onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2025-10-16 15:38:43 +02:00
Code Issues Releases Wiki Activity

fixed bug (no #): "clear" commands were not added when option "generate only access-list, access-group, nat, static..." was in effect; also making sure "clear" commands for object-groups and ssh are not added when option "do not add clear commands" is on

Browse Source
This commit is contained in:
Vadim Kurland 2011-04-20 10:45:20 -07:00
parent 50c7ca58f3
commit 15fca061ec
60 changed files with 198 additions and 231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION
View File

@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
# build number is like "nano" version number. I am incrementing build
# number during development cycle
#
BUILD_NUM="3529"
BUILD_NUM="3530"
VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"

2
VERSION.h
View File

@ -1,2 +1,2 @@
#define VERSION "4.2.0.3529"
#define VERSION "4.2.0.3530"
#define GENERATION "4.2"

2
packaging/fwbuilder-static-qt.spec
View File

@ -3,7 +3,7 @@
%define name fwbuilder
%define version 4.2.0.3529
%define version 4.2.0.3530
%define release 1
%if "%_vendor" == "MandrakeSoft"

2
packaging/fwbuilder.control
View File

@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
Priority: extra
Section: checkinstall
Maintainer: vadim@fwbuilder.org
Version: 4.2.0.3529-1
Version: 4.2.0.3530-1
Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
Description: Firewall Builder GUI and policy compilers

2
packaging/fwbuilder.spec
View File

@ -1,6 +1,6 @@
%define name fwbuilder
%define version 4.2.0.3529
%define version 4.2.0.3530
%define release 1
%if "%_vendor" == "MandrakeSoft"

8
src/cisco_lib/CompilerDriver_pix.h
View File

@ -44,11 +44,15 @@ namespace libfwbuilder {
};
namespace fwcompiler {
namespace fwcompiler
{
class CompilerDriver_pix : public CompilerDriver {
class CompilerDriver_pix : public CompilerDriver
{
protected:
std::string clear_commands;
std::string preamble_commands;
std::string system_configuration_script;
std::string named_objects_and_groups;
std::string nat_script;

17
src/cisco_lib/CompilerDriver_pix_run.cpp
View File

@ -159,6 +159,14 @@ QString CompilerDriver_pix::assembleFwScript(Cluster *cluster,
script_skeleton.setVariable("not_short_script",
! options->getBool("short_script"));
script_skeleton.setVariable("preamble_commands",
QString::fromUtf8(
preamble_commands.c_str()));
script_skeleton.setVariable("clear_commands",
QString::fromUtf8(
clear_commands.c_str()));
script_skeleton.setVariable("system_configuration_script",
QString::fromUtf8(
system_configuration_script.c_str()));
@ -396,8 +404,6 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
oscnf->prolog();
oscnf->processFirewallOptions();
string clear_commands;
string preamble_commands;
bool have_named_objects = false;
bool have_object_groups = false;
@ -542,12 +548,13 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
}
system_configuration_script = oscnf->getCompiledScript();
system_configuration_script += "\n";
clear_commands += named_objects_manager.getClearCommands() + "\n";
system_configuration_script += preamble_commands;
system_configuration_script += clear_commands;
system_configuration_script += "\n";
// system_configuration_script += preamble_commands;
// system_configuration_script += clear_commands;
script_buffer = assembleFwScript(
cluster, fw, !cluster_id.empty(), oscnf.get());

3
src/cisco_lib/NamedObjectsManager.cpp
View File

@ -86,8 +86,9 @@ FWObject* create_ASA8ObjectGroup(int id)
}
NamedObjectsManager::NamedObjectsManager(Library *persistent_objects,
const Firewall *fw)
Firewall *_fw)
{
fw = _fw;
version = fw->getStr("version");
platform = fw->getStr("platform");

3
src/cisco_lib/NamedObjectsManager.h
View File

@ -41,6 +41,7 @@ namespace fwcompiler
class NamedObjectsManager
{
protected:
libfwbuilder::Firewall *fw;
std::string platform;
std::string version;
// storage for object groups created to be used with PIX
@ -54,7 +55,7 @@ public:
std::map<int, NamedObject*> named_objects;
NamedObjectsManager(libfwbuilder::Library *persistent_objects,
const libfwbuilder::Firewall *_fw);
libfwbuilder::Firewall *_fw);
virtual ~NamedObjectsManager();
void addNamedObject(const libfwbuilder::FWObject *obj);
NamedObject* getNamedObject(const libfwbuilder::FWObject *obj);

2
src/cisco_lib/NamedObjectsManagerASA8.h
View File

@ -37,7 +37,7 @@ namespace fwcompiler
public:
NamedObjectsManagerASA8(libfwbuilder::Library *persistent_objects,
const libfwbuilder::Firewall *fw) :
libfwbuilder::Firewall *fw) :
NamedObjectsManagerPIX(persistent_objects, fw) {}
virtual ~NamedObjectsManagerASA8() {};
};

2
src/cisco_lib/NamedObjectsManagerIOS.cpp
View File

@ -39,7 +39,7 @@ using namespace fwcompiler;
using namespace std;
NamedObjectsManagerIOS::NamedObjectsManagerIOS(Library *po, const Firewall *fw) :
NamedObjectsManagerIOS::NamedObjectsManagerIOS(Library *po, Firewall *fw) :
NamedObjectsManager(po, fw)
{
}

2
src/cisco_lib/NamedObjectsManagerIOS.h
View File

@ -44,7 +44,7 @@ namespace fwcompiler
public:
NamedObjectsManagerIOS(libfwbuilder::Library *persistent_objects,
const libfwbuilder::Firewall *_fw);
libfwbuilder::Firewall *_fw);
virtual ~NamedObjectsManagerIOS();
virtual std::string getClearCommands();

9
src/cisco_lib/NamedObjectsManagerPIX.cpp
View File

@ -39,7 +39,7 @@ using namespace fwcompiler;
using namespace std;
NamedObjectsManagerPIX::NamedObjectsManagerPIX(Library *po, const Firewall *fw) :
NamedObjectsManagerPIX::NamedObjectsManagerPIX(Library *po, Firewall *fw) :
NamedObjectsManager(po, fw)
{
}
@ -59,8 +59,11 @@ string NamedObjectsManagerPIX::getClearCommands()
string("/FWBuilderResources/Target/options/") +
"version_" + version + "/pix_commands/clear_obj");
if (haveObjectGroups()) output << clear_obj_group << endl;
if (haveNamedObjects()) output << clear_object << endl;
if ( !fw->getOptionsObject()->getBool("pix_acl_no_clear") )
{
if (haveObjectGroups()) output << clear_obj_group << endl;
if (haveNamedObjects()) output << clear_object << endl;
}
return output.str();
}

2
src/cisco_lib/NamedObjectsManagerPIX.h
View File

@ -43,7 +43,7 @@ namespace fwcompiler
public:
NamedObjectsManagerPIX(libfwbuilder::Library *persistent_objects,
const libfwbuilder::Firewall *_fw);
libfwbuilder::Firewall *_fw);
virtual ~NamedObjectsManagerPIX();
virtual std::string getClearCommands();

4
src/cisco_lib/OSConfigurator_pix_os.cpp
View File

@ -841,7 +841,9 @@ string OSConfigurator_pix_os::_printSSHConfiguration()
cnf.setVariable("fwsm_version_lt_32", ! version_ge_32);
cnf.setVariable("fwsm_version_ge_32", version_ge_32);
cnf.setVariable("clear", 1);
cnf.setVariable("clear",
! fw->getOptionsObject()->getBool("pix_acl_no_clear") );
cnf.setVariable("use_scp", fw->getOptionsObject()->getBool("use_scp"));
int to = fw->getOptionsObject()->getInt("pix_ssh_timeout");

1
src/cisco_lib/PolicyCompiler_pix.cpp
View File

@ -685,7 +685,6 @@ string PolicyCompiler_pix::printClearCommands()
output << "access-list commit" << endl;
}
return output.str();
}

15
src/res/configlets/pix_os/script_skeleton
View File

@ -13,6 +13,17 @@
##
## Double '##' comments are removed when configlet is processed.
## Single '#' comments stay.
##
## {{$system_configuration_script}} -- commands to configure
## interfaces, snmp, syslog, ntp etc.
## {{$preamble_commands}} -- commands to configure temporary
## access list in "safety net install"
## mode and to set up FWSM commit mode.
## {{$clear_commands}} -- clear commands for access lists, global,
## static, nat, icmp, telnet, ssh, http,
## object-group
##
##
{{$top_comment}}
{{$errors_and_warnings}}
@ -35,6 +46,10 @@
{{$system_configuration_script}}
{{endif}}
{{$preamble_commands}}
{{$clear_commands}}
{{$named_objects_and_object_groups}}
{{$policy_script}}

6
test/pix/cluster1-1_pix1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:27 2011 PDT by vadim
! Generated Wed Apr 20 10:40:49 2011 PDT by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported
@ -115,6 +115,7 @@ service-policy global_policy global
!################
clear xlate
clear config static
clear config global
@ -125,7 +126,6 @@ clear config telnet
clear config object-group
clear config object
object-group network id56590X61097.src.net.0
network-object host 10.3.14.206
network-object host 10.3.14.207

6
test/pix/cluster1-1_pix2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:27 2011 PDT by vadim
! Generated Wed Apr 20 10:40:49 2011 PDT by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported
@ -115,6 +115,7 @@ service-policy global_policy global
!################
clear xlate
clear config static
clear config global
@ -125,7 +126,6 @@ clear config telnet
clear config object-group
clear config object
object-group network id56590X61097.src.net.0
network-object host 10.3.14.206
network-object host 10.3.14.207

6
test/pix/cluster1_pix1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:27 2011 PDT by vadim
! Generated Wed Apr 20 10:40:49 2011 PDT by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported
@ -115,6 +115,7 @@ service-policy global_policy global
!################
clear xlate
clear config static
clear config global
@ -125,7 +126,6 @@ clear config telnet
clear config object-group
clear config object
object-group network id2913X78273.src.net.0
network-object host 10.3.14.206
network-object host 10.3.14.207

6
test/pix/cluster1_pix2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:27 2011 PDT by vadim
! Generated Wed Apr 20 10:40:49 2011 PDT by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported
@ -115,6 +115,7 @@ service-policy global_policy global
!################
clear xlate
clear config static
clear config global
@ -125,7 +126,6 @@ clear config telnet
clear config object-group
clear config object
object-group network id2913X78273.src.net.0
network-object host 10.3.14.206
network-object host 10.3.14.207

6
test/pix/firewall.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:13 2011 PDT by vadim
! Generated Wed Apr 20 10:40:34 2011 PDT by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported
@ -262,6 +262,7 @@ fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
!################
clear access-list tmp_acl
@ -283,7 +284,6 @@ clear icmp
clear telnet
clear object-group
object-group network id3C4E4C38.dst.net.0
network-object host 211.11.11.11
network-object host 211.22.22.22

7
test/pix/firewall1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:13 2011 PDT by vadim
! Generated Wed Apr 20 10:40:34 2011 PDT by vadim
!
! Compiled for pix 6.1
! Outbound ACLs: not supported
@ -50,7 +50,6 @@ no logging on
telnet timeout 5
clear ssh
aaa authentication ssh console LOCAL
ssh timeout 5
@ -69,12 +68,12 @@ no sysopt route dnat
floodguard disable
!################
!
! Rule 2 (eth1)
! Anti-spoofing rule

8
test/pix/firewall10.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:13 2011 PDT by vadim
! Generated Wed Apr 20 10:40:35 2011 PDT by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -58,7 +58,6 @@ timeout uauth 2:0:0 absolute
telnet timeout 5
clear ssh
aaa authentication ssh console LOCAL
ssh timeout 5
@ -91,8 +90,9 @@ fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
!################
clear object-group
object-group network id3DB0FA90.dst.net.0

8
test/pix/firewall101.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3527
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Fri Apr 15 12:47:54 2011 PDT by vadim
! Generated Wed Apr 20 10:40:35 2011 PDT by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -33,6 +33,10 @@
!################
object-group network id63559X5474.src.net.0
network-object 192.168.10.0 255.255.255.0
network-object 192.168.20.0 255.255.255.0

7
test/pix/firewall11.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:13 2011 PDT by vadim
! Generated Wed Apr 20 10:40:35 2011 PDT by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported
@ -56,7 +56,6 @@ timeout uauth 2:0:0 absolute
telnet timeout 5
clear ssh
aaa authentication ssh console LOCAL
ssh timeout 5
@ -75,12 +74,12 @@ sysopt route dnat
floodguard enable
!################
!
! Rule 0 (global)
access-list outside_acl_in permit tcp any host 10.5.80.20 eq 80

10
test/pix/firewall12.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:14 2011 PDT by vadim
! Generated Wed Apr 20 10:40:35 2011 PDT by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -63,7 +63,6 @@ timeout uauth 0:0:0 absolute
telnet timeout 5
clear ssh
aaa authentication ssh console LOCAL
ssh timeout 5
@ -85,10 +84,11 @@ floodguard disable
fixup protocol dns maximum-length 65535
fixup protocol ftp 21
fixup protocol http 80
fixup protocol icmp error
fixup protocol icmp error
!################
clear object-group
object-group network id3F8F95CD.dst.net.0

7
test/pix/firewall13.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:14 2011 PDT by vadim
! Generated Wed Apr 20 10:40:36 2011 PDT by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -54,7 +54,6 @@ timeout uauth 2:0:0 absolute
telnet timeout 5
clear ssh
aaa authentication ssh console LOCAL
ssh timeout 5
@ -71,12 +70,12 @@ no sysopt nodnsalias outbound
floodguard enable
!################
!
! Rule 0 (global)
access-list outside_acl_in permit ip 192.168.1.0 255.255.255.0 any

7
test/pix/firewall14.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:15 2011 PDT by vadim
! Generated Wed Apr 20 10:40:36 2011 PDT by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -50,7 +50,6 @@ timeout uauth 2:0:0 absolute
telnet timeout 5
clear ssh
aaa authentication ssh console LOCAL
ssh timeout 5
@ -67,12 +66,12 @@ no sysopt nodnsalias outbound
floodguard enable
!################
!
! Rule 0 (global)
access-list inside_acl_in permit ip 10.1.2.0 255.255.255.0 any

7
test/pix/firewall2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:15 2011 PDT by vadim
! Generated Wed Apr 20 10:40:37 2011 PDT by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -62,8 +62,8 @@ no sysopt nodnsalias outbound
floodguard disable
!################
clear xlate
clear static
clear global
@ -73,7 +73,6 @@ clear icmp
clear telnet
clear object-group
object-group service id3D6EF08C.srv.tcp.0 tcp
port-object eq 80
port-object eq 119

7
test/pix/firewall20.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:15 2011 PDT by vadim
! Generated Wed Apr 20 10:40:37 2011 PDT by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -60,7 +60,6 @@ timeout uauth 2:0:0 absolute
telnet timeout 5
clear ssh
aaa authentication ssh console LOCAL
ssh timeout 5
@ -79,11 +78,13 @@ floodguard enable
fixup protocol ftp 21
!################
!
! Rule 0 (global)
access-list outside_acl_in permit ip any host 192.168.1.10

7
test/pix/firewall21-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:16 2011 PDT by vadim
! Generated Wed Apr 20 10:40:38 2011 PDT by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -65,7 +65,6 @@ timeout uauth 2:0:0 absolute
telnet timeout 5
clear ssh
aaa authentication ssh console LOCAL
ssh timeout 5
@ -84,11 +83,13 @@ floodguard enable
fixup protocol ftp 21
!################
!
! Rule 0 (global)
access-list outside_acl_in permit ip any host 192.168.1.10

6
test/pix/firewall21.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:16 2011 PDT by vadim
! Generated Wed Apr 20 10:40:38 2011 PDT by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported
@ -74,7 +74,6 @@ timeout uauth 2:0:0 absolute
telnet timeout 5
clear config ssh
aaa authentication ssh console LOCAL
ssh timeout 5
@ -105,6 +104,7 @@ service-policy global_policy global
!
! Rule 0 (global)
access-list outside_acl_in permit ip any host 192.168.1.10

6
test/pix/firewall22.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:16 2011 PDT by vadim
! Generated Wed Apr 20 10:40:38 2011 PDT by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported
@ -67,7 +67,6 @@ timeout uauth 2:0:0 absolute
telnet timeout 5
clear config ssh
aaa authentication ssh console LOCAL
ssh timeout 5
@ -98,6 +97,7 @@ service-policy global_policy global
!
! Rule 0 (global)
access-list outside_in permit ip any host 192.168.1.10

6
test/pix/firewall23.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:17 2011 PDT by vadim
! Generated Wed Apr 20 10:40:38 2011 PDT by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -64,6 +64,7 @@ floodguard disable
clear xlate
clear static
clear global
@ -73,7 +74,6 @@ clear nat
!
! Rule 0 (NAT)
global (outside) 1 interface

7
test/pix/firewall3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:17 2011 PDT by vadim
! Generated Wed Apr 20 10:40:39 2011 PDT by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported
@ -72,15 +72,14 @@ no sysopt route dnat
floodguard disable
!################
clear access-list
clear icmp
clear telnet
!
! Rule 0 (eth0)
ssh 0.0.0.0 0.0.0.0 inside

18
test/pix/firewall33.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:17 2011 PDT by vadim
! Generated Wed Apr 20 10:40:39 2011 PDT by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -54,7 +54,6 @@ no logging on
telnet timeout -1
clear ssh
aaa authentication ssh console LOCAL
ssh timeout -1
@ -71,9 +70,8 @@ no sysopt nodnsalias outbound
floodguard disable
!################
clear object-group
object-group network id43867C2418346.src.net.0
@ -86,11 +84,11 @@ object-group network id43867C2418346.src.net.0
exit
object-group network id438728A918346.dst.net.0
network-object host 74.125.224.80
network-object host 74.125.224.81
network-object host 74.125.224.82
network-object host 74.125.224.83
network-object host 74.125.224.84
network-object host 74.125.224.48
network-object host 74.125.224.49
network-object host 74.125.224.50
network-object host 74.125.224.51
network-object host 74.125.224.52
network-object host 157.166.224.25
network-object host 157.166.224.26
network-object host 157.166.226.25

65
test/pix/firewall34.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:18 2011 PDT by vadim
! Generated Wed Apr 20 10:40:40 2011 PDT by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -43,7 +43,6 @@ no logging on
telnet timeout -1
clear ssh
aaa authentication ssh console LOCAL
ssh timeout -1
@ -60,9 +59,8 @@ no sysopt nodnsalias outbound
floodguard disable
!################
clear object-group
object-group network id16988X10208.dst.net.0
@ -74,61 +72,6 @@ object-group network id16988X10208.dst.net.0
exit
object-group network id4390C25825682.dst.net.0
network-object 58.33.181.83 255.255.255.255
network-object 58.53.82.190 255.255.255.255
network-object 58.231.13.78 255.255.255.255
network-object host 61.150.47.112
network-object 61.184.14.102 255.255.255.255
network-object 64.106.85.186 255.255.255.255
network-object 70.228.60.100 255.255.255.255
network-object 80.51.236.6 255.255.255.255
network-object 80.243.72.149 255.255.255.255
network-object 80.249.77.34 255.255.255.255
network-object 81.2.36.254 255.255.255.255
network-object 81.196.74.125 255.255.255.255
network-object 82.77.37.174 255.255.255.255
network-object 82.117.221.205 255.255.255.255
network-object 82.143.196.17 255.255.255.255
network-object 84.90.8.198 255.255.255.255
network-object 151.8.224.178 255.255.255.255
network-object 168.156.76.20 255.255.255.255
network-object 193.207.126.36 255.255.255.255
network-object 195.136.186.35 255.255.255.255
network-object 196.15.136.15 255.255.255.255
network-object 201.10.180.138 255.255.255.255
network-object 201.17.93.16 255.255.255.255
network-object 201.36.156.121 255.255.255.255
network-object 202.96.112.93 255.255.255.255
network-object 202.103.25.253 255.255.255.255
network-object 203.162.3.209 255.255.255.255
network-object 203.209.124.144 255.255.255.255
network-object 210.106.193.237 255.255.255.255
network-object 210.222.114.102 255.255.255.255
network-object 211.144.143.143 255.255.255.255
network-object 211.172.218.237 255.255.255.255
network-object 211.250.16.132 255.255.255.255
network-object 212.21.241.31 255.255.255.255
network-object 212.100.212.100 255.255.255.255
network-object 218.18.72.252 255.255.255.255
network-object 218.39.114.122 255.255.255.255
network-object 218.55.115.43 255.255.255.255
network-object 218.104.138.146 255.255.255.255
network-object 219.132.104.160 255.255.255.255
network-object 220.71.17.86 255.255.255.255
network-object 220.81.50.105 255.255.255.255
network-object 220.91.99.46 255.255.255.255
network-object 221.14.249.242 255.255.255.255
network-object 221.166.177.135 255.255.255.255
network-object 221.198.33.38 255.255.255.255
network-object 221.202.160.233 255.255.255.255
network-object 221.205.54.125 255.255.255.255
network-object 221.217.44.248 255.255.255.255
network-object 222.100.212.223 255.255.255.255
network-object 222.121.118.144 255.255.255.255
network-object 222.174.113.2 255.255.255.255
exit
object-group network id4388CFF8674.src.net.0
network-object 58.33.181.83 255.255.255.255
network-object 58.53.82.190 255.255.255.255
network-object 58.231.13.78 255.255.255.255
@ -212,7 +155,7 @@ access-list outside_acl_in deny tcp any object-group id4390C25825682.dst.net.0
access-list inside_acl_in deny tcp any object-group id4390C25825682.dst.net.0 eq 25
!
! Rule 5 (global)
access-list outside_acl_in deny ip object-group id4388CFF8674.src.net.0 any log 6 interval 300
access-list outside_acl_in deny ip object-group id4390C25825682.dst.net.0 any log 6 interval 300
!
! Rule 6 (global)
access-list outside_acl_in deny ip object-group id4390C25825682.dst.net.0 any log 6 interval 300

7
test/pix/firewall4.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:18 2011 PDT by vadim
! Generated Wed Apr 20 10:40:40 2011 PDT by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported
@ -74,8 +74,8 @@ no sysopt route dnat
floodguard disable
!################
clear xlate
clear static
clear global
@ -85,7 +85,6 @@ clear icmp
clear telnet
clear object-group
object-group service id3D79A1C2.srv.tcp.0 tcp
port-object eq 80
port-object eq 22

5
test/pix/firewall50.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:19 2011 PDT by vadim
! Generated Wed Apr 20 10:40:41 2011 PDT by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported
@ -136,7 +136,6 @@ clear config telnet
clear config object-group
clear config object
object-group network id45142FA628543.dst.net.0
network-object host 211.11.11.11
network-object host 211.22.22.22

7
test/pix/firewall6.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:19 2011 PDT by vadim
! Generated Wed Apr 20 10:40:41 2011 PDT by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported
@ -75,8 +75,8 @@ no sysopt route dnat
floodguard disable
!################
clear xlate
clear static
clear global
@ -87,7 +87,6 @@ clear telnet
!
! Rule 0 (eth1)
access-list outside_acl_in deny ip any host 22.22.22.22

7
test/pix/firewall8.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:19 2011 PDT by vadim
! Generated Wed Apr 20 10:40:41 2011 PDT by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported
@ -56,7 +56,6 @@ timeout uauth 2:0:0 absolute
telnet timeout 5
clear ssh
aaa authentication ssh console LOCAL
ssh timeout 5
@ -77,11 +76,13 @@ floodguard enable
fixup protocol ftp 21
!################
!
! Rule 0 (global)
access-list outside_acl_in permit ip any host 192.168.1.10

6
test/pix/firewall80.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:20 2011 PDT by vadim
! Generated Wed Apr 20 10:40:42 2011 PDT by vadim
!
! Compiled for pix 8.2
! Outbound ACLs: supported
@ -87,6 +87,7 @@ parameters
!################
clear xlate
clear config static
clear config global
@ -97,7 +98,6 @@ clear config telnet
clear config object-group
clear config object
object-group icmp-type id19186X29796.srv.icmp.0
icmp-object 0
icmp-object 8

6
test/pix/firewall81.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:20 2011 PDT by vadim
! Generated Wed Apr 20 10:40:42 2011 PDT by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -90,6 +90,7 @@ parameters
!################
clear xlate
clear config nat
clear config access-list
@ -97,7 +98,6 @@ clear config icmp
clear config telnet
clear config object
object service http.0
service tcp destination eq 80
exit

6
test/pix/firewall82.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:21 2011 PDT by vadim
! Generated Wed Apr 20 10:40:43 2011 PDT by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -90,6 +90,7 @@ parameters
!################
clear xlate
clear config nat
clear config access-list
@ -97,7 +98,6 @@ clear config icmp
clear config telnet
clear config object
object service http.0
service tcp destination eq 80
exit

6
test/pix/firewall83.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:21 2011 PDT by vadim
! Generated Wed Apr 20 10:40:43 2011 PDT by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -88,6 +88,7 @@ parameters
!################
clear xlate
clear config nat
clear config access-list
@ -95,7 +96,6 @@ clear config icmp
clear config telnet
clear config object
object service http.0
service tcp destination eq 80
exit

9
test/pix/firewall9.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:21 2011 PDT by vadim
! Generated Wed Apr 20 10:40:43 2011 PDT by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -56,7 +56,6 @@ timeout uauth 0:0:0 absolute
telnet timeout 5
clear ssh
aaa authentication ssh console LOCAL
ssh timeout 5
@ -102,6 +101,10 @@ fixup protocol tftp 69
!
! Epilog script:
!

6
test/pix/firewall90.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:22 2011 PDT by vadim
! Generated Wed Apr 20 10:40:43 2011 PDT by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -91,6 +91,7 @@ parameters
!################
clear xlate
clear config nat
clear config access-list
@ -99,7 +100,6 @@ clear config telnet
clear config object-group
clear config object
object service http.0
service tcp destination eq 80
exit

6
test/pix/firewall91.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:22 2011 PDT by vadim
! Generated Wed Apr 20 10:40:44 2011 PDT by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -93,6 +93,7 @@ parameters
!################
clear xlate
clear config nat
clear config access-list
@ -100,7 +101,6 @@ clear config icmp
clear config telnet
clear config object
object service http.0
service tcp destination eq 80
exit

6
test/pix/firewall92.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:22 2011 PDT by vadim
! Generated Wed Apr 20 10:40:44 2011 PDT by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -88,6 +88,7 @@ parameters
!################
clear xlate
clear config nat
clear config access-list
@ -96,7 +97,6 @@ clear config telnet
clear config object-group
clear config object
object service http.0
service tcp destination eq 80
exit

6
test/pix/firewall93.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:23 2011 PDT by vadim
! Generated Wed Apr 20 10:40:45 2011 PDT by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -89,11 +89,11 @@ service-policy global_policy global
clear xlate
clear config nat
clear config object
object network dmz-range-1.0
range 172.16.0.10 172.16.0.15
exit

7
test/pix/firewall94.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:23 2011 PDT by vadim
! Generated Wed Apr 20 10:40:45 2011 PDT by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -73,15 +73,14 @@ policy-map global_policy
service-policy global_policy global
!################
clear config access-list
clear config icmp
clear config telnet
clear config object-group
clear config object
object network inside-range-1.0
range 10.0.0.5 10.0.0.10
exit

6
test/pix/fwsm1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:24 2011 PDT by vadim
! Generated Wed Apr 20 10:40:46 2011 PDT by vadim
!
! Compiled for fwsm 2.3
! Outbound ACLs: supported
@ -94,6 +94,7 @@ fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
!################
access-list mode auto
@ -116,7 +117,6 @@ clear icmp
clear telnet
clear object-group
object-group network id444A03DE9567.dst.net.0
network-object host 211.11.11.11
network-object host 211.22.22.22

6
test/pix/fwsm2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:24 2011 PDT by vadim
! Generated Wed Apr 20 10:40:46 2011 PDT by vadim
!
! Compiled for fwsm 4.x
! Outbound ACLs: supported
@ -109,7 +109,6 @@ policy-map global_policy
service-policy global_policy global
!################
access-list mode auto
@ -132,7 +131,6 @@ clear config icmp
clear config telnet
clear config object-group
object-group network id17298X54624.dst.net.0
network-object host 211.11.11.11
network-object host 211.22.22.22

6
test/pix/fwsm3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:24 2011 PDT by vadim
! Generated Wed Apr 20 10:40:46 2011 PDT by vadim
!
! Compiled for fwsm 3.2
! Outbound ACLs: supported
@ -109,7 +109,6 @@ policy-map global_policy
service-policy global_policy global
!################
access-list mode auto
@ -132,7 +131,6 @@ clear config icmp
clear config telnet
clear config object-group
object-group network id37010X447.dst.net.0
network-object host 211.11.11.11
network-object host 211.22.22.22

6
test/pix/fwsm4.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:24 2011 PDT by vadim
! Generated Wed Apr 20 10:40:46 2011 PDT by vadim
!
! Compiled for fwsm 4.x
! Outbound ACLs: supported
@ -108,7 +108,6 @@ policy-map global_policy
service-policy global_policy global
!################
access-list mode manual
@ -134,7 +133,6 @@ clear config telnet
access-list commit
clear config object-group
object-group network id59803X13930.src.net.0
network-object 10.0.0.0 255.255.255.0
network-object 10.1.0.0 255.255.255.0

5
test/pix/pix515.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:25 2011 PDT by vadim
! Generated Wed Apr 20 10:40:47 2011 PDT by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported
@ -104,7 +104,6 @@ clear config telnet
!
! Rule -1 backup ssh access rule (automatic)
ssh 10.3.14.42 255.255.255.255 inside

3
test/pix/quick-cmp.sh
View File

@ -2,11 +2,12 @@
DIFFCMD="diff -C 5 -c -b -B -w -I \"! Generated\" -I 'Activating ' -I '! Firewall Builder fwb_pix v' -I 'Can not find file' -I '===='"
SDIFFCMD="sdiff -b -B -W -I \"! Generated\" -I 'Activating ' -I '! Firewall Builder fwb_pix v' -I 'Can not find file' -I '===='"
for f in $(ls *.fw.orig)
do
V="$f <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
echo "echo \"$V\" | cut -c1-72"
new_f=$(echo $f | sed 's/.orig//')
echo "$DIFFCMD $f $new_f"
echo "$SDIFFCMD $f $new_f"
done

9
test/pix/real.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:26 2011 PDT by vadim
! Generated Wed Apr 20 10:40:48 2011 PDT by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -84,9 +84,11 @@ floodguard disable
fixup protocol dns maximum-length 65535
fixup protocol ftp 21
fixup protocol http 80
fixup protocol icmp error
fixup protocol icmp error
!################
clear xlate
clear static
clear global
@ -97,7 +99,6 @@ clear telnet
!
! Rule 0 (global)
access-list inside_acl_in remark 0 (global)

7
test/pix/test_net_zone_2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3526
! Firewall Builder fwb_pix v4.2.0.3530
!
! Generated Thu Apr 14 18:58:26 2011 PDT by vadim
! Generated Wed Apr 20 10:40:48 2011 PDT by vadim
!
! Compiled for pix 6.1
! Outbound ACLs: not supported
@ -43,7 +43,6 @@ no logging on
telnet timeout -1
clear ssh
aaa authentication ssh console LOCAL
ssh timeout -1
@ -62,12 +61,12 @@ no sysopt route dnat
floodguard disable
!################
!
! Rule 0 (global)
access-list outside_acl_in deny ip any any