269,7 +1269,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:27 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:08 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall10.fw.orig b/test/ipt/firewall10.fw.orig index 631b71454..6aa85c605 100755 --- a/test/ipt/firewall10.fw.orig +++ b/test/ipt/firewall10.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:27 2011 PDT by vadim +# Generated Fri Jun 3 17:27:08 2011 PDT by vadim # # files: * firewall10.fw /etc/fw/firewall10.fw # @@ -494,7 +494,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:27 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:08 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall11.fw.orig b/test/ipt/firewall11.fw.orig index 20b837751..3a130b82f 100755 --- a/test/ipt/firewall11.fw.orig +++ b/test/ipt/firewall11.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:32 2011 PDT by vadim +# Generated Fri Jun 3 17:27:11 2011 PDT by vadim # # files: * firewall11.fw /etc/fw/firewall11.fw # @@ -329,9 +329,9 @@ script_body() { # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o br0 -s 192.168.1.0/24 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 10.1.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o br0 -s 192.168.1.0/24 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 10.1.1.1 # # Rule 2 (NAT) # @@ -342,7 +342,7 @@ script_body() { # source port translation and dynamic interface for i_br0 in $i_br0_list do - test -n "$i_br0" && $IPTABLES -t nat -A POSTROUTING -o br0 -p tcp -m tcp -s 192.168.1.0/24 --sport 1000:1010 -j SNAT --to-source $i_br0:1000-1010 + test -n "$i_br0" && $IPTABLES -t nat -A POSTROUTING -o br0 -p tcp -m tcp -s 192.168.1.0/24 --sport 1000:1010 -j SNAT --to-source $i_br0:1000-1010 done # # Rule 3 (NAT) @@ -614,7 +614,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:32 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:11 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall12.fw.orig b/test/ipt/firewall12.fw.orig index fbaeb7d07..d526b7538 100755 --- a/test/ipt/firewall12.fw.orig +++ b/test/ipt/firewall12.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:32 2011 PDT by vadim +# Generated Fri Jun 3 17:27:11 2011 PDT by vadim # # files: * firewall12.fw /etc/fw/firewall12.fw # @@ -389,13 +389,13 @@ script_body() { echo "Rule 7 (NAT)" # # port-only translation - $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp --sport 6767 -j SNAT --to-source :67 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp --sport 6767 -j SNAT --to-source :67 # # Rule 8 (NAT) # echo "Rule 8 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp --sport 6767 -j SNAT --to-source 22.22.23.22:67 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp --sport 6767 -j SNAT --to-source 22.22.23.22:67 # # Rule 9 (NAT) # @@ -417,8 +417,8 @@ script_body() { # SDNAT $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.0.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10 $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10 - $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.0.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.0.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.168.1.1 # # Rule 12 (NAT) # @@ -427,8 +427,8 @@ script_body() { # SDNAT with source port $IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10 $IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.168.1.1 -j DNAT --to-destination 192.168.1.10 - $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.0.2.1:5050 - $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1:5050 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.0.2.1:5050 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1:5050 # # Rule 13 (NAT) # @@ -436,8 +436,8 @@ script_body() { # # SDNAT with dest port $IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --dport 53 -j DNAT --to-destination 192.168.1.10:1053 - $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.0.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.0.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1 # # Rule 14 (NAT) # @@ -447,14 +447,14 @@ script_body() { # translate src and dst addresses # and src and dst ports $IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --sport 1024:65535 --dport 53 -j DNAT --to-destination 192.168.1.10:1053 - $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.0.2.1:32767-65535 - $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1:32767-65535 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.0.2.1:32767-65535 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1:32767-65535 # # Rule 15 (NAT) # echo "Rule 15 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 --dport 53 -j SNAT --to-source :5050 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 --dport 53 -j SNAT --to-source :5050 @@ -532,7 +532,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:32 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:11 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall13.fw.orig b/test/ipt/firewall13.fw.orig index f7e669ed0..50091ad90 100755 --- a/test/ipt/firewall13.fw.orig +++ b/test/ipt/firewall13.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:37 2011 PDT by vadim +# Generated Fri Jun 3 17:27:14 2011 PDT by vadim # # files: * firewall13.fw /etc/fw/firewall13.fw # @@ -406,7 +406,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:37 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:14 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall14.fw.orig b/test/ipt/firewall14.fw.orig index 000200da3..cd3dfdede 100755 --- a/test/ipt/firewall14.fw.orig +++ b/test/ipt/firewall14.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:37 2011 PDT by vadim +# Generated Fri Jun 3 17:27:14 2011 PDT by vadim # # files: * firewall14.fw /etc/fw/firewall14.fw # @@ -331,45 +331,45 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.160 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.160 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 22.22.23.128/25 -j SNAT --to-source 22.22.23.160 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 22.22.23.128/25 -j SNAT --to-source 22.22.23.160 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.132 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.132 # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.132 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.132 # # Rule 4 (NAT) # echo "Rule 4 (NAT)" # # I guess this rule does not make much sense - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.160 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.160 # # Rule 5 (NAT) # echo "Rule 5 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.22 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.22 # # Rule 6 (NAT) # echo "Rule 6 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.40 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 22.22.23.128/25 -j SNAT --to-source 22.22.23.40 } ip_forward() { @@ -425,7 +425,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:37 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:14 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall15.fw.orig b/test/ipt/firewall15.fw.orig index ab64c61e6..87358f7d9 100755 --- a/test/ipt/firewall15.fw.orig +++ b/test/ipt/firewall15.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:42 2011 PDT by vadim +# Generated Fri Jun 3 17:27:16 2011 PDT by vadim # # files: * firewall15.fw /etc/fw/firewall15.fw # @@ -409,7 +409,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:42 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:16 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall16.fw.orig b/test/ipt/firewall16.fw.orig index e6240b984..7700e00d5 100755 --- a/test/ipt/firewall16.fw.orig +++ b/test/ipt/firewall16.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:42 2011 PDT by vadim +# Generated Fri Jun 3 17:27:16 2011 PDT by vadim # # files: * firewall16.fw /etc/fw/firewall16.fw # @@ -346,8 +346,8 @@ script_body() { # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 # # Rule 2 (NAT) # @@ -378,30 +378,30 @@ script_body() { # echo "Rule 6 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 22.22.23.22 -j SNAT --to-source 22.22.23.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.22 -j SNAT --to-source 22.22.23.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 22.22.23.22 -j SNAT --to-source 22.22.23.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.22 -j SNAT --to-source 22.22.23.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22 # # Rule 7 (NAT) # echo "Rule 7 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 22.22.23.22 -j SNAT --to-source 22.22.23.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.22 -j SNAT --to-source 22.22.23.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 22.22.23.22 -j SNAT --to-source 22.22.23.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.22 -j SNAT --to-source 22.22.23.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22 # # Rule 8 (NAT) # echo "Rule 8 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22 # # Rule 9 (NAT) # echo "Rule 9 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22 # # Rule 10 (NAT) # @@ -513,7 +513,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:42 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:16 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall17.fw.orig b/test/ipt/firewall17.fw.orig index 9c636b052..32d30acba 100755 --- a/test/ipt/firewall17.fw.orig +++ b/test/ipt/firewall17.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:46 2011 PDT by vadim +# Generated Fri Jun 3 17:27:19 2011 PDT by vadim # # files: * firewall17.fw /etc/fw/firewall17.fw # @@ -331,14 +331,14 @@ script_body() { echo "Rule 0 (NAT)" # # compiler should add "-o eth2" - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.33 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.33 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # # compiler should add "-o eth2" - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 44.44.44.44 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 44.44.44.44 @@ -492,7 +492,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:46 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:19 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall18.fw.orig b/test/ipt/firewall18.fw.orig index 96a457189..4c8bcaabf 100755 --- a/test/ipt/firewall18.fw.orig +++ b/test/ipt/firewall18.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:46 2011 PDT by vadim +# Generated Fri Jun 3 17:27:19 2011 PDT by vadim # # files: * firewall18.fw /etc/fw/firewall18.fw # @@ -343,11 +343,11 @@ script_body() { # for i_ppp0 in $i_ppp0_list do - test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o eth1 -s $i_ppp0 -j SNAT --to-source 66.66.66.130 + test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o eth1 -s $i_ppp0 -j SNAT --to-source 66.66.66.130 done - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.1 -j SNAT --to-source 66.66.66.130 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.130 -j SNAT --to-source 66.66.66.130 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.1 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.1 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.130 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.1 -j SNAT --to-source 66.66.66.130 # # Rule 1 (NAT) # @@ -355,23 +355,23 @@ script_body() { # for i_ppp0 in $i_ppp0_list do - test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o eth1 -s $i_ppp0 -j SNAT --to-source 66.66.66.130 + test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o eth1 -s $i_ppp0 -j SNAT --to-source 66.66.66.130 done - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.1 -j SNAT --to-source 66.66.66.130 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.130 -j SNAT --to-source 66.66.66.130 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.1 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.1 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 66.66.66.130 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.1 -j SNAT --to-source 66.66.66.130 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130 # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130 # # Rule 4 (NAT) # @@ -379,32 +379,32 @@ script_body() { # for i_ppp0 in $i_ppp0_list do - test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o eth+ -s $i_ppp0 -j SNAT --to-source 66.66.66.130 + test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o eth+ -s $i_ppp0 -j SNAT --to-source 66.66.66.130 done for i_ppp0 in $i_ppp0_list do - test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o ppp+ -s $i_ppp0 -j SNAT --to-source 66.66.66.130 + test -n "$i_ppp0" && $IPTABLES -t nat -A POSTROUTING -o ppp+ -s $i_ppp0 -j SNAT --to-source 66.66.66.130 done - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130 - $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 66.66.66.130 -j SNAT --to-source 66.66.66.130 - $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 66.66.66.130 -j SNAT --to-source 66.66.66.130 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.1 -j SNAT --to-source 66.66.66.130 - $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.1 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 66.66.66.130 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 66.66.66.130 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.1 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.1 -j SNAT --to-source 66.66.66.130 # # Rule 5 (NAT) # echo "Rule 5 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130 - $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 66.66.66.130 # # Rule 6 (NAT) # echo "Rule 6 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130 - $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130 + $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 66.66.66.1 -j SNAT --to-source 66.66.66.130 @@ -527,7 +527,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:46 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:19 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall19.fw.orig b/test/ipt/firewall19.fw.orig index faa1c3dd4..aa5e1d547 100755 --- a/test/ipt/firewall19.fw.orig +++ b/test/ipt/firewall19.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:51 2011 PDT by vadim +# Generated Fri Jun 3 17:27:21 2011 PDT by vadim # # files: * firewall19.fw /etc/fw/firewall19.fw # @@ -531,7 +531,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:51 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:21 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall2-1.fw.orig b/test/ipt/firewall2-1.fw.orig index f803b046d..a38ae76ce 100755 --- a/test/ipt/firewall2-1.fw.orig +++ b/test/ipt/firewall2-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:04 2011 PDT by vadim +# Generated Fri Jun 3 17:27:30 2011 PDT by vadim # # files: * firewall2-1.fw /etc/fw/firewall2-1.fw # @@ -361,120 +361,120 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 # # Rule 4 (NAT) # echo "Rule 4 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 # # Rule 5 (NAT) # echo "Rule 5 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 # # Rule 6 (NAT) # echo "Rule 6 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 # # Rule 7 (NAT) # echo "Rule 7 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25 # # Rule 8 (NAT) # echo "Rule 8 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1 # # Rule 9 (NAT) # @@ -580,7 +580,7 @@ script_body() { # echo "Rule 18 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24 # # Rule 19 (NAT) # @@ -595,7 +595,7 @@ script_body() { # # firewall2-1:NAT:20: warning: Adding of virtual address for address range is not implemented (object ext_range) - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110 # # Rule 21 (NAT) # @@ -638,7 +638,7 @@ script_body() { $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10 $IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10 $IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1 # # Rule 25 (NAT) # @@ -703,7 +703,7 @@ script_body() { # echo "Rule 33 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 34 (NAT) # @@ -712,7 +712,7 @@ script_body() { $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128 $IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128 $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 # # Rule 35 (NAT) # @@ -730,7 +730,7 @@ script_body() { echo "Rule 36 (NAT)" # $IPTABLES -t nat -N Cid31949X1798.1 - $IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid31949X1798.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid31949X1798.1 $IPTABLES -t nat -A Cid31949X1798.1 -s 192.168.1.10 -j RETURN $IPTABLES -t nat -A Cid31949X1798.1 -s 192.168.1.20 -j RETURN $IPTABLES -t nat -N Cid31949X1798.0 @@ -743,7 +743,7 @@ script_body() { echo "Rule 37 (NAT)" # $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 # # Rule 38 (NAT) # @@ -751,8 +751,8 @@ script_body() { # # this is the "exception" rule # used in support req. originally - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 39 (NAT) # @@ -766,8 +766,8 @@ script_body() { # # "exception" rule in the pair # from a support req. - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 41 (NAT) # @@ -813,8 +813,8 @@ script_body() { # # "exception" rule in the pair # from a support req. - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 45 (NAT) # @@ -1451,7 +1451,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:04 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:30 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-2.fw.orig b/test/ipt/firewall2-2.fw.orig index 1c0caef4d..4e6c7b405 100755 --- a/test/ipt/firewall2-2.fw.orig +++ b/test/ipt/firewall2-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:09 2011 PDT by vadim +# Generated Fri Jun 3 17:27:33 2011 PDT by vadim # # files: * firewall2-2.fw /etc/fw/firewall2-2.fw # @@ -360,120 +360,120 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 # # Rule 4 (NAT) # echo "Rule 4 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 # # Rule 5 (NAT) # echo "Rule 5 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 # # Rule 6 (NAT) # echo "Rule 6 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 # # Rule 7 (NAT) # echo "Rule 7 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25 # # Rule 8 (NAT) # echo "Rule 8 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1 # # Rule 9 (NAT) # @@ -579,7 +579,7 @@ script_body() { # echo "Rule 18 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24 # # Rule 19 (NAT) # @@ -594,7 +594,7 @@ script_body() { # # firewall2-2:NAT:20: warning: Adding of virtual address for address range is not implemented (object ext_range) - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110 # # Rule 21 (NAT) # @@ -637,7 +637,7 @@ script_body() { $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10 $IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10 $IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1 # # Rule 25 (NAT) # @@ -702,7 +702,7 @@ script_body() { # echo "Rule 33 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 34 (NAT) # @@ -711,7 +711,7 @@ script_body() { $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128 $IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128 $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 # # Rule 35 (NAT) # @@ -729,7 +729,7 @@ script_body() { echo "Rule 36 (NAT)" # $IPTABLES -t nat -N Cid32905X1798.1 - $IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid32905X1798.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid32905X1798.1 $IPTABLES -t nat -A Cid32905X1798.1 -s 192.168.1.10 -j RETURN $IPTABLES -t nat -A Cid32905X1798.1 -s 192.168.1.20 -j RETURN $IPTABLES -t nat -N Cid32905X1798.0 @@ -742,7 +742,7 @@ script_body() { echo "Rule 37 (NAT)" # $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 # # Rule 38 (NAT) # @@ -750,8 +750,8 @@ script_body() { # # this is the "exception" rule # used in support req. originally - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 39 (NAT) # @@ -765,8 +765,8 @@ script_body() { # # "exception" rule in the pair # from a support req. - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 41 (NAT) # @@ -812,8 +812,8 @@ script_body() { # # "exception" rule in the pair # from a support req. - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 45 (NAT) # @@ -1280,7 +1280,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:09 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:33 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-3.fw.orig b/test/ipt/firewall2-3.fw.orig index 6dfad128c..c4a69ed5e 100755 --- a/test/ipt/firewall2-3.fw.orig +++ b/test/ipt/firewall2-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:13 2011 PDT by vadim +# Generated Fri Jun 3 17:27:35 2011 PDT by vadim # # files: * firewall2-3.fw /etc/fw/firewall2-3.fw # @@ -345,120 +345,120 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 # # Rule 4 (NAT) # echo "Rule 4 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 # # Rule 5 (NAT) # echo "Rule 5 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 # # Rule 6 (NAT) # echo "Rule 6 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 # # Rule 7 (NAT) # echo "Rule 7 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25 # # Rule 8 (NAT) # echo "Rule 8 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1 # # Rule 9 (NAT) # @@ -564,7 +564,7 @@ script_body() { # echo "Rule 18 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24 # # Rule 19 (NAT) # @@ -579,7 +579,7 @@ script_body() { # # firewall2-3:NAT:20: warning: Adding of virtual address for address range is not implemented (object ext_range) - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110 # # Rule 21 (NAT) # @@ -622,7 +622,7 @@ script_body() { $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10 $IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10 $IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1 # # Rule 25 (NAT) # @@ -687,7 +687,7 @@ script_body() { # echo "Rule 33 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 34 (NAT) # @@ -696,7 +696,7 @@ script_body() { $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128 $IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128 $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 # # Rule 35 (NAT) # @@ -714,7 +714,7 @@ script_body() { echo "Rule 36 (NAT)" # $IPTABLES -t nat -N Cid35898X1833.1 - $IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid35898X1833.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid35898X1833.1 $IPTABLES -t nat -A Cid35898X1833.1 -s 192.168.1.10 -j RETURN $IPTABLES -t nat -A Cid35898X1833.1 -s 192.168.1.20 -j RETURN $IPTABLES -t nat -N Cid35898X1833.0 @@ -727,7 +727,7 @@ script_body() { echo "Rule 37 (NAT)" # $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 # # Rule 38 (NAT) # @@ -735,8 +735,8 @@ script_body() { # # this is the "exception" rule # used in support req. originally - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 39 (NAT) # @@ -750,8 +750,8 @@ script_body() { # # "exception" rule in the pair # from a support req. - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 41 (NAT) # @@ -797,8 +797,8 @@ script_body() { # # "exception" rule in the pair # from a support req. - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 45 (NAT) # @@ -1139,7 +1139,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:13 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:35 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-4.fw.orig b/test/ipt/firewall2-4.fw.orig index 3d5c85b99..0a91f4b89 100755 --- a/test/ipt/firewall2-4.fw.orig +++ b/test/ipt/firewall2-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:18 2011 PDT by vadim +# Generated Fri Jun 3 17:27:37 2011 PDT by vadim # # files: * firewall2-4.fw /etc/fw/firewall2-4.fw # @@ -360,8 +360,8 @@ script_body() { # echo "Rule 6 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 192.168.1.10 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 192.168.1.20 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 192.168.1.10 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 192.168.1.20 # # Rule 8 (NAT) # @@ -373,7 +373,7 @@ script_body() { # echo "Rule 11 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1 @@ -445,7 +445,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:18 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:37 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-5.fw.orig b/test/ipt/firewall2-5.fw.orig index 379eb75b6..3ee7535f3 100755 --- a/test/ipt/firewall2-5.fw.orig +++ b/test/ipt/firewall2-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:22 2011 PDT by vadim +# Generated Fri Jun 3 17:27:40 2011 PDT by vadim # # files: * firewall2-5.fw /etc/fw/firewall2-5.fw # @@ -349,22 +349,22 @@ script_body() { # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.41 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.41 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.222 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.222 # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.222 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.222 # # Rule 4 (NAT) # @@ -373,14 +373,14 @@ script_body() { # should be -o eth1 # firewall2-5:NAT:4: warning: Adding of virtual address for address range is not implemented (object r-222.222.222.0) - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.10-222.222.222.100 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.10-222.222.222.100 # # Rule 5 (NAT) # echo "Rule 5 (NAT)" # # should be -o eth2 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.1-33.33.33.3 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.1-33.33.33.3 # # Rule 7 (NAT) # @@ -389,22 +389,22 @@ script_body() { # partially matches eth3 # firewall2-5:NAT:7: warning: Adding of virtual address for address range is not implemented (object range 33 30-33) - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.30-33.33.33.33 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.30-33.33.33.33 # # Rule 8 (NAT) # echo "Rule 8 (NAT)" # # should be two rules: -o eth2 and -o eth3 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.1-33.33.33.33 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.1-33.33.33.33 # # Rule 9 (NAT) # echo "Rule 9 (NAT)" # # should be -o eth2 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.3 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.4 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.3 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 33.33.33.4 @@ -476,7 +476,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:22 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:40 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-6.fw.orig b/test/ipt/firewall2-6.fw.orig index fa9bac028..d714e8ff0 100755 --- a/test/ipt/firewall2-6.fw.orig +++ b/test/ipt/firewall2-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:27 2011 PDT by vadim +# Generated Fri Jun 3 17:27:42 2011 PDT by vadim # # files: * firewall2-6.fw /etc/fw/firewall2-6.fw # @@ -359,39 +359,37 @@ script_body() { # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # # - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 # # Rule 4 (NAT) # echo "Rule 4 (NAT)" # # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o ! eth3 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 # # Rule 5 (NAT) # echo "Rule 5 (NAT)" # # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 # # Rule 13 (NAT) # @@ -404,34 +402,34 @@ script_body() { # echo "Rule 14 (NAT)" # - $IPTABLES -t nat -A PREROUTING -i eth1 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10 + $IPTABLES -t nat -A PREROUTING -i eth1 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10 # # Rule 15 (NAT) # echo "Rule 15 (NAT)" # - $IPTABLES -t nat -A PREROUTING -i eth3 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10 + $IPTABLES -t nat -A PREROUTING -i eth3 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10 # # Rule 16 (NAT) # echo "Rule 16 (NAT)" # - $IPTABLES -t nat -A PREROUTING -i eth1 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10 - $IPTABLES -t nat -A PREROUTING -i eth3 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10 + $IPTABLES -t nat -A PREROUTING -i eth1 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10 + $IPTABLES -t nat -A PREROUTING -i eth3 -d 222.222.222.40 -j DNAT --to-destination 192.168.1.10 # # Rule 22 (NAT) # echo "Rule 22 (NAT)" # # rule for SF feature request 1954286 - $IPTABLES -t nat -A PREROUTING -i eth2 -p tcp -m tcp --dport 3996:4000 -j DNAT --to-destination 192.168.1.10 + $IPTABLES -t nat -A PREROUTING -i eth2 -p tcp -m tcp --dport 3996:4000 -j DNAT --to-destination 192.168.1.10 # # Rule 23 (NAT) # echo "Rule 23 (NAT)" # # REDIRECT - $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 + $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 @@ -503,7 +501,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:27 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:42 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-7.fw.orig b/test/ipt/firewall2-7.fw.orig index 03929473c..ea11df12c 100755 --- a/test/ipt/firewall2-7.fw.orig +++ b/test/ipt/firewall2-7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:32 2011 PDT by vadim +# Generated Fri Jun 3 17:27:45 2011 PDT by vadim # # files: * firewall2-7.fw /etc/fw/firewall2-7.fw # @@ -346,34 +346,30 @@ script_body() { # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o bridge+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 - $IPTABLES -t nat -A POSTROUTING -o vlan+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o bridge+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o vlan+ -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # # - $IPTABLES -t nat -A POSTROUTING -o vlan101 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o vlan101 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 - $IPTABLES -t nat -A POSTROUTING -o eth4 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 - $IPTABLES -t nat -A POSTROUTING -o bridge0 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 - $IPTABLES -t nat -A POSTROUTING -o vlan101 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o ! eth3 -s 192.168.1.0/24 -j SNAT --to-source 222.222.222.40 # # Rule 4 (NAT) # echo "Rule 4 (NAT)" # # REDIRECT - $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 + $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 @@ -445,7 +441,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:32 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:45 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2.fw.orig b/test/ipt/firewall2.fw.orig index 4293f5efd..b1c1cd7d6 100755 --- a/test/ipt/firewall2.fw.orig +++ b/test/ipt/firewall2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:53 2011 PDT by vadim +# Generated Fri Jun 3 17:27:23 2011 PDT by vadim # # files: * firewall2.fw /etc/fw/firewall2.fw # @@ -370,133 +370,133 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 3 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 0/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/0 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p icmp -m icmp -s 192.168.1.0/24 --icmp-type 11/1 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 50 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -p 88 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.40 # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 # # Rule 4 (NAT) # echo "Rule 4 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 # # Rule 5 (NAT) # echo "Rule 5 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.25.50 # # Rule 6 (NAT) # echo "Rule 6 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 # # Rule 7 (NAT) # echo "Rule 7 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 --random - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24 --random - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25 --random + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 --random + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.24 --random + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.25 --random # # Rule 8 (NAT) # echo "Rule 8 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1 # # Rule 9 (NAT) # echo "Rule 9 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1 # # Rule 10 (NAT) # echo "Rule 10 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.40 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.40 # # Rule 11 (NAT) # @@ -602,7 +602,7 @@ script_body() { # echo "Rule 20 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.20 -j SNAT --to-source 22.22.23.24 # # Rule 21 (NAT) # @@ -617,7 +617,7 @@ script_body() { # # firewall2:NAT:22: warning: Adding of virtual address for address range is not implemented (object ext_range) - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.100-22.22.22.110 # # Rule 23 (NAT) # @@ -660,7 +660,7 @@ script_body() { $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10 $IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.10 $IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 22.22.25.50 --dport 80 -j DNAT --to-destination 192.168.1.10 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.10 --dport 80 -j SNAT --to-source 192.168.1.1 # # Rule 27 (NAT) # @@ -725,7 +725,7 @@ script_body() { # echo "Rule 35 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 36 (NAT) # @@ -734,7 +734,7 @@ script_body() { $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128 $IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.10:3128 $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.10 --dport 80 -j DNAT --to-destination 192.168.1.10:3128 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.10 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 # # Rule 37 (NAT) # @@ -752,7 +752,7 @@ script_body() { echo "Rule 38 (NAT)" # $IPTABLES -t nat -N Cid40F1C52F.1 - $IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid40F1C52F.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid40F1C52F.1 $IPTABLES -t nat -A Cid40F1C52F.1 -s 192.168.1.10 -j RETURN $IPTABLES -t nat -A Cid40F1C52F.1 -s 192.168.1.20 -j RETURN $IPTABLES -t nat -N Cid40F1C52F.0 @@ -765,7 +765,7 @@ script_body() { echo "Rule 39 (NAT)" # $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to-destination 192.168.1.10:3128 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.10 --dport 3128 -j SNAT --to-source 192.168.1.1 # # Rule 40 (NAT) # @@ -773,8 +773,8 @@ script_body() { # # this is the "exception" rule # used in support req. originally - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 41 (NAT) # @@ -788,8 +788,8 @@ script_body() { # # "exception" rule in the pair # from a support req. - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 43 (NAT) # @@ -835,8 +835,8 @@ script_body() { # # "exception" rule in the pair # from a support req. - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.10 --dport 80 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.20 --dport 80 -j SNAT --to-source 22.22.22.22 # # Rule 47 (NAT) # @@ -856,7 +856,7 @@ script_body() { echo "Rule 48 (NAT)" # $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 --dport 3050:3051 -j DNAT --to-destination :700 - $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s 192.168.1.0/24 --dport 700 -j SNAT --to-source 192.168.1.10 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s 192.168.1.0/24 --dport 700 -j SNAT --to-source 192.168.1.10 # # Rule 49 (NAT) # @@ -1503,7 +1503,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:53 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:23 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall20-ipv6.fw.orig b/test/ipt/firewall20-ipv6.fw.orig index 1c90f7ed8..4288a7f67 100755 --- a/test/ipt/firewall20-ipv6.fw.orig +++ b/test/ipt/firewall20-ipv6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:57 2011 PDT by vadim +# Generated Fri Jun 3 17:27:25 2011 PDT by vadim # # files: * firewall20-ipv6.fw /etc/fw/firewall20-ipv6.fw # @@ -477,7 +477,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:57 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:25 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall20.fw.orig b/test/ipt/firewall20.fw.orig index 528da7364..26476d1e9 100755 --- a/test/ipt/firewall20.fw.orig +++ b/test/ipt/firewall20.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:54 2011 PDT by vadim +# Generated Fri Jun 3 17:27:23 2011 PDT by vadim # # files: * firewall20.fw /etc/fw/firewall20.fw # @@ -327,27 +327,27 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 - $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE --random + $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE --random # # Rule 4 (NAT) # @@ -360,7 +360,7 @@ script_body() { eval "addr_list=$cmd" for addr in $addr_list do - test -n "$addr" && $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source $addr + test -n "$addr" && $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source $addr done done # @@ -386,7 +386,7 @@ script_body() { echo "Rule 6 (NAT)" # $IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 # # Rule 7 (NAT) # @@ -695,7 +695,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:54 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:23 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall21-1.fw.orig b/test/ipt/firewall21-1.fw.orig index 0e4b7557b..c1e70ab3a 100755 --- a/test/ipt/firewall21-1.fw.orig +++ b/test/ipt/firewall21-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:02 2011 PDT by vadim +# Generated Fri Jun 3 17:27:28 2011 PDT by vadim # # files: * firewall21-1.fw /etc/fw/firewall21-1.fw # @@ -352,13 +352,13 @@ script_body() { # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE --random + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE --random # # Rule 4 (NAT) # @@ -366,7 +366,7 @@ script_body() { # for i_eth0 in $i_eth0_list do - test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --persistent + test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --persistent done # # Rule 5 (NAT) @@ -375,7 +375,7 @@ script_body() { # for i_eth0 in $i_eth0_list do - test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random --persistent + test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random --persistent done @@ -495,7 +495,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:02 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:28 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall21.fw.orig b/test/ipt/firewall21.fw.orig index 6f64547d8..86013a3a5 100755 --- a/test/ipt/firewall21.fw.orig +++ b/test/ipt/firewall21.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:14:58 2011 PDT by vadim +# Generated Fri Jun 3 17:27:26 2011 PDT by vadim # # files: * firewall21.fw /etc/fw/firewall21.fw # @@ -351,13 +351,13 @@ script_body() { # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE --random + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE --random # # Rule 4 (NAT) # @@ -365,7 +365,7 @@ script_body() { # for i_eth0 in $i_eth0_list do - test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 + test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 done # # Rule 5 (NAT) @@ -374,7 +374,7 @@ script_body() { # for i_eth0 in $i_eth0_list do - test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random + test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random done @@ -494,7 +494,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:14:58 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:26 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall22.fw.orig b/test/ipt/firewall22.fw.orig index 7d302e632..afc608d41 100755 --- a/test/ipt/firewall22.fw.orig +++ b/test/ipt/firewall22.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:05 2011 PDT by vadim +# Generated Fri Jun 3 17:27:30 2011 PDT by vadim # # files: * firewall22.fw /etc/fw/firewall22.fw # @@ -317,7 +317,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -m string --string test_pattern -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -m string --string test_pattern -j SNAT --to-source 192.168.2.1 # # Rule 1 (NAT) # @@ -330,7 +330,7 @@ script_body() { echo "Rule 2 (NAT)" # $IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -m string --string test_pattern -j DNAT --to-destination 200.200.200.200 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 200.200.200.200 -m string --string test_pattern -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 200.200.200.200 -m string --string test_pattern -j SNAT --to-source 192.168.2.1 @@ -411,7 +411,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:05 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:30 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall23-1.fw.orig b/test/ipt/firewall23-1.fw.orig index 993e3eaf2..4cde904b2 100755 --- a/test/ipt/firewall23-1.fw.orig +++ b/test/ipt/firewall23-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:13 2011 PDT by vadim +# Generated Fri Jun 3 17:27:35 2011 PDT by vadim # # files: * firewall23-1.fw /etc/fw/firewall23-1.fw # @@ -585,7 +585,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:13 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:35 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall23.fw.orig b/test/ipt/firewall23.fw.orig index 8771bd4b3..388edb442 100755 --- a/test/ipt/firewall23.fw.orig +++ b/test/ipt/firewall23.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:08 2011 PDT by vadim +# Generated Fri Jun 3 17:27:32 2011 PDT by vadim # # files: * firewall23.fw /etc/fw/firewall23.fw # @@ -497,7 +497,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:08 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:32 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall24.fw.orig b/test/ipt/firewall24.fw.orig index dd480d7bd..04f2bf0f4 100755 --- a/test/ipt/firewall24.fw.orig +++ b/test/ipt/firewall24.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:17 2011 PDT by vadim +# Generated Fri Jun 3 17:27:37 2011 PDT by vadim # # files: * firewall24.fw /etc/fw/firewall24.fw # @@ -514,7 +514,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:17 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:37 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall25.fw.orig b/test/ipt/firewall25.fw.orig index e7f1189a7..a20e3a73a 100755 --- a/test/ipt/firewall25.fw.orig +++ b/test/ipt/firewall25.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:22 2011 PDT by vadim +# Generated Fri Jun 3 17:27:40 2011 PDT by vadim # # files: * firewall25.fw /etc/fw/firewall25.fw # @@ -620,12 +620,12 @@ script_body() { echo :OUTPUT ACCEPT [0:0] # # Rule 0 (NAT) - echo "-A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE " - echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 " + echo "-A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j MASQUERADE " + echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 " # # Rule 1 (NAT) - echo "-A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 " - echo "-A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 " + echo "-A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 " + echo "-A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 " # # Rule 2 (NAT) getinterfaces ppp | while read I; do @@ -643,7 +643,7 @@ script_body() { # # Rule 3 (NAT) echo "-A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10 " - echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 " + echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 " # echo COMMIT @@ -705,7 +705,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:22 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:40 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall26.fw.orig b/test/ipt/firewall26.fw.orig index 80ca94f89..c21daec5e 100755 --- a/test/ipt/firewall26.fw.orig +++ b/test/ipt/firewall26.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:27 2011 PDT by vadim +# Generated Fri Jun 3 17:27:42 2011 PDT by vadim # # files: * firewall26.fw /etc/fw/firewall26.fw # @@ -506,12 +506,12 @@ script_body() { echo :OUTPUT ACCEPT [0:0] # # Rule 0 (NAT) - echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j MASQUERADE " - echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 " + echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j MASQUERADE " + echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 " # # Rule 1 (NAT) - echo "-A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 " - echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 " + echo "-A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 " + echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 " # # Rule 2 (NAT) for i_ppp in $i_ppp_list @@ -523,7 +523,7 @@ script_body() { # # Rule 3 (NAT) echo "-A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10 " - echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 " + echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 " # echo COMMIT @@ -585,7 +585,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:27 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:42 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall27.fw.orig b/test/ipt/firewall27.fw.orig index 24594208f..f0f9fa04f 100755 --- a/test/ipt/firewall27.fw.orig +++ b/test/ipt/firewall27.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:32 2011 PDT by vadim +# Generated Fri Jun 3 17:27:45 2011 PDT by vadim # # files: * firewall27.fw /etc/fw/firewall27.fw # @@ -491,12 +491,12 @@ script_body() { echo :OUTPUT ACCEPT [0:0] # # Rule 0 (NAT) - echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 " - echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 " + echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 " + echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 " # # Rule 1 (NAT) - echo "-A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 " - echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 " + echo "-A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 " + echo "-A POSTROUTING -o ppp -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 " # # Rule 2 (NAT) echo "-A PREROUTING -p tcp -m tcp -d 192.0.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10:22 " @@ -505,7 +505,7 @@ script_body() { # # Rule 3 (NAT) echo "-A PREROUTING -s 192.168.1.0/24 -d ! 200.200.200.200 -j DNAT --to-destination 192.168.2.10 " - echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 " + echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.10 -j SNAT --to-source 192.168.2.1 " # echo COMMIT @@ -567,7 +567,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:32 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:45 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall28.fw.orig b/test/ipt/firewall28.fw.orig index 454b60a36..ce782780d 100755 --- a/test/ipt/firewall28.fw.orig +++ b/test/ipt/firewall28.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:36 2011 PDT by vadim +# Generated Fri Jun 3 17:27:47 2011 PDT by vadim # # files: * firewall28.fw /etc/fw/firewall28.fw # @@ -328,7 +328,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22 @@ -430,7 +430,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:36 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:47 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall29.fw.orig b/test/ipt/firewall29.fw.orig index 3579ca58f..6c5d8b6f8 100755 --- a/test/ipt/firewall29.fw.orig +++ b/test/ipt/firewall29.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:36 2011 PDT by vadim +# Generated Fri Jun 3 17:27:47 2011 PDT by vadim # # files: * firewall29.fw /etc/fw/firewall29.fw # @@ -465,7 +465,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:36 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:47 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall3.fw.orig b/test/ipt/firewall3.fw.orig index 9af6f7918..1c8b64b6a 100755 --- a/test/ipt/firewall3.fw.orig +++ b/test/ipt/firewall3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:41 2011 PDT by vadim +# Generated Fri Jun 3 17:27:50 2011 PDT by vadim # # files: * firewall3.fw /etc/fw/firewall3.fw # @@ -313,14 +313,14 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 22.22.22.23 @@ -599,7 +599,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:41 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:50 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall30.fw.orig b/test/ipt/firewall30.fw.orig index fd21049ae..cab4f6047 100755 --- a/test/ipt/firewall30.fw.orig +++ b/test/ipt/firewall30.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:41 2011 PDT by vadim +# Generated Fri Jun 3 17:27:50 2011 PDT by vadim # # files: * firewall30.fw /etc/fw/firewall30.fw # @@ -396,7 +396,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:41 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:50 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall31.fw.orig b/test/ipt/firewall31.fw.orig index 891064c1e..b07c2c0d6 100755 --- a/test/ipt/firewall31.fw.orig +++ b/test/ipt/firewall31.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:45 2011 PDT by vadim +# Generated Fri Jun 3 17:27:52 2011 PDT by vadim # # files: * firewall31.fw /etc/fw/firewall31.fw # @@ -468,7 +468,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:45 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:52 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall32.fw.orig b/test/ipt/firewall32.fw.orig index f000a7924..793d20136 100755 --- a/test/ipt/firewall32.fw.orig +++ b/test/ipt/firewall32.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:45 2011 PDT by vadim +# Generated Fri Jun 3 17:27:52 2011 PDT by vadim # # files: * firewall32.fw /etc/fw/firewall32.fw # @@ -439,7 +439,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:45 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:52 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall33-1.fw.orig b/test/ipt/firewall33-1.fw.orig index 696c6026f..dd40054fd 100755 --- a/test/ipt/firewall33-1.fw.orig +++ b/test/ipt/firewall33-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:50 2011 PDT by vadim +# Generated Fri Jun 3 17:27:59 2011 PDT by vadim # # files: * firewall33-1.fw /etc/fw/firewall33-1.fw # @@ -416,11 +416,11 @@ script_body() { # $IPTABLES -N Cid438728A918346.0 $IPTABLES -A Policy -m state --state NEW -j Cid438728A918346.0 - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.112 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.113 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.114 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.115 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.116 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.48 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.49 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.50 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.51 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.52 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN @@ -546,7 +546,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:50 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:59 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall33.fw.orig b/test/ipt/firewall33.fw.orig index ed33fea49..eeb57f044 100755 --- a/test/ipt/firewall33.fw.orig +++ b/test/ipt/firewall33.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:51 2011 PDT by vadim +# Generated Fri Jun 3 17:27:59 2011 PDT by vadim # # files: * firewall33.fw /etc/fw/firewall33.fw # @@ -333,32 +333,32 @@ script_body() { # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.224.25 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.224.26 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.226.25 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.226.26 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.255.18 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.255.19 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.224.25 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.224.26 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.226.25 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.226.26 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.255.18 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d 157.166.255.19 -j MASQUERADE # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d www.cnn.com -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d www.cnn.com -j MASQUERADE # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d www.google.com -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d www.cnn.com -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d www.google.com -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth0.100 -d www.cnn.com -j MASQUERADE # # Rule 4 (NAT) # echo "Rule 4 (NAT)" # $IPTABLES -t nat -N Cid43876E7B18346.0 - $IPTABLES -t nat -A POSTROUTING -o eth0.100 -j Cid43876E7B18346.0 + $IPTABLES -t nat -A POSTROUTING -o eth0.100 -j Cid43876E7B18346.0 $IPTABLES -t nat -A Cid43876E7B18346.0 -d www.google.com -j RETURN $IPTABLES -t nat -A Cid43876E7B18346.0 -d www.cnn.com -j RETURN $IPTABLES -t nat -A Cid43876E7B18346.0 -j MASQUERADE @@ -466,11 +466,11 @@ script_body() { $IPTABLES -A OUTPUT -m state --state NEW -j Cid438728A918346.0 $IPTABLES -A INPUT -m state --state NEW -j Cid438728A918346.0 $IPTABLES -A FORWARD -m state --state NEW -j Cid438728A918346.0 - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.112 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.113 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.114 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.115 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.116 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.48 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.49 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.50 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.51 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.52 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN @@ -595,7 +595,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:51 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:27:59 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall34.fw.orig b/test/ipt/firewall34.fw.orig index 51f624e39..5c44f9f8b 100755 --- a/test/ipt/firewall34.fw.orig +++ b/test/ipt/firewall34.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:55 2011 PDT by vadim +# Generated Fri Jun 3 17:28:02 2011 PDT by vadim # # files: * firewall34.fw /etc/fw/firewall34.fw # @@ -338,7 +338,7 @@ script_body() { echo "Rule 1 (NAT)" # $IPTABLES -t nat -N Cid43891B6E674.0 - $IPTABLES -t nat -A POSTROUTING -o eth0.100 -s 192.168.1.0/24 -j Cid43891B6E674.0 + $IPTABLES -t nat -A POSTROUTING -o eth0.100 -s 192.168.1.0/24 -j Cid43891B6E674.0 grep -Ev '^#|^;|^\s*$' block-hosts.tbl | while read L ; do set $L; at_block_these=$1; $IPTABLES -t nat -A Cid43891B6E674.0 -d $at_block_these -j RETURN done @@ -671,7 +671,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:55 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:02 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall35.fw.orig b/test/ipt/firewall35.fw.orig index 2d3f88480..4a94c948e 100755 --- a/test/ipt/firewall35.fw.orig +++ b/test/ipt/firewall35.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:15:55 2011 PDT by vadim +# Generated Fri Jun 3 17:28:02 2011 PDT by vadim # # files: * firewall35.fw /etc/fw/firewall35.fw # @@ -497,7 +497,7 @@ script_body() { # # Rule 1 (NAT) echo ":Cid4392559D25682.0 - [0:0]" - echo "-A POSTROUTING -o eth0.100 -s 192.168.1.0/24 -j Cid4392559D25682.0 " + echo "-A POSTROUTING -o eth0.100 -s 192.168.1.0/24 -j Cid4392559D25682.0 " grep -Ev '^#|^;|^\s*$' block-hosts.tbl | while read L ; do set $L; at_block_these=$1; echo "-A Cid4392559D25682.0 -d $at_block_these -j RETURN " done @@ -563,7 +563,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:15:55 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:02 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36-1.fw.orig b/test/ipt/firewall36-1.fw.orig index ff0812222..dced2c872 100755 --- a/test/ipt/firewall36-1.fw.orig +++ b/test/ipt/firewall36-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:00 2011 PDT by vadim +# Generated Fri Jun 3 17:28:04 2011 PDT by vadim # # files: * firewall36-1.fw /etc/firewall36-1.fw # @@ -454,7 +454,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:00 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:04 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36-2.fw.orig b/test/ipt/firewall36-2.fw.orig index 8721bdf0c..c70caab6f 100755 --- a/test/ipt/firewall36-2.fw.orig +++ b/test/ipt/firewall36-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:04 2011 PDT by vadim +# Generated Fri Jun 3 17:28:06 2011 PDT by vadim # # files: * firewall36-2.fw /etc/firewall36-2.fw # @@ -454,7 +454,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:04 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:06 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36.fw.orig b/test/ipt/firewall36.fw.orig index a94850c9d..5284f977b 100755 --- a/test/ipt/firewall36.fw.orig +++ b/test/ipt/firewall36.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:00 2011 PDT by vadim +# Generated Fri Jun 3 17:28:04 2011 PDT by vadim # # files: * firewall36.fw /etc/firewall36.fw # @@ -518,7 +518,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:00 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:04 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall37-1.fw.orig b/test/ipt/firewall37-1.fw.orig index 2bbd5f7d7..b6a3dbad4 100755 --- a/test/ipt/firewall37-1.fw.orig +++ b/test/ipt/firewall37-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:07 2011 PDT by vadim +# Generated Fri Jun 3 17:28:08 2011 PDT by vadim # # files: * firewall37-1.fw /etc/fw/firewall37-1.fw # @@ -987,7 +987,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:07 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:08 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall37-2.fw.orig b/test/ipt/firewall37-2.fw.orig index a19a4cf5c..d5886b697 100755 --- a/test/ipt/firewall37-2.fw.orig +++ b/test/ipt/firewall37-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:09 2011 PDT by vadim +# Generated Fri Jun 3 17:28:10 2011 PDT by vadim # # files: * firewall37-2.fw /etc/fw/firewall37-2.fw # @@ -704,7 +704,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:09 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:10 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall37.fw.orig b/test/ipt/firewall37.fw.orig index bb2dc3d29..57dadafd4 100755 --- a/test/ipt/firewall37.fw.orig +++ b/test/ipt/firewall37.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:05 2011 PDT by vadim +# Generated Fri Jun 3 17:28:11 2011 PDT by vadim # # files: * firewall37.fw /etc/fw/firewall37.fw # @@ -1313,7 +1313,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:05 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:11 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall38.fw.orig b/test/ipt/firewall38.fw.orig index 57a5dc774..0a48b62c9 100755 --- a/test/ipt/firewall38.fw.orig +++ b/test/ipt/firewall38.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:11 2011 PDT by vadim +# Generated Fri Jun 3 17:28:12 2011 PDT by vadim # # files: * firewall38.fw /etc/fw/firewall38.fw # @@ -472,13 +472,13 @@ script_body() { echo :OUTPUT ACCEPT [0:0] # # Rule 0 (NAT) - echo "-A POSTROUTING -o eth1 -s 22.22.23.22 -j SNAT --to-source 22.22.23.22 " - echo "-A POSTROUTING -o eth1 -s 192.168.1.22 -j SNAT --to-source 22.22.23.22 " - echo "-A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22 " - echo "-A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22 " + echo "-A POSTROUTING -o eth1 -s 22.22.23.22 -j SNAT --to-source 22.22.23.22 " + echo "-A POSTROUTING -o eth1 -s 192.168.1.22 -j SNAT --to-source 22.22.23.22 " + echo "-A POSTROUTING -o eth1 -s 192.168.2.1 -j SNAT --to-source 22.22.23.22 " + echo "-A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.22 " # # Rule 1 (NAT) - echo "-A POSTROUTING -o eth1 -s 192.168.1.0/24 -m mark --mark 16 -j SNAT --to-source 22.22.23.22 " + echo "-A POSTROUTING -o eth1 -s 192.168.1.0/24 -m mark --mark 16 -j SNAT --to-source 22.22.23.22 " # echo COMMIT @@ -540,7 +540,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:11 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:12 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall39.fw.orig b/test/ipt/firewall39.fw.orig index f7fa63d5c..7a79c93fe 100755 --- a/test/ipt/firewall39.fw.orig +++ b/test/ipt/firewall39.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:13 2011 PDT by vadim +# Generated Fri Jun 3 17:28:14 2011 PDT by vadim # # files: * firewall39.fw /etc/fw/firewall39.fw # @@ -820,7 +820,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:13 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:14 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall4.fw.orig b/test/ipt/firewall4.fw.orig index 62ffcd1a1..8d16c3858 100755 --- a/test/ipt/firewall4.fw.orig +++ b/test/ipt/firewall4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:14 2011 PDT by vadim +# Generated Fri Jun 3 17:28:14 2011 PDT by vadim # # files: * firewall4.fw /etc/fw/firewall4.fw # @@ -317,30 +317,30 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.10 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.10 -j SNAT --to-source 192.168.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.10 -j SNAT --to-source 222.222.222.222 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.10 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.10 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.10 -j SNAT --to-source 222.222.222.222 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.40 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.41 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.41 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.40 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.41 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.40 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.10 -j SNAT --to-source 222.222.222.41 # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 222.222.222.222 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 222.222.222.222 # # Rule 4 (NAT) # @@ -348,12 +348,12 @@ script_body() { # for i_eth1 in $i_eth1_list do - test -n "$i_eth1" && $IPTABLES -t nat -A POSTROUTING -o eth1 -s $i_eth1 -j MASQUERADE + test -n "$i_eth1" && $IPTABLES -t nat -A POSTROUTING -o eth1 -s $i_eth1 -j MASQUERADE done - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.1 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 222.222.222.222 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.1 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.2.1 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 222.222.222.222 -j MASQUERADE # # Rule 5 (NAT) # @@ -733,7 +733,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:14 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:14 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40-1.fw.orig b/test/ipt/firewall40-1.fw.orig index 18cee16b5..3fd5cd4f7 100755 --- a/test/ipt/firewall40-1.fw.orig +++ b/test/ipt/firewall40-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:18 2011 PDT by vadim +# Generated Fri Jun 3 17:28:16 2011 PDT by vadim # # files: * firewall40-1.fw /etc/firewall40-1.fw # @@ -338,7 +338,7 @@ script_body() { # # Translate source address # for outgoing connections - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 # ================ Table 'mangle', rule set Policy_1 # @@ -462,7 +462,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:18 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:16 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40-2.fw.orig b/test/ipt/firewall40-2.fw.orig index d9c92cf34..1f538cf04 100755 --- a/test/ipt/firewall40-2.fw.orig +++ b/test/ipt/firewall40-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:20 2011 PDT by vadim +# Generated Fri Jun 3 17:28:18 2011 PDT by vadim # # files: * firewall40-2.fw /etc/firewall40-2.fw # @@ -338,7 +338,7 @@ script_body() { # # Translate source address # for outgoing connections - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 # ================ Table 'mangle', rule set Policy_1 # @@ -449,7 +449,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:20 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:18 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40.fw.orig b/test/ipt/firewall40.fw.orig index 3b65d667f..c9604c8fa 100755 --- a/test/ipt/firewall40.fw.orig +++ b/test/ipt/firewall40.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:17 2011 PDT by vadim +# Generated Fri Jun 3 17:28:16 2011 PDT by vadim # # files: * firewall40.fw /etc/firewall40.fw # @@ -338,7 +338,7 @@ script_body() { # # Translate source address # for outgoing connections - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 # ================ Table 'mangle', rule set Policy # @@ -455,7 +455,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:17 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:16 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall41-1.fw.orig b/test/ipt/firewall41-1.fw.orig index 87c77a96a..ca94c649b 100755 --- a/test/ipt/firewall41-1.fw.orig +++ b/test/ipt/firewall41-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:24 2011 PDT by vadim +# Generated Fri Jun 3 17:28:20 2011 PDT by vadim # # files: * firewall41-1.fw /etc/firewall41-1.fw # @@ -456,14 +456,14 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -m set --set atbl.1 src -j SNAT --to-source 1.1.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -m set --set atbl.1 src -j SNAT --to-source 1.1.1.1 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # $IPTABLES -t nat -N Cid2287813X9995.0 - $IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid2287813X9995.0 + $IPTABLES -t nat -A POSTROUTING -o eth0 -j Cid2287813X9995.0 $IPTABLES -t nat -A Cid2287813X9995.0 -m set --set atbl.1 src -j RETURN $IPTABLES -t nat -A Cid2287813X9995.0 -j SNAT --to-source 1.1.1.1 # @@ -596,7 +596,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:24 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:20 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall41.fw.orig b/test/ipt/firewall41.fw.orig index 347bed83f..a0c800712 100755 --- a/test/ipt/firewall41.fw.orig +++ b/test/ipt/firewall41.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:22 2011 PDT by vadim +# Generated Fri Jun 3 17:28:20 2011 PDT by vadim # # files: * firewall41.fw /etc/firewall41.fw # @@ -480,7 +480,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:22 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:20 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall42.fw.orig b/test/ipt/firewall42.fw.orig index 1178a52bb..ddec37842 100755 --- a/test/ipt/firewall42.fw.orig +++ b/test/ipt/firewall42.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:28 2011 PDT by vadim +# Generated Fri Jun 3 17:28:22 2011 PDT by vadim # # files: * firewall42.fw /etc/fw/firewall42.fw # @@ -405,7 +405,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:28 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:22 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall5.fw.orig b/test/ipt/firewall5.fw.orig index 331d7356f..3b43a64c1 100755 --- a/test/ipt/firewall5.fw.orig +++ b/test/ipt/firewall5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:29 2011 PDT by vadim +# Generated Fri Jun 3 17:28:24 2011 PDT by vadim # # files: * firewall5.fw /etc/fw/firewall5.fw # @@ -321,27 +321,27 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o ppp0 -s 192.168.1.0/24 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o ppp1 -s 192.168.1.0/24 -j MASQUERADE - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o ppp0 -s 192.168.1.0/24 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o ppp1 -s 192.168.1.0/24 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 - $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.23 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 77.77.77.77 -j SNAT --to-source 22.22.22.23 - $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 77.77.77.77 -j SNAT --to-source 22.22.22.23 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.1 -j SNAT --to-source 22.22.22.23 - $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.1 -j SNAT --to-source 22.22.22.23 - $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.2.1 -j SNAT --to-source 22.22.22.23 - $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.2.1 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 77.77.77.77 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 77.77.77.77 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.1.1 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.1.1 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s 192.168.2.1 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o ppp+ -s 192.168.2.1 -j SNAT --to-source 22.22.22.23 # # Rule 3 (NAT) # @@ -647,7 +647,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:29 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:24 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall50.fw.orig b/test/ipt/firewall50.fw.orig index 726581499..ed99aefd6 100755 --- a/test/ipt/firewall50.fw.orig +++ b/test/ipt/firewall50.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:31 2011 PDT by vadim +# Generated Fri Jun 3 17:28:25 2011 PDT by vadim # # files: * firewall50.fw /etc/fw/firewall50.fw # @@ -439,7 +439,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:31 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:25 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall51.fw.orig b/test/ipt/firewall51.fw.orig index 0349a5d9b..8622532b2 100755 --- a/test/ipt/firewall51.fw.orig +++ b/test/ipt/firewall51.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:33 2011 PDT by vadim +# Generated Fri Jun 3 17:28:27 2011 PDT by vadim # # files: * firewall51.fw /etc/fw/firewall51.fw # @@ -512,7 +512,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:33 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:27 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall6.fw.orig b/test/ipt/firewall6.fw.orig index 953e4eb42..321fe33f9 100755 --- a/test/ipt/firewall6.fw.orig +++ b/test/ipt/firewall6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:35 2011 PDT by vadim +# Generated Fri Jun 3 17:28:27 2011 PDT by vadim # # files: * firewall6.fw /etc/fw/firewall6.fw # @@ -321,7 +321,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.20 --dport 80 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.20 --dport 80 -j SNAT --to-source 192.168.1.1 # # Rule 1 (NAT) # @@ -337,23 +337,23 @@ script_body() { # both source and destination # this rule should be equivalent to two rules above $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 -d 22.22.23.24 --dport 80 -j DNAT --to-destination 192.168.1.20 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.20 --dport 80 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.20 --dport 80 -j SNAT --to-source 192.168.1.1 # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1 # # Rule 4 (NAT) # echo "Rule 4 (NAT)" # $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.22.22 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1 # # Rule 5 (NAT) # @@ -363,15 +363,15 @@ script_body() { $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 22.22.23.23 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12 $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12 $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1 --dport 80 -j DNAT --to-destination 192.168.1.11-192.168.1.12 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.11 --dport 80 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -d 192.168.1.12 --dport 80 -j SNAT --to-source 192.168.1.1 # # Rule 6 (NAT) # echo "Rule 6 (NAT)" # $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -s ! 192.168.1.100 --dport 80 -j DNAT --to-destination 192.168.1.100:3128 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.100 -d 192.168.1.100 --dport 3128 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s ! 192.168.1.100 -d 192.168.1.100 --dport 3128 -j SNAT --to-source 192.168.1.1 # # Rule 7 (NAT) # @@ -382,21 +382,21 @@ script_body() { $IPTABLES -t nat -A Cid3F9F8382.0 -d 222.222.222.40 -j RETURN $IPTABLES -t nat -A Cid3F9F8382.0 -d 222.222.222.41 -j RETURN $IPTABLES -t nat -A Cid3F9F8382.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.100:3128 - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.100 --dport 3128 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.1.100 --dport 3128 -j SNAT --to-source 192.168.1.1 # # Rule 8 (NAT) # echo "Rule 8 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -d 192.168.2.0/24 -j SNAT --to-source 192.168.2.1 # # Rule 9 (NAT) # echo "Rule 9 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 - $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 - $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j SNAT --to-source 22.22.22.22 + $IPTABLES -t nat -A POSTROUTING -o eth3 -s 192.168.1.0/24 -j SNAT --to-source 22.22.23.23 + $IPTABLES -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 @@ -534,7 +534,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:35 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:27 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall60.fw.orig b/test/ipt/firewall60.fw.orig index c4d5ac129..a4ef53d55 100755 --- a/test/ipt/firewall60.fw.orig +++ b/test/ipt/firewall60.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:37 2011 PDT by vadim +# Generated Fri Jun 3 17:28:29 2011 PDT by vadim # # files: * firewall60.fw /etc/firewall60.fw # @@ -440,7 +440,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:37 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.2.5.fw.orig b/test/ipt/firewall61-1.2.5.fw.orig index 893cadda6..b6767def2 100755 --- a/test/ipt/firewall61-1.2.5.fw.orig +++ b/test/ipt/firewall61-1.2.5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:38 2011 PDT by vadim +# Generated Fri Jun 3 17:28:29 2011 PDT by vadim # # files: * firewall61-1.2.5.fw /etc/firewall61-1.2.5.fw # @@ -520,7 +520,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:38 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.2.6.fw.orig b/test/ipt/firewall61-1.2.6.fw.orig index 6b99ae44c..dfaca04f2 100755 --- a/test/ipt/firewall61-1.2.6.fw.orig +++ b/test/ipt/firewall61-1.2.6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:41 2011 PDT by vadim +# Generated Fri Jun 3 17:28:31 2011 PDT by vadim # # files: * firewall61-1.2.6.fw /etc/firewall61-1.2.6.fw # @@ -526,7 +526,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:41 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:31 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.3.x.fw.orig b/test/ipt/firewall61-1.3.x.fw.orig index bb11affcc..09166f943 100755 --- a/test/ipt/firewall61-1.3.x.fw.orig +++ b/test/ipt/firewall61-1.3.x.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:42 2011 PDT by vadim +# Generated Fri Jun 3 17:28:31 2011 PDT by vadim # # files: * firewall61-1.3.x.fw /etc/firewall61-1.3.x.fw # @@ -513,7 +513,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:42 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:31 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.4.fw.orig b/test/ipt/firewall61-1.4.fw.orig index cc58f2535..619ff126f 100755 --- a/test/ipt/firewall61-1.4.fw.orig +++ b/test/ipt/firewall61-1.4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:45 2011 PDT by vadim +# Generated Fri Jun 3 17:28:33 2011 PDT by vadim # # files: * firewall61-1.4.fw /etc/firewall61-1.4.fw # @@ -514,7 +514,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:45 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:33 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall62.fw.orig b/test/ipt/firewall62.fw.orig index 6cb7b324a..dfefed4b7 100755 --- a/test/ipt/firewall62.fw.orig +++ b/test/ipt/firewall62.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:46 2011 PDT by vadim +# Generated Fri Jun 3 17:28:34 2011 PDT by vadim # # files: * firewall62.fw /etc/firewall62.fw # @@ -590,7 +590,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:46 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:34 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall63.fw.orig b/test/ipt/firewall63.fw.orig index 37c8f48cd..682f781f6 100755 --- a/test/ipt/firewall63.fw.orig +++ b/test/ipt/firewall63.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:49 2011 PDT by vadim +# Generated Fri Jun 3 17:28:36 2011 PDT by vadim # # files: * firewall63.fw /etc/firewall63.fw # @@ -410,7 +410,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:49 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall7.fw.orig b/test/ipt/firewall7.fw.orig index f9eebe4a4..d28103d2c 100755 --- a/test/ipt/firewall7.fw.orig +++ b/test/ipt/firewall7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:50 2011 PDT by vadim +# Generated Fri Jun 3 17:28:36 2011 PDT by vadim # # files: * firewall7.fw /etc/fw/firewall7.fw # @@ -494,7 +494,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:50 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall70.fw.orig b/test/ipt/firewall70.fw.orig index a9b13d1e5..05d88a1f1 100755 --- a/test/ipt/firewall70.fw.orig +++ b/test/ipt/firewall70.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:52 2011 PDT by vadim +# Generated Fri Jun 3 17:28:38 2011 PDT by vadim # # files: * firewall70.fw iptables.sh # @@ -433,7 +433,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:52 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:38 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall71.fw.orig b/test/ipt/firewall71.fw.orig index bfd5495b1..f2951bdf7 100755 --- a/test/ipt/firewall71.fw.orig +++ b/test/ipt/firewall71.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:54 2011 PDT by vadim +# Generated Fri Jun 3 17:28:38 2011 PDT by vadim # # files: * firewall71.fw /etc/fw/firewall71.fw # @@ -387,7 +387,7 @@ script_body() { echo :OUTPUT ACCEPT [0:0] # # Rule 0 (NAT) - echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 " + echo "-A POSTROUTING -o eth2 -s 192.168.1.0/24 -j SNAT --to-source 192.168.2.1 " # echo COMMIT @@ -449,7 +449,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:54 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:38 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall72-1.3.x.fw.orig b/test/ipt/firewall72-1.3.x.fw.orig index fcf799cb3..9eb48689f 100755 --- a/test/ipt/firewall72-1.3.x.fw.orig +++ b/test/ipt/firewall72-1.3.x.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:56 2011 PDT by vadim +# Generated Fri Jun 3 17:28:40 2011 PDT by vadim # # files: * firewall72-1.3.x.fw /etc/fw/firewall72-1.3.x.fw # @@ -335,35 +335,35 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -s ! 192.168.1.0/24 -d 200.200.200.200 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -s ! 192.168.1.0/24 -d 200.200.200.200 -j SNAT --to-source 22.22.22.23 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s ! 192.168.1.0/24 -d 200.200.200.200 --dport 80 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp -s ! 192.168.1.0/24 -d 200.200.200.200 --dport 80 -j SNAT --to-source 22.22.22.23 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 33.33.33.33 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 172.16.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 33.33.33.33 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d ! 192.168.2.0/24 -j SNAT --to-source 172.16.1.1 # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 33.33.33.33 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 172.16.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 33.33.33.33 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 -d ! 192.168.2.0/24 --dport 80 -j SNAT --to-source 172.16.1.1 # # Rule 4 (NAT) # echo "Rule 4 (NAT)" # $IPTABLES -t nat -N Cid212911X8629.0 - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j Cid212911X8629.0 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid212911X8629.0 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j Cid212911X8629.0 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid212911X8629.0 $IPTABLES -t nat -A Cid212911X8629.0 -d 192.168.1.0/24 -j RETURN $IPTABLES -t nat -A Cid212911X8629.0 -d 192.168.2.0/24 -j RETURN $IPTABLES -t nat -A Cid212911X8629.0 -j SNAT --to-source 172.16.1.1 @@ -581,7 +581,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:56 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:40 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall72-1.4.3.fw.orig b/test/ipt/firewall72-1.4.3.fw.orig index 9a91d1a8c..b59ec1c14 100755 --- a/test/ipt/firewall72-1.4.3.fw.orig +++ b/test/ipt/firewall72-1.4.3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:57 2011 PDT by vadim +# Generated Fri Jun 3 17:28:40 2011 PDT by vadim # # files: * firewall72-1.4.3.fw /etc/fw/firewall72-1.4.3.fw # @@ -335,35 +335,35 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ ! -s 192.168.1.0/24 -d 200.200.200.200 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ ! -s 192.168.1.0/24 -d 200.200.200.200 -j SNAT --to-source 22.22.22.23 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp ! -s 192.168.1.0/24 -d 200.200.200.200 --dport 80 -j SNAT --to-source 22.22.22.23 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p tcp -m tcp ! -s 192.168.1.0/24 -d 200.200.200.200 --dport 80 -j SNAT --to-source 22.22.22.23 # # Rule 2 (NAT) # echo "Rule 2 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 ! -d 192.168.2.0/24 -j SNAT --to-source 33.33.33.33 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 ! -d 192.168.2.0/24 -j SNAT --to-source 172.16.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 ! -d 192.168.2.0/24 -j SNAT --to-source 33.33.33.33 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 ! -d 192.168.2.0/24 -j SNAT --to-source 172.16.1.1 # # Rule 3 (NAT) # echo "Rule 3 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 ! -d 192.168.2.0/24 --dport 80 -j SNAT --to-source 33.33.33.33 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 ! -d 192.168.2.0/24 --dport 80 -j SNAT --to-source 172.16.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -p tcp -m tcp -s 192.168.1.0/24 ! -d 192.168.2.0/24 --dport 80 -j SNAT --to-source 33.33.33.33 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -s 192.168.1.0/24 ! -d 192.168.2.0/24 --dport 80 -j SNAT --to-source 172.16.1.1 # # Rule 4 (NAT) # echo "Rule 4 (NAT)" # $IPTABLES -t nat -N Cid213031X8629.0 - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j Cid213031X8629.0 - $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid213031X8629.0 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j Cid213031X8629.0 + $IPTABLES -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid213031X8629.0 $IPTABLES -t nat -A Cid213031X8629.0 -d 192.168.1.0/24 -j RETURN $IPTABLES -t nat -A Cid213031X8629.0 -d 192.168.2.0/24 -j RETURN $IPTABLES -t nat -A Cid213031X8629.0 -j SNAT --to-source 172.16.1.1 @@ -581,7 +581,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:16:57 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:40 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall73.fw.orig b/test/ipt/firewall73.fw.orig index d836622ec..020d3a9a3 100755 --- a/test/ipt/firewall73.fw.orig +++ b/test/ipt/firewall73.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:01 2011 PDT by vadim +# Generated Fri Jun 3 17:28:42 2011 PDT by vadim # # files: * firewall73.fw /etc/fw/firewall73.fw # @@ -544,7 +544,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:01 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:42 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall74.fw.orig b/test/ipt/firewall74.fw.orig index dae927513..9f827d6cb 100755 --- a/test/ipt/firewall74.fw.orig +++ b/test/ipt/firewall74.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:01 2011 PDT by vadim +# Generated Fri Jun 3 17:28:43 2011 PDT by vadim # # files: * firewall74.fw /etc/fw/firewall74.fw # @@ -396,7 +396,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:01 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:43 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall8.fw.orig b/test/ipt/firewall8.fw.orig index 41c61e515..906335da3 100755 --- a/test/ipt/firewall8.fw.orig +++ b/test/ipt/firewall8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:05 2011 PDT by vadim +# Generated Fri Jun 3 17:28:44 2011 PDT by vadim # # files: * firewall8.fw /etc/fw/firewall8.fw # @@ -381,7 +381,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:05 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:44 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall80.fw.orig b/test/ipt/firewall80.fw.orig index a475e3b01..9e419b7d4 100755 --- a/test/ipt/firewall80.fw.orig +++ b/test/ipt/firewall80.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:05 2011 PDT by vadim +# Generated Fri Jun 3 17:28:45 2011 PDT by vadim # # files: * firewall80.fw /etc/fw/firewall80.fw # @@ -328,7 +328,7 @@ script_body() { # # SNAT rule $IPTABLES -t nat -N NAT_1_POSTROUTING - $IPTABLES -t nat -A NAT_1_POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 + $IPTABLES -t nat -A NAT_1_POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 # ================ Table 'nat', rule set NAT # @@ -420,7 +420,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:05 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:45 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall81.fw.orig b/test/ipt/firewall81.fw.orig index 257b6c2e7..eaaab68f0 100755 --- a/test/ipt/firewall81.fw.orig +++ b/test/ipt/firewall81.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:08 2011 PDT by vadim +# Generated Fri Jun 3 17:28:47 2011 PDT by vadim # # files: * firewall81.fw /etc/fw/firewall81.fw # @@ -355,7 +355,7 @@ script_body() { # # SNAT rule $IPTABLES -t nat -N NAT_1_POSTROUTING - $IPTABLES -t nat -A NAT_1_POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 + $IPTABLES -t nat -A NAT_1_POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 # ================ Table 'nat', rule set NAT_1 # @@ -371,7 +371,7 @@ script_body() { echo "Rule NAT_1 1 (NAT)" # # SNAT rule - $IPTABLES -t nat -A NAT_1_POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 + $IPTABLES -t nat -A NAT_1_POSTROUTING -o eth+ -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 @@ -441,7 +441,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:08 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:47 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82.fw.orig b/test/ipt/firewall82.fw.orig index a6ef10b31..861184bd6 100755 --- a/test/ipt/firewall82.fw.orig +++ b/test/ipt/firewall82.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:09 2011 PDT by vadim +# Generated Fri Jun 3 17:28:47 2011 PDT by vadim # # files: * firewall82.fw /etc/firewall82.fw # @@ -336,7 +336,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE @@ -434,7 +434,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:09 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:47 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82_A.fw.orig b/test/ipt/firewall82_A.fw.orig index 08782b8f4..ba1967c09 100755 --- a/test/ipt/firewall82_A.fw.orig +++ b/test/ipt/firewall82_A.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:12 2011 PDT by vadim +# Generated Fri Jun 3 17:28:49 2011 PDT by vadim # # files: * firewall82_A.fw /etc/fw/firewall82_A.fw # @@ -421,7 +421,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:12 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82_B.fw.orig b/test/ipt/firewall82_B.fw.orig index 59706b61c..1a502690f 100755 --- a/test/ipt/firewall82_B.fw.orig +++ b/test/ipt/firewall82_B.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:13 2011 PDT by vadim +# Generated Fri Jun 3 17:28:49 2011 PDT by vadim # # files: * firewall82_B.fw /etc/fw/firewall82_B.fw # @@ -384,7 +384,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:13 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall9.fw.orig b/test/ipt/firewall9.fw.orig index 4e7b42944..cd76ecaa6 100755 --- a/test/ipt/firewall9.fw.orig +++ b/test/ipt/firewall9.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:16 2011 PDT by vadim +# Generated Fri Jun 3 17:28:51 2011 PDT by vadim # # files: * firewall9.fw /etc/fw/firewall9.fw # @@ -642,7 +642,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:16 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:51 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall90.fw.orig b/test/ipt/firewall90.fw.orig index ca1873278..53c69d9e0 100755 --- a/test/ipt/firewall90.fw.orig +++ b/test/ipt/firewall90.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:17 2011 PDT by vadim +# Generated Fri Jun 3 17:28:51 2011 PDT by vadim # # files: * firewall90.fw /etc/fw/firewall90.fw # @@ -404,7 +404,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:17 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:51 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall91.fw.orig b/test/ipt/firewall91.fw.orig index d71167b1e..4deab65c7 100755 --- a/test/ipt/firewall91.fw.orig +++ b/test/ipt/firewall91.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:20 2011 PDT by vadim +# Generated Fri Jun 3 17:28:53 2011 PDT by vadim # # files: * firewall91.fw /etc/fw/firewall91.fw # @@ -404,7 +404,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:20 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:53 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall92.fw.orig b/test/ipt/firewall92.fw.orig index 0fcbef882..534edee44 100755 --- a/test/ipt/firewall92.fw.orig +++ b/test/ipt/firewall92.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:21 2011 PDT by vadim +# Generated Fri Jun 3 17:28:54 2011 PDT by vadim # # files: * firewall92.fw /etc/fw/firewall92.fw # @@ -440,7 +440,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:21 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:54 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall93.fw.orig b/test/ipt/firewall93.fw.orig index 7b77a4e6e..a8946ef5d 100755 --- a/test/ipt/firewall93.fw.orig +++ b/test/ipt/firewall93.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:17:25 2011 PDT by vadim +# Generated Fri Jun 3 17:28:56 2011 PDT by vadim # # files: * firewall93.fw /etc/fw/firewall93.fw # @@ -483,7 +483,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:17:25 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:56 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fw-A.fw.orig b/test/ipt/fw-A.fw.orig index f4643fcd4..5b057acc4 100755 --- a/test/ipt/fw-A.fw.orig +++ b/test/ipt/fw-A.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:08 2011 PDT by vadim +# Generated Fri Jun 3 17:29:40 2011 PDT by vadim # # files: * fw-A.fw /sw/FWbuilder/fw-A.fw # @@ -745,7 +745,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:08 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:40 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fw1.fw.orig b/test/ipt/fw1.fw.orig index d942c10f7..f7347fd51 100755 --- a/test/ipt/fw1.fw.orig +++ b/test/ipt/fw1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:07 2011 PDT by vadim +# Generated Fri Jun 3 17:29:38 2011 PDT by vadim # # files: * fw1.fw /etc/fw1.fw # @@ -353,7 +353,7 @@ script_body() { echo "Rule 1 (NAT)" # # source port only - $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 --sport 123 -j SNAT --to-source :5050 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 --sport 123 -j SNAT --to-source :5050 # # Rule 2 (NAT) # @@ -369,7 +369,7 @@ script_body() { # SDNAT $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.0.2.1 --dport 22 -j DNAT --to-destination 192.168.1.10 $IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d 192.168.1.1 --dport 22 -j DNAT --to-destination 192.168.1.10 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -d 192.168.1.10 --dport 22 -j SNAT --to-source 192.168.1.1 # # Rule 4 (NAT) # @@ -378,7 +378,7 @@ script_body() { # SDNAT with source port $IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.0.2.1 -j DNAT --to-destination 192.168.1.10 $IPTABLES -t nat -A PREROUTING -p udp -m udp --sport 123 -d 192.168.1.1 -j DNAT --to-destination 192.168.1.10 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1:5050 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp --sport 123 -d 192.168.1.10 -j SNAT --to-source 192.168.1.1:5050 # # Rule 5 (NAT) # @@ -386,7 +386,7 @@ script_body() { # # SDNAT with dest port $IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --dport 53 -j DNAT --to-destination 192.168.1.10:1053 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1 # # Rule 6 (NAT) # @@ -396,13 +396,13 @@ script_body() { # translate src and dst addresses # and src and dst ports $IPTABLES -t nat -A PREROUTING -p udp -m udp -s 192.168.1.0/24 --sport 1024:65535 --dport 53 -j DNAT --to-destination 192.168.1.10:1053 - $IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1:32767-65535 + $IPTABLES -t nat -A POSTROUTING -o eth1 -p udp -m udp -s 192.168.1.0/24 -d 192.168.1.10 --dport 1053 -j SNAT --to-source 192.168.1.1:32767-65535 # # Rule 7 (NAT) # echo "Rule 7 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 --dport 53 -j SNAT --to-source :5050 + $IPTABLES -t nat -A POSTROUTING -o eth+ -p udp -m udp -s 192.168.1.0/24 --dport 53 -j SNAT --to-source :5050 @@ -546,7 +546,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:07 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:38 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fwbuilder.fw.orig b/test/ipt/fwbuilder.fw.orig index bae232e7a..2405d0070 100755 --- a/test/ipt/fwbuilder.fw.orig +++ b/test/ipt/fwbuilder.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:16:26 2011 PDT by vadim +# Generated Fri Jun 3 17:28:22 2011 PDT by vadim # # files: * fwbuilder.fw /etc/init.d/fwbuilder.fw # @@ -336,7 +336,7 @@ script_body() { echo "Rule 0 (NAT)" # grep -Ev '^#|^;|^\s*$' addr-table-1.tbl | while read L ; do - set $L; at_atbl_1=$1; $IPTABLES -t nat -A POSTROUTING -o eth+ -s $at_atbl_1 -j SNAT --to-source 1.1.1.1 + set $L; at_atbl_1=$1; $IPTABLES -t nat -A POSTROUTING -o eth+ -s $at_atbl_1 -j SNAT --to-source 1.1.1.1 done # # Rule 1 (NAT) @@ -344,7 +344,7 @@ script_body() { echo "Rule 1 (NAT)" # $IPTABLES -t nat -N Cid2101361X9995.0 - $IPTABLES -t nat -A POSTROUTING -o eth+ -j Cid2101361X9995.0 + $IPTABLES -t nat -A POSTROUTING -o eth+ -j Cid2101361X9995.0 grep -Ev '^#|^;|^\s*$' addr-table-1.tbl | while read L ; do set $L; at_atbl_1=$1; $IPTABLES -t nat -A Cid2101361X9995.0 -s $at_atbl_1 -j RETURN done @@ -504,7 +504,7 @@ status_action() { } start() { - log "Activating firewall script generated Thu May 26 14:16:26 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:28:22 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig b/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig index 15936b04a..431e56dce 100755 --- a/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig +++ b/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:22 2011 PDT by vadim +# Generated Fri Jun 3 17:29:48 2011 PDT by vadim # # files: * heartbeat_cluster_1_d_linux-1-d.fw firewall.sh # @@ -342,7 +342,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE # # Rule 1 (NAT) # @@ -350,7 +350,7 @@ script_body() { # for i_eth0 in $i_eth0_list do - test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 + test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 done # # Rule 2 (NAT) @@ -359,7 +359,7 @@ script_body() { # for i_eth0 in $i_eth0_list do - test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random + test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random done # # Rule 3 (NAT) @@ -747,7 +747,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig b/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig index 80e3bc7e0..fd1a6e6e6 100755 --- a/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig +++ b/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:22 2011 PDT by vadim +# Generated Fri Jun 3 17:29:48 2011 PDT by vadim # # files: * heartbeat_cluster_1_d_linux-2-d.fw firewall.sh # @@ -347,7 +347,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE # # Rule 1 (NAT) # @@ -355,7 +355,7 @@ script_body() { # for i_eth0 in $i_eth0_list do - test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 + test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 done # # Rule 2 (NAT) @@ -364,7 +364,7 @@ script_body() { # for i_eth0 in $i_eth0_list do - test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random + test -n "$i_eth0" && $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source $i_eth0 --random done # # Rule 3 (NAT) @@ -751,7 +751,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_linux-1.fw.orig b/test/ipt/heartbeat_cluster_1_linux-1.fw.orig index 8d01b8050..0be024f14 100755 --- a/test/ipt/heartbeat_cluster_1_linux-1.fw.orig +++ b/test/ipt/heartbeat_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:21 2011 PDT by vadim +# Generated Fri Jun 3 17:29:48 2011 PDT by vadim # # files: * heartbeat_cluster_1_linux-1.fw /etc/heartbeat_cluster_1_linux-1.fw # @@ -426,13 +426,13 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 # # Rule 2 (NAT) # @@ -864,7 +864,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:21 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_linux-2.fw.orig b/test/ipt/heartbeat_cluster_1_linux-2.fw.orig index ecc7192e1..af97c5395 100755 --- a/test/ipt/heartbeat_cluster_1_linux-2.fw.orig +++ b/test/ipt/heartbeat_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:21 2011 PDT by vadim +# Generated Fri Jun 3 17:29:48 2011 PDT by vadim # # files: * heartbeat_cluster_1_linux-2.fw /etc/heartbeat_cluster_1_linux-2.fw # @@ -331,13 +331,13 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 # # Rule 2 (NAT) # @@ -762,7 +762,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:21 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_2_linux-1.fw.orig b/test/ipt/heartbeat_cluster_2_linux-1.fw.orig index 0db794844..1b5a1e07c 100755 --- a/test/ipt/heartbeat_cluster_2_linux-1.fw.orig +++ b/test/ipt/heartbeat_cluster_2_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:22 2011 PDT by vadim +# Generated Fri Jun 3 17:29:48 2011 PDT by vadim # # files: * heartbeat_cluster_2_linux-1.fw /etc/heartbeat_cluster_2_linux-1.fw # @@ -426,13 +426,13 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 @@ -728,7 +728,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_2_linux-2.fw.orig b/test/ipt/heartbeat_cluster_2_linux-2.fw.orig index 3fe662357..c70a89815 100755 --- a/test/ipt/heartbeat_cluster_2_linux-2.fw.orig +++ b/test/ipt/heartbeat_cluster_2_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:23 2011 PDT by vadim +# Generated Fri Jun 3 17:29:48 2011 PDT by vadim # # files: * heartbeat_cluster_2_linux-2.fw /etc/heartbeat_cluster_2_linux-2.fw # @@ -331,13 +331,13 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 # # Rule 1 (NAT) # echo "Rule 1 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 @@ -641,7 +641,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/host.fw.orig b/test/ipt/host.fw.orig index d4ed4f5cf..eaf0aa73f 100755 --- a/test/ipt/host.fw.orig +++ b/test/ipt/host.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:11 2011 PDT by vadim +# Generated Fri Jun 3 17:29:40 2011 PDT by vadim # # files: * host.fw /etc/fw/host.fw # @@ -443,7 +443,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:11 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:40 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/objects-for-regression-tests.fwb b/test/ipt/objects-for-regression-tests.fwb index 42682b861..bbf143110 100644 --- a/test/ipt/objects-for-regression-tests.fwb +++ b/test/ipt/objects-for-regression-tests.fwb @@ -61461,7 +61461,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT% - + diff --git a/test/ipt/openais_cluster_1_linux-1.fw.orig b/test/ipt/openais_cluster_1_linux-1.fw.orig index ab0744cd9..f676a4623 100755 --- a/test/ipt/openais_cluster_1_linux-1.fw.orig +++ b/test/ipt/openais_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:23 2011 PDT by vadim +# Generated Fri Jun 3 17:29:48 2011 PDT by vadim # # files: * openais_cluster_1_linux-1.fw /etc/openais_cluster_1_linux-1.fw # @@ -426,7 +426,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 @@ -728,7 +728,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/openais_cluster_1_linux-2.fw.orig b/test/ipt/openais_cluster_1_linux-2.fw.orig index 93da2796a..a09893a46 100755 --- a/test/ipt/openais_cluster_1_linux-2.fw.orig +++ b/test/ipt/openais_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:23 2011 PDT by vadim +# Generated Fri Jun 3 17:29:48 2011 PDT by vadim # # files: * openais_cluster_1_linux-2.fw /etc/openais_cluster_1_linux-2.fw # @@ -331,7 +331,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 @@ -632,7 +632,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/rc.firewall.local b/test/ipt/rc.firewall.local index 0c636c2ae..e181846b8 100755 --- a/test/ipt/rc.firewall.local +++ b/test/ipt/rc.firewall.local @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:12 2011 PDT by vadim +# Generated Fri Jun 3 17:29:42 2011 PDT by vadim # # files: * rc.firewall.local /etc/rc.d//rc.firewall.local # diff --git a/test/ipt/rh90.fw.orig b/test/ipt/rh90.fw.orig index d2d1530ce..487312b06 100755 --- a/test/ipt/rh90.fw.orig +++ b/test/ipt/rh90.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:15 2011 PDT by vadim +# Generated Fri Jun 3 17:29:42 2011 PDT by vadim # # files: * rh90.fw /etc/rh90.fw # @@ -442,7 +442,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:15 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:42 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig b/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig index 97de27c67..891b9d35e 100755 --- a/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig +++ b/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:23 2011 PDT by vadim +# Generated Fri Jun 3 17:29:49 2011 PDT by vadim # # files: * secuwall_cluster_1_secuwall-1.fw /etc/secuwall_cluster_1_secuwall-1.fw # @@ -426,7 +426,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim" log "Database was cluster-tests.fwb" check_tools check_run_time_address_table_files diff --git a/test/ipt/server-cluster-1_server-1.fw.orig b/test/ipt/server-cluster-1_server-1.fw.orig index f8d19357b..b47e50d73 100755 --- a/test/ipt/server-cluster-1_server-1.fw.orig +++ b/test/ipt/server-cluster-1_server-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:23 2011 PDT by vadim +# Generated Fri Jun 3 17:29:49 2011 PDT by vadim # # files: * server-cluster-1_server-1.fw /etc/fw/server-cluster-1_server-1.fw # @@ -421,7 +421,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/server-cluster-1_server-2.fw.orig b/test/ipt/server-cluster-1_server-2.fw.orig index 718d1a550..a8ba9dc0d 100755 --- a/test/ipt/server-cluster-1_server-2.fw.orig +++ b/test/ipt/server-cluster-1_server-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:23 2011 PDT by vadim +# Generated Fri Jun 3 17:29:49 2011 PDT by vadim # # files: * server-cluster-1_server-2.fw /etc/fw/server-cluster-1_server-2.fw # @@ -418,7 +418,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-1.fw.orig b/test/ipt/test-shadowing-1.fw.orig index bd9a2f0c9..75549f54b 100755 --- a/test/ipt/test-shadowing-1.fw.orig +++ b/test/ipt/test-shadowing-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:19 2011 PDT by vadim +# Generated Fri Jun 3 17:29:45 2011 PDT by vadim # # files: * test-shadowing-1.fw /etc/test-shadowing-1.fw # @@ -492,7 +492,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:19 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:45 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-2.fw.orig b/test/ipt/test-shadowing-2.fw.orig index a5dd11756..2b7936841 100755 --- a/test/ipt/test-shadowing-2.fw.orig +++ b/test/ipt/test-shadowing-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:20 2011 PDT by vadim +# Generated Fri Jun 3 17:29:47 2011 PDT by vadim # # files: * test-shadowing-2.fw /etc/test-shadowing-2.fw # @@ -450,7 +450,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:20 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:47 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-3.fw.orig b/test/ipt/test-shadowing-3.fw.orig index 4c1f37fc7..2713230d8 100755 --- a/test/ipt/test-shadowing-3.fw.orig +++ b/test/ipt/test-shadowing-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:22 2011 PDT by vadim +# Generated Fri Jun 3 17:29:47 2011 PDT by vadim # # files: * test-shadowing-3.fw /etc/test-shadowing-3.fw # @@ -499,7 +499,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:47 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test_fw.fw.orig b/test/ipt/test_fw.fw.orig index a7e16a7f3..4e9b44bc0 100755 --- a/test/ipt/test_fw.fw.orig +++ b/test/ipt/test_fw.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:16 2011 PDT by vadim +# Generated Fri Jun 3 17:29:45 2011 PDT by vadim # # files: * test_fw.fw /etc/test_fw.fw # @@ -346,8 +346,8 @@ script_body() { # # Translate source address # for outgoing connections - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to-source 192.0.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 192.0.2.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -j SNAT --to-source 192.0.2.1 # # Rule 2 (NAT) # @@ -591,7 +591,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:16 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:45 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_1_linux-1.fw.orig b/test/ipt/vrrp_cluster_1_linux-1.fw.orig index 45fc4ccb3..0bc45b7ee 100755 --- a/test/ipt/vrrp_cluster_1_linux-1.fw.orig +++ b/test/ipt/vrrp_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:24 2011 PDT by vadim +# Generated Fri Jun 3 17:29:49 2011 PDT by vadim # # files: * vrrp_cluster_1_linux-1.fw /etc/vrrp_cluster_1_linux-1.fw # @@ -426,7 +426,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 @@ -731,7 +731,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_1_linux-2.fw.orig b/test/ipt/vrrp_cluster_1_linux-2.fw.orig index d0958aea6..a9fbe24b8 100755 --- a/test/ipt/vrrp_cluster_1_linux-2.fw.orig +++ b/test/ipt/vrrp_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:24 2011 PDT by vadim +# Generated Fri Jun 3 17:29:49 2011 PDT by vadim # # files: * vrrp_cluster_1_linux-2.fw /etc/vrrp_cluster_1_linux-2.fw # @@ -331,7 +331,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 @@ -636,7 +636,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-1.fw.orig b/test/ipt/vrrp_cluster_2_linux-1.fw.orig index be4015563..02be5e18c 100755 --- a/test/ipt/vrrp_cluster_2_linux-1.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:24 2011 PDT by vadim +# Generated Fri Jun 3 17:29:49 2011 PDT by vadim # # files: * vrrp_cluster_2_linux-1.fw /etc/vrrp_cluster_2_linux-1.fw # @@ -426,7 +426,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 @@ -663,7 +663,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-2.fw.orig b/test/ipt/vrrp_cluster_2_linux-2.fw.orig index 3f4852ee9..4b6e32e66 100755 --- a/test/ipt/vrrp_cluster_2_linux-2.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:24 2011 PDT by vadim +# Generated Fri Jun 3 17:29:49 2011 PDT by vadim # # files: * vrrp_cluster_2_linux-2.fw /etc/vrrp_cluster_2_linux-2.fw # @@ -331,7 +331,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 @@ -568,7 +568,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-3.fw.orig b/test/ipt/vrrp_cluster_2_linux-3.fw.orig index 910240d44..c762f8fdf 100755 --- a/test/ipt/vrrp_cluster_2_linux-3.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.3546 +# Firewall Builder fwb_ipt v5.0.0.3547 # -# Generated Thu May 26 14:18:24 2011 PDT by vadim +# Generated Fri Jun 3 17:29:49 2011 PDT by vadim # # files: * vrrp_cluster_2_linux-3.fw /etc/vrrp_cluster_2_linux-3.fw # @@ -331,7 +331,7 @@ script_body() { # echo "Rule 0 (NAT)" # - $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 + $IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source 172.24.0.1 @@ -544,7 +544,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim" + log "Activating firewall script generated Fri Jun 3 17:29:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/pf/firewall-base-rulesets.fw.orig b/test/pf/firewall-base-rulesets.fw.orig index 70834fe5b..2290be91b 100755 --- a/test/pf/firewall-base-rulesets.fw.orig +++ b/test/pf/firewall-base-rulesets.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:50 2011 PDT by vadim +# Generated Fri Jun 3 17:49:38 2011 PDT by vadim # # files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw # files: firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf @@ -169,7 +169,7 @@ configure_interfaces() { update_addresses_of_interface "en2 192.168.100.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:50 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:38 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-1.fw.orig b/test/pf/firewall-ipv6-1.fw.orig index 866f9648f..bccef87bb 100755 --- a/test/pf/firewall-ipv6-1.fw.orig +++ b/test/pf/firewall-ipv6-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:50 2011 PDT by vadim +# Generated Fri Jun 3 17:49:39 2011 PDT by vadim # # files: * firewall-ipv6-1.fw pf-ipv6.fw # files: firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf @@ -181,7 +181,7 @@ configure_interfaces() { update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon May 30 21:58:50 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:39 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-2.conf.orig b/test/pf/firewall-ipv6-2.conf.orig index 72c2cdf01..df70e50bd 100644 --- a/test/pf/firewall-ipv6-2.conf.orig +++ b/test/pf/firewall-ipv6-2.conf.orig @@ -5,7 +5,7 @@ # Tables: (5) table { 222.222.222.22 , 222.222.222.23 } table { 2001:5c0:0:2::24 , 3ffe:1200:2000::/36 , 3ffe:1200:2001:1:8000::1 } -table { 61.150.47.112 , 64.233.183.99 , 64.233.183.103 , 64.233.183.104 , 64.233.183.105 , 64.233.183.106 , 64.233.183.147 , 192.168.1.0 } +table { 61.150.47.112 , 74.125.224.48 , 74.125.224.49 , 74.125.224.50 , 74.125.224.51 , 74.125.224.52 , 192.168.1.0 } table { 2001:5c0:0:2::24 , 3ffe:1200:2001:1:8000::1 } table { 61.150.47.112 , 192.168.1.0 } diff --git a/test/pf/firewall-ipv6-2.fw.orig b/test/pf/firewall-ipv6-2.fw.orig index ee81b516c..447f3169e 100755 --- a/test/pf/firewall-ipv6-2.fw.orig +++ b/test/pf/firewall-ipv6-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:51 2011 PDT by vadim +# Generated Fri Jun 3 17:49:39 2011 PDT by vadim # # files: * firewall-ipv6-2.fw pf.fw # files: firewall-ipv6-2.conf pf.conf @@ -185,7 +185,7 @@ configure_interfaces() { update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon May 30 21:58:51 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:39 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-3.fw.orig b/test/pf/firewall-ipv6-3.fw.orig index 10f705fe9..eaa4c133e 100755 --- a/test/pf/firewall-ipv6-3.fw.orig +++ b/test/pf/firewall-ipv6-3.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:51 2011 PDT by vadim +# Generated Fri Jun 3 17:49:40 2011 PDT by vadim # # files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw # files: firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf diff --git a/test/pf/firewall.conf.orig b/test/pf/firewall.conf.orig index 739d2b76c..007341036 100644 --- a/test/pf/firewall.conf.orig +++ b/test/pf/firewall.conf.orig @@ -32,8 +32,8 @@ table { 211.11.11.11 , 211.22.22.22 } # # Rule 0 (NAT) -nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.222 -nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.222 +nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 # # Rule 2 (NAT) rdr proto tcp from any to port 25 -> 192.168.1.10 port 25 diff --git a/test/pf/firewall.fw.orig b/test/pf/firewall.fw.orig index 7efcb2562..d6b561011 100755 --- a/test/pf/firewall.fw.orig +++ b/test/pf/firewall.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:24 2011 PDT by vadim +# Generated Fri Jun 3 17:49:13 2011 PDT by vadim # # files: * firewall.fw /etc/pf.fw # files: firewall.conf /etc/pf.conf @@ -173,7 +173,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon May 30 21:58:24 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:13 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall1.conf.orig b/test/pf/firewall1.conf.orig index b4de647d5..9a9e7cb3c 100644 --- a/test/pf/firewall1.conf.orig +++ b/test/pf/firewall1.conf.orig @@ -38,14 +38,14 @@ nat proto {tcp udp icmp} from 192.168.1.10 to any -> 22.22.22.23 nat proto {tcp udp icmp} from ! 192.168.1.0/24 to 200.200.200.200 -> 22.22.22.23 # # Rule 3 (NAT) -nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 -nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22 -nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1 -nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23 +nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22 +nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1 +nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23 # # Rule 4 (NAT) -nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22 -nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23 +nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22 +nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23 # # Rule 5 (NAT) # more examples @@ -55,22 +55,22 @@ nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23 nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 22.22.22.50 , 22.22.22.51 } # # Rule 6 (NAT) -nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.1.1 -nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 22.22.22.22 -nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.2.1 -nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 22.22.23.23 +nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.1.1 +nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 22.22.22.22 +nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.2.1 +nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 22.22.23.23 # # Rule 7 (NAT) -nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! -> 192.168.1.1 -nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! -> 22.22.22.22 -nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! -> 192.168.2.1 -nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! -> 22.22.23.23 +nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! -> 192.168.1.1 +nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! -> 22.22.22.22 +nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! -> 192.168.2.1 +nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! -> 22.22.23.23 # # Rule 8 (NAT) -nat on eth0 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 192.168.1.1 -nat on eth1 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 22.22.22.22 -nat on eth2 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 192.168.2.1 -nat on eth3 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 22.22.23.23 +nat on eth0 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 192.168.1.1 +nat on eth1 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 22.22.22.22 +nat on eth2 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 192.168.2.1 +nat on eth3 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 22.22.23.23 # # Rule 9 (NAT) rdr proto tcp from 192.168.1.0/24 to ! port 80 -> 127.0.0.1 port 3128 @@ -96,7 +96,7 @@ rdr proto tcp from ! to port 80 -> 127.0.0.1 port 3128 rdr proto tcp from ! 192.168.1.10 to any port 80 -> 127.0.0.1 port 3128 # # Rule 16 (NAT) -rdr on eth1 proto tcp from to 22.22.22.22 port 80 -> 192.168.1.10 port 80 +rdr on eth1 proto tcp from to 22.22.22.22 port 80 -> 192.168.1.10 port 80 # Policy compiler errors and warnings: # firewall1:Policy:10: warning: Changing rule direction due to self reference diff --git a/test/pf/firewall1.fw.orig b/test/pf/firewall1.fw.orig index 0214fa99b..fe4e319e0 100755 --- a/test/pf/firewall1.fw.orig +++ b/test/pf/firewall1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:25 2011 PDT by vadim +# Generated Fri Jun 3 17:49:13 2011 PDT by vadim # # files: * firewall1.fw /etc/fw/firewall1.fw # files: firewall1.conf /etc/fw/firewall1.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:25 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:13 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-1.conf.orig b/test/pf/firewall10-1.conf.orig index f8dcc0174..dc7d874a4 100644 --- a/test/pf/firewall10-1.conf.orig +++ b/test/pf/firewall10-1.conf.orig @@ -7,7 +7,7 @@ scrub in all fragment reassemble # # Rule 1 (NAT) -nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 # # Rule backup ssh access rule diff --git a/test/pf/firewall10-1.fw.orig b/test/pf/firewall10-1.fw.orig index 2fd15df50..b420eb967 100755 --- a/test/pf/firewall10-1.fw.orig +++ b/test/pf/firewall10-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:26 2011 PDT by vadim +# Generated Fri Jun 3 17:49:14 2011 PDT by vadim # # files: * firewall10-1.fw /etc/fw/firewall10-1.fw # files: firewall10-1.conf /etc/fw/firewall10-1.conf @@ -74,7 +74,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:26 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:14 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-2.conf.orig b/test/pf/firewall10-2.conf.orig index cc504aeee..f6baf1bb1 100644 --- a/test/pf/firewall10-2.conf.orig +++ b/test/pf/firewall10-2.conf.orig @@ -8,7 +8,7 @@ scrub in all fragment reassemble # # Rule 1 (NAT) -nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 # # Rule backup ssh access rule diff --git a/test/pf/firewall10-2.fw.orig b/test/pf/firewall10-2.fw.orig index db4f73c93..4db81d8a5 100755 --- a/test/pf/firewall10-2.fw.orig +++ b/test/pf/firewall10-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:26 2011 PDT by vadim +# Generated Fri Jun 3 17:49:15 2011 PDT by vadim # # files: * firewall10-2.fw /etc/fw/firewall10-2.fw # files: firewall10-2.conf /etc/fw/firewall10-2.conf @@ -74,7 +74,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:26 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:15 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-3.conf.orig b/test/pf/firewall10-3.conf.orig index 42da3b64b..e3d196a1d 100644 --- a/test/pf/firewall10-3.conf.orig +++ b/test/pf/firewall10-3.conf.orig @@ -7,7 +7,7 @@ scrub in all fragment reassemble # # Rule 1 (NAT) -nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 # # Rule backup ssh access rule diff --git a/test/pf/firewall10-3.fw.orig b/test/pf/firewall10-3.fw.orig index d38bf6852..2e5477848 100755 --- a/test/pf/firewall10-3.fw.orig +++ b/test/pf/firewall10-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:27 2011 PDT by vadim +# Generated Fri Jun 3 17:49:16 2011 PDT by vadim # # files: * firewall10-3.fw /etc/fw/firewall10-3.fw # files: firewall10-3.conf /etc/fw/firewall10-3.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:27 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:16 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-4.conf.orig b/test/pf/firewall10-4.conf.orig index a71856753..3506c3559 100644 --- a/test/pf/firewall10-4.conf.orig +++ b/test/pf/firewall10-4.conf.orig @@ -8,7 +8,7 @@ scrub in all fragment reassemble # # Rule 1 (NAT) -nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 # # Rule backup ssh access rule diff --git a/test/pf/firewall10-4.fw.orig b/test/pf/firewall10-4.fw.orig index 53a1796da..3310b6562 100755 --- a/test/pf/firewall10-4.fw.orig +++ b/test/pf/firewall10-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:29 2011 PDT by vadim +# Generated Fri Jun 3 17:49:18 2011 PDT by vadim # # files: * firewall10-4.fw /etc/fw/firewall10-4.fw # files: firewall10-4.conf /etc/fw/firewall10-4.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:29 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:18 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-5.conf.orig b/test/pf/firewall10-5.conf.orig index 1defbe6da..94831b99e 100644 --- a/test/pf/firewall10-5.conf.orig +++ b/test/pf/firewall10-5.conf.orig @@ -7,7 +7,7 @@ scrub in all fragment reassemble # # Rule 1 (NAT) -nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 # # Rule backup ssh access rule diff --git a/test/pf/firewall10-5.fw.orig b/test/pf/firewall10-5.fw.orig index c6b3acacf..85d9f8461 100755 --- a/test/pf/firewall10-5.fw.orig +++ b/test/pf/firewall10-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:31 2011 PDT by vadim +# Generated Fri Jun 3 17:49:20 2011 PDT by vadim # # files: * firewall10-5.fw /etc/fw/firewall10-5.fw # files: firewall10-5.conf /etc/fw/firewall10-5.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:31 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:20 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-6.conf.orig b/test/pf/firewall10-6.conf.orig index a71856753..3506c3559 100644 --- a/test/pf/firewall10-6.conf.orig +++ b/test/pf/firewall10-6.conf.orig @@ -8,7 +8,7 @@ scrub in all fragment reassemble # # Rule 1 (NAT) -nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 # # Rule backup ssh access rule diff --git a/test/pf/firewall10-6.fw.orig b/test/pf/firewall10-6.fw.orig index 462ee1a4b..43878f3af 100755 --- a/test/pf/firewall10-6.fw.orig +++ b/test/pf/firewall10-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:32 2011 PDT by vadim +# Generated Fri Jun 3 17:49:20 2011 PDT by vadim # # files: * firewall10-6.fw /etc/fw/firewall10-6.fw # files: firewall10-6.conf /etc/fw/firewall10-6.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:32 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:20 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall100.fw.orig b/test/pf/firewall100.fw.orig index 5c42d71e8..a03523929 100755 --- a/test/pf/firewall100.fw.orig +++ b/test/pf/firewall100.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:25 2011 PDT by vadim +# Generated Fri Jun 3 17:49:13 2011 PDT by vadim # # files: * firewall100.fw /etc/fw/pf.fw # files: firewall100.conf /etc/fw/path\ with\ space/pf.conf @@ -167,7 +167,7 @@ configure_interfaces() { update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:25 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:13 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall101.fw.orig b/test/pf/firewall101.fw.orig index 83d8b346d..f4776f4f9 100755 --- a/test/pf/firewall101.fw.orig +++ b/test/pf/firewall101.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:26 2011 PDT by vadim +# Generated Fri Jun 3 17:49:14 2011 PDT by vadim # # files: * firewall101.fw /etc/fw/pf.fw # files: firewall101.conf /etc/fw/path\ with\ space/pf.conf @@ -170,7 +170,7 @@ configure_interfaces() { update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:26 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:14 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall102.fw.orig b/test/pf/firewall102.fw.orig index 998155a67..42f33e2b7 100755 --- a/test/pf/firewall102.fw.orig +++ b/test/pf/firewall102.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:26 2011 PDT by vadim +# Generated Fri Jun 3 17:49:15 2011 PDT by vadim # # files: * firewall102.fw /etc/fw/pf.fw # files: firewall102.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall103-1.fw.orig b/test/pf/firewall103-1.fw.orig index 666993a48..082a99e2e 100755 --- a/test/pf/firewall103-1.fw.orig +++ b/test/pf/firewall103-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:28 2011 PDT by vadim +# Generated Fri Jun 3 17:49:17 2011 PDT by vadim # # files: * firewall103-1.fw /etc/fw/pf.fw # files: firewall103-1.conf /etc/fw/path\ with\ space/pf.conf @@ -394,7 +394,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:28 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:17 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall103-2.fw.orig b/test/pf/firewall103-2.fw.orig index cda68d533..46287975b 100755 --- a/test/pf/firewall103-2.fw.orig +++ b/test/pf/firewall103-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:28 2011 PDT by vadim +# Generated Fri Jun 3 17:49:17 2011 PDT by vadim # # files: * firewall103-2.fw /etc/fw/pf.fw # files: firewall103-2.conf /etc/fw/path\ with\ space/pf.conf @@ -394,7 +394,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:28 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:17 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall103.fw.orig b/test/pf/firewall103.fw.orig index df1212434..e4628cb78 100755 --- a/test/pf/firewall103.fw.orig +++ b/test/pf/firewall103.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:27 2011 PDT by vadim +# Generated Fri Jun 3 17:49:16 2011 PDT by vadim # # files: * firewall103.fw /etc/fw/pf.fw # files: firewall103.conf /etc/fw/path\ with\ space/pf.conf @@ -397,7 +397,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:27 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:16 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall104-1.fw.orig b/test/pf/firewall104-1.fw.orig index ef767b8a8..8b2142bed 100755 --- a/test/pf/firewall104-1.fw.orig +++ b/test/pf/firewall104-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:30 2011 PDT by vadim +# Generated Fri Jun 3 17:49:19 2011 PDT by vadim # # files: * firewall104-1.fw /etc/fw/pf.fw # files: firewall104-1.conf /etc/fw/path\ with\ space/pf.conf @@ -393,7 +393,7 @@ configure_interfaces() { $IFCONFIG bridge0 -stp em3 } -log "Activating firewall script generated Mon May 30 21:58:30 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:19 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall104.fw.orig b/test/pf/firewall104.fw.orig index daa48601f..6807b8880 100755 --- a/test/pf/firewall104.fw.orig +++ b/test/pf/firewall104.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:29 2011 PDT by vadim +# Generated Fri Jun 3 17:49:18 2011 PDT by vadim # # files: * firewall104.fw /etc/fw/pf.fw # files: firewall104.conf /etc/fw/path\ with\ space/pf.conf @@ -396,7 +396,7 @@ configure_interfaces() { $IFCONFIG bridge0 stp em3 } -log "Activating firewall script generated Mon May 30 21:58:29 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:18 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall105.fw.orig b/test/pf/firewall105.fw.orig index e5673412f..1bcc639b8 100755 --- a/test/pf/firewall105.fw.orig +++ b/test/pf/firewall105.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:30 2011 PDT by vadim +# Generated Fri Jun 3 17:49:19 2011 PDT by vadim # # files: * firewall105.fw /etc/fw/pf.fw # files: firewall105.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall106.fw.orig b/test/pf/firewall106.fw.orig index fb3271ae5..9aa68860d 100755 --- a/test/pf/firewall106.fw.orig +++ b/test/pf/firewall106.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:31 2011 PDT by vadim +# Generated Fri Jun 3 17:49:20 2011 PDT by vadim # # files: * firewall106.fw /etc/fw/pf.fw # files: firewall106.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall107.fw.orig b/test/pf/firewall107.fw.orig index 5eb81a7a4..dbf64c1f7 100755 --- a/test/pf/firewall107.fw.orig +++ b/test/pf/firewall107.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:32 2011 PDT by vadim +# Generated Fri Jun 3 17:49:21 2011 PDT by vadim # # files: * firewall107.fw /etc/fw/pf.fw # files: firewall107.conf /etc/fw/path\ with\ space/pf.conf @@ -395,7 +395,7 @@ configure_interfaces() { update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:32 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:21 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall108.fw.orig b/test/pf/firewall108.fw.orig index 923d1efe8..da5a7c17d 100755 --- a/test/pf/firewall108.fw.orig +++ b/test/pf/firewall108.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:33 2011 PDT by vadim +# Generated Fri Jun 3 17:49:21 2011 PDT by vadim # # files: * firewall108.fw /etc/fw/pf.fw # files: firewall108.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall109-1.fw.orig b/test/pf/firewall109-1.fw.orig index 5002de41a..5085db8fd 100755 --- a/test/pf/firewall109-1.fw.orig +++ b/test/pf/firewall109-1.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:34 2011 PDT by vadim +# Generated Fri Jun 3 17:49:22 2011 PDT by vadim # # files: * firewall109-1.fw /etc/fw/pf.fw # files: firewall109-1.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall109-2.fw.orig b/test/pf/firewall109-2.fw.orig index de334a488..cc0173087 100755 --- a/test/pf/firewall109-2.fw.orig +++ b/test/pf/firewall109-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:34 2011 PDT by vadim +# Generated Fri Jun 3 17:49:22 2011 PDT by vadim # # files: * firewall109-2.fw /etc/fw/pf.fw # files: firewall109-2.conf /etc/fw/path\ with\ space/pf.conf @@ -400,7 +400,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:34 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:22 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall109-3.fw.orig b/test/pf/firewall109-3.fw.orig index 9b7b83d1d..5bf3921ec 100755 --- a/test/pf/firewall109-3.fw.orig +++ b/test/pf/firewall109-3.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:34 2011 PDT by vadim +# Generated Fri Jun 3 17:49:23 2011 PDT by vadim # # files: * firewall109-3.fw /etc/fw/pf.fw # files: firewall109-3.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall109.fw.orig b/test/pf/firewall109.fw.orig index 13afa83fe..b9e034165 100755 --- a/test/pf/firewall109.fw.orig +++ b/test/pf/firewall109.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:33 2011 PDT by vadim +# Generated Fri Jun 3 17:49:21 2011 PDT by vadim # # files: * firewall109.fw /etc/fw/pf.fw # files: firewall109.conf /etc/fw/path\ with\ space/pf.conf @@ -401,7 +401,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:33 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:21 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall11.fw.orig b/test/pf/firewall11.fw.orig index 222bcc881..39889b042 100755 --- a/test/pf/firewall11.fw.orig +++ b/test/pf/firewall11.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:34 2011 PDT by vadim +# Generated Fri Jun 3 17:49:23 2011 PDT by vadim # # files: * firewall11.fw /etc/firewall11.fw # files: firewall11.conf /etc/firewall11.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:34 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:23 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall110.fw.orig b/test/pf/firewall110.fw.orig index 91dd1ae71..aed84b5fa 100755 --- a/test/pf/firewall110.fw.orig +++ b/test/pf/firewall110.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:35 2011 PDT by vadim +# Generated Fri Jun 3 17:49:24 2011 PDT by vadim # # files: * firewall110.fw /etc/fw/firewall110.fw # files: firewall110.conf /etc/fw/firewall110.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:35 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:24 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall111.fw.orig b/test/pf/firewall111.fw.orig index ffa7b5cc3..da0a13184 100755 --- a/test/pf/firewall111.fw.orig +++ b/test/pf/firewall111.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:35 2011 PDT by vadim +# Generated Fri Jun 3 17:49:24 2011 PDT by vadim # # files: * firewall111.fw /etc/fw/firewall111.fw # files: firewall111.conf /etc/fw/firewall111.conf @@ -86,7 +86,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:35 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:24 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall12.conf.orig b/test/pf/firewall12.conf.orig index 1595b39ed..dcd276ba1 100644 --- a/test/pf/firewall12.conf.orig +++ b/test/pf/firewall12.conf.orig @@ -10,8 +10,8 @@ table { 22.22.22.22 , 22.22.23.22 } rdr proto tcp from any to port 80 -> 127.0.0.1 port 8080 # # Rule 7 (NAT) -nat on en0 proto udp from any port 6767 to any -> 22.22.22.22 port 67 -nat on en1 proto udp from any port 6767 to any -> 22.22.23.22 port 67 +nat on en0 proto udp from any port 6767 to any -> 22.22.22.22 port 67 +nat on en1 proto udp from any port 6767 to any -> 22.22.23.22 port 67 # # Rule 9 (NAT) rdr proto tcp from any to any port 80 -> 127.0.0.1 port 8080 @@ -19,33 +19,33 @@ rdr proto tcp from any to any port 80 -> 127.0.0.1 port 8080 # Rule 10 (NAT) # SDNAT rdr proto tcp from any to port 22 -> 192.168.1.10 port 22 -nat on en0 proto tcp from any to 192.168.1.10 port 22 -> 22.22.22.22 -nat on en1 proto tcp from any to 192.168.1.10 port 22 -> 22.22.23.22 +nat on en0 proto tcp from any to 192.168.1.10 port 22 -> 22.22.22.22 +nat on en1 proto tcp from any to 192.168.1.10 port 22 -> 22.22.23.22 # # Rule 11 (NAT) # SDNAT with source port rdr proto udp from any port 123 to -> 192.168.1.10 -nat on en0 proto udp from any port 123 to 192.168.1.10 -> 22.22.22.22 port 5050 -nat on en1 proto udp from any port 123 to 192.168.1.10 -> 22.22.23.22 port 5050 +nat on en0 proto udp from any port 123 to 192.168.1.10 -> 22.22.22.22 port 5050 +nat on en1 proto udp from any port 123 to 192.168.1.10 -> 22.22.23.22 port 5050 # # Rule 12 (NAT) # SDNAT with dest port rdr proto udp from 192.168.1.0/24 to any port 53 -> 192.168.1.10 port 1053 -nat on en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.22.22 -nat on en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.23.22 +nat on en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.22.22 +nat on en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.23.22 # # Rule 13 (NAT) # SDNAT # translate src and dst addresses # and src and dst ports rdr proto udp from 192.168.1.0/24 port 1024:65535 to any port 53 -> 192.168.1.10 port 1053 -nat on en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.22.22 port 32767:* -nat on en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.23.22 port 32767:* +nat on en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.22.22 port 32767:* +nat on en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.23.22 port 32767:* # # Rule 14 (NAT) # Matches destination port, translates source port -nat on en0 proto udp from 192.168.1.0/24 to any port 53 -> 22.22.22.22 port 5050 -nat on en1 proto udp from 192.168.1.0/24 to any port 53 -> 22.22.23.22 port 5050 +nat on en0 proto udp from 192.168.1.0/24 to any port 53 -> 22.22.22.22 port 5050 +nat on en1 proto udp from 192.168.1.0/24 to any port 53 -> 22.22.23.22 port 5050 # # Rule 0 (global) diff --git a/test/pf/firewall12.fw.orig b/test/pf/firewall12.fw.orig index 0ed164d25..cacc107cb 100755 --- a/test/pf/firewall12.fw.orig +++ b/test/pf/firewall12.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:36 2011 PDT by vadim +# Generated Fri Jun 3 17:49:25 2011 PDT by vadim # # files: * firewall12.fw /etc/fw/firewall12.fw # files: firewall12.conf /etc/fw/firewall12.conf @@ -165,7 +165,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon May 30 21:58:36 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:25 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall13.fw.orig b/test/pf/firewall13.fw.orig index a6ddcc014..d6d89d5b8 100755 --- a/test/pf/firewall13.fw.orig +++ b/test/pf/firewall13.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:36 2011 PDT by vadim +# Generated Fri Jun 3 17:49:25 2011 PDT by vadim # # files: * firewall13.fw /etc/fw/firewall13.fw # files: firewall13.conf /etc/fw/firewall13.conf @@ -88,7 +88,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:36 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:25 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall14-1.fw.orig b/test/pf/firewall14-1.fw.orig index c7aeaa2ea..d8c11fef3 100755 --- a/test/pf/firewall14-1.fw.orig +++ b/test/pf/firewall14-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:37 2011 PDT by vadim +# Generated Fri Jun 3 17:49:26 2011 PDT by vadim # # files: * firewall14-1.fw /etc/firewall14-1.fw # files: firewall14-1.conf /etc/firewall14-1.conf @@ -248,7 +248,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:37 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:26 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall14.fw.orig b/test/pf/firewall14.fw.orig index dd41ea019..59b69bc05 100755 --- a/test/pf/firewall14.fw.orig +++ b/test/pf/firewall14.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:37 2011 PDT by vadim +# Generated Fri Jun 3 17:49:26 2011 PDT by vadim # # files: * firewall14.fw /etc/firewall14.fw # files: firewall14.conf /etc/firewall14.conf @@ -248,7 +248,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:37 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:26 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall2-1.conf.orig b/test/pf/firewall2-1.conf.orig index a645b0bdf..c7dd00229 100644 --- a/test/pf/firewall2-1.conf.orig +++ b/test/pf/firewall2-1.conf.orig @@ -42,7 +42,7 @@ table { 22.22.22.22 , 192.168.1.1 } # firewall2-1:NAT:17: warning: Translated Src, Dst and Srv are ignored in the NAT rule with action 'Branch' # # Rule 0 (NAT) -rdr on { eth1 eth0 } proto {tcp udp icmp} from any to -> 192.168.1.10 +rdr on { eth1 eth0 } proto {tcp udp icmp} from any to -> 192.168.1.10 # # Rule 8 (NAT) no nat proto tcp from 192.168.1.0/24 to any diff --git a/test/pf/firewall2-1.fw.orig b/test/pf/firewall2-1.fw.orig index b56803cc5..32728a6c4 100755 --- a/test/pf/firewall2-1.fw.orig +++ b/test/pf/firewall2-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:39 2011 PDT by vadim +# Generated Fri Jun 3 17:49:28 2011 PDT by vadim # # files: * firewall2-1.fw /etc/fw/firewall2-1.fw # files: firewall2-1.conf /etc/fw/firewall2-1.conf @@ -88,7 +88,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:39 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:28 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall2-6.conf.orig b/test/pf/firewall2-6.conf.orig index 501cd60fd..cfaab3653 100644 --- a/test/pf/firewall2-6.conf.orig +++ b/test/pf/firewall2-6.conf.orig @@ -7,54 +7,54 @@ nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.0/24 # # Rule 1 (NAT) -nat on em1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 +nat on em1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 # # Rule 2 (NAT) # -nat on em3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 +nat on em3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 # # Rule 3 (NAT) # -nat on { em1 em3 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 +nat on { em1 em3 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 # # Rule 4 (NAT) -nat on { em1 em3 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 +nat on { em1 em3 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 # # Rule 5 (NAT) # -nat on { em0 em1 em2 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 +nat on ! em3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 # # Rule 6 (NAT) # -nat on { em0 em2 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 +nat on { em0 em2 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 # # Rule 7 (NAT) -nat on { em0 em2 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 +nat on { em0 em2 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 # # Rule 8 (NAT) rdr proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10 # # Rule 9 (NAT) -rdr on em0 proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10 +rdr on em0 proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10 # # Rule 10 (NAT) -rdr on { em0 em2 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10 +rdr on { em0 em2 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10 # # Rule 11 (NAT) -rdr on { em0 em2 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10 +rdr on { em0 em2 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10 # # Rule 12 (NAT) -rdr on { em1 em3 em2 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10 +rdr on ! em0 proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10 # # Rule 13 (NAT) -rdr on { em1 em3 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10 +rdr on { em1 em3 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10 # # Rule 14 (NAT) -rdr on { em1 em3 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10 +rdr on { em1 em3 } proto {tcp udp icmp} from any to 222.222.222.40 -> 192.168.1.10 # # Rule 15 (NAT) # REDIRECT -rdr on em0 proto tcp from any to any port 80 -> 127.0.0.1 port 3128 +rdr on em0 proto tcp from any to any port 80 -> 127.0.0.1 port 3128 # # Rule 0 (global) diff --git a/test/pf/firewall2-6.fw.orig b/test/pf/firewall2-6.fw.orig index a008775ce..a91888d48 100755 --- a/test/pf/firewall2-6.fw.orig +++ b/test/pf/firewall2-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:40 2011 PDT by vadim +# Generated Fri Jun 3 17:49:28 2011 PDT by vadim # # files: * firewall2-6.fw /etc/firewall2-6.fw # files: firewall2-6.conf /etc/firewall2-6.conf @@ -170,7 +170,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon May 30 21:58:40 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:28 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall2.conf.orig b/test/pf/firewall2.conf.orig index dec1cea39..92459c4a5 100644 --- a/test/pf/firewall2.conf.orig +++ b/test/pf/firewall2.conf.orig @@ -30,10 +30,10 @@ table { self , 192.168.1.0/24 } # # Rule 0 (NAT) -nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 -nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22 -nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23 -nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1 +nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22 +nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23 +nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1 # # Rule 1 (NAT) nat proto {tcp udp icmp} from to any -> 22.22.22.23 @@ -42,10 +42,10 @@ nat proto {tcp udp icmp} from to any -> 22.22.22.23 nat proto {tcp udp icmp} from 192.168.1.0/24 to -> 192.168.1.1 # # Rule 3 (NAT) -nat on eth0 proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.1.1 -nat on eth1 proto tcp from 192.168.1.0/24 to any port 80 -> 22.22.22.22 -nat on eth3 proto tcp from 192.168.1.0/24 to any port 80 -> 22.22.23.23 -nat on eth2 proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.2.1 +nat on eth0 proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.1.1 +nat on eth1 proto tcp from 192.168.1.0/24 to any port 80 -> 22.22.22.22 +nat on eth3 proto tcp from 192.168.1.0/24 to any port 80 -> 22.22.23.23 +nat on eth2 proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.2.1 # # Rule 4 (NAT) nat proto tcp from to any port 80 -> 22.22.22.23 @@ -54,10 +54,10 @@ nat proto tcp from to any port 80 -> 22.22.22.23 nat proto tcp from 192.168.1.0/24 to port 80 -> 192.168.1.1 # # Rule 6 (NAT) -nat on eth0 proto 47 from 192.168.1.0/24 to any -> 192.168.1.1 -nat on eth1 proto 47 from 192.168.1.0/24 to any -> 22.22.22.22 -nat on eth3 proto 47 from 192.168.1.0/24 to any -> 22.22.23.23 -nat on eth2 proto 47 from 192.168.1.0/24 to any -> 192.168.2.1 +nat on eth0 proto 47 from 192.168.1.0/24 to any -> 192.168.1.1 +nat on eth1 proto 47 from 192.168.1.0/24 to any -> 22.22.22.22 +nat on eth3 proto 47 from 192.168.1.0/24 to any -> 22.22.23.23 +nat on eth2 proto 47 from 192.168.1.0/24 to any -> 192.168.2.1 # # Rule 7 (NAT) nat proto icmp from to any -> 22.22.22.23 @@ -82,10 +82,10 @@ nat proto {tcp udp icmp} from 192.168.1.20 to any -> 22.22.23.24 rdr proto {tcp udp icmp} from any to -> 192.168.1.10 # # Rule 17 (NAT) -rdr on eth1 proto {tcp udp icmp} from any to 22.22.22.22 -> 192.168.1.10 +rdr on eth1 proto {tcp udp icmp} from any to 22.22.22.22 -> 192.168.1.10 # # Rule 18 (NAT) -rdr on eth1 proto {tcp udp icmp} from any to 22.22.22.22 -> 192.168.1.10 +rdr on eth1 proto {tcp udp icmp} from any to 22.22.22.22 -> 192.168.1.10 # # Rule 19 (NAT) rdr proto 47 from any to -> 192.168.1.10 @@ -94,14 +94,14 @@ rdr proto 47 from any to -> 192.168.1.10 rdr proto tcp from any to port 10000:11000 -> 192.168.1.10 port 10000:* # # Rule 21 (NAT) -rdr on eth1 proto tcp from any to 22.22.22.22 port 10000:11000 -> 192.168.1.10 port 10000:* +rdr on eth1 proto tcp from any to 22.22.22.22 port 10000:11000 -> 192.168.1.10 port 10000:* # # Rule 22 (NAT) -rdr on eth1 proto tcp from any to 22.22.22.22 port 10000:11000 -> 192.168.1.10 port 10000:* +rdr on eth1 proto tcp from any to 22.22.22.22 port 10000:11000 -> 192.168.1.10 port 10000:* # # Rule 23 (NAT) -rdr on eth1 proto tcp from any to 22.22.22.22 port 10000:11000 -> 192.168.1.10 port 10000:* -nat on eth0 proto tcp from any to 192.168.1.10 port 10000:11000 -> 192.168.1.1 +rdr on eth1 proto tcp from any to 22.22.22.22 port 10000:11000 -> 192.168.1.10 port 10000:* +nat on eth0 proto tcp from any to 192.168.1.10 port 10000:11000 -> 192.168.1.1 # # Rule 24 (NAT) rdr proto tcp from any to 22.22.22.23 port 80 -> 192.168.1.10 port 25 @@ -131,20 +131,20 @@ rdr proto tcp from 192.168.1.0/24 to ! port 80 -> 127.0.0.1 port 10000 # for bug 1111267: this custom service object has # "proto ..." in the protocol string, compiler can put # it in generated nat command in the right place. -nat on eth1 proto {tcp udp icmp gre} from 192.168.1.0/24 to any -> 22.22.22.22 +nat on eth1 proto {tcp udp icmp gre} from 192.168.1.0/24 to any -> 22.22.22.22 # # Rule 32 (NAT) # for bug 1111267: this custom service object # has "proto .." in the code string but we can't insert # it in the generated nat command b/c it would appear # in the wrong place, after "from". -nat on eth1 from 192.168.1.0/24 to any -> 22.22.22.22 +nat on eth1 from 192.168.1.0/24 to any -> 22.22.22.22 # # Rule 33 (NAT) -nat on eth1 proto tcp from 192.168.1.0/24 to any -> 22.22.22.22 -nat on eth1 proto udp from 192.168.1.0/24 to any -> 22.22.22.22 -nat on eth1 proto 47 from 192.168.1.0/24 to any -> 22.22.22.22 -nat on eth1 proto icmp from 192.168.1.0/24 to any -> 22.22.22.22 +nat on eth1 proto tcp from 192.168.1.0/24 to any -> 22.22.22.22 +nat on eth1 proto udp from 192.168.1.0/24 to any -> 22.22.22.22 +nat on eth1 proto 47 from 192.168.1.0/24 to any -> 22.22.22.22 +nat on eth1 proto icmp from 192.168.1.0/24 to any -> 22.22.22.22 # Policy compiler errors and warnings: # firewall2:Policy:12: warning: Changing rule direction due to self reference diff --git a/test/pf/firewall2.fw.orig b/test/pf/firewall2.fw.orig index 4c3e90b01..999b55ba7 100755 --- a/test/pf/firewall2.fw.orig +++ b/test/pf/firewall2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:38 2011 PDT by vadim +# Generated Fri Jun 3 17:49:27 2011 PDT by vadim # # files: * firewall2.fw /etc/fw/firewall2.fw # files: firewall2.conf /etc/fw/firewall2.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:38 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:27 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall20.conf.orig b/test/pf/firewall20.conf.orig index 7c116960f..31b51e21c 100644 --- a/test/pf/firewall20.conf.orig +++ b/test/pf/firewall20.conf.orig @@ -3,17 +3,17 @@ # # Rule 0 (NAT) -nat on dc2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 -nat on { dc0 dc1 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 10.1.1.1 , 222.222.222.20 , 222.222.222.21 } +nat on dc2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on { dc0 dc1 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 10.1.1.1 , 222.222.222.20 , 222.222.222.21 } # # Rule 1 (NAT) -nat on dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.20 +nat on dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.20 # # Rule 2 (NAT) -nat on dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.20 +nat on dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.20 # # Rule 3 (NAT) -nat on dc0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.21 +nat on dc0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.21 # # Rule 0 (dc0) diff --git a/test/pf/firewall20.fw.orig b/test/pf/firewall20.fw.orig index 130c386c5..ab927425d 100755 --- a/test/pf/firewall20.fw.orig +++ b/test/pf/firewall20.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:38 2011 PDT by vadim +# Generated Fri Jun 3 17:49:27 2011 PDT by vadim # # files: * firewall20.fw /etc/fw/firewall20.fw # files: firewall20.conf /etc/fw/firewall20.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:38 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:27 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall21-NAT_1.conf.orig b/test/pf/firewall21-NAT_1.conf.orig index 968136b1b..0608415fe 100644 --- a/test/pf/firewall21-NAT_1.conf.orig +++ b/test/pf/firewall21-NAT_1.conf.orig @@ -1,5 +1,5 @@ # # Rule NAT_1 0 (NAT) -nat on en1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 -nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1 +nat on en1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1 diff --git a/test/pf/firewall21.fw.orig b/test/pf/firewall21.fw.orig index 4485ce8d8..506d3182f 100755 --- a/test/pf/firewall21.fw.orig +++ b/test/pf/firewall21.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:39 2011 PDT by vadim +# Generated Fri Jun 3 17:49:27 2011 PDT by vadim # # files: * firewall21.fw /etc/fw/firewall21.fw # files: firewall21.conf /etc/fw/firewall21.conf @@ -81,7 +81,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:39 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:27 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall22.fw.orig b/test/pf/firewall22.fw.orig index 4515a4cd7..9c7f0b956 100755 --- a/test/pf/firewall22.fw.orig +++ b/test/pf/firewall22.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:40 2011 PDT by vadim +# Generated Fri Jun 3 17:49:28 2011 PDT by vadim # # files: * firewall22.fw /etc/fw/firewall22.fw # files: firewall22.conf /etc/fw/firewall22.conf @@ -80,7 +80,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:40 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:28 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall3.conf.orig b/test/pf/firewall3.conf.orig index d8ed1169d..e8f1d2dba 100644 --- a/test/pf/firewall3.conf.orig +++ b/test/pf/firewall3.conf.orig @@ -19,10 +19,10 @@ scrub out all random-id # # # Rule 0 (NAT) -nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.21 +nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.21 # # Rule 1 (NAT) -nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 22.22.22.21 , 22.22.22.22 } bitmask +nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 22.22.22.21 , 22.22.22.22 } bitmask # # Rule 2 (NAT) nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.0/28 source-hash diff --git a/test/pf/firewall3.fw.orig b/test/pf/firewall3.fw.orig index 77647a255..0c0fa958e 100755 --- a/test/pf/firewall3.fw.orig +++ b/test/pf/firewall3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:41 2011 PDT by vadim +# Generated Fri Jun 3 17:49:29 2011 PDT by vadim # # files: * firewall3.fw /etc/firewall3.fw # files: firewall3.conf /etc/firewall3.conf @@ -165,7 +165,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon May 30 21:58:41 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:29 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall33.conf.orig b/test/pf/firewall33.conf.orig index 6cbba8bc4..f3bc59dda 100644 --- a/test/pf/firewall33.conf.orig +++ b/test/pf/firewall33.conf.orig @@ -6,20 +6,20 @@ table { 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } table { www.google.com , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } table { www.google.com , www.cnn.com } -table { 64.233.183.99 , 64.233.183.103 , 64.233.183.104 , 64.233.183.105 , 64.233.183.106 , 64.233.183.147 , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } +table { 74.125.224.48 , 74.125.224.49 , 74.125.224.50 , 74.125.224.51 , 74.125.224.52 , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } # # Rule 0 (NAT) -nat on eth0.100 proto {tcp udp icmp} from any to -> (eth0.100) +nat on eth0.100 proto {tcp udp icmp} from any to -> (eth0.100) # # Rule 1 (NAT) -nat on eth0.100 proto {tcp udp icmp} from any to www.cnn.com -> (eth0.100) +nat on eth0.100 proto {tcp udp icmp} from any to www.cnn.com -> (eth0.100) # # Rule 2 (NAT) -nat on eth0.100 proto {tcp udp icmp} from any to -> (eth0.100) +nat on eth0.100 proto {tcp udp icmp} from any to -> (eth0.100) # # Rule 3 (NAT) -nat on eth0.100 proto {tcp udp icmp} from any to ! -> (eth0.100) +nat on eth0.100 proto {tcp udp icmp} from any to ! -> (eth0.100) # Policy compiler errors and warnings: # firewall33:Policy:2: error: DNSName object "buildmaster (ct)" (compile time) can not resolve dns name "buildmaster" (AF_INET): Host or network 'buildmaster' not found; last error: Unknown error Using dummy address in test mode diff --git a/test/pf/firewall33.fw.orig b/test/pf/firewall33.fw.orig index 7ea79b5c1..713ec097c 100755 --- a/test/pf/firewall33.fw.orig +++ b/test/pf/firewall33.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:41 2011 PDT by vadim +# Generated Fri Jun 3 17:49:29 2011 PDT by vadim # # files: * firewall33.fw /etc/fw/firewall33.fw # files: firewall33.conf /etc/fw/firewall33.conf @@ -168,7 +168,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon May 30 21:58:41 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:29 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall34.conf.orig b/test/pf/firewall34.conf.orig index 25bb85d88..d1d1a147c 100644 --- a/test/pf/firewall34.conf.orig +++ b/test/pf/firewall34.conf.orig @@ -10,14 +10,14 @@ table { 7.7.7.7 , 61.150.47.112 , 192.168.1.1 , 192.168.1.2 , 192.168.1 # # Rule 0 (NAT) -rdr on eth0.100 proto tcp from ! to (eth0.100) port 25 -> 192.168.1.10 port 25 +rdr on eth0.100 proto tcp from ! to (eth0.100) port 25 -> 192.168.1.10 port 25 # # Rule 1 (NAT) -rdr on eth0.100 proto tcp from to (eth0.100) port 25 -> 192.168.1.10 port 25 -rdr on eth0.100 proto tcp from to (eth0.100) port 25 -> 192.168.1.10 port 25 +rdr on eth0.100 proto tcp from to (eth0.100) port 25 -> 192.168.1.10 port 25 +rdr on eth0.100 proto tcp from to (eth0.100) port 25 -> 192.168.1.10 port 25 # # Rule 2 (NAT) -nat on eth0.100 proto {tcp udp icmp} from 192.168.1.0/24 to ! -> (eth0.100) +nat on eth0.100 proto {tcp udp icmp} from 192.168.1.0/24 to ! -> (eth0.100) # # Rule 3 (NAT) rdr proto tcp from any to (eth0.100) port 25 -> { 192.168.1.1 , 192.168.1.2 , 192.168.1.200 , 192.168.1.201 , 192.168.1.3/30 , 192.168.2.128/25 } port 25 diff --git a/test/pf/firewall34.fw.orig b/test/pf/firewall34.fw.orig index f9eba2f21..9569c00d7 100755 --- a/test/pf/firewall34.fw.orig +++ b/test/pf/firewall34.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:41 2011 PDT by vadim +# Generated Fri Jun 3 17:49:30 2011 PDT by vadim # # files: * firewall34.fw /etc/fw/firewall34.fw # files: firewall34.conf /etc/fw/firewall34.conf @@ -164,7 +164,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon May 30 21:58:41 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:30 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall38.conf.orig b/test/pf/firewall38.conf.orig index 65f18bd8d..8c4aff224 100644 --- a/test/pf/firewall38.conf.orig +++ b/test/pf/firewall38.conf.orig @@ -7,12 +7,12 @@ scrub in all fragment reassemble # # Rule 0 (NAT) -nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 -nat on enc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1 +nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on enc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1 # # Rule 1 (NAT) -nat on le0 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.1.1 -nat on enc1 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.2.1 +nat on le0 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.1.1 +nat on enc1 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.2.1 # # Rule 0 (le0) diff --git a/test/pf/firewall38.fw.orig b/test/pf/firewall38.fw.orig index 150b0657e..d44171ba2 100755 --- a/test/pf/firewall38.fw.orig +++ b/test/pf/firewall38.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:42 2011 PDT by vadim +# Generated Fri Jun 3 17:49:30 2011 PDT by vadim # # files: * firewall38.fw /etc/fw/firewall38.fw # files: firewall38.conf /etc/fw/firewall38.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:42 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:30 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall39.conf.orig b/test/pf/firewall39.conf.orig index fc567de76..cdb7a7145 100644 --- a/test/pf/firewall39.conf.orig +++ b/test/pf/firewall39.conf.orig @@ -7,12 +7,12 @@ scrub in all fragment reassemble # # Rule 0 (NAT) -nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 -nat on enc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1 +nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on enc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1 # # Rule 1 (NAT) -nat on le0 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.1.1 -nat on enc1 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.2.1 +nat on le0 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.1.1 +nat on enc1 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.2.1 # # Rule 0 (le0) diff --git a/test/pf/firewall39.fw.orig b/test/pf/firewall39.fw.orig index 7bc937b24..4f9011220 100755 --- a/test/pf/firewall39.fw.orig +++ b/test/pf/firewall39.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:42 2011 PDT by vadim +# Generated Fri Jun 3 17:49:31 2011 PDT by vadim # # files: * firewall39.fw pf.fw # files: firewall39.conf pf.conf @@ -79,7 +79,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:42 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:31 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall4.conf.orig b/test/pf/firewall4.conf.orig index 2b8f0e2cd..226204445 100644 --- a/test/pf/firewall4.conf.orig +++ b/test/pf/firewall4.conf.orig @@ -19,31 +19,31 @@ table { 192.168.1.10 , 192.168.1.20 } # # # Rule 0 (NAT) -nat on eth0 proto {tcp udp icmp} from 192.168.1.10 to any -> 192.168.1.1 -nat on eth1 proto {tcp udp icmp} from 192.168.1.10 to any -> (eth1) -nat on eth2 proto {tcp udp icmp} from 192.168.1.10 to any -> 192.168.2.1 -nat on eth3 proto {tcp udp icmp} from 192.168.1.10 to any -> 222.222.222.222 +nat on eth0 proto {tcp udp icmp} from 192.168.1.10 to any -> 192.168.1.1 +nat on eth1 proto {tcp udp icmp} from 192.168.1.10 to any -> (eth1) +nat on eth2 proto {tcp udp icmp} from 192.168.1.10 to any -> 192.168.2.1 +nat on eth3 proto {tcp udp icmp} from 192.168.1.10 to any -> 222.222.222.222 # # Rule 1 (NAT) -nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.1.1 -nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth1) -nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.2.1 -nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 222.222.222.222 +nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.1.1 +nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth1) +nat on eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.2.1 +nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 222.222.222.222 # # Rule 2 (NAT) rdr proto tcp from any to port 22 -> 192.168.1.10 port 22 # # Rule 3 (NAT) # SDNAT rule -rdr on eth3 proto tcp from 192.168.1.0/24 to 222.222.222.222 port 80 -> 192.168.1.10 port 80 -nat on eth0 proto tcp from 192.168.1.0/24 to 192.168.1.10 port 80 -> 192.168.1.1 +rdr on eth3 proto tcp from 192.168.1.0/24 to 222.222.222.222 port 80 -> 192.168.1.10 port 80 +nat on eth0 proto tcp from 192.168.1.0/24 to 192.168.1.10 port 80 -> 192.168.1.1 # # Rule 4 (NAT) -nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.222 +nat on eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.222 # # Rule 5 (NAT) # eth1 is dynamic -nat on eth1 proto tcp from 192.168.1.0/24 to any port 22 -> (eth1) +nat on eth1 proto tcp from 192.168.1.0/24 to any port 22 -> (eth1) # Policy compiler errors and warnings: # firewall4:Policy:6: warning: Changing rule direction due to self reference diff --git a/test/pf/firewall4.fw.orig b/test/pf/firewall4.fw.orig index ffdd4f7e9..42c5621a3 100755 --- a/test/pf/firewall4.fw.orig +++ b/test/pf/firewall4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:42 2011 PDT by vadim +# Generated Fri Jun 3 17:49:31 2011 PDT by vadim # # files: * firewall4.fw pf.fw # files: firewall4.conf /etc/fw/pf.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:42 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:31 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall40-1.conf.orig b/test/pf/firewall40-1.conf.orig index 13a534428..9e5da9075 100644 --- a/test/pf/firewall40-1.conf.orig +++ b/test/pf/firewall40-1.conf.orig @@ -5,12 +5,12 @@ # Rule 0 (NAT) # Translate source address # for outgoing connections -nat on le1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1 +nat on le1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1 # # Rule 1 (NAT) # Translate source address # for outgoing connections -nat on le2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.3.1 +nat on le2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.3.1 # Policy compiler errors and warnings: # firewall40-1:Policy:9: error: Only one router specified with load balancing for rule action Route: 'route_through' diff --git a/test/pf/firewall40-1.fw.orig b/test/pf/firewall40-1.fw.orig index a2e6a2c37..1bf66ecee 100755 --- a/test/pf/firewall40-1.fw.orig +++ b/test/pf/firewall40-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:43 2011 PDT by vadim +# Generated Fri Jun 3 17:49:32 2011 PDT by vadim # # files: * firewall40-1.fw /etc/firewall40-1.fw # files: firewall40-1.conf /etc/firewall40-1.conf @@ -182,7 +182,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon May 30 21:58:43 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:32 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall40.conf.orig b/test/pf/firewall40.conf.orig index 9fa30b55d..99eb0cd5b 100644 --- a/test/pf/firewall40.conf.orig +++ b/test/pf/firewall40.conf.orig @@ -5,12 +5,12 @@ # Rule 0 (NAT) # Translate source address # for outgoing connections -nat on le1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1 +nat on le1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1 # # Rule 1 (NAT) # Translate source address # for outgoing connections -nat on le2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.3.1 +nat on le2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.3.1 # # Rule 0 (lo0) diff --git a/test/pf/firewall40.fw.orig b/test/pf/firewall40.fw.orig index fade82365..0baf83f7b 100755 --- a/test/pf/firewall40.fw.orig +++ b/test/pf/firewall40.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:43 2011 PDT by vadim +# Generated Fri Jun 3 17:49:32 2011 PDT by vadim # # files: * firewall40.fw /etc/firewall40.fw # files: firewall40.conf /etc/firewall40.conf @@ -166,7 +166,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Mon May 30 21:58:43 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:32 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall41.fw.orig b/test/pf/firewall41.fw.orig index b56152d15..2ed1ffa30 100755 --- a/test/pf/firewall41.fw.orig +++ b/test/pf/firewall41.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:44 2011 PDT by vadim +# Generated Fri Jun 3 17:49:33 2011 PDT by vadim # # files: * firewall41.fw /etc/firewall41.fw # files: firewall41.conf /etc/firewall41.conf @@ -169,7 +169,7 @@ configure_interfaces() { update_addresses_of_interface "eth1 2.2.2.2/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:44 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:33 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall5.fw.orig b/test/pf/firewall5.fw.orig index 08c6a04cc..c17e7e14a 100755 --- a/test/pf/firewall5.fw.orig +++ b/test/pf/firewall5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:44 2011 PDT by vadim +# Generated Fri Jun 3 17:49:33 2011 PDT by vadim # # files: * firewall5.fw /etc/fw/firewall5.fw # files: firewall5.conf /etc/fw/firewall5.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:44 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:33 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall51.fw.orig b/test/pf/firewall51.fw.orig index 3c636639c..8f0aa29f4 100755 --- a/test/pf/firewall51.fw.orig +++ b/test/pf/firewall51.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:45 2011 PDT by vadim +# Generated Fri Jun 3 17:49:33 2011 PDT by vadim # # files: * firewall51.fw /etc/fw/firewall51.fw # files: firewall51.conf /etc/fw/firewall51.conf @@ -80,7 +80,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:45 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:33 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall6.fw.orig b/test/pf/firewall6.fw.orig index 701997432..c6e841b9e 100755 --- a/test/pf/firewall6.fw.orig +++ b/test/pf/firewall6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:45 2011 PDT by vadim +# Generated Fri Jun 3 17:49:34 2011 PDT by vadim # # files: * firewall6.fw /etc/fw/firewall6.fw # files: firewall6.conf /etc/fw/firewall6.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:45 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:34 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall62.fw.orig b/test/pf/firewall62.fw.orig index 624429136..435e5d30b 100755 --- a/test/pf/firewall62.fw.orig +++ b/test/pf/firewall62.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:46 2011 PDT by vadim +# Generated Fri Jun 3 17:49:34 2011 PDT by vadim # # files: * firewall62.fw /etc/firewall62.fw # files: firewall62.conf /etc/firewall62.conf @@ -191,7 +191,7 @@ configure_interfaces() { update_addresses_of_interface "en1 222.222.222.222/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:46 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:34 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall63.fw.orig b/test/pf/firewall63.fw.orig index 060c89676..e0582e3b9 100755 --- a/test/pf/firewall63.fw.orig +++ b/test/pf/firewall63.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:46 2011 PDT by vadim +# Generated Fri Jun 3 17:49:34 2011 PDT by vadim # # files: * firewall63.fw /etc/fw/firewall63.fw # files: firewall63.conf /etc/fw/firewall63.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:46 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:34 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall7.fw.orig b/test/pf/firewall7.fw.orig index b6be86f42..6fed6e9ee 100755 --- a/test/pf/firewall7.fw.orig +++ b/test/pf/firewall7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:47 2011 PDT by vadim +# Generated Fri Jun 3 17:49:35 2011 PDT by vadim # # files: * firewall7.fw /etc/fw/firewall7.fw # files: firewall7.conf /etc/fw/firewall7.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:47 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:35 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall70.fw.orig b/test/pf/firewall70.fw.orig index 30654c171..333101e19 100755 --- a/test/pf/firewall70.fw.orig +++ b/test/pf/firewall70.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:47 2011 PDT by vadim +# Generated Fri Jun 3 17:49:35 2011 PDT by vadim # # files: * firewall70.fw /etc/fw/firewall70.fw # files: firewall70.conf /etc/fw/firewall70.conf @@ -82,7 +82,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:47 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:35 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall8.conf.orig b/test/pf/firewall8.conf.orig index d545af768..f3e3ad319 100644 --- a/test/pf/firewall8.conf.orig +++ b/test/pf/firewall8.conf.orig @@ -8,30 +8,30 @@ table { 33.33.33.33 , 33.33.33.34 } # # Rule 0 (NAT) -nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 33.33.33.33 , 33.33.33.34 } -nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 -nat on ppp0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (ppp0) +nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 33.33.33.33 , 33.33.33.34 } +nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on ppp0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (ppp0) # # Rule 1 (NAT) -nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 33.33.33.33 , 33.33.33.34 } +nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 33.33.33.33 , 33.33.33.34 } # # Rule 2 (NAT) -nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 33.33.33.33 +nat on eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 33.33.33.33 # # Rule 3 (NAT) rdr proto tcp from any to port 22 -> 192.168.1.100 port 22 # # Rule 4 (NAT) -rdr on eth1 proto tcp from any to 33.33.33.34 port 22 -> 192.168.1.100 port 22 +rdr on eth1 proto tcp from any to 33.33.33.34 port 22 -> 192.168.1.100 port 22 # # Rule 5 (NAT) -rdr on eth1 proto tcp from any to 33.33.33.34 port 22 -> 192.168.1.100 port 22 +rdr on eth1 proto tcp from any to 33.33.33.34 port 22 -> 192.168.1.100 port 22 # # Rule 6 (NAT) -rdr on eth1 proto tcp from any to 33.33.33.34 port 22 -> 192.168.1.100 port 22 +rdr on eth1 proto tcp from any to 33.33.33.34 port 22 -> 192.168.1.100 port 22 # # Rule 7 (NAT) -rdr on eth1 proto tcp from any to 33.33.33.34 port 22 -> 192.168.1.100 port 22 +rdr on eth1 proto tcp from any to 33.33.33.34 port 22 -> 192.168.1.100 port 22 # # Rule 8 (NAT) rdr proto tcp from 192.168.1.0/24 to any port 80 -> 33.33.33.34 port 80 diff --git a/test/pf/firewall8.fw.orig b/test/pf/firewall8.fw.orig index 6677e44d2..06c02626d 100755 --- a/test/pf/firewall8.fw.orig +++ b/test/pf/firewall8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:47 2011 PDT by vadim +# Generated Fri Jun 3 17:49:36 2011 PDT by vadim # # files: * firewall8.fw /etc/firewall8.fw # files: firewall8.conf /etc/firewall8.conf @@ -72,7 +72,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:47 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:36 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall80-4.5.fw.orig b/test/pf/firewall80-4.5.fw.orig index 93dec00ff..7fe13b0f2 100755 --- a/test/pf/firewall80-4.5.fw.orig +++ b/test/pf/firewall80-4.5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:48 2011 PDT by vadim +# Generated Fri Jun 3 17:49:37 2011 PDT by vadim # # files: * firewall80-4.5.fw /etc/firewall80-4.5.fw # files: firewall80-4.5.conf /etc/firewall80-4.5.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:48 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:37 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall80.fw.orig b/test/pf/firewall80.fw.orig index 565f2925e..ff6ec2336 100755 --- a/test/pf/firewall80.fw.orig +++ b/test/pf/firewall80.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:48 2011 PDT by vadim +# Generated Fri Jun 3 17:49:36 2011 PDT by vadim # # files: * firewall80.fw /etc/firewall80.fw # files: firewall80.conf /etc/firewall80.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:48 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:36 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall9.conf.orig b/test/pf/firewall9.conf.orig index 5cbe061f3..00e30c0fe 100644 --- a/test/pf/firewall9.conf.orig +++ b/test/pf/firewall9.conf.orig @@ -3,7 +3,7 @@ # # Rule 1 (NAT) -nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 +nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 # # Rule 0 (eth0) diff --git a/test/pf/firewall9.fw.orig b/test/pf/firewall9.fw.orig index 560d6f2c7..e39b36d39 100755 --- a/test/pf/firewall9.fw.orig +++ b/test/pf/firewall9.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:48 2011 PDT by vadim +# Generated Fri Jun 3 17:49:37 2011 PDT by vadim # # files: * firewall9.fw /etc/fw/firewall9.fw # files: firewall9.conf /etc/fw/firewall9.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Mon May 30 21:58:48 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:37 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall91.fw.orig b/test/pf/firewall91.fw.orig index 8d82be413..a5dac3fea 100755 --- a/test/pf/firewall91.fw.orig +++ b/test/pf/firewall91.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:49 2011 PDT by vadim +# Generated Fri Jun 3 17:49:38 2011 PDT by vadim # # files: * firewall91.fw /etc/fw/pf.fw # files: firewall91.conf /etc/fw/pf.conf @@ -247,7 +247,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:49 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:38 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall92.conf.orig b/test/pf/firewall92.conf.orig index 2d0ec3d3f..08792c55c 100644 --- a/test/pf/firewall92.conf.orig +++ b/test/pf/firewall92.conf.orig @@ -11,13 +11,19 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # firewall92:NAT:2: error: No translation rules are not supported for PF 4.7, use negation to implement exclusions # # Rule 0 (NAT) -match out on em0 proto {tcp udp icmp} from 10.1.1.0/24 to any nat-to 10.3.14.81 +match out on em0 proto {tcp udp icmp} from 10.1.1.0/24 to any nat-to 10.3.14.81 # # Rule 1 (NAT) -match in on em0 proto udp from ! 10.3.14.41 to 10.3.14.81 port 161 rdr-to 10.1.1.1 port 161 +match in on em0 proto udp from ! 10.3.14.41 to 10.3.14.81 port 161 rdr-to 10.1.1.1 port 161 # # Rule 3 (NAT) -match in on em0 proto udp from any to 10.3.14.81 port 161 rdr-to 10.1.1.1 port 161 +match in on em0 proto udp from any to 10.3.14.81 port 161 rdr-to 10.1.1.1 port 161 +# +# Rule 4 (NAT) +match out on em1 proto {tcp udp icmp} from 10.1.1.0/24 to any nat-to 10.3.14.81 +# +# Rule 5 (NAT) +match out on ! em0 proto {tcp udp icmp} from 10.1.1.0/24 to any nat-to 10.3.14.201 # Policy compiler errors and warnings: # firewall92:Policy:0: warning: Changing rule direction due to self reference diff --git a/test/pf/firewall92.fw.orig b/test/pf/firewall92.fw.orig index c05c8f7f6..c1a7b1a8d 100755 --- a/test/pf/firewall92.fw.orig +++ b/test/pf/firewall92.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:49 2011 PDT by vadim +# Generated Fri Jun 3 17:49:38 2011 PDT by vadim # # files: * firewall92.fw /etc/fw/pf.fw # files: firewall92.conf /etc/fw/path\ with\ space/pf.conf @@ -162,11 +162,11 @@ run_epilog_and_exit() { configure_interfaces() { : - update_addresses_of_interface "em0 10.3.14.81/0xffffff00" "" + update_addresses_of_interface "em0 10.3.14.81/0xffffff00 10.3.14.201/0xffffff00" "" update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:49 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:38 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/objects-for-regression-tests.fwb b/test/pf/objects-for-regression-tests.fwb index 1927d4745..d783fab8e 100644 --- a/test/pf/objects-for-regression-tests.fwb +++ b/test/pf/objects-for-regression-tests.fwb @@ -21096,7 +21096,7 @@ - + @@ -21206,6 +21206,60 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/test/pf/pf_cluster_1_openbsd-1.conf.orig b/test/pf/pf_cluster_1_openbsd-1.conf.orig index 8371b5a37..8989115cb 100644 --- a/test/pf/pf_cluster_1_openbsd-1.conf.orig +++ b/test/pf/pf_cluster_1_openbsd-1.conf.orig @@ -8,28 +8,28 @@ table { 172.24.0.1 , 172.24.0.2 } # # Rule 0 (NAT) -nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 +nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 # # Rule 1 (NAT) -nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 +nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 # # Rule 2 (NAT) nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 # # Rule 3 (NAT) -nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 172.24.0.2 , 172.24.0.3 } +nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 172.24.0.2 , 172.24.0.3 } # # Rule 4 (NAT) -nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.2 +nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.2 # # Rule 5 (NAT) nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.3 # # Rule 6 (NAT) -rdr on en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 +rdr on en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 # # Rule 7 (NAT) -rdr on en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 +rdr on en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 # # Rule 8 (NAT) rdr proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 diff --git a/test/pf/pf_cluster_1_openbsd-1.fw.orig b/test/pf/pf_cluster_1_openbsd-1.fw.orig index bfe5d73f2..c627b2ad2 100755 --- a/test/pf/pf_cluster_1_openbsd-1.fw.orig +++ b/test/pf/pf_cluster_1_openbsd-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:51 2011 PDT by vadim +# Generated Fri Jun 3 17:49:40 2011 PDT by vadim # # files: * pf_cluster_1_openbsd-1.fw /etc/pf_cluster_1_openbsd-1.fw # files: pf_cluster_1_openbsd-1.conf /etc/pf_cluster_1_openbsd-1.conf @@ -299,7 +299,7 @@ configure_interfaces() { update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:51 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_1_openbsd-2.conf.orig b/test/pf/pf_cluster_1_openbsd-2.conf.orig index 0c1bb4cb0..2da4e8354 100644 --- a/test/pf/pf_cluster_1_openbsd-2.conf.orig +++ b/test/pf/pf_cluster_1_openbsd-2.conf.orig @@ -8,28 +8,28 @@ table { 172.24.0.1 , 172.24.0.3 } # # Rule 0 (NAT) -nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 +nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 # # Rule 1 (NAT) -nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 +nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 # # Rule 2 (NAT) nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 # # Rule 3 (NAT) -nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 172.24.0.2 , 172.24.0.3 } +nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 172.24.0.2 , 172.24.0.3 } # # Rule 4 (NAT) nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.2 # # Rule 5 (NAT) -nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.3 +nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.3 # # Rule 6 (NAT) -rdr on en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 +rdr on en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 # # Rule 7 (NAT) -rdr on en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 +rdr on en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 # # Rule 8 (NAT) rdr proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 diff --git a/test/pf/pf_cluster_1_openbsd-2.fw.orig b/test/pf/pf_cluster_1_openbsd-2.fw.orig index 8b22e4714..b6f202c57 100755 --- a/test/pf/pf_cluster_1_openbsd-2.fw.orig +++ b/test/pf/pf_cluster_1_openbsd-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:51 2011 PDT by vadim +# Generated Fri Jun 3 17:49:40 2011 PDT by vadim # # files: * pf_cluster_1_openbsd-2.fw /etc/pf_cluster_1_openbsd-2.fw # files: pf_cluster_1_openbsd-2.conf /etc/pf_cluster_1_openbsd-2.conf @@ -195,7 +195,7 @@ configure_interfaces() { update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:51 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_2_freebsd-1.fw.orig b/test/pf/pf_cluster_2_freebsd-1.fw.orig index 215ba9f55..f57b13774 100755 --- a/test/pf/pf_cluster_2_freebsd-1.fw.orig +++ b/test/pf/pf_cluster_2_freebsd-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:51 2011 PDT by vadim +# Generated Fri Jun 3 17:49:40 2011 PDT by vadim # # files: * pf_cluster_2_freebsd-1.fw /etc/pf_cluster_2_freebsd-1.fw # files: pf_cluster_2_freebsd-1.conf /etc/pf_cluster_2_freebsd-1.conf @@ -301,7 +301,7 @@ configure_interfaces() { update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:51 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_2_freebsd-2.fw.orig b/test/pf/pf_cluster_2_freebsd-2.fw.orig index d2e13b627..95c28940d 100755 --- a/test/pf/pf_cluster_2_freebsd-2.fw.orig +++ b/test/pf/pf_cluster_2_freebsd-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:51 2011 PDT by vadim +# Generated Fri Jun 3 17:49:40 2011 PDT by vadim # # files: * pf_cluster_2_freebsd-2.fw /etc/pf_cluster_2_freebsd-2.fw # files: pf_cluster_2_freebsd-2.conf /etc/pf_cluster_2_freebsd-2.conf @@ -197,7 +197,7 @@ configure_interfaces() { update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:51 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_3_openbsd-3.fw.orig b/test/pf/pf_cluster_3_openbsd-3.fw.orig index 8ad75ee98..a14797fa5 100755 --- a/test/pf/pf_cluster_3_openbsd-3.fw.orig +++ b/test/pf/pf_cluster_3_openbsd-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:51 2011 PDT by vadim +# Generated Fri Jun 3 17:49:40 2011 PDT by vadim # # files: * pf_cluster_3_openbsd-3.fw /etc/pf_cluster_3_openbsd-3.fw # files: pf_cluster_3_openbsd-3.conf /etc/pf_cluster_3_openbsd-3.conf @@ -302,7 +302,7 @@ configure_interfaces() { update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:51 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_3_openbsd-4.fw.orig b/test/pf/pf_cluster_3_openbsd-4.fw.orig index da5058258..a4146ad4f 100755 --- a/test/pf/pf_cluster_3_openbsd-4.fw.orig +++ b/test/pf/pf_cluster_3_openbsd-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:51 2011 PDT by vadim +# Generated Fri Jun 3 17:49:40 2011 PDT by vadim # # files: * pf_cluster_3_openbsd-4.fw /etc/pf_cluster_3_openbsd-4.fw # files: pf_cluster_3_openbsd-4.conf /etc/pf_cluster_3_openbsd-4.conf @@ -199,7 +199,7 @@ configure_interfaces() { update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:51 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_4_rc.conf.local b/test/pf/pf_cluster_4_rc.conf.local index 5c5abd9e7..4ecbca19d 100755 --- a/test/pf/pf_cluster_4_rc.conf.local +++ b/test/pf/pf_cluster_4_rc.conf.local @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:51 2011 PDT by vadim +# Generated Fri Jun 3 17:49:40 2011 PDT by vadim # # files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local # files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf diff --git a/test/pf/pf_cluster_5_openbsd-3.conf.orig b/test/pf/pf_cluster_5_openbsd-3.conf.orig index 3410f329a..12683a7ec 100644 --- a/test/pf/pf_cluster_5_openbsd-3.conf.orig +++ b/test/pf/pf_cluster_5_openbsd-3.conf.orig @@ -5,7 +5,7 @@ # Rule 0 (NAT) # rule is attached to physical interface en0 # but uses address of carp0 for translation -nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 +nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 # # Rule -3 CARP (automatic) diff --git a/test/pf/pf_cluster_5_openbsd-3.fw.orig b/test/pf/pf_cluster_5_openbsd-3.fw.orig index 9fc7a15fc..0642dfcb6 100755 --- a/test/pf/pf_cluster_5_openbsd-3.fw.orig +++ b/test/pf/pf_cluster_5_openbsd-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:52 2011 PDT by vadim +# Generated Fri Jun 3 17:49:40 2011 PDT by vadim # # files: * pf_cluster_5_openbsd-3.fw /etc/pf_cluster_5_openbsd-3.fw # files: pf_cluster_5_openbsd-3.conf /etc/pf_cluster_5_openbsd-3.conf @@ -302,7 +302,7 @@ configure_interfaces() { update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:52 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_5_openbsd-4.conf.orig b/test/pf/pf_cluster_5_openbsd-4.conf.orig index 3410f329a..12683a7ec 100644 --- a/test/pf/pf_cluster_5_openbsd-4.conf.orig +++ b/test/pf/pf_cluster_5_openbsd-4.conf.orig @@ -5,7 +5,7 @@ # Rule 0 (NAT) # rule is attached to physical interface en0 # but uses address of carp0 for translation -nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 +nat on en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 # # Rule -3 CARP (automatic) diff --git a/test/pf/pf_cluster_5_openbsd-4.fw.orig b/test/pf/pf_cluster_5_openbsd-4.fw.orig index 0794676a3..aa01a24d7 100755 --- a/test/pf/pf_cluster_5_openbsd-4.fw.orig +++ b/test/pf/pf_cluster_5_openbsd-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.3.0.3546 +# Firewall Builder fwb_pf v5.0.0.3547 # -# Generated Mon May 30 21:58:52 2011 PDT by vadim +# Generated Fri Jun 3 17:49:40 2011 PDT by vadim # # files: * pf_cluster_5_openbsd-4.fw /etc/pf_cluster_5_openbsd-4.fw # files: pf_cluster_5_openbsd-4.conf /etc/pf_cluster_5_openbsd-4.conf @@ -199,7 +199,7 @@ configure_interfaces() { update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" "" } -log "Activating firewall script generated Mon May 30 21:58:52 2011 by vadim" +log "Activating firewall script generated Fri Jun 3 17:49:40 2011 by vadim" set_kernel_vars configure_interfaces