onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-18 17:27:20 +01:00
Code Issues Releases Wiki Activity

fixed xslt script dtd20 -> dtd21 to handle pf_classify_terminating properly

Browse Source
This commit is contained in:
Vadim Kurland 2011-05-06 15:10:48 -07:00
parent 8773642198
commit 1c5fbb98a5
4 changed files with 81 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/libfwbuilder/migration/FWObjectDatabase_20.xslt
View File

@ -2,7 +2,7 @@
FWObjectDatabase_20.xslt 2011-05-03
Author: Vadim Kurland
Description: translates fwbuilder object database from v20 to 21
convert actions Tag, Classify and Route to options
-->
@ -103,8 +103,22 @@
<xsl:variable name="ipt_make_terminating"
select="../../fwb:FirewallOptions/fwb:Option[attribute::name='classify_mark_terminating']"/>
<xsl:variable name="pf_make_terminating"
select="fwb:PolicyRuleOptions/fwb:Option[attribute::name='pf_classify_terminating']"/>
<!--
Option "pf_class_terminating" can be blank, "True" or
"False". Blank (the option is missing entirely) or "True" means
the rule must be terminating. "False" means the opposite.
-->
<xsl:variable name="pf_make_terminating">
<xsl:choose>
<xsl:when test="fwb:PolicyRuleOptions/fwb:Option[attribute::name='pf_classify_terminating']">
<xsl:value-of
select="fwb:PolicyRuleOptions/fwb:Option[attribute::name='pf_classify_terminating']"/>
</xsl:when>
<xsl:otherwise>True</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<xsl:element name="PolicyRule" namespace="http://www.fwbuilder.org/1.0/">
<xsl:copy-of select="@id"/>

73
test/pf/cluster-tests.fwb
View File

@ -565,7 +565,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2896X78273" disabled="False" group="" log="False" position="1" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -583,7 +586,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2879X78273" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -601,7 +607,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2862X78273" disabled="False" group="" log="True" position="3" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -619,7 +628,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2845X78273" disabled="False" group="" log="True" position="4" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
@ -637,7 +649,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2828X78273" disabled="False" group="" log="False" position="5" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -655,7 +670,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2811X78273" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -673,7 +691,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
@ -766,6 +787,7 @@
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2781X94039" disabled="False" group="" log="True" position="1" action="Deny" direction="Inbound" comment="anti spoofing rule">
<Src neg="False">
@ -783,7 +805,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2794X94039" disabled="False" group="" log="False" position="2" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -801,7 +826,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2806X94039" disabled="False" group="" log="False" position="3" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -819,7 +847,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3725X2234" disabled="False" group="" log="False" position="4" action="Accept" direction="Both" comment="SSH Access to firewall is permitted&#10;only from internal network">
<Src neg="False">
@ -837,7 +868,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2818X94039" disabled="False" group="" log="True" position="5" action="Accept" direction="Both" comment="Firewall uses one of the machines&#10;on internal network for DNS">
<Src neg="False">
@ -855,7 +889,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2830X94039" disabled="False" group="" log="True" position="6" action="Deny" direction="Both" comment="All other attempts to connect to&#10;the firewall are denied and logged">
<Src neg="False">
@ -900,6 +937,7 @@
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2842X94039" disabled="False" group="" log="False" position="7" action="Accept" direction="Both" comment="">
<Src neg="False">
@ -917,7 +955,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id2854X94039" disabled="False" group="" log="True" position="8" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -935,7 +976,10 @@
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions/>
<PolicyRuleOptions>
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3087X2234" disabled="False" group="" log="True" position="9" action="Deny" direction="Both" comment="">
<Src neg="False">
@ -958,6 +1002,7 @@
<Option name="pf_classify_str"/>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>

6
test/pf/objects-for-regression-tests.fwb
View File

@ -9266,7 +9266,7 @@
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F4407F28542" disabled="False" position="10" direction="Both" action="Continue" log="False" comment="" group="">
<PolicyRule id="id43F4407F28542" disabled="False" position="10" direction="Both" action="Accept" log="False" comment="" group="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
@ -10128,7 +10128,7 @@
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id445DB3B732739" disabled="False" position="9" direction="Both" action="Continue" log="False" comment="" group="">
<PolicyRule id="id445DB3B732739" disabled="False" position="9" direction="Both" action="Accept" log="False" comment="" group="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
@ -24539,7 +24539,7 @@
<Option name="routing">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id344958X20402" disabled="False" position="1" direction="Both" action="Continue" log="False" comment="" group="">
<PolicyRule id="id344958X20402" disabled="False" position="1" direction="Both" action="Accept" log="False" comment="" group="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>

4
test/pf/pf_cluster_4_rc.conf.local
View File

@ -1,9 +1,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.1.3538
# Firewall Builder fwb_pf v4.2.1.ma_1
#
# Generated Thu May 5 18:34:18 2011 PDT by vadim
# Generated Fri May 6 15:05:37 2011 PDT by vadim
#
# files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local
# files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf