diff --git a/VERSION b/VERSION index 4685d3e69..9f7d3083f 100644 --- a/VERSION +++ b/VERSION @@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0 # build number is like "nano" version number. I am incrementing build # number during development cycle # -BUILD_NUM="3498" +BUILD_NUM="3499" VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM" diff --git a/VERSION.h b/VERSION.h index eac3f214f..35538c74f 100644 --- a/VERSION.h +++ b/VERSION.h @@ -1,2 +1,2 @@ -#define VERSION "4.2.0.3498" +#define VERSION "4.2.0.3499" #define GENERATION "4.2" diff --git a/doc/ChangeLog b/doc/ChangeLog index 01ab0d86f..89eb8cc11 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,17 @@ +2011-03-11 vadim + + * FWObject.cpp (add): fixes #2209 "do not allow the same object to + be child of different objects in the tree". Method FWObject::add() + enforces this. Subsequent clean-up and fixes in many places to + follow this logic. This makes code much cleaner, better organized + and more reliable. + +2011-03-10 vadim + + * libfwbuilder/src/fwcompiler/Compiler.cpp (Compiler): see #2207 + fixed memory leak in policy compilers. The impact of this leak was + especially severe on Windows with very large object databases. + 2011-03-08 vadim * CustomServiceDialog.cpp (loadFWObject): fixes #2201 "Some fields diff --git a/packaging/fwbuilder-static-qt.spec b/packaging/fwbuilder-static-qt.spec index 2af81b547..748bbdaf3 100644 --- a/packaging/fwbuilder-static-qt.spec +++ b/packaging/fwbuilder-static-qt.spec @@ -3,7 +3,7 @@ %define name fwbuilder -%define version 4.2.0.3498 +%define version 4.2.0.3499 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/packaging/fwbuilder.control b/packaging/fwbuilder.control index 45c46faf1..caf1fda52 100644 --- a/packaging/fwbuilder.control +++ b/packaging/fwbuilder.control @@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu Priority: extra Section: checkinstall Maintainer: vadim@fwbuilder.org -Version: 4.2.0.3498-1 +Version: 4.2.0.3499-1 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15 Description: Firewall Builder GUI and policy compilers diff --git a/packaging/fwbuilder.spec b/packaging/fwbuilder.spec index 2d9f1211b..6de6afe88 100644 --- a/packaging/fwbuilder.spec +++ b/packaging/fwbuilder.spec @@ -1,6 +1,6 @@ %define name fwbuilder -%define version 4.2.0.3498 +%define version 4.2.0.3499 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/src/cisco_lib/BaseObjectGroup.h b/src/cisco_lib/BaseObjectGroup.h index ab3120881..7ae535ff6 100644 --- a/src/cisco_lib/BaseObjectGroup.h +++ b/src/cisco_lib/BaseObjectGroup.h @@ -36,11 +36,12 @@ #include -namespace fwcompiler { - +namespace fwcompiler +{ class NamedObjectsManager; - class BaseObjectGroup : public libfwbuilder::Group { + class BaseObjectGroup : public libfwbuilder::Group + { public: typedef enum { UNKNOWN, diff --git a/src/cisco_lib/CompilerDriver_iosacl_run.cpp b/src/cisco_lib/CompilerDriver_iosacl_run.cpp index 4e383ed4f..e68200405 100644 --- a/src/cisco_lib/CompilerDriver_iosacl_run.cpp +++ b/src/cisco_lib/CompilerDriver_iosacl_run.cpp @@ -44,28 +44,22 @@ #include "NamedObjectsAndGroupsSupport.h" #include "NamedObjectsManagerIOS.h" -#include "fwbuilder/Resources.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/XMLTools.h" -#include "fwbuilder/FWException.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Policy.h" -#include "fwbuilder/NAT.h" -#include "fwbuilder/Routing.h" - -#include "fwcompiler/Preprocessor.h" - -#include "fwbuilder/Resources.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/FWException.h" #include "fwbuilder/Cluster.h" #include "fwbuilder/ClusterGroup.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/FailoverClusterGroup.h" #include "fwbuilder/Firewall.h" #include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/NAT.h" #include "fwbuilder/Policy.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Routing.h" #include "fwbuilder/StateSyncClusterGroup.h" -#include "fwbuilder/FailoverClusterGroup.h" +#include "fwbuilder/XMLTools.h" + +#include "fwcompiler/Preprocessor.h" #include #include @@ -125,13 +119,9 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id, const std::string &single_rule_id) { Cluster *cluster = NULL; - if (!cluster_id.empty()) - cluster = Cluster::cast( - objdb->findInIndex(objdb->getIntId(cluster_id))); + Firewall *fw = NULL; - Firewall *fw = Firewall::cast( - objdb->findInIndex(objdb->getIntId(firewall_id))); - assert(fw); + getFirewallAndClusterObjects(cluster_id, firewall_id, &cluster, &fw); try { @@ -187,12 +177,19 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id, list all_policies = fw->getByType(Policy::TYPENAME); + // assign unique rule ids that later will be used to generate + // chain names. This should be done after calls to + // findImportedRuleSets() + // NB: these ids are not used by this compiler + + assignUniqueRuleIds(all_policies); + vector ipv4_6_runs; if (!single_rule_compile_on) system_configuration_script = safetyNetInstall(fw); - NamedObjectsManagerIOS named_objects_manager(fw); + NamedObjectsManagerIOS named_objects_manager(persistent_objects, fw); // command line options -4 and -6 control address family for which // script will be generated. If "-4" is used, only ipv4 part will @@ -250,6 +247,7 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id, c.setNamedObjectsManager(&named_objects_manager); c.setSourceRuleSet( policy ); c.setRuleSetName(policy->getName()); + c.setPersistentObjects(persistent_objects); c.setSingleRuleCompileMode(single_rule_id); if (inTestMode()) c.setTestMode(); @@ -284,7 +282,7 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id, } policy_script += c.getCompiledScript(); clear_commands += c.printClearCommands(); - named_objects_manager.saveObjectGroups(); + //named_objects_manager.saveObjectGroups(); } else info(" Nothing to compile in Policy"); @@ -301,6 +299,7 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id, r.setNamedObjectsManager(&named_objects_manager); r.setSourceRuleSet(routing); r.setRuleSetName(routing->getName()); + r.setPersistentObjects(persistent_objects); r.setSingleRuleCompileMode(single_rule_id); if (inTestMode()) r.setTestMode(); @@ -325,6 +324,13 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id, } } + /* + * compilers detach persistent objects when they finish, this + * means at this point library persistent_objects is not part + * of any object tree. + */ + objdb->reparent(persistent_objects); + if (haveErrorsAndWarnings()) { all_errors.push_front(getErrors("").c_str()); diff --git a/src/cisco_lib/CompilerDriver_pix_run.cpp b/src/cisco_lib/CompilerDriver_pix_run.cpp index f174da1c2..cbc0bcf2a 100644 --- a/src/cisco_lib/CompilerDriver_pix_run.cpp +++ b/src/cisco_lib/CompilerDriver_pix_run.cpp @@ -48,27 +48,24 @@ #include "Helper.h" -#include "fwbuilder/Resources.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/XMLTools.h" -#include "fwbuilder/FWException.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Policy.h" -#include "fwbuilder/NAT.h" -#include "fwbuilder/Routing.h" -#include "fwbuilder/IPv4.h" -#include "fwbuilder/IPv6.h" - -#include "fwcompiler/Preprocessor.h" - #include "fwbuilder/Cluster.h" #include "fwbuilder/ClusterGroup.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Policy.h" -#include "fwbuilder/StateSyncClusterGroup.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/FWObjectDatabase.h" #include "fwbuilder/FailoverClusterGroup.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/IPv6.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Routing.h" +#include "fwbuilder/StateSyncClusterGroup.h" +#include "fwbuilder/XMLTools.h" + +#include "fwcompiler/Preprocessor.h" #include #include @@ -168,11 +165,9 @@ QString CompilerDriver_pix::run(const std::string &cluster_id, const std::string &single_rule_id) { Cluster *cluster = NULL; - if (!cluster_id.empty()) - cluster = Cluster::cast(objdb->findInIndex(objdb->getIntId(cluster_id))); + Firewall *fw = NULL; - Firewall *fw = Firewall::cast(objdb->findInIndex(objdb->getIntId(firewall_id))); - assert(fw); + getFirewallAndClusterObjects(cluster_id, firewall_id, &cluster, &fw); // Copy rules from the cluster object populateClusterElements(cluster, fw); @@ -297,7 +292,7 @@ QString CompilerDriver_pix::run(const std::string &cluster_id, copies_of_cluster_interfaces.pop_front(); } - NamedObjectsManagerPIX named_objects_manager(fw); + NamedObjectsManagerPIX named_objects_manager(persistent_objects, fw); all_interfaces = fw->getByTypeDeep(Interface::TYPENAME); @@ -389,9 +384,12 @@ QString CompilerDriver_pix::run(const std::string &cluster_id, RuleSet *nat = RuleSet::cast(fw->getFirstByType(NAT::TYPENAME)); if (nat) { + nat->assignUniqueRuleIds(); + n->setNamedObjectsManager(&named_objects_manager); n->setSourceRuleSet(nat); n->setRuleSetName(nat->getName()); + n->setPersistentObjects(persistent_objects); if (inTestMode()) n->setTestMode(); if (inEmbeddedMode()) n->setEmbeddedMode(); @@ -410,7 +408,7 @@ QString CompilerDriver_pix::run(const std::string &cluster_id, named_objects_manager.haveNamedObjects()); have_object_groups = (have_object_groups || named_objects_manager.haveObjectGroups()); - named_objects_manager.saveObjectGroups(); + //named_objects_manager.saveObjectGroups(); } else info(" Nothing to compile in NAT"); } @@ -421,9 +419,12 @@ QString CompilerDriver_pix::run(const std::string &cluster_id, RuleSet *policy = RuleSet::cast(fw->getFirstByType(Policy::TYPENAME)); if (policy) { + policy->assignUniqueRuleIds(); + c->setNamedObjectsManager(&named_objects_manager); c->setSourceRuleSet(policy); c->setRuleSetName(policy->getName()); + c->setPersistentObjects(persistent_objects); if (inTestMode()) c->setTestMode(); if (inEmbeddedMode()) c->setEmbeddedMode(); @@ -442,7 +443,7 @@ QString CompilerDriver_pix::run(const std::string &cluster_id, named_objects_manager.haveNamedObjects()); have_object_groups = (have_object_groups || named_objects_manager.haveObjectGroups()); - named_objects_manager.saveObjectGroups(); + //named_objects_manager.saveObjectGroups(); } else info(" Nothing to compile in Policy"); } @@ -453,10 +454,13 @@ QString CompilerDriver_pix::run(const std::string &cluster_id, RuleSet *routing = RuleSet::cast(fw->getFirstByType(Routing::TYPENAME)); if (routing) { + routing->assignUniqueRuleIds(); + r->setNamedObjectsManager(&named_objects_manager); r->setSourceRuleSet(routing); r->setRuleSetName(routing->getName()); - + r->setPersistentObjects(persistent_objects); + if (inTestMode()) r->setTestMode(); if (inEmbeddedMode()) r->setEmbeddedMode(); r->setSingleRuleCompileMode(single_rule_id); @@ -472,6 +476,13 @@ QString CompilerDriver_pix::run(const std::string &cluster_id, info(" Nothing to compile in Routing"); } + /* + * compilers detach persistent objects when they finish, this + * means at this point library persistent_objects is not part + * of any object tree. + */ + objdb->reparent(persistent_objects); + if (haveErrorsAndWarnings()) { all_errors.push_front(getErrors("").c_str()); diff --git a/src/cisco_lib/CompilerDriver_procurve_acl_run.cpp b/src/cisco_lib/CompilerDriver_procurve_acl_run.cpp index ea7c72158..0b08c8536 100644 --- a/src/cisco_lib/CompilerDriver_procurve_acl_run.cpp +++ b/src/cisco_lib/CompilerDriver_procurve_acl_run.cpp @@ -44,28 +44,22 @@ #include "NamedObjectsAndGroupsSupport.h" #include "NamedObjectsManagerIOS.h" -#include "fwbuilder/Resources.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/XMLTools.h" -#include "fwbuilder/FWException.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Policy.h" -#include "fwbuilder/NAT.h" -#include "fwbuilder/Routing.h" - -#include "fwcompiler/Preprocessor.h" - -#include "fwbuilder/Resources.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/FWException.h" #include "fwbuilder/Cluster.h" #include "fwbuilder/ClusterGroup.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/FailoverClusterGroup.h" #include "fwbuilder/Firewall.h" #include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/NAT.h" #include "fwbuilder/Policy.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Routing.h" #include "fwbuilder/StateSyncClusterGroup.h" -#include "fwbuilder/FailoverClusterGroup.h" +#include "fwbuilder/XMLTools.h" + +#include "fwcompiler/Preprocessor.h" #include #include @@ -121,13 +115,9 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id, const std::string &single_rule_id) { Cluster *cluster = NULL; - if (!cluster_id.empty()) - cluster = Cluster::cast( - objdb->findInIndex(objdb->getIntId(cluster_id))); + Firewall *fw = NULL; - Firewall *fw = Firewall::cast( - objdb->findInIndex(objdb->getIntId(firewall_id))); - assert(fw); + getFirewallAndClusterObjects(cluster_id, firewall_id, &cluster, &fw); try { @@ -175,12 +165,19 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id, list all_policies = fw->getByType(Policy::TYPENAME); + // assign unique rule ids that later will be used to generate + // chain names. This should be done after calls to + // findImportedRuleSets() + // NB: these ids are not used by this compiler + + assignUniqueRuleIds(all_policies); + vector ipv4_6_runs; if (!single_rule_compile_on) system_configuration_script = safetyNetInstall(fw); - NamedObjectsManagerIOS named_objects_manager(fw); + NamedObjectsManagerIOS named_objects_manager(persistent_objects, fw); // command line options -4 and -6 control address family for which // script will be generated. If "-4" is used, only ipv4 part will @@ -238,6 +235,7 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id, c.setNamedObjectsManager(&named_objects_manager); c.setSourceRuleSet( policy ); c.setRuleSetName(policy->getName()); + c.setPersistentObjects(persistent_objects); c.setSingleRuleCompileMode(single_rule_id); if (inTestMode()) c.setTestMode(); @@ -272,7 +270,7 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id, } policy_script += c.getCompiledScript(); clear_commands += c.printClearCommands(); - named_objects_manager.saveObjectGroups(); + //named_objects_manager.saveObjectGroups(); } else info(" Nothing to compile in Policy"); @@ -289,6 +287,7 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id, r.setNamedObjectsManager(&named_objects_manager); r.setSourceRuleSet(routing); r.setRuleSetName(routing->getName()); + r.setPersistentObjects(persistent_objects); r.setSingleRuleCompileMode(single_rule_id); if (inTestMode()) r.setTestMode(); @@ -313,6 +312,13 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id, } } + /* + * compilers detach persistent objects when they finish, this + * means at this point library persistent_objects is not part + * of any object tree. + */ + objdb->reparent(persistent_objects); + if (haveErrorsAndWarnings()) { all_errors.push_front(getErrors("").c_str()); diff --git a/src/cisco_lib/NATCompiler_pix.cpp b/src/cisco_lib/NATCompiler_pix.cpp index 099ac9d7e..093d474c6 100644 --- a/src/cisco_lib/NATCompiler_pix.cpp +++ b/src/cisco_lib/NATCompiler_pix.cpp @@ -29,22 +29,23 @@ #include "NamedObjectsAndGroupsSupport.h" #include "NamedObjectsManager.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/RuleElement.h" -#include "fwbuilder/NAT.h" #include "fwbuilder/AddressRange.h" +#include "fwbuilder/AddressTable.h" +#include "fwbuilder/Cluster.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/FailoverClusterGroup.h" #include "fwbuilder/ICMPService.h" -#include "fwbuilder/TCPService.h" -#include "fwbuilder/UDPService.h" -#include "fwbuilder/Interface.h" #include "fwbuilder/IPv4.h" #include "fwbuilder/IPv6.h" #include "fwbuilder/InetAddr.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/NAT.h" #include "fwbuilder/Network.h" #include "fwbuilder/Resources.h" -#include "fwbuilder/AddressTable.h" -#include "fwbuilder/Cluster.h" -#include "fwbuilder/FailoverClusterGroup.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" #include #include @@ -92,8 +93,6 @@ NATCompiler_pix::~NATCompiler_pix() static_commands.clear(); nonat_rules.clear(); first_nonat_rule_id.clear(); - if (final_ruleset != NULL) delete final_ruleset; - } bool StaticCmd::operator==(const StaticCmd &other) @@ -230,8 +229,10 @@ int NATCompiler_pix::prolog() { global_pool_no = 1; - final_ruleset = new NAT(); - fw->add( final_ruleset ); + NAT *final_ruleset = new NAT(); + final_ruleset->setName("Final NAT Rule Set"); + persistent_objects->add( final_ruleset ); + final_ruleset_id = final_ruleset->getId(); return NATCompiler::prolog(); } @@ -308,13 +309,30 @@ string NATCompiler_pix::debugPrintRule(Rule *r) os.str(); } +/* + * store final nat rules in final rule set object in + * persistent_obejcts. Note that we can't add the same rules since an + * object can not be placed in two different places in the tree, so we + * have to add copies. + */ bool NATCompiler_pix::storeProcessedRules::processNext() { - NATCompiler_pix *pix_comp=dynamic_cast(compiler); - NATRule *rule=getNext(); if (rule==NULL) return false; - tmp_queue.push_back(rule); + NATCompiler_pix *pix_comp = dynamic_cast(compiler); - pix_comp->final_ruleset->add(rule); + FWObject *final_ruleset = compiler->persistent_objects->getRoot()->findInIndex( + pix_comp->final_ruleset_id); + + slurp(); + if (tmp_queue.size()==0) return false; + + for (deque::iterator k=tmp_queue.begin(); k!=tmp_queue.end(); ++k) + { + NATRule *rule = NATRule::cast( *k ); + + NATRule *r = compiler->dbcopy->createNATRule(); + final_ruleset->add(r); + r->duplicate(rule); + } return true; } @@ -1389,6 +1407,5 @@ class MergeConflictRes : public FWObjectDatabase::ConflictResolutionPredicate void NATCompiler_pix::setNamedObjectsManager(NamedObjectsManager *mgr) { named_objects_manager = mgr; - mgr->setWorkingObjectTree(dbcopy); } diff --git a/src/cisco_lib/NATCompiler_pix.h b/src/cisco_lib/NATCompiler_pix.h index 9e188c19c..415d8b61b 100644 --- a/src/cisco_lib/NATCompiler_pix.h +++ b/src/cisco_lib/NATCompiler_pix.h @@ -112,8 +112,7 @@ namespace fwcompiler // first: interface->getId(), second: rule->getId() std::map first_nonat_rule_id; - libfwbuilder::RuleSet *final_ruleset; - + int final_ruleset_id; std::string debugPrintRule(libfwbuilder::Rule *r); @@ -507,7 +506,7 @@ namespace fwcompiler virtual std::string printClearCommands(); /** - * scans all rules in combined_ruleset and finds rules (if + * scans all rules in source_ruleset and finds rules (if * any) that define DNAT translation for a combination of * src,dst and srv where src matches OSrc, srv matches OSrv * and dst matches rule element defined by argument diff --git a/src/cisco_lib/NATCompiler_pix_find_translations.cpp b/src/cisco_lib/NATCompiler_pix_find_translations.cpp index 03429fc5e..f1b1f29d3 100644 --- a/src/cisco_lib/NATCompiler_pix_find_translations.cpp +++ b/src/cisco_lib/NATCompiler_pix_find_translations.cpp @@ -23,13 +23,14 @@ #include "NATCompiler_pix.h" -#include "fwbuilder/Interface.h" +#include "fwbuilder/Address.h" #include "fwbuilder/IPv4.h" #include "fwbuilder/InetAddr.h" -#include "fwbuilder/Address.h" -#include "fwbuilder/RuleSet.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" #include "fwbuilder/Rule.h" #include "fwbuilder/RuleElement.h" +#include "fwbuilder/RuleSet.h" #include @@ -79,8 +80,9 @@ list NATCompiler_pix::findMatchingDNATRules( list res; map res_dict; - for (FWObject::iterator i=final_ruleset->begin(); - i!=final_ruleset->end(); ++i) + FWObject *final_ruleset = persistent_objects->getRoot()->findInIndex(final_ruleset_id); + + for (FWObject::iterator i=final_ruleset->begin(); i!=final_ruleset->end(); ++i) { NATRule *rule = NATRule::cast(*i); if (rule == NULL) continue; // skip RuleSetOptions object diff --git a/src/cisco_lib/NamedObject.h b/src/cisco_lib/NamedObject.h index 7ed3c9577..7eedd2e07 100644 --- a/src/cisco_lib/NamedObject.h +++ b/src/cisco_lib/NamedObject.h @@ -30,7 +30,8 @@ #include -namespace fwcompiler { +namespace fwcompiler +{ class NamedObject { diff --git a/src/cisco_lib/NamedObjectsAndGroupsSupport.cpp b/src/cisco_lib/NamedObjectsAndGroupsSupport.cpp index adc82f1c8..042e40748 100644 --- a/src/cisco_lib/NamedObjectsAndGroupsSupport.cpp +++ b/src/cisco_lib/NamedObjectsAndGroupsSupport.cpp @@ -77,7 +77,7 @@ BaseObjectGroup* CreateObjectGroups::findObjectGroup(RuleElement *re) for (FWObject::iterator i1=re->begin(); i1!=re->end(); ++i1) relement.push_back(FWReference::getObject(*i1)); - FWObject *object_groups = named_objects_manager->getObjectGroupsGroupInWorkTree(); + FWObject *object_groups = named_objects_manager->getObjectGroupsGroup(); for (FWObject::iterator i=object_groups->begin(); i!=object_groups->end(); ++i) { BaseObjectGroup *og = dynamic_cast(*i); @@ -118,7 +118,7 @@ bool CreateObjectGroups::processNext() if (obj_group==NULL) { obj_group = named_objects_manager->createObjectGroup(); - named_objects_manager->getObjectGroupsGroupInWorkTree()->add(obj_group); + named_objects_manager->getObjectGroupsGroup()->add(obj_group); packObjects(re, obj_group); diff --git a/src/cisco_lib/NamedObjectsManager.cpp b/src/cisco_lib/NamedObjectsManager.cpp index b0c9f0366..d032288e6 100644 --- a/src/cisco_lib/NamedObjectsManager.cpp +++ b/src/cisco_lib/NamedObjectsManager.cpp @@ -30,21 +30,22 @@ #include "ASA8ObjectGroup.h" #include "IOSObjectGroup.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/RuleElement.h" -#include "fwbuilder/IPService.h" -#include "fwbuilder/ICMPService.h" -#include "fwbuilder/TCPService.h" -#include "fwbuilder/UDPService.h" +#include "fwbuilder/AddressRange.h" +#include "fwbuilder/AddressTable.h" #include "fwbuilder/CustomService.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/Management.h" #include "fwbuilder/Network.h" #include "fwbuilder/Policy.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Management.h" #include "fwbuilder/Resources.h" -#include "fwbuilder/AddressTable.h" -#include "fwbuilder/AddressRange.h" -#include "fwbuilder/Firewall.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" #include "fwcompiler/Compiler.h" @@ -84,15 +85,17 @@ FWObject* create_ASA8ObjectGroup(int id) return nobj; } -NamedObjectsManager::NamedObjectsManager(const Firewall *fw) +NamedObjectsManager::NamedObjectsManager(Library *persistent_objects, + const Firewall *fw) { version = fw->getStr("version"); platform = fw->getStr("platform"); - object_groups_tree = new FWObjectDatabase(); + this->persistent_objects = persistent_objects; + Group *object_groups = new Group(); object_groups->setName("Object Groups"); - object_groups_tree->add( object_groups ); + persistent_objects->add( object_groups ); object_groups_group_id = FWObjectDatabase::getStringId(object_groups->getId()); BaseObjectGroup::name_disambiguation.clear(); @@ -136,7 +139,7 @@ bool NamedObjectsManager::haveNamedObjects() bool NamedObjectsManager::haveObjectGroups() { - FWObject *object_groups = object_groups_tree->findInIndex( + FWObject *object_groups = persistent_objects->getRoot()->findInIndex( FWObjectDatabase::getIntId(object_groups_group_id)); return (object_groups->size() > 0); } @@ -153,7 +156,7 @@ string NamedObjectsManager::getNamedObjectsDefinitions() output << nobj->getCommand(); } - FWObject *object_groups = object_groups_tree->findInIndex( + FWObject *object_groups = persistent_objects->getRoot()->findInIndex( FWObjectDatabase::getIntId(object_groups_group_id)); for (FWObject::iterator i=object_groups->begin(); @@ -185,58 +188,15 @@ BaseObjectGroup* NamedObjectsManager::createObjectGroup() } if (platform == "iosacl") grp = new IOSObjectGroup(); + assert(grp!=NULL); - grp->init(work_db); + return grp; } -void NamedObjectsManager::setWorkingObjectTree(FWObjectDatabase *dbcopy) +Group* NamedObjectsManager::getObjectGroupsGroup() { - FWObjectDatabase::ConflictResolutionPredicate merge_predicate; - dbcopy->merge(object_groups_tree, &merge_predicate); - work_db = dbcopy; -} - -/* - * copy group that holds new object groups from the working tree, that - * belongs to the compiler to our own tree in object_groups_tree. We - * simply add group object to object_groups_tree (this changes its - * parent AND BREAKS OBJECT TREE IT USED TO BELONG TO). We have to - * scan all groups inside of it and create copies of objects they - * reference. We add copies of these objects right into the root of - * object_groups_tree. - */ -void NamedObjectsManager::saveObjectGroups() -{ - object_groups_tree->clearChildren(); - - FWObject *work_object_groups = getObjectGroupsGroupInWorkTree(); // finds it in work_db -// move from work tree to object_groups_tree - object_groups_tree->add(work_object_groups); - - for (FWObject::iterator i=work_object_groups->begin(); - i!=work_object_groups->end(); ++i) - { - FWObject *grp = *i; - grp->setRoot(object_groups_tree); - - for (FWObject::iterator i1=grp->begin(); i1!=grp->end(); ++i1) - { - FWObject *obj = FWReference::getObject(*i1); - object_groups_tree->add(obj); - obj->setRoot(object_groups_tree); - - (*i1)->setRoot(object_groups_tree); - } - } - object_groups_tree->addToIndexRecursive(work_object_groups); - - //object_groups_tree->dump(true, true); -} - -Group* NamedObjectsManager::getObjectGroupsGroupInWorkTree() -{ - return Group::cast(work_db->findInIndex( + return Group::cast(persistent_objects->getRoot()->findInIndex( FWObjectDatabase::getIntId(object_groups_group_id))); } diff --git a/src/cisco_lib/NamedObjectsManager.h b/src/cisco_lib/NamedObjectsManager.h index f5f10a8c6..371e09230 100644 --- a/src/cisco_lib/NamedObjectsManager.h +++ b/src/cisco_lib/NamedObjectsManager.h @@ -28,10 +28,12 @@ #include "BaseObjectGroup.h" -#include "fwbuilder/Group.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/Firewall.h" - +namespace libfwbuilder +{ + class Group; + class Firewall; + class Library; +}; namespace fwcompiler { @@ -45,31 +47,14 @@ protected: // command object-group std::string object_groups_group_id; - /* - * This is a storage object tree. Method saveObjectGroups() - * copies object groups objects created during compiler pass - * in the working tree work_db to this tree. There should be - * no access to the storage tree from outside, it should only - * be used by methods of this class that generate commands for - * object groups definitions or "clear" commands. - */ - libfwbuilder::FWObjectDatabase *object_groups_tree; - - /* - * This is a working object tree. When compilers need to - * interact with named object manager, they should use this - * object tree. Access to the group that holds created object - * groups is provided by method - * getObjectGroupsGroupInWorkTree() that finds it in the - * working tree - */ - libfwbuilder::FWObjectDatabase *work_db; + libfwbuilder::Library *persistent_objects; public: - std::map named_objects; + std::map named_objects; - NamedObjectsManager(const libfwbuilder::Firewall *_fw); + NamedObjectsManager(libfwbuilder::Library *persistent_objects, + const libfwbuilder::Firewall *_fw); virtual ~NamedObjectsManager(); void addNamedObject(const libfwbuilder::FWObject *obj); NamedObject* getNamedObject(const libfwbuilder::FWObject *obj); @@ -81,26 +66,7 @@ public: bool haveObjectGroups(); BaseObjectGroup* createObjectGroup(); - libfwbuilder::Group* getObjectGroupsGroupInWorkTree(); - - void setWorkingObjectTree(libfwbuilder::FWObjectDatabase *dbcopy); - - /* - * saveObjectGroups() moves group that holds all newly created - * object groups from the object database used by the compiler - * (referenced by work_db) to object_groups_tree. Note that we - * just simply re-parent group object which breaks all - * references to it from rules in work_db. Call this from the - * run() function only at the point where compiler's copy of - * the object tree is not needed anymore. Good moment is right - * after the call to epilog(). - * - * Again, THIS METHOD BREAKS OBJECT TREE inside policy - * compiler this instance of NamedObjectsManager works with - * (they get associated by the call to method setNamedObjectsManager() - * of the compiler) - */ - void saveObjectGroups(); + libfwbuilder::Group* getObjectGroupsGroup(); }; diff --git a/src/cisco_lib/NamedObjectsManagerASA8.h b/src/cisco_lib/NamedObjectsManagerASA8.h index 7913171fb..00f8e71f7 100644 --- a/src/cisco_lib/NamedObjectsManagerASA8.h +++ b/src/cisco_lib/NamedObjectsManagerASA8.h @@ -36,8 +36,9 @@ namespace fwcompiler { public: - NamedObjectsManagerASA8(const libfwbuilder::Firewall *fw) : - NamedObjectsManagerPIX(fw) {} + NamedObjectsManagerASA8(libfwbuilder::Library *persistent_objects, + const libfwbuilder::Firewall *fw) : + NamedObjectsManagerPIX(persistent_objects, fw) {} virtual ~NamedObjectsManagerASA8() {}; }; } diff --git a/src/cisco_lib/NamedObjectsManagerIOS.cpp b/src/cisco_lib/NamedObjectsManagerIOS.cpp index ae7840e66..4b55e302f 100644 --- a/src/cisco_lib/NamedObjectsManagerIOS.cpp +++ b/src/cisco_lib/NamedObjectsManagerIOS.cpp @@ -27,6 +27,9 @@ #include "NamedObject.h" #include "BaseObjectGroup.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Library.h" + #include #include @@ -36,8 +39,8 @@ using namespace fwcompiler; using namespace std; -NamedObjectsManagerIOS::NamedObjectsManagerIOS(const Firewall *fw) : - NamedObjectsManager(fw) +NamedObjectsManagerIOS::NamedObjectsManagerIOS(Library *po, const Firewall *fw) : + NamedObjectsManager(po, fw) { } @@ -49,8 +52,7 @@ string NamedObjectsManagerIOS::getClearCommands() { ostringstream output; - FWObject *object_groups = object_groups_tree->findInIndex( - FWObjectDatabase::getIntId(object_groups_group_id)); + FWObject *object_groups = getObjectGroupsGroup(); for (FWObject::iterator i=object_groups->begin(); i!=object_groups->end(); ++i) { diff --git a/src/cisco_lib/NamedObjectsManagerIOS.h b/src/cisco_lib/NamedObjectsManagerIOS.h index 2911893d2..637f91d40 100644 --- a/src/cisco_lib/NamedObjectsManagerIOS.h +++ b/src/cisco_lib/NamedObjectsManagerIOS.h @@ -28,8 +28,13 @@ #include "NamedObjectsManager.h" -#include "fwbuilder/Firewall.h" +namespace libfwbuilder +{ + class Group; + class Firewall; + class Library; +}; namespace fwcompiler { @@ -38,7 +43,8 @@ namespace fwcompiler { public: - NamedObjectsManagerIOS(const libfwbuilder::Firewall *_fw); + NamedObjectsManagerIOS(libfwbuilder::Library *persistent_objects, + const libfwbuilder::Firewall *_fw); virtual ~NamedObjectsManagerIOS(); virtual std::string getClearCommands(); diff --git a/src/cisco_lib/NamedObjectsManagerPIX.cpp b/src/cisco_lib/NamedObjectsManagerPIX.cpp index 7bcc4af46..9916826f6 100644 --- a/src/cisco_lib/NamedObjectsManagerPIX.cpp +++ b/src/cisco_lib/NamedObjectsManagerPIX.cpp @@ -26,6 +26,8 @@ #include "NamedObjectsManagerPIX.h" #include "PIXObjectGroup.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Library.h" #include "fwbuilder/Resources.h" #include @@ -37,8 +39,8 @@ using namespace fwcompiler; using namespace std; -NamedObjectsManagerPIX::NamedObjectsManagerPIX(const Firewall *fw) : - NamedObjectsManager(fw) +NamedObjectsManagerPIX::NamedObjectsManagerPIX(Library *po, const Firewall *fw) : + NamedObjectsManager(po, fw) { } diff --git a/src/cisco_lib/NamedObjectsManagerPIX.h b/src/cisco_lib/NamedObjectsManagerPIX.h index f5d8b6d8e..3f801c8c5 100644 --- a/src/cisco_lib/NamedObjectsManagerPIX.h +++ b/src/cisco_lib/NamedObjectsManagerPIX.h @@ -28,8 +28,12 @@ #include "NamedObjectsManager.h" -#include "fwbuilder/Firewall.h" - +namespace libfwbuilder +{ + class Group; + class Firewall; + class Library; +}; namespace fwcompiler { @@ -38,7 +42,8 @@ namespace fwcompiler { public: - NamedObjectsManagerPIX(const libfwbuilder::Firewall *_fw); + NamedObjectsManagerPIX(libfwbuilder::Library *persistent_objects, + const libfwbuilder::Firewall *_fw); virtual ~NamedObjectsManagerPIX(); virtual std::string getClearCommands(); diff --git a/src/cisco_lib/PolicyCompiler_cisco.cpp b/src/cisco_lib/PolicyCompiler_cisco.cpp index 42c81e78e..4763e12b0 100644 --- a/src/cisco_lib/PolicyCompiler_cisco.cpp +++ b/src/cisco_lib/PolicyCompiler_cisco.cpp @@ -30,18 +30,19 @@ #include "NamedObjectsAndGroupsSupport.h" #include "NamedObjectsManager.h" +#include "fwbuilder/AddressTable.h" #include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/RuleElement.h" -#include "fwbuilder/IPService.h" #include "fwbuilder/ICMPService.h" -#include "fwbuilder/TCPService.h" -#include "fwbuilder/UDPService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/Management.h" #include "fwbuilder/Network.h" #include "fwbuilder/Policy.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Management.h" #include "fwbuilder/Resources.h" -#include "fwbuilder/AddressTable.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" #include #include @@ -158,18 +159,18 @@ void PolicyCompiler_cisco::addDefaultPolicyRule() TCPService *ssh = dbcopy->createTCPService(); ssh->setDstRangeStart(22); ssh->setDstRangeEnd(22); - dbcopy->add(ssh, false); + persistent_objects->add(ssh, false); TCPService *ssh_rev = dbcopy->createTCPService(); ssh_rev->setSrcRangeStart(22); ssh_rev->setSrcRangeEnd(22); - dbcopy->add(ssh_rev, false); + persistent_objects->add(ssh_rev, false); Network *mgmt_workstation = dbcopy->createNetwork(); mgmt_workstation->setAddressNetmask( getCachedFwOpt()->getStr("mgmt_addr")); - dbcopy->add(mgmt_workstation, false); + persistent_objects->add(mgmt_workstation, false); PolicyCompiler::addMgmtRule( mgmt_workstation, fw, ssh, @@ -539,40 +540,34 @@ bool PolicyCompiler_cisco::tcpServiceToFW::processNext() std::list cl; for (list::iterator i1=srv->begin(); i1!=srv->end(); ++i1) { - FWObject *o = *i1; - FWObject *obj = NULL; - if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer(); - Service *s=Service::cast(obj); + FWObject *obj = FWReference::getObject(*i1); + Service *s = Service::cast(obj); assert(s!=NULL); if (TCPService::isA(s) && TCPUDPService::cast(s)->getDstRangeStart()==port && - TCPUDPService::cast(s)->getDstRangeEnd()==port) cl.push_back(o); + TCPUDPService::cast(s)->getDstRangeEnd()==port) cl.push_back(obj); } if (!cl.empty()) { - - PolicyRule *r= compiler->dbcopy->createPolicyRule(); + PolicyRule *r = compiler->dbcopy->createPolicyRule(); compiler->temp_ruleset->add(r); r->duplicate(rule); - RuleElementDst *ndst=r->getDst(); + RuleElementDst *ndst = r->getDst(); ndst->clearChildren(); - ndst->setAnyElement(); - - // Was commented out in r50 ndst->addRef( compiler->fw ); - RuleElementSrv *nsrv=r->getSrv(); + RuleElementSrv *nsrv = r->getSrv(); nsrv->clearChildren(); - nsrv->add( cl.front() ); + nsrv->addRef( cl.front() ); r->setBool("ssh_telnet_cmd",true); tmp_queue.push_back(r); for (list::iterator i1=cl.begin(); i1!=cl.end(); ++i1) - srv->remove( (*i1) ); + srv->removeRef(*i1); + + if ( ! srv->isAny()) tmp_queue.push_back(rule); - if (srv->size()>0) - tmp_queue.push_back(rule); } else tmp_queue.push_back(rule); } else @@ -833,7 +828,5 @@ string PolicyCompiler_cisco::printClearCommands() void PolicyCompiler_cisco::setNamedObjectsManager(NamedObjectsManager *mgr) { named_objects_manager = mgr; - // initialize object groups support - mgr->setWorkingObjectTree(dbcopy); } diff --git a/src/cisco_lib/PolicyCompiler_iosacl.cpp b/src/cisco_lib/PolicyCompiler_iosacl.cpp index 8649dd650..bde5d1105 100644 --- a/src/cisco_lib/PolicyCompiler_iosacl.cpp +++ b/src/cisco_lib/PolicyCompiler_iosacl.cpp @@ -28,19 +28,20 @@ #include "PolicyCompiler_iosacl.h" #include "NamedObjectsAndGroupsSupport.h" +#include "fwbuilder/AddressTable.h" #include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/RuleElement.h" -#include "fwbuilder/IPService.h" #include "fwbuilder/ICMPService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/Management.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/ObjectMirror.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/RuleElement.h" #include "fwbuilder/TCPService.h" #include "fwbuilder/UDPService.h" -#include "fwbuilder/Network.h" -#include "fwbuilder/Policy.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Management.h" -#include "fwbuilder/Resources.h" -#include "fwbuilder/AddressTable.h" -#include "fwbuilder/ObjectMirror.h" #include #if __GNUC__ > 3 || \ @@ -87,7 +88,7 @@ int PolicyCompiler_iosacl::prolog() fw->getOptionsObject()->getBool("iosacl_use_acl_remarks")); // object_groups = new Group(); - // dbcopy->add( object_groups ); + // persistent_objects->add( object_groups ); setAllNetworkZonesToNone(); @@ -109,13 +110,13 @@ void PolicyCompiler_iosacl::addDefaultPolicyRule() TCPService *ssh_rev = dbcopy->createTCPService(); ssh_rev->setSrcRangeStart(22); ssh_rev->setSrcRangeEnd(22); - dbcopy->add(ssh_rev, false); + persistent_objects->add(ssh_rev, false); Network *mgmt_workstation = dbcopy->createNetwork(); mgmt_workstation->setAddressNetmask( getCachedFwOpt()->getStr("mgmt_addr")); - dbcopy->add(mgmt_workstation, false); + persistent_objects->add(mgmt_workstation, false); PolicyCompiler::addMgmtRule( fw, mgmt_workstation, ssh_rev, @@ -209,7 +210,8 @@ bool PolicyCompiler_iosacl::mirrorRule::processNext() { Service *nobj = mirror.getMirroredService( Service::cast(FWReference::getObject(*i1))); - compiler->dbcopy->add(nobj, false); + if (nobj->getParent() == NULL) + compiler->persistent_objects->add(nobj, false); nsrv->addRef(nobj); } } diff --git a/src/cisco_lib/RoutingCompiler_cisco.cpp b/src/cisco_lib/RoutingCompiler_cisco.cpp index f38375cc5..a682f43f6 100644 --- a/src/cisco_lib/RoutingCompiler_cisco.cpp +++ b/src/cisco_lib/RoutingCompiler_cisco.cpp @@ -114,5 +114,4 @@ string RoutingCompiler_cisco::debugPrintRule(Rule *r) void RoutingCompiler_cisco::setNamedObjectsManager(NamedObjectsManager *mgr) { named_objects_manager = mgr; - mgr->setWorkingObjectTree(dbcopy); } diff --git a/src/cisco_lib/specialServices.cpp b/src/cisco_lib/specialServices.cpp index 219c7305c..5d926c048 100644 --- a/src/cisco_lib/specialServices.cpp +++ b/src/cisco_lib/specialServices.cpp @@ -40,6 +40,14 @@ bool SpecialServices::processNext() PolicyCompiler_pix *pix_comp = dynamic_cast(compiler); Rule *rule = prev_processor->getNextRule(); if (rule==NULL) return false; RuleElement *re = RuleElement::cast(rule->getFirstByType(re_type)); + + if (re->size() == 0) + { + cerr << "Rule " << rule->getLabel() + << "rule element " << re_type << " is empty" << endl; + assert(re->size() != 0); + } + FWObject *obj = FWReference::getObject(re->front()); Service *s = Service::cast(obj); diff --git a/src/compiler_lib/AutomaticRules.cpp b/src/compiler_lib/AutomaticRules.cpp new file mode 100644 index 000000000..4f82a33f2 --- /dev/null +++ b/src/compiler_lib/AutomaticRules.cpp @@ -0,0 +1,131 @@ +/* + + Firewall Builder + + Copyright (C) 2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "AutomaticRules.h" + +#include "fwbuilder/Address.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Policy.h" + + +using namespace fwcompiler; +using namespace libfwbuilder; +using namespace std; + + +AutomaticRules::AutomaticRules(Firewall *fw, Library *persistent_objects) +{ + this->fw = fw; + this->persistent_objects = persistent_objects; + ruleset = NULL; + + list all_policies = fw->getByType(Policy::TYPENAME); + for (FWObject::iterator it=all_policies.begin(); it!=all_policies.end(); ++it) + { + Policy *policy = Policy::cast(*it); + + FWOptions *rulesetopts = policy->getOptionsObject(); + if (rulesetopts->getBool("mangle_only_rule_set")) continue; + + if (policy->isTop()) + { + ruleset = policy; + break; + } + } +} + +PolicyRule* AutomaticRules::addMgmtRule( + Address* src, + Address* dst, + Service* service, + Interface* iface, + const PolicyRule::Direction direction, + const PolicyRule::Action action, + const string &label, + bool related) +{ + if (ruleset == NULL) return NULL; + + /* Insert PolicyRules at top so they do not get shadowed by other + * rules. Call insertRuleAtTop() with hidden_rule argument true to + * make sure this rule gets negative position number and does not + * shift positions of other rules. See ticket #16. Also, hidden + * rules are not considered for shadowing. + */ + + PolicyRule* rule = PolicyRule::cast(ruleset->insertRuleAtTop(true)); + assert(rule != NULL); + + ostringstream str; + str << rule->getPosition() << " " << label << " (automatic)" ; + rule->setLabel(str.str()); + + FWObject *re; + re = rule->getSrc(); assert(re!=NULL); + RuleElementSrc::cast(re)->reset(); + if(src != NULL) + re->addRef(src); + + re = rule->getDst(); assert(re!=NULL); + RuleElementDst::cast(re)->reset(); + if(dst != NULL) + re->addRef(dst); + + re = rule->getSrv(); assert(re!=NULL); + RuleElementSrv::cast(re)->reset(); + if(service != NULL) + re->addRef(service); + + re = rule->getWhen(); assert(re!=NULL); + RuleElementInterval::cast(re)->reset(); + + re = rule->getItf(); assert(re!=NULL); + RuleElementItf::cast(re)->reset(); + if(iface != NULL) + { + re->addRef(iface); +// rule->setInterfaceId(iface->getId()); + } + + rule->add(ruleset->getRoot()->create(PolicyRuleOptions::TYPENAME)); + rule->setLogging(false); + rule->enable(); + rule->setAction(action); + rule->setDirection(direction); + // Use firewall object ID to generate uique ID for this management rule + // to make it stable across different runs of the compiler + rule->setUniqueId( + ruleset->getRoot()->getPredictableId( + FWObjectDatabase::getStringId(fw->getId()) + "." + )); + + return rule; +} diff --git a/src/compiler_lib/AutomaticRules.h b/src/compiler_lib/AutomaticRules.h new file mode 100644 index 000000000..16a2249e4 --- /dev/null +++ b/src/compiler_lib/AutomaticRules.h @@ -0,0 +1,73 @@ +/* + + Firewall Builder + + Copyright (C) 2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __AUTOMATICRULES_HH__ +#define __AUTOMATICRULES_HH__ + +#include "fwbuilder/Rule.h" + +#include +#include + + +namespace libfwbuilder +{ + class Address; + class Firewall; + class Interface; + class Library; + class Service; +}; + +namespace fwcompiler +{ + +class AutomaticRules +{ + +protected: + libfwbuilder::Firewall *fw; + libfwbuilder::RuleSet *ruleset; + libfwbuilder::Library *persistent_objects; + +public: + + AutomaticRules(libfwbuilder::Firewall *fw, + libfwbuilder::Library *persistent_objects); + + virtual libfwbuilder::PolicyRule* addMgmtRule( + libfwbuilder::Address* src, + libfwbuilder::Address* dst, + libfwbuilder::Service* service, + libfwbuilder::Interface* iface, + const libfwbuilder::PolicyRule::Direction direction, + const libfwbuilder::PolicyRule::Action action, + const std::string &label, + bool related = false); + +}; + +}; + + +#endif diff --git a/src/compiler_lib/CompilerDriver.cpp b/src/compiler_lib/CompilerDriver.cpp index 00c6270ba..9280009ca 100644 --- a/src/compiler_lib/CompilerDriver.cpp +++ b/src/compiler_lib/CompilerDriver.cpp @@ -46,22 +46,23 @@ #include "interfaceProperties.h" #include "interfacePropertiesObjectFactory.h" -#include "fwbuilder/FWObject.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/FWException.h" #include "fwbuilder/Cluster.h" #include "fwbuilder/ClusterGroup.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/FWObject.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/FailoverClusterGroup.h" #include "fwbuilder/Firewall.h" -#include "fwbuilder/Interface.h" #include "fwbuilder/IPv4.h" #include "fwbuilder/IPv6.h" -#include "fwbuilder/Rule.h" -#include "fwbuilder/Policy.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" #include "fwbuilder/NAT.h" -#include "fwbuilder/Routing.h" +#include "fwbuilder/Policy.h" #include "fwbuilder/Resources.h" +#include "fwbuilder/Routing.h" +#include "fwbuilder/Rule.h" #include "fwbuilder/StateSyncClusterGroup.h" -#include "fwbuilder/FailoverClusterGroup.h" #include "fwcompiler/Compiler.h" @@ -91,7 +92,19 @@ CompilerDriver::CompilerDriver(FWObjectDatabase *db) : BaseCompiler() ipv4_run = true; ipv6_run = true; fw_by_id = false; + objdb = new FWObjectDatabase(*db); + + //objdb = db; + + persistent_objects = new Library(); + persistent_objects->setName("Persistent Objects"); + objdb->add(persistent_objects); + + workspace = new Library(); + workspace->setName("Workspace"); + objdb->add(workspace); + prolog_done = false; epilog_done = false; have_filter = false; @@ -101,6 +114,28 @@ CompilerDriver::CompilerDriver(FWObjectDatabase *db) : BaseCompiler() CompilerDriver::~CompilerDriver() { + if (persistent_objects->getParent() == NULL) + delete persistent_objects; + else + { + if (persistent_objects->getParent() == objdb) + { + objdb->remove(persistent_objects, false); + delete persistent_objects; + } + } + + if (workspace->getParent() == NULL) + delete workspace; + else + { + if (workspace->getParent() == objdb) + { + objdb->remove(workspace, false); + delete workspace; + } + } + delete objdb; } @@ -685,9 +720,12 @@ void CompilerDriver::findImportedRuleSets(Firewall *fw, if (branch_ruleset->isChildOf(fw)) continue; - list::iterator it = std::find(imported_policies.begin(), - imported_policies.end(), - branch_ruleset); + list::iterator it = + std::find( + imported_policies.begin(), + imported_policies.end(), + branch_ruleset); + if (it != imported_policies.end()) continue; // Additional check: the rule set may be child of a @@ -703,6 +741,7 @@ void CompilerDriver::findImportedRuleSets(Firewall *fw, } } } + if (imported_policies.size() > 0) all_policies.insert(all_policies.end(), imported_policies.begin(), imported_policies.end()); @@ -734,6 +773,11 @@ void CompilerDriver::_findImportedRuleSetsRecursively( } } +void CompilerDriver::assignUniqueRuleIds(list &all_rulesets) +{ + for_each(all_rulesets.begin(), all_rulesets.end(), + RuleSet::UniqueRuleIdsSetter()); +} QString CompilerDriver::run(const std::string&, const std::string&, const std::string&) { @@ -855,8 +899,10 @@ void CompilerDriver::mergeRuleSets(Cluster *cluster, Firewall *fw, { FWObject *ruleset = *p; - FWObject::iterator i = std::find_if(fw->begin(), fw->end(), - FWObjectNameEQPredicate(ruleset->getName())); + FWObject::iterator i = std::find_if( + fw->begin(), fw->end(), + FWObjectNameEQPredicate(ruleset->getName())); + if (i!=fw->end() && (*i)->getTypeName() == type) { FWObject *fw_ruleset = *i; @@ -925,6 +971,20 @@ void CompilerDriver::populateClusterElements(Cluster *cluster, Firewall *fw) { if (cluster==NULL) return; +#ifdef DEBUG_CLUSTER_INTERFACES + cerr << "CompilerDriver::populateClusterElements " << endl; + + cerr << cluster->getPath(false, true) << endl; + list cl_interfaces = cluster->getByTypeDeep(Interface::TYPENAME); + cerr << cl_interfaces.size() << " interface" << endl; + cluster->dump(false, true); + + cerr << fw->getPath(false, true) << endl; + list fw_interfaces = fw->getByTypeDeep(Interface::TYPENAME); + cerr << fw_interfaces.size() << " interface" << endl; + fw->dump(false, true); +#endif + // int addedPolicies = 0; set state_sync_types; @@ -1185,3 +1245,51 @@ QString CompilerDriver::formSingleRuleCompileOutput(const QString &generated_cod return res; } +void CompilerDriver::getFirewallAndClusterObjects(const string &cluster_id, + const string &firewall_id, + Cluster **cl, + Firewall **fw) +{ + if (!cluster_id.empty()) + { + Cluster *orig_cluster = Cluster::cast( + objdb->findInIndex(objdb->getIntId(cluster_id))); + +#ifdef WORK_ON_COPIES + *cl = objdb->createCluster(); + workspace->add(*cl); + (*cl)->duplicate(orig_cluster); +#else + + *cl = orig_cluster; + +#endif + + } + + Firewall *orig_fw = Firewall::cast( + objdb->findInIndex(objdb->getIntId(firewall_id))); + assert(orig_fw); + +#ifdef WORK_ON_COPIES + + *fw = objdb->createFirewall(); + workspace->add(*fw); + (*fw)->duplicate(orig_fw); + + if (*cl != NULL) + { + const map &id_map = (*fw)->getIDMappingTable(); + map::const_iterator it; + for (it=id_map.begin(); it!=id_map.end(); ++it) + (*cl)->replaceRef(it->first, it->second); + } +#else + + *fw = orig_fw; + +#endif + +} + + diff --git a/src/compiler_lib/CompilerDriver.h b/src/compiler_lib/CompilerDriver.h index c3daea324..4fab0690f 100644 --- a/src/compiler_lib/CompilerDriver.h +++ b/src/compiler_lib/CompilerDriver.h @@ -132,6 +132,8 @@ protected: std::map branches; libfwbuilder::FWObjectDatabase *objdb; + libfwbuilder::Library *persistent_objects; + libfwbuilder::Library *workspace; void determineOutputFileNames(libfwbuilder::Cluster *cluster, libfwbuilder::Firewall *current_fw, @@ -250,9 +252,16 @@ public: */ virtual libfwbuilder::Firewall* locateObject(); + void getFirewallAndClusterObjects(const std::string &cluster_id, + const std::string &fw_id, + libfwbuilder::Cluster **cl, + libfwbuilder::Firewall **fw); + void findImportedRuleSets(libfwbuilder::Firewall *fw, std::list &all_policies); + void assignUniqueRuleIds(std::list &all_policies); + virtual bool prepare(const QStringList &args); virtual void compile(); virtual QMap compileSingleRule(const std::string &rule_id); diff --git a/src/compiler_lib/CompilerDriver_compile.cpp b/src/compiler_lib/CompilerDriver_compile.cpp index 0a3185d3b..f56f5f1a5 100644 --- a/src/compiler_lib/CompilerDriver_compile.cpp +++ b/src/compiler_lib/CompilerDriver_compile.cpp @@ -31,11 +31,12 @@ #include "CompilerDriver.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/FWException.h" #include "fwbuilder/Cluster.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/FWObjectDatabase.h" #include "fwbuilder/Firewall.h" #include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" #include "fwbuilder/Rule.h" #include "fwcompiler/Compiler.h" @@ -144,8 +145,15 @@ QMap CompilerDriver::compileSingleRule(const string &rule_id) if (cluster) { commonChecks(cluster); + list members; Cluster::cast(cluster)->getMembersList(members); + + // this copy of CompilerDriver is not going to do any useful work and + // does not need these. + objdb->remove(persistent_objects, false); + objdb->remove(workspace, false); + for (list::iterator it=members.begin(); it!=members.end(); ++it) { CompilerDriver *cl_driver = clone(); diff --git a/src/compiler_lib/compiler_lib.pro b/src/compiler_lib/compiler_lib.pro index 9d8ccd36b..ec33db6ee 100644 --- a/src/compiler_lib/compiler_lib.pro +++ b/src/compiler_lib/compiler_lib.pro @@ -19,7 +19,8 @@ SOURCES = CompilerDriver.cpp \ iosInterfaces.cpp \ procurveInterfaces.cpp \ pixInterfaces.cpp \ - interfacePropertiesObjectFactory.cpp + interfacePropertiesObjectFactory.cpp \ + AutomaticRules.cpp HEADERS = ../../config.h \ CompilerDriver.h \ @@ -31,7 +32,8 @@ HEADERS = ../../config.h \ iosInterfaces.h \ procurveInterfaces.h \ pixInterfaces.h \ - interfacePropertiesObjectFactory.h + interfacePropertiesObjectFactory.h \ + AutomaticRules.h INCLUDEPATH += ../libfwbuilder/src diff --git a/src/iosacl/iosacl.cpp b/src/iosacl/iosacl.cpp index 4cae9049c..9062d26ab 100644 --- a/src/iosacl/iosacl.cpp +++ b/src/iosacl/iosacl.cpp @@ -153,16 +153,20 @@ int main(int argc, char **argv) FWObject *slib = objdb->getById(FWObjectDatabase::STANDARD_LIB_ID); if (slib && slib->isReadOnly()) slib->setReadOnly(false); - CompilerDriver_iosacl driver(objdb); - if (!driver.prepare(args)) + CompilerDriver_iosacl *driver = new CompilerDriver_iosacl(objdb); + if (!driver->prepare(args)) { usage(argv[0]); exit(1); } - driver.compile(); + driver->compile(); + int ret = (driver->getStatus() == BaseCompiler::FWCOMPILER_SUCCESS) ? 0 : 1; + + delete driver; delete objdb; - return (driver.getStatus() == BaseCompiler::FWCOMPILER_SUCCESS) ? 0 : 1; + + return ret; } catch(libfwbuilder::FWException &ex) { diff --git a/src/ipf/ipf.cpp b/src/ipf/ipf.cpp index de0c30ecd..bca7a2eba 100644 --- a/src/ipf/ipf.cpp +++ b/src/ipf/ipf.cpp @@ -167,15 +167,19 @@ int main(int argc, char **argv) FWObject *slib = objdb->getById(FWObjectDatabase::STANDARD_LIB_ID); if (slib && slib->isReadOnly()) slib->setReadOnly(false); - CompilerDriver_ipf driver(objdb); - if (!driver.prepare(args)) + CompilerDriver_ipf *driver = new CompilerDriver_ipf(objdb); + if (!driver->prepare(args)) { usage(argv[0]); exit(1); } - driver.compile(); + driver->compile(); + int ret = (driver->getStatus() == BaseCompiler::FWCOMPILER_SUCCESS) ? 0 : 1; + + delete driver; delete objdb; - return (driver.getStatus() == BaseCompiler::FWCOMPILER_SUCCESS) ? 0 : 1; + + return ret; } catch(const FWException &ex) { cerr << ex.toString() << endl; diff --git a/src/ipfw/ipfw.cpp b/src/ipfw/ipfw.cpp index 593b0fc88..0a54a77da 100644 --- a/src/ipfw/ipfw.cpp +++ b/src/ipfw/ipfw.cpp @@ -163,15 +163,19 @@ int main(int argc, char **argv) FWObject *slib = objdb->getById(FWObjectDatabase::STANDARD_LIB_ID); if (slib && slib->isReadOnly()) slib->setReadOnly(false); - CompilerDriver_ipfw driver(objdb); - if (!driver.prepare(args)) + CompilerDriver_ipfw *driver = new CompilerDriver_ipfw(objdb); + if (!driver->prepare(args)) { usage(argv[0]); exit(1); } - driver.compile(); + driver->compile(); + int ret = (driver->getStatus() == BaseCompiler::FWCOMPILER_SUCCESS) ? 0 : 1; + + delete driver; delete objdb; - return (driver.getStatus() == BaseCompiler::FWCOMPILER_SUCCESS) ? 0 : 1; + + return ret; } catch(const FWException &ex) { diff --git a/src/ipt/ipt.cpp b/src/ipt/ipt.cpp index 34fee9ae5..e4ce3f506 100644 --- a/src/ipt/ipt.cpp +++ b/src/ipt/ipt.cpp @@ -144,16 +144,19 @@ int main(int argc, char **argv) FWObject *slib = objdb->findInIndex(FWObjectDatabase::STANDARD_LIB_ID); if (slib && slib->isReadOnly()) slib->setReadOnly(false); - CompilerDriver_ipt driver(objdb); - if (!driver.prepare(args)) + CompilerDriver_ipt *driver = new CompilerDriver_ipt(objdb); + if (!driver->prepare(args)) { usage(argv[0]); exit(1); } - driver.compile(); + driver->compile(); + int ret = (driver->getStatus() == BaseCompiler::FWCOMPILER_SUCCESS) ? 0 : 1; + + delete driver; delete objdb; - return (driver.getStatus() == BaseCompiler::FWCOMPILER_SUCCESS) ? 0 : 1; + return ret; } catch(const FWException &ex) { diff --git a/src/iptlib/AutomaticRules_ipt.cpp b/src/iptlib/AutomaticRules_ipt.cpp new file mode 100644 index 000000000..7916617dc --- /dev/null +++ b/src/iptlib/AutomaticRules_ipt.cpp @@ -0,0 +1,472 @@ +/* + + Firewall Builder + + Copyright (C) 2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "AutomaticRules_ipt.h" + +#include "fwbuilder/Address.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/Resources.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/StateSyncClusterGroup.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/FailoverClusterGroup.h" +#include "fwbuilder/IPService.h" + +#include + + +using namespace fwcompiler; +using namespace libfwbuilder; +using namespace std; + + + +PolicyRule* AutomaticRules_ipt::addMgmtRule( + Address* src, Address* dst, Service* service, Interface* iface, + const PolicyRule::Direction direction, + const PolicyRule::Action action, + const string &label, + bool related) +{ + PolicyRule *rule = AutomaticRules::addMgmtRule(src, dst, service, + iface, direction, action, + label); + + FWOptions *ruleopt = rule->getOptionsObject(); assert(ruleopt!=NULL); + if (related) + { + ruleopt->setBool("stateless", false); + ruleopt->setBool("accept_established", true); + } else + { + ruleopt->setBool("stateless", true); + } + ruleopt->setBool("firewall_is_part_of_any_and_networks", true); + + return rule; +} + +void AutomaticRules_ipt::addConntrackRule() +{ + FWOptions* options = fw->getOptionsObject(); + string conntrack_iface_name = options->getStr("state_sync_interface"); + if (conntrack_iface_name.empty()) + { + /* CONNTRACK not active, nothing left to do */ + return; + } + + string conntrack_group_id = options->getStr("state_sync_group_id"); + StateSyncClusterGroup *state_sync_group = + StateSyncClusterGroup::cast( + ruleset->getRoot()->findInIndex( + FWObjectDatabase::getIntId(conntrack_group_id))); + + Resources *os_res = Resources::os_res[fw->getStr("host_OS")]; + assert(os_res != NULL); + + string default_address = + os_res->getResourceStr("/FWBuilderResources/Target/protocols/conntrack/default_address"); + string default_port = + os_res->getResourceStr("/FWBuilderResources/Target/protocols/conntrack/default_port"); + + bool ucast = state_sync_group->getOptionsObject()->getBool("conntrack_unicast"); + string addr = state_sync_group->getOptionsObject()->getStr("conntrack_address"); + if (addr.empty()) addr = default_address; + + try + { + InetAddr(addr); + } catch (FWException &ex) + { + try + { + InetAddr(AF_INET6, addr); + } catch (FWException &ex) + { + throw FWException(string("Invalid IP address for conntrack: ") + addr); + } + } + + string port = state_sync_group->getOptionsObject()->getStr("conntrack_port"); + if (port.empty()) port = default_port; + + /* Add CONNTRACK-Address to database */ + Address *conntrack_dst = Address::cast(ruleset->getRoot()->create(IPv4::TYPENAME)); + conntrack_dst->setName("CONNTRACK-Address"); + conntrack_dst->setAddress(InetAddr(addr)); + // Why the whole multicast adress range ? + //conntrack_dst->setNetmask(InetAddr("240.0.0.0")); + conntrack_dst->setComment("CONNTRACK Multicast Address"); + persistent_objects->add(conntrack_dst); + + UDPService *conntrack_srv = UDPService::cast(ruleset->getRoot()->create(UDPService::TYPENAME)); + conntrack_srv->setName("CONNTRACK-UDP"); + conntrack_srv->setDstRangeStart(atoi(port.c_str())); + conntrack_srv->setDstRangeEnd(atoi(port.c_str())); + conntrack_srv->setComment("CONNTRACK UDP port"); + persistent_objects->add(conntrack_srv); + + /* Find conntrack interface */ + Interface* conntrack_iface = Interface::cast(fw->findObjectByName(Interface::TYPENAME, conntrack_iface_name)); + + if (conntrack_iface == NULL) + { + throw FWException( + "Unable to get CONNTRACK interface ("+ conntrack_iface_name +")"); + } + + /* Add automatic rules for CONNTRACK */ + if (ucast) + { + Interface *fw_iface = NULL; + list other_interfaces; + for (FWObjectTypedChildIterator it = + state_sync_group->findByType(FWObjectReference::TYPENAME); + it != it.end(); ++it) + { + Interface *iface = + Interface::cast(FWObjectReference::getObject(*it)); + assert(iface); + if (iface->isChildOf(fw)) + { + fw_iface = iface; + } else + { + other_interfaces.push_back(iface); + } + } + + for (list::iterator it=other_interfaces.begin(); it!=other_interfaces.end(); ++it) + { + Interface *other_iface = *it; + + addMgmtRule(other_iface, + fw, + conntrack_srv, + fw_iface, + PolicyRule::Inbound, + PolicyRule::Accept, + "CONNTRACK"); + addMgmtRule(fw, + other_iface, + conntrack_srv, + fw_iface, + PolicyRule::Outbound, + PolicyRule::Accept, + "CONNTRACK"); + } + } else + { + addMgmtRule(NULL, + conntrack_dst, + conntrack_srv, + conntrack_iface, + PolicyRule::Inbound, + PolicyRule::Accept, + "CONNTRACK"); + + addMgmtRule(fw, + conntrack_dst, + conntrack_srv, + conntrack_iface, + PolicyRule::Outbound, + PolicyRule::Accept, + "CONNTRACK"); + } +} + +void AutomaticRules_ipt::addFailoverRules() +{ + Resources *os_res = Resources::os_res[fw->getStr("host_OS")]; + assert(os_res != NULL); + + string default_heartbeat_port = + os_res->getResourceStr( + "/FWBuilderResources/Target/protocols/heartbeat/default_port"); + string default_heartbeat_address = + os_res->getResourceStr( + "/FWBuilderResources/Target/protocols/heartbeat/default_address"); + string default_openais_port = + os_res->getResourceStr( + "/FWBuilderResources/Target/protocols/openais/default_port"); + string default_openais_address = + os_res->getResourceStr( + "/FWBuilderResources/Target/protocols/openais/default_address"); + + FWObjectTypedChildIterator interfaces = fw->findByType(Interface::TYPENAME); + for (; interfaces != interfaces.end(); ++interfaces) + { + Interface *iface = Interface::cast(*interfaces); + + /* + We add copies of cluster interface objects to fw objects + so each interface appears twice, the original interface + of the firewall, plus a copy of the cluster + interface. To deduplicate will use only copies of + cluster interfaces because these include VRRP interfaces. + */ + + if (iface->isFailoverInterface() && + iface->getOptionsObject()->getBool("cluster_interface")) + { + FWObject *failover_group = + iface->getFirstByType(FailoverClusterGroup::TYPENAME); + + PolicyRule *rule = NULL; + + string fw_iface_id = iface->getOptionsObject()->getStr("base_interface_id"); + Interface *fw_iface = + Interface::cast( + ruleset->getRoot()->findInIndex(FWObjectDatabase::getIntId(fw_iface_id))); + if (fw_iface == NULL) + { + throw FWException( + QString("Can not find interface of the firewall " + "for the cluster failover group %1. ") + .arg(failover_group->getName().c_str()).toStdString()); + + } + + if (failover_group->getStr("type") == "vrrp") + { + /* Add VRRP-Address to database */ + Address *vrrp_dst = Address::cast( + ruleset->getRoot()->create(IPv4::TYPENAME)); + + vrrp_dst->setName("VRRP-Address"); + vrrp_dst->setAddress(InetAddr("224.0.0.18")); + vrrp_dst->setNetmask(InetAddr(InetAddr::getAllOnes())); + vrrp_dst->setComment("VRRP Multicast Address"); + persistent_objects->add(vrrp_dst); + + bool use_ipsec_ah = false; + + FWOptions *failover_opts = + FailoverClusterGroup::cast(failover_group)->getOptionsObject(); + if (failover_opts) + { + use_ipsec_ah = failover_opts->getBool("vrrp_over_ipsec_ah"); + } + + /* Add VRRP-Service to database */ + IPService* vrrp_srv = IPService::cast( + ruleset->getRoot()->create(IPService::TYPENAME)); + vrrp_srv->setComment("VRRP service"); + vrrp_srv->setProtocolNumber(112); + persistent_objects->add(vrrp_srv); + + /* + * Add AH-Service to database. + * According to RFC 2338 section 5.3.6.3, VRRP can use + * IPsec AH. + */ + IPService* ah_srv = IPService::cast( + ruleset->getRoot()->create(IPService::TYPENAME)); + ah_srv->setComment("IPSEC-AH"); + ah_srv->setProtocolNumber(51); + persistent_objects->add(ah_srv); + + for (FWObjectTypedChildIterator it = + failover_group->findByType(FWObjectReference::TYPENAME); + it != it.end(); ++it) + { + Interface *other_iface = + Interface::cast(FWObjectReference::getObject(*it)); + assert(other_iface); + if (other_iface->getId() == fw_iface->getId()) continue; + // if interface is dynamic, we can't use it in the rule + // (because it belongs to another machine, not the fw + // we compile for so we can't use script). NULL means "any" + // in the call to addMgmtRule() + if (other_iface->isDyn()) other_iface = NULL; + + if (!use_ipsec_ah) + { + addMgmtRule(other_iface, vrrp_dst, vrrp_srv, iface, + PolicyRule::Inbound, PolicyRule::Accept, + "VRRP"); + } else + { + addMgmtRule(other_iface, vrrp_dst, ah_srv, iface, + PolicyRule::Inbound, PolicyRule::Accept, + "VRRP (with IPSEC-AH)"); + } + } + // outbound rule does not use other_interface and + // should be created outside the loop to avoid + // duplicates. Duplicates happen when cluster has 3 or + // more members. + if (!use_ipsec_ah) + { + addMgmtRule(fw, vrrp_dst, vrrp_srv, iface, + PolicyRule::Outbound, PolicyRule::Accept, + "VRRP"); + } else + { + addMgmtRule(fw, vrrp_dst, ah_srv, iface, + PolicyRule::Outbound, PolicyRule::Accept, + "VRRP (with IPSEC-AH)"); + } + } + + if (failover_group->getStr("type") == "heartbeat") + { + /* + * Note that iface is a copy of the cluster inetrface. + * Find interface of the member firewall fw that corresponds + * to the cluster interface iface + */ + + bool ucast = FailoverClusterGroup::cast(failover_group)-> + getOptionsObject()->getBool("heartbeat_unicast"); + + string addr = FailoverClusterGroup::cast(failover_group)-> + getOptionsObject()->getStr("heartbeat_address"); + if (addr.empty()) addr = default_heartbeat_address; + + string port = FailoverClusterGroup::cast(failover_group)-> + getOptionsObject()->getStr("heartbeat_port"); + if (port.empty()) port = default_heartbeat_port; + + UDPService *heartbeat_srv = UDPService::cast( + ruleset->getRoot()->create(UDPService::TYPENAME)); + + /* Add heartbeat-Address to database */ + Address *heartbeat_dst = Address::cast(ruleset->getRoot()->create( + IPv4::TYPENAME)); + heartbeat_dst->setName("HEARTBEAT-Address"); + heartbeat_dst->setAddress(InetAddr(addr)); + heartbeat_dst->setNetmask(InetAddr(InetAddr::getAllOnes())); + heartbeat_dst->setComment("HEARTBEAT Multicast Address"); + persistent_objects->add(heartbeat_dst); + + heartbeat_srv->setName("HEARTBEAT-UDP"); + heartbeat_srv->setDstRangeStart(atoi(port.c_str())); + heartbeat_srv->setDstRangeEnd(atoi(port.c_str())); + heartbeat_srv->setComment("HEARTBEAT UDP port"); + persistent_objects->add(heartbeat_srv); + + // Heartbeat can use either multicast or unicast + for (FWObjectTypedChildIterator it = + failover_group->findByType(FWObjectReference::TYPENAME); + it != it.end(); ++it) + { + Interface *other_iface = + Interface::cast(FWObjectReference::getObject(*it)); + assert(other_iface); + if (other_iface->getId() == fw_iface->getId()) continue; + // if interface is dynamic, we can't use it in the rule + // (because it belongs to another machine, not the fw + // we compile for so we can't use script). NULL means "any" + // in the call to addMgmtRule() + if (other_iface->isDyn()) other_iface = NULL; + + if (ucast) + { + addMgmtRule(other_iface, fw, heartbeat_srv, fw_iface, + PolicyRule::Inbound, PolicyRule::Accept, + "heartbeat"); + addMgmtRule(fw, other_iface, heartbeat_srv, fw_iface, + PolicyRule::Outbound, PolicyRule::Accept, + "heartbeat"); + } + else + { + addMgmtRule(other_iface, heartbeat_dst, heartbeat_srv, fw_iface, + PolicyRule::Inbound, PolicyRule::Accept, + "heartbeat"); + addMgmtRule(fw, heartbeat_dst, heartbeat_srv, fw_iface, + PolicyRule::Outbound, PolicyRule::Accept, + "heartbeat"); + } + } + } + + if (failover_group->getStr("type") == "openais") + { + string addr = FailoverClusterGroup::cast(failover_group)-> + getOptionsObject()->getStr("openais_address"); + if (addr.empty()) addr = default_openais_address; + + string port = FailoverClusterGroup::cast(failover_group)-> + getOptionsObject()->getStr("openais_port"); + if (port.empty()) port = default_openais_port; + + /* Add OPENAIS-Address to database */ + Address *openais_dst = Address::cast(ruleset->getRoot()->create( + IPv4::TYPENAME)); + openais_dst->setName("OPENAIS-Address"); + openais_dst->setAddress(InetAddr(addr)); + openais_dst->setNetmask(InetAddr(InetAddr::getAllOnes())); + openais_dst->setComment("OPENAIS Multicast Address"); + persistent_objects->add(openais_dst); + + UDPService *openais_srv = UDPService::cast( + ruleset->getRoot()->create(UDPService::TYPENAME)); + + openais_srv->setName("OPENAIS-UDP"); + openais_srv->setDstRangeStart(atoi(port.c_str())); + openais_srv->setDstRangeEnd(atoi(port.c_str())); + openais_srv->setComment("OPENAIS UDP port"); + persistent_objects->add(openais_srv); + + for (FWObjectTypedChildIterator it = + failover_group->findByType(FWObjectReference::TYPENAME); + it != it.end(); ++it) + { + Interface *other_iface = + Interface::cast(FWObjectReference::getObject(*it)); + assert(other_iface); + if (other_iface->getId() == fw_iface->getId()) continue; + // if interface is dynamic, we can't use it in the rule + // (because it belongs to another machine, not the fw + // we compile for so we can't use script). NULL means "any" + // in the call to addMgmtRule() + if (other_iface->isDyn()) other_iface = NULL; + + addMgmtRule(other_iface, openais_dst, openais_srv, iface, + PolicyRule::Inbound, PolicyRule::Accept, + "openais"); + addMgmtRule(fw, openais_dst, openais_srv, iface, + PolicyRule::Outbound, PolicyRule::Accept, + "openais"); + } + } + + if (rule) + { + FWOptions *ruleopt = rule->getOptionsObject(); + assert(ruleopt!=NULL); + ruleopt->setInt("firewall_is_part_of_any_and_networks", 1); + } + } + } +} + diff --git a/src/iptlib/AutomaticRules_ipt.h b/src/iptlib/AutomaticRules_ipt.h new file mode 100644 index 000000000..a3f186378 --- /dev/null +++ b/src/iptlib/AutomaticRules_ipt.h @@ -0,0 +1,68 @@ +/* + + Firewall Builder + + Copyright (C) 2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef __AUTOMATICRULES_IPT_HH__ +#define __AUTOMATICRULES_IPT_HH__ + +#include "AutomaticRules.h" + + +namespace libfwbuilder +{ + class Address; + class Firewall; + class Interface; + class Service; +}; + +namespace fwcompiler +{ + + class AutomaticRules_ipt : public AutomaticRules + { + + public: + + AutomaticRules_ipt(libfwbuilder::Firewall *fw, + libfwbuilder::Library *presistent_objects) : + AutomaticRules(fw, presistent_objects) {} + + virtual libfwbuilder::PolicyRule* addMgmtRule( + libfwbuilder::Address* src, + libfwbuilder::Address* dst, + libfwbuilder::Service* service, + libfwbuilder::Interface* iface, + const libfwbuilder::PolicyRule::Direction direction, + const libfwbuilder::PolicyRule::Action action, + const std::string &label, + bool related = false); + + void addConntrackRule(); + void addFailoverRules(); + + }; + +}; + + +#endif diff --git a/src/iptlib/CompilerDriver_ipt.cpp b/src/iptlib/CompilerDriver_ipt.cpp index e97988a1f..f58222ba1 100644 --- a/src/iptlib/CompilerDriver_ipt.cpp +++ b/src/iptlib/CompilerDriver_ipt.cpp @@ -30,13 +30,19 @@ #include "PolicyCompiler_ipt.h" #include "PolicyCompiler_secuwall.h" -#include "fwbuilder/Resources.h" -#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Address.h" #include "fwbuilder/FWException.h" +#include "fwbuilder/FWObjectDatabase.h" #include "fwbuilder/Firewall.h" #include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/Resources.h" #include "fwbuilder/Rule.h" #include "fwbuilder/RuleSet.h" +#include "fwbuilder/StateSyncClusterGroup.h" +#include "fwbuilder/UDPService.h" +#include "fwbuilder/FailoverClusterGroup.h" +#include "fwbuilder/IPService.h" #include #include @@ -56,6 +62,10 @@ CompilerDriver_ipt::CompilerDriver_ipt(FWObjectDatabase *db) : have_connmark_in_output = false; } +CompilerDriver_ipt::~CompilerDriver_ipt() +{ +} + // create a copy of itself, including objdb CompilerDriver* CompilerDriver_ipt::clone() { @@ -73,11 +83,10 @@ void CompilerDriver_ipt::assignRuleSetChain(RuleSet *ruleset) if (rule == NULL) continue; // skip RuleSetOptions object if (rule->isDisabled()) continue; - //rule->setStr("parent_rule_num", parentRuleNum); - if (!ruleset->isTop()) rule->setStr("ipt_chain", branch_name); - rule->setUniqueId( FWObjectDatabase::getStringId(rule->getId()) ); +// ??? +// rule->setUniqueId( FWObjectDatabase::getStringId(rule->getId()) ); } } @@ -223,4 +232,3 @@ std::auto_ptr CompilerDriver_ipt::createPolicyCompiler( return policy_compiler; } - diff --git a/src/iptlib/CompilerDriver_ipt.h b/src/iptlib/CompilerDriver_ipt.h index 52e21dd9c..5100f72ab 100644 --- a/src/iptlib/CompilerDriver_ipt.h +++ b/src/iptlib/CompilerDriver_ipt.h @@ -40,18 +40,23 @@ #include -namespace libfwbuilder { +namespace libfwbuilder +{ class FWObjectDatabase; class Cluster; class ClusterGroup; class Firewall; class RuleSet; class Interface; + class Address; + class PolicyRule; }; -namespace fwcompiler { +namespace fwcompiler +{ - class CompilerDriver_ipt : public CompilerDriver { + class CompilerDriver_ipt : public CompilerDriver + { // commands that pass control to branch chains should go into // POSTROUTING or PREROUTING chains depending on the targets used @@ -78,7 +83,8 @@ namespace fwcompiler { public: CompilerDriver_ipt(libfwbuilder::FWObjectDatabase *db); - + virtual ~CompilerDriver_ipt(); + // create a copy of itself, including objdb virtual CompilerDriver* clone(); @@ -120,7 +126,6 @@ public: int policy_af, std::map &minus_n_commands_nat); - }; }; diff --git a/src/iptlib/CompilerDriver_ipt_nat.cpp b/src/iptlib/CompilerDriver_ipt_nat.cpp index 85e4d27cb..6db3a0fae 100644 --- a/src/iptlib/CompilerDriver_ipt_nat.cpp +++ b/src/iptlib/CompilerDriver_ipt_nat.cpp @@ -34,6 +34,7 @@ #include "fwbuilder/Firewall.h" #include "fwbuilder/NAT.h" #include "fwbuilder/Resources.h" +#include "fwbuilder/Library.h" #include #include @@ -80,6 +81,7 @@ bool CompilerDriver_ipt::processNatRuleSet( nat_compiler->setSourceRuleSet( nat ); nat_compiler->setRuleSetName(branch_name); + nat_compiler->setPersistentObjects(persistent_objects); nat_compiler->setSingleRuleCompileMode(single_rule_id); nat_compiler->setDebugLevel( dl ); diff --git a/src/iptlib/CompilerDriver_ipt_policy.cpp b/src/iptlib/CompilerDriver_ipt_policy.cpp index df0168426..8a043d95f 100644 --- a/src/iptlib/CompilerDriver_ipt_policy.cpp +++ b/src/iptlib/CompilerDriver_ipt_policy.cpp @@ -39,6 +39,7 @@ #include "fwbuilder/Interface.h" #include "fwbuilder/Policy.h" #include "fwbuilder/Resources.h" +#include "fwbuilder/Library.h" #include #include @@ -96,6 +97,7 @@ bool CompilerDriver_ipt::processPolicyRuleSet( mangle_compiler->setSourceRuleSet( policy ); mangle_compiler->setRuleSetName(branch_name); + mangle_compiler->setPersistentObjects(persistent_objects); mangle_compiler->setSingleRuleCompileMode(single_rule_id); mangle_compiler->setDebugLevel( dl ); @@ -171,6 +173,7 @@ bool CompilerDriver_ipt::processPolicyRuleSet( policy_compiler->setSourceRuleSet( policy ); policy_compiler->setRuleSetName(branch_name); + policy_compiler->setPersistentObjects(persistent_objects); if ( (policy_rules_count=policy_compiler->prolog()) > 0 ) { diff --git a/src/iptlib/CompilerDriver_ipt_run.cpp b/src/iptlib/CompilerDriver_ipt_run.cpp index e399c1a1e..0a9a1e74e 100644 --- a/src/iptlib/CompilerDriver_ipt_run.cpp +++ b/src/iptlib/CompilerDriver_ipt_run.cpp @@ -47,6 +47,8 @@ #include "OSConfigurator_linux24.h" #include "OSConfigurator_secuwall.h" #include "OSConfigurator_ipcop.h" +#include "combinedAddress.h" +#include "AutomaticRules_ipt.h" #include "Configlet.h" @@ -66,6 +68,7 @@ #include "fwbuilder/Resources.h" #include "fwbuilder/StateSyncClusterGroup.h" #include "fwbuilder/FailoverClusterGroup.h" +#include "fwbuilder/Library.h" #include #include @@ -74,6 +77,7 @@ #include #include #include +#include using namespace std; @@ -82,6 +86,14 @@ using namespace fwcompiler; extern QString user_name; +FWObject* create_combinedAddress(int id) +{ + FWObject *nobj = new combinedAddress(); + if (id > -1) nobj->setId(id); + return nobj; +} + + /* * Go through paces to compile firewall which may be a member of a * cluster. Note that both firewall and cluster are defined by their @@ -93,14 +105,17 @@ QString CompilerDriver_ipt::run(const std::string &cluster_id, const std::string &firewall_id, const std::string &single_rule_id) { - Cluster *cluster = NULL; - if (!cluster_id.empty()) - cluster = Cluster::cast( - objdb->findInIndex(objdb->getIntId(cluster_id))); - Firewall *fw = Firewall::cast( - objdb->findInIndex(objdb->getIntId(firewall_id))); - assert(fw); + FWObjectDatabase::registerObjectType(combinedAddress::TYPENAME, + &create_combinedAddress); + + // see #2212 Create temporary copy of the firewall and cluster + // objects and pass them to the compilers. + + Cluster *cluster = NULL; + Firewall *fw = NULL; + + getFirewallAndClusterObjects(cluster_id, firewall_id, &cluster, &fw); string generated_script; @@ -219,6 +234,23 @@ QString CompilerDriver_ipt::run(const std::string &cluster_id, findBranchesInMangleTable(fw, all_policies); findImportedRuleSets(fw, all_nat); + // assign unique rule ids that later will be used to generate + // chain names. This should be done after calls to + // findImportedRuleSets() + + assignUniqueRuleIds(all_policies); + assignUniqueRuleIds(all_nat); + + try + { + AutomaticRules_ipt auto_rules(fw, persistent_objects); + auto_rules.addConntrackRule(); + auto_rules.addFailoverRules(); + } catch (FWException &ex) + { + abort(ex.toString()); + } + // command line options -4 and -6 control address family for which // script will be generated. If "-4" is used, only ipv4 part will // be generated. If "-6" is used, only ipv6 part will be generated. @@ -391,6 +423,7 @@ QString CompilerDriver_ipt::run(const std::string &cluster_id, { routing_compiler->setSourceRuleSet(routing); routing_compiler->setRuleSetName(routing->getName()); + routing_compiler->setPersistentObjects(persistent_objects); routing_compiler->setSingleRuleCompileMode(single_rule_id); routing_compiler->setDebugLevel( dl ); @@ -409,6 +442,13 @@ QString CompilerDriver_ipt::run(const std::string &cluster_id, all_errors.push_back(routing_compiler->getErrors("").c_str()); } + /* + * compilers detach persistent objects when they finish, this + * means at this point library persistent_objects is not part + * of any object tree. + */ + objdb->reparent(persistent_objects); + if (haveErrorsAndWarnings()) { all_errors.push_front(getErrors("").c_str()); diff --git a/src/iptlib/MangleTableCompiler_ipt.cpp b/src/iptlib/MangleTableCompiler_ipt.cpp index da8e39316..5b73c4bc7 100644 --- a/src/iptlib/MangleTableCompiler_ipt.cpp +++ b/src/iptlib/MangleTableCompiler_ipt.cpp @@ -51,8 +51,8 @@ int MangleTableCompiler_ipt::prolog() int n = 0; - for(FWObject::iterator i=combined_ruleset->begin(); - i!=combined_ruleset->end(); i++) + for(FWObject::iterator i=source_ruleset->begin(); + i!=source_ruleset->end(); i++) { PolicyRule *r = PolicyRule::cast( *i ); if (r == NULL) continue; // skip RuleSetOptions object diff --git a/src/iptlib/NATCompiler_ipt.cpp b/src/iptlib/NATCompiler_ipt.cpp index b5d91912f..60a389db6 100644 --- a/src/iptlib/NATCompiler_ipt.cpp +++ b/src/iptlib/NATCompiler_ipt.cpp @@ -217,7 +217,7 @@ int NATCompiler_ipt::prolog() if ( iface->isDyn()) iface->setBool("use_var_address",true); } - build_interface_groups(dbcopy, fw, ipv6, regular_interfaces); + build_interface_groups(dbcopy, persistent_objects, fw, ipv6, regular_interfaces); } string version = fw->getStr("version"); @@ -265,7 +265,7 @@ void NATCompiler_ipt::_expand_interface(Rule *rule, if (ip_addr!=NULL && use_mac && pa!=NULL) { combinedAddress *ca = new combinedAddress(); - dbcopy->add(ca); + persistent_objects->add(ca); dbcopy->addToIndex(ca); ca->setName( "CA("+iface->getName()+")" ); ca->setAddress( *ip_addr ); @@ -339,7 +339,7 @@ bool NATCompiler_ipt::ConvertLoadBalancingRules::processNext() ar->setRangeEnd( *(al.back()) ); ar->setName(string("%")+al.front()->toString() +"-"+al.back()->toString()+"%" ); - compiler->dbcopy->add(ar,false); + compiler->persistent_objects->add(ar,false); tdst->clearChildren(); tdst->addRef(ar); @@ -439,12 +439,15 @@ bool NATCompiler_ipt::splitSDNATRule::processNext() * change OSrc */ - odst=r->getODst(); + odst = r->getODst(); odst->setNeg(false); odst->clearChildren(); for (FWObject::iterator i=rule->getTDst()->begin(); i!=rule->getTDst()->end(); i++) - odst->add( *i ); + { + FWObject *obj = FWObjectReference::getObject(*i); + odst->addRef(obj); + } if ( ! rule->getTSrv()->isAny()) { @@ -478,7 +481,7 @@ bool NATCompiler_ipt::splitSDNATRule::processNext() match_service = TCPUDPService::cast( compiler->dbcopy->create(tsrv->getTypeName())); match_service->setName(tsrv->getName() + "_dport"); - compiler->dbcopy->add(match_service); + compiler->persistent_objects->add(match_service); match_service->setDstRangeStart(tu_tsrv->getDstRangeStart()); match_service->setDstRangeEnd(tu_tsrv->getDstRangeEnd()); } @@ -757,9 +760,9 @@ bool NATCompiler_ipt::convertToAtomicportForOSrv::processNext() FWObject *s; - s=r->getOSrv(); assert(s); + s = r->getOSrv(); assert(s); s->clearChildren(); - s->add( *i1 ); + s->addRef(FWReference::getObject(*i1)); tmp_queue.push_back(r); } diff --git a/src/iptlib/PolicyCompiler_ipt.cpp b/src/iptlib/PolicyCompiler_ipt.cpp index 539ea9212..51d790745 100644 --- a/src/iptlib/PolicyCompiler_ipt.cpp +++ b/src/iptlib/PolicyCompiler_ipt.cpp @@ -368,7 +368,7 @@ void PolicyCompiler_ipt::_expand_interface(Rule *rule, if (use_mac) { combinedAddress *ca = new combinedAddress(); - dbcopy->add(ca); + persistent_objects->add(ca); ca->setName( "CA("+iface->getName()+")" ); ca->setAddress( *ip_addr ); ca->setNetmask( *ip_netm ); @@ -466,44 +466,43 @@ int PolicyCompiler_ipt::prolog() anytcp=dbcopy->createTCPService(); anytcp->setId(FWObjectDatabase::registerStringId(ANY_TCP_OBJ_ID)); anytcp->setName("AnyTCP"); - dbcopy->add(anytcp); + persistent_objects->add(anytcp); tcpsyn=dbcopy->createTCPService(); tcpsyn->setId(FWObjectDatabase::registerStringId(TCP_SYN_OBJ_ID)); tcpsyn->setName("tcpSYN"); tcpsyn->setTCPFlag(TCPService::SYN,true); tcpsyn->setAllTCPFlagMasks(); - dbcopy->add(tcpsyn); + persistent_objects->add(tcpsyn); anyudp=dbcopy->createUDPService(); anyudp->setId(FWObjectDatabase::registerStringId(ANY_UDP_OBJ_ID)); anyudp->setName("AnyUDP"); - dbcopy->add(anyudp); + persistent_objects->add(anyudp); anyicmp=dbcopy->createICMPService(); anyicmp->setId(FWObjectDatabase::registerStringId(ANY_ICMP_OBJ_ID)); anyicmp->setName("AnyICMP"); - dbcopy->add(anyicmp); + persistent_objects->add(anyicmp); anyip=dbcopy->createIPService(); anyip->setId(FWObjectDatabase::registerStringId(ANY_IP_OBJ_ID)); anyip->setName("AnyIP"); - dbcopy->add(anyip); + persistent_objects->add(anyip); bcast255=dbcopy->createIPv4(); bcast255->setId(FWObjectDatabase::registerStringId(BCAST_255_OBJ_ID)); bcast255->setName("Broadcast_addr"); bcast255->setAddress(InetAddr::getAllOnes()); bcast255->setNetmask(InetAddr(InetAddr::getAllOnes())); - dbcopy->add(bcast255); - + persistent_objects->add(bcast255); bool global_afpa = fwopt->getBool("firewall_is_part_of_any_and_networks"); int n = 0; - for(FWObject::iterator i=combined_ruleset->begin(); - i!=combined_ruleset->end(); i++) + for(FWObject::iterator i=source_ruleset->begin(); i!=source_ruleset->end(); i++) { Rule *r = Rule::cast( *i ); + if (r == NULL) continue; if (r->isDisabled()) continue; FWOptions *ruleopt = r->getOptionsObject(); @@ -532,17 +531,17 @@ int PolicyCompiler_ipt::prolog() fwopt->getBool("use_m_set")); actually_used_module_set = false; - build_interface_groups(dbcopy, fw, ipv6, regular_interfaces); + build_interface_groups(dbcopy, persistent_objects, fw, ipv6, regular_interfaces); return n; } void PolicyCompiler_ipt::addPredefinedPolicyRules() { - if (getSourceRuleSet()->isTop() && !inSingleRuleCompileMode()) - { - insertConntrackRule(); - insertFailoverRule(); - } + // if (getSourceRuleSet()->isTop() && !inSingleRuleCompileMode()) + // { + // insertConntrackRule(); + // insertFailoverRule(); + // } } bool PolicyCompiler_ipt::SkipActionContinueWithNoLogging::processNext() @@ -4500,52 +4499,60 @@ string PolicyCompiler_ipt::debugPrintRule(Rule *r) ostringstream dst; string srv=" "; string time=" "; - string itf=" "; + ostringstream itf; if (srcrel->getNeg()) src << "!"; if (dstrel->getNeg()) dst << "!"; if (srvrel->getNeg()) srv = "!"; if (intrel->getNeg()) time = "!"; - if (itfrel->getNeg()) itf = "!"; + if (itfrel->getNeg()) itf << "!"; - if (i1!=srcrel->end()) { - FWObject *o=*i1; - if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + if (i1!=srcrel->end()) + { + FWObject *o = FWReference::getObject(*i1); src << o->getName(); if (Group::cast(o)!=NULL) src << "[" << o->size() << "]"; } - if (i2!=dstrel->end()) { - FWObject *o=*i2; - if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + if (i2!=dstrel->end()) + { + FWObject *o = FWReference::getObject(*i2); dst << o->getName(); if (Group::cast(o)!=NULL) dst << "[" << o->size() << "]"; } - if (i3!=srvrel->end()) { - FWObject *o=*i3; - if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); - srv+=o->getName(); + if (i3!=srvrel->end()) + { + FWObject *o = FWReference::getObject(*i3); + srv += o->getName(); } - if (i4!=intrel->end()) { - FWObject *o=*i4; - if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); - time+=o->getName(); + if (i4!=intrel->end()) + { + FWObject *o = FWReference::getObject(*i4); + time += o->getName(); } - if (i5!=itfrel->end()) { - FWObject *o=*i5; - if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); - itf+=o->getName(); + if (i5!=itfrel->end()) + { + FWObject *o = FWReference::getObject(*i5); + Interface *iface = Interface::cast(o); + itf << o->getName() << "(" << o->getId() << ")"; + if (iface) + { + if (iface->isDyn()) itf << "D"; + if (iface->isUnnumbered()) itf << "U"; + if (iface->isFailoverInterface()) itf << "F"; + } } int w=0; - if (no==0) { + if (no==0) + { str << rule->getLabel(); - w=rule->getLabel().length(); + w = rule->getLabel().length(); } str << setw(15-w) << setfill(' ') << " "; @@ -4554,7 +4561,7 @@ string PolicyCompiler_ipt::debugPrintRule(Rule *r) str << setw(18) << setfill(' ') << dst.str(); str << setw(12) << setfill(' ') << srv.c_str(); str << setw(10) << setfill(' ') << time.c_str(); - str << setw(8) << setfill(' ') << itf.c_str(); + str << setw(8) << setfill(' ') << itf.str(); if (no==0) { @@ -4575,6 +4582,8 @@ string PolicyCompiler_ipt::debugPrintRule(Rule *r) str << " pos=" << rule->getPosition(); + str << " u=" << rule->getUniqueId(); + str << " c=" << printChains(rule); str << " t=" << rule->getStr("ipt_target"); @@ -4677,430 +4686,6 @@ bool PolicyCompiler_ipt::newIptables(const string &version) XMLTools::version_compare(version, "1.2.6")>0); } -void PolicyCompiler_ipt::insertConntrackRule() -{ - FWOptions* options = fw->getOptionsObject(); - string conntrack_iface_name = options->getStr("state_sync_interface"); - if (conntrack_iface_name.empty()) - { - /* CONNTRACK not active, nothing left to do */ - return; - } - - string conntrack_group_id = options->getStr("state_sync_group_id"); - StateSyncClusterGroup *state_sync_group = - StateSyncClusterGroup::cast( - dbcopy->findInIndex( - FWObjectDatabase::getIntId(conntrack_group_id))); - - Resources *os_res = Resources::os_res[fw->getStr("host_OS")]; - assert(os_res != NULL); - - string default_address = - os_res->getResourceStr("/FWBuilderResources/Target/protocols/conntrack/default_address"); - string default_port = - os_res->getResourceStr("/FWBuilderResources/Target/protocols/conntrack/default_port"); - - bool ucast = state_sync_group->getOptionsObject()->getBool("conntrack_unicast"); - string addr = state_sync_group->getOptionsObject()->getStr("conntrack_address"); - if (addr.empty()) addr = default_address; - - try - { - InetAddr(addr); - } catch (FWException &ex) - { - try - { - InetAddr(AF_INET6, addr); - } catch (FWException &ex) - { - abort(string("Invalid IP address for conntrack: ") + addr); - } - } - - string port = state_sync_group->getOptionsObject()->getStr("conntrack_port"); - if (port.empty()) port = default_port; - - /* Add CONNTRACK-Address to database */ - Address *conntrack_dst = Address::cast(dbcopy->create(IPv4::TYPENAME)); - conntrack_dst->setName("CONNTRACK-Address"); - conntrack_dst->setAddress(InetAddr(addr)); - // Why the whole multicast adress range ? - //conntrack_dst->setNetmask(InetAddr("240.0.0.0")); - conntrack_dst->setComment("CONNTRACK Multicast Address"); - dbcopy->add(conntrack_dst); - - UDPService *conntrack_srv = UDPService::cast(dbcopy->create(UDPService::TYPENAME)); - conntrack_srv->setName("CONNTRACK-UDP"); - conntrack_srv->setDstRangeStart(atoi(port.c_str())); - conntrack_srv->setDstRangeEnd(atoi(port.c_str())); - conntrack_srv->setComment("CONNTRACK UDP port"); - dbcopy->add(conntrack_srv); - - /* Find conntrack interface */ - Interface* conntrack_iface = Interface::cast(fw->findObjectByName(Interface::TYPENAME, conntrack_iface_name)); - - if (conntrack_iface == NULL) - { - this->abort( - "Unable to get CONNTRACK interface ("+ conntrack_iface_name +")"); - } - - /* Add automatic rules for CONNTRACK */ - if (ucast) - { - Interface *fw_iface = NULL; - list other_interfaces; - for (FWObjectTypedChildIterator it = - state_sync_group->findByType(FWObjectReference::TYPENAME); - it != it.end(); ++it) - { - Interface *iface = - Interface::cast(FWObjectReference::getObject(*it)); - assert(iface); - if (iface->isChildOf(fw)) - { - fw_iface = iface; - } else - { - other_interfaces.push_back(iface); - } - } - foreach(Interface *other_iface, other_interfaces) - { - addMgmtRule(other_iface, - fw, - conntrack_srv, - fw_iface, - PolicyRule::Inbound, - PolicyRule::Accept, - "CONNTRACK"); - addMgmtRule(fw, - other_iface, - conntrack_srv, - fw_iface, - PolicyRule::Outbound, - PolicyRule::Accept, - "CONNTRACK"); - } - } else - { - addMgmtRule(NULL, - conntrack_dst, - conntrack_srv, - conntrack_iface, - PolicyRule::Inbound, - PolicyRule::Accept, - "CONNTRACK"); - - addMgmtRule(fw, - conntrack_dst, - conntrack_srv, - conntrack_iface, - PolicyRule::Outbound, - PolicyRule::Accept, - "CONNTRACK"); - } -} - -void PolicyCompiler_ipt::insertFailoverRule() -{ - Resources *os_res = Resources::os_res[fw->getStr("host_OS")]; - assert(os_res != NULL); - - string default_heartbeat_port = - os_res->getResourceStr( - "/FWBuilderResources/Target/protocols/heartbeat/default_port"); - string default_heartbeat_address = - os_res->getResourceStr( - "/FWBuilderResources/Target/protocols/heartbeat/default_address"); - string default_openais_port = - os_res->getResourceStr( - "/FWBuilderResources/Target/protocols/openais/default_port"); - string default_openais_address = - os_res->getResourceStr( - "/FWBuilderResources/Target/protocols/openais/default_address"); - - FWObjectTypedChildIterator interfaces = fw->findByType(Interface::TYPENAME); - for (; interfaces != interfaces.end(); ++interfaces) - { - Interface *iface = Interface::cast(*interfaces); - - /* - We add copies of cluster interface objects to fw objects - so each interface appears twice, the original interface - of the firewall, plus a copy of the cluster - interface. To deduplicate will use only copies of - cluster interfaces because these include VRRP interfaces. - */ - - if (iface->isFailoverInterface() && - iface->getOptionsObject()->getBool("cluster_interface")) - { - FWObject *failover_group = - iface->getFirstByType(FailoverClusterGroup::TYPENAME); - PolicyRule *rule = NULL; - - string fw_iface_id = iface->getOptionsObject()->getStr("base_interface_id"); - Interface *fw_iface = - Interface::cast( - dbcopy->findInIndex(FWObjectDatabase::getIntId(fw_iface_id))); - if (fw_iface == NULL) - { - warning( - QString("Can not find interface of the firewall " - "for the cluster failover group %1. " - "Falling back using cluster interface object.") - .arg(failover_group->getName().c_str()).toStdString()); - fw_iface = iface; - } - - if (failover_group->getStr("type") == "vrrp") - { - /* Add VRRP-Address to database */ - Address *vrrp_dst = Address::cast( - dbcopy->create(IPv4::TYPENAME)); - - vrrp_dst->setName("VRRP-Address"); - vrrp_dst->setAddress(InetAddr("224.0.0.18")); - vrrp_dst->setNetmask(InetAddr(InetAddr::getAllOnes())); - vrrp_dst->setComment("VRRP Multicast Address"); - dbcopy->add(vrrp_dst); - - bool use_ipsec_ah = false; - - FWOptions *failover_opts = - FailoverClusterGroup::cast(failover_group)->getOptionsObject(); - if (failover_opts) - { - use_ipsec_ah = failover_opts->getBool("vrrp_over_ipsec_ah"); - } - - /* Add VRRP-Service to database */ - IPService* vrrp_srv = IPService::cast( - dbcopy->create(IPService::TYPENAME)); - vrrp_srv->setComment("VRRP service"); - vrrp_srv->setProtocolNumber(112); - dbcopy->add(vrrp_srv); - - /* - * Add AH-Service to database. - * According to RFC 2338 section 5.3.6.3, VRRP can use - * IPsec AH. - */ - IPService* ah_srv = IPService::cast( - dbcopy->create(IPService::TYPENAME)); - ah_srv->setComment("IPSEC-AH"); - ah_srv->setProtocolNumber(51); - dbcopy->add(ah_srv); - - for (FWObjectTypedChildIterator it = - failover_group->findByType(FWObjectReference::TYPENAME); - it != it.end(); ++it) - { - Interface *other_iface = - Interface::cast(FWObjectReference::getObject(*it)); - assert(other_iface); - if (other_iface->getId() == fw_iface->getId()) continue; - // if interface is dynamic, we can't use it in the rule - // (because it belongs to another machine, not the fw - // we compile for so we can't use script). NULL means "any" - // in the call to addMgmtRule() - if (other_iface->isDyn()) other_iface = NULL; - - if (!use_ipsec_ah) - { - addMgmtRule(other_iface, vrrp_dst, vrrp_srv, iface, - PolicyRule::Inbound, PolicyRule::Accept, - "VRRP"); - } else - { - addMgmtRule(other_iface, vrrp_dst, ah_srv, iface, - PolicyRule::Inbound, PolicyRule::Accept, - "VRRP (with IPSEC-AH)"); - } - } - // outbound rule does not use other_interface and - // should be created outside the loop to avoid - // duplicates. Duplicates happen when cluster has 3 or - // more members. - if (!use_ipsec_ah) - { - addMgmtRule(fw, vrrp_dst, vrrp_srv, iface, - PolicyRule::Outbound, PolicyRule::Accept, - "VRRP"); - } else - { - addMgmtRule(fw, vrrp_dst, ah_srv, iface, - PolicyRule::Outbound, PolicyRule::Accept, - "VRRP (with IPSEC-AH)"); - } - } - - if (failover_group->getStr("type") == "heartbeat") - { - /* - * Note that iface is a copy of the cluster inetrface. - * Find interface of the member firewall fw that corresponds - * to the cluster interface iface - */ - - bool ucast = FailoverClusterGroup::cast(failover_group)-> - getOptionsObject()->getBool("heartbeat_unicast"); - - string addr = FailoverClusterGroup::cast(failover_group)-> - getOptionsObject()->getStr("heartbeat_address"); - if (addr.empty()) addr = default_heartbeat_address; - - string port = FailoverClusterGroup::cast(failover_group)-> - getOptionsObject()->getStr("heartbeat_port"); - if (port.empty()) port = default_heartbeat_port; - - UDPService *heartbeat_srv = UDPService::cast( - dbcopy->create(UDPService::TYPENAME)); - - /* Add heartbeat-Address to database */ - Address *heartbeat_dst = Address::cast(dbcopy->create( - IPv4::TYPENAME)); - heartbeat_dst->setName("HEARTBEAT-Address"); - heartbeat_dst->setAddress(InetAddr(addr)); - heartbeat_dst->setNetmask(InetAddr(InetAddr::getAllOnes())); - heartbeat_dst->setComment("HEARTBEAT Multicast Address"); - dbcopy->add(heartbeat_dst); - - heartbeat_srv->setName("HEARTBEAT-UDP"); - heartbeat_srv->setDstRangeStart(atoi(port.c_str())); - heartbeat_srv->setDstRangeEnd(atoi(port.c_str())); - heartbeat_srv->setComment("HEARTBEAT UDP port"); - dbcopy->add(heartbeat_srv); - - // Heartbeat can use either multicast or unicast - for (FWObjectTypedChildIterator it = - failover_group->findByType(FWObjectReference::TYPENAME); - it != it.end(); ++it) - { - Interface *other_iface = - Interface::cast(FWObjectReference::getObject(*it)); - assert(other_iface); - if (other_iface->getId() == fw_iface->getId()) continue; - // if interface is dynamic, we can't use it in the rule - // (because it belongs to another machine, not the fw - // we compile for so we can't use script). NULL means "any" - // in the call to addMgmtRule() - if (other_iface->isDyn()) other_iface = NULL; - - if (ucast) - { - addMgmtRule(other_iface, fw, heartbeat_srv, fw_iface, - PolicyRule::Inbound, PolicyRule::Accept, - "heartbeat"); - addMgmtRule(fw, other_iface, heartbeat_srv, fw_iface, - PolicyRule::Outbound, PolicyRule::Accept, - "heartbeat"); - } - else - { - addMgmtRule(other_iface, heartbeat_dst, heartbeat_srv, fw_iface, - PolicyRule::Inbound, PolicyRule::Accept, - "heartbeat"); - addMgmtRule(fw, heartbeat_dst, heartbeat_srv, fw_iface, - PolicyRule::Outbound, PolicyRule::Accept, - "heartbeat"); - } - } - } - - if (failover_group->getStr("type") == "openais") - { - string addr = FailoverClusterGroup::cast(failover_group)-> - getOptionsObject()->getStr("openais_address"); - if (addr.empty()) addr = default_openais_address; - - string port = FailoverClusterGroup::cast(failover_group)-> - getOptionsObject()->getStr("openais_port"); - if (port.empty()) port = default_openais_port; - - /* Add OPENAIS-Address to database */ - Address *openais_dst = Address::cast(dbcopy->create( - IPv4::TYPENAME)); - openais_dst->setName("OPENAIS-Address"); - openais_dst->setAddress(InetAddr(addr)); - openais_dst->setNetmask(InetAddr(InetAddr::getAllOnes())); - openais_dst->setComment("OPENAIS Multicast Address"); - dbcopy->add(openais_dst); - - UDPService *openais_srv = UDPService::cast( - dbcopy->create(UDPService::TYPENAME)); - - openais_srv->setName("OPENAIS-UDP"); - openais_srv->setDstRangeStart(atoi(port.c_str())); - openais_srv->setDstRangeEnd(atoi(port.c_str())); - openais_srv->setComment("OPENAIS UDP port"); - dbcopy->add(openais_srv); - - for (FWObjectTypedChildIterator it = - failover_group->findByType(FWObjectReference::TYPENAME); - it != it.end(); ++it) - { - Interface *other_iface = - Interface::cast(FWObjectReference::getObject(*it)); - assert(other_iface); - if (other_iface->getId() == fw_iface->getId()) continue; - // if interface is dynamic, we can't use it in the rule - // (because it belongs to another machine, not the fw - // we compile for so we can't use script). NULL means "any" - // in the call to addMgmtRule() - if (other_iface->isDyn()) other_iface = NULL; - - addMgmtRule(other_iface, openais_dst, openais_srv, iface, - PolicyRule::Inbound, PolicyRule::Accept, - "openais"); - addMgmtRule(fw, openais_dst, openais_srv, iface, - PolicyRule::Outbound, PolicyRule::Accept, - "openais"); - } - } - - if (rule) - { - FWOptions *ruleopt = rule->getOptionsObject(); - assert(ruleopt!=NULL); - ruleopt->setInt("firewall_is_part_of_any_and_networks", 1); - } - } - } -} - - -/* TODO: Add error-handling (exceptions) */ -PolicyRule* PolicyCompiler_ipt::addMgmtRule(Address* src, - Address* dst, - Service* service, - Interface* iface, - const PolicyRule::Direction direction, - const PolicyRule::Action action, - const string label, - const bool related) -{ - PolicyRule *rule = PolicyCompiler::addMgmtRule(src, dst, service, - iface, direction, action, - label); - - FWOptions *ruleopt = rule->getOptionsObject(); assert(ruleopt!=NULL); - if (related) - { - ruleopt->setBool("stateless", false); - ruleopt->setBool("accept_established", true); - } else - { - ruleopt->setBool("stateless", true); - } - ruleopt->setBool("firewall_is_part_of_any_and_networks", true); - - return rule; -} - list PolicyCompiler_ipt::getUsedChains() { list res; diff --git a/src/iptlib/PolicyCompiler_ipt.h b/src/iptlib/PolicyCompiler_ipt.h index 5b15394da..0797eaa89 100644 --- a/src/iptlib/PolicyCompiler_ipt.h +++ b/src/iptlib/PolicyCompiler_ipt.h @@ -101,19 +101,6 @@ protected: bool isChainDescendantOfOutput(const std::string &chain_name); bool isChainDescendantOfInput(const std::string &chain_name); - void insertConntrackRule(); - void insertFailoverRule(); - - libfwbuilder::PolicyRule* addMgmtRule( - libfwbuilder::Address* src, - libfwbuilder::Address* dst, - libfwbuilder::Service* service, - libfwbuilder::Interface* iface, - const libfwbuilder::PolicyRule::Direction direction, - const libfwbuilder::PolicyRule::Action action, - const std::string label, - const bool related = false); - std::string getInterfaceVarName(libfwbuilder::FWObject *iface, bool v6=false); std::string getAddressTableVarName(libfwbuilder::FWObject *iface); diff --git a/src/iptlib/iptlib.pro b/src/iptlib/iptlib.pro index 44616cb17..36465b437 100644 --- a/src/iptlib/iptlib.pro +++ b/src/iptlib/iptlib.pro @@ -28,6 +28,7 @@ SOURCES = CompilerDriver_ipt.cpp \ RoutingCompiler_ipt.cpp \ RoutingCompiler_ipt_writers.cpp \ combinedAddress.cpp \ + AutomaticRules_ipt.cpp \ utils.cpp HEADERS = ../../config.h \ @@ -42,6 +43,7 @@ HEADERS = ../../config.h \ PolicyCompiler_secuwall.h \ RoutingCompiler_ipt.h \ combinedAddress.h \ + AutomaticRules_ipt.h \ utils.h CONFIG += staticlib diff --git a/src/iptlib/utils.cpp b/src/iptlib/utils.cpp index 90552a63c..23e2a05fe 100644 --- a/src/iptlib/utils.cpp +++ b/src/iptlib/utils.cpp @@ -36,12 +36,12 @@ using namespace std; void build_interface_groups( - FWObjectDatabase *dbcopy, Firewall *fw, bool ipv6, + FWObjectDatabase *dbcopy, Library *persistent_objects, Firewall *fw, bool ipv6, QMap ®ular_interfaces) { // object group that will hold all regular inetrfaces FWObject *all_itf_group = dbcopy->create(ObjectGroup::TYPENAME); - dbcopy->add(all_itf_group); + persistent_objects->add(all_itf_group); all_itf_group->setName("*"); regular_interfaces["*"] = all_itf_group; @@ -84,7 +84,7 @@ void build_interface_groups( if (regular_interfaces.count(iname) == 0) { FWObject *itf_group = dbcopy->create(ObjectGroup::TYPENAME); - dbcopy->add(itf_group); + persistent_objects->add(itf_group); itf_group->setName(iname.toStdString()); regular_interfaces[iname] = itf_group; } diff --git a/src/iptlib/utils.h b/src/iptlib/utils.h index 50625b45b..d0f7155ce 100644 --- a/src/iptlib/utils.h +++ b/src/iptlib/utils.h @@ -23,11 +23,14 @@ #include "fwbuilder/FWObjectDatabase.h" #include "fwbuilder/Firewall.h" +#include "fwbuilder/Library.h" #include #include extern void build_interface_groups( - libfwbuilder::FWObjectDatabase *dbcopy, libfwbuilder::Firewall *fw, bool ipv6, + libfwbuilder::FWObjectDatabase *dbcopy, + libfwbuilder::Library *persistent_objects, + libfwbuilder::Firewall *fw, bool ipv6, QMap ®ular_interfaces); diff --git a/src/libfwbuilder/src/fwbuilder/AddressTable.cpp b/src/libfwbuilder/src/fwbuilder/AddressTable.cpp index dc2bf74ae..900a58ae2 100644 --- a/src/libfwbuilder/src/fwbuilder/AddressTable.cpp +++ b/src/libfwbuilder/src/fwbuilder/AddressTable.cpp @@ -88,11 +88,21 @@ xmlNodePtr AddressTable::toXML(xmlNodePtr parent) throw(FWException) return me; } +/* + * read file specified by the "filename" attribute and interpret lines + * as addresses. Create corresponding address or network objects, add + * them to the object database and add references to them to @this. If + * file does not exist and we run in test mode, create dummy object + * and add it to the database and referece to it, then throw + * exception. + * + * TODO: new objects should be added to some kind of special group in + * the object tree, something with the name "tmp" or similar. + */ void AddressTable::loadFromSource(bool ipv6, bool test_mode) throw(FWException) { ifstream fs(getStr("filename").c_str()); ostringstream exmess; - FWObject *root = getParent(); string buf; size_type pos; int line = 1; @@ -160,10 +170,10 @@ void AddressTable::loadFromSource(bool ipv6, bool test_mode) throw(FWException) if (new_addr) { - root->add(new_addr); new_addr->setName(buf); if (validateChild(new_addr)) { + getRoot()->add(new_addr); addRef(new_addr); cntr++; } @@ -193,10 +203,10 @@ void AddressTable::loadFromSource(bool ipv6, bool test_mode) throw(FWException) net->setAddressNetmask("192.0.2.0/24"); new_addr = net; } - root->add(new_addr); new_addr->setName(buf); if (validateChild(new_addr)) { + getRoot()->add(new_addr); addRef(new_addr); cntr++; } diff --git a/src/libfwbuilder/src/fwbuilder/DNSName.cpp b/src/libfwbuilder/src/fwbuilder/DNSName.cpp index e70467959..aa833bf78 100644 --- a/src/libfwbuilder/src/fwbuilder/DNSName.cpp +++ b/src/libfwbuilder/src/fwbuilder/DNSName.cpp @@ -108,6 +108,16 @@ xmlNodePtr DNSName::toXML(xmlNodePtr parent) throw(FWException) } +/* + * take domain name from the "dnsrec" attribute and try to run DNS + * query. If successful, create corresponding IPv4 or IPv6 object, add + * it to the object database and add reference to it to @this. If + * unsuccessful, create dummy object and add it to the database and + * referece to it, then throw exception. + * + * TODO: new object should be added to some kind of special group in + * the object tree, something with the name "tmp" or similar. + */ void DNSName::loadFromSource(bool ipv6, bool test_mode) throw(FWException) { int af_type = (ipv6)?AF_INET6:AF_INET; @@ -122,6 +132,7 @@ void DNSName::loadFromSource(bool ipv6, bool test_mode) throw(FWException) Address *a = NULL; if (ipv6) { a = getRoot()->createIPv6(); af = AF_INET6; } else a = getRoot()->createIPv4(); + getRoot()->add(a); a->setAddress(*i); a->setNetmask(InetAddr::getAllOnes(af)); addRef(a); @@ -159,6 +170,7 @@ void DNSName::loadFromSource(bool ipv6, bool test_mode) throw(FWException) a->setAddress("192.0.2.1"); a->setNetmask(InetAddr::getAllOnes(af)); } + getRoot()->add(a); addRef(a); a->setBool(".rule_error", true); a->setStr(".error_msg", err.str()); diff --git a/src/libfwbuilder/src/fwbuilder/FWObject.cpp b/src/libfwbuilder/src/fwbuilder/FWObject.cpp index ef84eeb73..1a4755d8f 100644 --- a/src/libfwbuilder/src/fwbuilder/FWObject.cpp +++ b/src/libfwbuilder/src/fwbuilder/FWObject.cpp @@ -215,7 +215,7 @@ FWObject::FWObject(const FWObject &c) : list(c) FWObject::~FWObject() { busy = true; // ignore read-only - destroyChildren(); + if (size() > 0) destroyChildren(); data.clear(); private_data.clear(); } @@ -517,21 +517,36 @@ FWObjectDatabase* FWObject::getRoot() const return dbroot; } -string FWObject::getPath(bool relative) const +class pathAccumulator : public string { - string res; - const FWObject *p=this; - bool first=true; + public: + void operator()(const string &s) + { + append("/" + s); + } +}; + +string FWObject::getPath(bool relative, bool detailed) const +{ + list res; + const FWObject *p = this; + + if (p == NULL) res.push_front("(0x0)"); + while (p!=NULL) { - if (relative && Library::isA(p)) return res; - if (!first) res="/"+res; - res=p->getName()+res; - p=p->getParent(); - first=false; + if (relative && Library::isA(p)) break; + ostringstream s; + s << p->getName(); + if (detailed) + { + s << "(" << p << ")"; + } + res.push_front(s.str()); + p = p->getParent(); } - res="/"+res; - return res; + + return std::for_each(res.begin(), res.end(), pathAccumulator()); } const string& FWObject::getComment() const @@ -748,7 +763,7 @@ void FWObject::_adopt(FWObject *obj) void FWObject::addAt(int where_id, FWObject *obj) { - FWObject *p=getRoot()->findInIndex( where_id ); + FWObject *p = getRoot()->findInIndex( where_id ); assert (p!=NULL); p->add(obj); } @@ -757,6 +772,38 @@ void FWObject::add(FWObject *obj, bool validate) { checkReadOnly(); + FWObject *old_parent = obj->getParent(); + if (old_parent != NULL) + { + cerr << "WARNING: object " << obj << " " + << "(name: " << obj->getName() + << " type: " << obj->getTypeName() << ") " + << "that is a child of " << old_parent << " " + << "(name: " << old_parent->getName() + << " type: " << old_parent->getTypeName() << ") " + << "is being added to the new parent " << this << " " + << "(name: " << getName() + << " type: " << getTypeName() << ") " + << endl; + + assert(old_parent == NULL); + } + + // do not allow to add the same object twice + if (old_parent == this) + { + cerr << "WARNING: object " << obj << " " + << "(name: " << obj->getName() + << " type: " << obj->getTypeName() << ") " + << "that is a child of " << old_parent << " " + << "(name: " << old_parent->getName() + << " type: " << old_parent->getTypeName() << ") " + << "is being added to the same parent again" + << endl; + + assert(old_parent != this); + } + if (!validate || validateChild(obj)) { push_back(obj); @@ -765,6 +812,17 @@ void FWObject::add(FWObject *obj, bool validate) } } +void FWObject::reparent(FWObject *obj, bool validate) +{ + FWObject *old_parent = obj->getParent(); + if (old_parent != NULL && old_parent != this) + { + old_parent->remove(obj, false); + add(obj, validate); + obj->fixTree(); + } +} + FWReference* FWObject::createRef() { // FWObjectReference *ref=new FWObjectReference(); @@ -843,7 +901,7 @@ void FWObject::swapObjects(FWObject *o1, FWObject *o2) void FWObject::remove(FWObject *obj, bool delete_if_last) { FWObject::iterator fi=std::find(begin(), end(), obj); - if(fi!=end()) + if (fi!=end()) { checkReadOnly(); @@ -851,12 +909,14 @@ void FWObject::remove(FWObject *obj, bool delete_if_last) setDirty(true); obj->unref(); - if (delete_if_last && obj->ref_counter==0) + if (delete_if_last && obj->ref_counter <= 0) { FWObjectDatabase *db = getRoot(); if (db) db->removeFromIndex(obj->getId()); delete obj; } + + obj->parent = NULL; } } @@ -948,22 +1008,9 @@ set FWObject::findAllReferences(const FWObject *obj) return res; } -bool FWObject::validateChild(FWObject *obj) +bool FWObject::validateChild(FWObject*) { return true; - - /* - * Check if object "this" is a descendant of object "obj" to avoid loops - * - * check disabled for now since we need to be able to add firewall to its - * own policy - */ - FWObject *p; - p=this; - do { - if (p==obj) return false; - } while ((p=p->getParent())!=NULL); - return true; } /* @@ -972,14 +1019,41 @@ bool FWObject::validateChild(FWObject *obj) */ void FWObject::destroyChildren() { +#ifdef DEBUG_DESTROY_CHILDREN + cerr << "destroyChildren() " << this + << " name=" << name + << " type=" << getTypeName() + << " parent=" << getParent() + << " path=" << getPath() + << endl; +#endif + FWObjectDatabase *dbr = getRoot(); while (size() > 0) { FWObject *o = front(); + +#ifdef DEBUG_DESTROY_CHILDREN + cerr << " " << this + << " size=" << size() + << " o=" << o + << " o->size=" << o->size() + << endl; +#endif + if (o) { if (o->size()) o->destroyChildren(); if (dbr && !dbr->busy) dbr->removeFromIndex( o->getId() ); + +#ifdef DEBUG_DESTROY_CHILDREN + cerr << " " << this + << " delete " << o + << " " << o->name + << " " << o->getTypeName() + << endl; +#endif + delete o; } pop_front(); @@ -990,23 +1064,65 @@ void FWObject::destroyChildren() /* * Walks the tree, looking for objects that are referenced by two parents */ -void FWObject::findDuplicateLinksInTree() +bool FWObject::verifyTree() { + bool res = false; for(list::iterator m=begin(); m!=end(); ++m) { FWObject *o = *m; - if (o->getParent() != this) + FWObject *o_parent = o->getParent(); + if (o_parent != this) { - cerr << "Object '" << o->getName() << "' (" << o->getTypeName() << ") " - << " has two parents in the tree: " - << o->getParent()->getRoot() << "::" - << o->getParent()->getPath(true) - << " and " - << getRoot() << "::" - << getPath(true) - << endl; + if (o_parent != NULL) + { + cerr << "WARNING: Object " << o << " (name: '" << o->getName() + << "' type: " << o->getTypeName() << ")" + << " has two parents in the tree:" << endl; + + cerr << " " << o_parent->getPath(false, true) << endl; + cerr << " " << getPath(false, true) << endl; + + bool o_parent_real = false; + for (FWObject::iterator k=o_parent->begin(); k!=o_parent->end(); ++k) + { + FWObject *o1 = *k; + if (o1 == o) { o_parent_real = true; break; } + } + + if ( ! o_parent_real) + { + cerr << "WARNING: Parent " << o_parent_real + << " does not have child " + << o << endl; + } + } else + { + cerr << "WARNING: Object " << o << " (name: '" << o->getName() + << "' type: " << o->getTypeName() << ")" + << " was not correctly added to its parent " + << "(getParent()==NULL):" << endl; + cerr << " " << getPath(false, true) << endl; + } + + o->dump(true, false); // recursive, not brief + + res = true; } - o->findDuplicateLinksInTree(); + res |= o->verifyTree(); + } + return res; +} + +void FWObject::fixTree() +{ + getRoot()->addToIndex(this); + for(list::iterator m=begin(); m!=end(); ++m) + { + FWObject *o = *m; + if (o->getRoot() != getRoot()) o->setRoot(getRoot()); + if (o->getParent() != this) o->setParent(this); + getRoot()->addToIndex(o); + o->fixTree(); } } diff --git a/src/libfwbuilder/src/fwbuilder/FWObject.h b/src/libfwbuilder/src/fwbuilder/FWObject.h index 637d52304..f32656547 100644 --- a/src/libfwbuilder/src/fwbuilder/FWObject.h +++ b/src/libfwbuilder/src/fwbuilder/FWObject.h @@ -354,13 +354,18 @@ public: * is true, the path is built relative to the library 'this' is * a part of (name of the library is not included). */ - std::string getPath(bool relative=false) const; + std::string getPath(bool relative=false, bool detailed=false) const; void addAt(int where_id, FWObject *obj); virtual void add(FWObject *obj,bool validate=true); virtual void insert_before(FWObject *o1,FWObject *obj); virtual void insert_after(FWObject *o1,FWObject *obj); + /** + * call add(), but first remove() object from its old parent + */ + virtual void reparent(FWObject *obj,bool validate=true); + /** * In direct children of 'this' swaps all references * to o1 with o2 and vice versa. @@ -432,8 +437,20 @@ public: /** * Walks the tree, looking for objects that are referenced by two parents + * or those with this->parent == NULL. Prints report to stderr and + * returns true if such objects have been found. */ - void findDuplicateLinksInTree(); + bool verifyTree(); + + /** + * sometimes we need to move object subtree from one object + * database to another. For example, this can be a useful + * mechanism to maintain persistent objects between compiler + * passes. However when the object and its children are added to + * the new tree, "parent" and "root" pointers in obejcts still + * point to the old object tree and need to be fixed. + */ + void fixTree(); int getChildrenCount() const; diff --git a/src/libfwbuilder/src/fwbuilder/FWObjectDatabase.cpp b/src/libfwbuilder/src/fwbuilder/FWObjectDatabase.cpp index 291972727..2b8e76287 100644 --- a/src/libfwbuilder/src/fwbuilder/FWObjectDatabase.cpp +++ b/src/libfwbuilder/src/fwbuilder/FWObjectDatabase.cpp @@ -165,7 +165,7 @@ FWObjectDatabase::FWObjectDatabase(FWObjectDatabase& d) : FWObjectDatabase::~FWObjectDatabase() { busy = true; - //findDuplicateLinksInTree(); // debugging + //verifyTree(); // debugging destroyChildren(); } diff --git a/src/libfwbuilder/src/fwbuilder/Firewall.cpp b/src/libfwbuilder/src/fwbuilder/Firewall.cpp index d82b82212..571146ec7 100644 --- a/src/libfwbuilder/src/fwbuilder/Firewall.cpp +++ b/src/libfwbuilder/src/fwbuilder/Firewall.cpp @@ -29,29 +29,24 @@ #include -#include - #include #include #include -#include -#include #include -#include +#include #include #include - -#include +#include +#include #include - +#include #include -#include - #include - +#include #include #include +#include using namespace std; using namespace libfwbuilder; @@ -310,8 +305,6 @@ FWObject& Firewall::duplicate(const FWObject *obj, { string err="Error creating object with type: "; - map id_mapping; - checkReadOnly(); bool xro = obj->getRO(); @@ -322,29 +315,31 @@ FWObject& Firewall::duplicate(const FWObject *obj, destroyChildren(); - duplicateInterfaces(this, obj, id_mapping, preserve_id); + id_mapping_for_duplicate.clear(); + + duplicateInterfaces(this, obj, id_mapping_for_duplicate, preserve_id); for (FWObjectTypedChildIterator it = obj->findByType(Policy::TYPENAME); it != it.end(); ++it) { FWObject *new_ruleset = addCopyOf(*it, preserve_id); - id_mapping[(*it)->getId()] = new_ruleset->getId(); + id_mapping_for_duplicate[(*it)->getId()] = new_ruleset->getId(); } for (FWObjectTypedChildIterator it = obj->findByType(NAT::TYPENAME); it != it.end(); ++it) { FWObject *new_ruleset = addCopyOf(*it, preserve_id); - id_mapping[(*it)->getId()] = new_ruleset->getId(); + id_mapping_for_duplicate[(*it)->getId()] = new_ruleset->getId(); } for (FWObjectTypedChildIterator it = obj->findByType(Routing::TYPENAME); it != it.end(); ++it) { FWObject *new_ruleset = addCopyOf(*it, preserve_id); - id_mapping[(*it)->getId()] = new_ruleset->getId(); + id_mapping_for_duplicate[(*it)->getId()] = new_ruleset->getId(); } // replace references to old fw (obj) with references to this fw - id_mapping[obj->getId()] = getId(); + id_mapping_for_duplicate[obj->getId()] = getId(); FWObject *o=obj->getFirstByType( Management::TYPENAME ); addCopyOf(o,preserve_id); @@ -354,7 +349,7 @@ FWObject& Firewall::duplicate(const FWObject *obj, // replace references to old objects in rules map::iterator it; - for (it=id_mapping.begin(); it!=id_mapping.end(); ++it) + for (it=id_mapping_for_duplicate.begin(); it!=id_mapping_for_duplicate.end(); ++it) { int old_id = it->first; int new_id = it->second; @@ -459,3 +454,8 @@ list Firewall::getInterfacesByType(const string &iface_type) return res; } +void Firewall::assignUniqueRuleIds() +{ + std::for_each(begin(), end(), RuleSet::UniqueRuleIdsSetter()); +} + diff --git a/src/libfwbuilder/src/fwbuilder/Firewall.h b/src/libfwbuilder/src/fwbuilder/Firewall.h index 723a6e3a6..8133d768e 100644 --- a/src/libfwbuilder/src/fwbuilder/Firewall.h +++ b/src/libfwbuilder/src/fwbuilder/Firewall.h @@ -31,6 +31,8 @@ #include // for time_t #include +#include + namespace libfwbuilder { @@ -42,7 +44,8 @@ namespace libfwbuilder class Firewall : public Host { - + std::map id_mapping_for_duplicate; + void duplicateInterfaces(FWObject *target, const FWObject *source, std::map &id_mapping, @@ -70,7 +73,7 @@ public: /** * verify whether given object type is approppriate as a child */ - virtual bool validateChild(FWObject *o); + virtual bool validateChild(FWObject *o); virtual FWOptions* getOptionsObject(); @@ -91,10 +94,27 @@ public: */ virtual FWObject& duplicateForUndo(const FWObject *obj) throw(FWException); + /* + * Return id mapping table created during latest run of duplicate() + */ + const std::map& getIDMappingTable() + { + return id_mapping_for_duplicate; + } + Policy *getPolicy(); NAT *getNAT(); Routing *getRouting(); + /** + * scan all rules of all rule sets and call setUniqueId() to set + * unique string id for each rule. These IDs will be carried + * through calls to duplicate() when firewall object and its rule + * sets are cloned. These IDs are used by compilers to generate + * stable labels for chains and such. + */ + void assignUniqueRuleIds(); + /** * Return list of interfaces of given type. This walks all interfaces recursively, * including subinterfaces. diff --git a/src/libfwbuilder/src/fwbuilder/Rule.cpp b/src/libfwbuilder/src/fwbuilder/Rule.cpp index 57ea3374f..c9b0bf396 100644 --- a/src/libfwbuilder/src/fwbuilder/Rule.cpp +++ b/src/libfwbuilder/src/fwbuilder/Rule.cpp @@ -90,7 +90,6 @@ FWObject& Rule::shallowDuplicate(const FWObject *x, unique_id = rx->unique_id; abs_rule_number = rx->abs_rule_number; compiler_message = rx->compiler_message; - return FWObject::shallowDuplicate(x,preserve_id); } diff --git a/src/libfwbuilder/src/fwbuilder/RuleSet.cpp b/src/libfwbuilder/src/fwbuilder/RuleSet.cpp index dac05b09e..9eff35757 100644 --- a/src/libfwbuilder/src/fwbuilder/RuleSet.cpp +++ b/src/libfwbuilder/src/fwbuilder/RuleSet.cpp @@ -170,10 +170,10 @@ Rule* RuleSet::insertRuleAtTop(bool hidden_rule) Rule* RuleSet::insertRuleBefore(int rule_n) { - Rule *old_rule=getRuleByNum(rule_n); - Rule *r=createRule(); + Rule *old_rule = getRuleByNum(rule_n); + Rule *r = createRule(); if (old_rule==NULL) add(r); - else insert_before(old_rule,r); + else insert_before(old_rule, r); renumberRules(); return(r); } @@ -182,8 +182,14 @@ Rule* RuleSet::appendRuleAtBottom(bool hidden_rule) { Rule *r = createRule(); r->setHidden(hidden_rule); - int last_rule_position = Rule::cast(back())->getPosition(); - if (hidden_rule) r->setPosition(last_rule_position + 1000); + int last_rule_position; + Rule *last_rule = Rule::cast(back()); + if (last_rule != NULL) + { + last_rule_position = last_rule->getPosition() + 1000; + } else + last_rule_position = 1000; + if (hidden_rule) r->setPosition(last_rule_position); add(r); // FWObject::add adds to the end of the list renumberRules(); return(r); @@ -364,4 +370,15 @@ int RuleSet::getRuleSetSize() return getChildrenCount() - 1; } +void RuleSet::assignUniqueRuleIds() +{ + for (FWObject::iterator it=begin(); it!=end(); ++it) + { + Rule *r = Rule::cast(*it); + if (r != NULL) + r->setUniqueId(FWObjectDatabase::getStringId((*it)->getId()) ); + + } +} + diff --git a/src/libfwbuilder/src/fwbuilder/RuleSet.h b/src/libfwbuilder/src/fwbuilder/RuleSet.h index 33eac4e55..b55a5a79a 100644 --- a/src/libfwbuilder/src/fwbuilder/RuleSet.h +++ b/src/libfwbuilder/src/fwbuilder/RuleSet.h @@ -114,12 +114,31 @@ class RuleSet : public FWObject int getRuleSetSize(); - virtual Rule* createRule() =0; + virtual Rule* createRule() = 0; virtual bool isPrimaryObject() const { return false; } void renumberRules(); + /** + * scan all rules of all rule sets and call setUniqueId() to set + * unique string id for each rule. These IDs will be carried + * through calls to duplicate() when firewall object and its rule + * sets are cloned. These IDs are used by compilers to generate + * stable labels for chains and such. + */ + void assignUniqueRuleIds(); + + struct UniqueRuleIdsSetter + { + void operator()(FWObject *o) + { + RuleSet *rs = RuleSet::cast(o); + if (rs != NULL) rs->assignUniqueRuleIds(); + } + }; + + }; //__RULESET_HH_FLAG__ } diff --git a/src/libfwbuilder/src/fwcompiler/Compiler.cpp b/src/libfwbuilder/src/fwcompiler/Compiler.cpp index 464b80bde..0c08bc6cf 100644 --- a/src/libfwbuilder/src/fwcompiler/Compiler.cpp +++ b/src/libfwbuilder/src/fwcompiler/Compiler.cpp @@ -29,33 +29,34 @@ #include "fwbuilder/libfwbuilder-config.h" -#include "fwbuilder/FWServiceReference.h" -#include "fwbuilder/FWObjectReference.h" #include "fwbuilder/AddressRange.h" -#include "fwbuilder/RuleElement.h" #include "fwbuilder/Cluster.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/Network.h" -#include "fwbuilder/NetworkIPv6.h" -#include "fwbuilder/IPService.h" -#include "fwbuilder/ICMPService.h" -#include "fwbuilder/ICMP6Service.h" -#include "fwbuilder/TCPService.h" -#include "fwbuilder/UDPService.h" #include "fwbuilder/CustomService.h" -#include "fwbuilder/Policy.h" -#include "fwbuilder/Rule.h" -#include "fwbuilder/RuleSet.h" -#include "fwbuilder/Interface.h" +#include "fwbuilder/DNSName.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/FWObjectReference.h" +#include "fwbuilder/FWServiceReference.h" +#include "fwbuilder/FailoverClusterGroup.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Group.h" +#include "fwbuilder/ICMP6Service.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/IPService.h" #include "fwbuilder/IPv4.h" #include "fwbuilder/IPv6.h" -#include "fwbuilder/DNSName.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" #include "fwbuilder/MultiAddress.h" -#include "fwbuilder/FailoverClusterGroup.h" -#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/NetworkIPv6.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/RuleElement.h" +#include "fwbuilder/RuleSet.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/UDPService.h" #include "fwbuilder/XMLTools.h" -#include "fwbuilder/FWException.h" -#include "fwbuilder/Group.h" #include #include @@ -70,8 +71,6 @@ using namespace fwcompiler; using namespace std; -Compiler::~Compiler() {} - int Compiler::prolog() { temp = new Group(); @@ -141,7 +140,6 @@ void Compiler::_init(FWObjectDatabase *_db, Firewall *_fw) _cntr_ = 1; temp_ruleset = NULL; - combined_ruleset = NULL; debug = 0; debug_rule = -1; @@ -151,15 +149,28 @@ void Compiler::_init(FWObjectDatabase *_db, Firewall *_fw) single_rule_ruleset_name = ""; single_rule_position = -1; - fw_id = _fw->getId(); - fwopt = _fw->getOptionsObject(); + dbcopy = NULL; + persistent_objects = NULL; + fw = NULL; + fwopt = NULL; + fw_id = -1; - assert(_fw->getRoot() == _db); + if (_db != NULL && _fw != NULL) + { + assert(_fw->getRoot() == _db); - string fw_str_id = FWObjectDatabase::getStringId(_fw->getId()); - - dbcopy = new FWObjectDatabase(*_db); // copies entire tree - fw = Firewall::cast(dbcopy->findInIndex(FWObjectDatabase::getIntId(fw_str_id))); + dbcopy = _db; + fw = _fw; + fwopt = fw->getOptionsObject(); + fw_id = fw->getId(); + + // string fw_str_id = FWObjectDatabase::getStringId(_fw->getId()); + // dbcopy = new FWObjectDatabase(*_db); // copies entire tree + // fw = Firewall::cast( + // dbcopy->findInIndex(FWObjectDatabase::getIntId(fw_str_id))); + // fwopt = fw->getOptionsObject(); + // fw_id = fw->getId(); + } } Compiler::Compiler(FWObjectDatabase *_db, Firewall *fw, bool ipv6_policy) @@ -169,6 +180,7 @@ Compiler::Compiler(FWObjectDatabase *_db, Firewall *fw, bool ipv6_policy) osconfigurator = NULL; countIPv6Rules = 0; ipv6 = ipv6_policy; + persistent_objects = NULL; _init(_db, fw); } @@ -180,6 +192,7 @@ Compiler::Compiler(FWObjectDatabase *_db, Firewall *fw, bool ipv6_policy, osconfigurator = _oscnf; countIPv6Rules = 0; ipv6 = ipv6_policy; + persistent_objects = NULL; _init(_db, fw); } @@ -193,9 +206,9 @@ Compiler::Compiler(FWObjectDatabase*, bool ipv6_policy) ipv6 = ipv6_policy; initialized = false; _cntr_ = 1; + persistent_objects = NULL; fw = NULL; temp_ruleset = NULL; - combined_ruleset = NULL; debug = 0; debug_rule = -1; rule_debug_on = false; @@ -203,6 +216,41 @@ Compiler::Compiler(FWObjectDatabase*, bool ipv6_policy) single_rule_mode = false; } +Compiler::~Compiler() +{ +#ifdef DBCOPY_IS_TRUE_COPY + if (dbcopy) + { + if (dbcopy->verifyTree()) + { + cerr << "source_ruleset=" << source_ruleset << endl; + cerr << "temp_ruleset=" << temp_ruleset << endl; + // dbcopy->dump(true, true); + } + + if (persistent_objects != NULL) + dbcopy->remove(persistent_objects, false); + + delete dbcopy; + } +#endif + + dbcopy = NULL; +} + +void Compiler::setPersistentObjects(Library* po) +{ + persistent_objects = po; + dbcopy->reparent(persistent_objects); + persistent_objects->fixTree(); +} + +void Compiler::setSourceRuleSet(RuleSet *rs) +{ + FWObject *copy_rs = dbcopy->findInIndex(rs->getId()); + source_ruleset = RuleSet::cast(copy_rs); +} + void Compiler::setSingleRuleCompileMode(const string &rule_id) { if (!rule_id.empty()) @@ -241,8 +289,6 @@ string Compiler::getUniqueRuleLabel() void Compiler::compile() { assert(fw); - assert(combined_ruleset); - } void Compiler::_expand_group_recursive(FWObject *o, list &ol) @@ -261,6 +307,7 @@ void Compiler::_expand_group_recursive(FWObject *o, list &ol) * run-time address tables */ MultiAddress *adt = MultiAddress::cast(o); + if ((Group::cast(o)!=NULL && adt==NULL) || (adt!=NULL && adt->isCompileTime())) { @@ -568,7 +615,7 @@ void Compiler::_expandAddressRanges(Rule *rule, FWObject *re) h->setName(string("%n-")+(*i).toString()+string("%") ); h->setNetmask(*(i->getNetmaskPtr())); h->setAddress(*(i->getAddressPtr())); - dbcopy->add(h,false); + persistent_objects->add(h, false); cl.push_back(h); } } @@ -592,10 +639,11 @@ void Compiler::normalizePortRange(int &rs,int &re) void Compiler::debugRule() { - for (FWObject::iterator i=combined_ruleset->begin(); - i!=combined_ruleset->end(); i++) + for (FWObject::iterator i=source_ruleset->begin(); + i!=source_ruleset->end(); i++) { Rule *rule = Rule::cast( *i ); + if (rule == NULL) continue; if (rule_debug_on && rule->getPosition()==debug_rule ) { info(debugPrintRule(rule)); @@ -667,19 +715,20 @@ bool Compiler::Begin::processNext() assert(compiler!=NULL); if (!init) { - for (FWObject::iterator i=compiler->combined_ruleset->begin(); - i!=compiler->combined_ruleset->end(); ++i) + for (FWObject::iterator i=compiler->source_ruleset->begin(); + i!=compiler->source_ruleset->end(); ++i) { Rule *rule = Rule::cast(*i); + if (rule == NULL) continue; if (rule->isDisabled()) continue; Rule *r = Rule::cast(compiler->dbcopy->create(rule->getTypeName())); compiler->temp_ruleset->add(r); r->duplicate(rule); tmp_queue.push_back( r ); } - init=true; - if (!name.empty()) - compiler->info(string(" ") + name); + init = true; + + if (!name.empty()) compiler->info(string(" ") + name); return true; } @@ -959,28 +1008,31 @@ bool Compiler::eliminateDuplicatesInRE::processNext() { Rule *rule=prev_processor->getNextRule(); if (rule==NULL) return false; - if (comparator==NULL) comparator=new equalObj(); + if (comparator==NULL) comparator = new equalObj(); - RuleElement *re=RuleElement::cast(rule->getFirstByType(re_type)); + RuleElement *re = RuleElement::cast(rule->getFirstByType(re_type)); - vector cl; + list cl; for(list::iterator i=re->begin(); i!=re->end(); ++i) { FWObject *obj = FWReference::getObject(*i); + if (obj == NULL) continue; + comparator->set(obj); - bool found=false; - for (vector::iterator i1=cl.begin(); i1!=cl.end(); ++i1) + bool found = false; + for (list::iterator i1=cl.begin(); i1!=cl.end(); ++i1) { - if ( (*comparator)( (*i1) ) ) { found=true; break; } + FWObject *o2 = *i1; + if ( (*comparator)(o2) ) { found=true; break; } } if (!found) cl.push_back(obj); } if (!cl.empty()) { re->clearChildren(); - for (vector::iterator i1=cl.begin(); i1!=cl.end(); ++i1) + for (list::iterator i1=cl.begin(); i1!=cl.end(); ++i1) re->addRef( (*i1) ); } @@ -1191,7 +1243,7 @@ bool Compiler::swapMultiAddressObjectsInRE::processNext() mart->setId( mart_id ); compiler->dbcopy->addToIndex(mart); - compiler->dbcopy->add(mart); + compiler->persistent_objects->add(mart); } re->removeRef(ma); re->addRef(mart); diff --git a/src/libfwbuilder/src/fwcompiler/Compiler.h b/src/libfwbuilder/src/fwcompiler/Compiler.h index 4029643fa..24e0caa2a 100644 --- a/src/libfwbuilder/src/fwcompiler/Compiler.h +++ b/src/libfwbuilder/src/fwcompiler/Compiler.h @@ -213,7 +213,7 @@ protected: int fw_id; libfwbuilder::FWOptions *fwopt; - public: +public: int debug; int debug_rule; @@ -226,12 +226,12 @@ protected: fwcompiler::OSConfigurator *osconfigurator; libfwbuilder::FWObjectDatabase *dbcopy; + libfwbuilder::Library *persistent_objects; libfwbuilder::Firewall *fw; std::string ruleSetName;; libfwbuilder::RuleSet *source_ruleset; - libfwbuilder::RuleSet *combined_ruleset; libfwbuilder::RuleSet *temp_ruleset; libfwbuilder::Group *temp; @@ -927,11 +927,13 @@ protected: void setSingleRuleCompileMode(const std::string &rule_id); bool inSingleRuleCompileMode() { return single_rule_mode; } - void setSourceRuleSet(libfwbuilder::RuleSet *rs) { source_ruleset = rs; } + void setSourceRuleSet(libfwbuilder::RuleSet *rs); libfwbuilder::RuleSet* getSourceRuleSet() { return source_ruleset; } void setRuleSetName(const std::string &name) { ruleSetName = name; } std::string getRuleSetName() { return ruleSetName; } + + void setPersistentObjects(libfwbuilder::Library* po); std::string getCompiledScript(); int getCompiledScriptLength(); @@ -955,8 +957,7 @@ protected: bool suppress_comment=false); /** - * prolog should pack rules into combined_ruleset and return - * number of rules found + * prolog return number of rules found */ virtual int prolog(); virtual void compile(); diff --git a/src/libfwbuilder/src/fwcompiler/NATCompiler.cpp b/src/libfwbuilder/src/fwcompiler/NATCompiler.cpp index 8a79d9f6a..6dbbb0c61 100644 --- a/src/libfwbuilder/src/fwcompiler/NATCompiler.cpp +++ b/src/libfwbuilder/src/fwcompiler/NATCompiler.cpp @@ -56,44 +56,24 @@ int NATCompiler::prolog() NAT *nat = NAT::cast(fw->getFirstByType(NAT::TYPENAME)); assert(nat); - combined_ruleset = new NAT(); - fw->add( combined_ruleset ); + if (source_ruleset == NULL) source_ruleset = nat; + + source_ruleset->renumberRules(); temp_ruleset = new NAT(); // working copy of the policy fw->add( temp_ruleset ); + temp_ruleset->setName(source_ruleset->getName()); -/* - * build combined policy by collapsing all the rules together. - * store ID of the interface in each rule of interface policy. - * - * also calculate global numbers for all rules and store them, too. - * These are used to detect rule shadowing. - */ - int global_num=0; - - -// list l3=nat->getByType(NATRule::TYPENAME); -// for (list::iterator j=l3.begin(); j!=l3.end(); ++j) { - - RuleSet *ruleset = source_ruleset; - if (ruleset == NULL) - { - source_ruleset = RuleSet::cast(nat); - ruleset = nat; - } - - ruleset->renumberRules(); - - combined_ruleset->setName(ruleset->getName()); - temp_ruleset->setName(ruleset->getName()); + int global_num = 0; string label_prefix = ""; - if (ruleset->getName() != "NAT") label_prefix = ruleset->getName(); + if (source_ruleset->getName() != "NAT") label_prefix = source_ruleset->getName(); - for (FWObject::iterator i=ruleset->begin(); i!=ruleset->end(); i++) + int rule_counter = 0; + for (FWObject::iterator i=source_ruleset->begin(); i!=source_ruleset->end(); i++) { - Rule *r= Rule::cast(*i); + Rule *r = Rule::cast(*i); if (r == NULL) continue; // skip RuleSetOptions object /* @@ -108,16 +88,16 @@ int NATCompiler::prolog() //if (r->isDisabled()) continue; //r->setInterfaceId(-1); + if (r->getLabel().empty()) + r->setLabel( createRuleLabel(label_prefix, "NAT", r->getPosition()) ); - r->setLabel( createRuleLabel(label_prefix, "NAT", r->getPosition()) ); r->setAbsRuleNumber(global_num); global_num++; - r->setUniqueId( FWObjectDatabase::getStringId(r->getId()) ); - combined_ruleset->add( r ); + rule_counter++; } - initialized=true; + initialized = true; - return combined_ruleset->size(); + return rule_counter; } diff --git a/src/libfwbuilder/src/fwcompiler/PolicyCompiler.cpp b/src/libfwbuilder/src/fwcompiler/PolicyCompiler.cpp index ddaea2ed5..7018c8a08 100644 --- a/src/libfwbuilder/src/fwcompiler/PolicyCompiler.cpp +++ b/src/libfwbuilder/src/fwcompiler/PolicyCompiler.cpp @@ -70,29 +70,22 @@ int PolicyCompiler::prolog() Policy *policy = Policy::cast(fw->getFirstByType(Policy::TYPENAME)); assert(policy); - combined_ruleset = new Policy(); // combined ruleset (all interface policies and global policy) - fw->add( combined_ruleset ); + if (source_ruleset == NULL) source_ruleset = policy; + + source_ruleset->renumberRules(); temp_ruleset = new Policy(); // working copy of the policy fw->add( temp_ruleset ); - int global_num=0; + temp_ruleset->setName(source_ruleset->getName()); - RuleSet *ruleset = source_ruleset; - if (ruleset == NULL) - { - source_ruleset = RuleSet::cast(policy); - ruleset = policy; - } - ruleset->renumberRules(); - - combined_ruleset->setName(ruleset->getName()); - temp_ruleset->setName(ruleset->getName()); + int global_num = 0; string label_prefix = ""; - if (ruleset->getName() != "Policy") label_prefix = ruleset->getName(); + if (source_ruleset->getName() != "Policy") label_prefix = source_ruleset->getName(); - for (FWObject::iterator i=ruleset->begin(); i!=ruleset->end(); i++) + int rule_counter = 0; + for (FWObject::iterator i=source_ruleset->begin(); i!=source_ruleset->end(); i++) { PolicyRule *r = PolicyRule::cast(*i); if (r == NULL) continue; // skip RuleSetOptions object @@ -108,33 +101,37 @@ int PolicyCompiler::prolog() */ //if (r->isDisabled()) continue; - RuleElementItf *itfre = r->getItf(); - assert(itfre); + if (r->getLabel().empty()) + { + RuleElementItf *itfre = r->getItf(); + assert(itfre); - if (itfre->isAny()) - { - r->setLabel( createRuleLabel(label_prefix, - "global", r->getPosition()) ); - } else - { - string interfaces = ""; - for (FWObject::iterator i=itfre->begin(); i!=itfre->end(); ++i) + if (itfre->isAny()) { - FWObject *o = FWReference::getObject(*i); - if (interfaces!="") interfaces += ","; - interfaces += o->getName(); + r->setLabel( createRuleLabel(label_prefix, + "global", r->getPosition()) ); + } else + { + string interfaces = ""; + for (FWObject::iterator i=itfre->begin(); i!=itfre->end(); ++i) + { + FWObject *o = FWReference::getObject(*i); + if (interfaces!="") interfaces += ","; + interfaces += o->getName(); + } + r->setLabel( createRuleLabel(label_prefix, + interfaces, r->getPosition()) ); } - r->setLabel( createRuleLabel(label_prefix, - interfaces, r->getPosition()) ); } - r->setAbsRuleNumber(global_num); global_num++; - r->setUniqueId( FWObjectDatabase::getStringId(r->getId()) ); - combined_ruleset->add( r ); + + r->setAbsRuleNumber(global_num); + global_num++; + rule_counter++; } - initialized=true; + initialized = true; - return combined_ruleset->size(); + return rule_counter; } @@ -1138,16 +1135,19 @@ string PolicyCompiler::debugPrintRule(Rule *r) srv_id = o->getId(); } - if (i4!=itfrel->end()) { - FWObject *o=*i4; - if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); - itf+=o->getName(); + if (i4!=itfrel->end()) + { + ostringstream str; + FWObject *o = FWReference::getObject(*i4); + str << o->getName() << "(" << o->getId() << ")"; + itf += str.str(); } - int w=0; - if (no==0) { + int w = 0; + if (no==0) + { str << rule->getLabel(); - w=rule->getLabel().length(); + w = rule->getLabel().length(); } str << setw(10-w) << setfill(' ') << " "; @@ -1183,7 +1183,7 @@ PolicyRule* PolicyCompiler::addMgmtRule(Address* src, const PolicyRule::Action action, const string &label) { - assert(combined_ruleset != NULL); + assert(source_ruleset != NULL); /* Insert PolicyRules at top so they do not get shadowed by other * rules. Call insertRuleAtTop() with hidden_rule argument true to @@ -1192,7 +1192,7 @@ PolicyRule* PolicyCompiler::addMgmtRule(Address* src, * rules are not considered for shadowing. */ - PolicyRule* rule = PolicyRule::cast(combined_ruleset->insertRuleAtTop(true)); + PolicyRule* rule = PolicyRule::cast(source_ruleset->insertRuleAtTop(true)); assert(rule != NULL); ostringstream str; diff --git a/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h b/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h index 66b537127..615ef1c68 100644 --- a/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h +++ b/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h @@ -50,10 +50,10 @@ namespace fwcompiler { protected: /** - * this method scans combined_ruleset looking for atomic rule + * this method scans source_ruleset looking for atomic rule * which yields non-empty intersection with atomic rule r. * - * it can start scan either from the beginning of combined_ruleset, + * it can start scan either from the beginning of source_ruleset, * or from iterator 'start_here' * * it returns iterator pointing at rule it has found (so we diff --git a/src/libfwbuilder/src/fwcompiler/Preprocessor.cpp b/src/libfwbuilder/src/fwcompiler/Preprocessor.cpp index 2904187c2..382c909e8 100644 --- a/src/libfwbuilder/src/fwcompiler/Preprocessor.cpp +++ b/src/libfwbuilder/src/fwcompiler/Preprocessor.cpp @@ -45,17 +45,27 @@ using namespace std; static int infinite_recursion_breaker = 0; string Preprocessor::myPlatformName() { return "generic_preprocessor"; } -Preprocessor::~Preprocessor() {} +Preprocessor::~Preprocessor() +{ + dbcopy = NULL; +} Preprocessor::Preprocessor(FWObjectDatabase *_db, - Firewall *fw, bool ipv6_policy) : - Compiler(_db, fw, ipv6_policy) + Firewall *_fw, bool ipv6_policy) : + Compiler(NULL, _fw, ipv6_policy) { // This is the main difference between Preprocessor and other // compilers. All compilers create a copy of the whole database // and work with it, but Preprocessor works with the original // database. Therefore it copies only pointer here. dbcopy = _db; + + fw_id = _fw->getId(); + fwopt = _fw->getOptionsObject(); + + string fw_str_id = FWObjectDatabase::getStringId(_fw->getId()); + fw = Firewall::cast( + dbcopy->findInIndex(FWObjectDatabase::getIntId(fw_str_id))); } void Preprocessor::convertObject(FWObject *obj) diff --git a/src/libfwbuilder/src/fwcompiler/RoutingCompiler.cpp b/src/libfwbuilder/src/fwcompiler/RoutingCompiler.cpp index ae36439d9..519dc5f9c 100644 --- a/src/libfwbuilder/src/fwcompiler/RoutingCompiler.cpp +++ b/src/libfwbuilder/src/fwcompiler/RoutingCompiler.cpp @@ -72,48 +72,34 @@ int RoutingCompiler::prolog() Routing *routing = Routing::cast(fw->getFirstByType(Routing::TYPENAME)); assert(routing); - combined_ruleset = new Routing(); // combined ruleset - fw->add( combined_ruleset ); + if (source_ruleset == NULL) source_ruleset = routing; + + source_ruleset->renumberRules(); temp_ruleset = new Routing(); // working copy of the routing fw->add( temp_ruleset ); - combined_ruleset->setName(routing->getName()); - temp_ruleset->setName(routing->getName()); + temp_ruleset->setName(source_ruleset->getName()); - routing->renumberRules(); - - list l = routing->getByType(RoutingRule::TYPENAME); - for (list::iterator j=l.begin(); j!=l.end(); ++j) + int rule_counter = 0; + for (FWObject::iterator i=source_ruleset->begin(); i!=source_ruleset->end(); i++) { - Rule *r= Rule::cast(*j); + Rule *r = Rule::cast(*i); if (r == NULL) continue; // skip RuleSetOptions object - /* - * do not remove disabled rules just yet because some - * compilers might use RuleSet::insertRuleAtTop() and other - * similar methods from prolog() or - * addPredefinedPolicyRules()() and these methods renumber - * rules (labels stop matching rule positions when this is - * done because labels are configured in prolog() method of - * the base class. See fwbuilder ticket 1173) - */ - // if (r->isDisabled()) continue; + if (r->getLabel().empty()) + r->setLabel( createRuleLabel("", "main", r->getPosition()) ); - // r->setInterfaceId(-1); - - r->setLabel( createRuleLabel("", "main", r->getPosition()) ); - combined_ruleset->add( r ); + rule_counter++; } - initialized=true; + initialized = true; - return combined_ruleset->size(); + return rule_counter; } -bool RoutingCompiler::cmpRules(const RoutingRule &r1, - const RoutingRule &r2) +bool RoutingCompiler::cmpRules(const RoutingRule &r1, const RoutingRule &r2) { if (r1.getRDst()!=r2.getRDst()) return false; if (r1.getRGtw()!=r2.getRGtw()) return false; @@ -125,11 +111,11 @@ bool RoutingCompiler::cmpRules(const RoutingRule &r1, string RoutingCompiler::debugPrintRule(Rule *r) { - RoutingRule *rule=RoutingRule::cast(r); + RoutingRule *rule = RoutingRule::cast(r); - RuleElementRDst *dstrel=rule->getRDst(); - RuleElementRItf *itfrel=rule->getRItf(); - RuleElementRGtw *gtwrel=rule->getRGtw(); + RuleElementRDst *dstrel = rule->getRDst(); + RuleElementRItf *itfrel = rule->getRItf(); + RuleElementRGtw *gtwrel = rule->getRGtw(); ostringstream str; @@ -138,27 +124,27 @@ string RoutingCompiler::debugPrintRule(Rule *r) string dst, itf, gtw; FWObject *obj = FWReference::getObject(itfrel->front()); - itf = obj->getName(); + itf = (obj) ? obj->getName() : "NULL"; obj = FWReference::getObject(gtwrel->front()); - gtw = obj->getName(); + gtw = (obj) ? obj->getName() : "NULL"; - int no=0; - FWObject::iterator i1=dstrel->begin(); + int no = 0; + FWObject::iterator i1 = dstrel->begin(); while ( i1!=dstrel->end()) { str << endl; dst = " "; - if (i1!=dstrel->end()) + if (i1 != dstrel->end()) { FWObject *o = FWReference::getObject(*i1); - dst = o->getName(); + dst = (o) ? o->getName() : "NULL"; } - int w=0; + int w = 0; if (no==0) { str << rule->getLabel(); @@ -174,7 +160,7 @@ string RoutingCompiler::debugPrintRule(Rule *r) ++no; - if ( i1!=dstrel->end() ) ++i1; + if ( i1 != dstrel->end() ) ++i1; } return str.str(); } @@ -199,21 +185,15 @@ bool RoutingCompiler::ConvertToAtomicForDST::processNext() //RuleElementSrc *src=rule->getSrc(); assert(src); RuleElementRDst *dst=rule->getRDst(); assert(dst); - for (FWObject::iterator it=dst->begin(); it!=dst->end(); ++it) { RoutingRule *r = compiler->dbcopy->createRoutingRule(); r->duplicate(rule); compiler->temp_ruleset->add(r); - FWObject *s; - //s=r->getSrc(); assert(s); - //s->clearChildren(); - //s->add( *i1 ); - - s=r->getRDst(); assert(s); + FWObject *s = r->getRDst(); assert(s); s->clearChildren(); - s->add( *it ); + s->addRef(FWReference::getObject(*it)); tmp_queue.push_back(r); } @@ -532,7 +512,6 @@ bool RoutingCompiler::rItfChildOfFw::processNext() if (itfrel->isAny()) return true; FWObject *o = FWReference::cast(itfrel->front())->getPointer(); - if (o->isChildOf(compiler->fw)) return true; // the interface is not a child of the firewall. Could be // cluster interface though. In that case make sure the @@ -540,14 +519,19 @@ bool RoutingCompiler::rItfChildOfFw::processNext() Interface *iface = Interface::cast(o); if (iface) { - Cluster *cluster = Cluster::cast(iface->getParentHost()); + FWObject *parent = iface->getParentHost(); + if (parent->getId() == compiler->fw->getId()) return true; + + Cluster *cluster = Cluster::cast(parent); if (cluster) { list members; cluster->getMembersList(members); - if (std::find(members.begin(), members.end(), - compiler->fw) != members.end()) - return true; + list::iterator it; + for (it=members.begin(); it!=members.end(); ++it) + { + if ((*it)->getId() == compiler->fw->getId()) return true; + } } } string msg; diff --git a/src/libfwbuilder/src/fwcompiler/RoutingCompiler.h b/src/libfwbuilder/src/fwcompiler/RoutingCompiler.h index a42b13529..cc546fb16 100644 --- a/src/libfwbuilder/src/fwcompiler/RoutingCompiler.h +++ b/src/libfwbuilder/src/fwcompiler/RoutingCompiler.h @@ -37,8 +37,8 @@ #include -namespace fwcompiler { - +namespace fwcompiler +{ using namespace std; #define DECLARE_ROUTING_RULE_PROCESSOR(_Name) \ @@ -52,12 +52,13 @@ namespace fwcompiler { }; - class RoutingCompiler : public Compiler { - + class RoutingCompiler : public Compiler + { public: RoutingCompiler(libfwbuilder::FWObjectDatabase *_db, - libfwbuilder::Firewall *fw, bool ipv6_policy, + libfwbuilder::Firewall *fw, + bool ipv6_policy, fwcompiler::OSConfigurator *_oscnf) : Compiler(_db, fw, ipv6_policy, _oscnf) {} diff --git a/src/pf/pf.cpp b/src/pf/pf.cpp index 5a5924dad..d0d409bd0 100644 --- a/src/pf/pf.cpp +++ b/src/pf/pf.cpp @@ -147,15 +147,19 @@ int main(int argc, char **argv) FWObject *slib = objdb->getById(FWObjectDatabase::STANDARD_LIB_ID); if (slib && slib->isReadOnly()) slib->setReadOnly(false); - CompilerDriver_pf driver(objdb); - if (!driver.prepare(args)) + CompilerDriver_pf *driver = new CompilerDriver_pf(objdb); + if (!driver->prepare(args)) { usage(argv[0]); exit(1); } - driver.compile(); + driver->compile(); + int ret = (driver->getStatus() == BaseCompiler::FWCOMPILER_SUCCESS) ? 0 : 1; + + delete driver; delete objdb; - return (driver.getStatus() == BaseCompiler::FWCOMPILER_SUCCESS) ? 0 : 1; + + return ret; } catch(const FWException &ex) { diff --git a/src/pflib/CompilerDriver_ipf_run.cpp b/src/pflib/CompilerDriver_ipf_run.cpp index 902466bbb..34a6eb9ed 100644 --- a/src/pflib/CompilerDriver_ipf_run.cpp +++ b/src/pflib/CompilerDriver_ipf_run.cpp @@ -45,27 +45,21 @@ #include "OSConfigurator_freebsd.h" #include "OSConfigurator_solaris.h" -#include "fwbuilder/Resources.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/XMLTools.h" -#include "fwbuilder/FWException.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Policy.h" -#include "fwbuilder/NAT.h" - -#include "fwcompiler/Preprocessor.h" - -#include "fwbuilder/Resources.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/FWException.h" #include "fwbuilder/Cluster.h" #include "fwbuilder/ClusterGroup.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/FailoverClusterGroup.h" #include "fwbuilder/Firewall.h" #include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/NAT.h" #include "fwbuilder/Policy.h" +#include "fwbuilder/Resources.h" #include "fwbuilder/StateSyncClusterGroup.h" -#include "fwbuilder/FailoverClusterGroup.h" +#include "fwbuilder/XMLTools.h" + +#include "fwcompiler/Preprocessor.h" #include #include @@ -165,13 +159,9 @@ QString CompilerDriver_ipf::run(const std::string &cluster_id, const std::string &single_rule_id) { Cluster *cluster = NULL; - if (!cluster_id.empty()) - cluster = Cluster::cast( - objdb->findInIndex(objdb->getIntId(cluster_id))); + Firewall *fw = NULL; - Firewall *fw = Firewall::cast( - objdb->findInIndex(objdb->getIntId(firewall_id))); - assert(fw); + getFirewallAndClusterObjects(cluster_id, firewall_id, &cluster, &fw); try { @@ -229,6 +219,7 @@ QString CompilerDriver_ipf::run(const std::string &cluster_id, c.setSourceRuleSet(Policy::cast(policy)); c.setRuleSetName(policy->getName()); + c.setPersistentObjects(persistent_objects); c.setSingleRuleCompileMode(single_rule_id); c.setDebugLevel( dl ); @@ -250,6 +241,7 @@ QString CompilerDriver_ipf::run(const std::string &cluster_id, n.setSourceRuleSet(NAT::cast(nat)); n.setRuleSetName(nat->getName()); + n.setPersistentObjects(persistent_objects); n.setSingleRuleCompileMode(single_rule_id); n.setDebugLevel( dl ); @@ -265,6 +257,13 @@ QString CompilerDriver_ipf::run(const std::string &cluster_id, n.epilog(); } + /* + * compilers detach persistent objects when they finish, this + * means at this point library persistent_objects is not part + * of any object tree. + */ + objdb->reparent(persistent_objects); + if (haveErrorsAndWarnings()) { all_errors.push_front(getErrors("").c_str()); diff --git a/src/pflib/CompilerDriver_ipfw_run.cpp b/src/pflib/CompilerDriver_ipfw_run.cpp index 6d1e05239..9dd5ec090 100644 --- a/src/pflib/CompilerDriver_ipfw_run.cpp +++ b/src/pflib/CompilerDriver_ipfw_run.cpp @@ -42,26 +42,21 @@ #include "OSConfigurator_freebsd.h" #include "OSConfigurator_macosx.h" -#include "fwbuilder/Resources.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/XMLTools.h" -#include "fwbuilder/FWException.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Policy.h" -#include "fwbuilder/NAT.h" - -#include "fwcompiler/Preprocessor.h" - -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/FWException.h" #include "fwbuilder/Cluster.h" #include "fwbuilder/ClusterGroup.h" +#include "fwbuilder/FWException.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/FailoverClusterGroup.h" #include "fwbuilder/Firewall.h" #include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/NAT.h" #include "fwbuilder/Policy.h" +#include "fwbuilder/Resources.h" #include "fwbuilder/StateSyncClusterGroup.h" -#include "fwbuilder/FailoverClusterGroup.h" +#include "fwbuilder/XMLTools.h" + +#include "fwcompiler/Preprocessor.h" #include #include @@ -114,13 +109,9 @@ QString CompilerDriver_ipfw::run(const std::string &cluster_id, const std::string &single_rule_id) { Cluster *cluster = NULL; - if (!cluster_id.empty()) - cluster = Cluster::cast( - objdb->findInIndex(objdb->getIntId(cluster_id))); + Firewall *fw = NULL; - Firewall *fw = Firewall::cast( - objdb->findInIndex(objdb->getIntId(firewall_id))); - assert(fw); + getFirewallAndClusterObjects(cluster_id, firewall_id, &cluster, &fw); try { @@ -174,6 +165,13 @@ QString CompilerDriver_ipfw::run(const std::string &cluster_id, findImportedRuleSets(fw, all_policies); + // assign unique rule ids that later will be used to generate + // chain names. This should be done after calls to + // findImportedRuleSets() + // NB: these ids are not used by this compiler + + assignUniqueRuleIds(all_policies); + // command line options -4 and -6 control address family for which // script will be generated. If "-4" is used, only ipv4 part will // be generated. If "-6" is used, only ipv6 part will be generated. @@ -238,6 +236,8 @@ QString CompilerDriver_ipfw::run(const std::string &cluster_id, c.setIPFWNumber(ipfw_rule_number); c.setSourceRuleSet( policy ); c.setRuleSetName(branch_name); + c.setPersistentObjects(persistent_objects); + c.setSingleRuleCompileMode(single_rule_id); c.setDebugLevel( dl ); if (rule_debug_on) c.setDebugRule( drp ); @@ -286,6 +286,13 @@ QString CompilerDriver_ipfw::run(const std::string &cluster_id, generated_script += c_str.str(); } + /* + * compilers detach persistent objects when they finish, this + * means at this point library persistent_objects is not part + * of any object tree. + */ + objdb->reparent(persistent_objects); + if (haveErrorsAndWarnings()) { all_errors.push_front(getErrors("").c_str()); diff --git a/src/pflib/CompilerDriver_pf_run.cpp b/src/pflib/CompilerDriver_pf_run.cpp index 282487566..3d5f7c7db 100644 --- a/src/pflib/CompilerDriver_pf_run.cpp +++ b/src/pflib/CompilerDriver_pf_run.cpp @@ -50,30 +50,24 @@ #include "OSConfigurator_freebsd.h" #include "OSConfigurator_solaris.h" -#include "fwbuilder/Resources.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/XMLTools.h" +#include "fwbuilder/Cluster.h" +#include "fwbuilder/ClusterGroup.h" #include "fwbuilder/FWException.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/FailoverClusterGroup.h" #include "fwbuilder/Firewall.h" #include "fwbuilder/Interface.h" -#include "fwbuilder/Policy.h" +#include "fwbuilder/Library.h" #include "fwbuilder/NAT.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/Resources.h" #include "fwbuilder/Routing.h" +#include "fwbuilder/StateSyncClusterGroup.h" +#include "fwbuilder/XMLTools.h" #include "fwcompiler/Preprocessor.h" #include "fwcompiler/exceptions.h" -#include "fwbuilder/Resources.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/FWException.h" -#include "fwbuilder/Cluster.h" -#include "fwbuilder/ClusterGroup.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Policy.h" -#include "fwbuilder/StateSyncClusterGroup.h" -#include "fwbuilder/FailoverClusterGroup.h" - #include #include #include @@ -212,13 +206,9 @@ QString CompilerDriver_pf::run(const std::string &cluster_id, const std::string &single_rule_id) { Cluster *cluster = NULL; - if (!cluster_id.empty()) - cluster = Cluster::cast( - objdb->findInIndex(objdb->getIntId(cluster_id))); + Firewall *fw = NULL; - Firewall *fw = Firewall::cast( - objdb->findInIndex(objdb->getIntId(firewall_id))); - assert(fw); + getFirewallAndClusterObjects(cluster_id, firewall_id, &cluster, &fw); try { @@ -288,6 +278,14 @@ QString CompilerDriver_pf::run(const std::string &cluster_id, findImportedRuleSets(fw, all_policies); findImportedRuleSets(fw, all_nat); + // assign unique rule ids that later will be used to generate + // chain names. This should be done after calls to + // findImportedRuleSets() + // NB: these ids are not really used by compiler for PF + + assignUniqueRuleIds(all_policies); + assignUniqueRuleIds(all_nat); + list all_rulesets; all_rulesets.insert( all_rulesets.begin(), all_policies.begin(), all_policies.end()); @@ -459,7 +457,8 @@ QString CompilerDriver_pf::run(const std::string &cluster_id, if (table_factories.count(ruleset_name) == 0) { - table_factories[ruleset_name] = new fwcompiler::TableFactory(this); + table_factories[ruleset_name] = + new fwcompiler::TableFactory(this, persistent_objects); } NATCompiler_pf n( objdb, fw, ipv6_policy, oscnf.get(), @@ -468,6 +467,7 @@ QString CompilerDriver_pf::run(const std::string &cluster_id, n.setSourceRuleSet( nat ); n.setRuleSetName(nat->getName()); + n.setPersistentObjects(persistent_objects); n.setSingleRuleCompileMode(single_rule_id); n.setDebugLevel( dl ); @@ -532,7 +532,8 @@ QString CompilerDriver_pf::run(const std::string &cluster_id, if (table_factories.count(ruleset_name) == 0) { - table_factories[ruleset_name] = new fwcompiler::TableFactory(this); + table_factories[ruleset_name] = + new fwcompiler::TableFactory(this, persistent_objects); } PolicyCompiler_pf c( objdb, fw, ipv6_policy, oscnf.get(), @@ -542,6 +543,7 @@ QString CompilerDriver_pf::run(const std::string &cluster_id, c.setSourceRuleSet( policy ); c.setRuleSetName(policy->getName()); + c.setPersistentObjects(persistent_objects); c.setSingleRuleCompileMode(single_rule_id); c.setDebugLevel( dl ); @@ -609,6 +611,7 @@ QString CompilerDriver_pf::run(const std::string &cluster_id, { routing_compiler->setSourceRuleSet(routing); routing_compiler->setRuleSetName(routing->getName()); + routing_compiler->setPersistentObjects(persistent_objects); routing_compiler->setSingleRuleCompileMode(single_rule_id); routing_compiler->setDebugLevel( dl ); @@ -629,6 +632,12 @@ QString CompilerDriver_pf::run(const std::string &cluster_id, routing_script += routing_compiler->getCompiledScript(); } + /* + * compilers detach persistent objects when they finish, this + * means at this point library persistent_objects is not part + * of any object tree. + */ + objdb->reparent(persistent_objects); if (haveErrorsAndWarnings()) { @@ -703,7 +712,13 @@ QString CompilerDriver_pf::run(const std::string &cluster_id, if (ruleset_name == "__main__") { printStaticOptions(pf_str, fw); + + // attach persistent_tables subtree inside TableFactory object + // to the object tree + table_factories[ruleset_name]->init(objdb); + pf_str << table_factories[ruleset_name]->PrintTables(); + if (prolog_place == "pf_file_after_tables") printProlog(pf_str, pre_hook); } else diff --git a/src/pflib/NATCompiler_ipf.cpp b/src/pflib/NATCompiler_ipf.cpp index 7588c305b..d1e886435 100644 --- a/src/pflib/NATCompiler_ipf.cpp +++ b/src/pflib/NATCompiler_ipf.cpp @@ -27,19 +27,20 @@ #include "NATCompiler_ipf.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/RuleElement.h" -#include "fwbuilder/NAT.h" #include "fwbuilder/AddressRange.h" -#include "fwbuilder/IPService.h" +#include "fwbuilder/AddressTable.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Host.h" #include "fwbuilder/ICMPService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/RuleElement.h" #include "fwbuilder/TCPService.h" #include "fwbuilder/UDPService.h" -#include "fwbuilder/Host.h" -#include "fwbuilder/Network.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/AddressTable.h" #include @@ -165,7 +166,7 @@ bool NATCompiler_ipf::ExpandPortRange::processNext() newSrv->duplicate(osrv,true); TCPUDPService::cast(newSrv)->setDstRangeStart(p); TCPUDPService::cast(newSrv)->setDstRangeEnd(p); - compiler->dbcopy->add(newSrv,false); + compiler->persistent_objects->add(newSrv,false); compiler->dbcopy->addToIndex(newSrv); RuleElementOSrv *nosrv = r->getOSrv(); diff --git a/src/pflib/NATCompiler_pf.cpp b/src/pflib/NATCompiler_pf.cpp index 9b9c7b818..7b94e03ae 100644 --- a/src/pflib/NATCompiler_pf.cpp +++ b/src/pflib/NATCompiler_pf.cpp @@ -29,21 +29,22 @@ #include "fwcompiler/OSConfigurator.h" -#include "fwbuilder/RuleElement.h" -#include "fwbuilder/NAT.h" #include "fwbuilder/AddressRange.h" -#include "fwbuilder/IPService.h" +#include "fwbuilder/AddressTable.h" +#include "fwbuilder/Cluster.h" +#include "fwbuilder/FailoverClusterGroup.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Host.h" #include "fwbuilder/ICMPService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/IPv4.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/NAT.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/RuleElement.h" #include "fwbuilder/TCPService.h" #include "fwbuilder/UDPService.h" -#include "fwbuilder/Host.h" -#include "fwbuilder/Network.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/IPv4.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/AddressTable.h" -#include "fwbuilder/FailoverClusterGroup.h" -#include "fwbuilder/Cluster.h" #include #include @@ -94,7 +95,7 @@ int NATCompiler_pf::prolog() IPv4::cast(loopback_address)->setAddress(InetAddr::getLoopbackAddr()); - dbcopy->add(loopback_address,false); + persistent_objects->add(loopback_address,false); if (tables) { @@ -279,7 +280,10 @@ bool NATCompiler_pf::splitSDNATRule::processNext() odst=r->getODst(); odst->clearChildren(); for (FWObject::iterator i=rule->getTDst()->begin(); i!=rule->getTDst()->end(); i++) - odst->add( *i ); + { + FWObject *o = FWReference::getObject(*i); + odst->addRef(o); + } if ( ! rule->getTSrv()->isAny()) { @@ -317,7 +321,7 @@ bool NATCompiler_pf::splitSDNATRule::processNext() match_service = TCPUDPService::cast( compiler->dbcopy->create(tsrv->getTypeName())); match_service->setName(tsrv->getName() + "_dport"); - compiler->dbcopy->add(match_service); + compiler->persistent_objects->add(match_service); match_service->setDstRangeStart(tu_tsrv->getDstRangeStart()); match_service->setDstRangeEnd(tu_tsrv->getDstRangeEnd()); } @@ -1014,7 +1018,7 @@ bool NATCompiler_pf::swapAddressTableObjectsInRE::processNext() mart->setId( mart_id ); compiler->dbcopy->addToIndex(mart); - compiler->dbcopy->add(mart); + compiler->persistent_objects->add(mart); // register this object as a table string tblname = atbl->getName(); @@ -1311,3 +1315,9 @@ void NATCompiler_pf::compile() void NATCompiler_pf::epilog() { } + +NATCompiler_pf::~NATCompiler_pf() +{ + //if (tables) tables->detach(); +} + diff --git a/src/pflib/NATCompiler_pf.h b/src/pflib/NATCompiler_pf.h index 553faf306..f5a43e339 100644 --- a/src/pflib/NATCompiler_pf.h +++ b/src/pflib/NATCompiler_pf.h @@ -63,15 +63,20 @@ namespace fwcompiler struct redirectRuleInfo { - std::string natrule_label; - libfwbuilder::FWObject *old_tdst; - libfwbuilder::FWObject *new_tdst; - libfwbuilder::Service *tsrv; + std::string natrule_label; + int old_tdst; + int new_tdst; + int tsrv; redirectRuleInfo(const std::string &rl, libfwbuilder::FWObject *oa, libfwbuilder::FWObject *na, libfwbuilder::Service *s) - { natrule_label=rl; old_tdst=oa; new_tdst=na; tsrv=s; } + { + natrule_label = rl; + old_tdst = oa->getId(); + new_tdst = na->getId(); + tsrv = s->getId(); + } }; @@ -388,12 +393,12 @@ namespace fwcompiler bool ipv6_policy, fwcompiler::OSConfigurator *_oscnf, TableFactory *tbf = NULL - ) : - NATCompiler(_db, fw, ipv6_policy, _oscnf) + ) : NATCompiler(_db, fw, ipv6_policy, _oscnf) { tables = tbf; } + virtual ~NATCompiler_pf(); virtual int prolog(); virtual void compile(); diff --git a/src/pflib/OSConfigurator_bsd.cpp b/src/pflib/OSConfigurator_bsd.cpp index 0e2a1715d..b9f894c7f 100644 --- a/src/pflib/OSConfigurator_bsd.cpp +++ b/src/pflib/OSConfigurator_bsd.cpp @@ -75,7 +75,7 @@ void OSConfigurator_bsd::addVirtualAddressForNAT(const Address *addr) FWObject *iaddr = findAddressFor(addr, fw ); if (iaddr!=NULL) { - virtual_addresses.insert(addr); + virtual_addresses.insert(addr->getId()); } else warning("Can not add virtual address " + addr->getAddressPtr()->toString() ); diff --git a/src/pflib/OSConfigurator_bsd.h b/src/pflib/OSConfigurator_bsd.h index 8e3f1e7bb..14e0ef339 100644 --- a/src/pflib/OSConfigurator_bsd.h +++ b/src/pflib/OSConfigurator_bsd.h @@ -55,7 +55,7 @@ protected: QMap interface_configuration_lines; QStringList cloned_interfaces; - std::set virtual_addresses; + std::set virtual_addresses; virtual void setKernelVariable(libfwbuilder::Firewall *fw, const std::string &var_name, diff --git a/src/pflib/OSConfigurator_bsd_interfaces.cpp b/src/pflib/OSConfigurator_bsd_interfaces.cpp index e53a2730d..9d7b6ab76 100644 --- a/src/pflib/OSConfigurator_bsd_interfaces.cpp +++ b/src/pflib/OSConfigurator_bsd_interfaces.cpp @@ -248,10 +248,10 @@ string OSConfigurator_bsd::configureInterfaces() if (ipaddr->isV6()) have_ipv6 = true; } - set::iterator it; + set::iterator it; for (it=virtual_addresses.begin(); it!=virtual_addresses.end(); ++it) { - const Address *addr = *it; + const Address *addr = Address::constcast(dbcopy->findInIndex(*it)); const InetAddr *ipaddr = addr->getAddressPtr(); FWObject *iaddr = findAddressFor(addr, fw ); if (iaddr!=NULL) diff --git a/src/pflib/PolicyCompiler_ipf.cpp b/src/pflib/PolicyCompiler_ipf.cpp index 4f19a1920..a6eaab447 100644 --- a/src/pflib/PolicyCompiler_ipf.cpp +++ b/src/pflib/PolicyCompiler_ipf.cpp @@ -28,16 +28,17 @@ #include "PolicyCompiler_ipf.h" #include "fwcompiler/Compiler.h" +#include "fwbuilder/AddressTable.h" #include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/RuleElement.h" -#include "fwbuilder/IPService.h" +#include "fwbuilder/Firewall.h" #include "fwbuilder/ICMPService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/RuleElement.h" #include "fwbuilder/TCPService.h" #include "fwbuilder/UDPService.h" -#include "fwbuilder/Policy.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/AddressTable.h" #include @@ -55,15 +56,15 @@ int PolicyCompiler_ipf::prolog() anytcp = dbcopy->createTCPService(); anytcp->setId(FWObjectDatabase::generateUniqueId()); //ANY_TCP_OBJ_ID); - dbcopy->add(anytcp,false); + persistent_objects->add(anytcp,false); anyudp=dbcopy->createUDPService(); anyudp->setId(FWObjectDatabase::generateUniqueId()); //ANY_UDP_OBJ_ID); - dbcopy->add(anyudp,false); + persistent_objects->add(anyudp,false); anyicmp=dbcopy->createICMPService(); anyicmp->setId(FWObjectDatabase::generateUniqueId()); //ANY_ICMP_OBJ_ID); - dbcopy->add(anyicmp,false); + persistent_objects->add(anyicmp,false); return n; } diff --git a/src/pflib/PolicyCompiler_ipfw.cpp b/src/pflib/PolicyCompiler_ipfw.cpp index b40a8d8c8..4a8b9a681 100644 --- a/src/pflib/PolicyCompiler_ipfw.cpp +++ b/src/pflib/PolicyCompiler_ipfw.cpp @@ -28,16 +28,17 @@ #include "PolicyCompiler_ipfw.h" #include "fwcompiler/Compiler.h" +#include "fwbuilder/AddressTable.h" #include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/RuleElement.h" -#include "fwbuilder/IPService.h" +#include "fwbuilder/Firewall.h" #include "fwbuilder/ICMPService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/RuleElement.h" #include "fwbuilder/TCPService.h" #include "fwbuilder/UDPService.h" -#include "fwbuilder/Policy.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/AddressTable.h" #include @@ -55,15 +56,15 @@ int PolicyCompiler_ipfw::prolog() anytcp=dbcopy->createTCPService(); anytcp->setId(FWObjectDatabase::generateUniqueId()); // ANY_TCP_OBJ_ID); - dbcopy->add(anytcp,false); + persistent_objects->add(anytcp,false); anyudp=dbcopy->createUDPService(); anyudp->setId(FWObjectDatabase::generateUniqueId()); //ANY_UDP_OBJ_ID); - dbcopy->add(anyudp,false); + persistent_objects->add(anyudp,false); anyicmp=dbcopy->createICMPService(); anyicmp->setId(FWObjectDatabase::generateUniqueId()); //ANY_ICMP_OBJ_ID); - dbcopy->add(anyicmp,false); + persistent_objects->add(anyicmp,false); return n; diff --git a/src/pflib/PolicyCompiler_pf.cpp b/src/pflib/PolicyCompiler_pf.cpp index 60a73fae5..a8b100179 100644 --- a/src/pflib/PolicyCompiler_pf.cpp +++ b/src/pflib/PolicyCompiler_pf.cpp @@ -28,20 +28,21 @@ #include "PolicyCompiler_pf.h" #include "NATCompiler_pf.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/RuleElement.h" -#include "fwbuilder/IPService.h" -#include "fwbuilder/ICMPService.h" -#include "fwbuilder/TCPService.h" -#include "fwbuilder/UDPService.h" -#include "fwbuilder/TagService.h" -#include "fwbuilder/Policy.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/Network.h" #include "fwbuilder/AddressTable.h" +#include "fwbuilder/FWObjectDatabase.h" #include "fwbuilder/FailoverClusterGroup.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/ICMPService.h" +#include "fwbuilder/IPService.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/Network.h" +#include "fwbuilder/Policy.h" +#include "fwbuilder/RuleElement.h" #include "fwbuilder/StateSyncClusterGroup.h" +#include "fwbuilder/TCPService.h" +#include "fwbuilder/TagService.h" +#include "fwbuilder/UDPService.h" #include #include @@ -156,7 +157,7 @@ bool PolicyCompiler_pf::swapAddressTableObjectsInRE::processNext() mart->setId( mart_id ); compiler->dbcopy->addToIndex(mart); - compiler->dbcopy->add(mart); + compiler->persistent_objects->add(mart); // register this object as a table string tblname = atbl->getName(); @@ -418,7 +419,7 @@ void PolicyCompiler_pf::addDefaultPolicyRule() ssh->setDstRangeEnd(22); ssh->setName("mgmt_ssh"); - dbcopy->add(ssh,false); + persistent_objects->add(ssh,false); string mgmt_addr = getCachedFwOpt()->getStr("mgmt_addr"); InetAddr addr; @@ -452,12 +453,13 @@ void PolicyCompiler_pf::addDefaultPolicyRule() mgmt_workstation->setName("mgmt_addr"); mgmt_workstation->setAddress(addr); mgmt_workstation->setNetmask(netmask); -// IPv4 *mgmt_workstation = IPv4::cast(dbcopy->create(IPv4::TYPENAME)); -// mgmt_workstation->setAddress(getCachedFwOpt()->getStr("mgmt_addr")); - dbcopy->add(mgmt_workstation,false); + persistent_objects->add(mgmt_workstation,false); + + // r = dbcopy->createPolicyRule(); + // source_ruleset->push_front(r); + + r = PolicyRule::cast(source_ruleset->insertRuleAtTop(true)); - r = dbcopy->createPolicyRule(); - temp_ruleset->add(r); r->setAction(PolicyRule::Accept); r->setLogging(false); r->setDirection(PolicyRule::Inbound); @@ -479,17 +481,17 @@ void PolicyCompiler_pf::addDefaultPolicyRule() RuleElement *srv = r->getSrv(); assert(srv!=NULL); srv->addRef(ssh); - - combined_ruleset->push_front(r); - } insertCarpRule(); insertPfsyncRule(); - PolicyRule *r = dbcopy->createPolicyRule(); + // PolicyRule *r = dbcopy->createPolicyRule(); + // source_ruleset->push_back(r); + + PolicyRule *r = PolicyRule::cast(source_ruleset->appendRuleAtBottom(true)); + FWOptions *ruleopt; - temp_ruleset->add(r); r->setAction(PolicyRule::Deny); r->setLogging(getCachedFwOpt()->getBool("fallback_log")); r->setDirection(PolicyRule::Both); @@ -500,7 +502,6 @@ void PolicyCompiler_pf::addDefaultPolicyRule() r->setLabel("fallback rule"); ruleopt = r->getOptionsObject(); ruleopt->setBool("stateless", true); - combined_ruleset->push_back(r); } } @@ -749,12 +750,11 @@ bool PolicyCompiler_pf::doSrvNegation::processNext() bool PolicyCompiler_pf::addLoopbackForRedirect::processNext() { - PolicyRule *rule=getNext(); if (rule==NULL) return false; - PolicyCompiler_pf *pf_comp=dynamic_cast(compiler); + PolicyRule *rule = getNext(); if (rule==NULL) return false; + PolicyCompiler_pf *pf_comp = dynamic_cast(compiler); -// RuleElementSrc *src=rule->getSrc(); - RuleElementDst *dst=rule->getDst(); - RuleElementSrv *srv=rule->getSrv(); + RuleElementDst *dst = rule->getDst(); + RuleElementSrv *srv = rule->getSrv(); if (pf_comp->redirect_rules_info==NULL) compiler->abort( @@ -764,41 +764,34 @@ bool PolicyCompiler_pf::addLoopbackForRedirect::processNext() tmp_queue.push_back(rule); - //const list lst = - // pf_comp->natcmp->getRedirRulesInfo(); - if (pf_comp->redirect_rules_info->empty()) return true; -/* - * struct redirectRuleInfo { - * string natrule_label; - * Address *tdst; - * Service *tsrv; - * }; - */ - for (FWObject::iterator i=srv->begin(); i!=srv->end(); i++) { - FWObject *o1= *i; - if (FWReference::cast(o1)!=NULL) o1=FWReference::cast(o1)->getPointer(); - Service *s=Service::cast( o1 ); + FWObject *o1 = FWReference::getObject(*i); + Service *s = Service::cast( o1 ); assert(s); for (FWObject::iterator j=dst->begin(); j!=dst->end(); j++) { - FWObject *o2= *j; - if (FWReference::cast(o2)!=NULL) o2=FWReference::cast(o2)->getPointer(); - Address *a=Address::cast( o2 ); + FWObject *o2 = FWReference::getObject(*j); + Address *a = Address::cast( o2 ); assert(a); list::const_iterator k; for (k=pf_comp->redirect_rules_info->begin(); k!=pf_comp->redirect_rules_info->end(); ++k) { - if ( *a == *(k->old_tdst) && *s == *(k->tsrv) ) + Address *old_tdst_obj = Address::cast( + compiler->dbcopy->findInIndex(k->old_tdst)); + Service *tsrv_obj = Service::cast( + compiler->dbcopy->findInIndex(k->tsrv)); + + if ( *a == *(old_tdst_obj) && *s == *(tsrv_obj) ) { // insert address used for redirection in the NAT rule. - dst->addRef( k->new_tdst ); + FWObject *new_tdst_obj = compiler->dbcopy->findInIndex(k->new_tdst); + dst->addRef(new_tdst_obj); return true; } } @@ -1124,7 +1117,7 @@ void PolicyCompiler_pf::insertCarpRule() IPService* carp_service = IPService::cast(dbcopy->create(IPService::TYPENAME)); carp_service->setComment("CARP service"); carp_service->setProtocolNumber(112); - dbcopy->add(carp_service); + persistent_objects->add(carp_service); FWObjectTypedChildIterator interfaces = fw->findByType(Interface::TYPENAME); for (; interfaces != interfaces.end(); ++interfaces) @@ -1170,7 +1163,7 @@ void PolicyCompiler_pf::insertPfsyncRule() IPService* pfsync_service = IPService::cast(dbcopy->create(IPService::TYPENAME)); pfsync_service->setComment("pfsync service"); pfsync_service->setProtocolNumber(240); - dbcopy->add(pfsync_service); + persistent_objects->add(pfsync_service); FWObjectTypedChildIterator interfaces = fw->findByType(Interface::TYPENAME); for (; interfaces != interfaces.end(); ++interfaces) @@ -1211,4 +1204,7 @@ bool PolicyCompiler_pf::checkForShadowingPlatformSpecific(PolicyRule *, return true; } - +PolicyCompiler_pf::~PolicyCompiler_pf() +{ + // if (tables) tables->detach(); +} diff --git a/src/pflib/PolicyCompiler_pf.h b/src/pflib/PolicyCompiler_pf.h index c9a4840bc..de7fc0a5d 100644 --- a/src/pflib/PolicyCompiler_pf.h +++ b/src/pflib/PolicyCompiler_pf.h @@ -443,6 +443,8 @@ namespace fwcompiler tables = tbf; } + virtual ~PolicyCompiler_pf(); + virtual int prolog(); virtual void compile(); virtual void epilog(); diff --git a/src/pflib/TableFactory.cpp b/src/pflib/TableFactory.cpp index 1cb4b29cd..a8824c95e 100644 --- a/src/pflib/TableFactory.cpp +++ b/src/pflib/TableFactory.cpp @@ -27,13 +27,14 @@ #include "TableFactory.h" -#include "fwbuilder/FWObjectDatabase.h" -#include "fwbuilder/RuleElement.h" -#include "fwbuilder/Interface.h" -#include "fwbuilder/Firewall.h" -#include "fwbuilder/Rule.h" -#include "fwbuilder/DNSName.h" #include "fwbuilder/AddressTable.h" +#include "fwbuilder/DNSName.h" +#include "fwbuilder/FWObjectDatabase.h" +#include "fwbuilder/Firewall.h" +#include "fwbuilder/Interface.h" +#include "fwbuilder/Library.h" +#include "fwbuilder/Rule.h" +#include "fwbuilder/RuleElement.h" #include #include @@ -47,23 +48,26 @@ using namespace libfwbuilder; using namespace fwcompiler; using namespace std; -TableFactory::TableFactory(BaseCompiler *comp) +TableFactory::TableFactory(BaseCompiler *comp, Library *persistent_objects) { compiler = comp; ruleSetName = ""; dbroot = NULL; persistent_tables = new ObjectGroup(); + persistent_tables->setName("PF Tables"); + persistent_objects->add(persistent_tables); } void TableFactory::init(FWObjectDatabase *_dbr) { dbroot = _dbr; - dbroot->add(persistent_tables); - dbroot->addToIndex(persistent_tables); - for (FWObject::iterator i=persistent_tables->begin(); i!=persistent_tables->end(); i++) - { - dbroot->addToIndex(*i); - } + // dbroot->add(persistent_tables); + // persistent_tables->fixTree(); +} + +void TableFactory::detach() +{ + // dbroot->remove(persistent_tables, false); } struct joinIDs : public unary_function @@ -149,8 +153,7 @@ void TableFactory::createTablesForRE(RuleElement *re,Rule *rule) for (FWObject::iterator i=re->begin(); i!=re->end(); i++) { - FWObject *o= *i; - if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); + FWObject *o = FWReference::getObject(*i); tblgrp->addRef( o ); } } @@ -190,11 +193,8 @@ string TableFactory::PrintTables() for (FWObject::iterator i=grp->begin(); i!=grp->end(); i++) { if (i!=grp->begin()) output << ", "; - FWObject *o= *i; - if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer(); - if (o==NULL) - compiler->abort("broken table object "); - + FWObject *o = FWReference::getObject(*i); + if (o==NULL) compiler->abort("broken table object "); MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o); if (atrt!=NULL) diff --git a/src/pflib/TableFactory.h b/src/pflib/TableFactory.h index 65b9c615a..7b4295392 100644 --- a/src/pflib/TableFactory.h +++ b/src/pflib/TableFactory.h @@ -53,9 +53,10 @@ namespace fwcompiler { std::string ruleSetName; public: - TableFactory(BaseCompiler *comp); + TableFactory(BaseCompiler *comp, libfwbuilder::Library *persistent_objects); void init(libfwbuilder::FWObjectDatabase *_dbroot); + void detach(); void setRuleSetName(const std::string &rsn="") { ruleSetName=rsn; } diff --git a/src/pix/pix.cpp b/src/pix/pix.cpp index d2978e250..e94dd9769 100644 --- a/src/pix/pix.cpp +++ b/src/pix/pix.cpp @@ -162,21 +162,23 @@ int main(int argc, char **argv) FWObject *slib = objdb->getById(FWObjectDatabase::STANDARD_LIB_ID); if (slib && slib->isReadOnly()) slib->setReadOnly(false); - CompilerDriver_pix driver(objdb); - if (!driver.prepare(args)) + CompilerDriver_pix *driver = new CompilerDriver_pix(objdb); + if (!driver->prepare(args)) { usage(argv[0]); exit(1); } if (only_print_inspection_code) { - cout << driver.protocolInspectorCommands(); + cout << driver->protocolInspectorCommands(); } else - driver.compile(); + driver->compile(); + int ret = (driver->getStatus() == BaseCompiler::FWCOMPILER_SUCCESS) ? 0 : 1; + delete driver; delete objdb; - return (driver.getStatus() == BaseCompiler::FWCOMPILER_SUCCESS) ? 0 : 1; + return ret; } catch(libfwbuilder::FWException &ex) { diff --git a/src/procurve_acl/procurve_acl.cpp b/src/procurve_acl/procurve_acl.cpp index e8315e3f3..3a84435d5 100644 --- a/src/procurve_acl/procurve_acl.cpp +++ b/src/procurve_acl/procurve_acl.cpp @@ -153,17 +153,20 @@ int main(int argc, char **argv) FWObject *slib = objdb->getById(FWObjectDatabase::STANDARD_LIB_ID); if (slib && slib->isReadOnly()) slib->setReadOnly(false); - CompilerDriver_procurve_acl driver(objdb); - if (!driver.prepare(args)) + CompilerDriver_procurve_acl *driver = new CompilerDriver_procurve_acl(objdb); + if (!driver->prepare(args)) { usage(argv[0]); exit(1); } - driver.compile(); + driver->compile(); + int ret = (driver->getStatus() == BaseCompiler::FWCOMPILER_SUCCESS) ? 0 : 1; + + delete driver; delete objdb; - return (driver.getStatus() == BaseCompiler::FWCOMPILER_SUCCESS) ? 0 : 1; + return ret; } catch(libfwbuilder::FWException &ex) { diff --git a/test/iosacl/auto-interface-test.fw.orig b/test/iosacl/auto-interface-test.fw.orig index 5e8f0f824..8bbf2460a 100755 --- a/test/iosacl/auto-interface-test.fw.orig +++ b/test/iosacl/auto-interface-test.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:38 2011 PST by vadim +! Generated Fri Mar 11 12:19:47 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/c3620.fw.orig b/test/iosacl/c3620.fw.orig index 311daeae6..a7afa6541 100755 --- a/test/iosacl/c3620.fw.orig +++ b/test/iosacl/c3620.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:38 2011 PST by vadim +! Generated Fri Mar 11 12:19:47 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/ccie4u-r1.fw.orig b/test/iosacl/ccie4u-r1.fw.orig index 28c4d0236..573f81046 100755 --- a/test/iosacl/ccie4u-r1.fw.orig +++ b/test/iosacl/ccie4u-r1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:39 2011 PST by vadim +! Generated Fri Mar 11 12:19:48 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/dynamips1-og.fw.orig b/test/iosacl/dynamips1-og.fw.orig index 77941a3ca..40c271293 100755 --- a/test/iosacl/dynamips1-og.fw.orig +++ b/test/iosacl/dynamips1-og.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:39 2011 PST by vadim +! Generated Fri Mar 11 12:19:48 2011 PST by vadim ! ! Compiled for iosacl 12.4 ! diff --git a/test/iosacl/firewall-ipv6-1.fw.orig b/test/iosacl/firewall-ipv6-1.fw.orig index 730412888..74cdc6467 100755 --- a/test/iosacl/firewall-ipv6-1.fw.orig +++ b/test/iosacl/firewall-ipv6-1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:39 2011 PST by vadim +! Generated Fri Mar 11 12:19:48 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/firewall-ipv6-2.fw.orig b/test/iosacl/firewall-ipv6-2.fw.orig index a0a78f568..8f2d11938 100755 --- a/test/iosacl/firewall-ipv6-2.fw.orig +++ b/test/iosacl/firewall-ipv6-2.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:39 2011 PST by vadim +! Generated Fri Mar 11 12:19:48 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/firewall-ipv6-3.fw.orig b/test/iosacl/firewall-ipv6-3.fw.orig index db3dfa505..d3aba1906 100755 --- a/test/iosacl/firewall-ipv6-3.fw.orig +++ b/test/iosacl/firewall-ipv6-3.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:40 2011 PST by vadim +! Generated Fri Mar 11 12:19:49 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/testios1-1.fw.orig b/test/iosacl/testios1-1.fw.orig index 065ea41d6..297b4ab15 100755 --- a/test/iosacl/testios1-1.fw.orig +++ b/test/iosacl/testios1-1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:40 2011 PST by vadim +! Generated Fri Mar 11 12:19:49 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/testios1.fw.orig b/test/iosacl/testios1.fw.orig index c0a48a473..7c0be75b5 100755 --- a/test/iosacl/testios1.fw.orig +++ b/test/iosacl/testios1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:40 2011 PST by vadim +! Generated Fri Mar 11 12:19:49 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/testios2.fw.orig b/test/iosacl/testios2.fw.orig index 82b12733c..475fa4a12 100755 --- a/test/iosacl/testios2.fw.orig +++ b/test/iosacl/testios2.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:40 2011 PST by vadim +! Generated Fri Mar 11 12:19:49 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/testios20-v12.3.fw.orig b/test/iosacl/testios20-v12.3.fw.orig index b1adec0ec..9bb357049 100755 --- a/test/iosacl/testios20-v12.3.fw.orig +++ b/test/iosacl/testios20-v12.3.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:41 2011 PST by vadim +! Generated Fri Mar 11 12:19:49 2011 PST by vadim ! ! Compiled for iosacl 12.3 ! diff --git a/test/iosacl/testios20.fw.orig b/test/iosacl/testios20.fw.orig index 8227b9799..09fac17ef 100755 --- a/test/iosacl/testios20.fw.orig +++ b/test/iosacl/testios20.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:41 2011 PST by vadim +! Generated Fri Mar 11 12:19:49 2011 PST by vadim ! ! Compiled for iosacl 12.4 ! diff --git a/test/iosacl/testios3.fw.orig b/test/iosacl/testios3.fw.orig index dcc3393e3..79e736eef 100755 --- a/test/iosacl/testios3.fw.orig +++ b/test/iosacl/testios3.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:41 2011 PST by vadim +! Generated Fri Mar 11 12:19:50 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/testios4.fw.orig b/test/iosacl/testios4.fw.orig index 079dbed9f..e91a05d21 100755 --- a/test/iosacl/testios4.fw.orig +++ b/test/iosacl/testios4.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:41 2011 PST by vadim +! Generated Fri Mar 11 12:19:50 2011 PST by vadim ! ! Compiled for iosacl 12.4 ! diff --git a/test/iosacl/testios5-1.fw.orig b/test/iosacl/testios5-1.fw.orig index bc5dace1d..a0faec926 100755 --- a/test/iosacl/testios5-1.fw.orig +++ b/test/iosacl/testios5-1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:42 2011 PST by vadim +! Generated Fri Mar 11 12:19:50 2011 PST by vadim ! ! Compiled for iosacl 12.4 ! diff --git a/test/iosacl/testios5.fw.orig b/test/iosacl/testios5.fw.orig index 3060b7821..3584789ac 100755 --- a/test/iosacl/testios5.fw.orig +++ b/test/iosacl/testios5.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3483 +! Firewall Builder fwb_iosacl v4.2.0.3499 ! -! Generated Sun Feb 20 21:26:42 2011 PST by vadim +! Generated Fri Mar 11 12:19:50 2011 PST by vadim ! ! Compiled for iosacl 12.4 ! diff --git a/test/ipt/cluster1_secuwall-1.fw.orig b/test/ipt/cluster1_secuwall-1.fw.orig index 3bc1b19fc..d5394136c 100755 --- a/test/ipt/cluster1_secuwall-1.fw.orig +++ b/test/ipt/cluster1_secuwall-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:33 2011 PST by vadim +# Generated Thu Mar 10 21:52:44 2011 PST by vadim # # files: * cluster1_secuwall-1.fw /etc/cluster1_secuwall-1.fw # @@ -588,7 +588,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:33 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:44 2011 by vadim" log "Database was cluster-tests.fwb" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-base-rulesets.fw.orig b/test/ipt/firewall-base-rulesets.fw.orig index 8e1d7cf39..c398a3db7 100755 --- a/test/ipt/firewall-base-rulesets.fw.orig +++ b/test/ipt/firewall-base-rulesets.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:32 2011 PST by vadim +# Generated Thu Mar 10 21:51:50 2011 PST by vadim # # files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw # @@ -445,7 +445,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:32 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:50 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-1.fw.orig b/test/ipt/firewall-ipv6-1.fw.orig index 05f9d69a0..f8b912283 100755 --- a/test/ipt/firewall-ipv6-1.fw.orig +++ b/test/ipt/firewall-ipv6-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:39 2011 PST by vadim +# Generated Thu Mar 10 21:51:55 2011 PST by vadim # # files: * firewall-ipv6-1.fw /etc/firewall-ipv6-1.fw # @@ -702,7 +702,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:39 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:55 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-2.fw.orig b/test/ipt/firewall-ipv6-2.fw.orig index dde23541b..b80aabd45 100755 --- a/test/ipt/firewall-ipv6-2.fw.orig +++ b/test/ipt/firewall-ipv6-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:43 2011 PST by vadim +# Generated Thu Mar 10 13:14:16 2011 PST by vadim # # files: * firewall-ipv6-2.fw /etc/firewall-ipv6-2.fw # @@ -966,7 +966,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:43 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 13:14:16 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-3.fw.orig b/test/ipt/firewall-ipv6-3.fw.orig index 56bf68800..5b2e27ea4 100755 --- a/test/ipt/firewall-ipv6-3.fw.orig +++ b/test/ipt/firewall-ipv6-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:50 2011 PST by vadim +# Generated Thu Mar 10 21:52:04 2011 PST by vadim # # files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw # @@ -596,7 +596,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:50 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:04 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-4-1.fw.orig b/test/ipt/firewall-ipv6-4-1.fw.orig index b6d84960e..eb014c311 100755 --- a/test/ipt/firewall-ipv6-4-1.fw.orig +++ b/test/ipt/firewall-ipv6-4-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:00 2011 PST by vadim +# Generated Thu Mar 10 21:52:13 2011 PST by vadim # # files: * firewall-ipv6-4-1.fw /etc/firewall-ipv6-4-1.fw # @@ -545,7 +545,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:00 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:13 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-4.fw.orig b/test/ipt/firewall-ipv6-4.fw.orig index 32ca8555a..1aa47e895 100755 --- a/test/ipt/firewall-ipv6-4.fw.orig +++ b/test/ipt/firewall-ipv6-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:52 2011 PST by vadim +# Generated Thu Mar 10 21:52:08 2011 PST by vadim # # files: * firewall-ipv6-4.fw /etc/firewall-ipv6-4.fw # @@ -581,7 +581,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:52 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:08 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-5.fw.orig b/test/ipt/firewall-ipv6-5.fw.orig index 61ba153b2..f885319f8 100755 --- a/test/ipt/firewall-ipv6-5.fw.orig +++ b/test/ipt/firewall-ipv6-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:55 2011 PST by vadim +# Generated Thu Mar 10 21:52:11 2011 PST by vadim # # files: * firewall-ipv6-5.fw /etc/firewall-ipv6-5.fw # @@ -412,7 +412,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:55 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:11 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-6.fw.orig b/test/ipt/firewall-ipv6-6.fw.orig index 55e496f4d..185b4d65d 100755 --- a/test/ipt/firewall-ipv6-6.fw.orig +++ b/test/ipt/firewall-ipv6-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:59 2011 PST by vadim +# Generated Thu Mar 10 21:52:15 2011 PST by vadim # # files: * firewall-ipv6-6.fw /etc/firewall-ipv6-6.fw # @@ -399,7 +399,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:59 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:15 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-7.fw.orig b/test/ipt/firewall-ipv6-7.fw.orig index de79d31ac..77e5db205 100755 --- a/test/ipt/firewall-ipv6-7.fw.orig +++ b/test/ipt/firewall-ipv6-7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:03 2011 PST by vadim +# Generated Thu Mar 10 21:52:16 2011 PST by vadim # # files: * firewall-ipv6-7.fw /etc/firewall-ipv6-7.fw # @@ -443,7 +443,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:03 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:16 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-8.fw.orig b/test/ipt/firewall-ipv6-8.fw.orig index 3dab36154..830b409f2 100755 --- a/test/ipt/firewall-ipv6-8.fw.orig +++ b/test/ipt/firewall-ipv6-8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:05 2011 PST by vadim +# Generated Thu Mar 10 21:52:19 2011 PST by vadim # # files: * firewall-ipv6-8.fw /etc/firewall-ipv6-8.fw # @@ -484,7 +484,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:05 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:19 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig index 2bdf17eee..1f890a608 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:07 2011 PST by vadim +# Generated Thu Mar 10 21:52:20 2011 PST by vadim # # files: * firewall-ipv6-ipt-reset-prolog-after-flush.fw /etc/firewall-ipv6-ipt-reset-prolog-after-flush.fw # @@ -450,7 +450,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:07 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:20 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig index f65875999..c9526badd 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:09 2011 PST by vadim +# Generated Thu Mar 10 21:52:22 2011 PST by vadim # # files: * firewall-ipv6-ipt-reset-prolog-after-interfaces.fw /etc/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw # @@ -450,7 +450,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:09 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:22 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig index e255210c5..279fc5ce5 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:11 2011 PST by vadim +# Generated Thu Mar 10 21:52:24 2011 PST by vadim # # files: * firewall-ipv6-ipt-reset-prolog-top.fw /etc/firewall-ipv6-ipt-reset-prolog-top.fw # @@ -450,7 +450,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:11 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:24 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig b/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig index 131544514..7e2385012 100755 --- a/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:13 2011 PST by vadim +# Generated Thu Mar 10 21:52:26 2011 PST by vadim # # files: * firewall-ipv6-prolog-after-flush.fw /etc/firewall-ipv6-prolog-after-flush.fw # @@ -420,7 +420,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:13 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:26 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig b/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig index b26909eda..5b6bb0a83 100755 --- a/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:15 2011 PST by vadim +# Generated Thu Mar 10 21:52:27 2011 PST by vadim # # files: * firewall-ipv6-prolog-after-interfaces.fw /etc/firewall-ipv6-prolog-after-interfaces.fw # @@ -420,7 +420,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:15 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:27 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-top.fw.orig b/test/ipt/firewall-ipv6-prolog-top.fw.orig index 8c88fff64..caf9bc8b1 100755 --- a/test/ipt/firewall-ipv6-prolog-top.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-top.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:17 2011 PST by vadim +# Generated Thu Mar 10 21:52:29 2011 PST by vadim # # files: * firewall-ipv6-prolog-top.fw /etc/firewall-ipv6-prolog-top.fw # @@ -420,7 +420,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:17 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-server-1-s.fw.orig b/test/ipt/firewall-server-1-s.fw.orig index b18d5e929..a173dc644 100755 --- a/test/ipt/firewall-server-1-s.fw.orig +++ b/test/ipt/firewall-server-1-s.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:18 2011 PST by vadim +# Generated Thu Mar 10 21:52:30 2011 PST by vadim # # files: * firewall-server-1-s.fw /etc/fw/firewall-server-1-s.fw # @@ -393,7 +393,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:18 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:30 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall.fw.orig b/test/ipt/firewall.fw.orig index a543d3d7c..ecfa37338 100755 --- a/test/ipt/firewall.fw.orig +++ b/test/ipt/firewall.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:55:56 2011 PST by vadim +# Generated Thu Mar 10 21:49:22 2011 PST by vadim # # files: * firewall.fw /etc/fw/firewall.fw # @@ -1361,7 +1361,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:55:56 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:22 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall1.fw.orig b/test/ipt/firewall1.fw.orig index 78e1fbee7..a38f01669 100755 --- a/test/ipt/firewall1.fw.orig +++ b/test/ipt/firewall1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:55:58 2011 PST by vadim +# Generated Thu Mar 10 21:49:24 2011 PST by vadim # # files: * firewall1.fw /etc/fw/firewall1.fw # @@ -1252,7 +1252,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:55:58 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:24 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall10.fw.orig b/test/ipt/firewall10.fw.orig index 2a3d046eb..d2cf9939e 100755 --- a/test/ipt/firewall10.fw.orig +++ b/test/ipt/firewall10.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:55:59 2011 PST by vadim +# Generated Thu Mar 10 21:49:25 2011 PST by vadim # # files: * firewall10.fw /etc/fw/firewall10.fw # @@ -473,7 +473,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:55:59 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:25 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall11.fw.orig b/test/ipt/firewall11.fw.orig index cdf1b7455..9e82883fe 100755 --- a/test/ipt/firewall11.fw.orig +++ b/test/ipt/firewall11.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:01 2011 PST by vadim +# Generated Thu Mar 10 21:49:27 2011 PST by vadim # # files: * firewall11.fw /etc/fw/firewall11.fw # @@ -589,7 +589,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:01 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:27 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall12.fw.orig b/test/ipt/firewall12.fw.orig index 260f169a1..d6335011c 100755 --- a/test/ipt/firewall12.fw.orig +++ b/test/ipt/firewall12.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:02 2011 PST by vadim +# Generated Thu Mar 10 21:49:28 2011 PST by vadim # # files: * firewall12.fw /etc/fw/firewall12.fw # @@ -511,7 +511,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:02 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:28 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall13.fw.orig b/test/ipt/firewall13.fw.orig index f879a5530..44c46010d 100755 --- a/test/ipt/firewall13.fw.orig +++ b/test/ipt/firewall13.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:04 2011 PST by vadim +# Generated Thu Mar 10 21:49:29 2011 PST by vadim # # files: * firewall13.fw /etc/fw/firewall13.fw # @@ -385,7 +385,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:04 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall14.fw.orig b/test/ipt/firewall14.fw.orig index 20918d4b1..b6bea7777 100755 --- a/test/ipt/firewall14.fw.orig +++ b/test/ipt/firewall14.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:05 2011 PST by vadim +# Generated Thu Mar 10 21:49:30 2011 PST by vadim # # files: * firewall14.fw /etc/fw/firewall14.fw # @@ -404,7 +404,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:05 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:30 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall15.fw.orig b/test/ipt/firewall15.fw.orig index fe839fcd8..3853be846 100755 --- a/test/ipt/firewall15.fw.orig +++ b/test/ipt/firewall15.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:07 2011 PST by vadim +# Generated Thu Mar 10 21:49:32 2011 PST by vadim # # files: * firewall15.fw /etc/fw/firewall15.fw # @@ -388,7 +388,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:07 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:32 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall16.fw.orig b/test/ipt/firewall16.fw.orig index ab8d8516d..ae8eaaa80 100755 --- a/test/ipt/firewall16.fw.orig +++ b/test/ipt/firewall16.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:08 2011 PST by vadim +# Generated Thu Mar 10 21:49:33 2011 PST by vadim # # files: * firewall16.fw /etc/fw/firewall16.fw # @@ -492,7 +492,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:08 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:33 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall17.fw.orig b/test/ipt/firewall17.fw.orig index 1bcac840a..5e4ed592c 100755 --- a/test/ipt/firewall17.fw.orig +++ b/test/ipt/firewall17.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:10 2011 PST by vadim +# Generated Thu Mar 10 21:49:35 2011 PST by vadim # # files: * firewall17.fw /etc/fw/firewall17.fw # @@ -471,7 +471,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:10 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:35 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall18.fw.orig b/test/ipt/firewall18.fw.orig index d8ee9f83f..02a4241c3 100755 --- a/test/ipt/firewall18.fw.orig +++ b/test/ipt/firewall18.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:11 2011 PST by vadim +# Generated Thu Mar 10 21:49:36 2011 PST by vadim # # files: * firewall18.fw /etc/fw/firewall18.fw # @@ -504,7 +504,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:11 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall19.fw.orig b/test/ipt/firewall19.fw.orig index 206daa53e..377a8a48e 100755 --- a/test/ipt/firewall19.fw.orig +++ b/test/ipt/firewall19.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:13 2011 PST by vadim +# Generated Thu Mar 10 21:49:38 2011 PST by vadim # # files: * firewall19.fw /etc/fw/firewall19.fw # @@ -508,7 +508,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:13 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:38 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall2-1.fw.orig b/test/ipt/firewall2-1.fw.orig index e853b0f1c..b46555dba 100755 --- a/test/ipt/firewall2-1.fw.orig +++ b/test/ipt/firewall2-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:24 2011 PST by vadim +# Generated Thu Mar 10 21:49:47 2011 PST by vadim # # files: * firewall2-1.fw /etc/fw/firewall2-1.fw # @@ -1430,7 +1430,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:24 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:47 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-2.fw.orig b/test/ipt/firewall2-2.fw.orig index e14bca2b8..8061cc43d 100755 --- a/test/ipt/firewall2-2.fw.orig +++ b/test/ipt/firewall2-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:28 2011 PST by vadim +# Generated Thu Mar 10 21:49:51 2011 PST by vadim # # files: * firewall2-2.fw /etc/fw/firewall2-2.fw # @@ -1259,7 +1259,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:28 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:51 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-3.fw.orig b/test/ipt/firewall2-3.fw.orig index 9849a418d..ba8ddc5fd 100755 --- a/test/ipt/firewall2-3.fw.orig +++ b/test/ipt/firewall2-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:31 2011 PST by vadim +# Generated Thu Mar 10 21:49:55 2011 PST by vadim # # files: * firewall2-3.fw /etc/fw/firewall2-3.fw # @@ -1118,7 +1118,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:31 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:55 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-4.fw.orig b/test/ipt/firewall2-4.fw.orig index b4f125dba..cb1af92d4 100755 --- a/test/ipt/firewall2-4.fw.orig +++ b/test/ipt/firewall2-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:35 2011 PST by vadim +# Generated Thu Mar 10 21:49:59 2011 PST by vadim # # files: * firewall2-4.fw /etc/fw/firewall2-4.fw # @@ -424,7 +424,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:35 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:59 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-5.fw.orig b/test/ipt/firewall2-5.fw.orig index ff69fdf0d..cfd2f0404 100755 --- a/test/ipt/firewall2-5.fw.orig +++ b/test/ipt/firewall2-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:38 2011 PST by vadim +# Generated Thu Mar 10 21:50:02 2011 PST by vadim # # files: * firewall2-5.fw /etc/fw/firewall2-5.fw # @@ -455,7 +455,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:38 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:02 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-6.fw.orig b/test/ipt/firewall2-6.fw.orig index 4c3b2df1c..fdd964449 100755 --- a/test/ipt/firewall2-6.fw.orig +++ b/test/ipt/firewall2-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:43 2011 PST by vadim +# Generated Thu Mar 10 21:50:05 2011 PST by vadim # # files: * firewall2-6.fw /etc/fw/firewall2-6.fw # @@ -482,7 +482,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:43 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:05 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-7.fw.orig b/test/ipt/firewall2-7.fw.orig index 2e37aba33..83d228d3e 100755 --- a/test/ipt/firewall2-7.fw.orig +++ b/test/ipt/firewall2-7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:46 2011 PST by vadim +# Generated Thu Mar 10 21:50:09 2011 PST by vadim # # files: * firewall2-7.fw /etc/fw/firewall2-7.fw # @@ -424,7 +424,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:46 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:09 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2.fw.orig b/test/ipt/firewall2.fw.orig index e5c280c76..612616576 100755 --- a/test/ipt/firewall2.fw.orig +++ b/test/ipt/firewall2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:16 2011 PST by vadim +# Generated Thu Mar 10 21:49:40 2011 PST by vadim # # files: * firewall2.fw /etc/fw/firewall2.fw # @@ -1482,7 +1482,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:16 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:40 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall20-ipv6.fw.orig b/test/ipt/firewall20-ipv6.fw.orig index 1fe56f354..e8149716a 100755 --- a/test/ipt/firewall20-ipv6.fw.orig +++ b/test/ipt/firewall20-ipv6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:19 2011 PST by vadim +# Generated Thu Mar 10 21:49:43 2011 PST by vadim # # files: * firewall20-ipv6.fw /etc/fw/firewall20-ipv6.fw # @@ -456,7 +456,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:19 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:43 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall20.fw.orig b/test/ipt/firewall20.fw.orig index 2cafa38e1..da74488c5 100755 --- a/test/ipt/firewall20.fw.orig +++ b/test/ipt/firewall20.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:16 2011 PST by vadim +# Generated Thu Mar 10 21:49:41 2011 PST by vadim # # files: * firewall20.fw /etc/fw/firewall20.fw # @@ -674,7 +674,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:16 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:41 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall21-1.fw.orig b/test/ipt/firewall21-1.fw.orig index 149936b0f..287e5bbb3 100755 --- a/test/ipt/firewall21-1.fw.orig +++ b/test/ipt/firewall21-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:23 2011 PST by vadim +# Generated Thu Mar 10 21:49:47 2011 PST by vadim # # files: * firewall21-1.fw /etc/fw/firewall21-1.fw # @@ -470,7 +470,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:23 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:47 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall21.fw.orig b/test/ipt/firewall21.fw.orig index 51f0a7299..3005e67f7 100755 --- a/test/ipt/firewall21.fw.orig +++ b/test/ipt/firewall21.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:20 2011 PST by vadim +# Generated Thu Mar 10 21:49:44 2011 PST by vadim # # files: * firewall21.fw /etc/fw/firewall21.fw # @@ -469,7 +469,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:20 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:44 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall22.fw.orig b/test/ipt/firewall22.fw.orig index 06ccfe4dd..b597adbe9 100755 --- a/test/ipt/firewall22.fw.orig +++ b/test/ipt/firewall22.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:26 2011 PST by vadim +# Generated Thu Mar 10 21:49:50 2011 PST by vadim # # files: * firewall22.fw /etc/fw/firewall22.fw # @@ -390,7 +390,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:26 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:50 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall23-1.fw.orig b/test/ipt/firewall23-1.fw.orig index e66e776f0..5e6263f11 100755 --- a/test/ipt/firewall23-1.fw.orig +++ b/test/ipt/firewall23-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:32 2011 PST by vadim +# Generated Thu Mar 10 21:49:56 2011 PST by vadim # # files: * firewall23-1.fw /etc/fw/firewall23-1.fw # @@ -561,7 +561,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:32 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:56 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall23.fw.orig b/test/ipt/firewall23.fw.orig index d08eadd4e..d28947a0b 100755 --- a/test/ipt/firewall23.fw.orig +++ b/test/ipt/firewall23.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:29 2011 PST by vadim +# Generated Thu Mar 10 21:49:53 2011 PST by vadim # # files: * firewall23.fw /etc/fw/firewall23.fw # @@ -476,7 +476,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:29 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:53 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall24.fw.orig b/test/ipt/firewall24.fw.orig index e8bb44e14..154eedd83 100755 --- a/test/ipt/firewall24.fw.orig +++ b/test/ipt/firewall24.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:35 2011 PST by vadim +# Generated Thu Mar 10 21:49:58 2011 PST by vadim # # files: * firewall24.fw /etc/fw/firewall24.fw # @@ -493,7 +493,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:35 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:49:58 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall25.fw.orig b/test/ipt/firewall25.fw.orig index 089ce49d2..3efa89d71 100755 --- a/test/ipt/firewall25.fw.orig +++ b/test/ipt/firewall25.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:39 2011 PST by vadim +# Generated Thu Mar 10 21:50:02 2011 PST by vadim # # files: * firewall25.fw /etc/fw/firewall25.fw # @@ -689,7 +689,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:39 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:02 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall26.fw.orig b/test/ipt/firewall26.fw.orig index 70400bcac..bb32e7f7a 100755 --- a/test/ipt/firewall26.fw.orig +++ b/test/ipt/firewall26.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:42 2011 PST by vadim +# Generated Thu Mar 10 21:50:05 2011 PST by vadim # # files: * firewall26.fw /etc/fw/firewall26.fw # @@ -562,7 +562,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:42 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:05 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall27.fw.orig b/test/ipt/firewall27.fw.orig index f88fdf97d..412b720c1 100755 --- a/test/ipt/firewall27.fw.orig +++ b/test/ipt/firewall27.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:45 2011 PST by vadim +# Generated Thu Mar 10 21:50:08 2011 PST by vadim # # files: * firewall27.fw /etc/fw/firewall27.fw # @@ -546,7 +546,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:45 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:08 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall28.fw.orig b/test/ipt/firewall28.fw.orig index a73eb26d0..c5413f2b3 100755 --- a/test/ipt/firewall28.fw.orig +++ b/test/ipt/firewall28.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:48 2011 PST by vadim +# Generated Thu Mar 10 21:50:11 2011 PST by vadim # # files: * firewall28.fw /etc/fw/firewall28.fw # @@ -409,7 +409,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:48 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:11 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall29.fw.orig b/test/ipt/firewall29.fw.orig index 35ca810cd..5af1ca96f 100755 --- a/test/ipt/firewall29.fw.orig +++ b/test/ipt/firewall29.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:49 2011 PST by vadim +# Generated Thu Mar 10 21:50:12 2011 PST by vadim # # files: * firewall29.fw /etc/fw/firewall29.fw # @@ -440,7 +440,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:49 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:12 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall3.fw.orig b/test/ipt/firewall3.fw.orig index ef8224dc1..d367c6e2f 100755 --- a/test/ipt/firewall3.fw.orig +++ b/test/ipt/firewall3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:51 2011 PST by vadim +# Generated Thu Mar 10 21:50:14 2011 PST by vadim # # files: * firewall3.fw /etc/fw/firewall3.fw # @@ -578,7 +578,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:51 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:14 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall30.fw.orig b/test/ipt/firewall30.fw.orig index 5036737fa..bab600d8e 100755 --- a/test/ipt/firewall30.fw.orig +++ b/test/ipt/firewall30.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:52 2011 PST by vadim +# Generated Thu Mar 10 21:50:15 2011 PST by vadim # # files: * firewall30.fw /etc/fw/firewall30.fw # @@ -375,7 +375,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:52 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:15 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall31.fw.orig b/test/ipt/firewall31.fw.orig index 1722399fc..998bd6125 100755 --- a/test/ipt/firewall31.fw.orig +++ b/test/ipt/firewall31.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:54 2011 PST by vadim +# Generated Thu Mar 10 21:50:17 2011 PST by vadim # # files: * firewall31.fw /etc/fw/firewall31.fw # @@ -445,7 +445,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:54 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:17 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall32.fw.orig b/test/ipt/firewall32.fw.orig index 7660c652d..addfa1e1d 100755 --- a/test/ipt/firewall32.fw.orig +++ b/test/ipt/firewall32.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:56:55 2011 PST by vadim +# Generated Thu Mar 10 21:50:18 2011 PST by vadim # # files: * firewall32.fw /etc/fw/firewall32.fw # @@ -416,7 +416,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:56:55 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:18 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall33-1.fw.orig b/test/ipt/firewall33-1.fw.orig index ff9d3caed..09c2fc2ed 100755 --- a/test/ipt/firewall33-1.fw.orig +++ b/test/ipt/firewall33-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:02 2011 PST by vadim +# Generated Thu Mar 10 21:50:24 2011 PST by vadim # # files: * firewall33-1.fw /etc/fw/firewall33-1.fw # @@ -395,11 +395,11 @@ script_body() { # $IPTABLES -N Cid438728A918346.0 $IPTABLES -A Policy -m state --state NEW -j Cid438728A918346.0 - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.80 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.81 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.82 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.83 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.84 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.16 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.17 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.18 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.19 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.20 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN @@ -525,7 +525,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:02 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:24 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall33.fw.orig b/test/ipt/firewall33.fw.orig index b659cb694..ebb880c7f 100755 --- a/test/ipt/firewall33.fw.orig +++ b/test/ipt/firewall33.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:02 2011 PST by vadim +# Generated Thu Mar 10 21:50:24 2011 PST by vadim # # files: * firewall33.fw /etc/fw/firewall33.fw # @@ -443,11 +443,11 @@ script_body() { $IPTABLES -A OUTPUT -m state --state NEW -j Cid438728A918346.0 $IPTABLES -A INPUT -m state --state NEW -j Cid438728A918346.0 $IPTABLES -A FORWARD -m state --state NEW -j Cid438728A918346.0 - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.80 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.81 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.82 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.83 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.84 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.16 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.17 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.18 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.19 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.224.20 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN @@ -572,7 +572,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:02 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:24 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall34.fw.orig b/test/ipt/firewall34.fw.orig index cf9a083a1..385405454 100755 --- a/test/ipt/firewall34.fw.orig +++ b/test/ipt/firewall34.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:06 2011 PST by vadim +# Generated Thu Mar 10 21:50:28 2011 PST by vadim # # files: * firewall34.fw /etc/fw/firewall34.fw # @@ -648,7 +648,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:06 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:28 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall35.fw.orig b/test/ipt/firewall35.fw.orig index ee7033e7d..0743ac300 100755 --- a/test/ipt/firewall35.fw.orig +++ b/test/ipt/firewall35.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:06 2011 PST by vadim +# Generated Thu Mar 10 21:50:28 2011 PST by vadim # # files: * firewall35.fw /etc/fw/firewall35.fw # @@ -540,7 +540,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:06 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:28 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36-1.fw.orig b/test/ipt/firewall36-1.fw.orig index 705fcebc7..284aba934 100755 --- a/test/ipt/firewall36-1.fw.orig +++ b/test/ipt/firewall36-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:09 2011 PST by vadim +# Generated Thu Mar 10 21:50:31 2011 PST by vadim # # files: * firewall36-1.fw /etc/firewall36-1.fw # @@ -433,7 +433,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:09 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:31 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36-2.fw.orig b/test/ipt/firewall36-2.fw.orig index 1b582a26f..c8cca7b9c 100755 --- a/test/ipt/firewall36-2.fw.orig +++ b/test/ipt/firewall36-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:13 2011 PST by vadim +# Generated Thu Mar 10 21:50:34 2011 PST by vadim # # files: * firewall36-2.fw /etc/firewall36-2.fw # @@ -433,7 +433,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:13 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:34 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36.fw.orig b/test/ipt/firewall36.fw.orig index 739401798..82c193728 100755 --- a/test/ipt/firewall36.fw.orig +++ b/test/ipt/firewall36.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:09 2011 PST by vadim +# Generated Thu Mar 10 21:50:31 2011 PST by vadim # # files: * firewall36.fw /etc/firewall36.fw # @@ -535,7 +535,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:09 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:31 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall37-1.fw.orig b/test/ipt/firewall37-1.fw.orig index 9967c2d62..5aa632fb7 100755 --- a/test/ipt/firewall37-1.fw.orig +++ b/test/ipt/firewall37-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:16 2011 PST by vadim +# Generated Thu Mar 10 21:50:37 2011 PST by vadim # # files: * firewall37-1.fw /etc/fw/firewall37-1.fw # @@ -769,7 +769,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:16 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:37 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall37.fw.orig b/test/ipt/firewall37.fw.orig index 708564f00..bc27c009a 100755 --- a/test/ipt/firewall37.fw.orig +++ b/test/ipt/firewall37.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:18 2011 PST by vadim +# Generated Thu Mar 10 21:50:39 2011 PST by vadim # # files: * firewall37.fw /etc/fw/firewall37.fw # @@ -1050,7 +1050,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:18 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:39 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall38.fw.orig b/test/ipt/firewall38.fw.orig index 64ebe6f55..c5dbf8a85 100755 --- a/test/ipt/firewall38.fw.orig +++ b/test/ipt/firewall38.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:19 2011 PST by vadim +# Generated Thu Mar 10 21:50:40 2011 PST by vadim # # files: * firewall38.fw /etc/fw/firewall38.fw # @@ -498,7 +498,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:19 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:40 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall39.fw.orig b/test/ipt/firewall39.fw.orig index 6af5a36de..612aedc19 100755 --- a/test/ipt/firewall39.fw.orig +++ b/test/ipt/firewall39.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:25 2011 PST by vadim +# Generated Thu Mar 10 21:50:46 2011 PST by vadim # # files: * firewall39.fw /etc/fw/firewall39.fw # @@ -895,7 +895,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:25 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:46 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall4.fw.orig b/test/ipt/firewall4.fw.orig index 419e5e69a..397329955 100755 --- a/test/ipt/firewall4.fw.orig +++ b/test/ipt/firewall4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:23 2011 PST by vadim +# Generated Thu Mar 10 21:50:43 2011 PST by vadim # # files: * firewall4.fw /etc/fw/firewall4.fw # @@ -710,7 +710,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:23 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:43 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40-1.fw.orig b/test/ipt/firewall40-1.fw.orig index 7db3582e8..98a91ec1a 100755 --- a/test/ipt/firewall40-1.fw.orig +++ b/test/ipt/firewall40-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:29 2011 PST by vadim +# Generated Thu Mar 10 21:50:50 2011 PST by vadim # # files: * firewall40-1.fw /etc/firewall40-1.fw # @@ -450,7 +450,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:29 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:50 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40-2.fw.orig b/test/ipt/firewall40-2.fw.orig index a185eb653..ff62cb379 100755 --- a/test/ipt/firewall40-2.fw.orig +++ b/test/ipt/firewall40-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:29 2011 PST by vadim +# Generated Thu Mar 10 21:50:50 2011 PST by vadim # # files: * firewall40-2.fw /etc/firewall40-2.fw # @@ -437,7 +437,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:29 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:50 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40.fw.orig b/test/ipt/firewall40.fw.orig index 0a834d6ae..9e0cabb6a 100755 --- a/test/ipt/firewall40.fw.orig +++ b/test/ipt/firewall40.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:26 2011 PST by vadim +# Generated Thu Mar 10 21:50:46 2011 PST by vadim # # files: * firewall40.fw /etc/firewall40.fw # @@ -439,7 +439,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:26 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:46 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall41-1.fw.orig b/test/ipt/firewall41-1.fw.orig index 4d4e51f59..ce551129d 100755 --- a/test/ipt/firewall41-1.fw.orig +++ b/test/ipt/firewall41-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:33 2011 PST by vadim +# Generated Thu Mar 10 21:50:53 2011 PST by vadim # # files: * firewall41-1.fw /etc/firewall41-1.fw # @@ -575,7 +575,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:33 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:53 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall41.fw.orig b/test/ipt/firewall41.fw.orig index 6ae4f97aa..f3b6d186f 100755 --- a/test/ipt/firewall41.fw.orig +++ b/test/ipt/firewall41.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:32 2011 PST by vadim +# Generated Thu Mar 10 21:50:53 2011 PST by vadim # # files: * firewall41.fw /etc/firewall41.fw # @@ -393,7 +393,7 @@ script_body() { echo "Rule 6 (global)" # $IPTABLES -N RULE_6 - $IPTABLES -A OUTPUT -d 208.68.143.50 -j RULE_6 + $IPTABLES -A OUTPUT -d 208.68.139.38 -j RULE_6 $IPTABLES -A RULE_6 -j LOG --log-level info --log-prefix "RULE 6 -- DENY " $IPTABLES -A RULE_6 -j DROP } @@ -451,7 +451,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:32 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:53 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall42.fw.orig b/test/ipt/firewall42.fw.orig index 11ac7c523..5ff85aa43 100755 --- a/test/ipt/firewall42.fw.orig +++ b/test/ipt/firewall42.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:36 2011 PST by vadim +# Generated Thu Mar 10 21:50:57 2011 PST by vadim # # files: * firewall42.fw /etc/fw/firewall42.fw # @@ -382,7 +382,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:36 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:57 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall5.fw.orig b/test/ipt/firewall5.fw.orig index be1810a4d..538d71fe1 100755 --- a/test/ipt/firewall5.fw.orig +++ b/test/ipt/firewall5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:39 2011 PST by vadim +# Generated Thu Mar 10 21:51:00 2011 PST by vadim # # files: * firewall5.fw /etc/fw/firewall5.fw # @@ -622,7 +622,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:39 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:00 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall50.fw.orig b/test/ipt/firewall50.fw.orig index e35ede8e6..41406d09a 100755 --- a/test/ipt/firewall50.fw.orig +++ b/test/ipt/firewall50.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:40 2011 PST by vadim +# Generated Thu Mar 10 21:51:01 2011 PST by vadim # # files: * firewall50.fw /etc/fw/firewall50.fw # @@ -407,7 +407,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:40 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:01 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall51.fw.orig b/test/ipt/firewall51.fw.orig index 8c3328408..f1b4dcb98 100755 --- a/test/ipt/firewall51.fw.orig +++ b/test/ipt/firewall51.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:46 2011 PST by vadim +# Generated Thu Mar 10 21:51:06 2011 PST by vadim # # files: * firewall51.fw /etc/fw/firewall51.fw # @@ -491,7 +491,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:46 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:06 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall6.fw.orig b/test/ipt/firewall6.fw.orig index ce0acf09f..002c85fec 100755 --- a/test/ipt/firewall6.fw.orig +++ b/test/ipt/firewall6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:43 2011 PST by vadim +# Generated Thu Mar 10 21:51:04 2011 PST by vadim # # files: * firewall6.fw /etc/fw/firewall6.fw # @@ -513,7 +513,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:43 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:04 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall60.fw.orig b/test/ipt/firewall60.fw.orig index c55bb8c0d..0db46b85f 100755 --- a/test/ipt/firewall60.fw.orig +++ b/test/ipt/firewall60.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:46 2011 PST by vadim +# Generated Thu Mar 10 21:51:07 2011 PST by vadim # # files: * firewall60.fw /etc/firewall60.fw # @@ -419,7 +419,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:46 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:07 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.2.5.fw.orig b/test/ipt/firewall61-1.2.5.fw.orig index c49641a52..622c57ca9 100755 --- a/test/ipt/firewall61-1.2.5.fw.orig +++ b/test/ipt/firewall61-1.2.5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:49 2011 PST by vadim +# Generated Thu Mar 10 21:51:10 2011 PST by vadim # # files: * firewall61-1.2.5.fw /etc/firewall61-1.2.5.fw # @@ -499,7 +499,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:49 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:10 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.2.6.fw.orig b/test/ipt/firewall61-1.2.6.fw.orig index 157024c91..56cb6bd85 100755 --- a/test/ipt/firewall61-1.2.6.fw.orig +++ b/test/ipt/firewall61-1.2.6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:51 2011 PST by vadim +# Generated Thu Mar 10 21:51:11 2011 PST by vadim # # files: * firewall61-1.2.6.fw /etc/firewall61-1.2.6.fw # @@ -505,7 +505,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:51 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:11 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.3.x.fw.orig b/test/ipt/firewall61-1.3.x.fw.orig index d9c8f702e..91bbd67ca 100755 --- a/test/ipt/firewall61-1.3.x.fw.orig +++ b/test/ipt/firewall61-1.3.x.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:54 2011 PST by vadim +# Generated Thu Mar 10 21:51:14 2011 PST by vadim # # files: * firewall61-1.3.x.fw /etc/firewall61-1.3.x.fw # @@ -492,7 +492,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:54 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:14 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.4.fw.orig b/test/ipt/firewall61-1.4.fw.orig index 291cfc26b..60db55eaf 100755 --- a/test/ipt/firewall61-1.4.fw.orig +++ b/test/ipt/firewall61-1.4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:55 2011 PST by vadim +# Generated Thu Mar 10 21:51:14 2011 PST by vadim # # files: * firewall61-1.4.fw /etc/firewall61-1.4.fw # @@ -493,7 +493,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:55 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:14 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall62.fw.orig b/test/ipt/firewall62.fw.orig index 587b3462f..af7cc2deb 100755 --- a/test/ipt/firewall62.fw.orig +++ b/test/ipt/firewall62.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:57 2011 PST by vadim +# Generated Thu Mar 10 21:51:17 2011 PST by vadim # # files: * firewall62.fw /etc/firewall62.fw # @@ -569,7 +569,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:57 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:17 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall63.fw.orig b/test/ipt/firewall63.fw.orig index 1fcce2f23..4e5e50fda 100755 --- a/test/ipt/firewall63.fw.orig +++ b/test/ipt/firewall63.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:58 2011 PST by vadim +# Generated Thu Mar 10 21:51:17 2011 PST by vadim # # files: * firewall63.fw /etc/firewall63.fw # @@ -389,7 +389,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:57:58 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:17 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall7.fw.orig b/test/ipt/firewall7.fw.orig index b152cd17d..2f8f0ee5d 100755 --- a/test/ipt/firewall7.fw.orig +++ b/test/ipt/firewall7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:00 2011 PST by vadim +# Generated Thu Mar 10 21:51:19 2011 PST by vadim # # files: * firewall7.fw /etc/fw/firewall7.fw # @@ -473,7 +473,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:00 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:19 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall70.fw.orig b/test/ipt/firewall70.fw.orig index 9debc993d..93d3837f3 100755 --- a/test/ipt/firewall70.fw.orig +++ b/test/ipt/firewall70.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:02 2011 PST by vadim +# Generated Thu Mar 10 21:51:21 2011 PST by vadim # # files: * firewall70.fw iptables.sh # @@ -412,7 +412,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:02 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:21 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall71.fw.orig b/test/ipt/firewall71.fw.orig index 6fb9fda73..352df2855 100755 --- a/test/ipt/firewall71.fw.orig +++ b/test/ipt/firewall71.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:04 2011 PST by vadim +# Generated Thu Mar 10 21:51:23 2011 PST by vadim # # files: * firewall71.fw /etc/fw/firewall71.fw # @@ -428,7 +428,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:04 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:23 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall72-1.3.x.fw.orig b/test/ipt/firewall72-1.3.x.fw.orig index 33938f893..82cac0e40 100755 --- a/test/ipt/firewall72-1.3.x.fw.orig +++ b/test/ipt/firewall72-1.3.x.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:05 2011 PST by vadim +# Generated Thu Mar 10 21:51:24 2011 PST by vadim # # files: * firewall72-1.3.x.fw /etc/fw/firewall72-1.3.x.fw # @@ -560,7 +560,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:05 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:24 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall72-1.4.3.fw.orig b/test/ipt/firewall72-1.4.3.fw.orig index 381b38c09..e0b957fe4 100755 --- a/test/ipt/firewall72-1.4.3.fw.orig +++ b/test/ipt/firewall72-1.4.3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:07 2011 PST by vadim +# Generated Thu Mar 10 21:51:26 2011 PST by vadim # # files: * firewall72-1.4.3.fw /etc/fw/firewall72-1.4.3.fw # @@ -560,7 +560,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:07 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:26 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall73.fw.orig b/test/ipt/firewall73.fw.orig index 5b350741c..ec4a7f18e 100755 --- a/test/ipt/firewall73.fw.orig +++ b/test/ipt/firewall73.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:08 2011 PST by vadim +# Generated Thu Mar 10 21:51:27 2011 PST by vadim # # files: * firewall73.fw /etc/fw/firewall73.fw # @@ -523,7 +523,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:08 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:27 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall74.fw.orig b/test/ipt/firewall74.fw.orig index 254f43c74..d3d9bfba6 100755 --- a/test/ipt/firewall74.fw.orig +++ b/test/ipt/firewall74.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:10 2011 PST by vadim +# Generated Thu Mar 10 21:51:29 2011 PST by vadim # # files: * firewall74.fw /etc/fw/firewall74.fw # @@ -375,7 +375,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:10 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall8.fw.orig b/test/ipt/firewall8.fw.orig index 9f03f6116..df0811f1d 100755 --- a/test/ipt/firewall8.fw.orig +++ b/test/ipt/firewall8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:11 2011 PST by vadim +# Generated Thu Mar 10 21:51:30 2011 PST by vadim # # files: * firewall8.fw /etc/fw/firewall8.fw # @@ -358,7 +358,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:11 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:30 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall80.fw.orig b/test/ipt/firewall80.fw.orig index 8d2e09db1..c3d44af7b 100755 --- a/test/ipt/firewall80.fw.orig +++ b/test/ipt/firewall80.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:13 2011 PST by vadim +# Generated Thu Mar 10 21:51:32 2011 PST by vadim # # files: * firewall80.fw /etc/fw/firewall80.fw # @@ -399,7 +399,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:13 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:32 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall81.fw.orig b/test/ipt/firewall81.fw.orig index c76fb8a68..69a2caba6 100755 --- a/test/ipt/firewall81.fw.orig +++ b/test/ipt/firewall81.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:15 2011 PST by vadim +# Generated Thu Mar 10 21:51:34 2011 PST by vadim # # files: * firewall81.fw /etc/fw/firewall81.fw # @@ -420,7 +420,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:15 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:34 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82.fw.orig b/test/ipt/firewall82.fw.orig index 32b497989..03a240b2f 100755 --- a/test/ipt/firewall82.fw.orig +++ b/test/ipt/firewall82.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:17 2011 PST by vadim +# Generated Thu Mar 10 21:51:36 2011 PST by vadim # # files: * firewall82.fw /etc/firewall82.fw # @@ -411,7 +411,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:17 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82_A.fw.orig b/test/ipt/firewall82_A.fw.orig index 3b6ffe32b..9ea603ccb 100755 --- a/test/ipt/firewall82_A.fw.orig +++ b/test/ipt/firewall82_A.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:19 2011 PST by vadim +# Generated Thu Mar 10 21:51:37 2011 PST by vadim # # files: * firewall82_A.fw /etc/fw/firewall82_A.fw # @@ -400,7 +400,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:19 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:37 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82_B.fw.orig b/test/ipt/firewall82_B.fw.orig index 2fd7f181b..cc5e36dd3 100755 --- a/test/ipt/firewall82_B.fw.orig +++ b/test/ipt/firewall82_B.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:20 2011 PST by vadim +# Generated Thu Mar 10 21:51:39 2011 PST by vadim # # files: * firewall82_B.fw /etc/fw/firewall82_B.fw # @@ -363,7 +363,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:20 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:39 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall9.fw.orig b/test/ipt/firewall9.fw.orig index b6d878047..d4f5a85d2 100755 --- a/test/ipt/firewall9.fw.orig +++ b/test/ipt/firewall9.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:23 2011 PST by vadim +# Generated Thu Mar 10 21:51:40 2011 PST by vadim # # files: * firewall9.fw /etc/fw/firewall9.fw # @@ -621,7 +621,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:23 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:40 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall90.fw.orig b/test/ipt/firewall90.fw.orig index a31766baf..a3382d8f4 100755 --- a/test/ipt/firewall90.fw.orig +++ b/test/ipt/firewall90.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:24 2011 PST by vadim +# Generated Thu Mar 10 21:51:41 2011 PST by vadim # # files: * firewall90.fw /etc/fw/firewall90.fw # @@ -383,7 +383,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:24 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:41 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall91.fw.orig b/test/ipt/firewall91.fw.orig index feafda749..e9f82d53b 100755 --- a/test/ipt/firewall91.fw.orig +++ b/test/ipt/firewall91.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:26 2011 PST by vadim +# Generated Thu Mar 10 21:51:43 2011 PST by vadim # # files: * firewall91.fw /etc/fw/firewall91.fw # @@ -383,7 +383,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:26 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:43 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall92.fw.orig b/test/ipt/firewall92.fw.orig index adb8888eb..dc71a4c31 100755 --- a/test/ipt/firewall92.fw.orig +++ b/test/ipt/firewall92.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:27 2011 PST by vadim +# Generated Thu Mar 10 21:51:45 2011 PST by vadim # # files: * firewall92.fw /etc/fw/firewall92.fw # @@ -419,7 +419,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:27 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:45 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall93.fw.orig b/test/ipt/firewall93.fw.orig index ef8e39de3..cbcbd0e66 100755 --- a/test/ipt/firewall93.fw.orig +++ b/test/ipt/firewall93.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:58:29 2011 PST by vadim +# Generated Thu Mar 10 21:51:47 2011 PST by vadim # # files: * firewall93.fw /etc/fw/firewall93.fw # @@ -458,7 +458,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:58:29 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:51:47 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fw-A.fw.orig b/test/ipt/fw-A.fw.orig index 326ff8c3e..39ad7b25e 100755 --- a/test/ipt/fw-A.fw.orig +++ b/test/ipt/fw-A.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:21 2011 PST by vadim +# Generated Thu Mar 10 21:52:33 2011 PST by vadim # # files: * fw-A.fw /sw/FWbuilder/fw-A.fw # @@ -724,7 +724,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:21 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:33 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fw1.fw.orig b/test/ipt/fw1.fw.orig index 86c663080..08e8f0c5c 100755 --- a/test/ipt/fw1.fw.orig +++ b/test/ipt/fw1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:20 2011 PST by vadim +# Generated Thu Mar 10 21:52:33 2011 PST by vadim # # files: * fw1.fw /etc/fw1.fw # @@ -525,7 +525,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:20 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:33 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fwbuilder.fw.orig b/test/ipt/fwbuilder.fw.orig index d84168d6f..1444fc920 100755 --- a/test/ipt/fwbuilder.fw.orig +++ b/test/ipt/fwbuilder.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:57:36 2011 PST by vadim +# Generated Thu Mar 10 21:50:57 2011 PST by vadim # # files: * fwbuilder.fw /etc/init.d/fwbuilder.fw # @@ -483,7 +483,7 @@ status_action() { } start() { - log "Activating firewall script generated Tue Mar 8 18:57:36 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:50:57 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig b/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig index ee364f09c..1d90f1a1d 100755 --- a/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig +++ b/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:35 2011 PST by vadim +# Generated Thu Mar 10 21:52:45 2011 PST by vadim # # files: * heartbeat_cluster_1_d_linux-1-d.fw firewall.sh # @@ -722,7 +722,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:35 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:45 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig b/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig index 72f1d76ae..2e761a274 100755 --- a/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig +++ b/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:35 2011 PST by vadim +# Generated Thu Mar 10 21:52:46 2011 PST by vadim # # files: * heartbeat_cluster_1_d_linux-2-d.fw firewall.sh # @@ -726,7 +726,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:35 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:46 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_linux-1.fw.orig b/test/ipt/heartbeat_cluster_1_linux-1.fw.orig index bcdb77475..19b37c19f 100755 --- a/test/ipt/heartbeat_cluster_1_linux-1.fw.orig +++ b/test/ipt/heartbeat_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:34 2011 PST by vadim +# Generated Thu Mar 10 21:52:44 2011 PST by vadim # # files: * heartbeat_cluster_1_linux-1.fw /etc/heartbeat_cluster_1_linux-1.fw # @@ -843,7 +843,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:34 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:44 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_linux-2.fw.orig b/test/ipt/heartbeat_cluster_1_linux-2.fw.orig index 754d51d7c..0dc783fbb 100755 --- a/test/ipt/heartbeat_cluster_1_linux-2.fw.orig +++ b/test/ipt/heartbeat_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:34 2011 PST by vadim +# Generated Thu Mar 10 21:52:45 2011 PST by vadim # # files: * heartbeat_cluster_1_linux-2.fw /etc/heartbeat_cluster_1_linux-2.fw # @@ -741,7 +741,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:34 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:45 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_2_linux-1.fw.orig b/test/ipt/heartbeat_cluster_2_linux-1.fw.orig index dc5f2e5c5..4e1b8dfc6 100755 --- a/test/ipt/heartbeat_cluster_2_linux-1.fw.orig +++ b/test/ipt/heartbeat_cluster_2_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:36 2011 PST by vadim +# Generated Thu Mar 10 21:52:46 2011 PST by vadim # # files: * heartbeat_cluster_2_linux-1.fw /etc/heartbeat_cluster_2_linux-1.fw # @@ -707,7 +707,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:36 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:46 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_2_linux-2.fw.orig b/test/ipt/heartbeat_cluster_2_linux-2.fw.orig index fb77c3c25..8355f47fa 100755 --- a/test/ipt/heartbeat_cluster_2_linux-2.fw.orig +++ b/test/ipt/heartbeat_cluster_2_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:36 2011 PST by vadim +# Generated Thu Mar 10 21:52:46 2011 PST by vadim # # files: * heartbeat_cluster_2_linux-2.fw /etc/heartbeat_cluster_2_linux-2.fw # @@ -620,7 +620,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:36 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:46 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/host.fw.orig b/test/ipt/host.fw.orig index 2202735ff..21da12c1d 100755 --- a/test/ipt/host.fw.orig +++ b/test/ipt/host.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:23 2011 PST by vadim +# Generated Thu Mar 10 21:52:36 2011 PST by vadim # # files: * host.fw /etc/fw/host.fw # @@ -422,7 +422,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:23 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/openais_cluster_1_linux-1.fw.orig b/test/ipt/openais_cluster_1_linux-1.fw.orig index de166f90a..6ec57496c 100755 --- a/test/ipt/openais_cluster_1_linux-1.fw.orig +++ b/test/ipt/openais_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:36 2011 PST by vadim +# Generated Thu Mar 10 21:52:47 2011 PST by vadim # # files: * openais_cluster_1_linux-1.fw /etc/openais_cluster_1_linux-1.fw # @@ -707,7 +707,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:36 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:47 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/openais_cluster_1_linux-2.fw.orig b/test/ipt/openais_cluster_1_linux-2.fw.orig index a6fde4918..902a555bf 100755 --- a/test/ipt/openais_cluster_1_linux-2.fw.orig +++ b/test/ipt/openais_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:36 2011 PST by vadim +# Generated Thu Mar 10 21:52:47 2011 PST by vadim # # files: * openais_cluster_1_linux-2.fw /etc/openais_cluster_1_linux-2.fw # @@ -611,7 +611,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:36 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:47 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/rc.firewall.local b/test/ipt/rc.firewall.local index aac6da480..93be1ccf7 100755 --- a/test/ipt/rc.firewall.local +++ b/test/ipt/rc.firewall.local @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:25 2011 PST by vadim +# Generated Thu Mar 10 22:01:28 2011 PST by vadim # # files: * rc.firewall.local /etc/rc.d//rc.firewall.local # diff --git a/test/ipt/rh90.fw.orig b/test/ipt/rh90.fw.orig index 04420a0bf..438fe6501 100755 --- a/test/ipt/rh90.fw.orig +++ b/test/ipt/rh90.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:26 2011 PST by vadim +# Generated Thu Mar 10 21:52:39 2011 PST by vadim # # files: * rh90.fw /etc/rh90.fw # @@ -421,7 +421,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:26 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:39 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig b/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig index 887b02812..272865351 100755 --- a/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig +++ b/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:36 2011 PST by vadim +# Generated Thu Mar 10 21:52:47 2011 PST by vadim # # files: * secuwall_cluster_1_secuwall-1.fw /etc/secuwall_cluster_1_secuwall-1.fw # @@ -405,7 +405,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:36 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:47 2011 by vadim" log "Database was cluster-tests.fwb" check_tools check_run_time_address_table_files diff --git a/test/ipt/server-cluster-1_server-1.fw.orig b/test/ipt/server-cluster-1_server-1.fw.orig index ad2ea1945..32773b498 100755 --- a/test/ipt/server-cluster-1_server-1.fw.orig +++ b/test/ipt/server-cluster-1_server-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:37 2011 PST by vadim +# Generated Thu Mar 10 21:52:48 2011 PST by vadim # # files: * server-cluster-1_server-1.fw /etc/fw/server-cluster-1_server-1.fw # @@ -400,7 +400,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:37 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/server-cluster-1_server-2.fw.orig b/test/ipt/server-cluster-1_server-2.fw.orig index 8ae9e65cd..28c523f78 100755 --- a/test/ipt/server-cluster-1_server-2.fw.orig +++ b/test/ipt/server-cluster-1_server-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:37 2011 PST by vadim +# Generated Thu Mar 10 21:52:48 2011 PST by vadim # # files: * server-cluster-1_server-2.fw /etc/fw/server-cluster-1_server-2.fw # @@ -397,7 +397,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:37 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-1.fw.orig b/test/ipt/test-shadowing-1.fw.orig index 48250b440..d8bda75be 100755 --- a/test/ipt/test-shadowing-1.fw.orig +++ b/test/ipt/test-shadowing-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:29 2011 PST by vadim +# Generated Thu Mar 10 21:52:42 2011 PST by vadim # # files: * test-shadowing-1.fw /etc/test-shadowing-1.fw # @@ -471,7 +471,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:29 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:42 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-2.fw.orig b/test/ipt/test-shadowing-2.fw.orig index 33c2af8b2..05a5b4628 100755 --- a/test/ipt/test-shadowing-2.fw.orig +++ b/test/ipt/test-shadowing-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:33 2011 PST by vadim +# Generated Thu Mar 10 21:52:43 2011 PST by vadim # # files: * test-shadowing-2.fw /etc/test-shadowing-2.fw # @@ -429,7 +429,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:33 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:43 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-3.fw.orig b/test/ipt/test-shadowing-3.fw.orig index e4ae827c4..e8fc559b6 100755 --- a/test/ipt/test-shadowing-3.fw.orig +++ b/test/ipt/test-shadowing-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:35 2011 PST by vadim +# Generated Thu Mar 10 21:52:47 2011 PST by vadim # # files: * test-shadowing-3.fw /etc/test-shadowing-3.fw # @@ -478,7 +478,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:35 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:47 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test_fw.fw.orig b/test/ipt/test_fw.fw.orig index 9a95837b1..9f084302d 100755 --- a/test/ipt/test_fw.fw.orig +++ b/test/ipt/test_fw.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:29 2011 PST by vadim +# Generated Thu Mar 10 21:52:40 2011 PST by vadim # # files: * test_fw.fw /etc/test_fw.fw # @@ -570,7 +570,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:29 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:40 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_1_linux-1.fw.orig b/test/ipt/vrrp_cluster_1_linux-1.fw.orig index 45e8e5434..820d4b56f 100755 --- a/test/ipt/vrrp_cluster_1_linux-1.fw.orig +++ b/test/ipt/vrrp_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:37 2011 PST by vadim +# Generated Thu Mar 10 21:52:48 2011 PST by vadim # # files: * vrrp_cluster_1_linux-1.fw /etc/vrrp_cluster_1_linux-1.fw # @@ -710,7 +710,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:37 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_1_linux-2.fw.orig b/test/ipt/vrrp_cluster_1_linux-2.fw.orig index 20eb40a4c..327145689 100755 --- a/test/ipt/vrrp_cluster_1_linux-2.fw.orig +++ b/test/ipt/vrrp_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:37 2011 PST by vadim +# Generated Thu Mar 10 21:52:48 2011 PST by vadim # # files: * vrrp_cluster_1_linux-2.fw /etc/vrrp_cluster_1_linux-2.fw # @@ -615,7 +615,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:37 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-1.fw.orig b/test/ipt/vrrp_cluster_2_linux-1.fw.orig index c3ef422b6..33072c915 100755 --- a/test/ipt/vrrp_cluster_2_linux-1.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:37 2011 PST by vadim +# Generated Thu Mar 10 21:52:48 2011 PST by vadim # # files: * vrrp_cluster_2_linux-1.fw /etc/vrrp_cluster_2_linux-1.fw # @@ -642,7 +642,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:37 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-2.fw.orig b/test/ipt/vrrp_cluster_2_linux-2.fw.orig index 9f181e7b3..8eb223d59 100755 --- a/test/ipt/vrrp_cluster_2_linux-2.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:38 2011 PST by vadim +# Generated Thu Mar 10 21:52:49 2011 PST by vadim # # files: * vrrp_cluster_2_linux-2.fw /etc/vrrp_cluster_2_linux-2.fw # @@ -547,7 +547,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:38 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-3.fw.orig b/test/ipt/vrrp_cluster_2_linux-3.fw.orig index c87394c1d..793c02aa8 100755 --- a/test/ipt/vrrp_cluster_2_linux-3.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.0.3498 +# Firewall Builder fwb_ipt v4.2.0.3499 # -# Generated Tue Mar 8 18:59:38 2011 PST by vadim +# Generated Thu Mar 10 21:52:49 2011 PST by vadim # # files: * vrrp_cluster_2_linux-3.fw /etc/vrrp_cluster_2_linux-3.fw # @@ -523,7 +523,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue Mar 8 18:59:38 2011 by vadim" + log "Activating firewall script generated Thu Mar 10 21:52:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/pf/firewall-base-rulesets.fw.orig b/test/pf/firewall-base-rulesets.fw.orig index 7ecd3067c..164811c67 100755 --- a/test/pf/firewall-base-rulesets.fw.orig +++ b/test/pf/firewall-base-rulesets.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:35 2011 PST by vadim +# Generated Fri Mar 11 10:33:01 2011 PST by vadim # # files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw # files: firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf @@ -169,7 +169,7 @@ configure_interfaces() { update_addresses_of_interface "en2 192.168.100.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:08:35 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:33:01 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-1.fw.orig b/test/pf/firewall-ipv6-1.fw.orig index fb32dbf78..6be82e65a 100755 --- a/test/pf/firewall-ipv6-1.fw.orig +++ b/test/pf/firewall-ipv6-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:35 2011 PST by vadim +# Generated Fri Mar 11 10:33:01 2011 PST by vadim # # files: * firewall-ipv6-1.fw pf-ipv6.fw # files: firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf @@ -181,7 +181,7 @@ configure_interfaces() { update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Thu Mar 10 21:08:35 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:33:01 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-2.fw.orig b/test/pf/firewall-ipv6-2.fw.orig index 3a43d0838..44e4aab26 100755 --- a/test/pf/firewall-ipv6-2.fw.orig +++ b/test/pf/firewall-ipv6-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:37 2011 PST by vadim +# Generated Fri Mar 11 10:33:03 2011 PST by vadim # # files: * firewall-ipv6-2.fw pf.fw # files: firewall-ipv6-2.conf pf.conf @@ -185,7 +185,7 @@ configure_interfaces() { update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Thu Mar 10 21:08:37 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:33:03 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall-ipv6-3.fw.orig b/test/pf/firewall-ipv6-3.fw.orig index 7d2173fed..970b5809b 100755 --- a/test/pf/firewall-ipv6-3.fw.orig +++ b/test/pf/firewall-ipv6-3.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:37 2011 PST by vadim +# Generated Fri Mar 11 10:33:03 2011 PST by vadim # # files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw # files: firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf diff --git a/test/pf/firewall.conf.orig b/test/pf/firewall.conf.orig index 7558d7183..d43de6146 100644 --- a/test/pf/firewall.conf.orig +++ b/test/pf/firewall.conf.orig @@ -50,7 +50,7 @@ rdr proto tcp from any to any port 80 -> 127.0.0.1 port 3128 # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 192.168.1.100 to port 22 flags S/SA modulate state label "RULE 9998 - ACCEPT" +pass in quick inet proto tcp from 192.168.1.100 to port 22 flags S/SA modulate state label "RULE -1 - ACCEPT" # # Rule 0 (eth1) block in log quick on eth1 inet from any to fragment label "RULE 0 - DROP" diff --git a/test/pf/firewall.fw.orig b/test/pf/firewall.fw.orig index c18a41bcb..21c05c2fa 100755 --- a/test/pf/firewall.fw.orig +++ b/test/pf/firewall.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:34 2011 PST by vadim +# Generated Fri Mar 11 10:32:28 2011 PST by vadim # # files: * firewall.fw /etc/pf.fw # files: firewall.conf /etc/pf.conf @@ -173,7 +173,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Thu Mar 10 21:08:34 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:28 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall1.conf.orig b/test/pf/firewall1.conf.orig index b15d4e962..e815aa909 100644 --- a/test/pf/firewall1.conf.orig +++ b/test/pf/firewall1.conf.orig @@ -18,11 +18,12 @@ scrub in all fragment reassemble -# Tables: (6) +# Tables: (7) table { 22.22.22.22 , 192.168.1.1 } table { 192.168.1.10 , 192.168.1.20 } table { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.0/24 , 192.168.2.1 } table { 33.33.33.0/24 , 33.33.44.0/24 } +table { 22.22.22.22 , 22.22.23.23 , 127.0.0.1 , 192.168.1.1 , 192.168.2.1 } table { 192.168.1.0/24 , 192.168.2.0/24 } table { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 } @@ -167,7 +168,7 @@ pass quick inet from 192.168.1.0/24 to any keep state # Rule 18 (global) # firewall1:Policy:18: warning: Changing rule direction due to self reference -pass in quick inet proto tcp from any to port 3128 keep state +pass in quick inet proto tcp from any to port 3128 keep state # # Rule 19 (eth0) # rule from http://www.benzedrine.cx/transquid.html diff --git a/test/pf/firewall1.fw.orig b/test/pf/firewall1.fw.orig index 6e5b47bad..77c77cdad 100755 --- a/test/pf/firewall1.fw.orig +++ b/test/pf/firewall1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:38 2011 PST by vadim +# Generated Fri Mar 11 10:32:28 2011 PST by vadim # # files: * firewall1.fw /etc/fw/firewall1.fw # files: firewall1.conf /etc/fw/firewall1.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:38 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:28 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-1.fw.orig b/test/pf/firewall10-1.fw.orig index 2e2464903..398d82c33 100755 --- a/test/pf/firewall10-1.fw.orig +++ b/test/pf/firewall10-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:38 2011 PST by vadim +# Generated Fri Mar 11 10:32:30 2011 PST by vadim # # files: * firewall10-1.fw /etc/fw/firewall10-1.fw # files: firewall10-1.conf /etc/fw/firewall10-1.conf @@ -74,7 +74,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:38 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:30 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-2.fw.orig b/test/pf/firewall10-2.fw.orig index 568ed930f..3a5754d9d 100755 --- a/test/pf/firewall10-2.fw.orig +++ b/test/pf/firewall10-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:39 2011 PST by vadim +# Generated Fri Mar 11 10:32:31 2011 PST by vadim # # files: * firewall10-2.fw /etc/fw/firewall10-2.fw # files: firewall10-2.conf /etc/fw/firewall10-2.conf @@ -74,7 +74,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:39 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:31 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-3.fw.orig b/test/pf/firewall10-3.fw.orig index 89de41880..3492ddd6b 100755 --- a/test/pf/firewall10-3.fw.orig +++ b/test/pf/firewall10-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:39 2011 PST by vadim +# Generated Fri Mar 11 10:32:32 2011 PST by vadim # # files: * firewall10-3.fw /etc/fw/firewall10-3.fw # files: firewall10-3.conf /etc/fw/firewall10-3.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:39 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:32 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-4.fw.orig b/test/pf/firewall10-4.fw.orig index 8693d5f60..bb35d3da8 100755 --- a/test/pf/firewall10-4.fw.orig +++ b/test/pf/firewall10-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:40 2011 PST by vadim +# Generated Fri Mar 11 10:32:35 2011 PST by vadim # # files: * firewall10-4.fw /etc/fw/firewall10-4.fw # files: firewall10-4.conf /etc/fw/firewall10-4.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:40 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:35 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-5.fw.orig b/test/pf/firewall10-5.fw.orig index a434bb53a..9fa6b421e 100755 --- a/test/pf/firewall10-5.fw.orig +++ b/test/pf/firewall10-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:40 2011 PST by vadim +# Generated Fri Mar 11 10:32:36 2011 PST by vadim # # files: * firewall10-5.fw /etc/fw/firewall10-5.fw # files: firewall10-5.conf /etc/fw/firewall10-5.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:40 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:36 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall10-6.fw.orig b/test/pf/firewall10-6.fw.orig index 54ac5f274..113a11e9f 100755 --- a/test/pf/firewall10-6.fw.orig +++ b/test/pf/firewall10-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:41 2011 PST by vadim +# Generated Fri Mar 11 10:32:37 2011 PST by vadim # # files: * firewall10-6.fw /etc/fw/firewall10-6.fw # files: firewall10-6.conf /etc/fw/firewall10-6.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:41 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:37 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall100.conf.orig b/test/pf/firewall100.conf.orig index 12ee59094..ac8df8eec 100644 --- a/test/pf/firewall100.conf.orig +++ b/test/pf/firewall100.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { 10.1.1.81 , 10.3.14.81 } +table { 10.1.1.81 , 10.3.14.81 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall100.fw.orig b/test/pf/firewall100.fw.orig index d2db70b8d..d6d7453fd 100755 --- a/test/pf/firewall100.fw.orig +++ b/test/pf/firewall100.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:41 2011 PST by vadim +# Generated Fri Mar 11 10:32:29 2011 PST by vadim # # files: * firewall100.fw /etc/fw/pf.fw # files: firewall100.conf /etc/fw/path\ with\ space/pf.conf @@ -167,7 +167,7 @@ configure_interfaces() { update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:08:41 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:29 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall101.conf.orig b/test/pf/firewall101.conf.orig index 12ee59094..ac8df8eec 100644 --- a/test/pf/firewall101.conf.orig +++ b/test/pf/firewall101.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { 10.1.1.81 , 10.3.14.81 } +table { 10.1.1.81 , 10.3.14.81 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall101.fw.orig b/test/pf/firewall101.fw.orig index e7173b1c2..9b3163d7e 100755 --- a/test/pf/firewall101.fw.orig +++ b/test/pf/firewall101.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:42 2011 PST by vadim +# Generated Fri Mar 11 10:32:30 2011 PST by vadim # # files: * firewall101.fw /etc/fw/pf.fw # files: firewall101.conf /etc/fw/path\ with\ space/pf.conf @@ -170,7 +170,7 @@ configure_interfaces() { update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:08:42 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:30 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall102.conf.orig b/test/pf/firewall102.conf.orig index 12ee59094..ac8df8eec 100644 --- a/test/pf/firewall102.conf.orig +++ b/test/pf/firewall102.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { 10.1.1.81 , 10.3.14.81 } +table { 10.1.1.81 , 10.3.14.81 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall102.fw.orig b/test/pf/firewall102.fw.orig index 3665d4791..37e6ffc53 100755 --- a/test/pf/firewall102.fw.orig +++ b/test/pf/firewall102.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:42 2011 PST by vadim +# Generated Fri Mar 11 10:32:31 2011 PST by vadim # # files: * firewall102.fw /etc/fw/pf.fw # files: firewall102.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall103-1.conf.orig b/test/pf/firewall103-1.conf.orig index ec943e9de..6635011fc 100644 --- a/test/pf/firewall103-1.conf.orig +++ b/test/pf/firewall103-1.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } +table { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall103-1.fw.orig b/test/pf/firewall103-1.fw.orig index f3a5ce31c..c751a544b 100755 --- a/test/pf/firewall103-1.fw.orig +++ b/test/pf/firewall103-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:43 2011 PST by vadim +# Generated Fri Mar 11 10:32:33 2011 PST by vadim # # files: * firewall103-1.fw /etc/fw/pf.fw # files: firewall103-1.conf /etc/fw/path\ with\ space/pf.conf @@ -394,7 +394,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:08:43 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:33 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall103-2.conf.orig b/test/pf/firewall103-2.conf.orig index d1fabd88f..dbaea8222 100644 --- a/test/pf/firewall103-2.conf.orig +++ b/test/pf/firewall103-2.conf.orig @@ -9,12 +9,12 @@ scrub out all random-id min-ttl 1 max-mss 1460 # Tables: (1) -table { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } +table { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall103-2.fw.orig b/test/pf/firewall103-2.fw.orig index 16fb7d02a..121474fb6 100755 --- a/test/pf/firewall103-2.fw.orig +++ b/test/pf/firewall103-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:45 2011 PST by vadim +# Generated Fri Mar 11 10:32:33 2011 PST by vadim # # files: * firewall103-2.fw /etc/fw/pf.fw # files: firewall103-2.conf /etc/fw/path\ with\ space/pf.conf @@ -394,7 +394,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:08:45 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:33 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall103.conf.orig b/test/pf/firewall103.conf.orig index ec943e9de..6635011fc 100644 --- a/test/pf/firewall103.conf.orig +++ b/test/pf/firewall103.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } +table { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall103.fw.orig b/test/pf/firewall103.fw.orig index a21263908..c7602c2ab 100755 --- a/test/pf/firewall103.fw.orig +++ b/test/pf/firewall103.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:43 2011 PST by vadim +# Generated Fri Mar 11 10:32:32 2011 PST by vadim # # files: * firewall103.fw /etc/fw/pf.fw # files: firewall103.conf /etc/fw/path\ with\ space/pf.conf @@ -397,7 +397,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:08:43 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:32 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall104-1.conf.orig b/test/pf/firewall104-1.conf.orig index 87ab28d20..8c25d7aa5 100644 --- a/test/pf/firewall104-1.conf.orig +++ b/test/pf/firewall104-1.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { bridge0 , 10.1.1.81 , 10.3.14.81 } +table { bridge0 , 10.1.1.81 , 10.3.14.81 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall104-1.fw.orig b/test/pf/firewall104-1.fw.orig index 83dd19f37..f10ac6fdb 100755 --- a/test/pf/firewall104-1.fw.orig +++ b/test/pf/firewall104-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:46 2011 PST by vadim +# Generated Fri Mar 11 10:32:35 2011 PST by vadim # # files: * firewall104-1.fw /etc/fw/pf.fw # files: firewall104-1.conf /etc/fw/path\ with\ space/pf.conf @@ -393,7 +393,7 @@ configure_interfaces() { $IFCONFIG bridge0 -stp em3 } -log "Activating firewall script generated Thu Mar 10 21:08:46 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:35 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall104.conf.orig b/test/pf/firewall104.conf.orig index 87ab28d20..8c25d7aa5 100644 --- a/test/pf/firewall104.conf.orig +++ b/test/pf/firewall104.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { bridge0 , 10.1.1.81 , 10.3.14.81 } +table { bridge0 , 10.1.1.81 , 10.3.14.81 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall104.fw.orig b/test/pf/firewall104.fw.orig index 1e94c3bd6..8b585ebf4 100755 --- a/test/pf/firewall104.fw.orig +++ b/test/pf/firewall104.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:45 2011 PST by vadim +# Generated Fri Mar 11 10:32:34 2011 PST by vadim # # files: * firewall104.fw /etc/fw/pf.fw # files: firewall104.conf /etc/fw/path\ with\ space/pf.conf @@ -396,7 +396,7 @@ configure_interfaces() { $IFCONFIG bridge0 stp em3 } -log "Activating firewall script generated Thu Mar 10 21:08:45 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:34 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall105.conf.orig b/test/pf/firewall105.conf.orig index ec943e9de..6635011fc 100644 --- a/test/pf/firewall105.conf.orig +++ b/test/pf/firewall105.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } +table { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall105.fw.orig b/test/pf/firewall105.fw.orig index 873521dbe..bcbd7315f 100755 --- a/test/pf/firewall105.fw.orig +++ b/test/pf/firewall105.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:46 2011 PST by vadim +# Generated Fri Mar 11 10:32:36 2011 PST by vadim # # files: * firewall105.fw /etc/fw/pf.fw # files: firewall105.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall106.conf.orig b/test/pf/firewall106.conf.orig index 87ab28d20..8c25d7aa5 100644 --- a/test/pf/firewall106.conf.orig +++ b/test/pf/firewall106.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { bridge0 , 10.1.1.81 , 10.3.14.81 } +table { bridge0 , 10.1.1.81 , 10.3.14.81 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall106.fw.orig b/test/pf/firewall106.fw.orig index f5f42dea3..3183aebf7 100755 --- a/test/pf/firewall106.fw.orig +++ b/test/pf/firewall106.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:47 2011 PST by vadim +# Generated Fri Mar 11 10:32:37 2011 PST by vadim # # files: * firewall106.fw /etc/fw/pf.fw # files: firewall106.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall107.conf.orig b/test/pf/firewall107.conf.orig index 4375ccdcc..4c2afd3cb 100644 --- a/test/pf/firewall107.conf.orig +++ b/test/pf/firewall107.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { 10.1.1.81 , 10.3.14.81 , 192.168.101.1 , 192.168.102.1 } +table { 10.1.1.81 , 10.3.14.81 , 192.168.101.1 , 192.168.102.1 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall107.fw.orig b/test/pf/firewall107.fw.orig index 0998badf1..efa8c621e 100755 --- a/test/pf/firewall107.fw.orig +++ b/test/pf/firewall107.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:47 2011 PST by vadim +# Generated Fri Mar 11 10:32:38 2011 PST by vadim # # files: * firewall107.fw /etc/fw/pf.fw # files: firewall107.conf /etc/fw/path\ with\ space/pf.conf @@ -395,7 +395,7 @@ configure_interfaces() { update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:08:47 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:38 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall108.conf.orig b/test/pf/firewall108.conf.orig index 4375ccdcc..4c2afd3cb 100644 --- a/test/pf/firewall108.conf.orig +++ b/test/pf/firewall108.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { 10.1.1.81 , 10.3.14.81 , 192.168.101.1 , 192.168.102.1 } +table { 10.1.1.81 , 10.3.14.81 , 192.168.101.1 , 192.168.102.1 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall108.fw.orig b/test/pf/firewall108.fw.orig index 4ec7ea276..764330f6e 100755 --- a/test/pf/firewall108.fw.orig +++ b/test/pf/firewall108.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:48 2011 PST by vadim +# Generated Fri Mar 11 10:32:38 2011 PST by vadim # # files: * firewall108.fw /etc/fw/pf.fw # files: firewall108.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall109-1.conf.orig b/test/pf/firewall109-1.conf.orig index e574e9585..3354274f7 100644 --- a/test/pf/firewall109-1.conf.orig +++ b/test/pf/firewall109-1.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { 10.3.14.81 , 192.168.1.1 , 192.168.101.1 , 192.168.102.1 } +table { 10.3.14.81 , 192.168.1.1 , 192.168.101.1 , 192.168.102.1 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall109-1.fw.orig b/test/pf/firewall109-1.fw.orig index 033251f25..f64a4cd23 100755 --- a/test/pf/firewall109-1.fw.orig +++ b/test/pf/firewall109-1.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:49 2011 PST by vadim +# Generated Fri Mar 11 10:32:40 2011 PST by vadim # # files: * firewall109-1.fw /etc/fw/pf.fw # files: firewall109-1.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall109-2.conf.orig b/test/pf/firewall109-2.conf.orig index cd6cd238b..f2903793e 100644 --- a/test/pf/firewall109-2.conf.orig +++ b/test/pf/firewall109-2.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { 10.3.14.81 , 192.168.1.1 } +table { 10.3.14.81 , 192.168.1.1 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall109-2.fw.orig b/test/pf/firewall109-2.fw.orig index b34f8c5d0..7334f5257 100755 --- a/test/pf/firewall109-2.fw.orig +++ b/test/pf/firewall109-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:49 2011 PST by vadim +# Generated Fri Mar 11 10:32:40 2011 PST by vadim # # files: * firewall109-2.fw /etc/fw/pf.fw # files: firewall109-2.conf /etc/fw/path\ with\ space/pf.conf @@ -400,7 +400,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:08:49 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:40 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall109-3.conf.orig b/test/pf/firewall109-3.conf.orig index cd6cd238b..f2903793e 100644 --- a/test/pf/firewall109-3.conf.orig +++ b/test/pf/firewall109-3.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { 10.3.14.81 , 192.168.1.1 } +table { 10.3.14.81 , 192.168.1.1 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall109-3.fw.orig b/test/pf/firewall109-3.fw.orig index 434c36972..4535b8e4c 100755 --- a/test/pf/firewall109-3.fw.orig +++ b/test/pf/firewall109-3.fw.orig @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:50 2011 PST by vadim +# Generated Fri Mar 11 10:32:41 2011 PST by vadim # # files: * firewall109-3.fw /etc/fw/pf.fw # files: firewall109-3.conf /etc/fw/path\ with\ space/pf.conf diff --git a/test/pf/firewall109.conf.orig b/test/pf/firewall109.conf.orig index e574e9585..3354274f7 100644 --- a/test/pf/firewall109.conf.orig +++ b/test/pf/firewall109.conf.orig @@ -9,12 +9,12 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { 10.3.14.81 , 192.168.1.1 , 192.168.101.1 , 192.168.102.1 } +table { 10.3.14.81 , 192.168.1.1 , 192.168.101.1 , 192.168.102.1 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall109.fw.orig b/test/pf/firewall109.fw.orig index 717e27914..baae3a06a 100755 --- a/test/pf/firewall109.fw.orig +++ b/test/pf/firewall109.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:48 2011 PST by vadim +# Generated Fri Mar 11 10:32:39 2011 PST by vadim # # files: * firewall109.fw /etc/fw/pf.fw # files: firewall109.conf /etc/fw/path\ with\ space/pf.conf @@ -401,7 +401,7 @@ configure_interfaces() { update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:08:48 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:39 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall11.fw.orig b/test/pf/firewall11.fw.orig index 011b42516..3dcc14b54 100755 --- a/test/pf/firewall11.fw.orig +++ b/test/pf/firewall11.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:50 2011 PST by vadim +# Generated Fri Mar 11 10:32:41 2011 PST by vadim # # files: * firewall11.fw /etc/firewall11.fw # files: firewall11.conf /etc/firewall11.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:50 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:41 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall110.fw.orig b/test/pf/firewall110.fw.orig index 96c32b353..716196b64 100755 --- a/test/pf/firewall110.fw.orig +++ b/test/pf/firewall110.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:51 2011 PST by vadim +# Generated Fri Mar 11 10:32:42 2011 PST by vadim # # files: * firewall110.fw /etc/fw/firewall110.fw # files: firewall110.conf /etc/fw/firewall110.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:51 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:42 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall12.fw.orig b/test/pf/firewall12.fw.orig index 15c420d7a..f43ede0a2 100755 --- a/test/pf/firewall12.fw.orig +++ b/test/pf/firewall12.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:51 2011 PST by vadim +# Generated Fri Mar 11 10:32:42 2011 PST by vadim # # files: * firewall12.fw /etc/fw/firewall12.fw # files: firewall12.conf /etc/fw/firewall12.conf @@ -165,7 +165,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Thu Mar 10 21:08:51 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:42 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall13.fw.orig b/test/pf/firewall13.fw.orig index 611bd1815..443e954b8 100755 --- a/test/pf/firewall13.fw.orig +++ b/test/pf/firewall13.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:52 2011 PST by vadim +# Generated Fri Mar 11 10:32:43 2011 PST by vadim # # files: * firewall13.fw /etc/fw/firewall13.fw # files: firewall13.conf /etc/fw/firewall13.conf @@ -88,7 +88,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:52 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:43 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall14-1.conf.orig b/test/pf/firewall14-1.conf.orig index 28a9cbb5e..ec61f0175 100644 --- a/test/pf/firewall14-1.conf.orig +++ b/test/pf/firewall14-1.conf.orig @@ -8,12 +8,12 @@ match out all scrub (random-id min-ttl 64 max-mss 1460) # Tables: (1) -table { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 } +table { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall14-1.fw.orig b/test/pf/firewall14-1.fw.orig index 01e133733..1a5bb274d 100755 --- a/test/pf/firewall14-1.fw.orig +++ b/test/pf/firewall14-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:53 2011 PST by vadim +# Generated Fri Mar 11 10:32:44 2011 PST by vadim # # files: * firewall14-1.fw /etc/firewall14-1.fw # files: firewall14-1.conf /etc/firewall14-1.conf @@ -248,7 +248,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:08:53 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:44 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall14.conf.orig b/test/pf/firewall14.conf.orig index 519d99379..328eb5870 100644 --- a/test/pf/firewall14.conf.orig +++ b/test/pf/firewall14.conf.orig @@ -8,12 +8,12 @@ scrub out all random-id min-ttl 64 max-mss 1460 # Tables: (1) -table { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 } +table { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any no state label "RULE 0 -- DROP " diff --git a/test/pf/firewall14.fw.orig b/test/pf/firewall14.fw.orig index b5554fbfe..73106fb4e 100755 --- a/test/pf/firewall14.fw.orig +++ b/test/pf/firewall14.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:52 2011 PST by vadim +# Generated Fri Mar 11 10:32:43 2011 PST by vadim # # files: * firewall14.fw /etc/firewall14.fw # files: firewall14.conf /etc/firewall14.conf @@ -248,7 +248,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:08:52 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:43 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall2-1.conf.orig b/test/pf/firewall2-1.conf.orig index 9dcca5ef2..e1d4698a7 100644 --- a/test/pf/firewall2-1.conf.orig +++ b/test/pf/firewall2-1.conf.orig @@ -24,7 +24,7 @@ scrub out all random-id min-ttl 32 max-mss 1460 # Tables: (2) table { 22.22.22.22 , 192.168.1.1 } -table { 22.22.22.22 , 192.168.1.1 , 192.168.2.1 } +table { 22.22.22.22 , 192.168.1.1 , 192.168.2.1 } # NAT compiler errors and warnings: # firewall2-1:NAT:1: error: Negation in original service is not supported. @@ -68,7 +68,7 @@ rdr-anchor "NAT" proto tcp from 192.168.1.0/24 to any port 1080 # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 192.168.1.100 to port 22 keep state label "RULE 9998 - ACCEPT **" +pass in quick inet proto tcp from 192.168.1.100 to port 22 keep state label "RULE -1 - ACCEPT **" # # Rule 0 (global) # 'catch all' rule diff --git a/test/pf/firewall2-1.fw.orig b/test/pf/firewall2-1.fw.orig index bf2ae087d..3574f642c 100755 --- a/test/pf/firewall2-1.fw.orig +++ b/test/pf/firewall2-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:54 2011 PST by vadim +# Generated Fri Mar 11 10:32:46 2011 PST by vadim # # files: * firewall2-1.fw /etc/fw/firewall2-1.fw # files: firewall2-1.conf /etc/fw/firewall2-1.conf @@ -88,7 +88,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:54 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:46 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall2-6.fw.orig b/test/pf/firewall2-6.fw.orig index 87dd61302..80035d3cc 100755 --- a/test/pf/firewall2-6.fw.orig +++ b/test/pf/firewall2-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:55 2011 PST by vadim +# Generated Fri Mar 11 10:32:47 2011 PST by vadim # # files: * firewall2-6.fw /etc/firewall2-6.fw # files: firewall2-6.conf /etc/firewall2-6.conf @@ -170,7 +170,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Thu Mar 10 21:08:55 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:47 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall2.conf.orig b/test/pf/firewall2.conf.orig index 5fd064f72..7874f02ef 100644 --- a/test/pf/firewall2.conf.orig +++ b/test/pf/firewall2.conf.orig @@ -22,8 +22,9 @@ scrub in all fragment reassemble no-df scrub out all random-id min-ttl 32 max-mss 1460 -# Tables: (4) +# Tables: (5) table { 192.168.1.10 , 192.168.1.20 } +table { 22.22.22.22 , 22.22.23.23 , 127.0.0.1 , 192.168.1.1 , 192.168.2.1 } table { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 } table { 192.168.1.0/24 , 192.168.2.0/24 } table { 22.22.22.22 , 22.22.23.23 , 192.168.1.0/24 , 192.168.1.1 , 192.168.2.1 } @@ -151,7 +152,7 @@ nat on eth1 proto udp from 192.168.1.0/24 to any -> 22.22.22.22 # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 192.168.1.100 to port 22 keep state label "RULE 9998 - ACCEPT **" +pass in quick inet proto tcp from 192.168.1.100 to port 22 keep state label "RULE -1 - ACCEPT **" # # Rule 0 (eth0) block in log quick on eth0 inet from ! 192.168.1.0/24 to any label "RULE 0 - DROP **" @@ -204,7 +205,7 @@ pass quick inet from 192.168.1.0/24 to any keep state label "RULE 10 - ACCEP # Rule 12 (global) # firewall2:Policy:12: warning: Changing rule direction due to self reference -pass in quick inet proto tcp from any to port { 21, 80, 25 } keep state label "RULE 12 - ACCEPT **" +pass in quick inet proto tcp from any to port { 21, 80, 25 } keep state label "RULE 12 - ACCEPT **" pass quick inet proto tcp from any to 192.168.1.10 port { 21, 80, 25 } keep state label "RULE 12 - ACCEPT **" # # Rule 13 (global) diff --git a/test/pf/firewall2.fw.orig b/test/pf/firewall2.fw.orig index 8118985de..0a79e9d0b 100755 --- a/test/pf/firewall2.fw.orig +++ b/test/pf/firewall2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:54 2011 PST by vadim +# Generated Fri Mar 11 10:32:44 2011 PST by vadim # # files: * firewall2.fw /etc/fw/firewall2.fw # files: firewall2.conf /etc/fw/firewall2.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:54 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:44 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall20.fw.orig b/test/pf/firewall20.fw.orig index a54b343c4..6fffa87a8 100755 --- a/test/pf/firewall20.fw.orig +++ b/test/pf/firewall20.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:56 2011 PST by vadim +# Generated Fri Mar 11 10:32:45 2011 PST by vadim # # files: * firewall20.fw /etc/fw/firewall20.fw # files: firewall20.conf /etc/fw/firewall20.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:56 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:45 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall21.fw.orig b/test/pf/firewall21.fw.orig index 99526442d..0142efb53 100755 --- a/test/pf/firewall21.fw.orig +++ b/test/pf/firewall21.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:56 2011 PST by vadim +# Generated Fri Mar 11 10:32:46 2011 PST by vadim # # files: * firewall21.fw /etc/fw/firewall21.fw # files: firewall21.conf /etc/fw/firewall21.conf @@ -81,7 +81,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:56 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:46 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall22.fw.orig b/test/pf/firewall22.fw.orig index 1318ed557..820f06a59 100755 --- a/test/pf/firewall22.fw.orig +++ b/test/pf/firewall22.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:57 2011 PST by vadim +# Generated Fri Mar 11 10:32:47 2011 PST by vadim # # files: * firewall22.fw /etc/fw/firewall22.fw # files: firewall22.conf /etc/fw/firewall22.conf @@ -80,7 +80,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:57 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:47 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall3.fw.orig b/test/pf/firewall3.fw.orig index 91a0be199..c39decd21 100755 --- a/test/pf/firewall3.fw.orig +++ b/test/pf/firewall3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:57 2011 PST by vadim +# Generated Fri Mar 11 10:32:48 2011 PST by vadim # # files: * firewall3.fw /etc/firewall3.fw # files: firewall3.conf /etc/firewall3.conf @@ -165,7 +165,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Thu Mar 10 21:08:57 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:48 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall33.fw.orig b/test/pf/firewall33.fw.orig index 772f1d042..481b4837d 100755 --- a/test/pf/firewall33.fw.orig +++ b/test/pf/firewall33.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:59 2011 PST by vadim +# Generated Fri Mar 11 10:32:48 2011 PST by vadim # # files: * firewall33.fw /etc/fw/firewall33.fw # files: firewall33.conf /etc/fw/firewall33.conf @@ -168,7 +168,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Thu Mar 10 21:08:59 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:48 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall34.fw.orig b/test/pf/firewall34.fw.orig index 08e17a0c8..11c94101e 100755 --- a/test/pf/firewall34.fw.orig +++ b/test/pf/firewall34.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:58 2011 PST by vadim +# Generated Fri Mar 11 10:32:49 2011 PST by vadim # # files: * firewall34.fw /etc/fw/firewall34.fw # files: firewall34.conf /etc/fw/firewall34.conf @@ -164,7 +164,7 @@ configure_interfaces() { update_addresses_of_interface "lo 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Thu Mar 10 21:08:58 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:49 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall38.fw.orig b/test/pf/firewall38.fw.orig index bc6296767..832401194 100755 --- a/test/pf/firewall38.fw.orig +++ b/test/pf/firewall38.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:08:59 2011 PST by vadim +# Generated Fri Mar 11 10:32:49 2011 PST by vadim # # files: * firewall38.fw /etc/fw/firewall38.fw # files: firewall38.conf /etc/fw/firewall38.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:08:59 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:49 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall39.fw.orig b/test/pf/firewall39.fw.orig index 796254046..a36b572ca 100755 --- a/test/pf/firewall39.fw.orig +++ b/test/pf/firewall39.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:00 2011 PST by vadim +# Generated Fri Mar 11 10:32:50 2011 PST by vadim # # files: * firewall39.fw pf.fw # files: firewall39.conf pf.conf @@ -79,7 +79,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:09:00 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:50 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall4.fw.orig b/test/pf/firewall4.fw.orig index 6b23d00f6..f48c69c59 100755 --- a/test/pf/firewall4.fw.orig +++ b/test/pf/firewall4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:00 2011 PST by vadim +# Generated Fri Mar 11 10:32:51 2011 PST by vadim # # files: * firewall4.fw pf.fw # files: firewall4.conf /etc/fw/pf.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:09:00 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:51 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall40-1.fw.orig b/test/pf/firewall40-1.fw.orig index bad90f11d..0064acc71 100755 --- a/test/pf/firewall40-1.fw.orig +++ b/test/pf/firewall40-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:02 2011 PST by vadim +# Generated Fri Mar 11 10:32:52 2011 PST by vadim # # files: * firewall40-1.fw /etc/firewall40-1.fw # files: firewall40-1.conf /etc/firewall40-1.conf @@ -182,7 +182,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Thu Mar 10 21:09:02 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:52 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall40.fw.orig b/test/pf/firewall40.fw.orig index 39cd2fc6e..3d72e9792 100755 --- a/test/pf/firewall40.fw.orig +++ b/test/pf/firewall40.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:01 2011 PST by vadim +# Generated Fri Mar 11 10:32:52 2011 PST by vadim # # files: * firewall40.fw /etc/firewall40.fw # files: firewall40.conf /etc/firewall40.conf @@ -166,7 +166,7 @@ configure_interfaces() { update_addresses_of_interface "lo0 127.0.0.1/0xff000000" "" } -log "Activating firewall script generated Thu Mar 10 21:09:01 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:52 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall41.fw.orig b/test/pf/firewall41.fw.orig index 792851c22..2945c5baf 100755 --- a/test/pf/firewall41.fw.orig +++ b/test/pf/firewall41.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:02 2011 PST by vadim +# Generated Fri Mar 11 10:32:53 2011 PST by vadim # # files: * firewall41.fw /etc/firewall41.fw # files: firewall41.conf /etc/firewall41.conf @@ -169,7 +169,7 @@ configure_interfaces() { update_addresses_of_interface "eth1 2.2.2.2/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:09:02 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:53 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall5.fw.orig b/test/pf/firewall5.fw.orig index 09104656b..51e583207 100755 --- a/test/pf/firewall5.fw.orig +++ b/test/pf/firewall5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:03 2011 PST by vadim +# Generated Fri Mar 11 10:32:53 2011 PST by vadim # # files: * firewall5.fw /etc/fw/firewall5.fw # files: firewall5.conf /etc/fw/firewall5.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:09:03 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:53 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall51.fw.orig b/test/pf/firewall51.fw.orig index a8889d121..109b4209b 100755 --- a/test/pf/firewall51.fw.orig +++ b/test/pf/firewall51.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:04 2011 PST by vadim +# Generated Fri Mar 11 10:32:54 2011 PST by vadim # # files: * firewall51.fw /etc/fw/firewall51.fw # files: firewall51.conf /etc/fw/firewall51.conf @@ -80,7 +80,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:09:04 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:54 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall6.fw.orig b/test/pf/firewall6.fw.orig index 51fb4a37a..fe393bd56 100755 --- a/test/pf/firewall6.fw.orig +++ b/test/pf/firewall6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:04 2011 PST by vadim +# Generated Fri Mar 11 10:32:54 2011 PST by vadim # # files: * firewall6.fw /etc/fw/firewall6.fw # files: firewall6.conf /etc/fw/firewall6.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:09:04 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:54 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall62.fw.orig b/test/pf/firewall62.fw.orig index c66507db1..022535ab4 100755 --- a/test/pf/firewall62.fw.orig +++ b/test/pf/firewall62.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:05 2011 PST by vadim +# Generated Fri Mar 11 10:32:55 2011 PST by vadim # # files: * firewall62.fw /etc/firewall62.fw # files: firewall62.conf /etc/firewall62.conf @@ -191,7 +191,7 @@ configure_interfaces() { update_addresses_of_interface "en1 222.222.222.222/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:09:05 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:55 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall63.fw.orig b/test/pf/firewall63.fw.orig index 2b6382606..65ee036d8 100755 --- a/test/pf/firewall63.fw.orig +++ b/test/pf/firewall63.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:05 2011 PST by vadim +# Generated Fri Mar 11 10:32:55 2011 PST by vadim # # files: * firewall63.fw /etc/fw/firewall63.fw # files: firewall63.conf /etc/fw/firewall63.conf @@ -77,7 +77,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:09:05 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:55 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall7.fw.orig b/test/pf/firewall7.fw.orig index efc0f23f3..26345ce0f 100755 --- a/test/pf/firewall7.fw.orig +++ b/test/pf/firewall7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:06 2011 PST by vadim +# Generated Fri Mar 11 10:32:56 2011 PST by vadim # # files: * firewall7.fw /etc/fw/firewall7.fw # files: firewall7.conf /etc/fw/firewall7.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:09:06 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:56 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall70.fw.orig b/test/pf/firewall70.fw.orig index cc89bf9be..d519408a0 100755 --- a/test/pf/firewall70.fw.orig +++ b/test/pf/firewall70.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:06 2011 PST by vadim +# Generated Fri Mar 11 10:32:57 2011 PST by vadim # # files: * firewall70.fw /etc/fw/firewall70.fw # files: firewall70.conf /etc/fw/firewall70.conf @@ -82,7 +82,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:09:06 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:57 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall8.fw.orig b/test/pf/firewall8.fw.orig index 313d5dfef..76a2b8661 100755 --- a/test/pf/firewall8.fw.orig +++ b/test/pf/firewall8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:07 2011 PST by vadim +# Generated Fri Mar 11 10:32:57 2011 PST by vadim # # files: * firewall8.fw /etc/firewall8.fw # files: firewall8.conf /etc/firewall8.conf @@ -72,7 +72,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:09:07 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:57 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall80-4.5.fw.orig b/test/pf/firewall80-4.5.fw.orig index edc9ee40e..bf35a7f00 100755 --- a/test/pf/firewall80-4.5.fw.orig +++ b/test/pf/firewall80-4.5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:08 2011 PST by vadim +# Generated Fri Mar 11 10:32:59 2011 PST by vadim # # files: * firewall80-4.5.fw /etc/firewall80-4.5.fw # files: firewall80-4.5.conf /etc/firewall80-4.5.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:09:08 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:59 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall80.fw.orig b/test/pf/firewall80.fw.orig index c61637af5..f79751a61 100755 --- a/test/pf/firewall80.fw.orig +++ b/test/pf/firewall80.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:07 2011 PST by vadim +# Generated Fri Mar 11 10:32:58 2011 PST by vadim # # files: * firewall80.fw /etc/firewall80.fw # files: firewall80.conf /etc/firewall80.conf @@ -73,7 +73,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:09:07 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:58 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall9.fw.orig b/test/pf/firewall9.fw.orig index 88a772bb4..9a6141719 100755 --- a/test/pf/firewall9.fw.orig +++ b/test/pf/firewall9.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:08 2011 PST by vadim +# Generated Fri Mar 11 10:32:59 2011 PST by vadim # # files: * firewall9.fw /etc/fw/firewall9.fw # files: firewall9.conf /etc/fw/firewall9.conf @@ -76,7 +76,7 @@ configure_interfaces() { } -log "Activating firewall script generated Thu Mar 10 21:09:08 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:32:59 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall91.conf.orig b/test/pf/firewall91.conf.orig index d175664ab..562f6ee2f 100644 --- a/test/pf/firewall91.conf.orig +++ b/test/pf/firewall91.conf.orig @@ -3,12 +3,12 @@ # Tables: (1) -table { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 } +table { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 } # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 flags S/SA keep state label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 flags S/SA keep state label "RULE -1 -- ACCEPT " # # Rule 0 (global) block log quick inet from any to any label "RULE 0 -- DROP " diff --git a/test/pf/firewall91.fw.orig b/test/pf/firewall91.fw.orig index fa61ac195..598822aec 100755 --- a/test/pf/firewall91.fw.orig +++ b/test/pf/firewall91.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:09 2011 PST by vadim +# Generated Fri Mar 11 10:33:00 2011 PST by vadim # # files: * firewall91.fw /etc/fw/pf.fw # files: firewall91.conf /etc/fw/pf.conf @@ -247,7 +247,7 @@ configure_interfaces() { update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:09:09 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:33:00 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/firewall92.conf.orig b/test/pf/firewall92.conf.orig index 10605080e..a0b55c9fd 100644 --- a/test/pf/firewall92.conf.orig +++ b/test/pf/firewall92.conf.orig @@ -9,7 +9,7 @@ match out all scrub (random-id min-ttl 1 max-mss 1460) # Tables: (1) -table { 10.1.1.81 , 10.3.14.81 } +table { 10.1.1.81 , 10.3.14.81 } # NAT compiler errors and warnings: # firewall92:NAT:2: error: No translation rules are not supported for PF 4.7, use negation to implement exclusions @@ -28,12 +28,12 @@ match in on em0 proto udp from any to 10.3.14.81 port 161 rdr-to 10.1.1.1 port 1 # # Rule backup ssh access rule # backup ssh access rule -pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE 9998 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.30 to port 22 label "RULE -1 -- ACCEPT " # # Rule 0 (global) # firewall92:Policy:0: warning: Changing rule direction due to self reference -pass in quick inet proto tcp from 10.3.14.0/24 to port 22 label "RULE 0 -- ACCEPT " +pass in quick inet proto tcp from 10.3.14.0/24 to port 22 label "RULE 0 -- ACCEPT " # # Rule 1 (global) pass quick inet from 10.1.1.0/24 to any label "RULE 1 -- ACCEPT " diff --git a/test/pf/firewall92.fw.orig b/test/pf/firewall92.fw.orig index 2e9ff0912..4a1cda97f 100755 --- a/test/pf/firewall92.fw.orig +++ b/test/pf/firewall92.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:09 2011 PST by vadim +# Generated Fri Mar 11 10:33:00 2011 PST by vadim # # files: * firewall92.fw /etc/fw/pf.fw # files: firewall92.conf /etc/fw/path\ with\ space/pf.conf @@ -166,7 +166,7 @@ configure_interfaces() { update_addresses_of_interface "em1 10.1.1.81/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:09:09 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:33:00 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_1_openbsd-1.fw.orig b/test/pf/pf_cluster_1_openbsd-1.fw.orig index 6a6131215..512c5185c 100755 --- a/test/pf/pf_cluster_1_openbsd-1.fw.orig +++ b/test/pf/pf_cluster_1_openbsd-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:10 2011 PST by vadim +# Generated Fri Mar 11 10:33:03 2011 PST by vadim # # files: * pf_cluster_1_openbsd-1.fw /etc/pf_cluster_1_openbsd-1.fw # files: pf_cluster_1_openbsd-1.conf /etc/pf_cluster_1_openbsd-1.conf @@ -299,7 +299,7 @@ configure_interfaces() { update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:09:10 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:33:03 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_1_openbsd-2.fw.orig b/test/pf/pf_cluster_1_openbsd-2.fw.orig index 0391cc641..4944597ec 100755 --- a/test/pf/pf_cluster_1_openbsd-2.fw.orig +++ b/test/pf/pf_cluster_1_openbsd-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:10 2011 PST by vadim +# Generated Fri Mar 11 10:33:03 2011 PST by vadim # # files: * pf_cluster_1_openbsd-2.fw /etc/pf_cluster_1_openbsd-2.fw # files: pf_cluster_1_openbsd-2.conf /etc/pf_cluster_1_openbsd-2.conf @@ -195,7 +195,7 @@ configure_interfaces() { update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:09:10 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:33:03 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_2_freebsd-1.fw.orig b/test/pf/pf_cluster_2_freebsd-1.fw.orig index ba28866bc..209473be5 100755 --- a/test/pf/pf_cluster_2_freebsd-1.fw.orig +++ b/test/pf/pf_cluster_2_freebsd-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:10 2011 PST by vadim +# Generated Fri Mar 11 10:33:03 2011 PST by vadim # # files: * pf_cluster_2_freebsd-1.fw /etc/pf_cluster_2_freebsd-1.fw # files: pf_cluster_2_freebsd-1.conf /etc/pf_cluster_2_freebsd-1.conf @@ -301,7 +301,7 @@ configure_interfaces() { update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:09:10 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:33:03 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_2_freebsd-2.fw.orig b/test/pf/pf_cluster_2_freebsd-2.fw.orig index 32a95eac4..265049e72 100755 --- a/test/pf/pf_cluster_2_freebsd-2.fw.orig +++ b/test/pf/pf_cluster_2_freebsd-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:10 2011 PST by vadim +# Generated Fri Mar 11 10:33:03 2011 PST by vadim # # files: * pf_cluster_2_freebsd-2.fw /etc/pf_cluster_2_freebsd-2.fw # files: pf_cluster_2_freebsd-2.conf /etc/pf_cluster_2_freebsd-2.conf @@ -197,7 +197,7 @@ configure_interfaces() { update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:09:10 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:33:03 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_3_openbsd-3.fw.orig b/test/pf/pf_cluster_3_openbsd-3.fw.orig index 1d9711ed1..fefe7f9ad 100755 --- a/test/pf/pf_cluster_3_openbsd-3.fw.orig +++ b/test/pf/pf_cluster_3_openbsd-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:10 2011 PST by vadim +# Generated Fri Mar 11 10:33:03 2011 PST by vadim # # files: * pf_cluster_3_openbsd-3.fw /etc/pf_cluster_3_openbsd-3.fw # files: pf_cluster_3_openbsd-3.conf /etc/pf_cluster_3_openbsd-3.conf @@ -302,7 +302,7 @@ configure_interfaces() { update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:09:10 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:33:03 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_3_openbsd-4.fw.orig b/test/pf/pf_cluster_3_openbsd-4.fw.orig index 87bb9655b..f74be0d7f 100755 --- a/test/pf/pf_cluster_3_openbsd-4.fw.orig +++ b/test/pf/pf_cluster_3_openbsd-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:10 2011 PST by vadim +# Generated Fri Mar 11 10:33:03 2011 PST by vadim # # files: * pf_cluster_3_openbsd-4.fw /etc/pf_cluster_3_openbsd-4.fw # files: pf_cluster_3_openbsd-4.conf /etc/pf_cluster_3_openbsd-4.conf @@ -199,7 +199,7 @@ configure_interfaces() { update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:09:10 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:33:03 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_4_rc.conf.local b/test/pf/pf_cluster_4_rc.conf.local index 096c5ca0e..0df521df5 100755 --- a/test/pf/pf_cluster_4_rc.conf.local +++ b/test/pf/pf_cluster_4_rc.conf.local @@ -1,9 +1,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:10 2011 PST by vadim +# Generated Fri Mar 11 10:33:03 2011 PST by vadim # # files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local # files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf diff --git a/test/pf/pf_cluster_5_openbsd-3.fw.orig b/test/pf/pf_cluster_5_openbsd-3.fw.orig index b2e17f888..a7b79d985 100755 --- a/test/pf/pf_cluster_5_openbsd-3.fw.orig +++ b/test/pf/pf_cluster_5_openbsd-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:11 2011 PST by vadim +# Generated Fri Mar 11 10:33:04 2011 PST by vadim # # files: * pf_cluster_5_openbsd-3.fw /etc/pf_cluster_5_openbsd-3.fw # files: pf_cluster_5_openbsd-3.conf /etc/pf_cluster_5_openbsd-3.conf @@ -302,7 +302,7 @@ configure_interfaces() { update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:09:11 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:33:04 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pf/pf_cluster_5_openbsd-4.fw.orig b/test/pf/pf_cluster_5_openbsd-4.fw.orig index fc8952238..eb1c150d2 100755 --- a/test/pf/pf_cluster_5_openbsd-4.fw.orig +++ b/test/pf/pf_cluster_5_openbsd-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_pf v4.2.0.3496 +# Firewall Builder fwb_pf v4.2.0.3499 # -# Generated Thu Mar 10 21:09:11 2011 PST by vadim +# Generated Fri Mar 11 10:33:04 2011 PST by vadim # # files: * pf_cluster_5_openbsd-4.fw /etc/pf_cluster_5_openbsd-4.fw # files: pf_cluster_5_openbsd-4.conf /etc/pf_cluster_5_openbsd-4.conf @@ -199,7 +199,7 @@ configure_interfaces() { update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" "" } -log "Activating firewall script generated Thu Mar 10 21:09:11 2011 by vadim" +log "Activating firewall script generated Fri Mar 11 10:33:04 2011 by vadim" set_kernel_vars configure_interfaces diff --git a/test/pix/cluster1-1_pix1.fw.orig b/test/pix/cluster1-1_pix1.fw.orig index 7395ffea2..899e0d516 100755 --- a/test/pix/cluster1-1_pix1.fw.orig +++ b/test/pix/cluster1-1_pix1.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:28 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:17:05 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/cluster1-1_pix2.fw.orig b/test/pix/cluster1-1_pix2.fw.orig index f19dc4a0a..8f781b880 100755 --- a/test/pix/cluster1-1_pix2.fw.orig +++ b/test/pix/cluster1-1_pix2.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:28 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:17:05 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/cluster1_pix1.fw.orig b/test/pix/cluster1_pix1.fw.orig index 8c6c712d7..1dc36bee6 100755 --- a/test/pix/cluster1_pix1.fw.orig +++ b/test/pix/cluster1_pix1.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:27 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:17:04 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/cluster1_pix2.fw.orig b/test/pix/cluster1_pix2.fw.orig index 633b7c7f7..67e73d51a 100755 --- a/test/pix/cluster1_pix2.fw.orig +++ b/test/pix/cluster1_pix2.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:28 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:17:05 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/firewall.fw.orig b/test/pix/firewall.fw.orig index f6a2c9cca..931aab6ec 100755 --- a/test/pix/firewall.fw.orig +++ b/test/pix/firewall.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:11 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:46 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall1.fw.orig b/test/pix/firewall1.fw.orig index e39596067..7972b595c 100755 --- a/test/pix/firewall1.fw.orig +++ b/test/pix/firewall1.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:11 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:46 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.1 ! Outbound ACLs: not supported diff --git a/test/pix/firewall10.fw.orig b/test/pix/firewall10.fw.orig index 9aef5d888..41e3e678f 100755 --- a/test/pix/firewall10.fw.orig +++ b/test/pix/firewall10.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:12 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:47 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall11.fw.orig b/test/pix/firewall11.fw.orig index 4c31f5f71..0460bc713 100755 --- a/test/pix/firewall11.fw.orig +++ b/test/pix/firewall11.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:12 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:47 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall12.fw.orig b/test/pix/firewall12.fw.orig index 6c2360774..44af49302 100755 --- a/test/pix/firewall12.fw.orig +++ b/test/pix/firewall12.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:13 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:48 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall13.fw.orig b/test/pix/firewall13.fw.orig index 426323e53..088dc9846 100755 --- a/test/pix/firewall13.fw.orig +++ b/test/pix/firewall13.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:13 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:48 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall14.fw.orig b/test/pix/firewall14.fw.orig index dc3617cd4..b2e5db87d 100755 --- a/test/pix/firewall14.fw.orig +++ b/test/pix/firewall14.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:14 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:49 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall2.fw.orig b/test/pix/firewall2.fw.orig index 2e8683514..dbd687a24 100755 --- a/test/pix/firewall2.fw.orig +++ b/test/pix/firewall2.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:14 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:50 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall20.fw.orig b/test/pix/firewall20.fw.orig index 1823da023..81fff136a 100755 --- a/test/pix/firewall20.fw.orig +++ b/test/pix/firewall20.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:15 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:50 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall21-1.fw.orig b/test/pix/firewall21-1.fw.orig index 4ae04f082..df58e83d2 100755 --- a/test/pix/firewall21-1.fw.orig +++ b/test/pix/firewall21-1.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:15 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:51 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall21.fw.orig b/test/pix/firewall21.fw.orig index 154d67d53..d4a58d52d 100755 --- a/test/pix/firewall21.fw.orig +++ b/test/pix/firewall21.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:15 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:51 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/firewall22.fw.orig b/test/pix/firewall22.fw.orig index 6e28b8390..db8738955 100755 --- a/test/pix/firewall22.fw.orig +++ b/test/pix/firewall22.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:16 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:52 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/firewall23.fw.orig b/test/pix/firewall23.fw.orig index d7cd0f8ea..6ff224d47 100755 --- a/test/pix/firewall23.fw.orig +++ b/test/pix/firewall23.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:16 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:52 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall3.fw.orig b/test/pix/firewall3.fw.orig index b715879ab..be2b37220 100755 --- a/test/pix/firewall3.fw.orig +++ b/test/pix/firewall3.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:17 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:53 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall33.fw.orig b/test/pix/firewall33.fw.orig index 6ad070434..c2741d173 100755 --- a/test/pix/firewall33.fw.orig +++ b/test/pix/firewall33.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:18 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:53 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported @@ -86,11 +92,19 @@ object-group network id43867C2418346.src.net.0 exit object-group network id438728A918346.dst.net.0 +<<<<<<< HEAD network-object host 74.125.224.16 network-object host 74.125.224.17 network-object host 74.125.224.18 network-object host 74.125.224.19 network-object host 74.125.224.20 +======= + network-object host 74.125.224.48 + network-object host 74.125.224.49 + network-object host 74.125.224.50 + network-object host 74.125.224.51 + network-object host 74.125.224.52 +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 network-object host 157.166.224.25 network-object host 157.166.224.26 network-object host 157.166.226.25 diff --git a/test/pix/firewall34.fw.orig b/test/pix/firewall34.fw.orig index 1b3a978f4..1530817a0 100755 --- a/test/pix/firewall34.fw.orig +++ b/test/pix/firewall34.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:18 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:54 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported @@ -74,61 +80,6 @@ object-group network id16988X10208.dst.net.0 exit object-group network id4390C25825682.dst.net.0 - network-object 58.33.181.83 255.255.255.255 - network-object 58.53.82.190 255.255.255.255 - network-object 58.231.13.78 255.255.255.255 - network-object host 61.150.47.112 - network-object 61.184.14.102 255.255.255.255 - network-object 64.106.85.186 255.255.255.255 - network-object 70.228.60.100 255.255.255.255 - network-object 80.51.236.6 255.255.255.255 - network-object 80.243.72.149 255.255.255.255 - network-object 80.249.77.34 255.255.255.255 - network-object 81.2.36.254 255.255.255.255 - network-object 81.196.74.125 255.255.255.255 - network-object 82.77.37.174 255.255.255.255 - network-object 82.117.221.205 255.255.255.255 - network-object 82.143.196.17 255.255.255.255 - network-object 84.90.8.198 255.255.255.255 - network-object 151.8.224.178 255.255.255.255 - network-object 168.156.76.20 255.255.255.255 - network-object 193.207.126.36 255.255.255.255 - network-object 195.136.186.35 255.255.255.255 - network-object 196.15.136.15 255.255.255.255 - network-object 201.10.180.138 255.255.255.255 - network-object 201.17.93.16 255.255.255.255 - network-object 201.36.156.121 255.255.255.255 - network-object 202.96.112.93 255.255.255.255 - network-object 202.103.25.253 255.255.255.255 - network-object 203.162.3.209 255.255.255.255 - network-object 203.209.124.144 255.255.255.255 - network-object 210.106.193.237 255.255.255.255 - network-object 210.222.114.102 255.255.255.255 - network-object 211.144.143.143 255.255.255.255 - network-object 211.172.218.237 255.255.255.255 - network-object 211.250.16.132 255.255.255.255 - network-object 212.21.241.31 255.255.255.255 - network-object 212.100.212.100 255.255.255.255 - network-object 218.18.72.252 255.255.255.255 - network-object 218.39.114.122 255.255.255.255 - network-object 218.55.115.43 255.255.255.255 - network-object 218.104.138.146 255.255.255.255 - network-object 219.132.104.160 255.255.255.255 - network-object 220.71.17.86 255.255.255.255 - network-object 220.81.50.105 255.255.255.255 - network-object 220.91.99.46 255.255.255.255 - network-object 221.14.249.242 255.255.255.255 - network-object 221.166.177.135 255.255.255.255 - network-object 221.198.33.38 255.255.255.255 - network-object 221.202.160.233 255.255.255.255 - network-object 221.205.54.125 255.255.255.255 - network-object 221.217.44.248 255.255.255.255 - network-object 222.100.212.223 255.255.255.255 - network-object 222.121.118.144 255.255.255.255 - network-object 222.174.113.2 255.255.255.255 -exit - -object-group network id4388CFF8674.src.net.0 network-object 58.33.181.83 255.255.255.255 network-object 58.53.82.190 255.255.255.255 network-object 58.231.13.78 255.255.255.255 @@ -214,7 +165,7 @@ access-list outside_acl_in deny tcp any object-group id4390C25825682.dst.net.0 access-list inside_acl_in deny tcp any object-group id4390C25825682.dst.net.0 eq 25 ! ! Rule 5 (global) -access-list outside_acl_in deny ip object-group id4388CFF8674.src.net.0 any log 6 interval 300 +access-list outside_acl_in deny ip object-group id4390C25825682.dst.net.0 any log 6 interval 300 ! ! Rule 6 (global) access-list outside_acl_in deny ip object-group id4390C25825682.dst.net.0 any log 6 interval 300 diff --git a/test/pix/firewall4.fw.orig b/test/pix/firewall4.fw.orig index 1f70fa11b..c18e73fcd 100755 --- a/test/pix/firewall4.fw.orig +++ b/test/pix/firewall4.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:19 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:54 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall50.fw.orig b/test/pix/firewall50.fw.orig index 842c44192..f4f473dd5 100755 --- a/test/pix/firewall50.fw.orig +++ b/test/pix/firewall50.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:19 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:55 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/firewall6.fw.orig b/test/pix/firewall6.fw.orig index f5f31e0f6..40ce9a994 100755 --- a/test/pix/firewall6.fw.orig +++ b/test/pix/firewall6.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:19 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:55 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall8.fw.orig b/test/pix/firewall8.fw.orig index 708482562..52ea64889 100755 --- a/test/pix/firewall8.fw.orig +++ b/test/pix/firewall8.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:20 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:56 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall80.fw.orig b/test/pix/firewall80.fw.orig index a60292ea6..701c63c1a 100755 --- a/test/pix/firewall80.fw.orig +++ b/test/pix/firewall80.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:20 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:56 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 8.2 ! Outbound ACLs: supported diff --git a/test/pix/firewall81.fw.orig b/test/pix/firewall81.fw.orig index 5995bba15..8ad5d3557 100755 --- a/test/pix/firewall81.fw.orig +++ b/test/pix/firewall81.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:21 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:57 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall82.fw.orig b/test/pix/firewall82.fw.orig index b1317f689..262df6c70 100755 --- a/test/pix/firewall82.fw.orig +++ b/test/pix/firewall82.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:21 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:57 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall83.fw.orig b/test/pix/firewall83.fw.orig index ddfd64c37..2aa793a22 100755 --- a/test/pix/firewall83.fw.orig +++ b/test/pix/firewall83.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:22 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:58 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall9.fw.orig b/test/pix/firewall9.fw.orig index 67b46952f..90515923b 100755 --- a/test/pix/firewall9.fw.orig +++ b/test/pix/firewall9.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:22 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:58 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall90.fw.orig b/test/pix/firewall90.fw.orig index c17ae53c5..8ad4db591 100755 --- a/test/pix/firewall90.fw.orig +++ b/test/pix/firewall90.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:23 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:59 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall91.fw.orig b/test/pix/firewall91.fw.orig index 87b1fcd5e..509f9358d 100755 --- a/test/pix/firewall91.fw.orig +++ b/test/pix/firewall91.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:23 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:16:59 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall92.fw.orig b/test/pix/firewall92.fw.orig index 98fec5cff..3005eed9d 100755 --- a/test/pix/firewall92.fw.orig +++ b/test/pix/firewall92.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:24 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:17:00 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall93.fw.orig b/test/pix/firewall93.fw.orig index c580ecb0e..0f4978398 100755 --- a/test/pix/firewall93.fw.orig +++ b/test/pix/firewall93.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:24 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:17:00 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall94.fw.orig b/test/pix/firewall94.fw.orig index ffd528d80..e744e0cdd 100755 --- a/test/pix/firewall94.fw.orig +++ b/test/pix/firewall94.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:24 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:17:01 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/fwsm1.fw.orig b/test/pix/fwsm1.fw.orig index 5719b51d5..729d03c72 100755 --- a/test/pix/fwsm1.fw.orig +++ b/test/pix/fwsm1.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:25 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:17:02 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for fwsm 2.3 ! Outbound ACLs: supported diff --git a/test/pix/fwsm2.fw.orig b/test/pix/fwsm2.fw.orig index 20f3cafba..8b062ceed 100755 --- a/test/pix/fwsm2.fw.orig +++ b/test/pix/fwsm2.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:26 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:17:02 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for fwsm 4.x ! Outbound ACLs: supported diff --git a/test/pix/pix515.fw.orig b/test/pix/pix515.fw.orig index 45e66f274..2122e3b27 100755 --- a/test/pix/pix515.fw.orig +++ b/test/pix/pix515.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:26 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:17:03 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/real.fw.orig b/test/pix/real.fw.orig index 10847949b..511807c62 100755 --- a/test/pix/real.fw.orig +++ b/test/pix/real.fw.orig @@ -1,9 +1,15 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! +<<<<<<< HEAD ! Firewall Builder fwb_pix v4.2.0.3496 ! ! Generated Sat Mar 12 14:44:27 2011 PST by vadim +======= +! Firewall Builder fwb_pix v4.2.0.3499 +! +! Generated Fri Mar 11 12:17:03 2011 PST by vadim +>>>>>>> cb7662fdaed92246c0956ec9ac25bd37d755f271 ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/procurve_acl/testhp1.fw.orig b/test/procurve_acl/testhp1.fw.orig index c29c409ad..21cb359a8 100755 --- a/test/procurve_acl/testhp1.fw.orig +++ b/test/procurve_acl/testhp1.fw.orig @@ -1,9 +1,9 @@ ; ; This is automatically generated file. DO NOT MODIFY ! ; -; Firewall Builder fwb_procurve_acl v4.2.0.3483 +; Firewall Builder fwb_procurve_acl v4.2.0.3499 ; -; Generated Sun Feb 20 21:30:07 2011 PST by vadim +; Generated Fri Mar 11 12:20:05 2011 PST by vadim ; ; Compiled for procurve_acl K.13 ; diff --git a/test/procurve_acl/testhp2.fw.orig b/test/procurve_acl/testhp2.fw.orig index 7ae32109f..00d047828 100755 --- a/test/procurve_acl/testhp2.fw.orig +++ b/test/procurve_acl/testhp2.fw.orig @@ -1,9 +1,9 @@ ; ; This is automatically generated file. DO NOT MODIFY ! ; -; Firewall Builder fwb_procurve_acl v4.2.0.3483 +; Firewall Builder fwb_procurve_acl v4.2.0.3499 ; -; Generated Sun Feb 20 21:30:07 2011 PST by vadim +; Generated Fri Mar 11 12:20:05 2011 PST by vadim ; ; Compiled for procurve_acl K.13 ; diff --git a/test/procurve_acl/testhp3.fw.orig b/test/procurve_acl/testhp3.fw.orig index 2528e7a98..8e3b0051b 100755 --- a/test/procurve_acl/testhp3.fw.orig +++ b/test/procurve_acl/testhp3.fw.orig @@ -1,9 +1,9 @@ ; ; This is automatically generated file. DO NOT MODIFY ! ; -; Firewall Builder fwb_procurve_acl v4.2.0.3483 +; Firewall Builder fwb_procurve_acl v4.2.0.3499 ; -; Generated Sun Feb 20 21:30:07 2011 PST by vadim +; Generated Fri Mar 11 12:20:05 2011 PST by vadim ; ; Compiled for procurve_acl K.13 ; diff --git a/test/procurve_acl/testhp4.fw.orig b/test/procurve_acl/testhp4.fw.orig index 087389262..6525bb59f 100755 --- a/test/procurve_acl/testhp4.fw.orig +++ b/test/procurve_acl/testhp4.fw.orig @@ -1,9 +1,9 @@ ; ; This is automatically generated file. DO NOT MODIFY ! ; -; Firewall Builder fwb_procurve_acl v4.2.0.3483 +; Firewall Builder fwb_procurve_acl v4.2.0.3499 ; -; Generated Sun Feb 20 21:30:07 2011 PST by vadim +; Generated Fri Mar 11 12:20:05 2011 PST by vadim ; ; Compiled for procurve_acl K.13 ;