onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 17:57:22 +01:00
Code Issues Releases Wiki Activity

see #2275 fixed parser to make it understand multiport matches with negation

Browse Source
This commit is contained in:
Vadim Kurland 2011-04-15 18:49:31 -07:00
parent 94379ed9b5
commit 18256f52ef
6 changed files with 436 additions and 401 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/parsers/IPTCfgLexer.cpp
View File

@ -713,7 +713,7 @@ void IPTCfgLexer::mWhitespace(bool _createToken) {
}
}
if ( inputState->guessing==0 ) {
#line 1237 "iptables.g"
#line 1243 "iptables.g"
_ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP;
#line 719 "IPTCfgLexer.cpp"
}
@ -746,7 +746,7 @@ void IPTCfgLexer::mNEWLINE(bool _createToken) {
}
if ( inputState->guessing==0 ) {
#line 1239 "iptables.g"
#line 1245 "iptables.g"
newline(); resetText();
#line 752 "IPTCfgLexer.cpp"
}
@ -1026,7 +1026,7 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
match('.' /* charlit */ );
mNUM_3DIGIT(false);
if ( inputState->guessing==0 ) {
#line 1306 "iptables.g"
#line 1312 "iptables.g"
_ttype = IPV4;
#line 1032 "IPTCfgLexer.cpp"
}
@ -1060,7 +1060,7 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
match('.' /* charlit */ );
mNUM_3DIGIT(false);
if ( inputState->guessing==0 ) {
#line 1310 "iptables.g"
#line 1316 "iptables.g"
_ttype = THREE_COMPONENT_VERSION;
#line 1066 "IPTCfgLexer.cpp"
}
@ -1086,7 +1086,7 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
} // ( ... )+
}
if ( inputState->guessing==0 ) {
#line 1314 "iptables.g"
#line 1320 "iptables.g"
_ttype = HEX_CONST;
#line 1092 "IPTCfgLexer.cpp"
}
@ -1107,7 +1107,7 @@ void IPTCfgLexer::mNUMBER(bool _createToken) {
_loop195:;
} // ( ... )+
if ( inputState->guessing==0 ) {
#line 1316 "iptables.g"
#line 1322 "iptables.g"
_ttype = INT_CONST;
#line 1113 "IPTCfgLexer.cpp"
}
@ -1423,7 +1423,7 @@ void IPTCfgLexer::mRSOURCE(bool _createToken) {
match("--rsource");
if ( inputState->guessing==0 ) {
#line 1340 "iptables.g"
#line 1346 "iptables.g"
_ttype = UNSUPPORTED_OPTION;
#line 1429 "IPTCfgLexer.cpp"
}
@ -2086,7 +2086,7 @@ void IPTCfgLexer::mULOG_QTHR(bool _createToken) {
match("--ulog-qthreshold");
if ( inputState->guessing==0 ) {
#line 1407 "iptables.g"
#line 1413 "iptables.g"
_ttype = UNSUPPORTED_OPTION;
#line 2092 "IPTCfgLexer.cpp"
}
@ -2105,7 +2105,7 @@ void IPTCfgLexer::mULOG_NLG(bool _createToken) {
match("--ulog-nlgroup");
if ( inputState->guessing==0 ) {
#line 1408 "iptables.g"
#line 1414 "iptables.g"
_ttype = UNSUPPORTED_OPTION;
#line 2111 "IPTCfgLexer.cpp"
}
@ -2124,7 +2124,7 @@ void IPTCfgLexer::mULOG_CPR(bool _createToken) {
match("--ulog-cprange");
if ( inputState->guessing==0 ) {
#line 1409 "iptables.g"
#line 1415 "iptables.g"
_ttype = UNSUPPORTED_OPTION;
#line 2130 "IPTCfgLexer.cpp"
}

282
src/parsers/IPTCfgParser.cpp
View File

@ -1160,7 +1160,7 @@ void IPTCfgParser::icmp_type_spec() {
{
match(WORD);
if ( inputState->guessing==0 ) {
#line 957 "iptables.g"
#line 963 "iptables.g"
importer->icmp_spec = LT(0)->getText();
*dbg << " ICMP_SPEC=" << LT(0)->getText();
@ -1174,7 +1174,7 @@ void IPTCfgParser::icmp_type_spec() {
{
match(INT_CONST);
if ( inputState->guessing==0 ) {
#line 964 "iptables.g"
#line 970 "iptables.g"
importer->icmp_type = LT(0)->getText();
importer->icmp_code = "-1";
@ -1189,7 +1189,7 @@ void IPTCfgParser::icmp_type_spec() {
match(SLASH);
match(INT_CONST);
if ( inputState->guessing==0 ) {
#line 971 "iptables.g"
#line 977 "iptables.g"
importer->icmp_code = LT(0)->getText();
*dbg << " ICMP_CODE=" << LT(0)->getText();
@ -1281,7 +1281,7 @@ void IPTCfgParser::basic_tcp_udp_port_spec() {
}
}
if ( inputState->guessing==0 ) {
#line 1053 "iptables.g"
#line 1059 "iptables.g"
importer->srv_neg = importer->tmp_neg;
importer->tmp_neg = false;
@ -1308,7 +1308,7 @@ void IPTCfgParser::basic_tcp_udp_port_spec() {
}
}
if ( inputState->guessing==0 ) {
#line 1058 "iptables.g"
#line 1064 "iptables.g"
importer->pushTmpPortSpecToSrcPortList();
@ -1338,7 +1338,7 @@ void IPTCfgParser::basic_tcp_udp_port_spec() {
}
}
if ( inputState->guessing==0 ) {
#line 1063 "iptables.g"
#line 1069 "iptables.g"
importer->srv_neg = importer->tmp_neg;
importer->tmp_neg = false;
@ -1365,7 +1365,7 @@ void IPTCfgParser::basic_tcp_udp_port_spec() {
}
}
if ( inputState->guessing==0 ) {
#line 1068 "iptables.g"
#line 1074 "iptables.g"
importer->pushTmpPortSpecToDstPortList();
@ -1401,18 +1401,20 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() {
if ( inputState->guessing==0 ) {
#line 894 "iptables.g"
importer->srv_neg = importer->tmp_neg;
importer->tmp_neg = false;
importer->startSrcMultiPort();
*dbg << " SRC MULTIPORT=";
#line 1408 "IPTCfgParser.cpp"
#line 1410 "IPTCfgParser.cpp"
}
port_def_with_range();
if ( inputState->guessing==0 ) {
#line 899 "iptables.g"
#line 901 "iptables.g"
importer->pushTmpPortSpecToSrcPortList();
#line 1416 "IPTCfgParser.cpp"
#line 1418 "IPTCfgParser.cpp"
}
{ // ( ... )*
for (;;) {
@ -1420,11 +1422,11 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() {
match(COMMA);
port_def_with_range();
if ( inputState->guessing==0 ) {
#line 903 "iptables.g"
#line 905 "iptables.g"
importer->pushTmpPortSpecToSrcPortList();
#line 1428 "IPTCfgParser.cpp"
#line 1430 "IPTCfgParser.cpp"
}
}
else {
@ -1442,20 +1444,22 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() {
{
match(MATCH_DST_MULTIPORT);
if ( inputState->guessing==0 ) {
#line 910 "iptables.g"
#line 912 "iptables.g"
importer->srv_neg = importer->tmp_neg;
importer->tmp_neg = false;
importer->startDstMultiPort();
*dbg << " DST MULTIPORT=";
#line 1451 "IPTCfgParser.cpp"
#line 1455 "IPTCfgParser.cpp"
}
port_def_with_range();
if ( inputState->guessing==0 ) {
#line 915 "iptables.g"
#line 919 "iptables.g"
importer->pushTmpPortSpecToDstPortList();
#line 1459 "IPTCfgParser.cpp"
#line 1463 "IPTCfgParser.cpp"
}
{ // ( ... )*
for (;;) {
@ -1463,11 +1467,11 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() {
match(COMMA);
port_def_with_range();
if ( inputState->guessing==0 ) {
#line 919 "iptables.g"
#line 923 "iptables.g"
importer->pushTmpPortSpecToDstPortList();
#line 1471 "IPTCfgParser.cpp"
#line 1475 "IPTCfgParser.cpp"
}
}
else {
@ -1485,20 +1489,22 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() {
{
match(MATCH_BOTH_MULTIPORT);
if ( inputState->guessing==0 ) {
#line 926 "iptables.g"
#line 930 "iptables.g"
importer->srv_neg = importer->tmp_neg;
importer->tmp_neg = false;
importer->startBothMultiPort();
*dbg << " MULTIPORT PORTS=";
#line 1494 "IPTCfgParser.cpp"
#line 1500 "IPTCfgParser.cpp"
}
port_def_with_range();
if ( inputState->guessing==0 ) {
#line 931 "iptables.g"
#line 937 "iptables.g"
importer->pushTmpPortSpecToBothPortList();
#line 1502 "IPTCfgParser.cpp"
#line 1508 "IPTCfgParser.cpp"
}
{ // ( ... )*
for (;;) {
@ -1506,11 +1512,11 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() {
match(COMMA);
port_def_with_range();
if ( inputState->guessing==0 ) {
#line 935 "iptables.g"
#line 941 "iptables.g"
importer->pushTmpPortSpecToBothPortList();
#line 1514 "IPTCfgParser.cpp"
#line 1520 "IPTCfgParser.cpp"
}
}
else {
@ -1567,12 +1573,12 @@ void IPTCfgParser::tcp_options() {
}
}
if ( inputState->guessing==0 ) {
#line 1098 "iptables.g"
#line 1104 "iptables.g"
importer->srv_neg = importer->tmp_neg;
importer->tmp_neg = false;
#line 1576 "IPTCfgParser.cpp"
#line 1582 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -1612,7 +1618,7 @@ void IPTCfgParser::match_limit_burst() {
importer->limit_burst = LT(0)->getText();
*dbg << " LIMIT BURST " << LT(0)->getText();
#line 1616 "IPTCfgParser.cpp"
#line 1622 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -1669,7 +1675,7 @@ void IPTCfgParser::match_iprange_src() {
importer->iprange_src_from = LT(0)->getText();
importer->using_iprange_src = true;
#line 1673 "IPTCfgParser.cpp"
#line 1679 "IPTCfgParser.cpp"
}
match(MINUS);
{
@ -1695,7 +1701,7 @@ void IPTCfgParser::match_iprange_src() {
importer->iprange_src_to = LT(0)->getText();
#line 1699 "IPTCfgParser.cpp"
#line 1705 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -1736,7 +1742,7 @@ void IPTCfgParser::match_iprange_dst() {
importer->iprange_dst_from = LT(0)->getText();
importer->using_iprange_dst = true;
#line 1740 "IPTCfgParser.cpp"
#line 1746 "IPTCfgParser.cpp"
}
match(MINUS);
{
@ -1762,7 +1768,7 @@ void IPTCfgParser::match_iprange_dst() {
importer->iprange_dst_to = LT(0)->getText();
#line 1766 "IPTCfgParser.cpp"
#line 1772 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -1789,7 +1795,7 @@ void IPTCfgParser::unknown_option() {
std::string("Unknown option: -")+LT(0)->getText());
*dbg << " UNKNOWN OPTION=-" << LT(0)->getText();
#line 1793 "IPTCfgParser.cpp"
#line 1799 "IPTCfgParser.cpp"
}
{
switch ( LA(1)) {
@ -1853,7 +1859,7 @@ void IPTCfgParser::unknown_option() {
std::string("Unknown option: --")+LT(0)->getText());
*dbg << " UNKNOWN OPTION=--" << LT(0)->getText();
#line 1857 "IPTCfgParser.cpp"
#line 1863 "IPTCfgParser.cpp"
}
{
switch ( LA(1)) {
@ -1913,7 +1919,7 @@ void IPTCfgParser::unknown_option() {
std::string("Unknown option: ")+LT(0)->getText());
*dbg << " UNKNOWN OPTION=" << LT(0)->getText();
#line 1917 "IPTCfgParser.cpp"
#line 1923 "IPTCfgParser.cpp"
}
{
switch ( LA(1)) {
@ -1981,7 +1987,7 @@ void IPTCfgParser::unknown_option() {
void IPTCfgParser::unknown_parameter() {
#line 341 "iptables.g"
std::string s;
#line 1985 "IPTCfgParser.cpp"
#line 1991 "IPTCfgParser.cpp"
try { // for error handling
if ((LA(1) == INT_CONST || LA(1) == DIGIT) && (LA(2) == SLASH)) {
@ -1995,7 +2001,7 @@ void IPTCfgParser::unknown_parameter() {
if ( inputState->guessing==0 ) {
#line 347 "iptables.g"
s+=LT(0)->getText();
#line 1999 "IPTCfgParser.cpp"
#line 2005 "IPTCfgParser.cpp"
}
break;
}
@ -2005,7 +2011,7 @@ void IPTCfgParser::unknown_parameter() {
if ( inputState->guessing==0 ) {
#line 349 "iptables.g"
s+=LT(0)->getText();
#line 2009 "IPTCfgParser.cpp"
#line 2015 "IPTCfgParser.cpp"
}
break;
}
@ -2019,13 +2025,13 @@ void IPTCfgParser::unknown_parameter() {
if ( inputState->guessing==0 ) {
#line 351 "iptables.g"
s+=LT(0)->getText();
#line 2023 "IPTCfgParser.cpp"
#line 2029 "IPTCfgParser.cpp"
}
match(WORD);
if ( inputState->guessing==0 ) {
#line 352 "iptables.g"
s+=LT(0)->getText();
#line 2029 "IPTCfgParser.cpp"
#line 2035 "IPTCfgParser.cpp"
}
}
if ( inputState->guessing==0 ) {
@ -2035,7 +2041,7 @@ void IPTCfgParser::unknown_parameter() {
std::string("Unknown parameter: ")+s);
*dbg << " UNKNOWN PARMETER=" << s;
#line 2039 "IPTCfgParser.cpp"
#line 2045 "IPTCfgParser.cpp"
}
}
}
@ -2071,7 +2077,7 @@ void IPTCfgParser::unknown_parameter() {
std::string("Unknown parameter: ")+LT(0)->getText());
*dbg << " UNKNOWN PARMETER=" << LT(0)->getText();
#line 2075 "IPTCfgParser.cpp"
#line 2081 "IPTCfgParser.cpp"
}
}
}
@ -2100,7 +2106,7 @@ void IPTCfgParser::m_state() {
importer->current_state = "";
#line 2104 "IPTCfgParser.cpp"
#line 2110 "IPTCfgParser.cpp"
}
state_word();
if ( inputState->guessing==0 ) {
@ -2108,7 +2114,7 @@ void IPTCfgParser::m_state() {
importer->current_state += LT(0)->getText();
#line 2112 "IPTCfgParser.cpp"
#line 2118 "IPTCfgParser.cpp"
}
{ // ( ... )*
for (;;) {
@ -2120,7 +2126,7 @@ void IPTCfgParser::m_state() {
importer->current_state += std::string(",") + LT(0)->getText();
#line 2124 "IPTCfgParser.cpp"
#line 2130 "IPTCfgParser.cpp"
}
}
else {
@ -2135,7 +2141,7 @@ void IPTCfgParser::m_state() {
*dbg << " STATE MATCH=" << importer->current_state;
#line 2139 "IPTCfgParser.cpp"
#line 2145 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2157,7 +2163,7 @@ void IPTCfgParser::m_mport() {
*dbg << " MULTIPORT";
#line 2161 "IPTCfgParser.cpp"
#line 2167 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2175,12 +2181,12 @@ void IPTCfgParser::m_icmp() {
try { // for error handling
match(ICMP);
if ( inputState->guessing==0 ) {
#line 947 "iptables.g"
#line 953 "iptables.g"
importer->protocol = "icmp";
*dbg << " ICMP";
#line 2184 "IPTCfgParser.cpp"
#line 2190 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2198,12 +2204,12 @@ void IPTCfgParser::m_tcp() {
try { // for error handling
match(TCP);
if ( inputState->guessing==0 ) {
#line 1086 "iptables.g"
#line 1092 "iptables.g"
importer->protocol = "tcp";
*dbg << " TCP";
#line 2207 "IPTCfgParser.cpp"
#line 2213 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2221,12 +2227,12 @@ void IPTCfgParser::m_udp() {
try { // for error handling
match(UDP);
if ( inputState->guessing==0 ) {
#line 1077 "iptables.g"
#line 1083 "iptables.g"
importer->protocol = "udp";
*dbg << " UDP";
#line 2230 "IPTCfgParser.cpp"
#line 2236 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2248,7 +2254,7 @@ void IPTCfgParser::m_limit() {
*dbg << " LIMIT";
#line 2252 "IPTCfgParser.cpp"
#line 2258 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2270,7 +2276,7 @@ void IPTCfgParser::m_length() {
*dbg << " LENGTH";
#line 2274 "IPTCfgParser.cpp"
#line 2280 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2292,7 +2298,7 @@ void IPTCfgParser::m_iprange() {
*dbg << " IPRANGE";
#line 2296 "IPTCfgParser.cpp"
#line 2302 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2316,7 +2322,7 @@ void IPTCfgParser::m_comment() {
*dbg << " COMMENT=" << LT(0)->getText();
#line 2320 "IPTCfgParser.cpp"
#line 2326 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2357,7 +2363,7 @@ void IPTCfgParser::m_unknown_module() {
importer->reportError(
std::string("Unknown module: ")+LT(0)->getText());
#line 2361 "IPTCfgParser.cpp"
#line 2367 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2432,7 +2438,7 @@ void IPTCfgParser::target_options() {
importer->action_params["reject_with"] = LT(0)->getText();
*dbg << " REJECT WITH=" << LT(0)->getText();
#line 2436 "IPTCfgParser.cpp"
#line 2442 "IPTCfgParser.cpp"
}
break;
}
@ -2463,7 +2469,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_prefix"] = LT(0)->getText();
*dbg << " LOG PREFIX=" << LT(0)->getText();
#line 2467 "IPTCfgParser.cpp"
#line 2473 "IPTCfgParser.cpp"
}
break;
}
@ -2476,7 +2482,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_tcp_seq"] = LT(0)->getText();
*dbg << " LOG TCP SEQUENCE=";
#line 2480 "IPTCfgParser.cpp"
#line 2486 "IPTCfgParser.cpp"
}
break;
}
@ -2489,7 +2495,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_tcp_options"] = LT(0)->getText();
*dbg << " LOG TCP OPTIONS=";
#line 2493 "IPTCfgParser.cpp"
#line 2499 "IPTCfgParser.cpp"
}
break;
}
@ -2502,7 +2508,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_ip_options"] = LT(0)->getText();
*dbg << " LOG IP OPTIONS=";
#line 2506 "IPTCfgParser.cpp"
#line 2512 "IPTCfgParser.cpp"
}
break;
}
@ -2533,7 +2539,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_prefix"] = LT(0)->getText();
*dbg << " ULOG PREFIX=" << LT(0)->getText();
#line 2537 "IPTCfgParser.cpp"
#line 2543 "IPTCfgParser.cpp"
}
break;
}
@ -2564,7 +2570,7 @@ void IPTCfgParser::target_options() {
importer->action_params["log_level"] = LT(0)->getText();
*dbg << " LOG LEVEL=" << LT(0)->getText();
#line 2568 "IPTCfgParser.cpp"
#line 2574 "IPTCfgParser.cpp"
}
break;
}
@ -2595,7 +2601,7 @@ void IPTCfgParser::target_options() {
importer->action_params["set_mark"] = LT(0)->getText();
*dbg << " SET MARK=" << LT(0)->getText();
#line 2599 "IPTCfgParser.cpp"
#line 2605 "IPTCfgParser.cpp"
}
break;
}
@ -2608,7 +2614,7 @@ void IPTCfgParser::target_options() {
importer->action_params["connmark_save_mark"] = "--save-mark";
*dbg << " SAVE MARK";
#line 2612 "IPTCfgParser.cpp"
#line 2618 "IPTCfgParser.cpp"
}
break;
}
@ -2621,7 +2627,7 @@ void IPTCfgParser::target_options() {
importer->action_params["connmark_restore_mark"] = "--restore-mark";
*dbg << " RESTORE MARK";
#line 2625 "IPTCfgParser.cpp"
#line 2631 "IPTCfgParser.cpp"
}
break;
}
@ -2634,7 +2640,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_continue"] = "--continue";
*dbg << " CONTINUE";
#line 2638 "IPTCfgParser.cpp"
#line 2644 "IPTCfgParser.cpp"
}
break;
}
@ -2648,7 +2654,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_iif"] = LT(0)->getText();
*dbg << " ROUTE_IIF=" << LT(0)->getText();
#line 2652 "IPTCfgParser.cpp"
#line 2658 "IPTCfgParser.cpp"
}
break;
}
@ -2662,7 +2668,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_oif"] = LT(0)->getText();
*dbg << " ROUTE_OIF=" << LT(0)->getText();
#line 2666 "IPTCfgParser.cpp"
#line 2672 "IPTCfgParser.cpp"
}
break;
}
@ -2676,7 +2682,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_gw"] = LT(0)->getText();
*dbg << " ROUTE_GW=" << LT(0)->getText();
#line 2680 "IPTCfgParser.cpp"
#line 2686 "IPTCfgParser.cpp"
}
break;
}
@ -2689,7 +2695,7 @@ void IPTCfgParser::target_options() {
importer->action_params["route_tee"] = "--tee";
*dbg << " ROUTE_TEE";
#line 2693 "IPTCfgParser.cpp"
#line 2699 "IPTCfgParser.cpp"
}
break;
}
@ -2701,7 +2707,7 @@ void IPTCfgParser::target_options() {
*dbg << " TO-SOURCE";
#line 2705 "IPTCfgParser.cpp"
#line 2711 "IPTCfgParser.cpp"
}
nat_spec();
break;
@ -2714,7 +2720,7 @@ void IPTCfgParser::target_options() {
*dbg << " TO-DESTINATION";
#line 2718 "IPTCfgParser.cpp"
#line 2724 "IPTCfgParser.cpp"
}
nat_spec();
break;
@ -2733,7 +2739,7 @@ void IPTCfgParser::target_options() {
*dbg << " TO-NETMAP";
#line 2737 "IPTCfgParser.cpp"
#line 2743 "IPTCfgParser.cpp"
}
{
match(IPV4);
@ -2744,7 +2750,7 @@ void IPTCfgParser::target_options() {
importer->nat_addr2 = LT(0)->getText();
*dbg << LT(0)->getText();
#line 2748 "IPTCfgParser.cpp"
#line 2754 "IPTCfgParser.cpp"
}
match(SLASH);
{
@ -2771,7 +2777,7 @@ void IPTCfgParser::target_options() {
importer->nat_nm = LT(0)->getText();
*dbg << "/" << LT(0)->getText();
#line 2775 "IPTCfgParser.cpp"
#line 2781 "IPTCfgParser.cpp"
}
}
break;
@ -2785,7 +2791,7 @@ void IPTCfgParser::target_options() {
importer->action_params["clamp-mss-to-pmtu"] = "--clamp-mss-to-pmtu";
*dbg << " TO-NETMAP";
#line 2789 "IPTCfgParser.cpp"
#line 2795 "IPTCfgParser.cpp"
}
break;
}
@ -2799,7 +2805,7 @@ void IPTCfgParser::target_options() {
importer->action_params["set_tos"] = LT(0)->getText();
*dbg << " SET TOS=" << LT(0)->getText();
#line 2803 "IPTCfgParser.cpp"
#line 2809 "IPTCfgParser.cpp"
}
}
else if ((LA(1) == SET_TOS) && (LA(2) == WORD)) {
@ -2811,7 +2817,7 @@ void IPTCfgParser::target_options() {
importer->action_params["set_tos"] = LT(0)->getText();
*dbg << " SET TOS=" << LT(0)->getText();
#line 2815 "IPTCfgParser.cpp"
#line 2821 "IPTCfgParser.cpp"
}
}
else {
@ -2912,7 +2918,7 @@ void IPTCfgParser::nat_spec() {
<< "-"
<< importer->nat_port_range_end;
#line 2916 "IPTCfgParser.cpp"
#line 2922 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2941,7 +2947,7 @@ void IPTCfgParser::redirect_spec() {
<< "-"
<< importer->nat_port_range_end;
#line 2945 "IPTCfgParser.cpp"
#line 2951 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -2991,7 +2997,7 @@ void IPTCfgParser::nat_addr_range() {
importer->nat_addr1 = a1->getText();
importer->nat_addr2 = a2->getText();
#line 2995 "IPTCfgParser.cpp"
#line 3001 "IPTCfgParser.cpp"
}
}
}
@ -3005,7 +3011,7 @@ void IPTCfgParser::nat_addr_range() {
importer->nat_addr1 = LT(0)->getText();
importer->nat_addr2 = LT(0)->getText();
#line 3009 "IPTCfgParser.cpp"
#line 3015 "IPTCfgParser.cpp"
}
}
else {
@ -3081,13 +3087,13 @@ void IPTCfgParser::nat_port_def_with_range() {
}
}
if ( inputState->guessing==0 ) {
#line 1030 "iptables.g"
#line 1036 "iptables.g"
importer->nat_port_range_start = LT(0)->getText();
importer->nat_port_range_end = LT(0)->getText();
*dbg << " PORT=" << LT(0)->getText();
#line 3091 "IPTCfgParser.cpp"
#line 3097 "IPTCfgParser.cpp"
}
match(MINUS);
{
@ -3109,12 +3115,12 @@ void IPTCfgParser::nat_port_def_with_range() {
}
}
if ( inputState->guessing==0 ) {
#line 1036 "iptables.g"
#line 1042 "iptables.g"
importer->nat_port_range_end = LT(0)->getText();
*dbg << ":" << LT(0)->getText();
#line 3118 "IPTCfgParser.cpp"
#line 3124 "IPTCfgParser.cpp"
}
}
}
@ -3138,13 +3144,13 @@ void IPTCfgParser::nat_port_def_with_range() {
}
}
if ( inputState->guessing==0 ) {
#line 1043 "iptables.g"
#line 1049 "iptables.g"
importer->nat_port_range_start = LT(0)->getText();
importer->nat_port_range_end = LT(0)->getText();
*dbg << " PORT=" << LT(0)->getText();
#line 3148 "IPTCfgParser.cpp"
#line 3154 "IPTCfgParser.cpp"
}
}
else {
@ -3213,7 +3219,7 @@ void IPTCfgParser::m_mark() {
*dbg << " MARK";
#line 3217 "IPTCfgParser.cpp"
#line 3223 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3233,14 +3239,14 @@ void IPTCfgParser::limit_rate() {
if ( inputState->guessing==0 ) {
#line 747 "iptables.g"
importer->limit_val = LT(0)->getText();
#line 3237 "IPTCfgParser.cpp"
#line 3243 "IPTCfgParser.cpp"
}
match(SLASH);
match(WORD);
if ( inputState->guessing==0 ) {
#line 749 "iptables.g"
importer->limit_suffix = LT(0)->getText();
#line 3244 "IPTCfgParser.cpp"
#line 3250 "IPTCfgParser.cpp"
}
if ( inputState->guessing==0 ) {
#line 750 "iptables.g"
@ -3249,7 +3255,7 @@ void IPTCfgParser::limit_rate() {
<< importer->limit_val << "/"
<< importer->limit_suffix;
#line 3253 "IPTCfgParser.cpp"
#line 3259 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3271,7 +3277,7 @@ void IPTCfgParser::m_recent() {
*dbg << " RECENT";
#line 3275 "IPTCfgParser.cpp"
#line 3281 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3371,7 +3377,7 @@ void IPTCfgParser::recent_args_no_param() {
if ( inputState->guessing==0 ) {
#line 819 "iptables.g"
importer->recent_match += LT(0)->getText() + " ";
#line 3375 "IPTCfgParser.cpp"
#line 3381 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3413,7 +3419,7 @@ void IPTCfgParser::recent_args_param() {
if ( inputState->guessing==0 ) {
#line 823 "iptables.g"
importer->recent_match += LT(0)->getText() + " ";
#line 3417 "IPTCfgParser.cpp"
#line 3423 "IPTCfgParser.cpp"
}
{
switch ( LA(1)) {
@ -3436,7 +3442,7 @@ void IPTCfgParser::recent_args_param() {
if ( inputState->guessing==0 ) {
#line 825 "iptables.g"
importer->recent_match += LT(0)->getText() + " ";
#line 3440 "IPTCfgParser.cpp"
#line 3446 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3456,7 +3462,7 @@ void IPTCfgParser::length_spec() {
if ( inputState->guessing==0 ) {
#line 842 "iptables.g"
importer->length_spec = LT(0)->getText();
#line 3460 "IPTCfgParser.cpp"
#line 3466 "IPTCfgParser.cpp"
}
match(COLON);
match(INT_CONST);
@ -3464,14 +3470,14 @@ void IPTCfgParser::length_spec() {
#line 844 "iptables.g"
importer->length_spec += ":";
importer->length_spec += LT(0)->getText();
#line 3468 "IPTCfgParser.cpp"
#line 3474 "IPTCfgParser.cpp"
}
if ( inputState->guessing==0 ) {
#line 846 "iptables.g"
*dbg << " MATCH LENGTH " << importer->length_spec;
#line 3475 "IPTCfgParser.cpp"
#line 3481 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3516,7 +3522,7 @@ void IPTCfgParser::pkt_type_spec() {
importer->pkt_type_spec = LT(0)->getText();
*dbg << " PKT_TYPE " << importer->pkt_type_spec;
#line 3520 "IPTCfgParser.cpp"
#line 3526 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3560,13 +3566,13 @@ void IPTCfgParser::port_def_with_range() {
}
}
if ( inputState->guessing==0 ) {
#line 1001 "iptables.g"
#line 1007 "iptables.g"
importer->tmp_port_range_start = LT(0)->getText();
importer->tmp_port_range_end = LT(0)->getText();
*dbg << " PORT=" << LT(0)->getText();
#line 3570 "IPTCfgParser.cpp"
#line 3576 "IPTCfgParser.cpp"
}
{
switch ( LA(1)) {
@ -3624,12 +3630,12 @@ void IPTCfgParser::port_def_with_range() {
}
}
if ( inputState->guessing==0 ) {
#line 1008 "iptables.g"
#line 1014 "iptables.g"
importer->tmp_port_range_end = LT(0)->getText();
*dbg << ":" << LT(0)->getText();
#line 3633 "IPTCfgParser.cpp"
#line 3639 "IPTCfgParser.cpp"
}
break;
}
@ -3704,13 +3710,13 @@ void IPTCfgParser::port_def_no_range() {
}
}
if ( inputState->guessing==0 ) {
#line 983 "iptables.g"
#line 989 "iptables.g"
importer->tmp_port_range_start = LT(0)->getText();
importer->tmp_port_range_end = LT(0)->getText();
*dbg << " PORT=" << LT(0)->getText();
#line 3714 "IPTCfgParser.cpp"
#line 3720 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3746,13 +3752,13 @@ void IPTCfgParser::port_def_with_incomplete_range() {
}
}
if ( inputState->guessing==0 ) {
#line 1017 "iptables.g"
#line 1023 "iptables.g"
importer->tmp_port_range_start = "0";
importer->tmp_port_range_end = LT(0)->getText();
*dbg << "PORT 0:" << LT(0)->getText();
#line 3756 "IPTCfgParser.cpp"
#line 3762 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3770,7 +3776,7 @@ void IPTCfgParser::syn() {
try { // for error handling
match(MATCH_SYN);
if ( inputState->guessing==0 ) {
#line 1105 "iptables.g"
#line 1111 "iptables.g"
importer->tcp_flags_mask.clear();
importer->tcp_flags_mask.push_back(libfwbuilder::TCPService::SYN);
@ -3780,7 +3786,7 @@ void IPTCfgParser::syn() {
importer->tcp_flags_comp.clear();
importer->tcp_flags_comp.push_back(libfwbuilder::TCPService::SYN);
#line 3784 "IPTCfgParser.cpp"
#line 3790 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3799,16 +3805,16 @@ void IPTCfgParser::tcp_flags() {
match(MATCH_TCP_FLAGS);
tcp_flags_list();
if ( inputState->guessing==0 ) {
#line 1156 "iptables.g"
#line 1162 "iptables.g"
importer->tcp_flags_mask = importer->tmp_tcp_flags_list;
importer->tmp_tcp_flags_list.clear();
#line 3808 "IPTCfgParser.cpp"
#line 3814 "IPTCfgParser.cpp"
}
tcp_flags_list();
if ( inputState->guessing==0 ) {
#line 1161 "iptables.g"
#line 1167 "iptables.g"
importer->tcp_flags_comp = importer->tmp_tcp_flags_list;
importer->tmp_tcp_flags_list.clear();
@ -3819,7 +3825,7 @@ void IPTCfgParser::tcp_flags() {
foreach(int x, importer->tcp_flags_comp)
*dbg << x << "|";
#line 3823 "IPTCfgParser.cpp"
#line 3829 "IPTCfgParser.cpp"
}
}
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@ -3857,9 +3863,9 @@ void IPTCfgParser::tcp_flag_word() {
{
match(SYN);
if ( inputState->guessing==0 ) {
#line 1118 "iptables.g"
#line 1124 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::SYN;
#line 3863 "IPTCfgParser.cpp"
#line 3869 "IPTCfgParser.cpp"
}
break;
}
@ -3867,9 +3873,9 @@ void IPTCfgParser::tcp_flag_word() {
{
match(ACK);
if ( inputState->guessing==0 ) {
#line 1120 "iptables.g"
#line 1126 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::ACK;
#line 3873 "IPTCfgParser.cpp"
#line 3879 "IPTCfgParser.cpp"
}
break;
}
@ -3877,9 +3883,9 @@ void IPTCfgParser::tcp_flag_word() {
{
match(FIN);
if ( inputState->guessing==0 ) {
#line 1122 "iptables.g"
#line 1128 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::FIN;
#line 3883 "IPTCfgParser.cpp"
#line 3889 "IPTCfgParser.cpp"
}
break;
}
@ -3887,9 +3893,9 @@ void IPTCfgParser::tcp_flag_word() {
{
match(RST);
if ( inputState->guessing==0 ) {
#line 1124 "iptables.g"
#line 1130 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::RST;
#line 3893 "IPTCfgParser.cpp"
#line 3899 "IPTCfgParser.cpp"
}
break;
}
@ -3897,9 +3903,9 @@ void IPTCfgParser::tcp_flag_word() {
{
match(URG);
if ( inputState->guessing==0 ) {
#line 1126 "iptables.g"
#line 1132 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::URG;
#line 3903 "IPTCfgParser.cpp"
#line 3909 "IPTCfgParser.cpp"
}
break;
}
@ -3907,9 +3913,9 @@ void IPTCfgParser::tcp_flag_word() {
{
match(PSH);
if ( inputState->guessing==0 ) {
#line 1128 "iptables.g"
#line 1134 "iptables.g"
importer->tmp_tcp_flag_code = libfwbuilder::TCPService::PSH;
#line 3913 "IPTCfgParser.cpp"
#line 3919 "IPTCfgParser.cpp"
}
break;
}
@ -3917,9 +3923,9 @@ void IPTCfgParser::tcp_flag_word() {
{
match(ALL);
if ( inputState->guessing==0 ) {
#line 1130 "iptables.g"
#line 1136 "iptables.g"
importer->tmp_tcp_flag_code = 99;
#line 3923 "IPTCfgParser.cpp"
#line 3929 "IPTCfgParser.cpp"
}
break;
}
@ -3927,9 +3933,9 @@ void IPTCfgParser::tcp_flag_word() {
{
match(NONE);
if ( inputState->guessing==0 ) {
#line 1132 "iptables.g"
#line 1138 "iptables.g"
importer->tmp_tcp_flag_code = 98;
#line 3933 "IPTCfgParser.cpp"
#line 3939 "IPTCfgParser.cpp"
}
break;
}
@ -3954,20 +3960,20 @@ void IPTCfgParser::tcp_flags_list() {
try { // for error handling
if ( inputState->guessing==0 ) {
#line 1137 "iptables.g"
#line 1143 "iptables.g"
importer->tmp_tcp_flags_list.clear();
importer->tmp_tcp_flag_code = 0;
#line 3963 "IPTCfgParser.cpp"
#line 3969 "IPTCfgParser.cpp"
}
tcp_flag_word();
if ( inputState->guessing==0 ) {
#line 1142 "iptables.g"
#line 1148 "iptables.g"
importer->tmp_tcp_flags_list.push_back(importer->tmp_tcp_flag_code);
#line 3971 "IPTCfgParser.cpp"
#line 3977 "IPTCfgParser.cpp"
}
{ // ( ... )*
for (;;) {
@ -3975,12 +3981,12 @@ void IPTCfgParser::tcp_flags_list() {
match(COMMA);
tcp_flag_word();
if ( inputState->guessing==0 ) {
#line 1147 "iptables.g"
#line 1153 "iptables.g"
importer->tmp_tcp_flags_list.push_back(
importer->tmp_tcp_flag_code);
#line 3984 "IPTCfgParser.cpp"
#line 3990 "IPTCfgParser.cpp"
}
}
else {

6
src/parsers/iptables.g
View File

@ -892,6 +892,8 @@ multiport_tcp_udp_port_spec :
(
( MATCH_SRC_MULTIPORT
{
importer->srv_neg = importer->tmp_neg;
importer->tmp_neg = false;
importer->startSrcMultiPort();
*dbg << " SRC MULTIPORT=";
}
@ -908,6 +910,8 @@ multiport_tcp_udp_port_spec :
|
( MATCH_DST_MULTIPORT
{
importer->srv_neg = importer->tmp_neg;
importer->tmp_neg = false;
importer->startDstMultiPort();
*dbg << " DST MULTIPORT=";
}
@ -924,6 +928,8 @@ multiport_tcp_udp_port_spec :
|
( MATCH_BOTH_MULTIPORT
{
importer->srv_neg = importer->tmp_neg;
importer->tmp_neg = false;
importer->startBothMultiPort();
*dbg << " MULTIPORT PORTS=";
}

428
src/unit_tests/ImporterTest/test_data/ipt.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302911804" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302918460" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -439,16 +439,16 @@
<IPv4 id="id7" name="h-192.168.16.125" comment="Created during import of line 109" ro="False" address="192.168.16.125" netmask="255.255.255.255"/>
<IPv4 id="id8" name="h-192.0.34.166" comment="Created during import of line 112" ro="False" address="192.0.34.166" netmask="255.255.255.255"/>
<IPv4 id="id9" name="h-127.0.0.1" comment="Created during import of line 130" ro="False" address="127.0.0.1" netmask="255.255.255.255"/>
<IPv4 id="id10" name="h-222.222.222.222" comment="Created during import of line 281" ro="False" address="222.222.222.222" netmask="255.255.255.255"/>
<IPv4 id="id11" name="h-192.168.1.20" comment="Created during import of line 284" ro="False" address="192.168.1.20" netmask="255.255.255.255"/>
<IPv4 id="id12" name="h-192.168.1.10" comment="Created during import of line 286" ro="False" address="192.168.1.10" netmask="255.255.255.255"/>
<IPv4 id="id13" name="h-222.222.222.13" comment="Created during import of line 299" ro="False" address="222.222.222.13" netmask="255.255.255.255"/>
<IPv4 id="id14" name="h-192.168.1.212" comment="Created during import of line 299" ro="False" address="192.168.1.212" netmask="255.255.255.255"/>
<IPv4 id="id15" name="h-192.168.3.145" comment="Created during import of line 302" ro="False" address="192.168.3.145" netmask="255.255.255.255"/>
<IPv4 id="id16" name="h-1.1.1.1" comment="Created during import of line 302" ro="False" address="1.1.1.1" netmask="255.255.255.255"/>
<IPv4 id="id17" name="h-192.168.1.22" comment="Created during import of line 311" ro="False" address="192.168.1.22" netmask="255.255.255.255"/>
<IPv4 id="id18" name="h-192.168.2.10" comment="Created during import of line 311" ro="False" address="192.168.2.10" netmask="255.255.255.255"/>
<IPv4 id="id19" name="h-22.22.22.23" comment="Created during import of line 312" ro="False" address="22.22.22.23" netmask="255.255.255.255"/>
<IPv4 id="id10" name="h-222.222.222.222" comment="Created during import of line 284" ro="False" address="222.222.222.222" netmask="255.255.255.255"/>
<IPv4 id="id11" name="h-192.168.1.20" comment="Created during import of line 287" ro="False" address="192.168.1.20" netmask="255.255.255.255"/>
<IPv4 id="id12" name="h-192.168.1.10" comment="Created during import of line 289" ro="False" address="192.168.1.10" netmask="255.255.255.255"/>
<IPv4 id="id13" name="h-222.222.222.13" comment="Created during import of line 302" ro="False" address="222.222.222.13" netmask="255.255.255.255"/>
<IPv4 id="id14" name="h-192.168.1.212" comment="Created during import of line 302" ro="False" address="192.168.1.212" netmask="255.255.255.255"/>
<IPv4 id="id15" name="h-192.168.3.145" comment="Created during import of line 305" ro="False" address="192.168.3.145" netmask="255.255.255.255"/>
<IPv4 id="id16" name="h-1.1.1.1" comment="Created during import of line 305" ro="False" address="1.1.1.1" netmask="255.255.255.255"/>
<IPv4 id="id17" name="h-192.168.1.22" comment="Created during import of line 314" ro="False" address="192.168.1.22" netmask="255.255.255.255"/>
<IPv4 id="id18" name="h-192.168.2.10" comment="Created during import of line 314" ro="False" address="192.168.2.10" netmask="255.255.255.255"/>
<IPv4 id="id19" name="h-22.22.22.23" comment="Created during import of line 315" ro="False" address="22.22.22.23" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="id20" name="DNS Names" comment="" ro="False"/>
<ObjectGroup id="id21" name="Address Tables" comment="" ro="False"/>
@ -462,15 +462,15 @@
<Network id="id29" name="net-128.143.0.0/255.255.0.0" comment="Created during import of line 95" ro="False" address="128.143.0.0" netmask="255.255.0.0"/>
<Network id="id30" name="net-1.1.0.0/255.255.0.0" comment="Created during import of line 101" ro="False" address="1.1.0.0" netmask="255.255.0.0"/>
<Network id="id31" name="net-192.168.19.0/255.255.255.0" comment="Created during import of line 108" ro="False" address="192.168.19.0" netmask="255.255.255.0"/>
<Network id="id32" name="net-192.168.1.0/255.255.255.0" comment="Created during import of line 281" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id33" name="net-192.168.1.32/255.255.255.224" comment="Created during import of line 283" ro="False" address="192.168.1.32" netmask="255.255.255.224"/>
<Network id="id34" name="net-222.222.222.0/255.255.255.0" comment="Created during import of line 290" ro="False" address="222.222.222.0" netmask="255.255.255.0"/>
<Network id="id32" name="net-192.168.1.0/255.255.255.0" comment="Created during import of line 284" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
<Network id="id33" name="net-192.168.1.32/255.255.255.224" comment="Created during import of line 286" ro="False" address="192.168.1.32" netmask="255.255.255.224"/>
<Network id="id34" name="net-222.222.222.0/255.255.255.0" comment="Created during import of line 293" ro="False" address="222.222.222.0" netmask="255.255.255.0"/>
</ObjectGroup>
<ObjectGroup id="id35" name="Address Ranges" comment="" ro="False">
<AddressRange id="id36" name="range-10.212.66.2-10.212.66.3" comment="Created during import of line 83" ro="False" start_address="10.212.66.2" end_address="10.212.66.3"/>
<AddressRange id="id37" name="range-192.11.1.11-192.11.1.63" comment="Created during import of line 83" ro="False" start_address="192.11.1.11" end_address="192.11.1.63"/>
<AddressRange id="id38" name="range-222.222.222.10-222.222.222.100" comment="Created during import of line 283" ro="False" start_address="222.222.222.10" end_address="222.222.222.100"/>
<AddressRange id="id39" name="range-192.168.1.1-192.168.1.10" comment="Created during import of line 285" ro="False" start_address="192.168.1.1" end_address="192.168.1.10"/>
<AddressRange id="id38" name="range-222.222.222.10-222.222.222.100" comment="Created during import of line 286" ro="False" start_address="222.222.222.10" end_address="222.222.222.100"/>
<AddressRange id="id39" name="range-192.168.1.1-192.168.1.10" comment="Created during import of line 288" ro="False" start_address="192.168.1.1" end_address="192.168.1.10"/>
</ObjectGroup>
</ObjectGroup>
<ServiceGroup id="id40" name="Services" comment="" ro="False">
@ -525,7 +525,7 @@
<ServiceRef ref="id153"/>
<ServiceRef ref="id142"/>
</ServiceGroup>
<ServiceGroup id="id82" name="tcp group 10" comment="Created during import of line 297" ro="False">
<ServiceGroup id="id82" name="tcp group 10" comment="Created during import of line 300" ro="False">
<ServiceRef ref="id162"/>
<ServiceRef ref="id163"/>
<ServiceRef ref="id164"/>
@ -542,17 +542,17 @@
<ServiceRef ref="id171"/>
<ServiceRef ref="id123"/>
</ServiceGroup>
<ServiceGroup id="id98" name="tcp group 11" comment="Created during import of line 299" ro="False">
<ServiceGroup id="id98" name="tcp group 11" comment="Created during import of line 302" ro="False">
<ServiceRef ref="id172"/>
<ServiceRef ref="id173"/>
</ServiceGroup>
</ServiceGroup>
<ServiceGroup id="id101" name="ICMP" comment="" ro="False">
<ICMPService id="id102" code="-1" type="-1" name="icmp -1/-1" comment="Created during import of line 95" ro="False"/>
<ICMPService id="id103" code="-1" type="3" name="icmp 3/-1" comment="Created during import of line 206" ro="False"/>
<ICMPService id="id104" code="6" type="3" name="icmp 3/6" comment="Created during import of line 207" ro="False"/>
<ICMPService id="id105" code="0" type="8" name="icmp 8/0" comment="Created during import of line 294" ro="False"/>
<ICMPService id="id106" code="0" type="11" name="icmp 11/0" comment="Created during import of line 312" ro="False"/>
<ICMPService id="id103" code="-1" type="3" name="icmp 3/-1" comment="Created during import of line 209" ro="False"/>
<ICMPService id="id104" code="6" type="3" name="icmp 3/6" comment="Created during import of line 210" ro="False"/>
<ICMPService id="id105" code="0" type="8" name="icmp 8/0" comment="Created during import of line 297" ro="False"/>
<ICMPService id="id106" code="0" type="11" name="icmp 11/0" comment="Created during import of line 315" ro="False"/>
</ServiceGroup>
<ServiceGroup id="id107" name="IP" comment="" ro="False">
<IPService id="id108" any_opt="False" dscp="" fragm="False" lsrr="False" protocol_num="47" rr="False" rtralt="False" rtralt_value="False" short_fragm="False" ssrr="False" tos="" ts="False" name="ip-47" comment="Created during import of line 98" ro="False"/>
@ -602,26 +602,26 @@
<TCPService id="id151" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 201:206 / 0:0" comment="Created during import of line 193" ro="False" src_range_start="201" src_range_end="206" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id152" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 311:311 / 0:0" comment="Created during import of line 193" ro="False" src_range_start="311" src_range_end="311" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id153" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 311:315 / 0:0" comment="Created during import of line 195" ro="False" src_range_start="311" src_range_end="315" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id154" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 5190:5190" comment="Created during import of line 219" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5190" dst_range_end="5190"/>
<TCPService id="id155" ack_flag="False" ack_flag_mask="True" established="False" fin_flag="False" fin_flag_mask="True" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True" name="tcp 0:0 / 0:0 fsrpau/s" comment="Created during import of line 224" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id156" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 53:53 / 0:0" comment="Created during import of line 230" ro="False" src_range_start="53" src_range_end="53" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id157" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 25:25" comment="Created during import of line 249" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
<TCPService id="id158" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 25:25 / 0:0" comment="Created during import of line 262" ro="False" src_range_start="25" src_range_end="25" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id159" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 1000:1010 / 0:0" comment="Created during import of line 286" ro="False" src_range_start="1000" src_range_end="1010" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id160" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 25:50" comment="Created during import of line 293" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="50"/>
<TCPService id="id161" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 4000:4010" comment="Created during import of line 296" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4000" dst_range_end="4010"/>
<TCPService id="id162" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 6667:6667" comment="Created during import of line 297" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6667" dst_range_end="6667"/>
<TCPService id="id163" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 3128:3128" comment="Created during import of line 297" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3128" dst_range_end="3128"/>
<TCPService id="id164" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 113:113" comment="Created during import of line 297" ro="False" src_range_start="0" src_range_end="0" dst_range_start="113" dst_range_end="113"/>
<TCPService id="id165" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 53:53" comment="Created during import of line 297" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<TCPService id="id166" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 21:21" comment="Created during import of line 297" ro="False" src_range_start="0" src_range_end="0" dst_range_start="21" dst_range_end="21"/>
<TCPService id="id167" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 119:119" comment="Created during import of line 297" ro="False" src_range_start="0" src_range_end="0" dst_range_start="119" dst_range_end="119"/>
<TCPService id="id168" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 540:540" comment="Created during import of line 297" ro="False" src_range_start="0" src_range_end="0" dst_range_start="540" dst_range_end="540"/>
<TCPService id="id169" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 70:70" comment="Created during import of line 297" ro="False" src_range_start="0" src_range_end="0" dst_range_start="70" dst_range_end="70"/>
<TCPService id="id170" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 13:13" comment="Created during import of line 297" ro="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
<TCPService id="id171" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 2105:2105" comment="Created during import of line 297" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2105" dst_range_end="2105"/>
<TCPService id="id172" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 1720:1720" comment="Created during import of line 299" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1720" dst_range_end="1720"/>
<TCPService id="id173" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 3230:3243" comment="Created during import of line 299" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3230" dst_range_end="3243"/>
<TCPService id="id154" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 5190:5190" comment="Created during import of line 222" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5190" dst_range_end="5190"/>
<TCPService id="id155" ack_flag="False" ack_flag_mask="True" established="False" fin_flag="False" fin_flag_mask="True" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True" name="tcp 0:0 / 0:0 fsrpau/s" comment="Created during import of line 227" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id156" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 53:53 / 0:0" comment="Created during import of line 233" ro="False" src_range_start="53" src_range_end="53" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id157" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 25:25" comment="Created during import of line 252" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
<TCPService id="id158" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 25:25 / 0:0" comment="Created during import of line 265" ro="False" src_range_start="25" src_range_end="25" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id159" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 1000:1010 / 0:0" comment="Created during import of line 289" ro="False" src_range_start="1000" src_range_end="1010" dst_range_start="0" dst_range_end="0"/>
<TCPService id="id160" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 25:50" comment="Created during import of line 296" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="50"/>
<TCPService id="id161" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 4000:4010" comment="Created during import of line 299" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4000" dst_range_end="4010"/>
<TCPService id="id162" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 6667:6667" comment="Created during import of line 300" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6667" dst_range_end="6667"/>
<TCPService id="id163" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 3128:3128" comment="Created during import of line 300" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3128" dst_range_end="3128"/>
<TCPService id="id164" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 113:113" comment="Created during import of line 300" ro="False" src_range_start="0" src_range_end="0" dst_range_start="113" dst_range_end="113"/>
<TCPService id="id165" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 53:53" comment="Created during import of line 300" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
<TCPService id="id166" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 21:21" comment="Created during import of line 300" ro="False" src_range_start="0" src_range_end="0" dst_range_start="21" dst_range_end="21"/>
<TCPService id="id167" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 119:119" comment="Created during import of line 300" ro="False" src_range_start="0" src_range_end="0" dst_range_start="119" dst_range_end="119"/>
<TCPService id="id168" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 540:540" comment="Created during import of line 300" ro="False" src_range_start="0" src_range_end="0" dst_range_start="540" dst_range_end="540"/>
<TCPService id="id169" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 70:70" comment="Created during import of line 300" ro="False" src_range_start="0" src_range_end="0" dst_range_start="70" dst_range_end="70"/>
<TCPService id="id170" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 13:13" comment="Created during import of line 300" ro="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
<TCPService id="id171" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 2105:2105" comment="Created during import of line 300" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2105" dst_range_end="2105"/>
<TCPService id="id172" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 1720:1720" comment="Created during import of line 302" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1720" dst_range_end="1720"/>
<TCPService id="id173" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 3230:3243" comment="Created during import of line 302" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3230" dst_range_end="3243"/>
</ServiceGroup>
<ServiceGroup id="id174" name="UDP" comment="" ro="False">
<UDPService id="id175" name="udp 0:0 / 1604:1604" comment="Created during import of line 45" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1604" dst_range_end="1604"/>
@ -638,37 +638,37 @@
<CustomService id="id183" name="cust-0" comment="Created during import of line 31" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="iptables">-m state --state NEW,RELATED,ESTABLISHED</CustomServiceCommand>
</CustomService>
<CustomService id="id184" name="cust-0" comment="Created during import of line 211" ro="False" protocol="any" address_family="ipv4">
<CustomService id="id184" name="cust-0" comment="Created during import of line 214" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="iptables">-m length --length 400:65535</CustomServiceCommand>
</CustomService>
<CustomService id="id185" name="cust-0" comment="Created during import of line 214" ro="False" protocol="any" address_family="ipv4">
<CustomService id="id185" name="cust-0" comment="Created during import of line 217" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="iptables">-m recent --name badguy --rcheck --seconds 60 </CustomServiceCommand>
</CustomService>
<CustomService id="id186" name="cust-0" comment="Created during import of line 215" ro="False" protocol="any" address_family="ipv4">
<CustomService id="id186" name="cust-0" comment="Created during import of line 218" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="iptables">-m recent --name badguy --set </CustomServiceCommand>
</CustomService>
<CustomService id="id187" name="cust-0" comment="Created during import of line 220" ro="False" protocol="any" address_family="ipv4">
<CustomService id="id187" name="cust-0" comment="Created during import of line 223" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="iptables">-m length --length 400:1500</CustomServiceCommand>
</CustomService>
<CustomService id="id188" name="cust-0" comment="Created during import of line 234" ro="False" protocol="any" address_family="ipv4">
<CustomService id="id188" name="cust-0" comment="Created during import of line 237" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="iptables">-m pkttype --pkt-type broadcast</CustomServiceCommand>
</CustomService>
</ServiceGroup>
<ServiceGroup id="id189" name="TagServices" comment="" ro="False">
<TagService id="id190" tagcode="0x11" name="tag-0x11" comment="Created during import of line 219" ro="False"/>
<TagService id="id191" tagcode="0x1" name="tag-0x1" comment="Created during import of line 224" ro="False"/>
<TagService id="id192" tagcode="0x4" name="tag-0x4" comment="Created during import of line 224" ro="False"/>
<TagService id="id193" tagcode="16" name="tag-16" comment="Created during import of line 249" ro="False"/>
<TagService id="id194" tagcode="0xa" name="tag-0xa" comment="Created during import of line 252" ro="False"/>
<TagService id="id195" tagcode="0xB" name="tag-0xB" comment="Created during import of line 253" ro="False"/>
<TagService id="id196" tagcode="1" name="tag-1" comment="Created during import of line 266" ro="False"/>
<TagService id="id197" tagcode="2" name="tag-2" comment="Created during import of line 267" ro="False"/>
<TagService id="id190" tagcode="0x11" name="tag-0x11" comment="Created during import of line 222" ro="False"/>
<TagService id="id191" tagcode="0x1" name="tag-0x1" comment="Created during import of line 227" ro="False"/>
<TagService id="id192" tagcode="0x4" name="tag-0x4" comment="Created during import of line 227" ro="False"/>
<TagService id="id193" tagcode="16" name="tag-16" comment="Created during import of line 252" ro="False"/>
<TagService id="id194" tagcode="0xa" name="tag-0xa" comment="Created during import of line 255" ro="False"/>
<TagService id="id195" tagcode="0xB" name="tag-0xB" comment="Created during import of line 256" ro="False"/>
<TagService id="id196" tagcode="1" name="tag-1" comment="Created during import of line 269" ro="False"/>
<TagService id="id197" tagcode="2" name="tag-2" comment="Created during import of line 270" ro="False"/>
</ServiceGroup>
</ServiceGroup>
<ObjectGroup id="id198" name="Firewalls" comment="" ro="False">
<Firewall id="id199" host_OS="linux24" lastCompiled="0" lastInstalled="0" lastModified="0" platform="iptables" version="ge_1.2.6" name="test_fw" comment="Created during import of line 3" ro="False">
<NAT id="id635" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id637" disabled="False" group="" position="0" action="Translate" comment="Created during import of line 281">
<NATRule id="id637" disabled="False" group="" position="0" action="Translate" comment="Created during import of line 284">
<OSrc neg="False">
<ObjectRef ref="id32"/>
</OSrc>
@ -691,11 +691,11 @@
<ObjectRef ref="sysid0"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id2042"/>
<ObjectRef ref="id2054"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id655" disabled="False" group="" position="1" action="Translate" comment="Created during import of line 282">
<NATRule id="id655" disabled="False" group="" position="1" action="Translate" comment="Created during import of line 285">
<OSrc neg="False">
<ObjectRef ref="id32"/>
</OSrc>
@ -718,11 +718,11 @@
<ObjectRef ref="sysid0"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id673" disabled="False" group="" position="2" action="Translate" comment="Created during import of line 283">
<NATRule id="id673" disabled="False" group="" position="2" action="Translate" comment="Created during import of line 286">
<OSrc neg="False">
<ObjectRef ref="id33"/>
</OSrc>
@ -745,11 +745,11 @@
<ObjectRef ref="sysid0"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id2327"/>
<ObjectRef ref="id2339"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id691" disabled="False" group="" position="3" action="Translate" comment="Created during import of line 284">
<NATRule id="id691" disabled="False" group="" position="3" action="Translate" comment="Created during import of line 287">
<OSrc neg="False">
<ObjectRef ref="id32"/>
</OSrc>
@ -772,11 +772,11 @@
<ObjectRef ref="sysid0"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id2327"/>
<ObjectRef ref="id2339"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id709" disabled="False" group="" position="4" action="Translate" comment="Created during import of line 285">
<NATRule id="id709" disabled="False" group="" position="4" action="Translate" comment="Created during import of line 288">
<OSrc neg="False">
<ObjectRef ref="id32"/>
</OSrc>
@ -799,11 +799,11 @@
<ObjectRef ref="sysid0"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id2327"/>
<ObjectRef ref="id2339"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id727" disabled="False" group="" position="5" action="Translate" comment="Created during import of line 286">
<NATRule id="id727" disabled="False" group="" position="5" action="Translate" comment="Created during import of line 289">
<OSrc neg="False">
<ObjectRef ref="id12"/>
</OSrc>
@ -826,11 +826,11 @@
<ObjectRef ref="sysid0"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="id2042"/>
<ObjectRef ref="id2054"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id745" disabled="False" group="" position="6" action="Translate" comment="Created during import of line 288">
<NATRule id="id745" disabled="False" group="" position="6" action="Translate" comment="Created during import of line 291">
<OSrc neg="False">
<ObjectRef ref="id32"/>
</OSrc>
@ -841,7 +841,7 @@
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id2326"/>
<ObjectRef ref="id2338"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
@ -857,7 +857,7 @@
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id763" disabled="False" group="" position="7" action="Translate" comment="Created during import of line 290">
<NATRule id="id763" disabled="False" group="" position="7" action="Translate" comment="Created during import of line 293">
<OSrc neg="False">
<ObjectRef ref="id32"/>
</OSrc>
@ -884,7 +884,7 @@
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id781" disabled="False" group="" position="8" action="Translate" comment="Created during import of line 292">
<NATRule id="id781" disabled="False" group="" position="8" action="Translate" comment="Created during import of line 295">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -911,7 +911,7 @@
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id799" disabled="False" group="" position="9" action="Translate" comment="Created during import of line 293">
<NATRule id="id799" disabled="False" group="" position="9" action="Translate" comment="Created during import of line 296">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -938,7 +938,7 @@
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id817" disabled="False" group="" position="10" action="Translate" comment="Created during import of line 294">
<NATRule id="id817" disabled="False" group="" position="10" action="Translate" comment="Created during import of line 297">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -965,7 +965,7 @@
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id835" disabled="False" group="" position="11" action="Translate" comment="Created during import of line 295">
<NATRule id="id835" disabled="False" group="" position="11" action="Translate" comment="Created during import of line 298">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -992,7 +992,7 @@
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id853" disabled="False" group="" position="12" action="Translate" comment="Created during import of line 296">
<NATRule id="id853" disabled="False" group="" position="12" action="Translate" comment="Created during import of line 299">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -1019,7 +1019,7 @@
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id871" disabled="False" group="" position="13" action="Translate" comment="Created during import of line 297">
<NATRule id="id871" disabled="False" group="" position="13" action="Translate" comment="Created during import of line 300">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -1046,7 +1046,7 @@
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id889" disabled="False" group="" position="14" action="Translate" comment="Created during import of line 299">
<NATRule id="id889" disabled="False" group="" position="14" action="Translate" comment="Created during import of line 302">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -1073,7 +1073,7 @@
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id907" disabled="False" group="" position="15" action="Translate" comment="Created during import of line 302">
<NATRule id="id907" disabled="False" group="" position="15" action="Translate" comment="Created during import of line 305">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -1093,14 +1093,14 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<ItfInb neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</ItfInb>
<ItfOutb neg="False">
<ObjectRef ref="sysid0"/>
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id925" disabled="False" group="" position="16" action="Translate" comment="Created during import of line 305">
<NATRule id="id925" disabled="False" group="" position="16" action="Translate" comment="Created during import of line 308">
<OSrc neg="False">
<ObjectRef ref="id32"/>
</OSrc>
@ -1127,7 +1127,7 @@
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id943" disabled="False" group="" position="17" action="Translate" comment="Created during import of line 308">
<NATRule id="id943" disabled="False" group="" position="17" action="Translate" comment="Created during import of line 311">
<OSrc neg="False">
<ObjectRef ref="id32"/>
</OSrc>
@ -1154,7 +1154,7 @@
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id961" disabled="False" group="" position="18" action="Translate" comment="Created during import of line 311">
<NATRule id="id961" disabled="False" group="" position="18" action="Translate" comment="Created during import of line 314">
<OSrc neg="False">
<ObjectRef ref="id199"/>
</OSrc>
@ -1181,7 +1181,7 @@
</ItfOutb>
<NATRuleOptions/>
</NATRule>
<NATRule id="id979" disabled="False" group="" position="19" action="Translate" comment="Created during import of line 312">
<NATRule id="id979" disabled="False" group="" position="19" action="Translate" comment="Created during import of line 315">
<OSrc neg="False">
<ObjectRef ref="id199"/>
</OSrc>
@ -1308,7 +1308,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id1775</Option>
<Option name="branch_id">id1787</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
@ -1330,7 +1330,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id1789</Option>
<Option name="branch_id">id1801</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
@ -1352,7 +1352,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id1803</Option>
<Option name="branch_id">id1815</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
@ -1374,7 +1374,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id1817</Option>
<Option name="branch_id">id1829</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
@ -1390,7 +1390,7 @@
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id1833"/>
<ObjectRef ref="id1845"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -1438,7 +1438,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id1834</Option>
<Option name="branch_id">id1846</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
@ -1454,13 +1454,13 @@
<ServiceRef ref="id175"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id2028</Option>
<Option name="branch_id">id2040</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
@ -2003,7 +2003,7 @@
<ServiceRef ref="id108"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -2965,7 +2965,27 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1595" disabled="False" group="" log="False" position="49" action="Accept" direction="Both" comment="Chain user_chain. &#10;Created during import of line 205">
<PolicyRule id="id1595" disabled="False" group="" log="False" position="49" action="Accept" direction="Both" comment="Chain user_chain. &#10;Created during import of line 204">
<Src neg="False">
<ObjectRef ref="id29"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="True">
<ServiceRef ref="id42"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1607" disabled="False" group="" log="False" position="50" action="Accept" direction="Both" comment="Chain user_chain. &#10;Created during import of line 208">
<Src neg="False">
<ObjectRef ref="id29"/>
</Src>
@ -2985,7 +3005,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1607" disabled="False" group="" log="False" position="50" action="Accept" direction="Both" comment="Chain user_chain. &#10;Created during import of line 206">
<PolicyRule id="id1619" disabled="False" group="" log="False" position="51" action="Accept" direction="Both" comment="Chain user_chain. &#10;Created during import of line 209">
<Src neg="False">
<ObjectRef ref="id29"/>
</Src>
@ -3005,7 +3025,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1619" disabled="False" group="" log="False" position="51" action="Accept" direction="Both" comment="Chain user_chain. &#10;Created during import of line 207">
<PolicyRule id="id1631" disabled="False" group="" log="False" position="52" action="Accept" direction="Both" comment="Chain user_chain. &#10;Created during import of line 210">
<Src neg="False">
<ObjectRef ref="id29"/>
</Src>
@ -3025,7 +3045,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1631" disabled="False" group="" log="False" position="52" action="Deny" direction="Both" comment="Chain user_chain. &#10;Created during import of line 211">
<PolicyRule id="id1643" disabled="False" group="" log="False" position="53" action="Deny" direction="Both" comment="Chain user_chain. &#10;Created during import of line 214">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3045,7 +3065,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1643" disabled="False" group="" log="False" position="53" action="Deny" direction="Both" comment="Chain user_chain. &#10;Created during import of line 214">
<PolicyRule id="id1655" disabled="False" group="" log="False" position="54" action="Deny" direction="Both" comment="Chain user_chain. &#10;Created during import of line 217">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3065,7 +3085,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1655" disabled="False" group="" log="False" position="54" action="Branch" direction="Inbound" comment="Chain user_chain. &#10;Created during import of line 215">
<PolicyRule id="id1667" disabled="False" group="" log="False" position="55" action="Branch" direction="Inbound" comment="Chain user_chain. &#10;Created during import of line 218">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3076,18 +3096,18 @@
<ServiceRef ref="id120"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id2044</Option>
<Option name="branch_id">id2056</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1667" disabled="False" group="" log="False" position="55" action="Branch" direction="Both" comment="Chain user_chain. &#10;Created during import of line 219">
<PolicyRule id="id1679" disabled="False" group="" log="False" position="56" action="Branch" direction="Both" comment="Chain user_chain. &#10;Created during import of line 222">
<Src neg="False">
<ObjectRef ref="id29"/>
</Src>
@ -3104,12 +3124,12 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id2058</Option>
<Option name="branch_id">id2070</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1679" disabled="False" group="" log="False" position="56" action="Branch" direction="Both" comment="Chain user_chain. &#10;Created during import of line 220">
<PolicyRule id="id1691" disabled="False" group="" log="False" position="57" action="Branch" direction="Both" comment="Chain user_chain. &#10;Created during import of line 223">
<Src neg="False">
<ObjectRef ref="id29"/>
</Src>
@ -3126,12 +3146,12 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id2072</Option>
<Option name="branch_id">id2084</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1691" disabled="False" group="" log="False" position="57" action="Branch" direction="Both" comment="Chain user_chain. &#10;Created during import of line 221">
<PolicyRule id="id1703" disabled="False" group="" log="False" position="58" action="Branch" direction="Both" comment="Chain user_chain. &#10;Created during import of line 224">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3148,12 +3168,12 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id2086</Option>
<Option name="branch_id">id2098</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1703" disabled="False" group="" log="False" position="58" action="Branch" direction="Both" comment="Chain user_chain. &#10;Created during import of line 224">
<PolicyRule id="id1715" disabled="False" group="" log="False" position="59" action="Branch" direction="Both" comment="Chain user_chain. &#10;Created during import of line 227">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3170,12 +3190,12 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id2100</Option>
<Option name="branch_id">id2112</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1715" disabled="False" group="" log="False" position="59" action="Branch" direction="Both" comment="Chain user_chain. &#10;Created during import of line 227">
<PolicyRule id="id1727" disabled="False" group="" log="False" position="60" action="Branch" direction="Both" comment="Chain user_chain. &#10;Created during import of line 230">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3192,12 +3212,12 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id2114</Option>
<Option name="branch_id">id2126</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1727" disabled="False" group="" log="False" position="60" action="Branch" direction="Both" comment="Chain user_chain. &#10;Created during import of line 230&#10;Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.">
<PolicyRule id="id1739" disabled="False" group="" log="False" position="61" action="Branch" direction="Both" comment="Chain user_chain. &#10;Created during import of line 233&#10;Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3214,13 +3234,13 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id2128</Option>
<Option name="branch_id">id2140</Option>
<Option name="color">#C86E6E</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1739" disabled="False" group="" log="False" position="61" action="Branch" direction="Both" comment="Chain user_chain. &#10;Created during import of line 231&#10;Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.">
<PolicyRule id="id1751" disabled="False" group="" log="False" position="62" action="Branch" direction="Both" comment="Chain user_chain. &#10;Created during import of line 234&#10;Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3237,13 +3257,13 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="branch_id">id2142</Option>
<Option name="branch_id">id2154</Option>
<Option name="color">#C86E6E</Option>
<Option name="stateless">True</Option>
<Option name="tagobject_id"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1751" disabled="False" group="" log="False" position="62" action="Deny" direction="Both" comment="Chain user_chain. &#10;Created during import of line 234">
<PolicyRule id="id1763" disabled="False" group="" log="False" position="63" action="Deny" direction="Both" comment="Chain user_chain. &#10;Created during import of line 237">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3263,7 +3283,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1763" disabled="False" group="" log="False" position="63" action="Deny" direction="Both" comment="Chain user_chain. &#10;Created during import of line 236">
<PolicyRule id="id1775" disabled="False" group="" log="False" position="64" action="Deny" direction="Both" comment="Chain user_chain. &#10;Created during import of line 239">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3285,8 +3305,8 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id1775" name="INPUT_state_match_0" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id1777" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="">
<Policy id="id1787" name="INPUT_state_match_0" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id1789" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3308,8 +3328,8 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id1789" name="OUTPUT_established_1" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id1791" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="">
<Policy id="id1801" name="OUTPUT_established_1" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id1803" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3331,8 +3351,8 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id1803" name="OUTPUT_established_2" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id1805" disabled="False" group="" log="False" position="0" action="Deny" direction="Both" comment="">
<Policy id="id1815" name="OUTPUT_established_2" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id1817" disabled="False" group="" log="False" position="0" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3354,8 +3374,8 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id1817" name="FORWARD_state_match_3" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id1819" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="">
<Policy id="id1829" name="FORWARD_state_match_3" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id1831" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3377,11 +3397,11 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id1831" name="drop_invalid" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<Policy id="id1843" name="drop_invalid" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<RuleSetOptions/>
</Policy>
<Policy id="id1834" name="scan_checks_chain" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id1836" disabled="False" group="" log="True" position="0" action="Continue" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 136">
<Policy id="id1846" name="scan_checks_chain" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id1848" disabled="False" group="" log="True" position="0" action="Continue" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 136">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3392,7 +3412,7 @@
<ServiceRef ref="id126"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3408,7 +3428,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1848" disabled="False" group="" log="True" position="1" action="Continue" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 137">
<PolicyRule id="id1860" disabled="False" group="" log="True" position="1" action="Continue" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 137">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3419,7 +3439,7 @@
<ServiceRef ref="id127"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3435,7 +3455,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1860" disabled="False" group="" log="True" position="2" action="Continue" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 138">
<PolicyRule id="id1872" disabled="False" group="" log="True" position="2" action="Continue" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 138">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3446,7 +3466,7 @@
<ServiceRef ref="id128"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3462,7 +3482,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1872" disabled="False" group="" log="True" position="3" action="Continue" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 139">
<PolicyRule id="id1884" disabled="False" group="" log="True" position="3" action="Continue" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 139">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3473,7 +3493,7 @@
<ServiceRef ref="id129"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3489,7 +3509,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1884" disabled="False" group="" log="True" position="4" action="Continue" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 140">
<PolicyRule id="id1896" disabled="False" group="" log="True" position="4" action="Continue" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 140">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3500,7 +3520,7 @@
<ServiceRef ref="id130"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3516,7 +3536,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1896" disabled="False" group="" log="True" position="5" action="Continue" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 141">
<PolicyRule id="id1908" disabled="False" group="" log="True" position="5" action="Continue" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 141">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3527,7 +3547,7 @@
<ServiceRef ref="id131"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3543,7 +3563,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1908" disabled="False" group="" log="True" position="6" action="Continue" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 142">
<PolicyRule id="id1920" disabled="False" group="" log="True" position="6" action="Continue" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 142">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3554,7 +3574,7 @@
<ServiceRef ref="id132"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3570,7 +3590,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1920" disabled="False" group="" log="False" position="7" action="Deny" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 143">
<PolicyRule id="id1932" disabled="False" group="" log="False" position="7" action="Deny" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 143">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3581,7 +3601,7 @@
<ServiceRef ref="id126"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3590,7 +3610,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1932" disabled="False" group="" log="False" position="8" action="Deny" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 144">
<PolicyRule id="id1944" disabled="False" group="" log="False" position="8" action="Deny" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 144">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3601,7 +3621,7 @@
<ServiceRef ref="id127"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3610,7 +3630,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1944" disabled="False" group="" log="False" position="9" action="Deny" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 145">
<PolicyRule id="id1956" disabled="False" group="" log="False" position="9" action="Deny" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 145">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3621,7 +3641,7 @@
<ServiceRef ref="id128"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3630,7 +3650,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1956" disabled="False" group="" log="False" position="10" action="Deny" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 146">
<PolicyRule id="id1968" disabled="False" group="" log="False" position="10" action="Deny" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 146">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3641,7 +3661,7 @@
<ServiceRef ref="id129"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3650,7 +3670,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1968" disabled="False" group="" log="False" position="11" action="Deny" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 147">
<PolicyRule id="id1980" disabled="False" group="" log="False" position="11" action="Deny" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 147">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3661,7 +3681,7 @@
<ServiceRef ref="id130"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3670,7 +3690,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1980" disabled="False" group="" log="False" position="12" action="Deny" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 148">
<PolicyRule id="id1992" disabled="False" group="" log="False" position="12" action="Deny" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 148">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3681,7 +3701,7 @@
<ServiceRef ref="id131"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3690,7 +3710,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id1992" disabled="False" group="" log="False" position="13" action="Deny" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 149">
<PolicyRule id="id2004" disabled="False" group="" log="False" position="13" action="Deny" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 149">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3701,7 +3721,7 @@
<ServiceRef ref="id132"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3710,7 +3730,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2004" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 150">
<PolicyRule id="id2016" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 150">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3721,7 +3741,7 @@
<ServiceRef ref="id133"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3730,7 +3750,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2016" disabled="False" group="" log="False" position="15" action="Accept" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 151">
<PolicyRule id="id2028" disabled="False" group="" log="False" position="15" action="Accept" direction="Inbound" comment="Chain scan_checks_chain. &#10;Created during import of line 151">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3741,7 +3761,7 @@
<ServiceRef ref="id133"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2043"/>
<ObjectRef ref="id2055"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3752,8 +3772,8 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id2028" name="Policy_eth1" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2030" disabled="False" group="" log="False" position="0" action="Accept" direction="Outbound" comment="Called from ruleset Policy, rule 11">
<Policy id="id2040" name="Policy_eth1" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2042" disabled="False" group="" log="False" position="0" action="Accept" direction="Outbound" comment="Called from ruleset Policy, rule 11">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3764,7 +3784,7 @@
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2042"/>
<ObjectRef ref="id2054"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3775,8 +3795,8 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id2044" name="user_chain_54_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2046" disabled="False" group="" log="False" position="0" action="Deny" direction="Inbound" comment="Called from ruleset user_chain, rule 54">
<Policy id="id2056" name="user_chain_55_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2058" disabled="False" group="" log="False" position="0" action="Deny" direction="Inbound" comment="Called from ruleset user_chain, rule 55">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3798,8 +3818,8 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id2058" name="user_chain_55_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2060" disabled="False" group="" log="False" position="0" action="Deny" direction="Both" comment="Called from ruleset user_chain, rule 55">
<Policy id="id2070" name="user_chain_56_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2072" disabled="False" group="" log="False" position="0" action="Deny" direction="Both" comment="Called from ruleset user_chain, rule 56">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3821,8 +3841,8 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id2072" name="user_chain_56_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2074" disabled="False" group="" log="False" position="0" action="Deny" direction="Both" comment="Called from ruleset user_chain, rule 56">
<Policy id="id2084" name="user_chain_57_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2086" disabled="False" group="" log="False" position="0" action="Deny" direction="Both" comment="Called from ruleset user_chain, rule 57">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3844,8 +3864,8 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id2086" name="user_chain_57_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2088" disabled="False" group="" log="False" position="0" action="Deny" direction="Both" comment="Called from ruleset user_chain, rule 57">
<Policy id="id2098" name="user_chain_58_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2100" disabled="False" group="" log="False" position="0" action="Deny" direction="Both" comment="Called from ruleset user_chain, rule 58">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3867,8 +3887,8 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id2100" name="user_chain_58_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2102" disabled="False" group="" log="False" position="0" action="Tag" direction="Both" comment="Called from ruleset user_chain, rule 58">
<Policy id="id2112" name="user_chain_59_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2114" disabled="False" group="" log="False" position="0" action="Tag" direction="Both" comment="Called from ruleset user_chain, rule 59">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3892,8 +3912,8 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id2114" name="user_chain_59_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2116" disabled="False" group="" log="False" position="0" action="Tag" direction="Both" comment="Called from ruleset user_chain, rule 59">
<Policy id="id2126" name="user_chain_60_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2128" disabled="False" group="" log="False" position="0" action="Tag" direction="Both" comment="Called from ruleset user_chain, rule 60">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3917,8 +3937,8 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id2128" name="user_chain_60_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2130" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="Called from ruleset user_chain, rule 60">
<Policy id="id2140" name="user_chain_61_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2142" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="Called from ruleset user_chain, rule 61">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3940,8 +3960,8 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id2142" name="user_chain_61_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2144" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="Called from ruleset user_chain, rule 61">
<Policy id="id2154" name="user_chain_62_mod_match" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2156" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="Called from ruleset user_chain, rule 62">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3963,8 +3983,8 @@
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id2156" name="Mangle" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id2158" disabled="False" group="" log="False" position="0" action="Tag" direction="Inbound" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD&#10;Chain FORWARD. &#10;Created during import of line 249&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD">
<Policy id="id2168" name="Mangle" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id2170" disabled="False" group="" log="False" position="0" action="Tag" direction="Inbound" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD&#10;Chain FORWARD. &#10;Created during import of line 252&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3975,7 +3995,7 @@
<ServiceRef ref="id157"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2042"/>
<ObjectRef ref="id2054"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -3987,7 +4007,7 @@
<Option name="tagobject_id">id193</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2170" disabled="False" group="" log="False" position="1" action="Tag" direction="Inbound" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD&#10;Chain FORWARD. &#10;Created during import of line 252&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD">
<PolicyRule id="id2182" disabled="False" group="" log="False" position="1" action="Tag" direction="Inbound" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD&#10;Chain FORWARD. &#10;Created during import of line 255&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -3998,7 +4018,7 @@
<ServiceRef ref="id157"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2042"/>
<ObjectRef ref="id2054"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -4010,7 +4030,7 @@
<Option name="tagobject_id">id194</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2182" disabled="False" group="" log="False" position="2" action="Tag" direction="Inbound" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD&#10;Chain FORWARD. &#10;Created during import of line 253&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD">
<PolicyRule id="id2194" disabled="False" group="" log="False" position="2" action="Tag" direction="Inbound" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD&#10;Chain FORWARD. &#10;Created during import of line 256&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -4021,7 +4041,7 @@
<ServiceRef ref="id157"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2042"/>
<ObjectRef ref="id2054"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -4033,7 +4053,7 @@
<Option name="tagobject_id">id195</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2194" disabled="False" group="" log="False" position="3" action="Tag" direction="Inbound" comment="Chain PREROUTING. &#10;Created during import of line 256">
<PolicyRule id="id2206" disabled="False" group="" log="False" position="3" action="Tag" direction="Inbound" comment="Chain PREROUTING. &#10;Created during import of line 259">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -4044,7 +4064,7 @@
<ServiceRef ref="id157"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2042"/>
<ObjectRef ref="id2054"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -4055,7 +4075,7 @@
<Option name="tagobject_id">id193</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2206" disabled="False" group="" log="False" position="4" action="Tag" direction="Outbound" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING&#10;Chain POSTROUTING. &#10;Created during import of line 262&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING">
<PolicyRule id="id2218" disabled="False" group="" log="False" position="4" action="Tag" direction="Outbound" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING&#10;Chain POSTROUTING. &#10;Created during import of line 265&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -4066,7 +4086,7 @@
<ServiceRef ref="id158"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id2042"/>
<ObjectRef ref="id2054"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
@ -4079,7 +4099,7 @@
<Option name="tagobject_id">id193</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2218" disabled="False" group="" log="False" position="5" action="Route" direction="Both" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING&#10;Chain POSTROUTING. &#10;Created during import of line 266&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING">
<PolicyRule id="id2230" disabled="False" group="" log="False" position="5" action="Route" direction="Both" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING&#10;Chain POSTROUTING. &#10;Created during import of line 269&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -4105,7 +4125,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2230" disabled="False" group="" log="False" position="6" action="Route" direction="Both" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING&#10;Chain POSTROUTING. &#10;Created during import of line 267&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING">
<PolicyRule id="id2242" disabled="False" group="" log="False" position="6" action="Route" direction="Both" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING&#10;Chain POSTROUTING. &#10;Created during import of line 270&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -4131,7 +4151,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2242" disabled="False" group="" log="False" position="7" action="Custom" direction="Both" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING&#10;Chain POSTROUTING. &#10;Created during import of line 271&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING">
<PolicyRule id="id2254" disabled="False" group="" log="False" position="7" action="Custom" direction="Both" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING&#10;Chain POSTROUTING. &#10;Created during import of line 274&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -4153,7 +4173,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2254" disabled="False" group="" log="False" position="8" action="Custom" direction="Both" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING&#10;Chain POSTROUTING. &#10;Created during import of line 272&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING">
<PolicyRule id="id2266" disabled="False" group="" log="False" position="8" action="Custom" direction="Both" comment="Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING&#10;Chain POSTROUTING. &#10;Created during import of line 275&#10;Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -4175,7 +4195,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2266" disabled="False" group="" log="False" position="9" action="Accept" direction="Both" comment="Warning: Line 244: Can not reproduce default action in table 'mangle' chain 'FORWARD'. (Generated rule may not generate equivalent iptables command when compiled)">
<PolicyRule id="id2278" disabled="False" group="" log="False" position="9" action="Accept" direction="Both" comment="Warning: Line 247: Can not reproduce default action in table 'mangle' chain 'FORWARD'. (Generated rule may not generate equivalent iptables command when compiled)">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -4196,7 +4216,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2278" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Warning: Line 243: Can not reproduce default action in table 'mangle' chain 'INPUT'. (Generated rule may not generate equivalent iptables command when compiled)">
<PolicyRule id="id2290" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Warning: Line 246: Can not reproduce default action in table 'mangle' chain 'INPUT'. (Generated rule may not generate equivalent iptables command when compiled)">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -4217,7 +4237,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2290" disabled="False" group="" log="False" position="11" action="Accept" direction="Outbound" comment="Default iptables policy in mangle/OUTPUT">
<PolicyRule id="id2302" disabled="False" group="" log="False" position="11" action="Accept" direction="Outbound" comment="Default iptables policy in mangle/OUTPUT">
<Src neg="False">
<ObjectRef ref="id199"/>
</Src>
@ -4237,7 +4257,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2302" disabled="False" group="" log="False" position="12" action="Accept" direction="Outbound" comment="Default iptables policy in mangle/POSTROUTING">
<PolicyRule id="id2314" disabled="False" group="" log="False" position="12" action="Accept" direction="Outbound" comment="Default iptables policy in mangle/POSTROUTING">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -4257,7 +4277,7 @@
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2314" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Default iptables policy in mangle/PREROUTING">
<PolicyRule id="id2326" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Default iptables policy in mangle/PREROUTING">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -4284,11 +4304,11 @@
<Routing id="id997" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id1833" dedicated_failover="False" dyn="False" security_level="0" unnum="True" unprotected="False" name="lo" comment="Created during import of line 40" ro="False"/>
<Interface id="id2042" dedicated_failover="False" dyn="False" security_level="0" unnum="True" unprotected="False" name="eth1" comment="Created during import of line 45" ro="False"/>
<Interface id="id2043" dedicated_failover="False" dyn="False" security_level="0" unnum="True" unprotected="False" name="eth0" comment="Created during import of line 45" ro="False"/>
<Interface id="id2326" dedicated_failover="False" dyn="False" security_level="0" unnum="True" unprotected="False" name="eth2" comment="Created during import of line 267" ro="False"/>
<Interface id="id2327" dedicated_failover="False" dyn="False" security_level="0" unnum="True" unprotected="False" name="eth+" comment="Created during import of line 283" ro="False"/>
<Interface id="id1845" dedicated_failover="False" dyn="False" security_level="0" unnum="True" unprotected="False" name="lo" comment="Created during import of line 40" ro="False"/>
<Interface id="id2054" dedicated_failover="False" dyn="False" security_level="0" unnum="True" unprotected="False" name="eth1" comment="Created during import of line 45" ro="False"/>
<Interface id="id2055" dedicated_failover="False" dyn="False" security_level="0" unnum="True" unprotected="False" name="eth0" comment="Created during import of line 45" ro="False"/>
<Interface id="id2338" dedicated_failover="False" dyn="False" security_level="0" unnum="True" unprotected="False" name="eth2" comment="Created during import of line 270" ro="False"/>
<Interface id="id2339" dedicated_failover="False" dyn="False" security_level="0" unnum="True" unprotected="False" name="eth+" comment="Created during import of line 286" ro="False"/>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
@ -4315,7 +4335,7 @@
</FirewallOptions>
</Firewall>
</ObjectGroup>
<ObjectGroup id="id2328" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id2329" name="Time" comment="" ro="False"/>
<ObjectGroup id="id2340" name="Clusters" comment="" ro="False"/>
<IntervalGroup id="id2341" name="Time" comment="" ro="False"/>
</Library>
</FWObjectDatabase>

98
src/unit_tests/ImporterTest/test_data/ipt.output
View File

@ -27,59 +27,59 @@
45: New interface: eth0
45: Warning: Creating branch ruleset 'Policy_eth1' to match inbound and outbound interfaces -i eth0 -o eth1
106: Warning: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking.
215: Created branch user_chain_54_mod_match
219: Created branch user_chain_55_mod_match
220: Created branch user_chain_56_mod_match
221: Created branch user_chain_57_mod_match
218: Created branch user_chain_55_mod_match
222: Created branch user_chain_56_mod_match
223: Created branch user_chain_57_mod_match
224: Created branch user_chain_58_mod_match
227: Created branch user_chain_59_mod_match
230: Created branch user_chain_60_mod_match
230: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
230: Error: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
231: Created branch user_chain_61_mod_match
231: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
231: Error: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
242: New ruleset: mangle / PREROUTING
242: Default action: Accept
243: New ruleset: mangle / INPUT
243: Default action: Accept
244: New ruleset: mangle / FORWARD
244: Default action: Accept
245: New ruleset: mangle / OUTPUT
233: Created branch user_chain_61_mod_match
233: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
233: Error: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
234: Created branch user_chain_62_mod_match
234: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
234: Error: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match.
245: New ruleset: mangle / PREROUTING
245: Default action: Accept
246: New ruleset: mangle / POSTROUTING
246: New ruleset: mangle / INPUT
246: Default action: Accept
249: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
249: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
247: New ruleset: mangle / FORWARD
247: Default action: Accept
248: New ruleset: mangle / OUTPUT
248: Default action: Accept
249: New ruleset: mangle / POSTROUTING
249: Default action: Accept
252: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
252: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
253: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
253: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
259: Warning: Skipping command with '-j CONNMARK --restore-mark' This rule is generated automatically.
262: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
262: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
263: Warning: Turned option on in previous rule with action Mark for '-j CONNMARK --save-mark'
266: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
266: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
267: New interface: eth2
267: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
267: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
271: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
271: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
272: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
272: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
277: New ruleset: nat / PREROUTING
277: Default action: Accept
278: New ruleset: nat / POSTROUTING
278: Default action: Accept
279: New ruleset: nat / OUTPUT
279: Default action: Accept
283: New interface: eth+
312: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT
312: Warning: Line 244: Can not reproduce default action in table 'mangle' chain 'FORWARD'. (Generated rule may not generate equivalent iptables command when compiled)
312: Warning: Line 244: Added rule to reproduce default policy ACCEPT in mangle/FORWARD
312: Warning: Line 243: Can not reproduce default action in table 'mangle' chain 'INPUT'. (Generated rule may not generate equivalent iptables command when compiled)
312: Warning: Line 243: Added rule to reproduce default policy ACCEPT in mangle/INPUT
312: Warning: Line 245: Added rule to reproduce default policy ACCEPT in mangle/OUTPUT
312: Warning: Line 246: Added rule to reproduce default policy ACCEPT in mangle/POSTROUTING
312: Warning: Line 242: Added rule to reproduce default policy ACCEPT in mangle/PREROUTING
255: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
255: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
256: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
256: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD
262: Warning: Skipping command with '-j CONNMARK --restore-mark' This rule is generated automatically.
265: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
265: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
266: Warning: Turned option on in previous rule with action Mark for '-j CONNMARK --save-mark'
269: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
269: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
270: New interface: eth2
270: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
270: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
274: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
274: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
275: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
275: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING
280: New ruleset: nat / PREROUTING
280: Default action: Accept
281: New ruleset: nat / POSTROUTING
281: Default action: Accept
282: New ruleset: nat / OUTPUT
282: Default action: Accept
286: New interface: eth+
315: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT
315: Warning: Line 247: Can not reproduce default action in table 'mangle' chain 'FORWARD'. (Generated rule may not generate equivalent iptables command when compiled)
315: Warning: Line 247: Added rule to reproduce default policy ACCEPT in mangle/FORWARD
315: Warning: Line 246: Can not reproduce default action in table 'mangle' chain 'INPUT'. (Generated rule may not generate equivalent iptables command when compiled)
315: Warning: Line 246: Added rule to reproduce default policy ACCEPT in mangle/INPUT
315: Warning: Line 248: Added rule to reproduce default policy ACCEPT in mangle/OUTPUT
315: Warning: Line 249: Added rule to reproduce default policy ACCEPT in mangle/POSTROUTING
315: Warning: Line 245: Added rule to reproduce default policy ACCEPT in mangle/PREROUTING

3
src/unit_tests/ImporterTest/test_data/ipt.test
View File

@ -200,6 +200,9 @@
-A user_chain -m multiport -s 128.143.0.0/16 -p tcp --ports 548,201:206,311:315 -j ACCEPT
-A user_chain -m multiport -s 128.143.0.0/16 -p tcp --ports 201:206,311:315,548 -j ACCEPT
# now with negation
-A user_chain -m multiport -s 128.143.0.0/16 -p tcp ! --dports 548,201,202,204,206 -j ACCEPT
# icmp
-A user_chain -p icmp -s 128.143.0.0/16 --icmp-type any -j ACCEPT