diff --git a/src/parsers/IPTCfgLexer.cpp b/src/parsers/IPTCfgLexer.cpp index 1a7c10870..4180f97b7 100644 --- a/src/parsers/IPTCfgLexer.cpp +++ b/src/parsers/IPTCfgLexer.cpp @@ -713,7 +713,7 @@ void IPTCfgLexer::mWhitespace(bool _createToken) { } } if ( inputState->guessing==0 ) { -#line 1237 "iptables.g" +#line 1243 "iptables.g" _ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP; #line 719 "IPTCfgLexer.cpp" } @@ -746,7 +746,7 @@ void IPTCfgLexer::mNEWLINE(bool _createToken) { } if ( inputState->guessing==0 ) { -#line 1239 "iptables.g" +#line 1245 "iptables.g" newline(); resetText(); #line 752 "IPTCfgLexer.cpp" } @@ -1026,7 +1026,7 @@ void IPTCfgLexer::mNUMBER(bool _createToken) { match('.' /* charlit */ ); mNUM_3DIGIT(false); if ( inputState->guessing==0 ) { -#line 1306 "iptables.g" +#line 1312 "iptables.g" _ttype = IPV4; #line 1032 "IPTCfgLexer.cpp" } @@ -1060,7 +1060,7 @@ void IPTCfgLexer::mNUMBER(bool _createToken) { match('.' /* charlit */ ); mNUM_3DIGIT(false); if ( inputState->guessing==0 ) { -#line 1310 "iptables.g" +#line 1316 "iptables.g" _ttype = THREE_COMPONENT_VERSION; #line 1066 "IPTCfgLexer.cpp" } @@ -1086,7 +1086,7 @@ void IPTCfgLexer::mNUMBER(bool _createToken) { } // ( ... )+ } if ( inputState->guessing==0 ) { -#line 1314 "iptables.g" +#line 1320 "iptables.g" _ttype = HEX_CONST; #line 1092 "IPTCfgLexer.cpp" } @@ -1107,7 +1107,7 @@ void IPTCfgLexer::mNUMBER(bool _createToken) { _loop195:; } // ( ... )+ if ( inputState->guessing==0 ) { -#line 1316 "iptables.g" +#line 1322 "iptables.g" _ttype = INT_CONST; #line 1113 "IPTCfgLexer.cpp" } @@ -1423,7 +1423,7 @@ void IPTCfgLexer::mRSOURCE(bool _createToken) { match("--rsource"); if ( inputState->guessing==0 ) { -#line 1340 "iptables.g" +#line 1346 "iptables.g" _ttype = UNSUPPORTED_OPTION; #line 1429 "IPTCfgLexer.cpp" } @@ -2086,7 +2086,7 @@ void IPTCfgLexer::mULOG_QTHR(bool _createToken) { match("--ulog-qthreshold"); if ( inputState->guessing==0 ) { -#line 1407 "iptables.g" +#line 1413 "iptables.g" _ttype = UNSUPPORTED_OPTION; #line 2092 "IPTCfgLexer.cpp" } @@ -2105,7 +2105,7 @@ void IPTCfgLexer::mULOG_NLG(bool _createToken) { match("--ulog-nlgroup"); if ( inputState->guessing==0 ) { -#line 1408 "iptables.g" +#line 1414 "iptables.g" _ttype = UNSUPPORTED_OPTION; #line 2111 "IPTCfgLexer.cpp" } @@ -2124,7 +2124,7 @@ void IPTCfgLexer::mULOG_CPR(bool _createToken) { match("--ulog-cprange"); if ( inputState->guessing==0 ) { -#line 1409 "iptables.g" +#line 1415 "iptables.g" _ttype = UNSUPPORTED_OPTION; #line 2130 "IPTCfgLexer.cpp" } diff --git a/src/parsers/IPTCfgParser.cpp b/src/parsers/IPTCfgParser.cpp index 241665a04..eab7f4d59 100644 --- a/src/parsers/IPTCfgParser.cpp +++ b/src/parsers/IPTCfgParser.cpp @@ -1160,7 +1160,7 @@ void IPTCfgParser::icmp_type_spec() { { match(WORD); if ( inputState->guessing==0 ) { -#line 957 "iptables.g" +#line 963 "iptables.g" importer->icmp_spec = LT(0)->getText(); *dbg << " ICMP_SPEC=" << LT(0)->getText(); @@ -1174,7 +1174,7 @@ void IPTCfgParser::icmp_type_spec() { { match(INT_CONST); if ( inputState->guessing==0 ) { -#line 964 "iptables.g" +#line 970 "iptables.g" importer->icmp_type = LT(0)->getText(); importer->icmp_code = "-1"; @@ -1189,7 +1189,7 @@ void IPTCfgParser::icmp_type_spec() { match(SLASH); match(INT_CONST); if ( inputState->guessing==0 ) { -#line 971 "iptables.g" +#line 977 "iptables.g" importer->icmp_code = LT(0)->getText(); *dbg << " ICMP_CODE=" << LT(0)->getText(); @@ -1281,7 +1281,7 @@ void IPTCfgParser::basic_tcp_udp_port_spec() { } } if ( inputState->guessing==0 ) { -#line 1053 "iptables.g" +#line 1059 "iptables.g" importer->srv_neg = importer->tmp_neg; importer->tmp_neg = false; @@ -1308,7 +1308,7 @@ void IPTCfgParser::basic_tcp_udp_port_spec() { } } if ( inputState->guessing==0 ) { -#line 1058 "iptables.g" +#line 1064 "iptables.g" importer->pushTmpPortSpecToSrcPortList(); @@ -1338,7 +1338,7 @@ void IPTCfgParser::basic_tcp_udp_port_spec() { } } if ( inputState->guessing==0 ) { -#line 1063 "iptables.g" +#line 1069 "iptables.g" importer->srv_neg = importer->tmp_neg; importer->tmp_neg = false; @@ -1365,7 +1365,7 @@ void IPTCfgParser::basic_tcp_udp_port_spec() { } } if ( inputState->guessing==0 ) { -#line 1068 "iptables.g" +#line 1074 "iptables.g" importer->pushTmpPortSpecToDstPortList(); @@ -1401,18 +1401,20 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() { if ( inputState->guessing==0 ) { #line 894 "iptables.g" + importer->srv_neg = importer->tmp_neg; + importer->tmp_neg = false; importer->startSrcMultiPort(); *dbg << " SRC MULTIPORT="; -#line 1408 "IPTCfgParser.cpp" +#line 1410 "IPTCfgParser.cpp" } port_def_with_range(); if ( inputState->guessing==0 ) { -#line 899 "iptables.g" +#line 901 "iptables.g" importer->pushTmpPortSpecToSrcPortList(); -#line 1416 "IPTCfgParser.cpp" +#line 1418 "IPTCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1420,11 +1422,11 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() { match(COMMA); port_def_with_range(); if ( inputState->guessing==0 ) { -#line 903 "iptables.g" +#line 905 "iptables.g" importer->pushTmpPortSpecToSrcPortList(); -#line 1428 "IPTCfgParser.cpp" +#line 1430 "IPTCfgParser.cpp" } } else { @@ -1442,20 +1444,22 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() { { match(MATCH_DST_MULTIPORT); if ( inputState->guessing==0 ) { -#line 910 "iptables.g" +#line 912 "iptables.g" + importer->srv_neg = importer->tmp_neg; + importer->tmp_neg = false; importer->startDstMultiPort(); *dbg << " DST MULTIPORT="; -#line 1451 "IPTCfgParser.cpp" +#line 1455 "IPTCfgParser.cpp" } port_def_with_range(); if ( inputState->guessing==0 ) { -#line 915 "iptables.g" +#line 919 "iptables.g" importer->pushTmpPortSpecToDstPortList(); -#line 1459 "IPTCfgParser.cpp" +#line 1463 "IPTCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1463,11 +1467,11 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() { match(COMMA); port_def_with_range(); if ( inputState->guessing==0 ) { -#line 919 "iptables.g" +#line 923 "iptables.g" importer->pushTmpPortSpecToDstPortList(); -#line 1471 "IPTCfgParser.cpp" +#line 1475 "IPTCfgParser.cpp" } } else { @@ -1485,20 +1489,22 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() { { match(MATCH_BOTH_MULTIPORT); if ( inputState->guessing==0 ) { -#line 926 "iptables.g" +#line 930 "iptables.g" + importer->srv_neg = importer->tmp_neg; + importer->tmp_neg = false; importer->startBothMultiPort(); *dbg << " MULTIPORT PORTS="; -#line 1494 "IPTCfgParser.cpp" +#line 1500 "IPTCfgParser.cpp" } port_def_with_range(); if ( inputState->guessing==0 ) { -#line 931 "iptables.g" +#line 937 "iptables.g" importer->pushTmpPortSpecToBothPortList(); -#line 1502 "IPTCfgParser.cpp" +#line 1508 "IPTCfgParser.cpp" } { // ( ... )* for (;;) { @@ -1506,11 +1512,11 @@ void IPTCfgParser::multiport_tcp_udp_port_spec() { match(COMMA); port_def_with_range(); if ( inputState->guessing==0 ) { -#line 935 "iptables.g" +#line 941 "iptables.g" importer->pushTmpPortSpecToBothPortList(); -#line 1514 "IPTCfgParser.cpp" +#line 1520 "IPTCfgParser.cpp" } } else { @@ -1567,12 +1573,12 @@ void IPTCfgParser::tcp_options() { } } if ( inputState->guessing==0 ) { -#line 1098 "iptables.g" +#line 1104 "iptables.g" importer->srv_neg = importer->tmp_neg; importer->tmp_neg = false; -#line 1576 "IPTCfgParser.cpp" +#line 1582 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1612,7 +1618,7 @@ void IPTCfgParser::match_limit_burst() { importer->limit_burst = LT(0)->getText(); *dbg << " LIMIT BURST " << LT(0)->getText(); -#line 1616 "IPTCfgParser.cpp" +#line 1622 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1669,7 +1675,7 @@ void IPTCfgParser::match_iprange_src() { importer->iprange_src_from = LT(0)->getText(); importer->using_iprange_src = true; -#line 1673 "IPTCfgParser.cpp" +#line 1679 "IPTCfgParser.cpp" } match(MINUS); { @@ -1695,7 +1701,7 @@ void IPTCfgParser::match_iprange_src() { importer->iprange_src_to = LT(0)->getText(); -#line 1699 "IPTCfgParser.cpp" +#line 1705 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1736,7 +1742,7 @@ void IPTCfgParser::match_iprange_dst() { importer->iprange_dst_from = LT(0)->getText(); importer->using_iprange_dst = true; -#line 1740 "IPTCfgParser.cpp" +#line 1746 "IPTCfgParser.cpp" } match(MINUS); { @@ -1762,7 +1768,7 @@ void IPTCfgParser::match_iprange_dst() { importer->iprange_dst_to = LT(0)->getText(); -#line 1766 "IPTCfgParser.cpp" +#line 1772 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -1789,7 +1795,7 @@ void IPTCfgParser::unknown_option() { std::string("Unknown option: -")+LT(0)->getText()); *dbg << " UNKNOWN OPTION=-" << LT(0)->getText(); -#line 1793 "IPTCfgParser.cpp" +#line 1799 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -1853,7 +1859,7 @@ void IPTCfgParser::unknown_option() { std::string("Unknown option: --")+LT(0)->getText()); *dbg << " UNKNOWN OPTION=--" << LT(0)->getText(); -#line 1857 "IPTCfgParser.cpp" +#line 1863 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -1913,7 +1919,7 @@ void IPTCfgParser::unknown_option() { std::string("Unknown option: ")+LT(0)->getText()); *dbg << " UNKNOWN OPTION=" << LT(0)->getText(); -#line 1917 "IPTCfgParser.cpp" +#line 1923 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -1981,7 +1987,7 @@ void IPTCfgParser::unknown_option() { void IPTCfgParser::unknown_parameter() { #line 341 "iptables.g" std::string s; -#line 1985 "IPTCfgParser.cpp" +#line 1991 "IPTCfgParser.cpp" try { // for error handling if ((LA(1) == INT_CONST || LA(1) == DIGIT) && (LA(2) == SLASH)) { @@ -1995,7 +2001,7 @@ void IPTCfgParser::unknown_parameter() { if ( inputState->guessing==0 ) { #line 347 "iptables.g" s+=LT(0)->getText(); -#line 1999 "IPTCfgParser.cpp" +#line 2005 "IPTCfgParser.cpp" } break; } @@ -2005,7 +2011,7 @@ void IPTCfgParser::unknown_parameter() { if ( inputState->guessing==0 ) { #line 349 "iptables.g" s+=LT(0)->getText(); -#line 2009 "IPTCfgParser.cpp" +#line 2015 "IPTCfgParser.cpp" } break; } @@ -2019,13 +2025,13 @@ void IPTCfgParser::unknown_parameter() { if ( inputState->guessing==0 ) { #line 351 "iptables.g" s+=LT(0)->getText(); -#line 2023 "IPTCfgParser.cpp" +#line 2029 "IPTCfgParser.cpp" } match(WORD); if ( inputState->guessing==0 ) { #line 352 "iptables.g" s+=LT(0)->getText(); -#line 2029 "IPTCfgParser.cpp" +#line 2035 "IPTCfgParser.cpp" } } if ( inputState->guessing==0 ) { @@ -2035,7 +2041,7 @@ void IPTCfgParser::unknown_parameter() { std::string("Unknown parameter: ")+s); *dbg << " UNKNOWN PARMETER=" << s; -#line 2039 "IPTCfgParser.cpp" +#line 2045 "IPTCfgParser.cpp" } } } @@ -2071,7 +2077,7 @@ void IPTCfgParser::unknown_parameter() { std::string("Unknown parameter: ")+LT(0)->getText()); *dbg << " UNKNOWN PARMETER=" << LT(0)->getText(); -#line 2075 "IPTCfgParser.cpp" +#line 2081 "IPTCfgParser.cpp" } } } @@ -2100,7 +2106,7 @@ void IPTCfgParser::m_state() { importer->current_state = ""; -#line 2104 "IPTCfgParser.cpp" +#line 2110 "IPTCfgParser.cpp" } state_word(); if ( inputState->guessing==0 ) { @@ -2108,7 +2114,7 @@ void IPTCfgParser::m_state() { importer->current_state += LT(0)->getText(); -#line 2112 "IPTCfgParser.cpp" +#line 2118 "IPTCfgParser.cpp" } { // ( ... )* for (;;) { @@ -2120,7 +2126,7 @@ void IPTCfgParser::m_state() { importer->current_state += std::string(",") + LT(0)->getText(); -#line 2124 "IPTCfgParser.cpp" +#line 2130 "IPTCfgParser.cpp" } } else { @@ -2135,7 +2141,7 @@ void IPTCfgParser::m_state() { *dbg << " STATE MATCH=" << importer->current_state; -#line 2139 "IPTCfgParser.cpp" +#line 2145 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2157,7 +2163,7 @@ void IPTCfgParser::m_mport() { *dbg << " MULTIPORT"; -#line 2161 "IPTCfgParser.cpp" +#line 2167 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2175,12 +2181,12 @@ void IPTCfgParser::m_icmp() { try { // for error handling match(ICMP); if ( inputState->guessing==0 ) { -#line 947 "iptables.g" +#line 953 "iptables.g" importer->protocol = "icmp"; *dbg << " ICMP"; -#line 2184 "IPTCfgParser.cpp" +#line 2190 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2198,12 +2204,12 @@ void IPTCfgParser::m_tcp() { try { // for error handling match(TCP); if ( inputState->guessing==0 ) { -#line 1086 "iptables.g" +#line 1092 "iptables.g" importer->protocol = "tcp"; *dbg << " TCP"; -#line 2207 "IPTCfgParser.cpp" +#line 2213 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2221,12 +2227,12 @@ void IPTCfgParser::m_udp() { try { // for error handling match(UDP); if ( inputState->guessing==0 ) { -#line 1077 "iptables.g" +#line 1083 "iptables.g" importer->protocol = "udp"; *dbg << " UDP"; -#line 2230 "IPTCfgParser.cpp" +#line 2236 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2248,7 +2254,7 @@ void IPTCfgParser::m_limit() { *dbg << " LIMIT"; -#line 2252 "IPTCfgParser.cpp" +#line 2258 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2270,7 +2276,7 @@ void IPTCfgParser::m_length() { *dbg << " LENGTH"; -#line 2274 "IPTCfgParser.cpp" +#line 2280 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2292,7 +2298,7 @@ void IPTCfgParser::m_iprange() { *dbg << " IPRANGE"; -#line 2296 "IPTCfgParser.cpp" +#line 2302 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2316,7 +2322,7 @@ void IPTCfgParser::m_comment() { *dbg << " COMMENT=" << LT(0)->getText(); -#line 2320 "IPTCfgParser.cpp" +#line 2326 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2357,7 +2363,7 @@ void IPTCfgParser::m_unknown_module() { importer->reportError( std::string("Unknown module: ")+LT(0)->getText()); -#line 2361 "IPTCfgParser.cpp" +#line 2367 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2432,7 +2438,7 @@ void IPTCfgParser::target_options() { importer->action_params["reject_with"] = LT(0)->getText(); *dbg << " REJECT WITH=" << LT(0)->getText(); -#line 2436 "IPTCfgParser.cpp" +#line 2442 "IPTCfgParser.cpp" } break; } @@ -2463,7 +2469,7 @@ void IPTCfgParser::target_options() { importer->action_params["log_prefix"] = LT(0)->getText(); *dbg << " LOG PREFIX=" << LT(0)->getText(); -#line 2467 "IPTCfgParser.cpp" +#line 2473 "IPTCfgParser.cpp" } break; } @@ -2476,7 +2482,7 @@ void IPTCfgParser::target_options() { importer->action_params["log_tcp_seq"] = LT(0)->getText(); *dbg << " LOG TCP SEQUENCE="; -#line 2480 "IPTCfgParser.cpp" +#line 2486 "IPTCfgParser.cpp" } break; } @@ -2489,7 +2495,7 @@ void IPTCfgParser::target_options() { importer->action_params["log_tcp_options"] = LT(0)->getText(); *dbg << " LOG TCP OPTIONS="; -#line 2493 "IPTCfgParser.cpp" +#line 2499 "IPTCfgParser.cpp" } break; } @@ -2502,7 +2508,7 @@ void IPTCfgParser::target_options() { importer->action_params["log_ip_options"] = LT(0)->getText(); *dbg << " LOG IP OPTIONS="; -#line 2506 "IPTCfgParser.cpp" +#line 2512 "IPTCfgParser.cpp" } break; } @@ -2533,7 +2539,7 @@ void IPTCfgParser::target_options() { importer->action_params["log_prefix"] = LT(0)->getText(); *dbg << " ULOG PREFIX=" << LT(0)->getText(); -#line 2537 "IPTCfgParser.cpp" +#line 2543 "IPTCfgParser.cpp" } break; } @@ -2564,7 +2570,7 @@ void IPTCfgParser::target_options() { importer->action_params["log_level"] = LT(0)->getText(); *dbg << " LOG LEVEL=" << LT(0)->getText(); -#line 2568 "IPTCfgParser.cpp" +#line 2574 "IPTCfgParser.cpp" } break; } @@ -2595,7 +2601,7 @@ void IPTCfgParser::target_options() { importer->action_params["set_mark"] = LT(0)->getText(); *dbg << " SET MARK=" << LT(0)->getText(); -#line 2599 "IPTCfgParser.cpp" +#line 2605 "IPTCfgParser.cpp" } break; } @@ -2608,7 +2614,7 @@ void IPTCfgParser::target_options() { importer->action_params["connmark_save_mark"] = "--save-mark"; *dbg << " SAVE MARK"; -#line 2612 "IPTCfgParser.cpp" +#line 2618 "IPTCfgParser.cpp" } break; } @@ -2621,7 +2627,7 @@ void IPTCfgParser::target_options() { importer->action_params["connmark_restore_mark"] = "--restore-mark"; *dbg << " RESTORE MARK"; -#line 2625 "IPTCfgParser.cpp" +#line 2631 "IPTCfgParser.cpp" } break; } @@ -2634,7 +2640,7 @@ void IPTCfgParser::target_options() { importer->action_params["route_continue"] = "--continue"; *dbg << " CONTINUE"; -#line 2638 "IPTCfgParser.cpp" +#line 2644 "IPTCfgParser.cpp" } break; } @@ -2648,7 +2654,7 @@ void IPTCfgParser::target_options() { importer->action_params["route_iif"] = LT(0)->getText(); *dbg << " ROUTE_IIF=" << LT(0)->getText(); -#line 2652 "IPTCfgParser.cpp" +#line 2658 "IPTCfgParser.cpp" } break; } @@ -2662,7 +2668,7 @@ void IPTCfgParser::target_options() { importer->action_params["route_oif"] = LT(0)->getText(); *dbg << " ROUTE_OIF=" << LT(0)->getText(); -#line 2666 "IPTCfgParser.cpp" +#line 2672 "IPTCfgParser.cpp" } break; } @@ -2676,7 +2682,7 @@ void IPTCfgParser::target_options() { importer->action_params["route_gw"] = LT(0)->getText(); *dbg << " ROUTE_GW=" << LT(0)->getText(); -#line 2680 "IPTCfgParser.cpp" +#line 2686 "IPTCfgParser.cpp" } break; } @@ -2689,7 +2695,7 @@ void IPTCfgParser::target_options() { importer->action_params["route_tee"] = "--tee"; *dbg << " ROUTE_TEE"; -#line 2693 "IPTCfgParser.cpp" +#line 2699 "IPTCfgParser.cpp" } break; } @@ -2701,7 +2707,7 @@ void IPTCfgParser::target_options() { *dbg << " TO-SOURCE"; -#line 2705 "IPTCfgParser.cpp" +#line 2711 "IPTCfgParser.cpp" } nat_spec(); break; @@ -2714,7 +2720,7 @@ void IPTCfgParser::target_options() { *dbg << " TO-DESTINATION"; -#line 2718 "IPTCfgParser.cpp" +#line 2724 "IPTCfgParser.cpp" } nat_spec(); break; @@ -2733,7 +2739,7 @@ void IPTCfgParser::target_options() { *dbg << " TO-NETMAP"; -#line 2737 "IPTCfgParser.cpp" +#line 2743 "IPTCfgParser.cpp" } { match(IPV4); @@ -2744,7 +2750,7 @@ void IPTCfgParser::target_options() { importer->nat_addr2 = LT(0)->getText(); *dbg << LT(0)->getText(); -#line 2748 "IPTCfgParser.cpp" +#line 2754 "IPTCfgParser.cpp" } match(SLASH); { @@ -2771,7 +2777,7 @@ void IPTCfgParser::target_options() { importer->nat_nm = LT(0)->getText(); *dbg << "/" << LT(0)->getText(); -#line 2775 "IPTCfgParser.cpp" +#line 2781 "IPTCfgParser.cpp" } } break; @@ -2785,7 +2791,7 @@ void IPTCfgParser::target_options() { importer->action_params["clamp-mss-to-pmtu"] = "--clamp-mss-to-pmtu"; *dbg << " TO-NETMAP"; -#line 2789 "IPTCfgParser.cpp" +#line 2795 "IPTCfgParser.cpp" } break; } @@ -2799,7 +2805,7 @@ void IPTCfgParser::target_options() { importer->action_params["set_tos"] = LT(0)->getText(); *dbg << " SET TOS=" << LT(0)->getText(); -#line 2803 "IPTCfgParser.cpp" +#line 2809 "IPTCfgParser.cpp" } } else if ((LA(1) == SET_TOS) && (LA(2) == WORD)) { @@ -2811,7 +2817,7 @@ void IPTCfgParser::target_options() { importer->action_params["set_tos"] = LT(0)->getText(); *dbg << " SET TOS=" << LT(0)->getText(); -#line 2815 "IPTCfgParser.cpp" +#line 2821 "IPTCfgParser.cpp" } } else { @@ -2912,7 +2918,7 @@ void IPTCfgParser::nat_spec() { << "-" << importer->nat_port_range_end; -#line 2916 "IPTCfgParser.cpp" +#line 2922 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2941,7 +2947,7 @@ void IPTCfgParser::redirect_spec() { << "-" << importer->nat_port_range_end; -#line 2945 "IPTCfgParser.cpp" +#line 2951 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -2991,7 +2997,7 @@ void IPTCfgParser::nat_addr_range() { importer->nat_addr1 = a1->getText(); importer->nat_addr2 = a2->getText(); -#line 2995 "IPTCfgParser.cpp" +#line 3001 "IPTCfgParser.cpp" } } } @@ -3005,7 +3011,7 @@ void IPTCfgParser::nat_addr_range() { importer->nat_addr1 = LT(0)->getText(); importer->nat_addr2 = LT(0)->getText(); -#line 3009 "IPTCfgParser.cpp" +#line 3015 "IPTCfgParser.cpp" } } else { @@ -3081,13 +3087,13 @@ void IPTCfgParser::nat_port_def_with_range() { } } if ( inputState->guessing==0 ) { -#line 1030 "iptables.g" +#line 1036 "iptables.g" importer->nat_port_range_start = LT(0)->getText(); importer->nat_port_range_end = LT(0)->getText(); *dbg << " PORT=" << LT(0)->getText(); -#line 3091 "IPTCfgParser.cpp" +#line 3097 "IPTCfgParser.cpp" } match(MINUS); { @@ -3109,12 +3115,12 @@ void IPTCfgParser::nat_port_def_with_range() { } } if ( inputState->guessing==0 ) { -#line 1036 "iptables.g" +#line 1042 "iptables.g" importer->nat_port_range_end = LT(0)->getText(); *dbg << ":" << LT(0)->getText(); -#line 3118 "IPTCfgParser.cpp" +#line 3124 "IPTCfgParser.cpp" } } } @@ -3138,13 +3144,13 @@ void IPTCfgParser::nat_port_def_with_range() { } } if ( inputState->guessing==0 ) { -#line 1043 "iptables.g" +#line 1049 "iptables.g" importer->nat_port_range_start = LT(0)->getText(); importer->nat_port_range_end = LT(0)->getText(); *dbg << " PORT=" << LT(0)->getText(); -#line 3148 "IPTCfgParser.cpp" +#line 3154 "IPTCfgParser.cpp" } } else { @@ -3213,7 +3219,7 @@ void IPTCfgParser::m_mark() { *dbg << " MARK"; -#line 3217 "IPTCfgParser.cpp" +#line 3223 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3233,14 +3239,14 @@ void IPTCfgParser::limit_rate() { if ( inputState->guessing==0 ) { #line 747 "iptables.g" importer->limit_val = LT(0)->getText(); -#line 3237 "IPTCfgParser.cpp" +#line 3243 "IPTCfgParser.cpp" } match(SLASH); match(WORD); if ( inputState->guessing==0 ) { #line 749 "iptables.g" importer->limit_suffix = LT(0)->getText(); -#line 3244 "IPTCfgParser.cpp" +#line 3250 "IPTCfgParser.cpp" } if ( inputState->guessing==0 ) { #line 750 "iptables.g" @@ -3249,7 +3255,7 @@ void IPTCfgParser::limit_rate() { << importer->limit_val << "/" << importer->limit_suffix; -#line 3253 "IPTCfgParser.cpp" +#line 3259 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3271,7 +3277,7 @@ void IPTCfgParser::m_recent() { *dbg << " RECENT"; -#line 3275 "IPTCfgParser.cpp" +#line 3281 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3371,7 +3377,7 @@ void IPTCfgParser::recent_args_no_param() { if ( inputState->guessing==0 ) { #line 819 "iptables.g" importer->recent_match += LT(0)->getText() + " "; -#line 3375 "IPTCfgParser.cpp" +#line 3381 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3413,7 +3419,7 @@ void IPTCfgParser::recent_args_param() { if ( inputState->guessing==0 ) { #line 823 "iptables.g" importer->recent_match += LT(0)->getText() + " "; -#line 3417 "IPTCfgParser.cpp" +#line 3423 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -3436,7 +3442,7 @@ void IPTCfgParser::recent_args_param() { if ( inputState->guessing==0 ) { #line 825 "iptables.g" importer->recent_match += LT(0)->getText() + " "; -#line 3440 "IPTCfgParser.cpp" +#line 3446 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3456,7 +3462,7 @@ void IPTCfgParser::length_spec() { if ( inputState->guessing==0 ) { #line 842 "iptables.g" importer->length_spec = LT(0)->getText(); -#line 3460 "IPTCfgParser.cpp" +#line 3466 "IPTCfgParser.cpp" } match(COLON); match(INT_CONST); @@ -3464,14 +3470,14 @@ void IPTCfgParser::length_spec() { #line 844 "iptables.g" importer->length_spec += ":"; importer->length_spec += LT(0)->getText(); -#line 3468 "IPTCfgParser.cpp" +#line 3474 "IPTCfgParser.cpp" } if ( inputState->guessing==0 ) { #line 846 "iptables.g" *dbg << " MATCH LENGTH " << importer->length_spec; -#line 3475 "IPTCfgParser.cpp" +#line 3481 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3516,7 +3522,7 @@ void IPTCfgParser::pkt_type_spec() { importer->pkt_type_spec = LT(0)->getText(); *dbg << " PKT_TYPE " << importer->pkt_type_spec; -#line 3520 "IPTCfgParser.cpp" +#line 3526 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3560,13 +3566,13 @@ void IPTCfgParser::port_def_with_range() { } } if ( inputState->guessing==0 ) { -#line 1001 "iptables.g" +#line 1007 "iptables.g" importer->tmp_port_range_start = LT(0)->getText(); importer->tmp_port_range_end = LT(0)->getText(); *dbg << " PORT=" << LT(0)->getText(); -#line 3570 "IPTCfgParser.cpp" +#line 3576 "IPTCfgParser.cpp" } { switch ( LA(1)) { @@ -3624,12 +3630,12 @@ void IPTCfgParser::port_def_with_range() { } } if ( inputState->guessing==0 ) { -#line 1008 "iptables.g" +#line 1014 "iptables.g" importer->tmp_port_range_end = LT(0)->getText(); *dbg << ":" << LT(0)->getText(); -#line 3633 "IPTCfgParser.cpp" +#line 3639 "IPTCfgParser.cpp" } break; } @@ -3704,13 +3710,13 @@ void IPTCfgParser::port_def_no_range() { } } if ( inputState->guessing==0 ) { -#line 983 "iptables.g" +#line 989 "iptables.g" importer->tmp_port_range_start = LT(0)->getText(); importer->tmp_port_range_end = LT(0)->getText(); *dbg << " PORT=" << LT(0)->getText(); -#line 3714 "IPTCfgParser.cpp" +#line 3720 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3746,13 +3752,13 @@ void IPTCfgParser::port_def_with_incomplete_range() { } } if ( inputState->guessing==0 ) { -#line 1017 "iptables.g" +#line 1023 "iptables.g" importer->tmp_port_range_start = "0"; importer->tmp_port_range_end = LT(0)->getText(); *dbg << "PORT 0:" << LT(0)->getText(); -#line 3756 "IPTCfgParser.cpp" +#line 3762 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3770,7 +3776,7 @@ void IPTCfgParser::syn() { try { // for error handling match(MATCH_SYN); if ( inputState->guessing==0 ) { -#line 1105 "iptables.g" +#line 1111 "iptables.g" importer->tcp_flags_mask.clear(); importer->tcp_flags_mask.push_back(libfwbuilder::TCPService::SYN); @@ -3780,7 +3786,7 @@ void IPTCfgParser::syn() { importer->tcp_flags_comp.clear(); importer->tcp_flags_comp.push_back(libfwbuilder::TCPService::SYN); -#line 3784 "IPTCfgParser.cpp" +#line 3790 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3799,16 +3805,16 @@ void IPTCfgParser::tcp_flags() { match(MATCH_TCP_FLAGS); tcp_flags_list(); if ( inputState->guessing==0 ) { -#line 1156 "iptables.g" +#line 1162 "iptables.g" importer->tcp_flags_mask = importer->tmp_tcp_flags_list; importer->tmp_tcp_flags_list.clear(); -#line 3808 "IPTCfgParser.cpp" +#line 3814 "IPTCfgParser.cpp" } tcp_flags_list(); if ( inputState->guessing==0 ) { -#line 1161 "iptables.g" +#line 1167 "iptables.g" importer->tcp_flags_comp = importer->tmp_tcp_flags_list; importer->tmp_tcp_flags_list.clear(); @@ -3819,7 +3825,7 @@ void IPTCfgParser::tcp_flags() { foreach(int x, importer->tcp_flags_comp) *dbg << x << "|"; -#line 3823 "IPTCfgParser.cpp" +#line 3829 "IPTCfgParser.cpp" } } catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) { @@ -3857,9 +3863,9 @@ void IPTCfgParser::tcp_flag_word() { { match(SYN); if ( inputState->guessing==0 ) { -#line 1118 "iptables.g" +#line 1124 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::SYN; -#line 3863 "IPTCfgParser.cpp" +#line 3869 "IPTCfgParser.cpp" } break; } @@ -3867,9 +3873,9 @@ void IPTCfgParser::tcp_flag_word() { { match(ACK); if ( inputState->guessing==0 ) { -#line 1120 "iptables.g" +#line 1126 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::ACK; -#line 3873 "IPTCfgParser.cpp" +#line 3879 "IPTCfgParser.cpp" } break; } @@ -3877,9 +3883,9 @@ void IPTCfgParser::tcp_flag_word() { { match(FIN); if ( inputState->guessing==0 ) { -#line 1122 "iptables.g" +#line 1128 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::FIN; -#line 3883 "IPTCfgParser.cpp" +#line 3889 "IPTCfgParser.cpp" } break; } @@ -3887,9 +3893,9 @@ void IPTCfgParser::tcp_flag_word() { { match(RST); if ( inputState->guessing==0 ) { -#line 1124 "iptables.g" +#line 1130 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::RST; -#line 3893 "IPTCfgParser.cpp" +#line 3899 "IPTCfgParser.cpp" } break; } @@ -3897,9 +3903,9 @@ void IPTCfgParser::tcp_flag_word() { { match(URG); if ( inputState->guessing==0 ) { -#line 1126 "iptables.g" +#line 1132 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::URG; -#line 3903 "IPTCfgParser.cpp" +#line 3909 "IPTCfgParser.cpp" } break; } @@ -3907,9 +3913,9 @@ void IPTCfgParser::tcp_flag_word() { { match(PSH); if ( inputState->guessing==0 ) { -#line 1128 "iptables.g" +#line 1134 "iptables.g" importer->tmp_tcp_flag_code = libfwbuilder::TCPService::PSH; -#line 3913 "IPTCfgParser.cpp" +#line 3919 "IPTCfgParser.cpp" } break; } @@ -3917,9 +3923,9 @@ void IPTCfgParser::tcp_flag_word() { { match(ALL); if ( inputState->guessing==0 ) { -#line 1130 "iptables.g" +#line 1136 "iptables.g" importer->tmp_tcp_flag_code = 99; -#line 3923 "IPTCfgParser.cpp" +#line 3929 "IPTCfgParser.cpp" } break; } @@ -3927,9 +3933,9 @@ void IPTCfgParser::tcp_flag_word() { { match(NONE); if ( inputState->guessing==0 ) { -#line 1132 "iptables.g" +#line 1138 "iptables.g" importer->tmp_tcp_flag_code = 98; -#line 3933 "IPTCfgParser.cpp" +#line 3939 "IPTCfgParser.cpp" } break; } @@ -3954,20 +3960,20 @@ void IPTCfgParser::tcp_flags_list() { try { // for error handling if ( inputState->guessing==0 ) { -#line 1137 "iptables.g" +#line 1143 "iptables.g" importer->tmp_tcp_flags_list.clear(); importer->tmp_tcp_flag_code = 0; -#line 3963 "IPTCfgParser.cpp" +#line 3969 "IPTCfgParser.cpp" } tcp_flag_word(); if ( inputState->guessing==0 ) { -#line 1142 "iptables.g" +#line 1148 "iptables.g" importer->tmp_tcp_flags_list.push_back(importer->tmp_tcp_flag_code); -#line 3971 "IPTCfgParser.cpp" +#line 3977 "IPTCfgParser.cpp" } { // ( ... )* for (;;) { @@ -3975,12 +3981,12 @@ void IPTCfgParser::tcp_flags_list() { match(COMMA); tcp_flag_word(); if ( inputState->guessing==0 ) { -#line 1147 "iptables.g" +#line 1153 "iptables.g" importer->tmp_tcp_flags_list.push_back( importer->tmp_tcp_flag_code); -#line 3984 "IPTCfgParser.cpp" +#line 3990 "IPTCfgParser.cpp" } } else { diff --git a/src/parsers/iptables.g b/src/parsers/iptables.g index 81fba4c63..c71fa8f41 100644 --- a/src/parsers/iptables.g +++ b/src/parsers/iptables.g @@ -892,6 +892,8 @@ multiport_tcp_udp_port_spec : ( ( MATCH_SRC_MULTIPORT { + importer->srv_neg = importer->tmp_neg; + importer->tmp_neg = false; importer->startSrcMultiPort(); *dbg << " SRC MULTIPORT="; } @@ -908,6 +910,8 @@ multiport_tcp_udp_port_spec : | ( MATCH_DST_MULTIPORT { + importer->srv_neg = importer->tmp_neg; + importer->tmp_neg = false; importer->startDstMultiPort(); *dbg << " DST MULTIPORT="; } @@ -924,6 +928,8 @@ multiport_tcp_udp_port_spec : | ( MATCH_BOTH_MULTIPORT { + importer->srv_neg = importer->tmp_neg; + importer->tmp_neg = false; importer->startBothMultiPort(); *dbg << " MULTIPORT PORTS="; } diff --git a/src/unit_tests/ImporterTest/test_data/ipt.fwb b/src/unit_tests/ImporterTest/test_data/ipt.fwb index deff97948..c4751209a 100644 --- a/src/unit_tests/ImporterTest/test_data/ipt.fwb +++ b/src/unit_tests/ImporterTest/test_data/ipt.fwb @@ -1,6 +1,6 @@ - + @@ -439,16 +439,16 @@ - - - - - - - - - - + + + + + + + + + + @@ -462,15 +462,15 @@ - - - + + + - - + + @@ -525,7 +525,7 @@ - + @@ -542,17 +542,17 @@ - + - - - - + + + + @@ -602,26 +602,26 @@ - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + @@ -638,37 +638,37 @@ -m state --state NEW,RELATED,ESTABLISHED - + -m length --length 400:65535 - + -m recent --name badguy --rcheck --seconds 60 - + -m recent --name badguy --set - + -m length --length 400:1500 - + -m pkttype --pkt-type broadcast - - - - - - - - + + + + + + + + - + @@ -691,11 +691,11 @@ - + - + @@ -718,11 +718,11 @@ - + - + @@ -745,11 +745,11 @@ - + - + @@ -772,11 +772,11 @@ - + - + @@ -799,11 +799,11 @@ - + - + @@ -826,11 +826,11 @@ - + - + @@ -841,7 +841,7 @@ - + @@ -857,7 +857,7 @@ - + @@ -884,7 +884,7 @@ - + @@ -911,7 +911,7 @@ - + @@ -938,7 +938,7 @@ - + @@ -965,7 +965,7 @@ - + @@ -992,7 +992,7 @@ - + @@ -1019,7 +1019,7 @@ - + @@ -1046,7 +1046,7 @@ - + @@ -1073,7 +1073,7 @@ - + @@ -1093,14 +1093,14 @@ - + - + @@ -1127,7 +1127,7 @@ - + @@ -1154,7 +1154,7 @@ - + @@ -1181,7 +1181,7 @@ - + @@ -1308,7 +1308,7 @@ - + @@ -1330,7 +1330,7 @@ - + @@ -1352,7 +1352,7 @@ - + @@ -1374,7 +1374,7 @@ - + @@ -1390,7 +1390,7 @@ - + @@ -1438,7 +1438,7 @@ - + @@ -1454,13 +1454,13 @@ - + - + @@ -2003,7 +2003,7 @@ - + @@ -2965,7 +2965,27 @@ - + + + + + + + + + + + + + + + + + + + + + @@ -2985,7 +3005,7 @@ - + @@ -3005,7 +3025,7 @@ - + @@ -3025,7 +3045,7 @@ - + @@ -3045,7 +3065,7 @@ - + @@ -3065,7 +3085,7 @@ - + @@ -3076,18 +3096,18 @@ - + - + - + @@ -3104,12 +3124,12 @@ - + - + @@ -3126,12 +3146,12 @@ - + - + @@ -3148,12 +3168,12 @@ - + - + @@ -3170,12 +3190,12 @@ - + - + @@ -3192,12 +3212,12 @@ - + - + @@ -3214,13 +3234,13 @@ - + - + @@ -3237,13 +3257,13 @@ - + - + @@ -3263,7 +3283,7 @@ - + @@ -3285,8 +3305,8 @@ - - + + @@ -3308,8 +3328,8 @@ - - + + @@ -3331,8 +3351,8 @@ - - + + @@ -3354,8 +3374,8 @@ - - + + @@ -3377,11 +3397,11 @@ - + - - + + @@ -3392,7 +3412,7 @@ - + @@ -3408,7 +3428,7 @@ - + @@ -3419,7 +3439,7 @@ - + @@ -3435,7 +3455,7 @@ - + @@ -3446,7 +3466,7 @@ - + @@ -3462,7 +3482,7 @@ - + @@ -3473,7 +3493,7 @@ - + @@ -3489,7 +3509,7 @@ - + @@ -3500,7 +3520,7 @@ - + @@ -3516,7 +3536,7 @@ - + @@ -3527,7 +3547,7 @@ - + @@ -3543,7 +3563,7 @@ - + @@ -3554,7 +3574,7 @@ - + @@ -3570,7 +3590,7 @@ - + @@ -3581,7 +3601,7 @@ - + @@ -3590,7 +3610,7 @@ - + @@ -3601,7 +3621,7 @@ - + @@ -3610,7 +3630,7 @@ - + @@ -3621,7 +3641,7 @@ - + @@ -3630,7 +3650,7 @@ - + @@ -3641,7 +3661,7 @@ - + @@ -3650,7 +3670,7 @@ - + @@ -3661,7 +3681,7 @@ - + @@ -3670,7 +3690,7 @@ - + @@ -3681,7 +3701,7 @@ - + @@ -3690,7 +3710,7 @@ - + @@ -3701,7 +3721,7 @@ - + @@ -3710,7 +3730,7 @@ - + @@ -3721,7 +3741,7 @@ - + @@ -3730,7 +3750,7 @@ - + @@ -3741,7 +3761,7 @@ - + @@ -3752,8 +3772,8 @@ - - + + @@ -3764,7 +3784,7 @@ - + @@ -3775,8 +3795,8 @@ - - + + @@ -3798,8 +3818,8 @@ - - + + @@ -3821,8 +3841,8 @@ - - + + @@ -3844,8 +3864,8 @@ - - + + @@ -3867,8 +3887,8 @@ - - + + @@ -3892,8 +3912,8 @@ - - + + @@ -3917,8 +3937,8 @@ - - + + @@ -3940,8 +3960,8 @@ - - + + @@ -3963,8 +3983,8 @@ - - + + @@ -3975,7 +3995,7 @@ - + @@ -3987,7 +4007,7 @@ - + @@ -3998,7 +4018,7 @@ - + @@ -4010,7 +4030,7 @@ - + @@ -4021,7 +4041,7 @@ - + @@ -4033,7 +4053,7 @@ - + @@ -4044,7 +4064,7 @@ - + @@ -4055,7 +4075,7 @@ - + @@ -4066,7 +4086,7 @@ - + @@ -4079,7 +4099,7 @@ - + @@ -4105,7 +4125,7 @@ - + @@ -4131,7 +4151,7 @@ - + @@ -4153,7 +4173,7 @@ - + @@ -4175,7 +4195,7 @@ - + @@ -4196,7 +4216,7 @@ - + @@ -4217,7 +4237,7 @@ - + @@ -4237,7 +4257,7 @@ - + @@ -4257,7 +4277,7 @@ - + @@ -4284,11 +4304,11 @@ - - - - - + + + + + @@ -4315,7 +4335,7 @@ - - + + diff --git a/src/unit_tests/ImporterTest/test_data/ipt.output b/src/unit_tests/ImporterTest/test_data/ipt.output index 809f030e8..e5894f82d 100644 --- a/src/unit_tests/ImporterTest/test_data/ipt.output +++ b/src/unit_tests/ImporterTest/test_data/ipt.output @@ -27,59 +27,59 @@ 45: New interface: eth0 45: Warning: Creating branch ruleset 'Policy_eth1' to match inbound and outbound interfaces -i eth0 -o eth1 106: Warning: Rule matches states 'RELATED,ESTABLISHED'. Consider using automatic rule controlled by the checkbox in the firewall settings dialog. Automatic rule matches in all standard chains which may be different from the original imported configuration. This requires manual checking. -215: Created branch user_chain_54_mod_match -219: Created branch user_chain_55_mod_match -220: Created branch user_chain_56_mod_match -221: Created branch user_chain_57_mod_match +218: Created branch user_chain_55_mod_match +222: Created branch user_chain_56_mod_match +223: Created branch user_chain_57_mod_match 224: Created branch user_chain_58_mod_match 227: Created branch user_chain_59_mod_match 230: Created branch user_chain_60_mod_match -230: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match. -230: Error: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match. -231: Created branch user_chain_61_mod_match -231: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match. -231: Error: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match. -242: New ruleset: mangle / PREROUTING -242: Default action: Accept -243: New ruleset: mangle / INPUT -243: Default action: Accept -244: New ruleset: mangle / FORWARD -244: Default action: Accept -245: New ruleset: mangle / OUTPUT +233: Created branch user_chain_61_mod_match +233: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match. +233: Error: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match. +234: Created branch user_chain_62_mod_match +234: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match. +234: Error: Error: Original rule combines match of tcp/udp/icmp protocols with two or more module matches, such as module 'mark', 'recent' or 'length'. Use additional branches to implement this complex match. +245: New ruleset: mangle / PREROUTING 245: Default action: Accept -246: New ruleset: mangle / POSTROUTING +246: New ruleset: mangle / INPUT 246: Default action: Accept -249: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD -249: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD +247: New ruleset: mangle / FORWARD +247: Default action: Accept +248: New ruleset: mangle / OUTPUT +248: Default action: Accept +249: New ruleset: mangle / POSTROUTING +249: Default action: Accept 252: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD 252: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD -253: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD -253: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD -259: Warning: Skipping command with '-j CONNMARK --restore-mark' This rule is generated automatically. -262: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING -262: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING -263: Warning: Turned option on in previous rule with action Mark for '-j CONNMARK --save-mark' -266: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING -266: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING -267: New interface: eth2 -267: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING -267: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING -271: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING -271: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING -272: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING -272: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING -277: New ruleset: nat / PREROUTING -277: Default action: Accept -278: New ruleset: nat / POSTROUTING -278: Default action: Accept -279: New ruleset: nat / OUTPUT -279: Default action: Accept -283: New interface: eth+ -312: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT -312: Warning: Line 244: Can not reproduce default action in table 'mangle' chain 'FORWARD'. (Generated rule may not generate equivalent iptables command when compiled) -312: Warning: Line 244: Added rule to reproduce default policy ACCEPT in mangle/FORWARD -312: Warning: Line 243: Can not reproduce default action in table 'mangle' chain 'INPUT'. (Generated rule may not generate equivalent iptables command when compiled) -312: Warning: Line 243: Added rule to reproduce default policy ACCEPT in mangle/INPUT -312: Warning: Line 245: Added rule to reproduce default policy ACCEPT in mangle/OUTPUT -312: Warning: Line 246: Added rule to reproduce default policy ACCEPT in mangle/POSTROUTING -312: Warning: Line 242: Added rule to reproduce default policy ACCEPT in mangle/PREROUTING +255: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD +255: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD +256: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD +256: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain FORWARD +262: Warning: Skipping command with '-j CONNMARK --restore-mark' This rule is generated automatically. +265: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING +265: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING +266: Warning: Turned option on in previous rule with action Mark for '-j CONNMARK --save-mark' +269: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING +269: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING +270: New interface: eth2 +270: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING +270: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING +274: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING +274: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING +275: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING +275: Error: Error: Fwbuilder can not reproduce iptables rule in the table 'mangle', chain POSTROUTING +280: New ruleset: nat / PREROUTING +280: Default action: Accept +281: New ruleset: nat / POSTROUTING +281: Default action: Accept +282: New ruleset: nat / OUTPUT +282: Default action: Accept +286: New interface: eth+ +315: Warning: Line 5: Added rule to reproduce default policy ACCEPT in filter/OUTPUT +315: Warning: Line 247: Can not reproduce default action in table 'mangle' chain 'FORWARD'. (Generated rule may not generate equivalent iptables command when compiled) +315: Warning: Line 247: Added rule to reproduce default policy ACCEPT in mangle/FORWARD +315: Warning: Line 246: Can not reproduce default action in table 'mangle' chain 'INPUT'. (Generated rule may not generate equivalent iptables command when compiled) +315: Warning: Line 246: Added rule to reproduce default policy ACCEPT in mangle/INPUT +315: Warning: Line 248: Added rule to reproduce default policy ACCEPT in mangle/OUTPUT +315: Warning: Line 249: Added rule to reproduce default policy ACCEPT in mangle/POSTROUTING +315: Warning: Line 245: Added rule to reproduce default policy ACCEPT in mangle/PREROUTING diff --git a/src/unit_tests/ImporterTest/test_data/ipt.test b/src/unit_tests/ImporterTest/test_data/ipt.test index ce041f7f4..341298b11 100644 --- a/src/unit_tests/ImporterTest/test_data/ipt.test +++ b/src/unit_tests/ImporterTest/test_data/ipt.test @@ -200,6 +200,9 @@ -A user_chain -m multiport -s 128.143.0.0/16 -p tcp --ports 548,201:206,311:315 -j ACCEPT -A user_chain -m multiport -s 128.143.0.0/16 -p tcp --ports 201:206,311:315,548 -j ACCEPT +# now with negation +-A user_chain -m multiport -s 128.143.0.0/16 -p tcp ! --dports 548,201,202,204,206 -j ACCEPT + # icmp -A user_chain -p icmp -s 128.143.0.0/16 --icmp-type any -j ACCEPT