onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-22 11:17:31 +01:00
Code Issues Releases Wiki Activity

test files upgrade and some formatting for code style

Browse Source
This commit is contained in:
Vadim Kurland 2009-11-02 14:44:20 +00:00
parent aab1d76910
commit 255f420f6c
5 changed files with 668 additions and 561 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 1670
#define BUILD_NUM 1671

2
src/pflib/PolicyCompiler_pf.cpp
View File

@ -351,7 +351,7 @@ bool PolicyCompiler_pf::fillDirection::processNext()
* as long as it misses interface - we need to determine direction
* again anyway.
*/
if (rule->getDirection() == PolicyRule::Undefined) // || rule->getInterfaceId()==-1 )
if (rule->getDirection() == PolicyRule::Undefined)
rule->setDirection( PolicyRule::Both );
/*

53
src/pflib/PolicyCompiler_pf_writers.cpp
View File

@ -77,7 +77,8 @@ void PolicyCompiler_pf::PrintRule::_printAction(PolicyRule *rule)
FWOptions *ruleopt =rule->getOptionsObject();
Service *srv=compiler->getFirstSrv(rule); assert(srv);
switch (rule->getAction()) {
switch (rule->getAction())
{
case PolicyRule::Accept:
case PolicyRule::Tag:
case PolicyRule::Classify:
@ -92,18 +93,22 @@ void PolicyCompiler_pf::PrintRule::_printAction(PolicyRule *rule)
case PolicyRule::Reject:
if (TCPService::isA(srv)) compiler->output << "block return-rst ";
else {
else
{
string aor=ruleopt->getStr("action_on_reject");
string code;
if ( aor.find("ICMP")!=string::npos ) {
if ( aor.find("ICMP")!=string::npos )
{
code="return-icmp ";
if (aor.find("unreachable")!=string::npos ) {
if (aor.find("unreachable")!=string::npos )
{
if (aor.find("net")!=string::npos) code=code+"( 0 ) ";
if (aor.find("host")!=string::npos) code=code+"( 1 ) ";
if (aor.find("protocol")!=string::npos) code=code+"( 2 ) ";
if (aor.find("port")!=string::npos) code=code+"( 3 ) ";
}
if (aor.find("prohibited")!=string::npos ) {
if (aor.find("prohibited")!=string::npos )
{
if (aor.find("net")!=string::npos) code=code+"( 9 ) ";
if (aor.find("host")!=string::npos) code=code+"( 10 ) ";
}
@ -397,14 +402,17 @@ string PolicyCompiler_pf::PrintRule::_printLogPrefix(PolicyRule *rule,
* %C - chain name
*/
string::size_type n;
if (rule && (n=s.find("%N"))!=string::npos ) {
if (rule && (n=s.find("%N"))!=string::npos )
{
std::ostringstream s1;
s1 << rule->getPosition();
s.replace(n,2,s1.str());
}
if (rule && (n=s.find("%A"))!=string::npos ) {
if (rule && (n=s.find("%A"))!=string::npos )
{
std::ostringstream s1;
switch (rule->getAction()) {
switch (rule->getAction())
{
case PolicyRule::Accept: s1 << "ACCEPT"; break;
case PolicyRule::Deny: s1 << "DROP"; break;
case PolicyRule::Reject: s1 << "REJECT"; break;
@ -413,7 +421,8 @@ string PolicyCompiler_pf::PrintRule::_printLogPrefix(PolicyRule *rule,
}
s.replace(n,2,s1.str());
}
if (rule && (n=s.find("%I"))!=string::npos ) {
if (rule && (n=s.find("%I"))!=string::npos )
{
std::ostringstream s1;
string rule_iface = rule->getInterfaceStr();
if (rule_iface!="")
@ -423,17 +432,17 @@ string PolicyCompiler_pf::PrintRule::_printLogPrefix(PolicyRule *rule,
} else
s.replace(n,2,"global");
}
if (rule && (n=s.find("%C"))!=string::npos ) {
if (rule && (n=s.find("%C"))!=string::npos )
{
s.replace(n,2,""); // there is no chain in PF and friends
}
return "\"" + s + "\" ";
}
void PolicyCompiler_pf::PrintRule::_printInterface(PolicyRule *rule)
{
string iface_name = rule->getInterfaceStr();
string iface_name = rule->getInterfaceStr();
if (iface_name!="")
compiler->output << "on " << iface_name << " ";
}
@ -481,8 +490,8 @@ string PolicyCompiler_pf::PrintRule::_printPort(int rs,int re,bool neg)
if (rs<0) rs=0;
if (re<0) re=0;
if (!neg) {
if (!neg)
{
if (rs>0 || re>0)
{
if (rs>re && re==0) re=rs;
@ -492,7 +501,8 @@ string PolicyCompiler_pf::PrintRule::_printPort(int rs,int re,bool neg)
if (rs==0 && re!=0) str << "<= " << re;
else
if (rs!=0 && re==65535) str << ">= " << rs;
else {
else
{
/*
* port range. Operator '><' defines range in a such way that boundaries
* are not included. Since we assume it is inclusive, let's move boundaries
@ -502,15 +512,17 @@ string PolicyCompiler_pf::PrintRule::_printPort(int rs,int re,bool neg)
str << rs << " >< " << re;
}
}
} else {
if (rs>0 || re>0) {
} else
{
if (rs>0 || re>0)
{
if (rs==re) str << "!= " << rs;
else
if (rs==0 && re!=0) str << "> " << re;
else
if (rs!=0 && re==65535) str << "< " << rs;
else {
else
{
str << rs << " <> " << re;
}
}
@ -887,7 +899,8 @@ bool PolicyCompiler_pf::PrintRule::processNext()
string comm = rule->getComment();
string::size_type c1,c2;
c1=0;
while ( (c2=comm.find('\n',c1))!=string::npos ) {
while ( (c2=comm.find('\n',c1))!=string::npos )
{
compiler->output << "# " << comm.substr(c1,c2-c1) << endl;
c1=c2+1;
}

306
test/ipf/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="12" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="13" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<ICMP6Service id="idE0C27650" code="0" type="1" name="ipv6 dest unreachable" comment="No route to destination" ro="False"/>
</Library>
@ -116,6 +116,7 @@
<Host id="id3B64FFAC" name="broadcast" comment="broadcast on internal subnet" ro="False">
<Interface id="id3B64FFAC-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3B64FFAC-i-ipv4" name="address" comment="" ro="False" address="192.168.1.255" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
@ -124,6 +125,7 @@
<Host id="id3D265845" name="fw2-dmz-iface" comment="" ro="False">
<Interface id="id3D265845-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3D265845-i-1-addr" name="address" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.2.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -141,6 +143,7 @@
<Host id="id3AFC191C" name="fw2-int-iface" comment="the same address as internal iface of firewall1" ro="False">
<Interface id="id3AFC191C-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3AFC191C-i-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -157,6 +160,7 @@
<Host id="id3D265477" name="host-dmz1" comment="host on the DMZ net" ro="False">
<Interface id="id3D265477-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3D265477-i-1-addr" name="address" comment="" ro="False" address="192.168.2.10" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.2.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -174,6 +178,7 @@
<Host id="id3D26547B" name="host-dmz1-NAT" comment="" ro="False">
<Interface id="id3D26547B-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3D26547B-i-1-addr" name="address" comment="" ro="False" address="22.22.22.24" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="22.22.22.24">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -191,6 +196,7 @@
<Host id="id3DEA665F" name="host-ext1" comment="" ro="False">
<Interface id="id3DEA6663" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface1" comment="" ro="False">
<IPv4 id="id3DEA6664" name="host-ext1" comment="" ro="False" address="22.22.22.24" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -204,6 +210,7 @@
<Host id="id3AFC0F70" name="host-fw2" comment="this host has the same IP address as firewall1 and firewall2" ro="False">
<Interface id="id3AFC0F70-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3AFC0F70-i-ipv4" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
@ -213,6 +220,7 @@
<Interface id="id3BF1B3E2" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3BF1B3E2-ipv4" name="address" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.0"/>
<physAddress id="id3BF1B3E2-pa" address="00:10:4b:de:e9:6f" name="unknown-pa" comment="" ro="False"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -227,6 +235,7 @@
<Interface id="id3BF1B3E8" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3BF1B3E8-ipv4" name="address" comment="" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<physAddress id="id3BF1B3E8-pa" address="00:10:4b:de:e9:6f" name="unknown-pa" comment="" ro="False"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -243,6 +252,7 @@
<Host id="host-hostA" name="hostA" comment="" ro="False">
<Interface id="host-hostA-i" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="host-hostA-i-ipv4" name="hostA(ip)" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -256,6 +266,7 @@
<Host id="id3B3D5A3B" name="hostA" comment="" ro="False">
<Interface id="id3B3D5A3B-i" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3B3D5A3B-i-ipv4" name="hostA(ip)" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -269,6 +280,7 @@
<Host id="id3AFADBF9" name="hostA-NAT" comment="translated address for hostA" ro="False">
<Interface id="id3AFADBF9-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3AFADBF9-i-ipv4" name="address" comment="" ro="False" address="22.22.22.23" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
@ -277,6 +289,7 @@
<Host id="host-hostB" name="hostB" comment="" ro="False">
<Interface id="host-hostB-i" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="host-hostB-i-ipv4" name="hostB(ip)" comment="" ro="False" address="192.168.1.20" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.20">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -290,6 +303,7 @@
<Host id="id3BD6736B" name="hostB-NAT" comment="" ro="False">
<Interface id="id3BD6736B-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3BD6736B-i-ipv4" name="address" comment="" ro="False" address="22.22.23.24" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
@ -298,6 +312,7 @@
<Host id="id3D58227A" name="hostC" comment="" ro="False">
<Interface id="id3D58227A-i" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3D58227A-i-1-addr" name="hostC(ip)" comment="" ro="False" address="192.168.1.100" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -315,6 +330,7 @@
<Host id="id3D58227E" name="hostC-1" comment="" ro="False">
<Interface id="id3D582282" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3D582283" name="hostC-1:eth0" comment="" ro="False" address="192.168.1.100" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -332,6 +348,7 @@
<Host id="id3CD87A53" name="n192.168.1.11" comment="" ro="False">
<Interface id="id3CD87A53-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A53-i-1-addr" name="address" comment="" ro="False" address="192.168.1.11" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.11">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -349,6 +366,7 @@
<Host id="id3CD87A5E" name="n192.168.1.12" comment="" ro="False">
<Interface id="id3CD87A5E-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A5E-i-1-addr" name="address" comment="" ro="False" address="192.168.1.12" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.12">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -366,6 +384,7 @@
<Host id="id3CD87A6D" name="n192.168.1.13" comment="" ro="False">
<Interface id="id3CD87A6D-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A6D-i-1-addr" name="address" comment="" ro="False" address="192.168.1.13" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.13">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -383,6 +402,7 @@
<Host id="id3CD87A7C" name="n192.168.1.14" comment="" ro="False">
<Interface id="id3CD87A7C-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A7C-i-1-addr" name="address" comment="" ro="False" address="192.168.1.14" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.14">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -400,6 +420,7 @@
<Host id="id3CD87A8B" name="n192.168.1.15" comment="" ro="False">
<Interface id="id3CD87A8B-i" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface-1" comment="" ro="False">
<IPv4 id="id3CD87A8B-i-1-addr" name="address" comment="" ro="False" address="192.168.1.15" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.15">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -417,6 +438,7 @@
<Host id="id3B19C5EB" name="outside-host" comment="some host outside our network" ro="False">
<Interface id="id3B19C5EB-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3B19C5EB-i-ipv4" name="address" comment="" ro="False" address="200.200.200.200" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
@ -425,6 +447,7 @@
<Host id="host-secondary1-com" name="secondary1.com" comment="" ro="False">
<Interface id="host-secondary1-com-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="host-secondary1-com-i-ipv4" name="address" comment="" ro="False" address="211.11.11.11" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="211.11.11.11">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -438,6 +461,7 @@
<Host id="host-secondary2-com" name="secondary2.com" comment="" ro="False">
<Interface id="host-secondary2-com-i" dyn="False" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="host-secondary2-com-i-ipv4" name="address" comment="" ro="False" address="211.22.22.22" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="211.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -452,6 +476,7 @@
<Interface id="id3BF23931" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="unknown" comment="" ro="False">
<IPv4 id="id3BF23931-ipv4" name="address" comment="" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<physAddress id="id3BF23931-pa" address="00:a0:24:53:06:8c" name="unknown-pa" comment="" ro="False"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -468,6 +493,7 @@
<Host id="id3D850651" name="zero address" comment="" ro="False">
<Interface id="id3D850655" dyn="False" security_level="0" unnum="False" unprotected="False" name="interface1" comment="" ro="False">
<IPv4 id="id3D850656" name="zero address" comment="" ro="False" address="0.0.0.0" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -481,6 +507,7 @@
<Host id="id3FCA558D" name="dmz host 1" comment="" ro="False">
<Interface id="id3FCA558F" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3FCA5590" name="dmz host 1:(ip)" comment="" ro="False" address="192.168.2.10" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -494,6 +521,7 @@
<Host id="id3FCA5593" name="dmz host 2" comment="" ro="False">
<Interface id="id3FCA5595" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3FCA5596" name="dmz host 2:(ip)" comment="" ro="False" address="192.168.2.20" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -507,6 +535,7 @@
<Host id="id3FCA52D5" name="hostD" comment="" ro="False">
<Interface id="id3FCA52D7" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3FCA52D8" name="hostD(ip)" comment="" ro="False" address="192.168.1.110" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -520,6 +549,7 @@
<Host id="id3FCA52DB" name="hostE" comment="" ro="False">
<Interface id="id3FCA52DD" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3FCA52DE" name="hostE(ip)" comment="" ro="False" address="192.168.1.120" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -533,6 +563,7 @@
<Host id="id3FCA534B" name="dmz host 3" comment="" ro="False">
<Interface id="id3FCA534D" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3FCA534E" name="dmz host 3(ip)" comment="" ro="False" address="192.168.2.30" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -546,6 +577,7 @@
<Host id="id3FCA5351" name="dmz host 4" comment="" ro="False">
<Interface id="id3FCA5353" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="int1" comment="" ro="False">
<IPv4 id="id3FCA5354" name="dmz host 4(ip)" comment="" ro="False" address="192.168.2.40" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -559,6 +591,7 @@
<Host id="id43913DCB25682" name="hostAt" comment="" ro="False">
<Interface id="id43913DCD25682" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="hostA_eth0" comment="" ro="False">
<IPv4 id="id43913DCE25682" name="hostAt:hostA_eth0:ip" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.255"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -679,7 +712,7 @@
<ObjectGroup id="stdid12_1" name="Firewalls" comment="" ro="False">
<Firewall id="fw-firewall2" host_OS="freebsd" inactive="False" lastCompiled="1249841462" lastInstalled="0" lastModified="1249841456" platform="ipf" version="" name="firewall" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" ro="False">
<NAT id="nat-firewall2" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="nat-firewall2-0" disabled="False" position="0" comment="">
<NATRule id="nat-firewall2-0" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -700,7 +733,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="nat-firewall2-1" disabled="False" position="1" comment="">
<NATRule id="nat-firewall2-1" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -721,7 +754,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3CDB43B8" disabled="False" position="2" comment="">
<NATRule id="id3CDB43B8" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -742,7 +775,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D7581A7" disabled="False" position="3" comment="">
<NATRule id="id3D7581A7" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -764,7 +797,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D75843D" disabled="False" position="4" comment="">
<NATRule id="id3D75843D" disabled="False" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1275,12 +1308,15 @@
<Routing id="fw-firewall2-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="if-FW-firewall2-eth1" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="if-FW-firewall2-eth1-ipv4" name="address" comment="" ro="False" address="222.222.222.222" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="if-FW-firewall2-eth0" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="if-FW-firewall2-eth0-ipv4" name="firewall" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3E5F1D8E" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3E5F1DDA" name="firewall:lo(ip)" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -1373,7 +1409,7 @@
</Firewall>
<Firewall id="id3AF5AA0A" host_OS="freebsd" inactive="False" lastCompiled="1249841494" lastInstalled="0" lastModified="1249841490" platform="ipf" version="" name="firewall1" comment="this object is used to test all kinds of negation in policy rules&#10;&#10;Currently negation in NAT is not supported for ipf, therefore all rules in NAT with&#10;negation are disabled&#10;" ro="False">
<NAT id="id3AF5AA0D" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3C98491C" disabled="True" position="0" comment="">
<NATRule id="id3C98491C" disabled="True" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1394,7 +1430,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AFADC09" disabled="False" position="1" comment="">
<NATRule id="id3AFADC09" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -1415,7 +1451,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3CD23959" disabled="True" position="2" comment="">
<NATRule id="id3CD23959" disabled="True" position="2" action="Translate" comment="">
<OSrc neg="True">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1436,7 +1472,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B1328FB" disabled="False" position="3" comment="">
<NATRule id="id3B1328FB" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1457,7 +1493,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3E7ABF0A" disabled="False" position="4" comment="">
<NATRule id="id3E7ABF0A" disabled="False" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1479,7 +1515,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AF5AAD3" disabled="True" position="5" comment="">
<NATRule id="id3AF5AAD3" disabled="True" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1500,7 +1536,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3CCA1B57" disabled="True" position="6" comment="">
<NATRule id="id3CCA1B57" disabled="True" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1521,7 +1557,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B50F7CB" disabled="True" position="7" comment="">
<NATRule id="id3B50F7CB" disabled="True" position="7" action="Translate" comment="">
<OSrc neg="True">
<ObjectRef ref="id3B022266"/>
</OSrc>
@ -1542,7 +1578,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BD8D94B" disabled="True" position="8" comment="">
<NATRule id="id3BD8D94B" disabled="True" position="8" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1563,7 +1599,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BD8D9DD" disabled="True" position="9" comment="">
<NATRule id="id3BD8D9DD" disabled="True" position="9" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1584,7 +1620,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BBC0EA4" disabled="True" position="10" comment="">
<NATRule id="id3BBC0EA4" disabled="True" position="10" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B4572AF"/>
</OSrc>
@ -1605,7 +1641,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BBC0F93" disabled="True" position="11" comment="">
<NATRule id="id3BBC0F93" disabled="True" position="11" action="Translate" comment="">
<OSrc neg="True">
<ObjectRef ref="id3B4572AF"/>
</OSrc>
@ -1626,7 +1662,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BC6BCE5" disabled="True" position="12" comment="">
<NATRule id="id3BC6BCE5" disabled="True" position="12" action="Translate" comment="">
<OSrc neg="True">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -2010,18 +2046,23 @@
<Routing id="id3AF5AA0A-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3AF5AA96" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3AF5AA96-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3AF5AA99" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3AF5AA99-ipv4" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3B0B4BC8" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3B0B4BC8-ipv4" name="address" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3B0B4D35" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3B0B4D35-ipv4" name="address" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3B11F434" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
<IPv4 id="id3B11F434-ipv4" name="address" comment="" ro="False" address="22.22.23.23" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="22.22.23.23">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -2112,7 +2153,7 @@
</Firewall>
<Firewall id="id3AFB66C6" host_OS="freebsd" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1188008480" platform="ipf" version="" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False">
<NAT id="id3AFB66C7" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3AFB66C8" disabled="False" position="0" comment="">
<NATRule id="id3AFB66C8" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2135,7 +2176,7 @@
<Option name="id"></Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id3AFB66D6" disabled="False" position="1" comment="">
<NATRule id="id3AFB66D6" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="id3B4572AF"/>
@ -2159,7 +2200,7 @@
<Option name="id"></Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id3DE9CA86" disabled="False" position="2" comment="">
<NATRule id="id3DE9CA86" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2181,7 +2222,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DE9CD88" disabled="False" position="3" comment="">
<NATRule id="id3DE9CD88" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2202,7 +2243,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DEA6375" disabled="False" position="4" comment="">
<NATRule id="id3DEA6375" disabled="False" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2223,7 +2264,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3CABE6DF" disabled="False" position="5" comment="">
<NATRule id="id3CABE6DF" disabled="False" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2245,7 +2286,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3E894DE7" disabled="True" position="6" comment="">
<NATRule id="id3E894DE7" disabled="True" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2266,7 +2307,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AFB69BD" disabled="False" position="7" comment="">
<NATRule id="id3AFB69BD" disabled="False" position="7" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2288,7 +2329,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DEA6769" disabled="False" position="8" comment="load balancing rule">
<NATRule id="id3DEA6769" disabled="False" position="8" action="Translate" comment="load balancing rule">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2311,7 +2352,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DEA8105" disabled="False" position="9" comment="load balancing rule">
<NATRule id="id3DEA8105" disabled="False" position="9" action="Translate" comment="load balancing rule">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2332,7 +2373,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D265545" disabled="False" position="10" comment="">
<NATRule id="id3D265545" disabled="False" position="10" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2353,7 +2394,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D265556" disabled="False" position="11" comment="">
<NATRule id="id3D265556" disabled="False" position="11" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2374,7 +2415,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BEEF6D2" disabled="False" position="12" comment="">
<NATRule id="id3BEEF6D2" disabled="False" position="12" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2395,7 +2436,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BD67563" disabled="False" position="13" comment="">
<NATRule id="id3BD67563" disabled="False" position="13" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostB"/>
</OSrc>
@ -2418,7 +2459,7 @@
<Option name="id"></Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id3BD6757E" disabled="True" position="14" comment="">
<NATRule id="id3BD6757E" disabled="True" position="14" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2439,7 +2480,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B66568B" disabled="False" position="15" comment="NETMAP ">
<NATRule id="id3B66568B" disabled="False" position="15" action="Translate" comment="NETMAP ">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2460,7 +2501,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B6656EF" disabled="True" position="16" comment="NETMAP">
<NATRule id="id3B6656EF" disabled="True" position="16" action="Translate" comment="NETMAP">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2481,7 +2522,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AFB69F7" disabled="False" position="17" comment="">
<NATRule id="id3AFB69F7" disabled="False" position="17" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2502,7 +2543,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B7313C4" disabled="False" position="18" comment="">
<NATRule id="id3B7313C4" disabled="False" position="18" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2523,7 +2564,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF6D103" disabled="False" position="19" comment="">
<NATRule id="id3DF6D103" disabled="False" position="19" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2544,7 +2585,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF6D242" disabled="False" position="20" comment="">
<NATRule id="id3DF6D242" disabled="False" position="20" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2566,7 +2607,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3F2E9A08" disabled="False" position="21" comment="">
<NATRule id="id3F2E9A08" disabled="False" position="21" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2587,7 +2628,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3F2E9B78" disabled="False" position="22" comment="">
<NATRule id="id3F2E9B78" disabled="False" position="22" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2608,7 +2649,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3F2E9CF2" disabled="False" position="23" comment="">
<NATRule id="id3F2E9CF2" disabled="False" position="23" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2867,18 +2908,23 @@
<Routing id="id3AFB66C6-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3AFB6703" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3AFB6703-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3AFB6706" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3AFB6706-ipv4" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3AFB68D2" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
<IPv4 id="id3AFB68D2-ipv4" name="address" comment="" ro="False" address="22.22.23.23" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3B0221F1" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3B0221F1-ipv4" name="address" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3CD2449F" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3CD2449F-ipv4" name="address" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -2956,7 +3002,7 @@
</Firewall>
<Firewall id="id3B0C6380" host_OS="freebsd" inactive="False" lastCompiled="1157929207" lastInstalled="0" lastModified="1188008818" platform="ipf" version="" name="firewall4" comment="this object is used to test a configuration where firewall has dynamic address " ro="False">
<NAT id="id3B0C6381" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3B0C6382" disabled="False" position="0" comment="">
<NATRule id="id3B0C6382" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -2979,7 +3025,7 @@
<Option name="id"></Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D758531" disabled="False" position="1" comment="">
<NATRule id="id3D758531" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -3002,7 +3048,7 @@
<Option name="id"></Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D75869D" disabled="False" position="2" comment="">
<NATRule id="id3D75869D" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -3025,7 +3071,7 @@
<Option name="id"></Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D7586D1" disabled="False" position="3" comment="">
<NATRule id="id3D7586D1" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -3048,7 +3094,7 @@
<Option name="id"></Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id3B0C6390" disabled="True" position="4" comment="negation in NAT is not supported&#10;in ipf yet">
<NATRule id="id3B0C6390" disabled="True" position="4" action="Translate" comment="negation in NAT is not supported&#10;in ipf yet">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -3071,7 +3117,7 @@
<Option name="id"></Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id3B202AFF" disabled="False" position="5" comment="">
<NATRule id="id3B202AFF" disabled="False" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -3092,7 +3138,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D757CC5" disabled="False" position="6" comment="">
<NATRule id="id3D757CC5" disabled="False" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -3114,7 +3160,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D757E01" disabled="False" position="7" comment="">
<NATRule id="id3D757E01" disabled="False" position="7" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -3136,7 +3182,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D757F29" disabled="False" position="8" comment="">
<NATRule id="id3D757F29" disabled="False" position="8" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -3158,7 +3204,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3E798041" disabled="True" position="9" comment="">
<NATRule id="id3E798041" disabled="True" position="9" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -3179,7 +3225,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id46CFC34328618" disabled="False" position="10" comment="">
<NATRule id="id46CFC34328618" disabled="False" position="10" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -3423,18 +3469,23 @@
<Routing id="id3B0C6380-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3B0C63DF" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3B0C63DF-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3B0C63E1" dyn="True" label="" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3B0C63E1-ipv4" name="firewall4:eth1" comment="" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3B0C63F3" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3B0C63F3-ipv4" name="firewall4:eth2" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3B0C63F5" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3B0C63F5-ipv4" name="address" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3CD88A77" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
<IPv4 id="id3CD88A77-ipv4" name="firewall4:eth3" comment="" ro="False" address="222.222.222.222" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="222.222.222.222">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -3581,18 +3632,23 @@
<Routing id="id3C69BD4F-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3C69BD5C" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3C69BD5C-ipv4" name="address" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3C69BD5E" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3C69BD5E-ipv4" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3C69BD68" dyn="False" security_level="100" unnum="False" unprotected="False" name="eth2" comment="" ro="False">
<IPv4 id="id3C69BD68-ipv4" name="address" comment="" ro="False" address="192.168.2.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3C69BD6A" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3C69BD6A-ipv4" name="address" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3C69BD6C" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth3" comment="" ro="False">
<IPv4 id="id3C69BD6C-ipv4" name="address" comment="" ro="False" address="22.22.23.23" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="22.22.23.23">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -3805,9 +3861,11 @@
<Routing id="id3AF5A2BA-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3AF5A2CB" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3AF5A2CB-ipv4" name="address" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3AFB7090" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3AFB7090-ipv4" name="address" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -3872,7 +3930,7 @@
</Firewall>
<Firewall id="id3D582236" host_OS="freebsd" lastCompiled="1157929212" lastInstalled="0" lastModified="0" platform="ipf" name="firewall8" comment="" ro="False">
<NAT id="id3D58223A" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3D58237B" disabled="False" position="0" comment="">
<NATRule id="id3D58237B" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -3893,7 +3951,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D5823A5" disabled="False" position="1" comment="">
<NATRule id="id3D5823A5" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -3914,7 +3972,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D5823B9" disabled="False" position="2" comment="">
<NATRule id="id3D5823B9" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -3935,7 +3993,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D58245E" disabled="False" position="3" comment="">
<NATRule id="id3D58245E" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -3956,7 +4014,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D58236D" disabled="False" position="4" comment="">
<NATRule id="id3D58236D" disabled="False" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -3977,7 +4035,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D58235F" disabled="False" position="5" comment="">
<NATRule id="id3D58235F" disabled="False" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -3998,7 +4056,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D582472" disabled="False" position="6" comment="">
<NATRule id="id3D582472" disabled="False" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4019,7 +4077,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D58249D" disabled="False" position="7" comment="">
<NATRule id="id3D58249D" disabled="False" position="7" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4040,7 +4098,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D5825CC" disabled="False" position="8" comment="">
<NATRule id="id3D5825CC" disabled="False" position="8" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4159,15 +4217,20 @@
<Routing id="id3D582236-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3D58223F" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id3D582241" name="firewall8:eth0" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3D582242" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id3D582244" name="firewall8:eth1:0" comment="" ro="False" address="33.33.33.33" netmask="255.255.255.0"/>
<IPv4 id="id3D582245" name="firewall8:eth1:1" comment="" ro="False" address="33.33.33.34" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3E5F1E5D" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id3E5F1E5F" name="firewall8:lo(ip)" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3EE260BD" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="ppp0" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id3EE260BD" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="ppp0" comment="" ro="False"/>
<Management address="33.33.33.33">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
@ -4204,7 +4267,7 @@
</Firewall>
<Firewall id="id3DF3D0AD" host_OS="freebsd" lastCompiled="1157929213" lastInstalled="0" lastModified="0" platform="ipf" name="firewall9" comment="" ro="False">
<NAT id="id3DF3D0AE" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3DF3D0AF" disabled="False" position="0" comment="">
<NATRule id="id3DF3D0AF" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -4225,7 +4288,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0BD" disabled="False" position="1" comment="">
<NATRule id="id3DF3D0BD" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -4246,7 +4309,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0CB" disabled="False" position="2" comment="">
<NATRule id="id3DF3D0CB" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -4267,7 +4330,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0D9" disabled="False" position="3" comment="">
<NATRule id="id3DF3D0D9" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4288,7 +4351,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0E7" disabled="False" position="4" comment="">
<NATRule id="id3DF3D0E7" disabled="False" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4309,7 +4372,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0F5" disabled="False" position="5" comment="">
<NATRule id="id3DF3D0F5" disabled="False" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4330,7 +4393,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D103" disabled="False" position="6" comment="">
<NATRule id="id3DF3D103" disabled="False" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4351,7 +4414,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D111" disabled="False" position="7" comment="">
<NATRule id="id3DF3D111" disabled="False" position="7" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4372,7 +4435,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3E65B753" disabled="False" position="8" comment="">
<NATRule id="id3E65B753" disabled="False" position="8" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4393,7 +4456,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D11F" disabled="False" position="9" comment="">
<NATRule id="id3DF3D11F" disabled="False" position="9" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4574,12 +4637,15 @@
<Routing id="id3DF3D0AD-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3DF3D160" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="le0" comment="" ro="False">
<IPv4 id="id3DF3D161" name="firewall9:le0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3DF3D163" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="le1" comment="" ro="False">
<IPv4 id="id3DF3D164" name="firewall9:le1:ip" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3E5F2278" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo0" comment="" ro="False">
<IPv4 id="id3E5F227A" name="firewall9:lo(ip)" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="22.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -4821,15 +4887,19 @@
<Routing id="id3FCA516A-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3FCA522B" dyn="False" label="fw10:fxp0" mgmt="False" security_level="100" unnum="False" unprotected="False" name="fxp0" comment="" ro="False">
<IPv4 id="id3FCA522C" name="firewall9:eth0" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3FCA522E" dyn="False" label="fw10:fxp1" mgmt="False" security_level="0" unnum="False" unprotected="False" name="fxp1" comment="" ro="False">
<IPv4 id="id3FCA522F" name="firewall9:eth1:0" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3FCA5251" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="lo0" comment="" ro="False">
<IPv4 id="id3FCA5252" name="firewall9:lo(ip)" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3FCA5535" dyn="False" label="fw10:fxp2" mgmt="False" security_level="0" unnum="False" unprotected="False" name="fxp2" comment="" ro="False">
<IPv4 id="id3FCA5537" name="firewall10:fw10:fxp2(ip)" comment="" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.2.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -4872,7 +4942,7 @@
</Firewall>
<Firewall id="id3FF5DC0E" host_OS="freebsd" lastCompiled="1172425374" lastInstalled="0" lastModified="0" platform="ipf" name="firewall11" comment="" ro="False">
<NAT id="id3FF5DC12" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3FF5DC26" disabled="False" position="0" comment="">
<NATRule id="id3FF5DC26" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4951,14 +5021,22 @@
</PolicyRule>
</Policy>
<Routing id="id3FF5DC0E-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id3FF5DC15" dyn="False" label="" mgmt="False" network_zone="sysid0" security_level="100" unnum="True" unprotected="False" name="fxp1" comment="" ro="False"/>
<Interface id="id3FF5DC17" dyn="True" label="" mgmt="False" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="ng1" comment="" ro="False"/>
<Interface id="id3FF5DC19" dyn="True" label="" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="ng0" comment="" ro="False"/>
<Interface id="id3FF5DC15" dyn="False" label="" mgmt="False" network_zone="sysid0" security_level="100" unnum="True" unprotected="False" name="fxp1" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id3FF5DC17" dyn="True" label="" mgmt="False" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="ng1" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id3FF5DC19" dyn="True" label="" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="ng0" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id3FF5DC1B" dyn="False" label="" mgmt="False" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="fxp0" comment="" ro="False">
<IPv4 id="id3FF5DC1D" name="firewall11:fxp0(ip)" comment="" ro="False" address="10.0.0.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id3FF5DC1E" dyn="False" label="" network_zone="sysid0" security_level="100" unnum="False" unprotected="False" name="lo0" comment="" ro="False">
<IPv4 id="id3FF5DC20" name="firewall11:lo0(ip)" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -5003,7 +5081,7 @@
</Firewall>
<Firewall id="id424A636E" host_OS="freebsd" lastCompiled="1157929209" lastInstalled="0" lastModified="0" platform="ipf" version="" name="firewall5" comment="Dynamic interface ppp0" ro="False">
<NAT id="id424A63A6" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id424A63A7" disabled="False" position="0" comment="">
<NATRule id="id424A63A7" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -5024,7 +5102,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A63B5" disabled="False" position="1" comment="">
<NATRule id="id424A63B5" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -5045,7 +5123,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A63C3" disabled="False" position="2" comment="">
<NATRule id="id424A63C3" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -5066,7 +5144,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A63D1" disabled="False" position="3" comment="">
<NATRule id="id424A63D1" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5087,7 +5165,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A63DF" disabled="False" position="4" comment="">
<NATRule id="id424A63DF" disabled="False" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5108,7 +5186,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A63ED" disabled="False" position="5" comment="">
<NATRule id="id424A63ED" disabled="False" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5129,7 +5207,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A63FB" disabled="False" position="6" comment="">
<NATRule id="id424A63FB" disabled="False" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5150,7 +5228,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A6409" disabled="False" position="7" comment="">
<NATRule id="id424A6409" disabled="False" position="7" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5171,7 +5249,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id424A6417" disabled="False" position="8" comment="">
<NATRule id="id424A6417" disabled="False" position="8" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5308,15 +5386,20 @@
<Routing id="id424A636E-routing" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id424A6425" dyn="False" label="" security_level="100" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id424A6429" name="firewall5:eth0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id424A642A" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id424A642F" name="firewall5:eth1:ip1" comment="" ro="False" address="33.33.33.33" netmask="255.255.255.0"/>
<IPv4 id="id424A6430" name="firewall5:eth1:ip2" comment="" ro="False" address="33.33.33.34" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id424A6431" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id424A6435" name="firewall5:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id424A6436" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="ppp0" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id424A6436" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="ppp0" comment="" ro="False"/>
<Management address="33.33.33.33">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="True" identity="" port="9999"/>
@ -5367,7 +5450,7 @@
</Firewall>
<Firewall id="id43867C1018346" host_OS="freebsd" lastCompiled="1157929202" lastInstalled="0" lastModified="0" platform="ipf" version="" name="firewall33" comment="testing DNSName object" ro="False">
<NAT id="id43867C4818346" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id43876E2618346" disabled="False" position="0" comment="">
<NATRule id="id43876E2618346" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5388,7 +5471,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43876E5218346" disabled="False" position="1" comment="">
<NATRule id="id43876E5218346" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5409,7 +5492,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43876E6918346" disabled="False" position="2" comment="">
<NATRule id="id43876E6918346" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5431,7 +5514,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43876E7B18346" disabled="True" position="3" comment="">
<NATRule id="id43876E7B18346" disabled="True" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5682,12 +5765,16 @@
</PolicyRule>
</Policy>
<Routing id="id43867C5718346" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id43867C5818346" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0.100" comment="VLAN interface" ro="False"/>
<Interface id="id43867C5818346" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0.100" comment="VLAN interface" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id43867C5918346" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id43867C5B18346" name="firewall33:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id43867C5C18346" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id43867C5E18346" name="firewall33:eth1:ip" comment="" ro="False" address="192.168.1.100" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -5781,7 +5868,7 @@
</Firewall>
<Firewall id="id4389EDAE18346" host_OS="freebsd" lastCompiled="1157929203" lastInstalled="0" lastModified="0" platform="ipf" version="" name="firewall34" comment="testing AddressTable object" ro="False">
<NAT id="id4389EE4818346" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id4389EEB018346" disabled="True" position="0" comment="">
<NATRule id="id4389EEB018346" disabled="True" position="0" action="Translate" comment="">
<OSrc neg="True">
<ObjectRef ref="id4389EE9118346"/>
</OSrc>
@ -5802,7 +5889,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43891B6E674" disabled="True" position="1" comment="">
<NATRule id="id43891B6E674" disabled="True" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="id43913DEA25682"/>
</OSrc>
@ -6022,12 +6109,16 @@
</PolicyRule>
</Policy>
<Routing id="id4389EE8318346" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id4389EE8418346" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0.100" comment="VLAN interface" ro="False"/>
<Interface id="id4389EE8418346" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0.100" comment="VLAN interface" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id4389EE8518346" dyn="False" security_level="100" unnum="False" unprotected="False" name="lo" comment="" ro="False">
<IPv4 id="id4389EE8718346" name="firewall34:lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id4389EE8818346" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False" name="eth1" comment="" ro="False">
<IPv4 id="id4389EE8A18346" name="firewall34:eth1:ip" comment="" ro="False" address="192.168.1.100" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -6121,7 +6212,7 @@
</Firewall>
<Firewall id="id43F7C93131168" host_OS="freebsd" lastCompiled="1157929205" lastInstalled="0" lastModified="0" platform="ipf" version="" name="firewall35" comment="Testing action Custom" ro="False">
<NAT id="id43F7C99A31168" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id43F7C99B31168" disabled="False" position="0" comment="">
<NATRule id="id43F7C99B31168" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -6142,7 +6233,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7C9A931168" disabled="False" position="1" comment="">
<NATRule id="id43F7C9A931168" disabled="False" position="1" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -6163,7 +6254,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7C9B731168" disabled="False" position="2" comment="">
<NATRule id="id43F7C9B731168" disabled="False" position="2" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -6184,7 +6275,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7C9C531168" disabled="False" position="3" comment="">
<NATRule id="id43F7C9C531168" disabled="False" position="3" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -6205,7 +6296,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7C9D331168" disabled="False" position="4" comment="">
<NATRule id="id43F7C9D331168" disabled="False" position="4" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -6226,7 +6317,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7C9E131168" disabled="False" position="5" comment="">
<NATRule id="id43F7C9E131168" disabled="False" position="5" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -6247,7 +6338,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7C9EF31168" disabled="False" position="6" comment="">
<NATRule id="id43F7C9EF31168" disabled="False" position="6" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -6268,7 +6359,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7C9FD31168" disabled="False" position="7" comment="">
<NATRule id="id43F7C9FD31168" disabled="False" position="7" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -6289,7 +6380,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7CA0B31168" disabled="False" position="8" comment="">
<NATRule id="id43F7CA0B31168" disabled="False" position="8" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -6310,7 +6401,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7CA1931168" disabled="False" position="9" comment="">
<NATRule id="id43F7CA1931168" disabled="False" position="9" action="Translate" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -6431,12 +6522,15 @@
<Routing id="id43F7CA2731168" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
<Interface id="id43F7CA2831168" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="le0" comment="" ro="False">
<IPv4 id="id43F7CA2A31168" name="firewall35:le0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id43F7CA2B31168" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="le1" comment="" ro="False">
<IPv4 id="id43F7CA2D31168" name="firewall35:le1:ip" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
<InterfaceOptions/>
</Interface>
<Interface id="id43F7CA2E31168" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="lo0" comment="" ro="False">
<IPv4 id="id43F7CA3031168" name="firewall35:lo0:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
<InterfaceOptions/>
</Interface>
<Management address="22.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>

866
test/ipfw/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="12" lastModified="1252376534" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="13" lastModified="1252376534" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<ICMP6Service id="idE0C27650" code="0" type="1" name="ipv6 dest unreachable" comment="No route to destination" ro="False"/>
<Library id="id40E233F3" color="#FFFFFF" name="West Coast" comment="" ro="False">
@ -138,9 +138,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -156,9 +156,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
@ -173,9 +173,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -191,9 +191,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -248,9 +248,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">True</Option>
</HostOptions>
</Host>
@ -325,9 +325,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -343,9 +343,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -361,9 +361,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -379,9 +379,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -397,9 +397,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -415,9 +415,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -433,9 +433,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr">False</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
@ -489,9 +489,9 @@
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
@ -600,26 +600,26 @@
</ServiceGroup>
<ServiceGroup id="stdid13_1" name="Custom_Services" comment="" ro="False">
<CustomService id="id3B64FE22" name="talk" comment="Talk support" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="fwsm"></CustomServiceCommand>
<CustomServiceCommand platform="iosacl"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="fwsm"/>
<CustomServiceCommand platform="iosacl"/>
<CustomServiceCommand platform="ipf"/>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="ipfw"/>
<CustomServiceCommand platform="iptables">-m ip_conntrack_talk -m ip_nat_talk</CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
<CustomServiceCommand platform="pf"/>
<CustomServiceCommand platform="pix"/>
<CustomServiceCommand platform="unknown"/>
</CustomService>
<CustomService id="id3F162C44" name="establ" comment="" ro="False" protocol="tcp" address_family="ipv4">
<CustomServiceCommand platform="fwsm"></CustomServiceCommand>
<CustomServiceCommand platform="iosacl"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="fwsm"/>
<CustomServiceCommand platform="iosacl"/>
<CustomServiceCommand platform="ipf"/>
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
<CustomServiceCommand platform="iptables"></CustomServiceCommand>
<CustomServiceCommand platform="pf"></CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
<CustomServiceCommand platform="iptables"/>
<CustomServiceCommand platform="pf"/>
<CustomServiceCommand platform="pix"/>
<CustomServiceCommand platform="unknown"/>
</CustomService>
</ServiceGroup>
<ServiceGroup id="stdid05_1_userservices" name="Users" comment="" ro="False"/>
@ -627,7 +627,7 @@
<ObjectGroup id="stdid12_1" name="Firewalls" comment="" ro="False">
<Firewall id="fw-firewall2" host_OS="freebsd" lastCompiled="1249844841" lastInstalled="0" lastModified="1249844827" platform="ipfw" version="" name="firewall" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" ro="False">
<NAT id="nat-firewall2" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="nat-firewall2-0" disabled="False" position="0" comment="">
<NATRule action="Translate" id="nat-firewall2-0" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -648,7 +648,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="nat-firewall2-1" disabled="False" position="1" comment="">
<NATRule action="Translate" id="nat-firewall2-1" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -669,7 +669,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3CDB43B8" disabled="False" position="2" comment="">
<NATRule action="Translate" id="id3CDB43B8" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -690,7 +690,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D7581A7" disabled="False" position="3" comment="">
<NATRule action="Translate" id="id3D7581A7" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -712,7 +712,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D75843D" disabled="False" position="4" comment="">
<NATRule action="Translate" id="id3D75843D" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -844,10 +844,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="log_limit_suffix"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -870,7 +870,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">True</Option>
<Option name="stateless">True</Option>
@ -913,10 +913,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3BF1B44E" disabled="True" log="False" position="9" action="Accept" direction="Both" comment="">
@ -936,10 +936,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-3" disabled="False" log="False" position="10" action="Accept" direction="Both" comment="">
@ -962,10 +962,10 @@
<IntervalRef ref="id3C63479E"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-2" disabled="False" log="False" position="11" action="Accept" direction="Both" comment="">
@ -985,10 +985,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D98E652" disabled="False" log="False" position="12" action="Accept" direction="Both" comment="">
@ -1009,10 +1009,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CD8770E" disabled="False" log="False" position="13" action="Accept" direction="Both" comment="">
@ -1033,10 +1033,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3CD87B1E" disabled="False" log="False" position="14" action="Accept" direction="Both" comment="">
@ -1057,10 +1057,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-4" disabled="False" log="False" position="15" action="Accept" direction="Both" comment="">
@ -1081,10 +1081,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id41D514D2" disabled="False" log="False" position="16" action="Accept" direction="Both" comment="">
@ -1108,10 +1108,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B58E180" disabled="False" log="True" position="17" action="Accept" direction="Both" comment="">
@ -1150,10 +1150,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="pol-firewall2-7" disabled="False" log="True" position="19" action="Deny" direction="Both" comment="Automatically generated 'catch all' rule">
@ -1173,11 +1173,11 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_prefix"></Option>
<Option name="log_limit_suffix"/>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -1200,37 +1200,37 @@
<Option name="accept_established">False</Option>
<Option name="accept_new_tcp_with_no_syn">False</Option>
<Option name="action_on_reject">ICMP port unreachable</Option>
<Option name="activationCmd"></Option>
<Option name="activationCmd"/>
<Option name="add_check_state_rule">True</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline">-v</Option>
<Option name="compiler"></Option>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">True</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="epilog_script"></Option>
<Option name="firewall_dir"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_ip_forward"></Option>
<Option name="freebsd_ip_redirect"></Option>
<Option name="freebsd_ip_sourceroute"></Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_ip_forward"/>
<Option name="freebsd_ip_redirect"/>
<Option name="freebsd_ip_sourceroute"/>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipfw">/usr/sbin/ipfw</Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">True</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
@ -1250,7 +1250,7 @@
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
@ -1263,23 +1263,23 @@
<Option name="openbsd_ip_forward">1</Option>
<Option name="openbsd_ip_redirect">0</Option>
<Option name="openbsd_ip_sourceroute">0</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="prolog_script"></Option>
<Option name="scpArgs"></Option>
<Option name="script_env_path"></Option>
<Option name="prolog_script"/>
<Option name="scpArgs"/>
<Option name="script_env_path"/>
<Option name="script_name_on_firewall">ipfw.fw</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3AF5AA0A" host_OS="freebsd" lastCompiled="1249844783" lastInstalled="0" lastModified="0" platform="ipfw" name="firewall1" comment="this object is used to test all kinds of negation in policy rules&#10;&#10;Currently negation in NAT is not supported for ipf, therefore all rules in NAT with&#10;negation are disabled&#10;" ro="False">
<NAT id="id3AF5AA0D" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3C98491C" disabled="True" position="0" comment="">
<NATRule action="Translate" id="id3C98491C" disabled="True" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1300,7 +1300,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AFADC09" disabled="False" position="1" comment="">
<NATRule action="Translate" id="id3AFADC09" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -1321,7 +1321,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3CD23959" disabled="True" position="2" comment="">
<NATRule action="Translate" id="id3CD23959" disabled="True" position="2" comment="">
<OSrc neg="True">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1342,7 +1342,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B1328FB" disabled="False" position="3" comment="">
<NATRule action="Translate" id="id3B1328FB" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1363,7 +1363,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AF5AAD3" disabled="True" position="4" comment="">
<NATRule action="Translate" id="id3AF5AAD3" disabled="True" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1384,7 +1384,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3CCA1B57" disabled="True" position="5" comment="">
<NATRule action="Translate" id="id3CCA1B57" disabled="True" position="5" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1405,7 +1405,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B50F7CB" disabled="True" position="6" comment="">
<NATRule action="Translate" id="id3B50F7CB" disabled="True" position="6" comment="">
<OSrc neg="True">
<ObjectRef ref="id3B022266"/>
</OSrc>
@ -1426,7 +1426,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BD8D94B" disabled="True" position="7" comment="">
<NATRule action="Translate" id="id3BD8D94B" disabled="True" position="7" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1447,7 +1447,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BD8D9DD" disabled="True" position="8" comment="">
<NATRule action="Translate" id="id3BD8D9DD" disabled="True" position="8" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -1468,7 +1468,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BBC0EA4" disabled="True" position="9" comment="">
<NATRule action="Translate" id="id3BBC0EA4" disabled="True" position="9" comment="">
<OSrc neg="False">
<ObjectRef ref="id3B4572AF"/>
</OSrc>
@ -1489,7 +1489,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BBC0F93" disabled="True" position="10" comment="">
<NATRule action="Translate" id="id3BBC0F93" disabled="True" position="10" comment="">
<OSrc neg="True">
<ObjectRef ref="id3B4572AF"/>
</OSrc>
@ -1510,7 +1510,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BC6BCE5" disabled="True" position="11" comment="">
<NATRule action="Translate" id="id3BC6BCE5" disabled="True" position="11" comment="">
<OSrc neg="True">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -1699,10 +1699,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix">/minute</Option>
<Option name="limit_value">10</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -1942,29 +1942,29 @@
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_ip_forward"></Option>
<Option name="freebsd_ip_redirect"></Option>
<Option name="freebsd_ip_sourceroute"></Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_ip_forward"/>
<Option name="freebsd_ip_redirect"/>
<Option name="freebsd_ip_sourceroute"/>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipfw">/Library/Application Support/PeerGuardian/ipfwFast</Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
@ -1981,7 +1981,7 @@
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
@ -1991,17 +1991,17 @@
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3AFB66C6" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="1178589993" platform="ipfw" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False">
<NAT id="id3AFB66C7" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3AFB66C8" disabled="False" position="0" comment="">
<NATRule action="Translate" id="id3AFB66C8" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2021,10 +2021,10 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3AFB66D6" disabled="False" position="1" comment="">
<NATRule action="Translate" id="id3AFB66D6" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
<ObjectRef ref="id3B4572AF"/>
@ -2045,10 +2045,10 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3DE9CA86" disabled="False" position="2" comment="">
<NATRule action="Translate" id="id3DE9CA86" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2070,7 +2070,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DE9CD88" disabled="False" position="3" comment="">
<NATRule action="Translate" id="id3DE9CD88" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2091,7 +2091,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DEA6375" disabled="False" position="4" comment="">
<NATRule action="Translate" id="id3DEA6375" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2112,7 +2112,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3CABE6DF" disabled="False" position="5" comment="">
<NATRule action="Translate" id="id3CABE6DF" disabled="False" position="5" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2134,7 +2134,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AFB69BD" disabled="False" position="6" comment="">
<NATRule action="Translate" id="id3AFB69BD" disabled="False" position="6" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2156,7 +2156,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DEA6769" disabled="False" position="7" comment="load balancing rule">
<NATRule action="Translate" id="id3DEA6769" disabled="False" position="7" comment="load balancing rule">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2179,7 +2179,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DEA8105" disabled="False" position="8" comment="load balancing rule">
<NATRule action="Translate" id="id3DEA8105" disabled="False" position="8" comment="load balancing rule">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2200,7 +2200,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D265545" disabled="False" position="9" comment="">
<NATRule action="Translate" id="id3D265545" disabled="False" position="9" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2221,7 +2221,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D265556" disabled="False" position="10" comment="">
<NATRule action="Translate" id="id3D265556" disabled="False" position="10" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2242,7 +2242,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BEEF6D2" disabled="False" position="11" comment="">
<NATRule action="Translate" id="id3BEEF6D2" disabled="False" position="11" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2263,7 +2263,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3BD67563" disabled="False" position="12" comment="">
<NATRule action="Translate" id="id3BD67563" disabled="False" position="12" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostB"/>
</OSrc>
@ -2283,10 +2283,10 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3BD6757E" disabled="True" position="13" comment="">
<NATRule action="Translate" id="id3BD6757E" disabled="True" position="13" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2307,7 +2307,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B66568B" disabled="False" position="14" comment="NETMAP ">
<NATRule action="Translate" id="id3B66568B" disabled="False" position="14" comment="NETMAP ">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2328,7 +2328,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B6656EF" disabled="True" position="15" comment="NETMAP">
<NATRule action="Translate" id="id3B6656EF" disabled="True" position="15" comment="NETMAP">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2349,7 +2349,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3AFB69F7" disabled="False" position="16" comment="">
<NATRule action="Translate" id="id3AFB69F7" disabled="False" position="16" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2370,7 +2370,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3B7313C4" disabled="False" position="17" comment="">
<NATRule action="Translate" id="id3B7313C4" disabled="False" position="17" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2391,7 +2391,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF6D103" disabled="False" position="18" comment="">
<NATRule action="Translate" id="id3DF6D103" disabled="False" position="18" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2412,7 +2412,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF6D242" disabled="False" position="19" comment="">
<NATRule action="Translate" id="id3DF6D242" disabled="False" position="19" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2509,8 +2509,8 @@
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
@ -2531,8 +2531,8 @@
<ObjectRef ref="id3AFB6706"/>
</Itf>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="limit_suffix"></Option>
<Option name="action_on_reject"/>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
<Option name="stateless">True</Option>
@ -2555,7 +2555,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -2579,7 +2579,7 @@
<Option name="action_on_reject">TCP RST</Option>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">IDENT</Option>
<Option name="stateless">True</Option>
@ -2602,10 +2602,10 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="ipf_keep_frags">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_suffix"/>
<Option name="limit_value">0</Option>
<Option name="log_prefix">IDENT</Option>
<Option name="stateless">True</Option>
@ -2666,7 +2666,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3C447B8D" disabled="False" log="True" position="11" action="Accept" direction="Both" comment="host-fw2 has the same address as &#10; one of the firewall's interfaces">
@ -2722,7 +2722,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -2759,26 +2759,26 @@
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="id"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="id"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">True</Option>
<Option name="ipf_nat_h323_proxy">True</Option>
@ -2814,17 +2814,17 @@
<Option name="pf_return_icmp_as_dest">True</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">True</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">True</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3B0C6380" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="ipfw" name="firewall4" comment="this object is used to test a configuration where firewall has dynamic address " ro="False">
<NAT id="id3B0C6381" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3B0C6382" disabled="False" position="0" comment="">
<NATRule action="Translate" id="id3B0C6382" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -2844,10 +2844,10 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D758531" disabled="False" position="1" comment="">
<NATRule action="Translate" id="id3D758531" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -2867,10 +2867,10 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D75869D" disabled="False" position="2" comment="">
<NATRule action="Translate" id="id3D75869D" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -2890,10 +2890,10 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3D7586D1" disabled="False" position="3" comment="">
<NATRule action="Translate" id="id3D7586D1" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="host-hostA"/>
</OSrc>
@ -2913,10 +2913,10 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3B0C6390" disabled="True" position="4" comment="negation in NAT is not supported&#10;in ipf yet">
<NATRule action="Translate" id="id3B0C6390" disabled="True" position="4" comment="negation in NAT is not supported&#10;in ipf yet">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2936,10 +2936,10 @@
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</NATRuleOptions>
</NATRule>
<NATRule id="id3B202AFF" disabled="False" position="5" comment="">
<NATRule action="Translate" id="id3B202AFF" disabled="False" position="5" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -2960,7 +2960,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D757CC5" disabled="False" position="6" comment="">
<NATRule action="Translate" id="id3D757CC5" disabled="False" position="6" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -2982,7 +2982,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D757E01" disabled="False" position="7" comment="">
<NATRule action="Translate" id="id3D757E01" disabled="False" position="7" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -3004,7 +3004,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D757F29" disabled="False" position="8" comment="">
<NATRule action="Translate" id="id3D757F29" disabled="False" position="8" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -3115,7 +3115,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3B0C63A9" disabled="False" log="True" position="5" action="Deny" direction="Both" comment="testing negation in the policy rule">
@ -3136,7 +3136,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -3158,7 +3158,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -3181,7 +3181,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -3202,7 +3202,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id3D85069A" disabled="True" log="True" position="9" action="Accept" direction="Both" comment="">
@ -3241,7 +3241,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="id"></Option>
<Option name="id"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -3278,8 +3278,8 @@
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
@ -3288,16 +3288,16 @@
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf">/usr/sbin/ipf</Option>
<Option name="freebsd_path_ipnat">/usr/sbin/ipnat</Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="id"></Option>
<Option name="freebsd_path_sysctl"/>
<Option name="id"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
@ -3314,7 +3314,7 @@
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
@ -3324,10 +3324,10 @@
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
@ -3425,25 +3425,25 @@
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
@ -3460,7 +3460,7 @@
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix">/second</Option>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
@ -3470,10 +3470,10 @@
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
@ -3643,24 +3643,24 @@
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
@ -3675,9 +3675,9 @@
<Option name="log_all_dropped">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">debug</Option>
<Option name="log_limit_suffix"></Option>
<Option name="log_limit_suffix"/>
<Option name="log_limit_value">0</Option>
<Option name="log_prefix"></Option>
<Option name="log_prefix"/>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">False</Option>
@ -3686,17 +3686,17 @@
<Option name="no_optimisation">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="platform">iptables</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="use_ip_tool">False</Option>
<Option name="use_numeric_log_levels">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3D582236" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="ipfw" name="firewall8" comment="" ro="False">
<NAT id="id3D58223A" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3D58237B" disabled="False" position="0" comment="">
<NATRule action="Translate" id="id3D58237B" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -3717,7 +3717,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D5823A5" disabled="False" position="1" comment="">
<NATRule action="Translate" id="id3D5823A5" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -3738,7 +3738,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D5823B9" disabled="False" position="2" comment="">
<NATRule action="Translate" id="id3D5823B9" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -3759,7 +3759,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D58245E" disabled="False" position="3" comment="">
<NATRule action="Translate" id="id3D58245E" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -3780,7 +3780,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D58236D" disabled="False" position="4" comment="">
<NATRule action="Translate" id="id3D58236D" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -3801,7 +3801,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D58235F" disabled="False" position="5" comment="">
<NATRule action="Translate" id="id3D58235F" disabled="False" position="5" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -3822,7 +3822,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D582472" disabled="False" position="6" comment="">
<NATRule action="Translate" id="id3D582472" disabled="False" position="6" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -3843,7 +3843,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D58249D" disabled="False" position="7" comment="">
<NATRule action="Translate" id="id3D58249D" disabled="False" position="7" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -3864,7 +3864,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3D5825CC" disabled="False" position="8" comment="">
<NATRule action="Translate" id="id3D5825CC" disabled="False" position="8" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -3998,20 +3998,20 @@
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
@ -4019,14 +4019,14 @@
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id3DF3D0AD" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="1230496425" platform="ipfw" name="firewall9" comment="" ro="False">
<NAT id="id3DF3D0AE" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3DF3D0AF" disabled="False" position="0" comment="">
<NATRule action="Translate" id="id3DF3D0AF" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -4047,7 +4047,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0BD" disabled="False" position="1" comment="">
<NATRule action="Translate" id="id3DF3D0BD" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -4068,7 +4068,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0CB" disabled="False" position="2" comment="">
<NATRule action="Translate" id="id3DF3D0CB" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -4089,7 +4089,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0D9" disabled="False" position="3" comment="">
<NATRule action="Translate" id="id3DF3D0D9" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4110,7 +4110,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0E7" disabled="False" position="4" comment="">
<NATRule action="Translate" id="id3DF3D0E7" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4131,7 +4131,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D0F5" disabled="False" position="5" comment="">
<NATRule action="Translate" id="id3DF3D0F5" disabled="False" position="5" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4152,7 +4152,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D103" disabled="False" position="6" comment="">
<NATRule action="Translate" id="id3DF3D103" disabled="False" position="6" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4173,7 +4173,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D111" disabled="False" position="7" comment="">
<NATRule action="Translate" id="id3DF3D111" disabled="False" position="7" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4194,7 +4194,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id3DF3D11F" disabled="False" position="8" comment="">
<NATRule action="Translate" id="id3DF3D11F" disabled="False" position="8" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4368,7 +4368,7 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="action_on_reject"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -4410,20 +4410,20 @@
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
@ -4433,9 +4433,9 @@
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id3E51AF8E" host_OS="macosx" lastCompiled="0" lastInstalled="0" lastModified="0" platform="ipfw" version="" name="mac" comment="" ro="False">
@ -4578,20 +4578,20 @@
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="check_shading">True</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="debug">True</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_h323_proxy">False</Option>
@ -4603,18 +4603,18 @@
<Option name="macosx_ip_forward">1</Option>
<Option name="macosx_ip_redirect">0</Option>
<Option name="macosx_ip_sourceroute">0</Option>
<Option name="macosx_path_ipfw"></Option>
<Option name="macosx_path_sysctl"></Option>
<Option name="macosx_path_ipfw"/>
<Option name="macosx_path_sysctl"/>
<Option name="manage_virtual_addr">False</Option>
<Option name="pass_all_out">False</Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
</FirewallOptions>
</Firewall>
<Firewall id="id43867C1018346" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="ipfw" version="" name="firewall33" comment="testing DNSName object" ro="False">
<NAT id="id43867C4818346" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id43876E2618346" disabled="False" position="0" comment="">
<NATRule action="Translate" id="id43876E2618346" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4635,7 +4635,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43876E5218346" disabled="False" position="1" comment="">
<NATRule action="Translate" id="id43876E5218346" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4656,7 +4656,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43876E6918346" disabled="False" position="2" comment="">
<NATRule action="Translate" id="id43876E6918346" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4678,7 +4678,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43876E7B18346" disabled="False" position="3" comment="">
<NATRule action="Translate" id="id43876E7B18346" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -4949,50 +4949,50 @@
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject">ICMP net unreachable</Option>
<Option name="activationCmd"></Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="activationCmd"/>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="dyn_addr">False</Option>
<Option name="epilog_script"></Option>
<Option name="firewall_dir"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir"/>
<Option name="firewall_is_part_of_any">True</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="inst_cmdline"></Option>
<Option name="inst_script"></Option>
<Option name="install_script"></Option>
<Option name="inst_cmdline"/>
<Option name="inst_script"/>
<Option name="install_script"/>
<Option name="limit_suffix">/day</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_accept_redirects"></Option>
<Option name="linux24_accept_source_route"></Option>
<Option name="linux24_icmp_echo_ignore_all"></Option>
<Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
<Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
<Option name="linux24_ip_dynaddr"></Option>
<Option name="linux24_ip_forward"></Option>
<Option name="linux24_log_martians"></Option>
<Option name="linux24_path_ip"></Option>
<Option name="linux24_path_iptables"></Option>
<Option name="linux24_path_logger"></Option>
<Option name="linux24_path_lsmod"></Option>
<Option name="linux24_path_modprobe"></Option>
<Option name="linux24_rp_filter"></Option>
<Option name="linux24_tcp_ecn"></Option>
<Option name="linux24_tcp_fack"></Option>
<Option name="linux24_accept_redirects"/>
<Option name="linux24_accept_source_route"/>
<Option name="linux24_icmp_echo_ignore_all"/>
<Option name="linux24_icmp_echo_ignore_broadcasts"/>
<Option name="linux24_icmp_ignore_bogus_error_responses"/>
<Option name="linux24_ip_dynaddr"/>
<Option name="linux24_ip_forward"/>
<Option name="linux24_log_martians"/>
<Option name="linux24_path_ip"/>
<Option name="linux24_path_iptables"/>
<Option name="linux24_path_logger"/>
<Option name="linux24_path_lsmod"/>
<Option name="linux24_path_modprobe"/>
<Option name="linux24_rp_filter"/>
<Option name="linux24_tcp_ecn"/>
<Option name="linux24_tcp_fack"/>
<Option name="linux24_tcp_fin_timeout">30</Option>
<Option name="linux24_tcp_keepalive_interval">1800</Option>
<Option name="linux24_tcp_sack"></Option>
<Option name="linux24_tcp_syncookies"></Option>
<Option name="linux24_tcp_timestamps"></Option>
<Option name="linux24_tcp_window_scaling"></Option>
<Option name="linux24_tcp_sack"/>
<Option name="linux24_tcp_syncookies"/>
<Option name="linux24_tcp_timestamps"/>
<Option name="linux24_tcp_window_scaling"/>
<Option name="load_modules">False</Option>
<Option name="local_nat">False</Option>
<Option name="log_all">False</Option>
@ -5006,20 +5006,20 @@
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="platform">iptables</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"></Option>
<Option name="prolog_script"/>
<Option name="proxy_arp">False</Option>
<Option name="script_env_path"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="script_env_path"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
@ -5032,7 +5032,7 @@
</Firewall>
<Firewall id="id43F7AAE423738" host_OS="freebsd" inactive="False" lastCompiled="1160203243" lastInstalled="0" lastModified="1160203225" platform="ipfw" version="" name="firewall34" comment="Testing actions Pipe, Classify, Custom" ro="False">
<NAT id="id43F7AB2723738" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id43F7AB2823738" disabled="False" position="0" comment="">
<NATRule action="Translate" id="id43F7AB2823738" disabled="False" position="0" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -5053,7 +5053,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7AB3623738" disabled="False" position="1" comment="">
<NATRule action="Translate" id="id43F7AB3623738" disabled="False" position="1" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -5074,7 +5074,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7AB4423738" disabled="False" position="2" comment="">
<NATRule action="Translate" id="id43F7AB4423738" disabled="False" position="2" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -5095,7 +5095,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7AB5223738" disabled="False" position="3" comment="">
<NATRule action="Translate" id="id43F7AB5223738" disabled="False" position="3" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5116,7 +5116,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7AB6023738" disabled="False" position="4" comment="">
<NATRule action="Translate" id="id43F7AB6023738" disabled="False" position="4" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5137,7 +5137,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7AB6E23738" disabled="False" position="5" comment="">
<NATRule action="Translate" id="id43F7AB6E23738" disabled="False" position="5" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5158,7 +5158,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7AB7C23738" disabled="False" position="6" comment="">
<NATRule action="Translate" id="id43F7AB7C23738" disabled="False" position="6" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5179,7 +5179,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7AB8A23738" disabled="False" position="7" comment="">
<NATRule action="Translate" id="id43F7AB8A23738" disabled="False" position="7" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5200,7 +5200,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id43F7AB9823738" disabled="False" position="8" comment="">
<NATRule action="Translate" id="id43F7AB9823738" disabled="False" position="8" comment="">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -5240,29 +5240,29 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"></Option>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str"/>
<Option name="ipf_route_opt_addr"/>
<Option name="ipf_route_opt_if"/>
<Option name="ipf_route_option">Route through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">8668</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"></Option>
<Option name="ipt_iif"></Option>
<Option name="ipt_gw"/>
<Option name="ipt_iif"/>
<Option name="ipt_mark_connections">False</Option>
<Option name="ipt_mark_prerouting">False</Option>
<Option name="ipt_oif"></Option>
<Option name="ipt_oif"/>
<Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_opt_addr"/>
<Option name="pf_route_opt_if"/>
<Option name="pf_route_option">Route through</Option>
<Option name="rule_name_accounting"></Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"></Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id45275D7A5394" disabled="False" log="False" position="1" action="Custom" direction="Both" comment="rule doing divert to natd (8668) should go before check-state&#10;">
@ -5282,27 +5282,27 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str">check-state</Option>
<Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"></Option>
<Option name="ipf_route_opt_addr"/>
<Option name="ipf_route_opt_if"/>
<Option name="ipf_route_option">Route through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"></Option>
<Option name="ipt_iif"></Option>
<Option name="ipt_gw"/>
<Option name="ipt_iif"/>
<Option name="ipt_mark_connections">False</Option>
<Option name="ipt_mark_prerouting">False</Option>
<Option name="ipt_oif"></Option>
<Option name="ipt_oif"/>
<Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_opt_addr"/>
<Option name="pf_route_opt_if"/>
<Option name="pf_route_option">Route through</Option>
<Option name="rule_name_accounting"></Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
@ -5323,15 +5323,15 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str"/>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">1234</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="rule_name_accounting"></Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"></Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7AC9D23738" disabled="False" log="False" position="3" action="Classify" direction="Both" comment="">
@ -5351,16 +5351,16 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str"/>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_method">1</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">2</Option>
<Option name="rule_name_accounting"></Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"></Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7ACAE23738" disabled="False" log="False" position="4" action="Classify" direction="Both" comment="">
@ -5380,17 +5380,17 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str"/>
<Option name="ipfw_classify_method">1</Option>
<Option name="ipfw_classify_port_num">1</Option>
<Option name="ipfw_pipe_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">1</Option>
<Option name="rule_name_accounting"></Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"></Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7C4D723738" disabled="False" log="True" position="5" action="Custom" direction="Both" comment="">
@ -5410,14 +5410,14 @@
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="action_on_reject"/>
<Option name="classify_str"/>
<Option name="custom_str">prob .80</Option>
<Option name="ipfw_pipe_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="rule_name_accounting"></Option>
<Option name="rule_name_accounting"/>
<Option name="stateless">True</Option>
<Option name="tagvalue"></Option>
<Option name="tagvalue"/>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F7AB1B23738" disabled="False" log="True" position="6" action="Deny" direction="Both" comment="">
@ -5458,42 +5458,42 @@
</Management>
<FirewallOptions>
<Option name="action_on_reject">ICMP host prohibited</Option>
<Option name="activationCmd"></Option>
<Option name="activationCmd"/>
<Option name="add_check_state_rule">False</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="admUser"/>
<Option name="altAddress"/>
<Option name="check_shading">True</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="cmdline"/>
<Option name="compiler"/>
<Option name="configure_interfaces">False</Option>
<Option name="debug">False</Option>
<Option name="eliminate_duplicates">True</Option>
<Option name="epilog_script"></Option>
<Option name="epilog_script"/>
<Option name="firewall_dir">/etc</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="freebsd_path_ipf"></Option>
<Option name="freebsd_path_ipnat"></Option>
<Option name="freebsd_path_sysctl"></Option>
<Option name="freebsd_path_ipf"/>
<Option name="freebsd_path_ipnat"/>
<Option name="freebsd_path_sysctl"/>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">True</Option>
<Option name="ipf_log_body">False</Option>
<Option name="ipf_log_facility"></Option>
<Option name="ipf_log_level"></Option>
<Option name="ipf_log_facility"/>
<Option name="ipf_log_level"/>
<Option name="ipf_log_or_block">False</Option>
<Option name="ipf_nat_ftp_proxy">False</Option>
<Option name="ipf_nat_raudio_proxy">False</Option>
<Option name="ipf_nat_rcmd_proxy">False</Option>
<Option name="ipf_return_icmp_as_dest">False</Option>
<Option name="manage_virtual_addr">False</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_addr"/>
<Option name="mgmt_ssh">False</Option>
<Option name="output_file"></Option>
<Option name="output_file"/>
<Option name="pass_all_out">False</Option>
<Option name="prolog_script"></Option>
<Option name="snmp_contact"></Option>
<Option name="snmp_description"></Option>
<Option name="snmp_location"></Option>
<Option name="sshArgs"></Option>
<Option name="prolog_script"/>
<Option name="snmp_contact"/>
<Option name="snmp_description"/>
<Option name="snmp_location"/>
<Option name="sshArgs"/>
</FirewallOptions>
</Firewall>
</ObjectGroup>
@ -5599,9 +5599,9 @@
<ICMPService id="icmp-ping_reply" code="0" type="0" name="ping reply" comment="" ro="False"/>
</ServiceGroup>
<CustomService id="stdid14_1" name="ESTABLISHED" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
<CustomServiceCommand platform="Undefined"/>
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
<CustomServiceCommand platform="ipfilter"/>
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
</CustomService>