onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-20 10:17:16 +01:00
Code Issues Releases Wiki Activity

fixed #1905, #1879

Browse Source
This commit is contained in:
Vadim Kurland 2011-01-10 16:43:43 -08:00
parent 9a012af1f4
commit 24ac2b56ac
281 changed files with 2037 additions and 2095 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/ChangeLog
View File

@ -1,3 +1,19 @@
2011-01-10 vadim <vadim@netcitadel.com>
* CompilerDriver_pix_run.cpp (run): fixed #1905 "fwbuilder crash
when compiling a rule with hosts folder as destination". Compiler
issues a warning when an empty group object is used in a rule, but
GUI crashed when user tried to compile this rule using single-rule
compile function. The change actually affects all policy compilers
and makes sure the GUI catches exception and does not crash, and
prints any errors generated by the compiler in the compiler output
panel when single-rule compile function is used.
* CompilerDriver_ipt.cpp (findBranchesInMangleTable): fixed #1879
"gui crash". Both GUI and fwb_ipt crashed trying to compile a rule
with action Branch that was not configured to point to any rule
set.
2011-01-07 vadim <vadim@netcitadel.com>
* NATCompiler_pix.cpp (NATCompiler_pix): fixes #1901 "add

7
src/cisco_lib/CompilerDriver_iosacl_run.cpp
View File

@ -342,12 +342,13 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id,
} else
{
QString err(" Failed to open file %1 for writing: %2; Current dir: %3");
abort(err.arg(fw_file.fileName()).arg(fw_file.error()).arg(QDir::current().path()).toStdString());
abort(err.arg(fw_file.fileName())
.arg(fw_file.error()).arg(QDir::current().path()).toStdString());
}
}
catch (FatalErrorInSingleRuleCompileMode &ex)
catch (FWException &ex)
{
return QString::fromUtf8(getErrors("").c_str());
return QString::fromUtf8(ex.toString().c_str());
}
return "";

20
src/cisco_lib/CompilerDriver_pix_run.cpp
View File

@ -229,11 +229,17 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
#endif
QString ofname = determineOutputFileName(cluster, fw, !cluster_id.empty(), ".fw");
QString ofname = determineOutputFileName(
cluster, fw, !cluster_id.empty(), ".fw");
FWOptions* options = fw->getOptionsObject();
QString script_buffer;
std::auto_ptr<NATCompiler_pix> n;
std::auto_ptr<PolicyCompiler_pix> c;
std::auto_ptr<RoutingCompiler_pix> r;
try
{
commonChecks2(cluster, fw);
@ -356,7 +362,6 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
/* create compilers and run the whole thing */
string version = fw->getStr("version");
std::auto_ptr<NATCompiler_pix> n;
if (XMLTools::version_compare(version, "8.3")>=0)
n = std::auto_ptr<NATCompiler_pix>(
new NATCompiler_asa8(objdb, fw, false, oscnf.get()));
@ -385,7 +390,7 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
info(" Nothing to compile in NAT");
}
std::auto_ptr<PolicyCompiler_pix> c(
c = std::auto_ptr<PolicyCompiler_pix>(
new PolicyCompiler_pix(objdb, fw, false, oscnf.get() , n.get()));
RuleSet *policy = RuleSet::cast(fw->getFirstByType(Policy::TYPENAME));
@ -409,7 +414,7 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
info(" Nothing to compile in Policy");
}
std::auto_ptr<RoutingCompiler_pix> r(
r = std::auto_ptr<RoutingCompiler_pix>(
new RoutingCompiler_pix(objdb, fw, false, oscnf.get()));
RuleSet *routing = RuleSet::cast(fw->getFirstByType(Routing::TYPENAME));
@ -479,12 +484,13 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
} else
{
QString err(" Failed to open file %1 for writing: %2; Current dir: %3");
abort(err.arg(fw_file.fileName()).arg(fw_file.error()).arg(QDir::current().path()).toStdString());
abort(err.arg(fw_file.fileName())
.arg(fw_file.error()).arg(QDir::current().path()).toStdString());
}
}
catch (FatalErrorInSingleRuleCompileMode &ex)
catch (FWException &ex)
{
return QString::fromUtf8(getErrors("").c_str());
return QString::fromUtf8(ex.toString().c_str());
}
return "";

7
src/cisco_lib/CompilerDriver_procurve_acl_run.cpp
View File

@ -329,12 +329,13 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id,
} else
{
QString err(" Failed to open file %1 for writing: %2; Current dir: %3");
abort(err.arg(fw_file.fileName()).arg(fw_file.error()).arg(QDir::current().path()).toStdString());
abort(err.arg(fw_file.fileName())
.arg(fw_file.error()).arg(QDir::current().path()).toStdString());
}
}
catch (FatalErrorInSingleRuleCompileMode &ex)
catch (FWException &ex)
{
return QString::fromUtf8(getErrors("").c_str());
return QString::fromUtf8(ex.toString().c_str());
}
return "";

197
src/cisco_lib/NATCompiler_asa8.cpp
View File

@ -183,146 +183,139 @@ void NATCompiler_asa8::compile()
{
info(" Compiling NAT rules for " + fw->getName());
try {
Compiler::compile();
Compiler::compile();
add( new Begin( "Begin processing"));
add( new printTotalNumberOfRules());
add( new Begin( "Begin processing"));
add( new printTotalNumberOfRules());
add( new singleRuleFilter());
add( new singleRuleFilter());
/* REMOVE_OLD_OPTIMIZATIONS
if (fw->getOptionsObject()->getBool( "pix_optimize_default_nat"))
add (new optimizeDefaultNAT(
"optimize commands 'nat (interface) 0.0.0.0 0.0.0.0'"));
if (fw->getOptionsObject()->getBool( "pix_optimize_default_nat"))
add (new optimizeDefaultNAT(
"optimize commands 'nat (interface) 0.0.0.0 0.0.0.0'"));
*/
add( new recursiveGroupsInOSrc("check for recursive groups in OSRC"));
add( new recursiveGroupsInODst("check for recursive groups in ODST"));
add( new recursiveGroupsInOSrv("check for recursive groups in OSRV"));
add( new recursiveGroupsInOSrc("check for recursive groups in OSRC"));
add( new recursiveGroupsInODst("check for recursive groups in ODST"));
add( new recursiveGroupsInOSrv("check for recursive groups in OSRV"));
add( new recursiveGroupsInTSrc("check for recursive groups in TSRC"));
add( new recursiveGroupsInTDst("check for recursive groups in TDST"));
add( new recursiveGroupsInTSrv("check for recursive groups in TSRV"));
add( new recursiveGroupsInTSrc("check for recursive groups in TSRC"));
add( new recursiveGroupsInTDst("check for recursive groups in TDST"));
add( new recursiveGroupsInTSrv("check for recursive groups in TSRV"));
add( new emptyGroupsInOSrc("check for empty groups in OSRC"));
add( new emptyGroupsInODst("check for empty groups in ODST"));
add( new emptyGroupsInOSrv("check for empty groups in OSRV"));
add( new emptyGroupsInOSrc("check for empty groups in OSRC"));
add( new emptyGroupsInODst("check for empty groups in ODST"));
add( new emptyGroupsInOSrv("check for empty groups in OSRV"));
add( new emptyGroupsInTSrc("check for empty groups in TSRC"));
add( new emptyGroupsInTDst("check for empty groups in TDST"));
add( new emptyGroupsInTSrv("check for empty groups in TSRV"));
add( new emptyGroupsInTSrc("check for empty groups in TSRC"));
add( new emptyGroupsInTDst("check for empty groups in TDST"));
add( new emptyGroupsInTSrv("check for empty groups in TSRV"));
add( new ExpandGroups("expand groups"));
add( new ExpandGroups("expand groups"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new eliminateDuplicatesInOSRC("eliminate duplicates in OSRC"));
add( new eliminateDuplicatesInODST("eliminate duplicates in ODST"));
add( new eliminateDuplicatesInOSRV("eliminate duplicates in OSRV"));
add( new eliminateDuplicatesInOSRC("eliminate duplicates in OSRC"));
add( new eliminateDuplicatesInODST("eliminate duplicates in ODST"));
add( new eliminateDuplicatesInOSRV("eliminate duplicates in OSRV"));
add( new processMultiAddressObjectsInOSrc(
"process MultiAddress objects in OSrc"));
add( new processMultiAddressObjectsInODst(
"process MultiAddress objects in ODst"));
add( new processMultiAddressObjectsInOSrc(
"process MultiAddress objects in OSrc"));
add( new processMultiAddressObjectsInODst(
"process MultiAddress objects in ODst"));
add( new classifyNATRule("determine NAT rule types"));
add( new VerifyRules("verify rules" ));
add( new classifyNATRule("determine NAT rule types"));
add( new VerifyRules("verify rules" ));
// ReplaceFirewallObjectsODst, ReplaceFirewallObjectsODst and
// UseFirewallInterfaces assume there is one object in ODst,
// TSrc and TDst rule elements. This should have been assured
// by inspector VerifyRules
add( new ReplaceFirewallObjectsODst("replace fw object in ODst" ));
add( new ReplaceFirewallObjectsTSrc("replace fw object in TSrc" ));
add( new UseFirewallInterfaces(
"replace host objects with firewall's interfaces if the have the same address"));
// ReplaceFirewallObjectsODst, ReplaceFirewallObjectsODst and
// UseFirewallInterfaces assume there is one object in ODst,
// TSrc and TDst rule elements. This should have been assured
// by inspector VerifyRules
add( new ReplaceFirewallObjectsODst("replace fw object in ODst" ));
add( new ReplaceFirewallObjectsTSrc("replace fw object in TSrc" ));
add( new UseFirewallInterfaces(
"replace host objects with firewall's interfaces if the have the same address"));
// ExpandMultipleAddresses acts on different rule elements
// depending on the rule type.
// Also using overloaded virtual function _expand_interface
add( new ExpandMultipleAddresses("expand multiple addresses"));
add( new MACFiltering( "check for MAC address filtering"));
// ExpandMultipleAddresses acts on different rule elements
// depending on the rule type.
// Also using overloaded virtual function _expand_interface
add( new ExpandMultipleAddresses("expand multiple addresses"));
add( new MACFiltering( "check for MAC address filtering"));
// ASA8 nat commands support address range directly.
// add( new ExpandAddressRanges("expand address range objects"));
// ASA8 nat commands support address range directly.
// add( new ExpandAddressRanges("expand address range objects"));
add( new checkForUnnumbered("check for unnumbered interfaces"));
add( new checkForUnnumbered("check for unnumbered interfaces"));
add( new ConvertToAtomic("convert to atomic rules" ));
add( new AssignInterface("assign rules to interfaces" ));
add( new verifyInterfaces("verify interfaces assignment" ));
add( new fillTranslatedSrv("fill translated service element" ));
add( new verifyRuleElements(
"verify rule elements for static NAT rules"));
add( new processNONATRules("process NONAT" ));
add( new ConvertToAtomic("convert to atomic rules" ));
add( new AssignInterface("assign rules to interfaces" ));
add( new verifyInterfaces("verify interfaces assignment" ));
add( new fillTranslatedSrv("fill translated service element" ));
add( new verifyRuleElements(
"verify rule elements for static NAT rules"));
add( new processNONATRules("process NONAT" ));
/* REMOVE_OLD_OPTIMIZATIONS
if (fw->getOptionsObject()->getBool("pix_optimize_default_nat"))
add (new clearOSrc ("clear OSrc" ));
if (fw->getOptionsObject()->getBool("pix_optimize_default_nat"))
add (new clearOSrc ("clear OSrc" ));
*/
add( new createNATCmd ("create NAT commands" ));
add( new createStaticCmd ("create static commands" ));
add( new createNATCmd ("create NAT commands" ));
add( new createStaticCmd ("create static commands" ));
/* REMOVE_OLD_OPTIMIZATIONS
add( new mergeNATCmd ("merge NAT commands" ));
add( new SuppressDuplicateNONATStatics(
"suppress duplicate NONAT statics" ));
add( new mergeNATCmd ("merge NAT commands" ));
add( new SuppressDuplicateNONATStatics(
"suppress duplicate NONAT statics" ));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
*/
add( new PrintClearCommands("Clear ACLs" ));
add( new PrintObjectsForNat("generate objects for nat commands"));
add( new PrintRule("generate PIX code" ));
add( new storeProcessedRules ("store processed rules" ));
add( new simplePrintProgress ());
add( new PrintClearCommands("Clear ACLs" ));
add( new PrintObjectsForNat("generate objects for nat commands"));
add( new PrintRule("generate PIX code" ));
add( new storeProcessedRules ("store processed rules" ));
add( new simplePrintProgress ());
/* REMOVE_OLD_OPTIMIZATIONS
bool pix_check_duplicate_nat =
fw->getOptionsObject()->getBool("pix_check_duplicate_nat");
bool pix_check_overlapping_global_pools =
fw->getOptionsObject()->getBool("pix_check_overlapping_global_pools");
bool pix_check_overlapping_statics =
fw->getOptionsObject()->getBool("pix_check_overlapping_statics");
bool pix_check_overlapping_global_statics =
fw->getOptionsObject()->getBool("pix_check_overlapping_global_statics");
bool pix_check_duplicate_nat =
fw->getOptionsObject()->getBool("pix_check_duplicate_nat");
bool pix_check_overlapping_global_pools =
fw->getOptionsObject()->getBool("pix_check_overlapping_global_pools");
bool pix_check_overlapping_statics =
fw->getOptionsObject()->getBool("pix_check_overlapping_statics");
bool pix_check_overlapping_global_statics =
fw->getOptionsObject()->getBool("pix_check_overlapping_global_statics");
if ( pix_check_duplicate_nat ||
pix_check_overlapping_global_pools ||
pix_check_overlapping_statics ||
pix_check_overlapping_global_statics )
{
add( new createNewCompilerPass(" Detecting nat problems ..."));
if ( pix_check_duplicate_nat ||
pix_check_overlapping_global_pools ||
pix_check_overlapping_statics ||
pix_check_overlapping_global_statics )
{
add( new createNewCompilerPass(" Detecting nat problems ..."));
if ( pix_check_duplicate_nat )
add( new DetectDuplicateNAT(" Detect duplicate nat entries"));
if ( pix_check_duplicate_nat )
add( new DetectDuplicateNAT(" Detect duplicate nat entries"));
if ( pix_check_overlapping_global_pools )
add( new DetectGlobalPoolProblems(
" Detect global pool overlapping" ));
if ( pix_check_overlapping_global_pools )
add( new DetectGlobalPoolProblems(
" Detect global pool overlapping" ));
if ( pix_check_overlapping_statics )
add( new DetectOverlappingStatics(
" Detect overlapping statics" ));
if ( pix_check_overlapping_statics )
add( new DetectOverlappingStatics(
" Detect overlapping statics" ));
if ( pix_check_overlapping_global_statics )
add( new DetectOverlappingGlobalPoolsAndStaticRules(
" Detect overlapping global pools and statics" ));
if ( pix_check_overlapping_global_statics )
add( new DetectOverlappingGlobalPoolsAndStaticRules(
" Detect overlapping global pools and statics" ));
add( new simplePrintProgress ( ));
}
add( new simplePrintProgress ( ));
}
*/
runRuleProcessors();
runRuleProcessors();
} catch (FWException &ex)
{
error(ex.toString());
exit(1);
}
}

203
src/cisco_lib/NATCompiler_pix.cpp
View File

@ -1648,136 +1648,129 @@ void NATCompiler_pix::compile()
{
info(" Compiling NAT rules for " + fw->getName());
try {
Compiler::compile();
Compiler::compile();
add( new Begin( "Begin processing"));
add( new printTotalNumberOfRules());
add( new Begin( "Begin processing"));
add( new printTotalNumberOfRules());
add( new singleRuleFilter());
add( new singleRuleFilter());
if (fw->getOptionsObject()->getBool( "pix_optimize_default_nat"))
add (new optimizeDefaultNAT(
"optimize commands 'nat (interface) 0.0.0.0 0.0.0.0'"));
if (fw->getOptionsObject()->getBool( "pix_optimize_default_nat"))
add (new optimizeDefaultNAT(
"optimize commands 'nat (interface) 0.0.0.0 0.0.0.0'"));
add( new recursiveGroupsInOSrc("check for recursive groups in OSRC"));
add( new recursiveGroupsInODst("check for recursive groups in ODST"));
add( new recursiveGroupsInOSrv("check for recursive groups in OSRV"));
add( new recursiveGroupsInOSrc("check for recursive groups in OSRC"));
add( new recursiveGroupsInODst("check for recursive groups in ODST"));
add( new recursiveGroupsInOSrv("check for recursive groups in OSRV"));
add( new recursiveGroupsInTSrc("check for recursive groups in TSRC"));
add( new recursiveGroupsInTDst("check for recursive groups in TDST"));
add( new recursiveGroupsInTSrv("check for recursive groups in TSRV"));
add( new recursiveGroupsInTSrc("check for recursive groups in TSRC"));
add( new recursiveGroupsInTDst("check for recursive groups in TDST"));
add( new recursiveGroupsInTSrv("check for recursive groups in TSRV"));
add( new emptyGroupsInOSrc("check for empty groups in OSRC"));
add( new emptyGroupsInODst("check for empty groups in ODST"));
add( new emptyGroupsInOSrv("check for empty groups in OSRV"));
add( new emptyGroupsInOSrc("check for empty groups in OSRC"));
add( new emptyGroupsInODst("check for empty groups in ODST"));
add( new emptyGroupsInOSrv("check for empty groups in OSRV"));
add( new emptyGroupsInTSrc("check for empty groups in TSRC"));
add( new emptyGroupsInTDst("check for empty groups in TDST"));
add( new emptyGroupsInTSrv("check for empty groups in TSRV"));
add( new emptyGroupsInTSrc("check for empty groups in TSRC"));
add( new emptyGroupsInTDst("check for empty groups in TDST"));
add( new emptyGroupsInTSrv("check for empty groups in TSRV"));
add( new ExpandGroups("expand groups"));
add( new ExpandGroups("expand groups"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new eliminateDuplicatesInOSRC("eliminate duplicates in OSRC"));
add( new eliminateDuplicatesInODST("eliminate duplicates in ODST"));
add( new eliminateDuplicatesInOSRV("eliminate duplicates in OSRV"));
add( new eliminateDuplicatesInOSRC("eliminate duplicates in OSRC"));
add( new eliminateDuplicatesInODST("eliminate duplicates in ODST"));
add( new eliminateDuplicatesInOSRV("eliminate duplicates in OSRV"));
add( new processMultiAddressObjectsInOSrc(
"process MultiAddress objects in OSrc"));
add( new processMultiAddressObjectsInODst(
"process MultiAddress objects in ODst"));
add( new processMultiAddressObjectsInOSrc(
"process MultiAddress objects in OSrc"));
add( new processMultiAddressObjectsInODst(
"process MultiAddress objects in ODst"));
add( new classifyNATRule("determine NAT rule types"));
add( new VerifyRules("verify rules" ));
add( new classifyNATRule("determine NAT rule types"));
add( new VerifyRules("verify rules" ));
// ReplaceFirewallObjectsODst, ReplaceFirewallObjectsODst and
// UseFirewallInterfaces assume there is one object in ODst,
// TSrc and TDst rule elements. This should have been assured
// by inspector VerifyRules
add( new ReplaceFirewallObjectsODst("replace fw object in ODst" ));
add( new ReplaceFirewallObjectsTSrc("replace fw object in TSrc" ));
add( new UseFirewallInterfaces(
"replace host objects with firewall's interfaces if the have the same address"));
// ReplaceFirewallObjectsODst, ReplaceFirewallObjectsODst and
// UseFirewallInterfaces assume there is one object in ODst,
// TSrc and TDst rule elements. This should have been assured
// by inspector VerifyRules
add( new ReplaceFirewallObjectsODst("replace fw object in ODst" ));
add( new ReplaceFirewallObjectsTSrc("replace fw object in TSrc" ));
add( new UseFirewallInterfaces(
"replace host objects with firewall's interfaces if the have the same address"));
// ExpandMultipleAddresses acts on different rule elements
// depending on the rule type.
// Also using overloaded virtual function _expand_interface
add( new ExpandMultipleAddresses("expand multiple addresses"));
add( new MACFiltering( "check for MAC address filtering"));
add( new ExpandAddressRanges("expand address range objects"));
add( new checkForUnnumbered("check for unnumbered interfaces"));
// ExpandMultipleAddresses acts on different rule elements
// depending on the rule type.
// Also using overloaded virtual function _expand_interface
add( new ExpandMultipleAddresses("expand multiple addresses"));
add( new MACFiltering( "check for MAC address filtering"));
add( new ExpandAddressRanges("expand address range objects"));
add( new checkForUnnumbered("check for unnumbered interfaces"));
add( new ConvertToAtomic("convert to atomic rules" ));
add( new AssignInterface("assign rules to interfaces" ));
add( new verifyInterfaces("verify interfaces assignment" ));
add( new fillTranslatedSrv("fill translated service element" ));
add( new verifyRuleElements(
"verify rule elements for static NAT rules"));
add( new processNONATRules("process NONAT" ));
add( new ConvertToAtomic("convert to atomic rules" ));
add( new AssignInterface("assign rules to interfaces" ));
add( new verifyInterfaces("verify interfaces assignment" ));
add( new fillTranslatedSrv("fill translated service element" ));
add( new verifyRuleElements(
"verify rule elements for static NAT rules"));
add( new processNONATRules("process NONAT" ));
if (fw->getOptionsObject()->getBool("pix_optimize_default_nat"))
add (new clearOSrc ("clear OSrc" ));
if (fw->getOptionsObject()->getBool("pix_optimize_default_nat"))
add (new clearOSrc ("clear OSrc" ));
add( new createNATCmd ("create NAT commands" ));
add( new createStaticCmd ("create static commands" ));
add( new mergeNATCmd ("merge NAT commands" ));
add( new SuppressDuplicateNONATStatics(
"suppress duplicate NONAT statics" ));
add( new createNATCmd ("create NAT commands" ));
add( new createStaticCmd ("create static commands" ));
add( new mergeNATCmd ("merge NAT commands" ));
add( new SuppressDuplicateNONATStatics(
"suppress duplicate NONAT statics" ));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new PrintClearCommands( "Clear ACLs" ));
add( new PrintClearCommands( "Clear ACLs" ));
add( new PrintRule ("generate PIX code" ));
add( new storeProcessedRules ("store processed rules" ));
add( new simplePrintProgress ());
add( new PrintRule ("generate PIX code" ));
add( new storeProcessedRules ("store processed rules" ));
add( new simplePrintProgress ());
bool pix_check_duplicate_nat =
fw->getOptionsObject()->getBool("pix_check_duplicate_nat");
bool pix_check_overlapping_global_pools =
fw->getOptionsObject()->getBool("pix_check_overlapping_global_pools");
bool pix_check_overlapping_statics =
fw->getOptionsObject()->getBool("pix_check_overlapping_statics");
bool pix_check_overlapping_global_statics =
fw->getOptionsObject()->getBool("pix_check_overlapping_global_statics");
bool pix_check_duplicate_nat =
fw->getOptionsObject()->getBool("pix_check_duplicate_nat");
bool pix_check_overlapping_global_pools =
fw->getOptionsObject()->getBool("pix_check_overlapping_global_pools");
bool pix_check_overlapping_statics =
fw->getOptionsObject()->getBool("pix_check_overlapping_statics");
bool pix_check_overlapping_global_statics =
fw->getOptionsObject()->getBool("pix_check_overlapping_global_statics");
if ( pix_check_duplicate_nat ||
pix_check_overlapping_global_pools ||
pix_check_overlapping_statics ||
pix_check_overlapping_global_statics )
{
add( new createNewCompilerPass(" Detecting nat problems ..."));
if ( pix_check_duplicate_nat )
add( new DetectDuplicateNAT(" Detect duplicate nat entries"));
if ( pix_check_overlapping_global_pools )
add( new DetectGlobalPoolProblems(
" Detect global pool overlapping" ));
if ( pix_check_overlapping_statics )
add( new DetectOverlappingStatics(
" Detect overlapping statics" ));
if ( pix_check_overlapping_global_statics )
add( new DetectOverlappingGlobalPoolsAndStaticRules(
" Detect overlapping global pools and statics" ));
add( new simplePrintProgress ( ));
}
runRuleProcessors();
} catch (FWException &ex)
if ( pix_check_duplicate_nat ||
pix_check_overlapping_global_pools ||
pix_check_overlapping_statics ||
pix_check_overlapping_global_statics )
{
error(ex.toString());
exit(1);
add( new createNewCompilerPass(" Detecting nat problems ..."));
if ( pix_check_duplicate_nat )
add( new DetectDuplicateNAT(" Detect duplicate nat entries"));
if ( pix_check_overlapping_global_pools )
add( new DetectGlobalPoolProblems(
" Detect global pool overlapping" ));
if ( pix_check_overlapping_statics )
add( new DetectOverlappingStatics(
" Detect overlapping statics" ));
if ( pix_check_overlapping_global_statics )
add( new DetectOverlappingGlobalPoolsAndStaticRules(
" Detect overlapping global pools and statics" ));
add( new simplePrintProgress ( ));
}
runRuleProcessors();
}

317
src/cisco_lib/PolicyCompiler_iosacl.cpp
View File

@ -304,188 +304,181 @@ void PolicyCompiler_iosacl::compile()
bool supports_object_groups = XMLTools::version_compare(version, "12.4")>=0 &&
fw->getOptionsObject()->getBool("iosacl_use_object_groups") && ! ipv6;
try
string vers = fw->getStr("version");
string platform = fw->getStr("platform");
Compiler::compile();
addDefaultPolicyRule();
if ( fw->getOptionsObject()->getBool ("check_shading") &&
! inSingleRuleCompileMode())
{
string vers = fw->getStr("version");
string platform = fw->getStr("platform");
add( new Begin("Detecting rule shadowing" ) );
add( new printTotalNumberOfRules());
Compiler::compile();
add( new ItfNegation("process negation in Itf" ) );
add( new InterfacePolicyRules(
"process interface policy rules and store interface ids"));
addDefaultPolicyRule();
add( new recursiveGroupsInSrc("check for recursive groups in SRC"));
add( new recursiveGroupsInDst("check for recursive groups in DST"));
add( new recursiveGroupsInSrv("check for recursive groups in SRV"));
if ( fw->getOptionsObject()->getBool ("check_shading") &&
! inSingleRuleCompileMode())
{
add( new Begin("Detecting rule shadowing" ) );
add( new printTotalNumberOfRules());
add( new ItfNegation("process negation in Itf" ) );
add( new InterfacePolicyRules(
"process interface policy rules and store interface ids"));
add( new recursiveGroupsInSrc("check for recursive groups in SRC"));
add( new recursiveGroupsInDst("check for recursive groups in DST"));
add( new recursiveGroupsInSrv("check for recursive groups in SRV"));
add( new ExpandGroups("expand groups"));
add( new dropRuleWithEmptyRE(
"drop rules with empty rule elements"));
add( new eliminateDuplicatesInSRC("eliminate duplicates in SRC"));
add( new eliminateDuplicatesInDST("eliminate duplicates in DST"));
add( new eliminateDuplicatesInSRV("eliminate duplicates in SRV"));
add( new ExpandMultipleAddressesInSrc(
"expand objects with multiple addresses in SRC" ) );
add( new ExpandMultipleAddressesInDst(
"expand objects with multiple addresses in DST" ) );
add( new dropRuleWithEmptyRE(
"drop rules with empty rule elements"));
add( new mirrorRule("Add mirrored rules"));
add( new ConvertToAtomic("convert to atomic rules" ) );
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new DetectShadowing("Detect shadowing" ) );
add( new simplePrintProgress() );
runRuleProcessors();
deleteRuleProcessors();
}
add( new Begin (" Start processing rules" ) );
add( new printTotalNumberOfRules ( ) );
add( new singleRuleFilter());
add( new recursiveGroupsInSrc( "check for recursive groups in SRC" ) );
add( new recursiveGroupsInDst( "check for recursive groups in DST" ) );
add( new recursiveGroupsInSrv( "check for recursive groups in SRV" ) );
add( new emptyGroupsInSrc( "check for empty groups in SRC" ) );
add( new emptyGroupsInDst( "check for empty groups in DST" ) );
add( new emptyGroupsInSrv( "check for empty groups in SRV" ) );
add( new ExpandGroups ("expand groups" ) );
add( new ExpandGroups("expand groups"));
add( new dropRuleWithEmptyRE(
"drop rules with empty rule elements"));
add( new eliminateDuplicatesInSRC( "eliminate duplicates in SRC" ) );
add( new eliminateDuplicatesInDST( "eliminate duplicates in DST" ) );
add( new eliminateDuplicatesInSRV( "eliminate duplicates in SRV" ) );
add( new processMultiAddressObjectsInSrc(
"process MultiAddress objects in Src") );
add( new processMultiAddressObjectsInDst(
"process MultiAddress objects in Dst") );
add( new expandGroupsInItf("expand groups in Interface" ));
add( new replaceClusterInterfaceInItf(
"replace cluster interfaces with member interfaces in the Interface rule element"));
add( new ItfNegation( "process negation in Itf" ) );
add( new InterfacePolicyRules(
"process interface policy rules and store interface ids") );
add( new splitServices ("split rules with different protocols" ) );
add( new eliminateDuplicatesInSRC("eliminate duplicates in SRC"));
add( new eliminateDuplicatesInDST("eliminate duplicates in DST"));
add( new eliminateDuplicatesInSRV("eliminate duplicates in SRV"));
add( new ExpandMultipleAddressesInSrc(
"expand objects with multiple addresses in SRC" ) );
add( new MACFiltering ("check for MAC address filtering" ) );
// add( new splitByNetworkZonesForSrc ("split rule if objects in Src belong to different network zones " ) );
// add( new replaceFWinDSTPolicy ("replace fw with its interface in DST in global policy rules") );
add( new ExpandMultipleAddressesInDst(
"expand objects with multiple addresses in DST" ) );
add( new MACFiltering(
"check for MAC address filtering" ) );
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
// add( new splitByNetworkZonesForDst ("split rule if objects in Dst belong to different network zones " ) );
if (ipv6)
add( new DropIPv4Rules("drop ipv4 rules"));
else
add( new DropIPv6Rules("drop ipv6 rules"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new checkForUnnumbered("check for unnumbered interfaces"));
if ( ! supports_object_groups)
add( new addressRanges("process address ranges"));
add( new dropRuleWithEmptyRE(
"drop rules with empty rule elements"));
add( new mirrorRule("Add mirrored rules"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new setInterfaceAndDirectionBySrc(
"Set interface and direction for rules with interface 'all' using SRC"));
add( new setInterfaceAndDirectionByDst(
"Set interface and direction for rules with interface 'all' using DST"));
add( new setInterfaceAndDirectionIfInterfaceSet(
"Set direction for rules with interface not 'all'"));
add( new specialCaseWithDynInterface(
"check for a special cases with dynamic interface" ) );
// first arg is true because we use "ip access-list" for IOS.
add( new pickACL( true, "assign ACLs" ) );
add( new SpecialServices( "check for special services" ) );
add( new CheckForUnsupportedUserService("check for user service") );
add( new checkForZeroAddr( "check for zero addresses" ) );
add( new checkForDynamicInterface("check for dynamic interfaces" ) );
/* remove redundant objects only after all splits has been
* done, right before object groups are created
*/
add( new removeRedundantAddressesFromSrc(
"remove redundant addresses from Src") );
add( new removeRedundantAddressesFromDst(
"remove redundant addresses from Dst") );
add( new ConvertToAtomic("convert to atomic rules" ) );
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
if (supports_object_groups)
{
// "object-group service" does not seem to support
// matching of tcp flags and "established". Need to
// separate objects using these into separate rules to avoid
// object-group
add( new splitTCPServiceWithFlags(
"separate TCP service with tcp flags"));
add( new CreateObjectGroupsForSrc("create object groups for Src"));
add( new CreateObjectGroupsForDst("create object groups for Dst"));
add( new CreateObjectGroupsForSrv("create object groups for Srv"));
} else
{
add( new ConvertToAtomic ("convert to atomic rules" ) );
}
add( new simplePrintProgress());
add( new createNewCompilerPass("Creating object groups and ACLs"));
add( new printClearCommands("clear commands for object-groups and ACLs"));
add( new printObjectGroups("generate code for object groups"));
// This processor prints each ACL separately in one block.
// It adds comments inside to denote original rules.
//
add( new PrintCompleteACLs("Print ACLs"));
add( new simplePrintProgress());
add( new DetectShadowing("Detect shadowing" ) );
add( new simplePrintProgress() );
runRuleProcessors();
} catch (FWException &ex)
{
error(ex.toString());
exit(1);
deleteRuleProcessors();
}
add( new Begin (" Start processing rules" ) );
add( new printTotalNumberOfRules ( ) );
add( new singleRuleFilter());
add( new recursiveGroupsInSrc( "check for recursive groups in SRC" ) );
add( new recursiveGroupsInDst( "check for recursive groups in DST" ) );
add( new recursiveGroupsInSrv( "check for recursive groups in SRV" ) );
add( new emptyGroupsInSrc( "check for empty groups in SRC" ) );
add( new emptyGroupsInDst( "check for empty groups in DST" ) );
add( new emptyGroupsInSrv( "check for empty groups in SRV" ) );
add( new ExpandGroups ("expand groups" ) );
add( new dropRuleWithEmptyRE(
"drop rules with empty rule elements"));
add( new eliminateDuplicatesInSRC( "eliminate duplicates in SRC" ) );
add( new eliminateDuplicatesInDST( "eliminate duplicates in DST" ) );
add( new eliminateDuplicatesInSRV( "eliminate duplicates in SRV" ) );
add( new processMultiAddressObjectsInSrc(
"process MultiAddress objects in Src") );
add( new processMultiAddressObjectsInDst(
"process MultiAddress objects in Dst") );
add( new expandGroupsInItf("expand groups in Interface" ));
add( new replaceClusterInterfaceInItf(
"replace cluster interfaces with member interfaces in the Interface rule element"));
add( new ItfNegation( "process negation in Itf" ) );
add( new InterfacePolicyRules(
"process interface policy rules and store interface ids") );
add( new splitServices ("split rules with different protocols" ) );
add( new ExpandMultipleAddressesInSrc(
"expand objects with multiple addresses in SRC" ) );
add( new MACFiltering ("check for MAC address filtering" ) );
// add( new splitByNetworkZonesForSrc ("split rule if objects in Src belong to different network zones " ) );
// add( new replaceFWinDSTPolicy ("replace fw with its interface in DST in global policy rules") );
add( new ExpandMultipleAddressesInDst(
"expand objects with multiple addresses in DST" ) );
add( new MACFiltering(
"check for MAC address filtering" ) );
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
// add( new splitByNetworkZonesForDst ("split rule if objects in Dst belong to different network zones " ) );
if (ipv6)
add( new DropIPv4Rules("drop ipv4 rules"));
else
add( new DropIPv6Rules("drop ipv6 rules"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new checkForUnnumbered("check for unnumbered interfaces"));
if ( ! supports_object_groups)
add( new addressRanges("process address ranges"));
add( new mirrorRule("Add mirrored rules"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new setInterfaceAndDirectionBySrc(
"Set interface and direction for rules with interface 'all' using SRC"));
add( new setInterfaceAndDirectionByDst(
"Set interface and direction for rules with interface 'all' using DST"));
add( new setInterfaceAndDirectionIfInterfaceSet(
"Set direction for rules with interface not 'all'"));
add( new specialCaseWithDynInterface(
"check for a special cases with dynamic interface" ) );
// first arg is true because we use "ip access-list" for IOS.
add( new pickACL( true, "assign ACLs" ) );
add( new SpecialServices( "check for special services" ) );
add( new CheckForUnsupportedUserService("check for user service") );
add( new checkForZeroAddr( "check for zero addresses" ) );
add( new checkForDynamicInterface("check for dynamic interfaces" ) );
/* remove redundant objects only after all splits has been
* done, right before object groups are created
*/
add( new removeRedundantAddressesFromSrc(
"remove redundant addresses from Src") );
add( new removeRedundantAddressesFromDst(
"remove redundant addresses from Dst") );
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
if (supports_object_groups)
{
// "object-group service" does not seem to support
// matching of tcp flags and "established". Need to
// separate objects using these into separate rules to avoid
// object-group
add( new splitTCPServiceWithFlags(
"separate TCP service with tcp flags"));
add( new CreateObjectGroupsForSrc("create object groups for Src"));
add( new CreateObjectGroupsForDst("create object groups for Dst"));
add( new CreateObjectGroupsForSrv("create object groups for Srv"));
} else
{
add( new ConvertToAtomic ("convert to atomic rules" ) );
}
add( new simplePrintProgress());
add( new createNewCompilerPass("Creating object groups and ACLs"));
add( new printClearCommands("clear commands for object-groups and ACLs"));
add( new printObjectGroups("generate code for object groups"));
// This processor prints each ACL separately in one block.
// It adds comments inside to denote original rules.
//
add( new PrintCompleteACLs("Print ACLs"));
add( new simplePrintProgress());
runRuleProcessors();
}
string PolicyCompiler_iosacl::printAccessGroupCmd(ciscoACL *acl, bool neg)

338
src/cisco_lib/PolicyCompiler_pix.cpp
View File

@ -457,99 +457,97 @@ void PolicyCompiler_pix::compile()
if (ipv6) banner += ", IPv6";
info(banner);
try
string vers = fw->getStr("version");
string platform = fw->getStr("platform");
bool outbound_acl_supported = Resources::platform_res[platform]->getResourceBool(
string("/FWBuilderResources/Target/options/")+
"version_"+vers+
"/pix_outbound_acl_supported");
bool generate_out_acl = fw->getOptionsObject()->getBool("pix_generate_out_acl");
if (outbound_acl_supported && !generate_out_acl)
{
string vers = fw->getStr("version");
string platform = fw->getStr("platform");
bool outbound_acl_supported = Resources::platform_res[platform]->getResourceBool(
string("/FWBuilderResources/Target/options/")+
"version_"+vers+
"/pix_outbound_acl_supported");
bool generate_out_acl = fw->getOptionsObject()->getBool("pix_generate_out_acl");
// behave like if outbound acls are not supported but are emulated
outbound_acl_supported = false;
fw->getOptionsObject()->setBool("pix_emulate_out_acl", true);
}
if (outbound_acl_supported && !generate_out_acl)
{
// behave like if outbound acls are not supported but are emulated
outbound_acl_supported = false;
fw->getOptionsObject()->setBool("pix_emulate_out_acl", true);
}
Compiler::compile();
Compiler::compile();
addDefaultPolicyRule();
addDefaultPolicyRule();
if ( fw->getOptionsObject()->getBool ("check_shading") &&
! inSingleRuleCompileMode())
{
add( new Begin ("Detecting rule shadowing" ));
add( new printTotalNumberOfRules ( ));
add( new ItfNegation( "process negation in Itf" ));
add( new InterfacePolicyRules("process interface policy rules and store interface ids"));
add( new recursiveGroupsInSrc( "check for recursive groups in SRC" ));
add( new recursiveGroupsInDst( "check for recursive groups in DST" ));
add( new recursiveGroupsInSrv( "check for recursive groups in SRV" ));
add( new ExpandGroups ("expand groups" ));
add( new eliminateDuplicatesInSRC ("eliminate duplicates in SRC" ));
add( new eliminateDuplicatesInDST ("eliminate duplicates in DST" ));
add( new eliminateDuplicatesInSRV ("eliminate duplicates in SRV" ));
add( new ExpandMultipleAddressesInSrc("expand objects with multiple addresses in SRC" ));
add( new ExpandMultipleAddressesInDst("expand objects with multiple addresses in DST" ));
add( new ConvertToAtomic ("convert to atomic rules" ));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new DetectShadowing ("Detect shadowing" ));
add( new simplePrintProgress ( ));
runRuleProcessors();
deleteRuleProcessors();
}
add( new Begin (" Start processing rules" ));
if ( fw->getOptionsObject()->getBool ("check_shading") &&
! inSingleRuleCompileMode())
{
add( new Begin ("Detecting rule shadowing" ));
add( new printTotalNumberOfRules ( ));
add( new singleRuleFilter());
add( new RejectAction ("check for action 'Reject'" ));
add( new ItfNegation( "process negation in Itf" ));
add( new InterfacePolicyRules("process interface policy rules and store interface ids"));
add( new recursiveGroupsInSrc( "check for recursive groups in SRC" ));
add( new recursiveGroupsInDst( "check for recursive groups in DST" ));
add( new recursiveGroupsInSrv( "check for recursive groups in SRV" ));
add( new emptyGroupsInSrc( "check for empty groups in SRC" ));
add( new emptyGroupsInDst( "check for empty groups in DST" ));
add( new emptyGroupsInSrv( "check for empty groups in SRV" ));
add( new ExpandGroups ("expand groups" ));
add( new eliminateDuplicatesInSRC( "eliminate duplicates in SRC" ));
add( new eliminateDuplicatesInDST( "eliminate duplicates in DST" ));
add( new eliminateDuplicatesInSRV( "eliminate duplicates in SRV" ));
add( new eliminateDuplicatesInSRC ("eliminate duplicates in SRC" ));
add( new eliminateDuplicatesInDST ("eliminate duplicates in DST" ));
add( new eliminateDuplicatesInSRV ("eliminate duplicates in SRV" ));
add( new ExpandMultipleAddressesInSrc("expand objects with multiple addresses in SRC" ));
add( new ExpandMultipleAddressesInDst("expand objects with multiple addresses in DST" ));
add( new ConvertToAtomic ("convert to atomic rules" ));
add( new processMultiAddressObjectsInSrc(
"process MultiAddress objects in Src"));
add( new processMultiAddressObjectsInDst(
"process MultiAddress objects in Dst"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new expandGroupsInItf("expand groups in Interface" ));
add( new replaceClusterInterfaceInItf(
"replace cluster interfaces with member interfaces in the Interface rule element"));
add( new ItfNegation( "process negation in Itf" ));
add( new InterfacePolicyRules(
"process interface policy rules and store interface ids"));
add( new DetectShadowing ("Detect shadowing" ));
add( new simplePrintProgress ( ));
if ( fwopt->getBool("pix_assume_fw_part_of_any"))
{
runRuleProcessors();
deleteRuleProcessors();
}
add( new Begin (" Start processing rules" ));
add( new printTotalNumberOfRules ( ));
add( new singleRuleFilter());
add( new RejectAction ("check for action 'Reject'" ));
add( new recursiveGroupsInSrc( "check for recursive groups in SRC" ));
add( new recursiveGroupsInDst( "check for recursive groups in DST" ));
add( new recursiveGroupsInSrv( "check for recursive groups in SRV" ));
add( new emptyGroupsInSrc( "check for empty groups in SRC" ));
add( new emptyGroupsInDst( "check for empty groups in DST" ));
add( new emptyGroupsInSrv( "check for empty groups in SRV" ));
add( new ExpandGroups ("expand groups" ));
add( new eliminateDuplicatesInSRC( "eliminate duplicates in SRC" ));
add( new eliminateDuplicatesInDST( "eliminate duplicates in DST" ));
add( new eliminateDuplicatesInSRV( "eliminate duplicates in SRV" ));
add( new processMultiAddressObjectsInSrc(
"process MultiAddress objects in Src"));
add( new processMultiAddressObjectsInDst(
"process MultiAddress objects in Dst"));
add( new expandGroupsInItf("expand groups in Interface" ));
add( new replaceClusterInterfaceInItf(
"replace cluster interfaces with member interfaces in the Interface rule element"));
add( new ItfNegation( "process negation in Itf" ));
add( new InterfacePolicyRules(
"process interface policy rules and store interface ids"));
if ( fwopt->getBool("pix_assume_fw_part_of_any"))
{
// add( new splitIfSrcAny( "split rule if src is any" ));
add( new splitIfDstAny( "split rule if dst is any" ));
}
add( new splitIfDstAny( "split rule if dst is any" ));
}
add( new splitIfSrcMatchesFw ("split rule if Src matches FW" ));
add( new splitIfDstMatchesFw ("split rule if Dst matches FW" ));
add( new splitIfSrcMatchesFw ("split rule if Src matches FW" ));
add( new splitIfDstMatchesFw ("split rule if Dst matches FW" ));
// if ( !outbound_acl_supported )
// add( new fillDirection_v6 ("determine directions" ));
@ -557,118 +555,118 @@ void PolicyCompiler_pix::compile()
// if ( fwopt->getBool("pix_replace_natted_objects"))
// add( new replaceTranslatedAddresses ("replace objects in DST that are TDst in DNAT translations" ));
add( new telnetToFirewall(
"separate rules controlling telnet to firewall"));
add( new sshToFirewall("separate rules controlling ssh to firewall" ));
add( new telnetToFirewall(
"separate rules controlling telnet to firewall"));
add( new sshToFirewall("separate rules controlling ssh to firewall" ));
add( new separateSrcPort("split rules matching source ports"));
add( new separateSrcPort("split rules matching source ports"));
if (XMLTools::version_compare(vers, "8.0")<0)
{
add( new splitServices("split rules with different protocols" ));
add( new PrepareForICMPCmd("prepare for icmp command" ));
}
if (XMLTools::version_compare(vers, "8.0")<0)
{
add( new splitServices("split rules with different protocols" ));
add( new PrepareForICMPCmd("prepare for icmp command" ));
}
add( new replaceFWinSRCInterfacePolicy(
"replace fw with its interface in SRC in interface policy rules"));
add( new replaceFWinDSTInterfacePolicy(
"replace fw with its interface in DST in interface policy rules"));
add( new replaceFWinSRCInterfacePolicy(
"replace fw with its interface in SRC in interface policy rules"));
add( new replaceFWinDSTInterfacePolicy(
"replace fw with its interface in DST in interface policy rules"));
add( new ExpandMultipleAddressesInSrc(
"expand objects with multiple addresses in SRC" ));
add( new MACFiltering("check for MAC address filtering" ));
add( new splitByNetworkZonesForSrc(
"split rule if objects in Src belong to different network zones " ));
add( new replaceFWinDSTPolicy(
"replace fw with its interface in DST in global policy rules"));
add( new ExpandMultipleAddressesInSrc(
"expand objects with multiple addresses in SRC" ));
add( new MACFiltering("check for MAC address filtering" ));
add( new splitByNetworkZonesForSrc(
"split rule if objects in Src belong to different network zones " ));
add( new replaceFWinDSTPolicy(
"replace fw with its interface in DST in global policy rules"));
add( new ExpandMultipleAddressesInDst(
"expand objects with multiple addresses in DST" ));
add( new MACFiltering("check for MAC address filtering" ));
add( new splitByNetworkZonesForDst(
"split rule if objects in Dst belong to different network zones " ));
add( new ExpandMultipleAddressesInDst(
"expand objects with multiple addresses in DST" ));
add( new MACFiltering("check for MAC address filtering" ));
add( new splitByNetworkZonesForDst(
"split rule if objects in Dst belong to different network zones " ));
add( new checkForUnnumbered( "check for unnumbered interfaces" ));
add( new checkForUnnumbered( "check for unnumbered interfaces" ));
add( new addressRanges("process address ranges" ));
add( new addressRanges("process address ranges" ));
if (outbound_acl_supported )
{
// Call these after splitIfSrcMatchesFw and splitIfDstMatchesFw
add( new setInterfaceAndDirectionBySrc(
"Set interface and direction for rules with interface 'all' using SRC; v7"));
add( new setInterfaceAndDirectionByDst(
"Set interface and direction for rules with interface 'all' using DST; v7"));
add(new setInterfaceAndDirectionIfInterfaceSet(
"Set direction for rules with interface not 'all'; v7"));
} else
{
add( new SplitDirection_v6("split rules with direction 'both'" ));
if (outbound_acl_supported )
{
// Call these after splitIfSrcMatchesFw and splitIfDstMatchesFw
add( new setInterfaceAndDirectionBySrc(
"Set interface and direction for rules with interface 'all' using SRC; v7"));
add( new setInterfaceAndDirectionByDst(
"Set interface and direction for rules with interface 'all' using DST; v7"));
add(new setInterfaceAndDirectionIfInterfaceSet(
"Set direction for rules with interface not 'all'; v7"));
} else
{
add( new SplitDirection_v6("split rules with direction 'both'" ));
// add( new assignRuleToInterface ("assign rules to interfaces" ));
add( new EmulateOutboundACL_v6("emulate outbound ACL" ));
add( new assignRuleToInterface_v6("assign rules to interfaces" ));
add( new InterfaceAndDirection_v6(
"check for combinations of interface and direction"));
}
add( new EmulateOutboundACL_v6("emulate outbound ACL" ));
add( new assignRuleToInterface_v6("assign rules to interfaces" ));
add( new InterfaceAndDirection_v6(
"check for combinations of interface and direction"));
}
add( new specialCaseWithDynInterface(
"check for a special cases with dynamic interface" ));
add( new specialCaseWithDynInterface(
"check for a special cases with dynamic interface" ));
add( new SplitSRCForICMPCmd( "split SRC for icmp commands" ));
add( new SplitSRCForICMPCmd( "split SRC for icmp commands" ));
if (XMLTools::version_compare(vers, "8.3")<0)
{
if ( fwopt->getBool("pix_replace_natted_objects"))
add( new replaceTranslatedAddresses(
"replace objects in DST that are TDst in DNAT "
"translations"));
} else
{
add( new warnWhenTranslatedAddressesAreUsed(
"warng when addresses that are ODst in DNAT translations "
"are used in DST"));
}
if (XMLTools::version_compare(vers, "8.3")<0)
{
if ( fwopt->getBool("pix_replace_natted_objects"))
add( new replaceTranslatedAddresses(
"replace objects in DST that are TDst in DNAT "
"translations"));
} else
{
add( new warnWhenTranslatedAddressesAreUsed(
"warng when addresses that are ODst in DNAT translations "
"are used in DST"));
}
if (outbound_acl_supported )
// first arg is false because we are not using
// "ip access-list" for PIX.
add( new pickACL( false, "assign ACLs for v7" ));
else
add( new pickACL_v6( "assign ACLs for v6" ));
if (outbound_acl_supported )
// first arg is false because we are not using
// "ip access-list" for PIX.
add( new pickACL( false, "assign ACLs for v7" ));
else
add( new pickACL_v6( "assign ACLs for v6" ));
add( new SpecialServices( "check for special services" ));
add( new CheckForUnsupportedUserService("check for user service") );
add( new checkForZeroAddr( "check for zero addresses" ));
add( new checkVersionAndDynamicInterface(
"check for dynamic interfaces in policy rule and verify version of PIX OS"));
add( new SpecialServices( "check for special services" ));
add( new CheckForUnsupportedUserService("check for user service") );
add( new checkForZeroAddr( "check for zero addresses" ));
add( new checkVersionAndDynamicInterface(
"check for dynamic interfaces in policy rule and verify version of PIX OS"));
add( new splitIfTelnetSSHICMPtoFw(
"split rule if there are multiple objects in src and it controlls access to the firewall"));
add( new splitIfTelnetSSHICMPtoFw(
"split rule if there are multiple objects in src and it controlls access to the firewall"));
/* remove redundant objects only after all splits has been
* done, right before object groups are created
*/
add( new removeRedundantAddressesFromSrc(
"remove redundant addresses from Src"));
add( new removeRedundantAddressesFromDst(
"remove redundant addresses from Dst"));
/* remove redundant objects only after all splits has been
* done, right before object groups are created
*/
add( new removeRedundantAddressesFromSrc(
"remove redundant addresses from Src"));
add( new removeRedundantAddressesFromDst(
"remove redundant addresses from Dst"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
// add( new AvoidObjectGroup("avoid object groups for certain cases"));
add( new CreateObjectGroupsForSrc("create object groups for Src"));
add( new CreateObjectGroupsForDst("create object groups for Dst"));
add( new CreateObjectGroupsForSrv("create object groups for Srv"));
add( new CreateObjectGroupsForSrc("create object groups for Src"));
add( new CreateObjectGroupsForDst("create object groups for Dst"));
add( new CreateObjectGroupsForSrv("create object groups for Srv"));
add( new simplePrintProgress());
add( new simplePrintProgress());
add( new createNewCompilerPass("Creating object groups and ACLs ..."));
add( new createNewCompilerPass("Creating object groups and ACLs ..."));
add( new printClearCommands("Clear ACLs and object groups"));
add( new printObjectGroups("generate code for object groups"));
add( new PrintRule("generate code for ACLs"));
add( new simplePrintProgress());
add( new printClearCommands("Clear ACLs and object groups"));
add( new printObjectGroups("generate code for object groups"));
add( new PrintRule("generate code for ACLs"));
add( new simplePrintProgress());
/*
if ( fw->getOptionsObject()->getBool("pix_check_rule_shadowing"))
@ -680,13 +678,7 @@ void PolicyCompiler_pix::compile()
add( new simplePrintProgress ( ));
}
*/
runRuleProcessors();
} catch (FWException &ex)
{
error(ex.toString());
exit(1);
}
runRuleProcessors();
}
string PolicyCompiler_pix::printAccessGroupCmd(ciscoACL *acl)

75
src/cisco_lib/RoutingCompiler_iosacl.cpp
View File

@ -123,61 +123,54 @@ void RoutingCompiler_iosacl::compile()
info(" Compiling routing rules for " + fw->getName());
try
{
Compiler::compile();
Compiler::compile();
add(new RoutingCompiler::Begin());
add(new printTotalNumberOfRules());
add(new RoutingCompiler::Begin());
add(new printTotalNumberOfRules());
add( new singleRuleFilter());
add( new singleRuleFilter());
add(new recursiveGroupsInRDst("Check for recursive Groups in RDst"));
add(new emptyGroupsInRDst("Check for empty Groups in RDst"));
add(new emptyRDstAndRItf("Check if RDst and RItf are both empty"));
add(new recursiveGroupsInRDst("Check for recursive Groups in RDst"));
add(new emptyGroupsInRDst("Check for empty Groups in RDst"));
add(new emptyRDstAndRItf("Check if RDst and RItf are both empty"));
// add(new singleAdressInRGtw(
// "Check if RGtw object has exactly one IP adress"));
// add(new singleAdressInRGtw(
// "Check if RGtw object has exactly one IP adress"));
add(new rItfChildOfFw("Check if RItf is an Iterface of this firewall"));
add(new checkRItfAndGw("Both gateway and interface can not be used in the same rule"));
add(new rItfChildOfFw("Check if RItf is an Iterface of this firewall"));
add(new checkRItfAndGw("Both gateway and interface can not be used in the same rule"));
add(new validateNetwork("Validate network addresses"));
add(new reachableAddressInRGtw(
"Check if RGtw is reachable via local networks"));
//add(new contradictionRGtwAndRItf(
// "Check if RGtw is in a network of RItf"));
add(new validateNetwork("Validate network addresses"));
add(new reachableAddressInRGtw(
"Check if RGtw is reachable via local networks"));
//add(new contradictionRGtwAndRItf(
// "Check if RGtw is in a network of RItf"));
add(new ExpandGroups("Expand groups in DST"));
add(new ExpandMultipleAddressesExceptInterface(
"Expand objects with multiple addresses in DST"));
add(new eliminateDuplicatesInDST("Eliminate duplicates in DST"));
add(new ExpandGroups("Expand groups in DST"));
add(new ExpandMultipleAddressesExceptInterface(
"Expand objects with multiple addresses in DST"));
add(new eliminateDuplicatesInDST("Eliminate duplicates in DST"));
add(new createSortedDstIdsLabel(
"Create label with a sorted dst-id-list for 'competingRules'"));
add(new competingRules("Check for competing rules"));
add(new createSortedDstIdsLabel(
"Create label with a sorted dst-id-list for 'competingRules'"));
add(new competingRules("Check for competing rules"));
add(new ConvertToAtomicForDST(
"Convert to atomic rules by dst address elements"));
add(new ConvertToAtomicForDST(
"Convert to atomic rules by dst address elements"));
add(new createSortedDstIdsLabel(
"Create label with a sorted dst-id-list for 'classifyRoutingRules'"));
add(new classifyRoutingRules(
"Classify into single path or part of a multi path rule"));
add(new createSortedDstIdsLabel(
"Create label with a sorted dst-id-list for 'classifyRoutingRules'"));
add(new classifyRoutingRules(
"Classify into single path or part of a multi path rule"));
//add(new eliminateDuplicateRules(
// "Eliminate duplicate rules over the whole table"));
//add(new eliminateDuplicateRules(
// "Eliminate duplicate rules over the whole table"));
add(new PrintRule("generate ip code"));
add(new simplePrintProgress());
add(new PrintRule("generate ip code"));
add(new simplePrintProgress());
runRuleProcessors();
runRuleProcessors();
} catch (FWException &ex)
{
error(ex.toString());
exit(1);
}
}

74
src/cisco_lib/RoutingCompiler_pix.cpp
View File

@ -88,57 +88,49 @@ void RoutingCompiler_pix::compile()
info(" Compiling routing rules for " + fw->getName());
try
{
Compiler::compile();
Compiler::compile();
add(new RoutingCompiler::Begin());
add(new printTotalNumberOfRules());
add(new RoutingCompiler::Begin());
add(new printTotalNumberOfRules());
add( new singleRuleFilter());
add( new singleRuleFilter());
add(new recursiveGroupsInRDst("Check for recursive Groups in RDst"));
add(new emptyGroupsInRDst("Check for empty Groups in RDst"));
add(new emptyRDstOrRItf("Check if RDst or RItf is empty"));
add(new singleAdressInRGtw(
"Check if RGtw object has exactly one IP adress"));
add(new rItfChildOfFw("Check if RItf is an Iterface of this firewall"));
add(new validateNetwork("Validate network addresses"));
add(new reachableAddressInRGtw(
"Check if RGtw is reachable via local networks"));
add(new contradictionRGtwAndRItf(
"Check if RGtw is in a network of RItf"));
add(new recursiveGroupsInRDst("Check for recursive Groups in RDst"));
add(new emptyGroupsInRDst("Check for empty Groups in RDst"));
add(new emptyRDstOrRItf("Check if RDst or RItf is empty"));
add(new singleAdressInRGtw(
"Check if RGtw object has exactly one IP adress"));
add(new rItfChildOfFw("Check if RItf is an Iterface of this firewall"));
add(new validateNetwork("Validate network addresses"));
add(new reachableAddressInRGtw(
"Check if RGtw is reachable via local networks"));
add(new contradictionRGtwAndRItf(
"Check if RGtw is in a network of RItf"));
add(new ExpandGroups("Expand groups in DST"));
add(new ExpandMultipleAddresses(
"Expand objects with multiple addresses in DST"));
add(new eliminateDuplicatesInDST("Eliminate duplicates in DST"));
add(new ExpandGroups("Expand groups in DST"));
add(new ExpandMultipleAddresses(
"Expand objects with multiple addresses in DST"));
add(new eliminateDuplicatesInDST("Eliminate duplicates in DST"));
add(new createSortedDstIdsLabel(
"Create label with a sorted dst-id-list for 'competingRules'"));
add(new competingRules("Check for competing rules"));
add(new createSortedDstIdsLabel(
"Create label with a sorted dst-id-list for 'competingRules'"));
add(new competingRules("Check for competing rules"));
add(new ConvertToAtomicForDST(
"Convert to atomic rules by dst address elements"));
add(new ConvertToAtomicForDST(
"Convert to atomic rules by dst address elements"));
add(new createSortedDstIdsLabel(
"Create label with a sorted dst-id-list for 'classifyRoutingRules'"));
add(new classifyRoutingRules(
"Classify into single path or part of a multi path rule"));
add(new createSortedDstIdsLabel(
"Create label with a sorted dst-id-list for 'classifyRoutingRules'"));
add(new classifyRoutingRules(
"Classify into single path or part of a multi path rule"));
add(new eliminateDuplicateRules(
"Eliminate duplicate rules over the whole table"));
add(new eliminateDuplicateRules(
"Eliminate duplicate rules over the whole table"));
add(new PrintRule("generate ip code"));
add(new simplePrintProgress());
add(new PrintRule("generate ip code"));
add(new simplePrintProgress());
runRuleProcessors();
} catch (FWException &ex)
{
error(ex.toString());
exit(1);
}
runRuleProcessors();
}

8
src/iptlib/CompilerDriver_ipt.cpp
View File

@ -82,7 +82,7 @@ void CompilerDriver_ipt::assignRuleSetChain(RuleSet *ruleset)
}
void CompilerDriver_ipt::findBranchesInMangleTable(Firewall*,
void CompilerDriver_ipt::findBranchesInMangleTable(Firewall *fw,
list<FWObject*> &all_policies)
{
// special but common case: if we only have one policy, there is
@ -103,6 +103,12 @@ void CompilerDriver_ipt::findBranchesInMangleTable(Firewall*,
ruleopt->getBool("ipt_branch_in_mangle"))
{
RuleSet *ruleset = rule->getBranch();
if (ruleset == NULL)
{
abort(fw, *i, rule,
"Action branch does not point to any rule set");
}
for (list<FWObject*>::iterator br=ruleset->begin();
br!=ruleset->end(); ++br)
{

7
src/iptlib/CompilerDriver_ipt_run.cpp
View File

@ -735,13 +735,14 @@ QString CompilerDriver_ipt::run(const std::string &cluster_id,
} else
{
QString err(" Failed to open file %1 for writing: %2; Current dir: %3");
abort(err.arg(fw_file.fileName()).arg(fw_file.error()).arg(QDir::current().path()).toStdString());
abort(err.arg(fw_file.fileName())
.arg(fw_file.error()).arg(QDir::current().path()).toStdString());
}
}
catch (FatalErrorInSingleRuleCompileMode &ex)
catch (FWException &ex)
{
return QString::fromUtf8(getErrors("").c_str());
return QString::fromUtf8(ex.toString().c_str());
}
return "";

274
src/iptlib/NATCompiler_ipt.cpp
View File

@ -2598,190 +2598,182 @@ void NATCompiler_ipt::compile()
if (ipv6) banner += ", IPv6";
info(banner);
try
{
Compiler::compile();
Compiler::compile();
add( new NATCompiler::Begin());
add( new NATCompiler::Begin());
add( new printTotalNumberOfRules());
add( new printTotalNumberOfRules());
add( new singleRuleFilter());
add( new singleRuleFilter());
add( new recursiveGroupsInOSrc("check for recursive groups in OSRC"));
add( new recursiveGroupsInODst("check for recursive groups in ODST"));
add( new recursiveGroupsInOSrv("check for recursive groups in OSRV"));
add( new recursiveGroupsInOSrc("check for recursive groups in OSRC"));
add( new recursiveGroupsInODst("check for recursive groups in ODST"));
add( new recursiveGroupsInOSrv("check for recursive groups in OSRV"));
add( new recursiveGroupsInTSrc("check for recursive groups in TSRC"));
add( new recursiveGroupsInTDst("check for recursive groups in TDST"));
add( new recursiveGroupsInTSrv("check for recursive groups in TSRV"));
add( new recursiveGroupsInTSrc("check for recursive groups in TSRC"));
add( new recursiveGroupsInTDst("check for recursive groups in TDST"));
add( new recursiveGroupsInTSrv("check for recursive groups in TSRV"));
add( new emptyGroupsInOSrc("check for empty groups in OSRC" ));
add( new emptyGroupsInODst("check for empty groups in ODST" ));
add( new emptyGroupsInOSrv("check for empty groups in OSRV" ));
add( new emptyGroupsInOSrc("check for empty groups in OSRC" ));
add( new emptyGroupsInODst("check for empty groups in ODST" ));
add( new emptyGroupsInOSrv("check for empty groups in OSRV" ));
add( new emptyGroupsInTSrc("check for empty groups in TSRC" ));
add( new emptyGroupsInTDst("check for empty groups in TDST" ));
add( new emptyGroupsInTSrv("check for empty groups in TSRV"));
add( new emptyGroupsInTSrc("check for empty groups in TSRC" ));
add( new emptyGroupsInTDst("check for empty groups in TDST" ));
add( new emptyGroupsInTSrv("check for empty groups in TSRV"));
add( new ExpandGroups("Expand groups"));
add( new ExpandGroups("Expand groups"));
// processors that expand objects with multiple addresses
// check addresses against current address family using member
// ipv6. If all addresses do not match, we may end up with
// empty rule element.
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
// processors that expand objects with multiple addresses
// check addresses against current address family using member
// ipv6. If all addresses do not match, we may end up with
// empty rule element.
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
if (ipv6)
add( new DropIPv4Rules("drop ipv4 rules"));
else
add( new DropIPv6Rules("drop ipv6 rules"));
if (ipv6)
add( new DropIPv4Rules("drop ipv4 rules"));
else
add( new DropIPv6Rules("drop ipv6 rules"));
add( new eliminateDuplicatesInOSRC("eliminate duplicates in OSRC"));
add( new eliminateDuplicatesInODST("eliminate duplicates in ODST"));
add( new eliminateDuplicatesInOSRV("eliminate duplicates in OSRV"));
add( new eliminateDuplicatesInOSRC("eliminate duplicates in OSRC"));
add( new eliminateDuplicatesInODST("eliminate duplicates in ODST"));
add( new eliminateDuplicatesInOSRV("eliminate duplicates in OSRV"));
add( new swapMultiAddressObjectsInOSrc(
" swap MultiAddress -> MultiAddressRunTime in OSrc") );
add( new swapMultiAddressObjectsInODst(
" swap MultiAddress -> MultiAddressRunTime in ODst") );
add( new swapMultiAddressObjectsInTSrc(
" swap MultiAddress -> MultiAddressRunTime in TSrc") );
add( new swapMultiAddressObjectsInTDst(
" swap MultiAddress -> MultiAddressRunTime in TDst") );
add( new swapMultiAddressObjectsInOSrc(
" swap MultiAddress -> MultiAddressRunTime in OSrc") );
add( new swapMultiAddressObjectsInODst(
" swap MultiAddress -> MultiAddressRunTime in ODst") );
add( new swapMultiAddressObjectsInTSrc(
" swap MultiAddress -> MultiAddressRunTime in TSrc") );
add( new swapMultiAddressObjectsInTDst(
" swap MultiAddress -> MultiAddressRunTime in TDst") );
add( new processMultiAddressObjectsInOSrc(
"process MultiAddress objects in OSrc") );
add( new processMultiAddressObjectsInODst(
"process MultiAddress objects in ODst") );
add( new processMultiAddressObjectsInTSrc(
"process MultiAddress objects in TSrc") );
add( new processMultiAddressObjectsInTDst(
"process MultiAddress objects in TDst") );
add( new processMultiAddressObjectsInOSrc(
"process MultiAddress objects in OSrc") );
add( new processMultiAddressObjectsInODst(
"process MultiAddress objects in ODst") );
add( new processMultiAddressObjectsInTSrc(
"process MultiAddress objects in TSrc") );
add( new processMultiAddressObjectsInTDst(
"process MultiAddress objects in TDst") );
add( new doOSrvNegation( "process negation in OSrv" ));
add( new doOSrvNegation( "process negation in OSrv" ));
add( new convertToAtomicportForOSrv("convert to atomic rules in OSrv"));
add( new convertToAtomicportForOSrv("convert to atomic rules in OSrv"));
add( new classifyNATRule( "classify NAT rule" ));
add( new splitSDNATRule( "split SDNAT rules" ));
add( new classifyNATRule( "reclassify rules" ));
add( new ConvertLoadBalancingRules( "convert load balancing rules"));
add( new VerifyRules( "verify rules" ));
add( new classifyNATRule( "classify NAT rule" ));
add( new splitSDNATRule( "split SDNAT rules" ));
add( new classifyNATRule( "reclassify rules" ));
add( new ConvertLoadBalancingRules( "convert load balancing rules"));
add( new VerifyRules( "verify rules" ));
add( new singleObjectNegationOSrc(
"negation in OSrc if it holds single object"));
add( new singleObjectNegationODst(
"negation in ODst if it holds single object"));
add( new singleObjectNegationOSrc(
"negation in OSrc if it holds single object"));
add( new singleObjectNegationODst(
"negation in ODst if it holds single object"));
add( new doOSrcNegation( "process negation in OSrc" ));
add( new doODstNegation( "process negation in ODst" ));
add( new doOSrcNegation( "process negation in OSrc" ));
add( new doODstNegation( "process negation in ODst" ));
/* call splitOnODst after processing negation */
add( new splitOnODst( "split on ODst" ));
add( new splitOnODst( "split on ODst" ));
add( new portTranslationRules( "port translation rules" ));
add( new specialCaseWithRedirect(
"special case with redirecting port translation rules" ) );
add( new portTranslationRules( "port translation rules" ));
add( new specialCaseWithRedirect(
"special case with redirecting port translation rules" ) );
if (fwopt->getBool("local_nat") )
{
if ( fwopt->getBool("firewall_is_part_of_any_and_networks") )
add( new splitIfOSrcAny( "split rule if OSrc is any" ));
if (fwopt->getBool("local_nat") )
{
if ( fwopt->getBool("firewall_is_part_of_any_and_networks") )
add( new splitIfOSrcAny( "split rule if OSrc is any" ));
add( new splitIfOSrcMatchesFw("split rule if OSrc matches FW" ));
}
add( new splitIfOSrcMatchesFw("split rule if OSrc matches FW" ));
}
add( new splitNONATRule("NAT rules that request no translation"));
add( new splitNATBranchRule("Split Branch rules to use all chains"));
add( new localNATRule("process local NAT rules"));
add( new splitNONATRule("NAT rules that request no translation"));
add( new splitNATBranchRule("Split Branch rules to use all chains"));
add( new localNATRule("process local NAT rules"));
// add( new DNATforFW("process DNAT rules for packets originated on the firewall"));
add( new decideOnChain( "decide on chain" ) );
add( new decideOnTarget( "decide on target" ) );
add( new decideOnChain( "decide on chain" ) );
add( new decideOnTarget( "decide on target" ) );
// ----------- 10/18/2008
add( new splitODstForSNAT(
"split rule if objects in ODst belong to different subnets") );
add( new ReplaceFirewallObjectsODst("replace firewall in ODst" ) );
add( new ReplaceFirewallObjectsTSrc("replace firewall in TSrc" ) );
add( new splitOnDynamicInterfaceInODst(
"split rule if ODst is dynamic interface" ) );
add( new splitOnDynamicInterfaceInTSrc(
"split rule if TSrc is dynamic interface" ) );
add( new splitODstForSNAT(
"split rule if objects in ODst belong to different subnets") );
add( new ReplaceFirewallObjectsODst("replace firewall in ODst" ) );
add( new ReplaceFirewallObjectsTSrc("replace firewall in TSrc" ) );
add( new splitOnDynamicInterfaceInODst(
"split rule if ODst is dynamic interface" ) );
add( new splitOnDynamicInterfaceInTSrc(
"split rule if TSrc is dynamic interface" ) );
add( new ExpandMultipleAddresses("expand multiple addresses") );
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new ExpandMultipleAddresses("expand multiple addresses") );
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
if (ipv6)
add( new DropIPv4Rules("drop ipv4 rules"));
else
add( new DropIPv6Rules("drop ipv6 rules"));
if (ipv6)
add( new DropIPv4Rules("drop ipv4 rules"));
else
add( new DropIPv6Rules("drop ipv6 rules"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new specialCaseWithUnnumberedInterface(
"special cases with dynamic and unnumbered interfaces" ) );
add( new checkForDynamicInterfacesOfOtherObjects(
"dynamic interfaces of other hosts and firewalls" ) );
add( new specialCaseWithUnnumberedInterface(
"special cases with dynamic and unnumbered interfaces" ) );
add( new checkForDynamicInterfacesOfOtherObjects(
"dynamic interfaces of other hosts and firewalls" ) );
add( new verifyRuleWithMAC("verify rules using MAC address filtering"));
add( new ExpandAddressRanges("expand address ranges") );
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new verifyRuleWithMAC("verify rules using MAC address filtering"));
add( new ExpandAddressRanges("expand address ranges") );
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new splitMultiSrcAndDst(
"split rules where multiple srcs and dsts are present" ) );
add( new splitMultiSrcAndDst(
"split rules where multiple srcs and dsts are present" ) );
add( new splitServices("split on services") );
add( new VerifyRules2("check correctness of TSrv") );
add( new separatePortRanges("separate port ranges") );
add( new separateSourcePorts("separate objects with src") );
add( new separateSourceAndDestinationPorts(
"separate objects with both src and dest ports" ) );
add( new prepareForMultiport("prepare for multiport") );
add( new splitMultipleICMP("split rule with multiple ICMP services") );
add( new splitServices("split on services") );
add( new VerifyRules2("check correctness of TSrv") );
add( new separatePortRanges("separate port ranges") );
add( new separateSourcePorts("separate objects with src") );
add( new separateSourceAndDestinationPorts(
"separate objects with both src and dest ports" ) );
add( new prepareForMultiport("prepare for multiport") );
add( new splitMultipleICMP("split rule with multiple ICMP services") );
add( new ConvertToAtomicForAddresses("convert to atomic rules") );
add( new ConvertToAtomicForAddresses("convert to atomic rules") );
add( new addVirtualAddress("add virtual addresses") );
add( new addVirtualAddress("add virtual addresses") );
add( new AssignInterface("assign rules to interfaces") );
add( new dynamicInterfaceInODst("split if dynamic interface in ODst") );
add( new dynamicInterfaceInTSrc(
"set target if dynamic interface in TSrc" ) );
add( new convertInterfaceIdToStr("prepare interface assignments") );
add( new AssignInterface("assign rules to interfaces") );
add( new dynamicInterfaceInODst("split if dynamic interface in ODst") );
add( new dynamicInterfaceInTSrc(
"set target if dynamic interface in TSrc" ) );
add( new convertInterfaceIdToStr("prepare interface assignments") );
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new countChainUsage("Count chain usage"));
add( new countChainUsage("Count chain usage"));
if (fwopt->getBool("use_iptables_restore"))
{
// bug #1812295: we should use PrintRuleIptRstEcho not only
// when we have dynamic interfaces, but also when we have
// address tables expanded at run time. Instead of checking
// for all these conditions, just always use PrintRuleIptRstEcho
printRule=new PrintRuleIptRstEcho(
"generate code for iptables-restore using echo");
} else
printRule=new PrintRule("generate iptables shell script");
printRule->setContext(this);
printRule->initialize();
add( printRule );
add( new simplePrintProgress() );
runRuleProcessors();
} catch (FWException &ex)
if (fwopt->getBool("use_iptables_restore"))
{
error(ex.toString());
exit(1);
}
// bug #1812295: we should use PrintRuleIptRstEcho not only
// when we have dynamic interfaces, but also when we have
// address tables expanded at run time. Instead of checking
// for all these conditions, just always use PrintRuleIptRstEcho
printRule=new PrintRuleIptRstEcho(
"generate code for iptables-restore using echo");
} else
printRule=new PrintRule("generate iptables shell script");
printRule->setContext(this);
printRule->initialize();
add( printRule );
add( new simplePrintProgress() );
runRuleProcessors();
}

87
src/iptlib/RoutingCompiler_ipt.cpp
View File

@ -198,68 +198,61 @@ void RoutingCompiler_ipt::compile()
string banner = " Compiling routing rules for " + fw->getName();
info(banner);
try {
Compiler::compile();
//bool check_for_recursive_groups=true;
Compiler::compile();
//bool check_for_recursive_groups=true;
add(new RoutingCompiler::Begin());
add(new printTotalNumberOfRules());
add(new RoutingCompiler::Begin());
add(new printTotalNumberOfRules());
add( new singleRuleFilter());
add( new singleRuleFilter());
add(new recursiveGroupsInRDst("Check for recursive Groups in RDst"));
add(new emptyGroupsInRDst("Check for empty Groups in RDst"));
add(new emptyRDstAndRItf("Check if RDst and RItf are both empty"));
add(new singleAdressInRGtw(
"Check if RGtw object has exactly one IP adress"));
add(new rItfChildOfFw("Check if RItf is an Iterface of this firewall"));
add(new validateNetwork("Validate network addresses"));
add(new reachableAddressInRGtw(
"Check if RGtw is reachable via local networks"));
add(new contradictionRGtwAndRItf(
"Check if RGtw is in a network of RItf"));
add(new recursiveGroupsInRDst("Check for recursive Groups in RDst"));
add(new emptyGroupsInRDst("Check for empty Groups in RDst"));
add(new emptyRDstAndRItf("Check if RDst and RItf are both empty"));
add(new singleAdressInRGtw(
"Check if RGtw object has exactly one IP adress"));
add(new rItfChildOfFw("Check if RItf is an Iterface of this firewall"));
add(new validateNetwork("Validate network addresses"));
add(new reachableAddressInRGtw(
"Check if RGtw is reachable via local networks"));
add(new contradictionRGtwAndRItf(
"Check if RGtw is in a network of RItf"));
add(new ExpandGroups("Expand groups in DST"));
add(new ExpandMultipleAddresses(
"Expand objects with multiple addresses in DST"));
add(new ExpandGroups("Expand groups in DST"));
add(new ExpandMultipleAddresses(
"Expand objects with multiple addresses in DST"));
add(new addressRangesInDst("process address ranges"));
add(new addressRangesInDst("process address ranges"));
add(new eliminateDuplicatesInDST("Eliminate duplicates in DST"));
add(new eliminateDuplicatesInDST("Eliminate duplicates in DST"));
add(new FindDefaultRoute("Find rules that install default route"));
add(new FindDefaultRoute("Find rules that install default route"));
add(new createSortedDstIdsLabel(
"Create label with a sorted dst-id-list for 'competingRules'"));
add(new competingRules("Check for competing rules"));
add(new createSortedDstIdsLabel(
"Create label with a sorted dst-id-list for 'competingRules'"));
add(new competingRules("Check for competing rules"));
add(new ConvertToAtomicForDST(
"Convert to atomic rules by dst address elements"));
add(new ConvertToAtomicForDST(
"Convert to atomic rules by dst address elements"));
add(new createSortedDstIdsLabel(
"Create label with a sorted dst-id-list for 'classifyRoutingRules'"));
add(new classifyRoutingRules(
"Classify into single path or part of a multi path rule"));
add(new createSortedDstIdsLabel(
"Create label with a sorted dst-id-list for 'classifyRoutingRules'"));
add(new classifyRoutingRules(
"Classify into single path or part of a multi path rule"));
add(new optimize3(
"Eliminate duplicate rules generated from a single gui-rule"));
add(new eliminateDuplicateRules(
"Eliminate duplicate rules over the whole table"));
add(new optimize3(
"Eliminate duplicate rules generated from a single gui-rule"));
add(new eliminateDuplicateRules(
"Eliminate duplicate rules over the whole table"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add(new PrintRule("generate ip code"));
add(new simplePrintProgress());
add(new PrintRule("generate ip code"));
add(new simplePrintProgress());
runRuleProcessors();
runRuleProcessors();
} catch (FWException &ex)
{
error(ex.toString());
exit(1);
}
}
string RoutingCompiler_ipt::debugPrintRule(Rule *r)

21
src/libfwbuilder/src/fwcompiler/BaseCompiler.cpp
View File

@ -138,10 +138,23 @@ void BaseCompiler::printError(const string &errstr)
errors_buffer << errstr << endl;
}
/*
* Note that when this code runs as part of the command line compiler
* rather than as a single-rule compile function inside the GUI (that
* is, it is not in embedded mode) and if test mode was activated
* (usually via command line flag "-xt"), then abort() behaves as
* error(), that is, it prints error message but does not terminate
* the process but just returns. In embedded mode it always throws
* exception to stop compiling
*/
void BaseCompiler::abort(const string &errstr) throw(FWException)
{
printError(errstr);
if (!test_mode) throw FWException("Fatal error");
if (inEmbeddedMode())
throw FatalErrorInSingleRuleCompileMode(errors_buffer.str());
if (test_mode) return;
throw FWException("Fatal error");
}
void BaseCompiler::abort(FWObject *fw,
@ -150,7 +163,11 @@ void BaseCompiler::abort(FWObject *fw,
const string &errstr) throw(FWException)
{
message("error", fw, ruleset, rule, errstr);
if (!test_mode) throw FWException("Fatal error");
if (inEmbeddedMode())
throw FatalErrorInSingleRuleCompileMode(errors_buffer.str());
if (test_mode) return;
throw FWException("Fatal error");
}
void BaseCompiler::error(const string &str)

2
src/libfwbuilder/src/fwcompiler/BaseCompiler.h
View File

@ -30,6 +30,8 @@
#include "fwbuilder/FWException.h"
#include "fwbuilder/Rule.h"
#include "fwcompiler/exceptions.h"
#include <sstream>
namespace fwcompiler {

7
src/libfwbuilder/src/fwcompiler/Compiler.cpp
View File

@ -1008,16 +1008,13 @@ bool Compiler::emptyGroupsInRE::processNext()
gr += o->getName();
cntr++;
}
string sfx = "";
if (cntr>0) sfx = "s";
ostringstream str;
str << "Empty group or address table object"
<< sfx
<< " '"
<< gr
<< "'"
<< " and option 'Ignore rules with empty groups' is off";
<< "' is used in the rule"
<< " but option 'Ignore rules with empty groups' is off";
compiler->abort(rule, str.str());
}
}

9
src/libfwbuilder/src/fwcompiler/Compiler.h
View File

@ -31,6 +31,7 @@
#include "fwcompiler/BaseCompiler.h"
#include "fwcompiler/RuleProcessor.h"
#include "fwcompiler/exceptions.h"
#include <list>
#include <vector>
@ -118,14 +119,6 @@ namespace fwcompiler {
libfwbuilder::Service *srv;
};
class FatalErrorInSingleRuleCompileMode : public libfwbuilder::FWException
{
public:
FatalErrorInSingleRuleCompileMode() : libfwbuilder::FWException("") {};
FatalErrorInSingleRuleCompileMode(const std::string &err) : libfwbuilder::FWException(err) {};
};
class Compiler : public BaseCompiler
{
void _init(libfwbuilder::FWObjectDatabase *_db, libfwbuilder::Firewall *fw);

4
src/libfwbuilder/src/fwcompiler/fwcompiler.pro
View File

@ -25,7 +25,9 @@ HEADERS = BaseCompiler.h \
OSConfigurator.h \
PolicyCompiler.h \
RuleProcessor.h \
RoutingCompiler.h
RoutingCompiler.h \
exceptions.h
TARGET = fwcompiler
# target.path = "$$prefix/lib"

7
src/pflib/CompilerDriver_ipf_run.cpp
View File

@ -422,12 +422,13 @@ QString CompilerDriver_ipf::run(const std::string &cluster_id,
} else
{
QString err(" Failed to open file %1 for writing: %2; Current dir: %3");
abort(err.arg(fw_file.fileName()).arg(fw_file.error()).arg(QDir::current().path()).toStdString());
abort(err.arg(fw_file.fileName())
.arg(fw_file.error()).arg(QDir::current().path()).toStdString());
}
}
catch (FatalErrorInSingleRuleCompileMode &ex)
catch (FWException &ex)
{
return QString::fromUtf8(getErrors("").c_str());
return QString::fromUtf8(ex.toString().c_str());
}

7
src/pflib/CompilerDriver_ipfw_run.cpp
View File

@ -324,12 +324,13 @@ QString CompilerDriver_ipfw::run(const std::string &cluster_id,
} else
{
QString err(" Failed to open file %1 for writing: %2; Current dir: %3");
abort(err.arg(fw_file.fileName()).arg(fw_file.error()).arg(QDir::current().path()).toStdString());
abort(err.arg(fw_file.fileName())
.arg(fw_file.error()).arg(QDir::current().path()).toStdString());
}
}
catch (FatalErrorInSingleRuleCompileMode &ex)
catch (FWException &ex)
{
return QString::fromUtf8(getErrors("").c_str());
return QString::fromUtf8(ex.toString().c_str());
}
return "";

8
src/pflib/CompilerDriver_pf_run.cpp
View File

@ -58,6 +58,7 @@
#include "fwbuilder/NAT.h"
#include "fwcompiler/Preprocessor.h"
#include "fwcompiler/exceptions.h"
#include "fwbuilder/Resources.h"
#include "fwbuilder/FWObjectDatabase.h"
@ -608,12 +609,13 @@ QString CompilerDriver_pf::run(const std::string &cluster_id,
} else
{
QString err(" Failed to open file %1 for writing: %2; Current dir: %3");
abort(err.arg(fw_file.fileName()).arg(fw_file.error()).arg(QDir::current().path()).toStdString());
abort(err.arg(fw_file.fileName())
.arg(fw_file.error()).arg(QDir::current().path()).toStdString());
}
}
catch (FatalErrorInSingleRuleCompileMode &ex)
catch (FWException &ex)
{
return QString::fromUtf8(getErrors("").c_str());
return QString::fromUtf8(ex.toString().c_str());
}
return "";

121
src/pflib/NATCompiler_ipf.cpp
View File

@ -517,82 +517,75 @@ void NATCompiler_ipf::compile()
info(" Compiling NAT rules for " + fw->getName());
try {
Compiler::compile();
Compiler::compile();
add( new Begin());
add( new printTotalNumberOfRules() );
add( new Begin());
add( new printTotalNumberOfRules() );
add( new singleRuleFilter());
add( new singleRuleFilter());
add( new recursiveGroupsInOSrc( "check for recursive groups in OSRC" ) );
add( new recursiveGroupsInODst( "check for recursive groups in ODST" ) );
add( new recursiveGroupsInOSrv( "check for recursive groups in OSRV" ) );
add( new recursiveGroupsInOSrc( "check for recursive groups in OSRC" ) );
add( new recursiveGroupsInODst( "check for recursive groups in ODST" ) );
add( new recursiveGroupsInOSrv( "check for recursive groups in OSRV" ) );
add( new recursiveGroupsInTSrc( "check for recursive groups in TSRC" ) );
add( new recursiveGroupsInTDst( "check for recursive groups in TDST" ) );
add( new recursiveGroupsInTSrv( "check for recursive groups in TSRV" ) );
add( new recursiveGroupsInTSrc( "check for recursive groups in TSRC" ) );
add( new recursiveGroupsInTDst( "check for recursive groups in TDST" ) );
add( new recursiveGroupsInTSrv( "check for recursive groups in TSRV" ) );
add( new emptyGroupsInOSrc( "check for empty groups in OSRC" ) );
add( new emptyGroupsInODst( "check for empty groups in ODST" ) );
add( new emptyGroupsInOSrv( "check for empty groups in OSRV" ) );
add( new emptyGroupsInOSrc( "check for empty groups in OSRC" ) );
add( new emptyGroupsInODst( "check for empty groups in ODST" ) );
add( new emptyGroupsInOSrv( "check for empty groups in OSRV" ) );
add( new emptyGroupsInTSrc( "check for empty groups in TSRC" ) );
add( new emptyGroupsInTDst( "check for empty groups in TDST" ) );
add( new emptyGroupsInTSrv( "check for empty groups in TSRV" ) );
add( new emptyGroupsInTSrc( "check for empty groups in TSRC" ) );
add( new emptyGroupsInTDst( "check for empty groups in TDST" ) );
add( new emptyGroupsInTSrv( "check for empty groups in TSRV" ) );
add( new ExpandGroups( "expand groups" ) );
add( new eliminateDuplicatesInOSRC( "eliminate duplicates in OSRC" ) );
add( new eliminateDuplicatesInODST( "eliminate duplicates in ODST" ) );
add( new eliminateDuplicatesInOSRV( "eliminate duplicates in OSRV" ) );
add( new ExpandGroups( "expand groups" ) );
add( new eliminateDuplicatesInOSRC( "eliminate duplicates in OSRC" ) );
add( new eliminateDuplicatesInODST( "eliminate duplicates in ODST" ) );
add( new eliminateDuplicatesInOSRV( "eliminate duplicates in OSRV" ) );
add( new swapMultiAddressObjectsInOSrc(" swap MultiAddress -> MultiAddressRunTime in OSrc") );
add( new swapMultiAddressObjectsInODst(" swap MultiAddress -> MultiAddressRunTime in ODst") );
add( new swapMultiAddressObjectsInOSrc(" swap MultiAddress -> MultiAddressRunTime in OSrc") );
add( new swapMultiAddressObjectsInODst(" swap MultiAddress -> MultiAddressRunTime in ODst") );
add( new processMultiAddressObjectsInOSrc("process MultiAddress objects in OSrc") );
add( new processMultiAddressObjectsInODst("process MultiAddress objects in ODst") );
add( new processMultiAddressObjectsInOSrc("process MultiAddress objects in OSrc") );
add( new processMultiAddressObjectsInODst("process MultiAddress objects in ODst") );
add( new splitOnOSrv( "split rule on original service" ) );
add( new ExpandPortRange("expand port ranges") );
add( new fillTranslatedSrv( "fill translated service" ) );
add( new NATRuleType( "determine NAT rule types" ) );
add( new VerifyRules( "verify NAT rules" ) );
add( new splitODstForSNAT("split rule if objects in ODst belong to different subnets" ) );
add( new ReplaceFirewallObjectsODst( "replace references to the firewall in ODst" ) );
add( new ReplaceFirewallObjectsTSrc( "replace references to the firewall in TSrc" ) );
add( new splitOnOSrv( "split rule on original service" ) );
add( new ExpandPortRange("expand port ranges") );
add( new fillTranslatedSrv( "fill translated service" ) );
add( new NATRuleType( "determine NAT rule types" ) );
add( new VerifyRules( "verify NAT rules" ) );
add( new splitODstForSNAT("split rule if objects in ODst belong to different subnets" ) );
add( new ReplaceFirewallObjectsODst( "replace references to the firewall in ODst" ) );
add( new ReplaceFirewallObjectsTSrc( "replace references to the firewall in TSrc" ) );
if ( manage_virtual_addr ) {
add( new addVirtualAddress( "add virtual addresses for NAT rules" ) );
}
add( new ExpandMultipleAddresses( "expand multiple addresses" ) );
add( new checkForUnnumbered( "check for unnumbered interfaces" ) );
add( new checkForDynamicInterfacesOfOtherObjects( "check for dynamic interfaces of other hosts and firewalls" ) );
add( new ExpandAddressRanges( "expand address range objects" ) );
add( new ConvertToAtomicForOriginal( "convert to atomic rules in OSrc and ODst" ) );
add( new ConvertToAtomicForTSrc( "convert to atomic rules in TSrc" ) );
add( new prepareForLB( "prepare for load balancing rules" ) );
add( new appProxy( "add application proxy code to map rules" ) );
add( new expandAnyService("split NAT rules with ANY service" ) );
add( new AssignInterface( "assign rules to interfaces" ) );
add( new RedirectRules( "replace objects in TDst for 'Redirect' rules" ) );
add( new convertInterfaceIdToStr( "prepare interface assignments" ) );
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new PrintRule("generate ipfilter code") );
add( new simplePrintProgress() );
runRuleProcessors();
} catch (FWException &ex)
{
error(ex.toString());
exit(1);
if ( manage_virtual_addr ) {
add( new addVirtualAddress( "add virtual addresses for NAT rules" ) );
}
add( new ExpandMultipleAddresses( "expand multiple addresses" ) );
add( new checkForUnnumbered( "check for unnumbered interfaces" ) );
add( new checkForDynamicInterfacesOfOtherObjects( "check for dynamic interfaces of other hosts and firewalls" ) );
add( new ExpandAddressRanges( "expand address range objects" ) );
add( new ConvertToAtomicForOriginal( "convert to atomic rules in OSrc and ODst" ) );
add( new ConvertToAtomicForTSrc( "convert to atomic rules in TSrc" ) );
add( new prepareForLB( "prepare for load balancing rules" ) );
add( new appProxy( "add application proxy code to map rules" ) );
add( new expandAnyService("split NAT rules with ANY service" ) );
add( new AssignInterface( "assign rules to interfaces" ) );
add( new RedirectRules( "replace objects in TDst for 'Redirect' rules" ) );
add( new convertInterfaceIdToStr( "prepare interface assignments" ) );
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new PrintRule("generate ipfilter code") );
add( new simplePrintProgress() );
runRuleProcessors();
}

17
src/pflib/NATCompiler_ipfw.cpp
View File

@ -63,22 +63,15 @@ void NATCompiler_ipfw::compile()
{
info(" Compiling NAT rules for " + fw->getName());
try {
Compiler::compile();
Compiler::compile();
add( new Begin());
add( new printTotalNumberOfRules() );
add( new Begin());
add( new printTotalNumberOfRules() );
add( new simplePrintProgress() );
add( new simplePrintProgress() );
runRuleProcessors();
runRuleProcessors();
} catch (FWException &ex)
{
error(ex.toString());
exit(1);
}
}

160
src/pflib/NATCompiler_pf.cpp
View File

@ -1175,113 +1175,105 @@ void NATCompiler_pf::compile()
if (ipv6) banner += ", IPv6";
info(banner);
try {
Compiler::compile();
Compiler::compile();
add( new Begin());
add( new printTotalNumberOfRules() );
add( new Begin());
add( new printTotalNumberOfRules() );
add( new singleRuleFilter());
add( new singleRuleFilter());
add( new recursiveGroupsInOSrc("check for recursive groups in OSRC") );
add( new recursiveGroupsInODst("check for recursive groups in ODST") );
add( new recursiveGroupsInOSrv("check for recursive groups in OSRV") );
add( new recursiveGroupsInOSrc("check for recursive groups in OSRC") );
add( new recursiveGroupsInODst("check for recursive groups in ODST") );
add( new recursiveGroupsInOSrv("check for recursive groups in OSRV") );
add( new recursiveGroupsInTSrc("check for recursive groups in TSRC") );
add( new recursiveGroupsInTDst("check for recursive groups in TDST") );
add( new recursiveGroupsInTSrv("check for recursive groups in TSRV") );
add( new recursiveGroupsInTSrc("check for recursive groups in TSRC") );
add( new recursiveGroupsInTDst("check for recursive groups in TDST") );
add( new recursiveGroupsInTSrv("check for recursive groups in TSRV") );
add( new emptyGroupsInOSrc( "check for empty groups in OSRC" ) );
add( new emptyGroupsInODst( "check for empty groups in ODST" ) );
add( new emptyGroupsInOSrv( "check for empty groups in OSRV" ) );
add( new emptyGroupsInOSrc( "check for empty groups in OSRC" ) );
add( new emptyGroupsInODst( "check for empty groups in ODST" ) );
add( new emptyGroupsInOSrv( "check for empty groups in OSRV" ) );
add( new emptyGroupsInTSrc( "check for empty groups in TSRC" ) );
add( new emptyGroupsInTDst( "check for empty groups in TDST" ) );
add( new emptyGroupsInTSrv( "check for empty groups in TSRV" ) );
add( new emptyGroupsInTSrc( "check for empty groups in TSRC" ) );
add( new emptyGroupsInTDst( "check for empty groups in TDST" ) );
add( new emptyGroupsInTSrv( "check for empty groups in TSRV" ) );
add( new ExpandGroups( "expand groups" ) );
add( new eliminateDuplicatesInOSRC( "eliminate duplicates in OSRC") );
add( new eliminateDuplicatesInODST( "eliminate duplicates in ODST") );
add( new eliminateDuplicatesInOSRV( "eliminate duplicates in OSRV") );
add( new ExpandGroups( "expand groups" ) );
add( new eliminateDuplicatesInOSRC( "eliminate duplicates in OSRC") );
add( new eliminateDuplicatesInODST( "eliminate duplicates in ODST") );
add( new eliminateDuplicatesInOSRV( "eliminate duplicates in OSRV") );
add( new swapMultiAddressObjectsInOSrc(
" swap MultiAddress -> MultiAddressRunTime in OSrc") );
add( new swapMultiAddressObjectsInODst(
" swap MultiAddress -> MultiAddressRunTime in ODst") );
add( new swapMultiAddressObjectsInOSrc(
" swap MultiAddress -> MultiAddressRunTime in OSrc") );
add( new swapMultiAddressObjectsInODst(
" swap MultiAddress -> MultiAddressRunTime in ODst") );
add( new swapAddressTableObjectsInOSrc(
"AddressTable -> MultiAddressRunTime in OSrc") );
add( new swapAddressTableObjectsInODst(
"AddressTable -> MultiAddressRunTime in ODst") );
add( new swapAddressTableObjectsInTDst(
"AddressTable -> MultiAddressRunTime in TDst") );
add( new swapAddressTableObjectsInOSrc(
"AddressTable -> MultiAddressRunTime in OSrc") );
add( new swapAddressTableObjectsInODst(
"AddressTable -> MultiAddressRunTime in ODst") );
add( new swapAddressTableObjectsInTDst(
"AddressTable -> MultiAddressRunTime in TDst") );
add( new processMultiAddressObjectsInOSrc(
"process MultiAddress objects in OSrc") );
add( new processMultiAddressObjectsInODst(
"process MultiAddress objects in ODst") );
add( new processMultiAddressObjectsInTDst(
"process MultiAddress objects in TDst") );
add( new processMultiAddressObjectsInOSrc(
"process MultiAddress objects in OSrc") );
add( new processMultiAddressObjectsInODst(
"process MultiAddress objects in ODst") );
add( new processMultiAddressObjectsInTDst(
"process MultiAddress objects in TDst") );
add( new splitOnOSrv( "split rule on original service" ) );
add( new fillTranslatedSrv( "fill translated service" ) );
add( new splitOnOSrv( "split rule on original service" ) );
add( new fillTranslatedSrv( "fill translated service" ) );
//add( new doOSrcNegation( "process negation in OSrc" ) );
//add( new doODstNegation( "process negation in ODst" ) );
//add( new doOSrvNegation( "process negation in OSrv" ) );
//add( new doOSrcNegation( "process negation in OSrc" ) );
//add( new doODstNegation( "process negation in ODst" ) );
//add( new doOSrvNegation( "process negation in OSrv" ) );
add( new NATRuleType( "determine NAT rule types" ) );
add( new splitSDNATRule("split SDNAT rules" ) );
add( new NATRuleType( "determine NAT rule types" ) );
add( new VerifyRules( "verify NAT rules" ) );
//add( new splitODstForSNAT(
// "split rule if objects in ODst belong to different subnets"));
add( new ReplaceFirewallObjectsODst(
"replace references to the firewall in ODst" ) );
add( new ReplaceFirewallObjectsTSrc(
"replace references to the firewall in TSrc" ) );
add( new ReplaceObjectsTDst( "replace objects in TDst" ) );
add( new NATRuleType( "determine NAT rule types" ) );
add( new splitSDNATRule("split SDNAT rules" ) );
add( new NATRuleType( "determine NAT rule types" ) );
add( new VerifyRules( "verify NAT rules" ) );
//add( new splitODstForSNAT(
// "split rule if objects in ODst belong to different subnets"));
add( new ReplaceFirewallObjectsODst(
"replace references to the firewall in ODst" ) );
add( new ReplaceFirewallObjectsTSrc(
"replace references to the firewall in TSrc" ) );
add( new ReplaceObjectsTDst( "replace objects in TDst" ) );
add( new ExpandMultipleAddresses( "expand multiple addresses" ) );
add( new ExpandMultipleAddresses( "expand multiple addresses" ) );
// we might get empty RE after expanding multiple addresses,
// for example when unnumbered interface is used in TSRC. Note
// that VerifyRules should not allow this, but we may still
// get here in the test mode. Calling dropRuleWithEmptyRE works
// as a fail-safe and prevents crash.
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
// we might get empty RE after expanding multiple addresses,
// for example when unnumbered interface is used in TSRC. Note
// that VerifyRules should not allow this, but we may still
// get here in the test mode. Calling dropRuleWithEmptyRE works
// as a fail-safe and prevents crash.
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
if ( manage_virtual_addr )
add( new addVirtualAddress("add virtual addresses for NAT rules"));
if ( manage_virtual_addr )
add( new addVirtualAddress("add virtual addresses for NAT rules"));
add( new checkForUnnumbered("check for unnumbered interfaces" ) );
add( new checkForDynamicInterfacesOfOtherObjects(
"check for dynamic interfaces of other hosts and firewalls"));
add( new ExpandAddressRanges( "expand address range objects" ) );
//add( new ConvertToAtomicForTSrc( "convert to atomic rules" ) );
add( new splitForTSrc(
"split if addresses in TSrc belong to different networks" ));
add( new AssignInterface( "assign rules to interfaces" ) );
add( new convertInterfaceIdToStr("prepare interface assignments") );
add( new checkForUnnumbered("check for unnumbered interfaces" ) );
add( new checkForDynamicInterfacesOfOtherObjects(
"check for dynamic interfaces of other hosts and firewalls"));
add( new ExpandAddressRanges( "expand address range objects" ) );
//add( new ConvertToAtomicForTSrc( "convert to atomic rules" ) );
add( new splitForTSrc(
"split if addresses in TSrc belong to different networks" ));
add( new AssignInterface( "assign rules to interfaces" ) );
add( new convertInterfaceIdToStr("prepare interface assignments") );
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new createTables("create tables"));
add( new createTables("create tables"));
// add( new PrintTables( "print tables" ) );
add( new PrintRule("generate pf code") );
add( new simplePrintProgress() );
add( new PrintRule("generate pf code") );
add( new simplePrintProgress() );
runRuleProcessors();
runRuleProcessors();
} catch (FWException &ex)
{
error(ex.toString());
exit(1);
}
}

244
src/pflib/PolicyCompiler_ipf.cpp
View File

@ -420,87 +420,27 @@ void PolicyCompiler_ipf::compile()
{
info(" Compiling policy for " + fw->getName());
try {
Compiler::compile();
Compiler::compile();
addDefaultPolicyRule();
bool check_for_recursive_groups=true;
addDefaultPolicyRule();
bool check_for_recursive_groups=true;
if ( fw->getOptionsObject()->getBool ("check_shading") &&
! inSingleRuleCompileMode())
{
add( new Begin ("Detecting rule shadowing" ) );
add( new printTotalNumberOfRules( ) );
add( new ItfNegation("process negation in Itf" ) );
add( new InterfacePolicyRules(
"process interface policy rules and store interface ids"));
add( new recursiveGroupsInSrc("check for recursive groups in SRC"));
add( new recursiveGroupsInDst("check for recursive groups in DST"));
add( new recursiveGroupsInSrv("check for recursive groups in SRV"));
check_for_recursive_groups=false;
add( new ExpandGroups("expand groups") );
add( new eliminateDuplicatesInSRC("eliminate duplicates in SRC") );
add( new eliminateDuplicatesInDST("eliminate duplicates in DST") );
add( new eliminateDuplicatesInSRV("eliminate duplicates in SRV") );
add( new swapMultiAddressObjectsInSrc(
" swap MultiAddress -> MultiAddressRunTime in Src") );
add( new swapMultiAddressObjectsInDst(
" swap MultiAddress -> MultiAddressRunTime in Dst") );
add( new ExpandMultipleAddressesInSrc(
"expand objects with multiple addresses in SRC" ) );
add( new ExpandMultipleAddressesInDst(
"expand objects with multiple addresses in DST" ) );
add( new ConvertToAtomic("convert to atomic rules" ) );
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new DetectShadowing("Detect shadowing" ) );
add( new simplePrintProgress() );
runRuleProcessors();
deleteRuleProcessors();
}
add( new Begin());
add( new printTotalNumberOfRules() );
add( new singleRuleFilter());
// add( new MACFiltering( "verify for MAC address filtering" ) );
add( new setQuickFlag("set 'quick' flag") );
if (check_for_recursive_groups)
{
add( new recursiveGroupsInSrc("check for recursive groups in SRC"));
add( new recursiveGroupsInDst("check for recursive groups in DST"));
add( new recursiveGroupsInSrv("check for recursive groups in SRV"));
}
add( new emptyGroupsInSrc("check for empty groups in SRC") );
add( new emptyGroupsInDst("check for empty groups in DST") );
add( new emptyGroupsInSrv("check for empty groups in SRV") );
if ( fw->getOptionsObject()->getBool ("check_shading") &&
! inSingleRuleCompileMode())
{
add( new Begin ("Detecting rule shadowing" ) );
add( new printTotalNumberOfRules( ) );
add( new ItfNegation("process negation in Itf" ) );
add( new InterfacePolicyRules(
"process interface policy rules and store interface ids") );
"process interface policy rules and store interface ids"));
add( new doSrcNegation("process negation in Src") );
add( new doDstNegation("process negation in Dst") );
add( new doSrvNegation("process negation in Srv") );
add( new ExpandGroups( "expand groups") );
add( new recursiveGroupsInSrc("check for recursive groups in SRC"));
add( new recursiveGroupsInDst("check for recursive groups in DST"));
add( new recursiveGroupsInSrv("check for recursive groups in SRV"));
check_for_recursive_groups=false;
add( new CheckForTCPEstablished(
"check for TCPService objects with flag \"established\"") );
add( new CheckForUnsupportedUserService("check for user service") );
add( new ExpandGroups("expand groups") );
add( new eliminateDuplicatesInSRC("eliminate duplicates in SRC") );
add( new eliminateDuplicatesInDST("eliminate duplicates in DST") );
add( new eliminateDuplicatesInSRV("eliminate duplicates in SRV") );
@ -510,66 +450,118 @@ void PolicyCompiler_ipf::compile()
add( new swapMultiAddressObjectsInDst(
" swap MultiAddress -> MultiAddressRunTime in Dst") );
add( new processMultiAddressObjectsInSrc(
"process MultiAddress objects in Src") );
add( new processMultiAddressObjectsInDst(
"process MultiAddress objects in Dst") );
add( new splitIfFirewallInSrc("split rule if firewall is in Src") );
add( new splitIfFirewallInDst("split rule if firewall is in Dst") );
add( new fillDirection("determine directions") );
add( new SplitDirectionIpfilter("split rules with direction 'both'" ) );
add( new ExpandMultipleAddresses(
"expand objects with multiple addresses") );
add( new checkForDynamicInterfacesOfOtherObjects(
"check for dynamic interfaces of other hosts and firewalls" ));
add( new MACFiltering("verify for MAC address filtering" ) );
add( new checkForUnnumbered("check for unnumbered interfaces") );
add( new specialCaseWithDynInterface(
"check for a special cases with dynamic interface") );
add( new addressRanges("expand address range objects") );
add( new splitServices("split rules with different protocols") );
add( new separateTCPWithFlags("separate TCP services with flags" ) );
add( new separateSrcPort("split on TCP and UDP with source ports"));
add( new verifyCustomServices(
"verify custom services for this platform") );
add( new SpecialServices("check for special services" ) );
add( new expandAnyService("expand ANY service for stateful rules") );
/*
* it may make sense to do optimization even before we expand groups
* (before ExpandGroups). Need to test this idea.
*/
if ( fw->getOptionsObject()->getBool ("optimize") )
{
add( new optimizeSrc("optimization in SRC") );
add( new optimizeDst("optimization in DST") );
add( new optimizeSrv("optimization in SRV") );
}
add( new ConvertToAtomic("convert to atomic rules") );
add( new checkForZeroAddr("check for zero addresses" ) );
if ( fw->getOptionsObject()->getBool ("eliminate_duplicates") )
add( new eliminateDuplicateRules("eliminate duplicate rules" ) );
add( new calculateSkip("calculate argument for skip") );
add( new checkForKeepState("check for 'keep state'") );
add( new convertInterfaceIdToStr("prepare interface assignments") );
add( new ExpandMultipleAddressesInSrc(
"expand objects with multiple addresses in SRC" ) );
add( new ExpandMultipleAddressesInDst(
"expand objects with multiple addresses in DST" ) );
add( new ConvertToAtomic("convert to atomic rules" ) );
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new PrintRule("generate ipf code") );
add( new DetectShadowing("Detect shadowing" ) );
add( new simplePrintProgress() );
runRuleProcessors();
} catch (FWException &ex)
{
error(ex.toString());
exit(1);
deleteRuleProcessors();
}
add( new Begin());
add( new printTotalNumberOfRules() );
add( new singleRuleFilter());
// add( new MACFiltering( "verify for MAC address filtering" ) );
add( new setQuickFlag("set 'quick' flag") );
if (check_for_recursive_groups)
{
add( new recursiveGroupsInSrc("check for recursive groups in SRC"));
add( new recursiveGroupsInDst("check for recursive groups in DST"));
add( new recursiveGroupsInSrv("check for recursive groups in SRV"));
}
add( new emptyGroupsInSrc("check for empty groups in SRC") );
add( new emptyGroupsInDst("check for empty groups in DST") );
add( new emptyGroupsInSrv("check for empty groups in SRV") );
add( new ItfNegation("process negation in Itf" ) );
add( new InterfacePolicyRules(
"process interface policy rules and store interface ids") );
add( new doSrcNegation("process negation in Src") );
add( new doDstNegation("process negation in Dst") );
add( new doSrvNegation("process negation in Srv") );
add( new ExpandGroups( "expand groups") );
add( new CheckForTCPEstablished(
"check for TCPService objects with flag \"established\"") );
add( new CheckForUnsupportedUserService("check for user service") );
add( new eliminateDuplicatesInSRC("eliminate duplicates in SRC") );
add( new eliminateDuplicatesInDST("eliminate duplicates in DST") );
add( new eliminateDuplicatesInSRV("eliminate duplicates in SRV") );
add( new swapMultiAddressObjectsInSrc(
" swap MultiAddress -> MultiAddressRunTime in Src") );
add( new swapMultiAddressObjectsInDst(
" swap MultiAddress -> MultiAddressRunTime in Dst") );
add( new processMultiAddressObjectsInSrc(
"process MultiAddress objects in Src") );
add( new processMultiAddressObjectsInDst(
"process MultiAddress objects in Dst") );
add( new splitIfFirewallInSrc("split rule if firewall is in Src") );
add( new splitIfFirewallInDst("split rule if firewall is in Dst") );
add( new fillDirection("determine directions") );
add( new SplitDirectionIpfilter("split rules with direction 'both'" ) );
add( new ExpandMultipleAddresses(
"expand objects with multiple addresses") );
add( new checkForDynamicInterfacesOfOtherObjects(
"check for dynamic interfaces of other hosts and firewalls" ));
add( new MACFiltering("verify for MAC address filtering" ) );
add( new checkForUnnumbered("check for unnumbered interfaces") );
add( new specialCaseWithDynInterface(
"check for a special cases with dynamic interface") );
add( new addressRanges("expand address range objects") );
add( new splitServices("split rules with different protocols") );
add( new separateTCPWithFlags("separate TCP services with flags" ) );
add( new separateSrcPort("split on TCP and UDP with source ports"));
add( new verifyCustomServices(
"verify custom services for this platform") );
add( new SpecialServices("check for special services" ) );
add( new expandAnyService("expand ANY service for stateful rules") );
/*
* it may make sense to do optimization even before we expand groups
* (before ExpandGroups). Need to test this idea.
*/
if ( fw->getOptionsObject()->getBool ("optimize") )
{
add( new optimizeSrc("optimization in SRC") );
add( new optimizeDst("optimization in DST") );
add( new optimizeSrv("optimization in SRV") );
}
add( new ConvertToAtomic("convert to atomic rules") );
add( new checkForZeroAddr("check for zero addresses" ) );
if ( fw->getOptionsObject()->getBool ("eliminate_duplicates") )
add( new eliminateDuplicateRules("eliminate duplicate rules" ) );
add( new calculateSkip("calculate argument for skip") );
add( new checkForKeepState("check for 'keep state'") );
add( new convertInterfaceIdToStr("prepare interface assignments") );
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new PrintRule("generate ipf code") );
add( new simplePrintProgress() );
runRuleProcessors();
}
string PolicyCompiler_ipf::debugPrintRule(Rule *r)

210
src/pflib/PolicyCompiler_ipfw.cpp
View File

@ -530,82 +530,28 @@ void PolicyCompiler_ipfw::compile()
if (ipv6) banner += ", IPv6";
info(banner);
try {
Compiler::compile();
Compiler::compile();
addDefaultPolicyRule();
bool check_for_recursive_groups=true;
addDefaultPolicyRule();
bool check_for_recursive_groups=true;
if ( fw->getOptionsObject()->getBool("check_shading") &&
! inSingleRuleCompileMode())
{
add( new Begin("Detecting rule shadowing"));
add( new printTotalNumberOfRules());
add( new SpecialRuleActionsForShadowing(
"disable rules with action Pipe and Custom") );
add( new ItfNegation("process negation in Itf" ) );
add( new InterfacePolicyRules(
"process interface policy rules and store interface ids"));
add( new recursiveGroupsInSrc("check for recursive grps in SRC"));
add( new recursiveGroupsInDst("check for recursive grps in DST"));
add( new recursiveGroupsInSrv("check for recursive grps in SRV"));
check_for_recursive_groups=false;
add( new ExpandGroups("expand groups"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new eliminateDuplicatesInSRC("eliminate duplicates in SRC"));
add( new eliminateDuplicatesInDST("eliminate duplicates in DST"));
add( new eliminateDuplicatesInSRV("eliminate duplicates in SRV"));
add( new swapMultiAddressObjectsInSrc(
" swap MultiAddress -> MultiAddressRunTime in Src") );
add( new swapMultiAddressObjectsInDst(
" swap MultiAddress -> MultiAddressRunTime in Dst") );
add( new ExpandMultipleAddressesInSrc(
"expand objects with multiple addresses in SRC"));
add( new ExpandMultipleAddressesInDst(
"expand objects with multiple addresses in DST"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new ConvertToAtomic("convert to atomic rules"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new DetectShadowing("Detect shadowing"));
add( new simplePrintProgress());
runRuleProcessors();
deleteRuleProcessors();
}
add( new Begin());
if ( fw->getOptionsObject()->getBool("check_shading") &&
! inSingleRuleCompileMode())
{
add( new Begin("Detecting rule shadowing"));
add( new printTotalNumberOfRules());
add( new singleRuleFilter());
if (check_for_recursive_groups)
{
add( new recursiveGroupsInSrc("check for recursive grps in SRC"));
add( new recursiveGroupsInDst("check for recursive grps in DST"));
add( new recursiveGroupsInSrv("check for recursive grps in SRV"));
}
add( new emptyGroupsInSrc("check for empty grps in SRC"));
add( new emptyGroupsInDst("check for empty grps in DST"));
add( new emptyGroupsInSrv("check for empty grps in SRV"));
add( new ItfNegation("process negation in Itf"));
add( new SpecialRuleActionsForShadowing(
"disable rules with action Pipe and Custom") );
add( new ItfNegation("process negation in Itf" ) );
add( new InterfacePolicyRules(
"process interface policy rules and store interface ids"));
add( new doSrcNegation("process negation in Src"));
add( new doDstNegation("process negation in Dst"));
add( new doSrvNegation("process negation in Srv"));
add( new recursiveGroupsInSrc("check for recursive grps in SRC"));
add( new recursiveGroupsInDst("check for recursive grps in DST"));
add( new recursiveGroupsInSrv("check for recursive grps in SRV"));
check_for_recursive_groups=false;
add( new ExpandGroups("expand groups"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new eliminateDuplicatesInSRC("eliminate duplicates in SRC"));
@ -617,55 +563,101 @@ void PolicyCompiler_ipfw::compile()
add( new swapMultiAddressObjectsInDst(
" swap MultiAddress -> MultiAddressRunTime in Dst") );
add( new processMultiAddressObjectsInSrc(
"process MultiAddress objects in Src") );
add( new processMultiAddressObjectsInDst(
"process MultiAddress objects in Dst") );
add( new splitIfFirewallInSrc("split rule if firewall is in Src"));
add( new splitIfFirewallInDst("split rule if firewall is in Dst"));
add( new fillDirection("determine directions"));
add( new ExpandMultipleAddresses(
"expand objects with multiple addresses"));
add( new ExpandMultipleAddressesInSrc(
"expand objects with multiple addresses in SRC"));
add( new ExpandMultipleAddressesInDst(
"expand objects with multiple addresses in DST"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new checkForDynamicInterfacesOfOtherObjects(
"check for dynamic interfaces of other hosts and firewalls"));
add( new MACFiltering("verify for MAC address filtering"));
add( new checkForUnnumbered("check for unnumbered interfaces"));
add( new specialCaseWithDynInterface(
"check for a special cases with dynamic interface"));
add( new addressRanges("expand address range objects"));
add( new splitServices("split rules with different protocols"));
add( new splitIpOptions("split rules with multiple IPService objects with options"));
add( new separateTCPWithFlags("separate TCP services with flags"));
add( new separateSrcPort("split on TCP and UDP with source ports"));
add( new separatePortRanges("split services with port ranges"));
add( new sortTCPUDPServices("move port ranges to the front of ports"));
add( new verifyCustomServices(
"verify custom services for this platform"));
add( new SpecialServices("check for special services"));
// add( new expandAnyService("expand ANY service for stateful rules"));
add( new ConvertToAtomicForAddresses(
"convert to atomic rules in SRC and DST"));
add( new checkForZeroAddr("check for zero addresses"));
add( new calculateNum("calculate rule numbers "));
add( new convertInterfaceIdToStr("prepare interface assignments"));
add( new ConvertToAtomic("convert to atomic rules"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new PrintRule("generate ipf code"));
add( new DetectShadowing("Detect shadowing"));
add( new simplePrintProgress());
runRuleProcessors();
} catch (FWException &ex)
{
error(ex.toString());
exit(1);
deleteRuleProcessors();
}
add( new Begin());
add( new printTotalNumberOfRules());
add( new singleRuleFilter());
if (check_for_recursive_groups)
{
add( new recursiveGroupsInSrc("check for recursive grps in SRC"));
add( new recursiveGroupsInDst("check for recursive grps in DST"));
add( new recursiveGroupsInSrv("check for recursive grps in SRV"));
}
add( new emptyGroupsInSrc("check for empty grps in SRC"));
add( new emptyGroupsInDst("check for empty grps in DST"));
add( new emptyGroupsInSrv("check for empty grps in SRV"));
add( new ItfNegation("process negation in Itf"));
add( new InterfacePolicyRules(
"process interface policy rules and store interface ids"));
add( new doSrcNegation("process negation in Src"));
add( new doDstNegation("process negation in Dst"));
add( new doSrvNegation("process negation in Srv"));
add( new ExpandGroups("expand groups"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new eliminateDuplicatesInSRC("eliminate duplicates in SRC"));
add( new eliminateDuplicatesInDST("eliminate duplicates in DST"));
add( new eliminateDuplicatesInSRV("eliminate duplicates in SRV"));
add( new swapMultiAddressObjectsInSrc(
" swap MultiAddress -> MultiAddressRunTime in Src") );
add( new swapMultiAddressObjectsInDst(
" swap MultiAddress -> MultiAddressRunTime in Dst") );
add( new processMultiAddressObjectsInSrc(
"process MultiAddress objects in Src") );
add( new processMultiAddressObjectsInDst(
"process MultiAddress objects in Dst") );
add( new splitIfFirewallInSrc("split rule if firewall is in Src"));
add( new splitIfFirewallInDst("split rule if firewall is in Dst"));
add( new fillDirection("determine directions"));
add( new ExpandMultipleAddresses(
"expand objects with multiple addresses"));
add( new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add( new checkForDynamicInterfacesOfOtherObjects(
"check for dynamic interfaces of other hosts and firewalls"));
add( new MACFiltering("verify for MAC address filtering"));
add( new checkForUnnumbered("check for unnumbered interfaces"));
add( new specialCaseWithDynInterface(
"check for a special cases with dynamic interface"));
add( new addressRanges("expand address range objects"));
add( new splitServices("split rules with different protocols"));
add( new splitIpOptions("split rules with multiple IPService objects with options"));
add( new separateTCPWithFlags("separate TCP services with flags"));
add( new separateSrcPort("split on TCP and UDP with source ports"));
add( new separatePortRanges("split services with port ranges"));
add( new sortTCPUDPServices("move port ranges to the front of ports"));
add( new verifyCustomServices(
"verify custom services for this platform"));
add( new SpecialServices("check for special services"));
// add( new expandAnyService("expand ANY service for stateful rules"));
add( new ConvertToAtomicForAddresses(
"convert to atomic rules in SRC and DST"));
add( new checkForZeroAddr("check for zero addresses"));
add( new calculateNum("calculate rule numbers "));
add( new convertInterfaceIdToStr("prepare interface assignments"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add( new PrintRule("generate ipf code"));
add( new simplePrintProgress());
runRuleProcessors();
}
string PolicyCompiler_ipfw::debugPrintRule(Rule *r)

277
src/pflib/PolicyCompiler_pf.cpp
View File

@ -917,173 +917,166 @@ void PolicyCompiler_pf::compile()
if (ipv6) banner += ", IPv6";
info(banner);
try
Compiler::compile();
addDefaultPolicyRule();
bool check_for_recursive_groups=true;
if (fw->getOptionsObject()->getBool("check_shading") &&
! inSingleRuleCompileMode())
{
Compiler::compile();
addDefaultPolicyRule();
bool check_for_recursive_groups=true;
if (fw->getOptionsObject()->getBool("check_shading") &&
! inSingleRuleCompileMode())
{
add(new Begin("Detecting rule shadowing"));
add(new printTotalNumberOfRules());
add(new ItfNegation("process negation in Itf"));
add(new InterfacePolicyRules(
"process interface policy rules and store interface ids"));
add(new recursiveGroupsInSrc("check for recursive groups in SRC"));
add(new recursiveGroupsInDst("check for recursive groups in DST"));
add(new recursiveGroupsInSrv("check for recursive groups in SRV"));
check_for_recursive_groups=false;
add(new ExpandGroups("expand groups"));
add(new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add(new eliminateDuplicatesInSRC("eliminate duplicates in SRC"));
add(new eliminateDuplicatesInDST("eliminate duplicates in DST"));
add(new eliminateDuplicatesInSRV("eliminate duplicates in SRV"));
add(new swapAddressTableObjectsInSrc(
"AddressTable -> MultiAddressRunTime in Src"));
add(new swapAddressTableObjectsInDst(
"AddressTable -> MultiAddressRunTime in Dst"));
add(new swapMultiAddressObjectsInSrc(
"MultiAddress -> MultiAddressRunTime in Src"));
add(new swapMultiAddressObjectsInDst(
"MultiAddress -> MultiAddressRunTime in Dst"));
add(new ExpandMultipleAddressesInSrc(
"expand objects with multiple addresses in SRC"));
add(new ExpandMultipleAddressesInDst(
"expand objects with multiple addresses in DST"));
add(new dropRuleWithEmptyRE(
"drop rules with empty rule elements"));
add(new ConvertToAtomic("convert to atomic rules"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add(new DetectShadowing("Detect shadowing"));
add(new simplePrintProgress());
runRuleProcessors();
deleteRuleProcessors();
}
add(new Begin());
add(new Begin("Detecting rule shadowing"));
add(new printTotalNumberOfRules());
add( new singleRuleFilter());
add(new ItfNegation("process negation in Itf"));
add(new InterfacePolicyRules(
"process interface policy rules and store interface ids"));
// add(new printScrubRule(" Defragmentation"));
if (check_for_recursive_groups)
{
add(new recursiveGroupsInSrc("check for recursive groups in SRC"));
add(new recursiveGroupsInDst("check for recursive groups in DST"));
add(new recursiveGroupsInSrv("check for recursive groups in SRV"));
}
add(new recursiveGroupsInSrc("check for recursive groups in SRC"));
add(new recursiveGroupsInDst("check for recursive groups in DST"));
add(new recursiveGroupsInSrv("check for recursive groups in SRV"));
check_for_recursive_groups=false;
add(new emptyGroupsInSrc("check for empty groups in SRC"));
add(new emptyGroupsInDst("check for empty groups in DST"));
add(new emptyGroupsInSrv("check for empty groups in SRV"));
// add(new doSrcNegation("process negation in Src"));
// add(new doDstNegation("process negation in Dst"));
add(new doSrvNegation("process negation in Srv"));
// ExpandGroups opens groups, as well as groups in groups etc.
add(new ExpandGroups("expand groups"));
add(new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add(new CheckForTCPEstablished(
"check for TCPService objects with flag \"established\""));
add(new eliminateDuplicatesInSRC("eliminate duplicates in SRC"));
add(new eliminateDuplicatesInDST("eliminate duplicates in DST"));
add(new eliminateDuplicatesInSRV("eliminate duplicates in SRV"));
add(new swapAddressTableObjectsInSrc(
"AddressTable -> MultiAddressRunTime in Src"));
"AddressTable -> MultiAddressRunTime in Src"));
add(new swapAddressTableObjectsInDst(
"AddressTable -> MultiAddressRunTime in Dst"));
"AddressTable -> MultiAddressRunTime in Dst"));
add(new swapMultiAddressObjectsInSrc(
"MultiAddress -> MultiAddressRunTime in Src"));
"MultiAddress -> MultiAddressRunTime in Src"));
add(new swapMultiAddressObjectsInDst(
"MultiAddress -> MultiAddressRunTime in Dst"));
"MultiAddress -> MultiAddressRunTime in Dst"));
add(new processMultiAddressObjectsInSrc(
"process MultiAddress objects in Src"));
add(new processMultiAddressObjectsInDst(
"process MultiAddress objects in Dst"));
add(new replaceFailoverInterfaceInItf("replace carp interfaces"));
add(new expandGroupsInItf("expand groups in Interface"));
add(new replaceClusterInterfaceInItf(
"replace cluster interfaces with member interfaces in the Interface rule element"));
add(new ItfNegation("process negation in Itf"));
//add(new InterfacePolicyRules(
// "process interface policy rules and store interface ids"));
add(new splitIfFirewallInSrc("split rule if firewall is in Src"));
add(new splitIfFirewallInDst("split rule if firewall is in Dst"));
add(new fillDirection("determine directions"));
// commented out for bug #2828602
// ... and put back per #2844561
// both bug reports/patches are by Tom Judge (tomjudge on sourceforge)
add( new SplitDirection("split rules with direction 'both'" ));
add(new addLoopbackForRedirect(
"add loopback to rules that permit redirected services"));
add(new ExpandMultipleAddresses(
"expand objects with multiple addresses"));
add(new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add(new checkForDynamicInterfacesOfOtherObjects(
"check for dynamic interfaces of other hosts and firewalls"));
add(new MACFiltering("verify for MAC address filtering"));
add(new checkForUnnumbered("check for unnumbered interfaces"));
add(new addressRanges("expand address range objects"));
add(new splitServices("split rules with different protocols"));
add(new separateTCPWithFlags("separate TCP services with flags"));
add(new separateSrcPort("split on TCP and UDP with source ports"));
add(new separateTagged("split on TagService"));
add(new separateTOS("split on IPService with TOS"));
if (ipv6)
add( new DropIPv4Rules("drop ipv4 rules"));
else
add( new DropIPv6Rules("drop ipv6 rules"));
add(new verifyCustomServices("verify custom services for this platform"));
// add(new ProcessScrubOption("process 'scrub' option"));
add(new SpecialServices("check for special services"));
add(new setQuickFlag("set 'quick' flag"));
add(new checkForZeroAddr("check for zero addresses"));
add(new convertInterfaceIdToStr("prepare interface assignments"));
add(new ExpandMultipleAddressesInSrc(
"expand objects with multiple addresses in SRC"));
add(new ExpandMultipleAddressesInDst(
"expand objects with multiple addresses in DST"));
add(new dropRuleWithEmptyRE(
"drop rules with empty rule elements"));
add(new ConvertToAtomic("convert to atomic rules"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add(new createTables("create tables"));
// add(new PrintTables("print tables"));
add(new PrintRule("generate pf code"));
add(new DetectShadowing("Detect shadowing"));
add(new simplePrintProgress());
runRuleProcessors();
} catch (FWException &ex)
{
error(ex.toString());
exit(1);
deleteRuleProcessors();
}
add(new Begin());
add(new printTotalNumberOfRules());
add( new singleRuleFilter());
// add(new printScrubRule(" Defragmentation"));
if (check_for_recursive_groups)
{
add(new recursiveGroupsInSrc("check for recursive groups in SRC"));
add(new recursiveGroupsInDst("check for recursive groups in DST"));
add(new recursiveGroupsInSrv("check for recursive groups in SRV"));
}
add(new emptyGroupsInSrc("check for empty groups in SRC"));
add(new emptyGroupsInDst("check for empty groups in DST"));
add(new emptyGroupsInSrv("check for empty groups in SRV"));
// add(new doSrcNegation("process negation in Src"));
// add(new doDstNegation("process negation in Dst"));
add(new doSrvNegation("process negation in Srv"));
// ExpandGroups opens groups, as well as groups in groups etc.
add(new ExpandGroups("expand groups"));
add(new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add(new CheckForTCPEstablished(
"check for TCPService objects with flag \"established\""));
add(new eliminateDuplicatesInSRC("eliminate duplicates in SRC"));
add(new eliminateDuplicatesInDST("eliminate duplicates in DST"));
add(new eliminateDuplicatesInSRV("eliminate duplicates in SRV"));
add(new swapAddressTableObjectsInSrc(
"AddressTable -> MultiAddressRunTime in Src"));
add(new swapAddressTableObjectsInDst(
"AddressTable -> MultiAddressRunTime in Dst"));
add(new swapMultiAddressObjectsInSrc(
"MultiAddress -> MultiAddressRunTime in Src"));
add(new swapMultiAddressObjectsInDst(
"MultiAddress -> MultiAddressRunTime in Dst"));
add(new processMultiAddressObjectsInSrc(
"process MultiAddress objects in Src"));
add(new processMultiAddressObjectsInDst(
"process MultiAddress objects in Dst"));
add(new replaceFailoverInterfaceInItf("replace carp interfaces"));
add(new expandGroupsInItf("expand groups in Interface"));
add(new replaceClusterInterfaceInItf(
"replace cluster interfaces with member interfaces in the Interface rule element"));
add(new ItfNegation("process negation in Itf"));
//add(new InterfacePolicyRules(
// "process interface policy rules and store interface ids"));
add(new splitIfFirewallInSrc("split rule if firewall is in Src"));
add(new splitIfFirewallInDst("split rule if firewall is in Dst"));
add(new fillDirection("determine directions"));
// commented out for bug #2828602
// ... and put back per #2844561
// both bug reports/patches are by Tom Judge (tomjudge on sourceforge)
add( new SplitDirection("split rules with direction 'both'" ));
add(new addLoopbackForRedirect(
"add loopback to rules that permit redirected services"));
add(new ExpandMultipleAddresses(
"expand objects with multiple addresses"));
add(new dropRuleWithEmptyRE("drop rules with empty rule elements"));
add(new checkForDynamicInterfacesOfOtherObjects(
"check for dynamic interfaces of other hosts and firewalls"));
add(new MACFiltering("verify for MAC address filtering"));
add(new checkForUnnumbered("check for unnumbered interfaces"));
add(new addressRanges("expand address range objects"));
add(new splitServices("split rules with different protocols"));
add(new separateTCPWithFlags("separate TCP services with flags"));
add(new separateSrcPort("split on TCP and UDP with source ports"));
add(new separateTagged("split on TagService"));
add(new separateTOS("split on IPService with TOS"));
if (ipv6)
add( new DropIPv4Rules("drop ipv4 rules"));
else
add( new DropIPv6Rules("drop ipv6 rules"));
add(new verifyCustomServices("verify custom services for this platform"));
// add(new ProcessScrubOption("process 'scrub' option"));
add(new SpecialServices("check for special services"));
add(new setQuickFlag("set 'quick' flag"));
add(new checkForZeroAddr("check for zero addresses"));
add(new convertInterfaceIdToStr("prepare interface assignments"));
add( new checkForObjectsWithErrors(
"check if we have objects with errors in rule elements"));
add(new createTables("create tables"));
// add(new PrintTables("print tables"));
add(new PrintRule("generate pf code"));
add(new simplePrintProgress());
runRuleProcessors();
}

4
test/iosacl/auto-interface-test.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:14 2011 PST by vadim
! Generated Mon Jan 10 16:30:46 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/c3620.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:15 2011 PST by vadim
! Generated Mon Jan 10 16:30:46 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/ccie4u-r1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:15 2011 PST by vadim
! Generated Mon Jan 10 16:30:46 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/dynamips1-og.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:15 2011 PST by vadim
! Generated Mon Jan 10 16:30:47 2011 PST by vadim
!
! Compiled for iosacl 12.4
!

4
test/iosacl/firewall-ipv6-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:16 2011 PST by vadim
! Generated Mon Jan 10 16:30:47 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/firewall-ipv6-2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:16 2011 PST by vadim
! Generated Mon Jan 10 16:30:47 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/firewall-ipv6-3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:16 2011 PST by vadim
! Generated Mon Jan 10 16:30:48 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/testios1-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:17 2011 PST by vadim
! Generated Mon Jan 10 16:30:48 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/testios1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:17 2011 PST by vadim
! Generated Mon Jan 10 16:30:48 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/testios2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:18 2011 PST by vadim
! Generated Mon Jan 10 16:30:49 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/testios20-v12.3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:18 2011 PST by vadim
! Generated Mon Jan 10 16:30:49 2011 PST by vadim
!
! Compiled for iosacl 12.3
!

4
test/iosacl/testios20.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:18 2011 PST by vadim
! Generated Mon Jan 10 16:30:49 2011 PST by vadim
!
! Compiled for iosacl 12.4
!

4
test/iosacl/testios3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:19 2011 PST by vadim
! Generated Mon Jan 10 16:30:50 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/testios4.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:19 2011 PST by vadim
! Generated Mon Jan 10 16:30:50 2011 PST by vadim
!
! Compiled for iosacl 12.4
!

4
test/iosacl/testios5-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:19 2011 PST by vadim
! Generated Mon Jan 10 16:30:51 2011 PST by vadim
!
! Compiled for iosacl 12.4
!

4
test/iosacl/testios5.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3425
! Firewall Builder fwb_iosacl v4.2.0.3426
!
! Generated Tue Jan 4 11:25:19 2011 PST by vadim
! Generated Mon Jan 10 16:30:50 2011 PST by vadim
!
! Compiled for iosacl 12.4
!

6
test/ipf/firewall.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3425
# Firewall Builder fwb_ipf v4.2.0.3426
#
# Generated Mon Jan 3 13:15:01 2011 PST by vadim
# Generated Mon Jan 10 16:30:51 2011 PST by vadim
#
# files: * firewall.fw ipf.fw
# files: firewall-ipf.conf ipf.conf
@ -169,7 +169,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon Jan 3 13:15:01 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:51 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3425
# Firewall Builder fwb_ipf v4.2.0.3426
#
# Generated Mon Jan 3 13:15:01 2011 PST by vadim
# Generated Mon Jan 10 16:30:52 2011 PST by vadim
#
# files: * firewall1.fw /etc/ipf.fw
# files: firewall1-ipf.conf /etc/fw/ipf.conf
@ -83,7 +83,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Jan 3 13:15:01 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:52 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall10.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3425
# Firewall Builder fwb_ipf v4.2.0.3426
#
# Generated Mon Jan 3 13:15:01 2011 PST by vadim
# Generated Mon Jan 10 16:30:52 2011 PST by vadim
#
# files: * firewall10.fw
# files: firewall10-ipf.conf
@ -75,7 +75,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Jan 3 13:15:01 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:52 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall11.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3425
# Firewall Builder fwb_ipf v4.2.0.3426
#
# Generated Mon Jan 3 13:15:02 2011 PST by vadim
# Generated Mon Jan 10 16:30:52 2011 PST by vadim
#
# files: * firewall11.fw
# files: firewall11-ipf.conf
@ -161,7 +161,7 @@ configure_interfaces() {
update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon Jan 3 13:15:02 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:52 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3425
# Firewall Builder fwb_ipf v4.2.0.3426
#
# Generated Mon Jan 3 13:15:02 2011 PST by vadim
# Generated Mon Jan 10 16:30:53 2011 PST by vadim
#
# files: * firewall2.fw
# files: firewall2-ipf.conf
@ -79,7 +79,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Jan 3 13:15:02 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:53 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall34.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3425
# Firewall Builder fwb_ipf v4.2.0.3426
#
# Generated Mon Jan 3 13:15:03 2011 PST by vadim
# Generated Mon Jan 10 16:30:54 2011 PST by vadim
#
# files: * firewall34.fw
# files: firewall34-ipf.conf
@ -162,7 +162,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Mon Jan 3 13:15:03 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:54 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall35.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3425
# Firewall Builder fwb_ipf v4.2.0.3426
#
# Generated Mon Jan 3 13:15:03 2011 PST by vadim
# Generated Mon Jan 10 16:30:54 2011 PST by vadim
#
# files: * firewall35.fw
# files: firewall35-ipf.conf
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Jan 3 13:15:03 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:54 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3425
# Firewall Builder fwb_ipf v4.2.0.3426
#
# Generated Mon Jan 3 13:15:04 2011 PST by vadim
# Generated Mon Jan 10 16:30:54 2011 PST by vadim
#
# files: * firewall4.fw
# files: firewall4-ipf.conf
@ -80,7 +80,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Jan 3 13:15:04 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:54 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3425
# Firewall Builder fwb_ipf v4.2.0.3426
#
# Generated Mon Jan 3 13:15:04 2011 PST by vadim
# Generated Mon Jan 10 16:30:55 2011 PST by vadim
#
# files: * firewall5.fw
# files: firewall5-ipf.conf
@ -92,7 +92,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Jan 3 13:15:04 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:55 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3425
# Firewall Builder fwb_ipf v4.2.0.3426
#
# Generated Mon Jan 3 13:15:04 2011 PST by vadim
# Generated Mon Jan 10 16:30:55 2011 PST by vadim
#
# files: * firewall7.fw
# files: firewall7-ipf.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Jan 3 13:15:04 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:55 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3425
# Firewall Builder fwb_ipf v4.2.0.3426
#
# Generated Mon Jan 3 13:15:05 2011 PST by vadim
# Generated Mon Jan 10 16:30:55 2011 PST by vadim
#
# files: * firewall8.fw
# files: firewall8-ipf.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Jan 3 13:15:05 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:55 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/firewall9.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3425
# Firewall Builder fwb_ipf v4.2.0.3426
#
# Generated Mon Jan 3 13:15:05 2011 PST by vadim
# Generated Mon Jan 10 16:30:56 2011 PST by vadim
#
# files: * firewall9.fw
# files: firewall9-ipf.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Jan 3 13:15:05 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:56 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipf/host.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipf v4.2.0.3425
# Firewall Builder fwb_ipf v4.2.0.3426
#
# Generated Mon Jan 3 13:15:05 2011 PST by vadim
# Generated Mon Jan 10 16:30:56 2011 PST by vadim
#
# files: * host.fw
# files: host-ipf.conf
@ -78,7 +78,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Mon Jan 3 13:15:05 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:56 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3425
# Firewall Builder fwb_ipfw v4.2.0.3426
#
# Generated Fri Jan 7 12:51:57 2011 PST by vadim
# Generated Mon Jan 10 16:30:56 2011 PST by vadim
#
# files: * firewall.fw ipfw.fw
#
@ -81,7 +81,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Jan 7 12:51:57 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:56 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3425
# Firewall Builder fwb_ipfw v4.2.0.3426
#
# Generated Fri Jan 7 12:51:58 2011 PST by vadim
# Generated Mon Jan 10 16:30:57 2011 PST by vadim
#
# files: * firewall1.fw
#
@ -83,7 +83,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Jan 7 12:51:58 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:57 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3425
# Firewall Builder fwb_ipfw v4.2.0.3426
#
# Generated Fri Jan 7 12:51:58 2011 PST by vadim
# Generated Mon Jan 10 16:30:57 2011 PST by vadim
#
# files: * firewall2.fw
#
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Jan 7 12:51:58 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:57 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall33.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3425
# Firewall Builder fwb_ipfw v4.2.0.3426
#
# Generated Fri Jan 7 12:51:58 2011 PST by vadim
# Generated Mon Jan 10 16:30:58 2011 PST by vadim
#
# files: * firewall33.fw
#
@ -163,7 +163,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Jan 7 12:51:58 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:58 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall34.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3425
# Firewall Builder fwb_ipfw v4.2.0.3426
#
# Generated Fri Jan 7 12:51:59 2011 PST by vadim
# Generated Mon Jan 10 16:30:58 2011 PST by vadim
#
# files: * firewall34.fw
#
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Jan 7 12:51:59 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:58 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3425
# Firewall Builder fwb_ipfw v4.2.0.3426
#
# Generated Fri Jan 7 12:51:59 2011 PST by vadim
# Generated Mon Jan 10 16:30:58 2011 PST by vadim
#
# files: * firewall4.fw
#
@ -80,7 +80,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Jan 7 12:51:59 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:58 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3425
# Firewall Builder fwb_ipfw v4.2.0.3426
#
# Generated Fri Jan 7 12:51:59 2011 PST by vadim
# Generated Mon Jan 10 16:30:59 2011 PST by vadim
#
# files: * firewall7.fw
#
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Jan 7 12:51:59 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:59 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3425
# Firewall Builder fwb_ipfw v4.2.0.3426
#
# Generated Fri Jan 7 12:51:59 2011 PST by vadim
# Generated Mon Jan 10 16:30:59 2011 PST by vadim
#
# files: * firewall8.fw
#
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Jan 7 12:51:59 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:59 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/firewall9.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3425
# Firewall Builder fwb_ipfw v4.2.0.3426
#
# Generated Fri Jan 7 12:52:00 2011 PST by vadim
# Generated Mon Jan 10 16:30:59 2011 PST by vadim
#
# files: * firewall9.fw
#
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Jan 7 12:52:00 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:59 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/host.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3425
# Firewall Builder fwb_ipfw v4.2.0.3426
#
# Generated Fri Jan 7 12:52:00 2011 PST by vadim
# Generated Mon Jan 10 16:30:59 2011 PST by vadim
#
# files: * host.fw
#
@ -79,7 +79,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Jan 7 12:52:00 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:30:59 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipfw/mac.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipfw v4.2.0.3425
# Firewall Builder fwb_ipfw v4.2.0.3426
#
# Generated Fri Jan 7 12:52:00 2011 PST by vadim
# Generated Mon Jan 10 16:31:00 2011 PST by vadim
#
# files: * mac.fw
#
@ -77,7 +77,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Jan 7 12:52:00 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:00 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/ipt/cluster1_secuwall-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:39 2011 PST by vadim
# Generated Mon Jan 10 16:35:56 2011 PST by vadim
#
# files: * cluster1_secuwall-1.fw
#
@ -588,7 +588,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:39 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:56 2011 by vadim"
log "Database was cluster-tests.fwb"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-base-rulesets.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:18 2011 PST by vadim
# Generated Mon Jan 10 16:34:36 2011 PST by vadim
#
# files: * firewall-base-rulesets.fw
#
@ -445,7 +445,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:18 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:24 2011 PST by vadim
# Generated Mon Jan 10 16:34:42 2011 PST by vadim
#
# files: * firewall-ipv6-1.fw
#
@ -687,7 +687,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:24 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:42 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:30 2011 PST by vadim
# Generated Mon Jan 10 16:34:48 2011 PST by vadim
#
# files: * firewall-ipv6-2.fw
#
@ -930,7 +930,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:30 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:36 2011 PST by vadim
# Generated Mon Jan 10 16:34:53 2011 PST by vadim
#
# files: * firewall-ipv6-3.fw
#
@ -592,7 +592,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:36 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:53 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-4-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:47 2011 PST by vadim
# Generated Mon Jan 10 16:35:05 2011 PST by vadim
#
# files: * firewall-ipv6-4-1.fw
#
@ -539,7 +539,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:47 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:05 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:41 2011 PST by vadim
# Generated Mon Jan 10 16:34:59 2011 PST by vadim
#
# files: * firewall-ipv6-4.fw
#
@ -577,7 +577,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:41 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:59 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:50 2011 PST by vadim
# Generated Mon Jan 10 16:35:07 2011 PST by vadim
#
# files: * firewall-ipv6-5.fw
#
@ -412,7 +412,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:50 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:07 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:52 2011 PST by vadim
# Generated Mon Jan 10 16:35:10 2011 PST by vadim
#
# files: * firewall-ipv6-6.fw
#
@ -399,7 +399,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:52 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:10 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:55 2011 PST by vadim
# Generated Mon Jan 10 16:35:13 2011 PST by vadim
#
# files: * firewall-ipv6-7.fw
#
@ -443,7 +443,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:55 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:13 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:58 2011 PST by vadim
# Generated Mon Jan 10 16:35:16 2011 PST by vadim
#
# files: * firewall-ipv6-8.fw
#
@ -484,7 +484,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:58 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:16 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:01 2011 PST by vadim
# Generated Mon Jan 10 16:35:18 2011 PST by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-after-flush.fw
#
@ -450,7 +450,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:01 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:18 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:04 2011 PST by vadim
# Generated Mon Jan 10 16:35:21 2011 PST by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-after-interfaces.fw
#
@ -450,7 +450,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:04 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:21 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:06 2011 PST by vadim
# Generated Mon Jan 10 16:35:24 2011 PST by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-top.fw
#
@ -450,7 +450,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:06 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-prolog-after-flush.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:09 2011 PST by vadim
# Generated Mon Jan 10 16:35:26 2011 PST by vadim
#
# files: * firewall-ipv6-prolog-after-flush.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:09 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:26 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:12 2011 PST by vadim
# Generated Mon Jan 10 16:35:29 2011 PST by vadim
#
# files: * firewall-ipv6-prolog-after-interfaces.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:12 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:29 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-prolog-top.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:14 2011 PST by vadim
# Generated Mon Jan 10 16:35:32 2011 PST by vadim
#
# files: * firewall-ipv6-prolog-top.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:14 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:32 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-server-1-s.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:16 2011 PST by vadim
# Generated Mon Jan 10 16:35:34 2011 PST by vadim
#
# files: * firewall-server-1-s.fw
#
@ -393,7 +393,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:16 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:34 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:19:46 2011 PST by vadim
# Generated Mon Jan 10 16:31:05 2011 PST by vadim
#
# files: * firewall.fw
#
@ -1341,7 +1341,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:19:46 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:05 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:19:50 2011 PST by vadim
# Generated Mon Jan 10 16:31:08 2011 PST by vadim
#
# files: * firewall1.fw
#
@ -1252,7 +1252,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:19:50 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:08 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall10.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:19:52 2011 PST by vadim
# Generated Mon Jan 10 16:31:10 2011 PST by vadim
#
# files: * firewall10.fw
#
@ -473,7 +473,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:19:52 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:10 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall11.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:19:54 2011 PST by vadim
# Generated Mon Jan 10 16:31:13 2011 PST by vadim
#
# files: * firewall11.fw
#
@ -589,7 +589,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:19:54 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:13 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall12.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:19:56 2011 PST by vadim
# Generated Mon Jan 10 16:31:15 2011 PST by vadim
#
# files: * firewall12.fw
#
@ -511,7 +511,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:19:56 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:15 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall13.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:19:58 2011 PST by vadim
# Generated Mon Jan 10 16:31:17 2011 PST by vadim
#
# files: * firewall13.fw
#
@ -385,7 +385,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:19:58 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:17 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall14.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:00 2011 PST by vadim
# Generated Mon Jan 10 16:31:19 2011 PST by vadim
#
# files: * firewall14.fw
#
@ -404,7 +404,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:00 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:19 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall15.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:03 2011 PST by vadim
# Generated Mon Jan 10 16:31:21 2011 PST by vadim
#
# files: * firewall15.fw
#
@ -388,7 +388,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:03 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:21 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall16.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:05 2011 PST by vadim
# Generated Mon Jan 10 16:31:23 2011 PST by vadim
#
# files: * firewall16.fw
#
@ -492,7 +492,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:05 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:23 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall17.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:07 2011 PST by vadim
# Generated Mon Jan 10 16:31:25 2011 PST by vadim
#
# files: * firewall17.fw
#
@ -471,7 +471,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:07 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:25 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall18.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:09 2011 PST by vadim
# Generated Mon Jan 10 16:31:28 2011 PST by vadim
#
# files: * firewall18.fw
#
@ -504,7 +504,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:09 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:28 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall19.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:11 2011 PST by vadim
# Generated Mon Jan 10 16:31:30 2011 PST by vadim
#
# files: * firewall19.fw
#
@ -509,7 +509,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:11 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:30 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall2-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:24 2011 PST by vadim
# Generated Mon Jan 10 16:31:43 2011 PST by vadim
#
# files: * firewall2-1.fw
#
@ -1420,7 +1420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:24 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:43 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:32 2011 PST by vadim
# Generated Mon Jan 10 16:31:50 2011 PST by vadim
#
# files: * firewall2-2.fw
#
@ -1249,7 +1249,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:32 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:50 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:37 2011 PST by vadim
# Generated Mon Jan 10 16:31:55 2011 PST by vadim
#
# files: * firewall2-3.fw
#
@ -1120,7 +1120,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:37 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:55 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:43 2011 PST by vadim
# Generated Mon Jan 10 16:32:02 2011 PST by vadim
#
# files: * firewall2-4.fw
#
@ -424,7 +424,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:43 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:02 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:48 2011 PST by vadim
# Generated Mon Jan 10 16:32:07 2011 PST by vadim
#
# files: * firewall2-5.fw
#
@ -453,7 +453,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:48 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:07 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:15 2011 PST by vadim
# Generated Mon Jan 10 16:31:33 2011 PST by vadim
#
# files: * firewall2.fw
#
@ -1470,7 +1470,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:15 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:33 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall20-ipv6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:19 2011 PST by vadim
# Generated Mon Jan 10 16:31:37 2011 PST by vadim
#
# files: * firewall20-ipv6.fw
#
@ -456,7 +456,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:19 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:37 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall20.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:17 2011 PST by vadim
# Generated Mon Jan 10 16:31:35 2011 PST by vadim
#
# files: * firewall20.fw
#
@ -674,7 +674,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:17 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:35 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall21-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:27 2011 PST by vadim
# Generated Mon Jan 10 16:31:45 2011 PST by vadim
#
# files: * firewall21-1.fw
#
@ -470,7 +470,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:27 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall21.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:21 2011 PST by vadim
# Generated Mon Jan 10 16:31:40 2011 PST by vadim
#
# files: * firewall21.fw
#
@ -469,7 +469,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:21 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:40 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall22.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:29 2011 PST by vadim
# Generated Mon Jan 10 16:31:47 2011 PST by vadim
#
# files: * firewall22.fw
#
@ -390,7 +390,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:29 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall23-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:39 2011 PST by vadim
# Generated Mon Jan 10 16:31:57 2011 PST by vadim
#
# files: * firewall23-1.fw
#
@ -564,7 +564,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:39 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall23.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:34 2011 PST by vadim
# Generated Mon Jan 10 16:31:52 2011 PST by vadim
#
# files: * firewall23.fw
#
@ -476,7 +476,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:34 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:52 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall24.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:41 2011 PST by vadim
# Generated Mon Jan 10 16:31:59 2011 PST by vadim
#
# files: * firewall24.fw
#
@ -493,7 +493,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:41 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:31:59 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall25.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:46 2011 PST by vadim
# Generated Mon Jan 10 16:32:05 2011 PST by vadim
#
# files: * firewall25.fw
#
@ -687,7 +687,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:46 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:05 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall26.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:51 2011 PST by vadim
# Generated Mon Jan 10 16:32:09 2011 PST by vadim
#
# files: * firewall26.fw
#
@ -562,7 +562,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:51 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:09 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall27.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:53 2011 PST by vadim
# Generated Mon Jan 10 16:32:11 2011 PST by vadim
#
# files: * firewall27.fw
#
@ -546,7 +546,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:53 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:11 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall28.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:55 2011 PST by vadim
# Generated Mon Jan 10 16:32:13 2011 PST by vadim
#
# files: * firewall28.fw
#
@ -407,7 +407,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:55 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:13 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall29.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:57 2011 PST by vadim
# Generated Mon Jan 10 16:32:15 2011 PST by vadim
#
# files: * firewall29.fw
#
@ -440,7 +440,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:57 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:15 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:20:59 2011 PST by vadim
# Generated Mon Jan 10 16:32:18 2011 PST by vadim
#
# files: * firewall3.fw
#
@ -578,7 +578,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:20:59 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:18 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall30.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:02 2011 PST by vadim
# Generated Mon Jan 10 16:32:20 2011 PST by vadim
#
# files: * firewall30.fw
#
@ -375,7 +375,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:02 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:20 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall31.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:04 2011 PST by vadim
# Generated Mon Jan 10 16:32:22 2011 PST by vadim
#
# files: * firewall31.fw
#
@ -445,7 +445,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:04 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall32.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:06 2011 PST by vadim
# Generated Mon Jan 10 16:32:24 2011 PST by vadim
#
# files: * firewall32.fw
#
@ -416,7 +416,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:06 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall33-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:14 2011 PST by vadim
# Generated Mon Jan 10 16:32:32 2011 PST by vadim
#
# files: * firewall33-1.fw
#
@ -522,7 +522,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:14 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:32 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall33.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:10 2011 PST by vadim
# Generated Mon Jan 10 16:32:28 2011 PST by vadim
#
# files: * firewall33.fw
#
@ -571,7 +571,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:10 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:28 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall34.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:16 2011 PST by vadim
# Generated Mon Jan 10 16:32:35 2011 PST by vadim
#
# files: * firewall34.fw
#
@ -636,7 +636,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:16 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:35 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall35.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:19 2011 PST by vadim
# Generated Mon Jan 10 16:32:38 2011 PST by vadim
#
# files: * firewall35.fw
#
@ -540,7 +540,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:19 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:38 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall36-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:23 2011 PST by vadim
# Generated Mon Jan 10 16:32:42 2011 PST by vadim
#
# files: * firewall36-1.fw
#
@ -433,7 +433,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:23 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:42 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall36-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:25 2011 PST by vadim
# Generated Mon Jan 10 16:32:44 2011 PST by vadim
#
# files: * firewall36-2.fw
#
@ -433,7 +433,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:25 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:44 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall36.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:21 2011 PST by vadim
# Generated Mon Jan 10 16:32:40 2011 PST by vadim
#
# files: * firewall36.fw
#
@ -535,7 +535,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:21 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:40 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall37-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:32 2011 PST by vadim
# Generated Mon Jan 10 16:32:51 2011 PST by vadim
#
# files: * firewall37-1.fw
#
@ -769,7 +769,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:32 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:51 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall37.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:30 2011 PST by vadim
# Generated Mon Jan 10 16:32:48 2011 PST by vadim
#
# files: * firewall37.fw
#
@ -1049,7 +1049,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:30 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall38.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:34 2011 PST by vadim
# Generated Mon Jan 10 16:32:53 2011 PST by vadim
#
# files: * firewall38.fw
#
@ -498,7 +498,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:34 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:32:53 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall39.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:41 2011 PST by vadim
# Generated Mon Jan 10 16:33:00 2011 PST by vadim
#
# files: * firewall39.fw
#
@ -876,7 +876,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:41 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:00 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:43 2011 PST by vadim
# Generated Mon Jan 10 16:33:02 2011 PST by vadim
#
# files: * firewall4.fw
#
@ -710,7 +710,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:43 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:02 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall40-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:48 2011 PST by vadim
# Generated Mon Jan 10 16:33:06 2011 PST by vadim
#
# files: * firewall40-1.fw
#
@ -450,7 +450,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:48 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:06 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall40-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:50 2011 PST by vadim
# Generated Mon Jan 10 16:33:09 2011 PST by vadim
#
# files: * firewall40-2.fw
#
@ -437,7 +437,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:50 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:09 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall40.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:46 2011 PST by vadim
# Generated Mon Jan 10 16:33:04 2011 PST by vadim
#
# files: * firewall40.fw
#
@ -439,7 +439,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:46 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:04 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall41-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:00 2011 PST by vadim
# Generated Mon Jan 10 16:33:18 2011 PST by vadim
#
# files: * firewall41-1.fw
#
@ -575,7 +575,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:00 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:18 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall41-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:02 2011 PST by vadim
# Generated Mon Jan 10 16:33:20 2011 PST by vadim
#
# files: * firewall41-2.fw
#
@ -483,7 +483,7 @@ status_action() {
}
start() {
log "Activating firewall script generated Fri Jan 7 13:22:02 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:20 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall41.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:21:58 2011 PST by vadim
# Generated Mon Jan 10 16:33:16 2011 PST by vadim
#
# files: * firewall41.fw
#
@ -456,7 +456,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:21:58 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:16 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall42.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:04 2011 PST by vadim
# Generated Mon Jan 10 16:33:22 2011 PST by vadim
#
# files: * firewall42.fw
#
@ -382,7 +382,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:04 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:06 2011 PST by vadim
# Generated Mon Jan 10 16:33:25 2011 PST by vadim
#
# files: * firewall5.fw
#
@ -622,7 +622,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:06 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:25 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall50.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:09 2011 PST by vadim
# Generated Mon Jan 10 16:33:27 2011 PST by vadim
#
# files: * firewall50.fw
#
@ -407,7 +407,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:09 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:27 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall51.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:13 2011 PST by vadim
# Generated Mon Jan 10 16:33:31 2011 PST by vadim
#
# files: * firewall51.fw
#
@ -491,7 +491,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:13 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:31 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:15 2011 PST by vadim
# Generated Mon Jan 10 16:33:33 2011 PST by vadim
#
# files: * firewall6.fw
#
@ -513,7 +513,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:15 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:33 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall60.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:17 2011 PST by vadim
# Generated Mon Jan 10 16:33:35 2011 PST by vadim
#
# files: * firewall60.fw
#
@ -419,7 +419,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:17 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:35 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.2.5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:20 2011 PST by vadim
# Generated Mon Jan 10 16:33:38 2011 PST by vadim
#
# files: * firewall61-1.2.5.fw
#
@ -499,7 +499,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:20 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:38 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.2.6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:22 2011 PST by vadim
# Generated Mon Jan 10 16:33:41 2011 PST by vadim
#
# files: * firewall61-1.2.6.fw
#
@ -505,7 +505,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:22 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.3.x.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:25 2011 PST by vadim
# Generated Mon Jan 10 16:33:43 2011 PST by vadim
#
# files: * firewall61-1.3.x.fw
#
@ -492,7 +492,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:25 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:43 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:28 2011 PST by vadim
# Generated Mon Jan 10 16:33:46 2011 PST by vadim
#
# files: * firewall61-1.4.fw
#
@ -493,7 +493,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:28 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:46 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall62.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:30 2011 PST by vadim
# Generated Mon Jan 10 16:33:48 2011 PST by vadim
#
# files: * firewall62.fw
#
@ -543,7 +543,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:30 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall63.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:32 2011 PST by vadim
# Generated Mon Jan 10 16:33:51 2011 PST by vadim
#
# files: * firewall63.fw
#
@ -389,7 +389,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:32 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:51 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:35 2011 PST by vadim
# Generated Mon Jan 10 16:33:53 2011 PST by vadim
#
# files: * firewall7.fw
#
@ -473,7 +473,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:35 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:53 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall70.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:37 2011 PST by vadim
# Generated Mon Jan 10 16:33:55 2011 PST by vadim
#
# files: * firewall70.fw iptables.sh
#
@ -412,7 +412,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:37 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:55 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall71.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:40 2011 PST by vadim
# Generated Mon Jan 10 16:33:58 2011 PST by vadim
#
# files: * firewall71.fw
#
@ -428,7 +428,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:40 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:33:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall72-1.3.x.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:42 2011 PST by vadim
# Generated Mon Jan 10 16:34:00 2011 PST by vadim
#
# files: * firewall72-1.3.x.fw
#
@ -555,7 +555,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:42 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:00 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall72-1.4.3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:44 2011 PST by vadim
# Generated Mon Jan 10 16:34:03 2011 PST by vadim
#
# files: * firewall72-1.4.3.fw
#
@ -555,7 +555,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:44 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:03 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall73.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:47 2011 PST by vadim
# Generated Mon Jan 10 16:34:05 2011 PST by vadim
#
# files: * firewall73.fw
#
@ -523,7 +523,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:47 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:05 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall74.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:49 2011 PST by vadim
# Generated Mon Jan 10 16:34:07 2011 PST by vadim
#
# files: * firewall74.fw
#
@ -375,7 +375,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:49 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:07 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:51 2011 PST by vadim
# Generated Mon Jan 10 16:34:09 2011 PST by vadim
#
# files: * firewall8.fw
#
@ -358,7 +358,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:51 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:09 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall80.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:53 2011 PST by vadim
# Generated Mon Jan 10 16:34:11 2011 PST by vadim
#
# files: * firewall80.fw
#
@ -399,7 +399,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:53 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:11 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall81.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:56 2011 PST by vadim
# Generated Mon Jan 10 16:34:14 2011 PST by vadim
#
# files: * firewall81.fw
#
@ -419,7 +419,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:56 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:14 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall82.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:22:59 2011 PST by vadim
# Generated Mon Jan 10 16:34:17 2011 PST by vadim
#
# files: * firewall82.fw
#
@ -414,7 +414,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:22:59 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:17 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall82_A.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:01 2011 PST by vadim
# Generated Mon Jan 10 16:34:19 2011 PST by vadim
#
# files: * firewall82_A.fw
#
@ -406,7 +406,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:01 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:19 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall82_B.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:03 2011 PST by vadim
# Generated Mon Jan 10 16:34:21 2011 PST by vadim
#
# files: * firewall82_B.fw
#
@ -363,7 +363,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:03 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:21 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall9.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:06 2011 PST by vadim
# Generated Mon Jan 10 16:34:24 2011 PST by vadim
#
# files: * firewall9.fw
#
@ -633,7 +633,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:06 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:24 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall90.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:08 2011 PST by vadim
# Generated Mon Jan 10 16:34:26 2011 PST by vadim
#
# files: * firewall90.fw
#
@ -383,7 +383,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:08 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:26 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall91.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:10 2011 PST by vadim
# Generated Mon Jan 10 16:34:28 2011 PST by vadim
#
# files: * firewall91.fw
#
@ -383,7 +383,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:10 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:28 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall92.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:12 2011 PST by vadim
# Generated Mon Jan 10 16:34:30 2011 PST by vadim
#
# files: * firewall92.fw
#
@ -419,7 +419,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:12 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:30 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall93.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:23:15 2011 PST by vadim
# Generated Mon Jan 10 16:34:33 2011 PST by vadim
#
# files: * firewall93.fw
#
@ -458,7 +458,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:23:15 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:34:33 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/fw-A.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:21 2011 PST by vadim
# Generated Mon Jan 10 16:35:38 2011 PST by vadim
#
# files: * fw-A.fw
#
@ -722,7 +722,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:21 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:38 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/fw1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:19 2011 PST by vadim
# Generated Mon Jan 10 16:35:36 2011 PST by vadim
#
# files: * fw1.fw
#
@ -519,7 +519,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:19 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:40 2011 PST by vadim
# Generated Mon Jan 10 16:35:57 2011 PST by vadim
#
# files: * heartbeat_cluster_1_d_linux-1-d.fw firewall.sh
#
@ -720,7 +720,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:40 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:40 2011 PST by vadim
# Generated Mon Jan 10 16:35:58 2011 PST by vadim
#
# files: * heartbeat_cluster_1_d_linux-2-d.fw firewall.sh
#
@ -723,7 +723,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:40 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:39 2011 PST by vadim
# Generated Mon Jan 10 16:35:57 2011 PST by vadim
#
# files: * heartbeat_cluster_1_linux-1.fw
#
@ -843,7 +843,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:39 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:39 2011 PST by vadim
# Generated Mon Jan 10 16:35:57 2011 PST by vadim
#
# files: * heartbeat_cluster_1_linux-2.fw
#
@ -741,7 +741,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:39 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_2_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:41 2011 PST by vadim
# Generated Mon Jan 10 16:35:58 2011 PST by vadim
#
# files: * heartbeat_cluster_2_linux-1.fw
#
@ -707,7 +707,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:41 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_2_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:41 2011 PST by vadim
# Generated Mon Jan 10 16:35:58 2011 PST by vadim
#
# files: * heartbeat_cluster_2_linux-2.fw
#
@ -620,7 +620,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:41 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/host.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:23 2011 PST by vadim
# Generated Mon Jan 10 16:35:41 2011 PST by vadim
#
# files: * host.fw
#
@ -422,7 +422,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:23 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/ipcop1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:25 2011 PST by vadim
# Generated Mon Jan 10 16:35:43 2011 PST by vadim
#
# files: * ipcop1.fw
#

6
test/ipt/openais_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:41 2011 PST by vadim
# Generated Mon Jan 10 16:35:59 2011 PST by vadim
#
# files: * openais_cluster_1_linux-1.fw
#
@ -707,7 +707,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:41 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:59 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/openais_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:42 2011 PST by vadim
# Generated Mon Jan 10 16:35:59 2011 PST by vadim
#
# files: * openais_cluster_1_linux-2.fw
#
@ -611,7 +611,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:42 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:59 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/rh90.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:27 2011 PST by vadim
# Generated Mon Jan 10 16:35:45 2011 PST by vadim
#
# files: * rh90.fw
#
@ -421,7 +421,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:27 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/secuwall_cluster_1_secuwall-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:42 2011 PST by vadim
# Generated Mon Jan 10 16:35:59 2011 PST by vadim
#
# files: * secuwall_cluster_1_secuwall-1.fw
#
@ -405,7 +405,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:42 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:59 2011 by vadim"
log "Database was cluster-tests.fwb"
check_tools
check_run_time_address_table_files

6
test/ipt/server-cluster-1_server-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:42 2011 PST by vadim
# Generated Mon Jan 10 16:36:00 2011 PST by vadim
#
# files: * server-cluster-1_server-1.fw
#
@ -398,7 +398,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:42 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:36:00 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/server-cluster-1_server-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:42 2011 PST by vadim
# Generated Mon Jan 10 16:36:00 2011 PST by vadim
#
# files: * server-cluster-1_server-2.fw
#
@ -397,7 +397,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:42 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:36:00 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:32 2011 PST by vadim
# Generated Mon Jan 10 16:35:50 2011 PST by vadim
#
# files: * test-shadowing-1.fw
#
@ -461,7 +461,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:32 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:50 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:35 2011 PST by vadim
# Generated Mon Jan 10 16:35:52 2011 PST by vadim
#
# files: * test-shadowing-2.fw
#
@ -423,7 +423,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:35 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:52 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:38 2011 PST by vadim
# Generated Mon Jan 10 16:35:56 2011 PST by vadim
#
# files: * test-shadowing-3.fw
#
@ -474,7 +474,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:38 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:56 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test_fw.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:30 2011 PST by vadim
# Generated Mon Jan 10 16:35:48 2011 PST by vadim
#
# files: * test_fw.fw
#
@ -570,7 +570,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:30 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:35:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:43 2011 PST by vadim
# Generated Mon Jan 10 16:36:00 2011 PST by vadim
#
# files: * vrrp_cluster_1_linux-1.fw
#
@ -710,7 +710,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:43 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:36:00 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:43 2011 PST by vadim
# Generated Mon Jan 10 16:36:01 2011 PST by vadim
#
# files: * vrrp_cluster_1_linux-2.fw
#
@ -615,7 +615,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:43 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:36:01 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_2_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:44 2011 PST by vadim
# Generated Mon Jan 10 16:36:01 2011 PST by vadim
#
# files: * vrrp_cluster_2_linux-1.fw
#
@ -642,7 +642,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:44 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:36:01 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_2_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:44 2011 PST by vadim
# Generated Mon Jan 10 16:36:01 2011 PST by vadim
#
# files: * vrrp_cluster_2_linux-2.fw
#
@ -547,7 +547,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:44 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:36:01 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_2_linux-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.0.3425
# Firewall Builder fwb_ipt v4.2.0.3426
#
# Generated Fri Jan 7 13:24:44 2011 PST by vadim
# Generated Mon Jan 10 16:36:01 2011 PST by vadim
#
# files: * vrrp_cluster_2_linux-3.fw
#
@ -523,7 +523,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Fri Jan 7 13:24:44 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:36:01 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/pf/firewall-base-rulesets.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3425
# Firewall Builder fwb_pf v4.2.0.3426
#
# Generated Fri Jan 7 13:19:20 2011 PST by vadim
# Generated Mon Jan 10 16:36:34 2011 PST by vadim
#
# files: * firewall-base-rulesets.fw
# files: firewall-base-rulesets.conf
@ -163,7 +163,7 @@ configure_interfaces() {
update_addresses_of_interface "en2 192.168.100.1/0xffffff00" ""
}
log "Activating firewall script generated Fri Jan 7 13:19:20 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:36:34 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall-ipv6-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3425
# Firewall Builder fwb_pf v4.2.0.3426
#
# Generated Fri Jan 7 13:19:21 2011 PST by vadim
# Generated Mon Jan 10 16:36:35 2011 PST by vadim
#
# files: * firewall-ipv6-1.fw pf-ipv6.fw
# files: firewall-ipv6-1-Policy_ipv4.conf /etc/fw/pf-ipv6-Policy_ipv4.conf
@ -175,7 +175,7 @@ configure_interfaces() {
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Jan 7 13:19:21 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:36:35 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall-ipv6-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3425
# Firewall Builder fwb_pf v4.2.0.3426
#
# Generated Fri Jan 7 13:19:22 2011 PST by vadim
# Generated Mon Jan 10 16:36:36 2011 PST by vadim
#
# files: * firewall-ipv6-2.fw pf.fw
# files: firewall-ipv6-2.conf pf.conf
@ -179,7 +179,7 @@ configure_interfaces() {
update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Jan 7 13:19:22 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:36:36 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3425
# Firewall Builder fwb_pf v4.2.0.3426
#
# Generated Fri Jan 7 13:18:49 2011 PST by vadim
# Generated Mon Jan 10 16:36:03 2011 PST by vadim
#
# files: * firewall.fw /etc/pf.fw
# files: firewall.conf /etc/pf.conf
@ -167,7 +167,7 @@ configure_interfaces() {
update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
}
log "Activating firewall script generated Fri Jan 7 13:18:49 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:36:03 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3425
# Firewall Builder fwb_pf v4.2.0.3426
#
# Generated Fri Jan 7 13:18:50 2011 PST by vadim
# Generated Mon Jan 10 16:36:04 2011 PST by vadim
#
# files: * firewall1.fw
# files: firewall1.conf
@ -76,7 +76,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Jan 7 13:18:50 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:36:04 2011 by vadim"
set_kernel_vars
configure_interfaces

6
test/pf/firewall10-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_pf v4.2.0.3425
# Firewall Builder fwb_pf v4.2.0.3426
#
# Generated Fri Jan 7 13:18:51 2011 PST by vadim
# Generated Mon Jan 10 16:36:05 2011 PST by vadim
#
# files: * firewall10-1.fw
# files: firewall10-1.conf
@ -74,7 +74,7 @@ configure_interfaces() {
}
log "Activating firewall script generated Fri Jan 7 13:18:51 2011 by vadim"
log "Activating firewall script generated Mon Jan 10 16:36:05 2011 by vadim"
set_kernel_vars
configure_interfaces

Some files were not shown because too many files have changed in this diff Show More