onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-18 09:18:23 +01:00
Code Issues Releases Wiki Activity

see #2399, #2340 rules that require tagging, classification or routing are now split so that regular actions such as Accept are implemented using normal rules in the table "filter" and rules in table "mangle" only implement tagging, classification and routing. See ChangeLog for longer description

Browse Source
This commit is contained in:
Vadim Kurland 2011-05-13 13:06:42 -07:00
parent 598b83cac3
commit 2b67a0a491
142 changed files with 1548 additions and 1120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
doc/ChangeLog
View File

@ -1,3 +1,23 @@
2011-05-13 vadim <vadim@netcitadel.com>
* CompilerDriver_ipt_run.cpp (run): see #2400 'Mixing Actions
"Accept" and "Classify" results in incorrect rules', see #2399
'Mixing Actions "Accept" and "Tag" results in incorrect ruleset'.
After we made Tag, Classify and Route rule options instead of
actions, rules that mix these options with actions "Accept" and
others, except for "Continue", should be treated differently. The
action are now implemented using iptables rules in the table
"filter" and additional rules in table "mangle" is used to
implement only tagging, classification or routing. Generated
script does not change default action in table "mangle" and
assumes it is "ACCEPT" so adding rules with target ACCEPT in
mangle table should not be necessary. Another change because of
this affects branching rules that use option "create branch in
mangle table in addition to the filter table". These rules used to
duplicate the same action and logging rules in mangle. Now they
dont do this and only create rules in mangle if branch rule set
performs tagging, classification or routing.
2011-05-11 vadim <vadim@netcitadel.com>
* newFirewallDialog.cpp (finishClicked): fixes #2395 "Crash when

49
src/iptlib/CompilerDriver_ipt.cpp
View File

@ -91,46 +91,6 @@ void CompilerDriver_ipt::assignRuleSetChain(RuleSet *ruleset)
}
void CompilerDriver_ipt::findBranchesInMangleTable(Firewall *fw,
list<FWObject*> &all_policies)
{
// special but common case: if we only have one policy, there is
// no need to check if we have to do branching in mangle table
// since we do not have any branching rules in that case.
if (all_policies.size() > 1)
{
for (list<FWObject*>::iterator i=all_policies.begin();
i!=all_policies.end(); ++i)
{
for (list<FWObject*>::iterator r=(*i)->begin();
r!=(*i)->end(); ++r)
{
PolicyRule *rule = PolicyRule::cast(*r);
if (rule == NULL) continue; // skip RuleSetOptions object
FWOptions *ruleopt = rule->getOptionsObject();
if (rule->getAction() == PolicyRule::Branch &&
ruleopt->getBool("ipt_branch_in_mangle"))
{
RuleSet *ruleset = rule->getBranch();
if (ruleset == NULL)
{
abort(fw, *i, rule,
"Action branch does not point to any rule set");
}
for (list<FWObject*>::iterator br=ruleset->begin();
br!=ruleset->end(); ++br)
{
Rule *b_rule = Rule::cast(*br);
if (b_rule == NULL) continue; // skip RuleSetOptions object
ruleopt = b_rule->getOptionsObject();
ruleopt->setBool("put_in_mangle_table", true);
}
}
}
}
}
}
/*
* TODO: use configlet to define structure of generated script. Need 2
@ -151,6 +111,10 @@ string CompilerDriver_ipt::dumpScript(Firewall *fw,
const string& filter_script,
bool ipv6_policy)
{
// cerr << "nat script" << endl;
// cerr << "\"" << nat_script << "\"" << endl;
ostringstream res;
ostringstream script;
string prolog_place = fw->getOptionsObject()->getStr("prolog_place");
@ -169,11 +133,14 @@ string CompilerDriver_ipt::dumpScript(Firewall *fw,
{
conf = new Configlet(fw, "linux24", "script_body_iptables_restore");
} else
conf = new Configlet(fw, "linux24", "script_body_single_rule");
conf = new Configlet(fw, "linux24", "script_body_iptables_shell");
}
conf->setVariable("auto", have_auto);
conf->setVariable("iptables_restore_format",
fw->getOptionsObject()->getBool("use_iptables_restore"));
conf->setVariable("filter", !filter_script.empty());
conf->setVariable("filter_or_auto", have_auto || !filter_script.empty());
conf->setVariable("filter_auto_script", automatic_rules_script.c_str());

2
src/iptlib/CompilerDriver_ipt.h
View File

@ -93,8 +93,6 @@ public:
const std::string &single_rule_id);
void assignRuleSetChain(libfwbuilder::RuleSet *ruleset);
void findBranchesInMangleTable(libfwbuilder::Firewall*,
std::list<libfwbuilder::FWObject*> &all_policies);
std::string dumpScript(libfwbuilder::Firewall *fw,
const std::string& automatic_rules_script,

1
src/iptlib/CompilerDriver_ipt_run.cpp
View File

@ -231,7 +231,6 @@ QString CompilerDriver_ipt::run(const std::string &cluster_id,
vector<int> ipv4_6_runs;
findImportedRuleSets(fw, all_policies);
findBranchesInMangleTable(fw, all_policies);
findImportedRuleSets(fw, all_nat);
try

29
src/iptlib/NATCompiler_PrintRuleIptRst.cpp
View File

@ -78,35 +78,6 @@ string NATCompiler_ipt::PrintRuleIptRst::_printRuleLabel(NATRule *rule)
Resources::os_res[compiler->fw->getStr("host_OS")]->Resources::getResourceBool("/FWBuilderResources/Target/options/suppress_comments");
return compiler->printComment(rule, current_rule_label, "#", nocomm);
#if 0
ostringstream res;
string rl=rule->getLabel();
if (rl!=current_rule_label)
{
if (!compiler->inSingleRuleCompileMode() && !nocomm)
{
res << "# " << endl;
res << "# Rule " << rl << endl;
res << "# " << endl;
}
/* do not put comment in the script if it is intended for linksys */
if (!nocomm || compiler->inSingleRuleCompileMode())
{
QStringList comm = QString(rule->getComment().c_str()).split("\n");
foreach(QString line, comm)
{
res << "# " << line.toStdString() << endl;
}
//res << "# " << endl;
}
current_rule_label=rl;
}
return res.str();
#endif
}
bool NATCompiler_ipt::PrintRuleIptRst::processNext()

5
src/iptlib/NATCompiler_ipt.cpp
View File

@ -2608,13 +2608,14 @@ void NATCompiler_ipt::compile()
add( new simplePrintProgress() );
runRuleProcessors();
}
void NATCompiler_ipt::epilog()
{
if (fwopt->getBool("use_iptables_restore"))
if (fwopt->getBool("use_iptables_restore") &&
getCompiledScriptLength()>0 &&
! inSingleRuleCompileMode())
{
output << "#" << endl;
}

1
src/iptlib/PolicyCompiler_PrintRule.cpp
View File

@ -57,6 +57,7 @@
#include <QStringList>
#include <QRegExp>
#include <QtDebug>
#include <iostream>
#include <iomanip>

170
src/iptlib/PolicyCompiler_ipt.cpp
View File

@ -519,102 +519,55 @@ bool PolicyCompiler_ipt::dropTerminatingTargets::processNext()
return true;
}
/*
* see #2367 #2397 TODO: this rule processor is not used anymore, remove.
*
*
* This rule processor converts non-terminating targets CLASSIFY and
* MARK to terminating targets (equivalent) by splitting the rule and
* adding one more rule with target ACCEPT.
*
* Note that target ROUTE is terminating unless parameter "--continue"
* is present. We add "--continue" if action is Continue, otherwise
* the rule does not need to be split and we carry action Accept further.
*
* Call this rule processor at the very end of the chain when all
* splits are done and target is set via "ipt_target"
*/
bool PolicyCompiler_ipt::splitTagClassifyOrRouteIfAction::processNext()
bool PolicyCompiler_ipt::clearTagClassifyOrRouteIfFilter::processNext()
{
PolicyCompiler_ipt *ipt_comp = dynamic_cast<PolicyCompiler_ipt*>(compiler);
PolicyRule *rule = getNext(); if (rule==NULL) return false;
string tgt = rule->getStr("ipt_target");
FWOptions *ruleopt = rule->getOptionsObject();
if (ipt_comp->my_table=="mangle" &&
(rule->getTagging() || rule->getClassification()) &&
rule->getAction() != PolicyRule::Continue)
if (ipt_comp->my_table != "mangle")
{
RuleElementSrc *nsrc;
RuleElementDst *ndst;
RuleElementSrv *nsrv;
RuleElementItf *nitfre;
PolicyRule *r, *r2;
rule->setClassification(false);
rule->setRouting(false);
rule->setTagging(false);
}
string this_chain = rule->getStr("ipt_chain");
string new_chain = this_chain;
tmp_queue.push_back(rule);
return true;
}
nsrc = rule->getSrc();
ndst = rule->getDst();
nsrv = rule->getSrv();
nitfre = rule->getItf();
bool PolicyCompiler_ipt::clearActionInTagClassifyIfMangle::processNext()
{
PolicyCompiler_ipt *ipt_comp = dynamic_cast<PolicyCompiler_ipt*>(compiler);
PolicyRule *rule = getNext(); if (rule==NULL) return false;
if (!nsrc->isAny() ||
!ndst->isAny() ||
!nsrv->isAny() ||
!nitfre->isAny())
{
new_chain = ipt_comp->getNewTmpChainName(rule);
r = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
r->setStr("subrule_suffix", "ntt");
r->setStr("ipt_target", new_chain);
r->setClassification(false);
r->setRouting(false);
r->setTagging(false);
r->setLogging(false);
r->setAction(PolicyRule::Continue);
tmp_queue.push_back(r);
}
if (ipt_comp->my_table == "mangle" &&
(rule->getTagging() || rule->getClassification())
)
rule->setAction(PolicyRule::Continue);
r = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
r->duplicate(rule);
nsrc = r->getSrc(); nsrc->reset();
ndst = r->getDst(); ndst->reset();
nsrv = r->getSrv(); nsrv->reset();
nitfre = r->getItf(); nitfre->reset();
ruleopt = r->getOptionsObject();
ruleopt->setInt("limit_value",-1);
ruleopt->setInt("limit_value",-1);
ruleopt->setInt("connlimit_value",-1);
ruleopt->setInt("hashlimit_value",-1);
ruleopt->setBool("stateless",true);
r->setLogging(false);
r->setStr("ipt_chain", new_chain);
r->setStr("upstream_rule_chain", this_chain);
r->setAction(PolicyRule::Continue);
ipt_comp->registerChain(new_chain);
ipt_comp->insertUpstreamChain(this_chain, new_chain);
tmp_queue.push_back(r);
tmp_queue.push_back(rule);
return true;
}
r2 = compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r2);
r2->duplicate(r);
r2->setClassification(false);
r2->setRouting(false);
r2->setTagging(false);
r2->setLogging(false);
r2->setAction( rule->getAction());
ruleopt = r2->getOptionsObject();
ruleopt->setBool("stateless", true);
tmp_queue.push_back(r2);
/*
* in a rule generates some code in both filter and mangle tables and
* has logging turned on, we should log only once. Will log in filter.
* However if the rule belongs to mangle-only rule set, we should log
* in mangle.
*/
bool PolicyCompiler_ipt::clearLogInTagClassifyOrRouteIfMangle::processNext()
{
PolicyCompiler_ipt *ipt_comp = dynamic_cast<PolicyCompiler_ipt*>(compiler);
PolicyRule *rule = getNext(); if (rule==NULL) return false;
FWOptions *rulesetopts = ipt_comp->getSourceRuleSet()->getOptionsObject();
if (rulesetopts->getBool("mangle_only_rule_set"))
{
tmp_queue.push_back(rule);
return true;
}
if (ipt_comp->my_table == "mangle") rule->setLogging(false);
tmp_queue.push_back(rule);
return true;
}
@ -648,13 +601,8 @@ bool PolicyCompiler_ipt::splitIfTagClassifyOrRoute::processNext()
nitfre = rule->getItf();
if (
(! nsrc->isAny() || ! ndst->isAny() || ! nsrv->isAny() || ! nitfre->isAny()) &&
(
number_of_options > 1 ||
(
! rule->getRouting() && rule->getAction() != PolicyRule::Continue
)
)
(! nsrc->isAny() || ! ndst->isAny() ||
! nsrv->isAny() || ! nitfre->isAny()) && number_of_options > 1
)
{
new_chain = ipt_comp->getNewTmpChainName(rule);
@ -812,17 +760,6 @@ bool PolicyCompiler_ipt::Route::processNext()
return true;
}
/*
* A note about CLASSIFY target in iptables:
*
* CLASSIFY only works in mangle table in POSTROUTING chain.
* the man page does not mention this, but module documentation
* in p-o-m says so.
*
* per bug #1618329: "Wrong in-code comment" this comment is incorrect,
* CLASSIFY target is valid in POSTROUTING, OUTPUT and FORWARD chains.
*/
bool PolicyCompiler_ipt::dropMangleTableRules::processNext()
{
PolicyRule *rule=getNext(); if (rule==NULL) return false;
@ -833,9 +770,9 @@ bool PolicyCompiler_ipt::dropMangleTableRules::processNext()
FWOptions *rulesetopts = ipt_comp->getSourceRuleSet()->getOptionsObject();
if (rulesetopts->getBool("mangle_only_rule_set")) return true;
if (rule->getTagging() ||
rule->getRouting() ||
rule->getClassification()) return true;
if ( rule->getAction() == PolicyRule::Continue && ! rule->getLogging() &&
(rule->getTagging() || rule->getRouting() || rule->getClassification()))
return true;
// Another special case (while working on #1415, although not
// related directly): branching rule that has "branch in mangle table"
@ -2307,12 +2244,15 @@ bool PolicyCompiler_ipt::splitIfSrcAny::processNext()
r->setDirection( PolicyRule::Outbound );
tmp_queue.push_back(r);
// if this rule is for mangle table, need to put it into
// POSTROUTING chain as well because some targets that
// work with mangle table can only go into POSTROUTING chain
// such as CLASSIFY
if (ipt_comp->my_table=="mangle" &&
rule->getClassification())
/*
* A note about CLASSIFY target in iptables:
*
* CLASSIFY only works in mangle table in POSTROUTING chain.
* the man page does not mention this, but module
* documentation in p-o-m says so.
*/
if (ipt_comp->my_table=="mangle" && rule->getClassification())
{
r= compiler->dbcopy->createPolicyRule();
compiler->temp_ruleset->add(r);
@ -4285,6 +4225,12 @@ void PolicyCompiler_ipt::compile()
add( new checkForUnsupportedCombinationsInMangle(
"Check for unsupported Tag+Route and Classify+Route combinations"));
add( new clearTagClassifyOrRouteIfFilter(
"Clear Tag, Classify and Route options in filter table"));
add( new clearLogInTagClassifyOrRouteIfMangle(
"clear logging in rules with Tag, Classify or Route options in mangle"));
add( new clearActionInTagClassifyIfMangle(
"clear action in rules with Tag and Classify in mangle"));
add( new storeAction("store original action of this rule"));
@ -4712,7 +4658,9 @@ string PolicyCompiler_ipt::debugPrintRule(Rule *r)
void PolicyCompiler_ipt::epilog()
{
if (fwopt->getBool("use_iptables_restore") && getCompiledScriptLength()>0)
if (fwopt->getBool("use_iptables_restore") &&
getCompiledScriptLength()>0 &&
! inSingleRuleCompileMode())
{
output << "#" << endl;
}

24
src/iptlib/PolicyCompiler_ipt.h
View File

@ -236,6 +236,24 @@ protected:
*/
DECLARE_POLICY_RULE_PROCESSOR(splitIfTagClassifyOrRoute);
/**
* clears options Tag, Classify and Route in filter table
*/
DECLARE_POLICY_RULE_PROCESSOR(clearTagClassifyOrRouteIfFilter);
/**
* turns off logging in rules with options Tag, Classify or
* Route in table mangle
*/
DECLARE_POLICY_RULE_PROCESSOR(clearLogInTagClassifyOrRouteIfMangle);
/**
* switches action to Continue in rules with options Tag,
* Classify in mangle table. We deal with other actions in
* table filter.
*/
DECLARE_POLICY_RULE_PROCESSOR(clearActionInTagClassifyIfMangle);
/**
* this processor checks if the rule is associated with an
@ -682,12 +700,6 @@ protected:
*/
DECLARE_POLICY_RULE_PROCESSOR(decideOnChainForClassify);
/**
* Split rules with options Tag, Classiyfy and Route if action
* is not Continue
*/
DECLARE_POLICY_RULE_PROCESSOR(splitTagClassifyOrRouteIfAction);
/**
* drop rules with terminating targets. Used as part of the
* shadowing detection for non-terminating rules in the mangle

5
src/iptlib/PolicyCompiler_ipt_optimizer.cpp
View File

@ -123,6 +123,11 @@ void PolicyCompiler_ipt::optimize1::optimizeForRuleElement(
}
}
r->setStr("ipt_target",new_chain);
r->setClassification(false);
r->setRouting(false);
r->setTagging(false);
tmp_queue.push_back(r);
FWOptions *ruleopt=rule->getOptionsObject();

25
src/res/configlets/linux24/script_body_iptables_shell Normal file
View File

@ -0,0 +1,25 @@
## -*- mode: shell-script; -*-
##
## To be able to make changes to the part of configuration created
## from this configlet you need to copy this file to the directory
## fwbuilder/configlets/linux24/ in your home directory and modify it.
## Double "##" comments are removed during processing but single "#"
## comments are be retained and appear in the generated script. Empty
## lines are removed as well.
##
## Configlets support simple macro language with these constructs:
## {{$var}} is variable expansion
## {{if var}} is conditional operator.
##
## this template is used for single rule compile, both
## iptables-restore and regular, as well as for the regular
## (not iptables-restore) script
{{if auto}}{{$filter_auto_script}}
{{$mangle_auto_script}}{{endif}}
{{if nat}}{{$nat_script}}{{endif}}
{{if mangle}}{{$mangle_script}}{{endif}}
{{if filter}}{{$filter_script}}{{endif}}

17
src/res/configlets/linux24/script_body_single_rule
View File

@ -14,12 +14,19 @@
## this template is used for single rule compile, both
## iptables-restore and regular, as well as for the regular
## (not iptables-restore) script
{{if auto}}{{$filter_auto_script}}
{{$mangle_auto_script}}{{endif}}
{{if nat}}{{$nat_script}}{{endif}}
{{if filter}}
{{if iptables_restore_format}}echo '*filter' {{endif}}
{{$filter_script}}
{{endif}}
{{if mangle}}{{$mangle_script}}{{endif}}
{{if mangle}}
{{if iptables_restore_format}}echo '*mangle' {{endif}}
{{$mangle_script}}
{{endif}}
{{if filter}}{{$filter_script}}{{endif}}
{{if nat}}
{{if iptables_restore_format}}echo '*nat' {{endif}}
{{$nat_script}}
{{endif}}

6
test/ipt/cluster1_secuwall-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:53 2011 PDT by vadim
# Generated Fri May 13 12:36:56 2011 PDT by vadim
#
# files: * cluster1_secuwall-1.fw /etc/cluster1_secuwall-1.fw
#
@ -588,7 +588,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:53 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:56 2011 by vadim"
log "Database was cluster-tests.fwb"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-base-rulesets.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:07 2011 PDT by vadim
# Generated Fri May 13 12:36:09 2011 PDT by vadim
#
# files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
#
@ -445,7 +445,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:07 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:09 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:16 2011 PDT by vadim
# Generated Fri May 13 12:36:19 2011 PDT by vadim
#
# files: * firewall-ipv6-1.fw /etc/firewall-ipv6-1.fw
#
@ -702,7 +702,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:16 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:19 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:16 2011 PDT by vadim
# Generated Fri May 13 12:36:19 2011 PDT by vadim
#
# files: * firewall-ipv6-2.fw /etc/firewall-ipv6-2.fw
#
@ -966,7 +966,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:16 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:19 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:27 2011 PDT by vadim
# Generated Fri May 13 12:36:29 2011 PDT by vadim
#
# files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
#
@ -596,7 +596,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:27 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:29 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-4-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:38 2011 PDT by vadim
# Generated Fri May 13 12:36:40 2011 PDT by vadim
#
# files: * firewall-ipv6-4-1.fw /etc/firewall-ipv6-4-1.fw
#
@ -545,7 +545,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:38 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:40 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:27 2011 PDT by vadim
# Generated Fri May 13 12:36:29 2011 PDT by vadim
#
# files: * firewall-ipv6-4.fw /etc/firewall-ipv6-4.fw
#
@ -581,7 +581,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:27 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:29 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:29 2011 PDT by vadim
# Generated Fri May 13 12:36:31 2011 PDT by vadim
#
# files: * firewall-ipv6-5.fw /etc/firewall-ipv6-5.fw
#
@ -412,7 +412,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:29 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:31 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:31 2011 PDT by vadim
# Generated Fri May 13 12:36:33 2011 PDT by vadim
#
# files: * firewall-ipv6-6.fw /etc/firewall-ipv6-6.fw
#
@ -399,7 +399,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:31 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:33 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:32 2011 PDT by vadim
# Generated Fri May 13 12:36:34 2011 PDT by vadim
#
# files: * firewall-ipv6-7.fw /etc/firewall-ipv6-7.fw
#
@ -443,7 +443,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:32 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:34 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:34 2011 PDT by vadim
# Generated Fri May 13 12:36:36 2011 PDT by vadim
#
# files: * firewall-ipv6-8.fw /etc/firewall-ipv6-8.fw
#
@ -484,7 +484,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:34 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:35 2011 PDT by vadim
# Generated Fri May 13 12:54:33 2011 PDT by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-after-flush.fw /etc/firewall-ipv6-ipt-reset-prolog-after-flush.fw
#
@ -378,14 +378,6 @@ script_body() {
echo '*nat'
# ================ Table 'nat', rule set NAT
echo :PREROUTING ACCEPT [0:0]
echo :POSTROUTING ACCEPT [0:0]
echo :OUTPUT ACCEPT [0:0]
#
echo COMMIT
) | $IP6TABLES_RESTORE; IPTABLES_RESTORE_RES=$?
@ -450,7 +442,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:35 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:54:33 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

14
test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:37 2011 PDT by vadim
# Generated Fri May 13 12:36:39 2011 PDT by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-after-interfaces.fw /etc/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw
#
@ -378,14 +378,6 @@ script_body() {
echo '*nat'
# ================ Table 'nat', rule set NAT
echo :PREROUTING ACCEPT [0:0]
echo :POSTROUTING ACCEPT [0:0]
echo :OUTPUT ACCEPT [0:0]
#
echo COMMIT
) | $IP6TABLES_RESTORE; IPTABLES_RESTORE_RES=$?
@ -450,7 +442,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:37 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:39 2011 by vadim"
check_tools
check_run_time_address_table_files

14
test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:39 2011 PDT by vadim
# Generated Fri May 13 12:36:41 2011 PDT by vadim
#
# files: * firewall-ipv6-ipt-reset-prolog-top.fw /etc/firewall-ipv6-ipt-reset-prolog-top.fw
#
@ -378,14 +378,6 @@ script_body() {
echo '*nat'
# ================ Table 'nat', rule set NAT
echo :PREROUTING ACCEPT [0:0]
echo :POSTROUTING ACCEPT [0:0]
echo :OUTPUT ACCEPT [0:0]
#
echo COMMIT
) | $IP6TABLES_RESTORE; IPTABLES_RESTORE_RES=$?
@ -450,7 +442,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:39 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-nd-ns-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:40 2011 PDT by vadim
# Generated Fri May 13 12:36:42 2011 PDT by vadim
#
# files: * firewall-ipv6-nd-ns-1.fw /etc/firewall-ipv6-nd-ns-1.fw
#
@ -442,7 +442,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:40 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:42 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-nd-ns-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:41 2011 PDT by vadim
# Generated Fri May 13 12:36:44 2011 PDT by vadim
#
# files: * firewall-ipv6-nd-ns-2.fw /etc/firewall-ipv6-nd-ns-2.fw
#
@ -446,7 +446,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:41 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:44 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-prolog-after-flush.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:42 2011 PDT by vadim
# Generated Fri May 13 12:36:44 2011 PDT by vadim
#
# files: * firewall-ipv6-prolog-after-flush.fw /etc/firewall-ipv6-prolog-after-flush.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:42 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:44 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:43 2011 PDT by vadim
# Generated Fri May 13 12:36:46 2011 PDT by vadim
#
# files: * firewall-ipv6-prolog-after-interfaces.fw /etc/firewall-ipv6-prolog-after-interfaces.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:43 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:46 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall-ipv6-prolog-top.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:44 2011 PDT by vadim
# Generated Fri May 13 12:36:46 2011 PDT by vadim
#
# files: * firewall-ipv6-prolog-top.fw /etc/firewall-ipv6-prolog-top.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:44 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:46 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall-server-1-s.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:45 2011 PDT by vadim
# Generated Fri May 13 12:36:48 2011 PDT by vadim
#
# files: * firewall-server-1-s.fw /etc/fw/firewall-server-1-s.fw
#
@ -393,7 +393,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:45 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:22 2011 PDT by vadim
# Generated Fri May 13 12:34:27 2011 PDT by vadim
#
# files: * firewall.fw /etc/fw/firewall.fw
#
@ -1376,7 +1376,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:22 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:27 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.ma_1
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Tue May 3 19:32:00 2011 PDT by vadim
# Generated Fri May 13 12:34:28 2011 PDT by vadim
#
# files: * firewall1.fw /etc/fw/firewall1.fw
#
@ -1248,7 +1248,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue May 3 19:32:00 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:28 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall10.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:24 2011 PDT by vadim
# Generated Fri May 13 12:34:29 2011 PDT by vadim
#
# files: * firewall10.fw /etc/fw/firewall10.fw
#
@ -473,7 +473,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:24 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:29 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall11.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:26 2011 PDT by vadim
# Generated Fri May 13 12:34:31 2011 PDT by vadim
#
# files: * firewall11.fw /etc/fw/firewall11.fw
#
@ -589,7 +589,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:26 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:31 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall12.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:26 2011 PDT by vadim
# Generated Fri May 13 12:34:31 2011 PDT by vadim
#
# files: * firewall12.fw /etc/fw/firewall12.fw
#
@ -511,7 +511,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:26 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:31 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall13.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:29 2011 PDT by vadim
# Generated Fri May 13 12:34:33 2011 PDT by vadim
#
# files: * firewall13.fw /etc/fw/firewall13.fw
#
@ -385,7 +385,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:29 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:33 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall14.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:29 2011 PDT by vadim
# Generated Fri May 13 12:34:33 2011 PDT by vadim
#
# files: * firewall14.fw /etc/fw/firewall14.fw
#
@ -404,7 +404,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:29 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:33 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall15.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:31 2011 PDT by vadim
# Generated Fri May 13 12:34:36 2011 PDT by vadim
#
# files: * firewall15.fw /etc/fw/firewall15.fw
#
@ -388,7 +388,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:31 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall16.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:31 2011 PDT by vadim
# Generated Fri May 13 12:34:36 2011 PDT by vadim
#
# files: * firewall16.fw /etc/fw/firewall16.fw
#
@ -492,7 +492,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:31 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall17.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:33 2011 PDT by vadim
# Generated Fri May 13 12:34:38 2011 PDT by vadim
#
# files: * firewall17.fw /etc/fw/firewall17.fw
#
@ -471,7 +471,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:33 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:38 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall18.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:33 2011 PDT by vadim
# Generated Fri May 13 12:34:38 2011 PDT by vadim
#
# files: * firewall18.fw /etc/fw/firewall18.fw
#
@ -504,7 +504,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:33 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:38 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall19.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:35 2011 PDT by vadim
# Generated Fri May 13 12:34:40 2011 PDT by vadim
#
# files: * firewall19.fw /etc/fw/firewall19.fw
#
@ -508,7 +508,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:35 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:40 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall2-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:43 2011 PDT by vadim
# Generated Fri May 13 12:34:48 2011 PDT by vadim
#
# files: * firewall2-1.fw /etc/fw/firewall2-1.fw
#
@ -1430,7 +1430,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:43 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:48 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:46 2011 PDT by vadim
# Generated Fri May 13 12:34:51 2011 PDT by vadim
#
# files: * firewall2-2.fw /etc/fw/firewall2-2.fw
#
@ -1259,7 +1259,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:46 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:51 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:48 2011 PDT by vadim
# Generated Fri May 13 12:34:53 2011 PDT by vadim
#
# files: * firewall2-3.fw /etc/fw/firewall2-3.fw
#
@ -1118,7 +1118,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:48 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:53 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:50 2011 PDT by vadim
# Generated Fri May 13 12:34:55 2011 PDT by vadim
#
# files: * firewall2-4.fw /etc/fw/firewall2-4.fw
#
@ -424,7 +424,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:50 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:55 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:52 2011 PDT by vadim
# Generated Fri May 13 12:34:58 2011 PDT by vadim
#
# files: * firewall2-5.fw /etc/fw/firewall2-5.fw
#
@ -455,7 +455,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:52 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:58 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.ma_1
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Tue May 3 19:32:31 2011 PDT by vadim
# Generated Fri May 13 12:35:00 2011 PDT by vadim
#
# files: * firewall2-6.fw /etc/fw/firewall2-6.fw
#
@ -482,7 +482,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue May 3 19:32:31 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:00 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2-7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:57 2011 PDT by vadim
# Generated Fri May 13 12:35:03 2011 PDT by vadim
#
# files: * firewall2-7.fw /etc/fw/firewall2-7.fw
#
@ -424,7 +424,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:57 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:03 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:37 2011 PDT by vadim
# Generated Fri May 13 12:34:42 2011 PDT by vadim
#
# files: * firewall2.fw /etc/fw/firewall2.fw
#
@ -1482,7 +1482,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:37 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:42 2011 by vadim"
check_tools
check_run_time_address_table_files

6
test/ipt/firewall20-ipv6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:39 2011 PDT by vadim
# Generated Fri May 13 12:34:44 2011 PDT by vadim
#
# files: * firewall20-ipv6.fw /etc/fw/firewall20-ipv6.fw
#
@ -456,7 +456,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:39 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:44 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall20.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:37 2011 PDT by vadim
# Generated Fri May 13 12:34:42 2011 PDT by vadim
#
# files: * firewall20.fw /etc/fw/firewall20.fw
#
@ -674,7 +674,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:37 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:42 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall21-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:42 2011 PDT by vadim
# Generated Fri May 13 12:34:46 2011 PDT by vadim
#
# files: * firewall21-1.fw /etc/fw/firewall21-1.fw
#
@ -470,7 +470,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:42 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:46 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall21.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:39 2011 PDT by vadim
# Generated Fri May 13 12:34:44 2011 PDT by vadim
#
# files: * firewall21.fw /etc/fw/firewall21.fw
#
@ -469,7 +469,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:39 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:44 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall22.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:43 2011 PDT by vadim
# Generated Fri May 13 12:34:48 2011 PDT by vadim
#
# files: * firewall22.fw /etc/fw/firewall22.fw
#
@ -390,7 +390,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:43 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

21
test/ipt/firewall23-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:48 2011 PDT by vadim
# Generated Fri May 13 12:34:53 2011 PDT by vadim
#
# files: * firewall23-1.fw /etc/fw/firewall23-1.fw
#
@ -299,22 +299,19 @@ script_body() {
#
echo "Rule 13 (eth2)"
#
$IPTABLES -t mangle -A POSTROUTING -m physdev --physdev-out eth2 -p tcp -m tcp -d 192.168.1.0/24 --dport 22 -j CLASSIFY --set-class 1:12
$IPTABLES -t mangle -A POSTROUTING -m physdev --physdev-out eth2 -p tcp -m tcp -d 192.168.1.0/24 --dport 22 -j CLASSIFY --set-class 1:12
#
# Rule 14 (eth3)
#
echo "Rule 14 (eth3)"
#
$IPTABLES -t mangle -A POSTROUTING -m physdev --physdev-out eth3 -p tcp -m tcp -d 192.168.1.0/24 --dport 22 -j CLASSIFY --set-class 2:12
$IPTABLES -t mangle -A POSTROUTING -m physdev --physdev-out eth3 -p tcp -m tcp -d 192.168.1.0/24 --dport 22 -j CLASSIFY --set-class 2:12
#
# Rule 15 (eth2)
#
echo "Rule 15 (eth2)"
#
$IPTABLES -N Out_RULE_15 -t mangle
$IPTABLES -t mangle -A POSTROUTING -m physdev --physdev-out eth2 -p tcp -m tcp -d 192.168.1.0/24 --dport 22 -j Out_RULE_15
$IPTABLES -t mangle -A Out_RULE_15 -j LOG --log-level debug
$IPTABLES -t mangle -A Out_RULE_15 -j CLASSIFY --set-class 1:12
$IPTABLES -t mangle -A POSTROUTING -m physdev --physdev-out eth2 -p tcp -m tcp -d 192.168.1.0/24 --dport 22 -j CLASSIFY --set-class 1:12
# ================ Table 'filter', rule set Policy
#
@ -425,6 +422,12 @@ script_body() {
#
$IPTABLES -A FORWARD -m physdev --physdev-out eth3 -s 192.168.1.10 -d 224.0.0.0/4 -m state --state NEW -j ACCEPT
#
# Rule 15 (eth2)
#
echo "Rule 15 (eth2)"
#
$IPTABLES -A FORWARD -m physdev --physdev-out eth2 -p tcp -m tcp -d 192.168.1.0/24 --dport 22 -j LOG --log-level debug
#
# Rule 16 (global)
#
echo "Rule 16 (global)"
@ -561,7 +564,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:48 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:53 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall23.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:46 2011 PDT by vadim
# Generated Fri May 13 12:34:50 2011 PDT by vadim
#
# files: * firewall23.fw /etc/fw/firewall23.fw
#
@ -476,7 +476,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:46 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:50 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall24.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:50 2011 PDT by vadim
# Generated Fri May 13 12:34:55 2011 PDT by vadim
#
# files: * firewall24.fw /etc/fw/firewall24.fw
#
@ -493,7 +493,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:50 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:55 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

35
test/ipt/firewall25.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:52 2011 PDT by vadim
# Generated Fri May 13 12:34:58 2011 PDT by vadim
#
# files: * firewall25.fw /etc/fw/firewall25.fw
#
@ -506,6 +506,15 @@ script_body() {
echo "-A Cid417C6878.1 -s 192.168.1.0/24 -j ACCEPT "
echo "-A Cid417C6878.1 -s 192.168.2.0/24 -j ACCEPT "
#
# Rule 17 (global)
# this rule should go to mangle table,
# since we also have default rule that goes to mangle (TCPMSS)
# and pure mangle ruleset, making sure all rules for
# mangle table end up with one COMMIT
echo "-A OUTPUT -m state --state NEW -j LOG "
echo "-A INPUT -m state --state NEW -j LOG "
echo "-A FORWARD -m state --state NEW -j LOG "
#
# Rule 18 (global)
echo "-A OUTPUT -j policy_2 "
echo "-A INPUT -j policy_2 "
@ -530,18 +539,6 @@ script_body() {
echo '*mangle'
# ================ Table 'mangle', automatic rules
echo "-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu"
# ================ Table 'mangle', rule set policy_2
#
# Rule policy_2 0 (eth2)
echo ":policy_2 - [0:0]"
echo "-A policy_2 -o eth2 -m state --state NEW -j ACCEPT "
#
# Rule policy_2 1 (global)
echo ":policy_2_1 - [0:0]"
echo "-A policy_2 -j policy_2_1 "
echo "-A policy_2_1 -j LOG "
echo "-A policy_2_1 -j DROP "
#
# ================ Table 'mangle', rule set policy_2_mangle
#
# Rule policy_2_mangle 0 (eth2)
@ -570,13 +567,11 @@ script_body() {
# since we also have default rule that goes to mangle (TCPMSS)
# and pure mangle ruleset, making sure all rules for
# mangle table end up with one COMMIT
echo ":RULE_17 - [0:0]"
echo "-A OUTPUT -m state --state NEW -j RULE_17 "
echo "-A PREROUTING -m state --state NEW -j RULE_17 "
echo "-A RULE_17 -j LOG "
echo "-A RULE_17 -j MARK --set-mark 10"
echo "-A OUTPUT -m state --state NEW -j MARK --set-mark 10"
echo "-A PREROUTING -m state --state NEW -j MARK --set-mark 10"
#
# Rule 18 (global)
echo ":policy_2 - [0:0]"
echo "-A PREROUTING -j policy_2 "
echo "-A POSTROUTING -j policy_2 "
echo "-A FORWARD -j policy_2 "
@ -689,7 +684,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:52 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:34:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall26.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:55 2011 PDT by vadim
# Generated Fri May 13 12:35:00 2011 PDT by vadim
#
# files: * firewall26.fw /etc/fw/firewall26.fw
#
@ -562,7 +562,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:55 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:00 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall27.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:28:57 2011 PDT by vadim
# Generated Fri May 13 12:35:03 2011 PDT by vadim
#
# files: * firewall27.fw /etc/fw/firewall27.fw
#
@ -546,7 +546,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:28:57 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:03 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall28.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:00 2011 PDT by vadim
# Generated Fri May 13 12:35:05 2011 PDT by vadim
#
# files: * firewall28.fw /etc/fw/firewall28.fw
#
@ -409,7 +409,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:00 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:05 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall29.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:00 2011 PDT by vadim
# Generated Fri May 13 12:35:05 2011 PDT by vadim
#
# files: * firewall29.fw /etc/fw/firewall29.fw
#
@ -440,7 +440,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:00 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:05 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:02 2011 PDT by vadim
# Generated Fri May 13 12:35:08 2011 PDT by vadim
#
# files: * firewall3.fw /etc/fw/firewall3.fw
#
@ -578,7 +578,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:02 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:08 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall30.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:02 2011 PDT by vadim
# Generated Fri May 13 12:35:08 2011 PDT by vadim
#
# files: * firewall30.fw /etc/fw/firewall30.fw
#
@ -375,7 +375,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:02 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:08 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall31.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:05 2011 PDT by vadim
# Generated Fri May 13 12:35:10 2011 PDT by vadim
#
# files: * firewall31.fw /etc/fw/firewall31.fw
#
@ -445,7 +445,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:05 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:10 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall32.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:05 2011 PDT by vadim
# Generated Fri May 13 12:35:10 2011 PDT by vadim
#
# files: * firewall32.fw /etc/fw/firewall32.fw
#
@ -416,7 +416,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:05 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:10 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

17
test/ipt/firewall33-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:13 2011 PDT by vadim
# Generated Fri May 13 12:35:17 2011 PDT by vadim
#
# files: * firewall33-1.fw /etc/fw/firewall33-1.fw
#
@ -395,11 +395,12 @@ script_body() {
#
$IPTABLES -N Cid438728A918346.0
$IPTABLES -A Policy -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.48 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.49 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.50 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.51 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.52 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.99 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.103 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.104 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.105 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.106 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.147 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN
@ -525,7 +526,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:13 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:17 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

17
test/ipt/firewall33.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:13 2011 PDT by vadim
# Generated Fri May 13 12:35:17 2011 PDT by vadim
#
# files: * firewall33.fw /etc/fw/firewall33.fw
#
@ -443,11 +443,12 @@ script_body() {
$IPTABLES -A OUTPUT -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A INPUT -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A FORWARD -m state --state NEW -j Cid438728A918346.0
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.48 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.49 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.50 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.51 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.224.52 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.99 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.103 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.104 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.105 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.106 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 74.125.153.147 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN
$IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN
@ -572,7 +573,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:13 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:17 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall34.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:15 2011 PDT by vadim
# Generated Fri May 13 12:35:20 2011 PDT by vadim
#
# files: * firewall34.fw /etc/fw/firewall34.fw
#
@ -648,7 +648,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:15 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:20 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall35.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:15 2011 PDT by vadim
# Generated Fri May 13 12:35:20 2011 PDT by vadim
#
# files: * firewall35.fw /etc/fw/firewall35.fw
#
@ -540,7 +540,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:15 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:20 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall36-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:17 2011 PDT by vadim
# Generated Fri May 13 12:35:22 2011 PDT by vadim
#
# files: * firewall36-1.fw /etc/firewall36-1.fw
#
@ -433,7 +433,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:17 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall36-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:20 2011 PDT by vadim
# Generated Fri May 13 12:35:25 2011 PDT by vadim
#
# files: * firewall36-2.fw /etc/firewall36-2.fw
#
@ -433,7 +433,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:20 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:25 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

42
test/ipt/firewall36.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:17 2011 PDT by vadim
# Generated Fri May 13 12:35:22 2011 PDT by vadim
#
# files: * firewall36.fw /etc/firewall36.fw
#
@ -316,32 +316,32 @@ script_body() {
#
echo "Rule 1 (global)"
#
$IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type any -j ROUTE --oif eth1
$IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type any -j ROUTE --oif eth1
#
# Rule 2 (global)
#
echo "Rule 2 (global)"
#
$IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp --dport 80 -j ROUTE --oif eth1 --continue
$IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp --dport 80 -j ROUTE --oif eth1 --continue
#
# Rule 3 (global)
#
echo "Rule 3 (global)"
#
$IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp --dport 22 -j ROUTE --gw 1.2.3.4 --continue
$IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp --dport 22 -j ROUTE --gw 1.2.3.4 --continue
#
# Rule 4 (global)
#
echo "Rule 4 (global)"
#
$IPTABLES -t mangle -A PREROUTING -p icmp -m icmp --icmp-type any -j ROUTE --iif eth1
$IPTABLES -t mangle -A PREROUTING -p icmp -m icmp --icmp-type any -j ROUTE --iif eth1
#
# Rule 5 (global)
#
echo "Rule 5 (global)"
#
$IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp --dport 13 -j ROUTE --gw 1.2.3.4 --tee
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --dport 13 -j ROUTE --gw 1.2.3.4 --tee
$IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp --dport 13 -j ROUTE --gw 1.2.3.4 --tee
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --dport 13 -j ROUTE --gw 1.2.3.4 --tee
# ================ Table 'filter', rule set Policy
#
@ -355,6 +355,30 @@ script_body() {
$IPTABLES -A OUTPUT -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
#
# Rule 1 (global)
#
echo "Rule 1 (global)"
#
$IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type any -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type any -j ACCEPT
#
# Rule 4 (global)
#
echo "Rule 4 (global)"
#
$IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type any -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type any -j ACCEPT
#
# Rule 5 (global)
#
echo "Rule 5 (global)"
#
$IPTABLES -A OUTPUT -p tcp -m tcp --dport 13 -j ACCEPT
$IPTABLES -A INPUT -p tcp -m tcp --dport 13 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -m tcp --dport 13 -j ACCEPT
#
# Rule 6 (global)
#
echo "Rule 6 (global)"
@ -548,7 +572,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:17 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:22 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

476
test/ipt/firewall37-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.ma_1
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Tue May 3 20:22:31 2011 PDT by vadim
# Generated Fri May 13 12:35:27 2011 PDT by vadim
#
# files: * firewall37-1.fw /etc/fw/firewall37-1.fw
#
@ -327,19 +327,7 @@ script_body() {
echo "Rule rule27_branch 0 (global)"
#
$IPTABLES -N rule27_branch -t mangle
$IPTABLES -N Cid45AB5C2E25451.0 -t mangle
$IPTABLES -t mangle -A rule27_branch -p tcp -m tcp --tcp-flags ALL ACK -j Cid45AB5C2E25451.0
$IPTABLES -t mangle -A Cid45AB5C2E25451.0 -j CLASSIFY --set-class 1:16
$IPTABLES -t mangle -A Cid45AB5C2E25451.0 -j ACCEPT
#
# Rule rule27_branch 1 (global)
#
echo "Rule rule27_branch 1 (global)"
#
$IPTABLES -N rule27_branch_1 -t mangle
$IPTABLES -t mangle -A rule27_branch -p tcp -m tcp --dport 80 -m state --state NEW -j rule27_branch_1
$IPTABLES -t mangle -A rule27_branch_1 -j LOG --log-level info --log-prefix "RULE 1 -- ACCEPT "
$IPTABLES -t mangle -A rule27_branch_1 -j ACCEPT
$IPTABLES -t mangle -A rule27_branch -p tcp -m tcp --tcp-flags ALL ACK -j CLASSIFY --set-class 1:16
# ================ Table 'mangle', rule set Policy
#
# Rule 0 (global)
@ -347,27 +335,20 @@ script_body() {
echo "Rule 0 (global)"
#
# terminating target
$IPTABLES -N Cid45AB5AAD25451.0 -t mangle
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j Cid45AB5AAD25451.0
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j Cid45AB5AAD25451.0
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j Cid45AB5AAD25451.0
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid45AB5AAD25451.0
$IPTABLES -t mangle -A Cid45AB5AAD25451.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid45AB5AAD25451.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 16
#
# Rule 1 (global)
#
echo "Rule 1 (global)"
#
# terminating target
$IPTABLES -N RULE_1 -t mangle
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j RULE_1
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j RULE_1
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j RULE_1
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j RULE_1
$IPTABLES -t mangle -A RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- ACCEPT "
$IPTABLES -t mangle -A RULE_1 -j MARK --set-mark 16
$IPTABLES -t mangle -A RULE_1 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 16
#
# Rule 2 (global)
#
@ -381,64 +362,53 @@ script_body() {
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid45AB5AC525451.0
$IPTABLES -t mangle -A Cid45AB5AC525451.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -t mangle -A Cid45AB5AC525451.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -N RULE_2_3 -t mangle
$IPTABLES -t mangle -A Cid45AB5AC525451.0 -j RULE_2_3
$IPTABLES -t mangle -A RULE_2_3 -j LOG --log-level info --log-prefix "RULE 2 -- ACCEPT "
$IPTABLES -t mangle -A RULE_2_3 -j MARK --set-mark 16
$IPTABLES -t mangle -A RULE_2_3 -j ACCEPT
$IPTABLES -t mangle -A Cid45AB5AC525451.0 -j MARK --set-mark 16
#
# Rule 3 (eth1)
#
echo "Rule 3 (eth1)"
#
# terminating target
$IPTABLES -N Cid45AB5AD225451.0 -t mangle
$IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j Cid45AB5AD225451.0
$IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j Cid45AB5AD225451.0
$IPTABLES -t mangle -A Cid45AB5AD225451.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid45AB5AD225451.0 -j ACCEPT
$IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j MARK --set-mark 16
#
# Rule 4 (eth1)
#
echo "Rule 4 (eth1)"
#
# temrinating target
$IPTABLES -N Cid45AB5ADE25451.0 -t mangle
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j Cid45AB5ADE25451.0
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j Cid45AB5ADE25451.0
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j Cid45AB5ADE25451.0
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j Cid45AB5ADE25451.0
$IPTABLES -t mangle -A Cid45AB5ADE25451.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid45AB5ADE25451.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16
#
# Rule 5 (global)
#
echo "Rule 5 (global)"
#
# terminating and CONNMARK
$IPTABLES -N Cid45AB5AEA25451.0 -t mangle
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j Cid45AB5AEA25451.0
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j Cid45AB5AEA25451.0
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j Cid45AB5AEA25451.0
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid45AB5AEA25451.0
$IPTABLES -t mangle -A Cid45AB5AEA25451.0 -j MARK --set-mark 10
$IPTABLES -t mangle -A Cid45AB5AEA25451.0 -j CONNMARK --save-mark
$IPTABLES -t mangle -A Cid45AB5AEA25451.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j CONNMARK --save-mark
#
# Rule 6 (global)
#
echo "Rule 6 (global)"
#
# terminating and CONNMARK
$IPTABLES -N RULE_6 -t mangle
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j RULE_6
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j RULE_6
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j RULE_6
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j RULE_6
$IPTABLES -t mangle -A RULE_6 -j LOG --log-level info --log-prefix "RULE 6 -- ACCEPT "
$IPTABLES -t mangle -A RULE_6 -j MARK --set-mark 10
$IPTABLES -t mangle -A RULE_6 -j CONNMARK --save-mark
$IPTABLES -t mangle -A RULE_6 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j CONNMARK --save-mark
#
# Rule 7 (global)
#
@ -452,38 +422,32 @@ script_body() {
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid45AB5B0225451.0
$IPTABLES -t mangle -A Cid45AB5B0225451.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -t mangle -A Cid45AB5B0225451.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -N RULE_7_3 -t mangle
$IPTABLES -t mangle -A Cid45AB5B0225451.0 -j RULE_7_3
$IPTABLES -t mangle -A RULE_7_3 -j LOG --log-level info --log-prefix "RULE 7 -- ACCEPT "
$IPTABLES -t mangle -A RULE_7_3 -j MARK --set-mark 10
$IPTABLES -t mangle -A RULE_7_3 -j CONNMARK --save-mark
$IPTABLES -t mangle -A RULE_7_3 -j ACCEPT
$IPTABLES -t mangle -A Cid45AB5B0225451.0 -j MARK --set-mark 10
$IPTABLES -t mangle -A Cid45AB5B0225451.0 -j CONNMARK --save-mark
#
# Rule 8 (eth1)
#
echo "Rule 8 (eth1)"
#
# terminating and CONNMARK
$IPTABLES -N Cid45AB5B0F25451.0 -t mangle
$IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j Cid45AB5B0F25451.0
$IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j Cid45AB5B0F25451.0
$IPTABLES -t mangle -A Cid45AB5B0F25451.0 -j MARK --set-mark 8
$IPTABLES -t mangle -A Cid45AB5B0F25451.0 -j CONNMARK --save-mark
$IPTABLES -t mangle -A Cid45AB5B0F25451.0 -j ACCEPT
$IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j MARK --set-mark 8
$IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j MARK --set-mark 8
$IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j CONNMARK --save-mark
#
# Rule 9 (eth1)
#
echo "Rule 9 (eth1)"
#
# terminating and CONNMARK
$IPTABLES -N Cid45AB5B1B25451.0 -t mangle
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j Cid45AB5B1B25451.0
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j Cid45AB5B1B25451.0
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j Cid45AB5B1B25451.0
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j Cid45AB5B1B25451.0
$IPTABLES -t mangle -A Cid45AB5B1B25451.0 -j MARK --set-mark 9
$IPTABLES -t mangle -A Cid45AB5B1B25451.0 -j CONNMARK --save-mark
$IPTABLES -t mangle -A Cid45AB5B1B25451.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 9
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j MARK --set-mark 9
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 9
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j MARK --set-mark 9
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j CONNMARK --save-mark
#
# Rule 11 (global)
#
@ -493,20 +457,14 @@ script_body() {
# this rule, and the next one, should place
# CLASSIFY rule in a separate chain
# and pass control to it using -g
$IPTABLES -N Cid45AB5B9525451.0 -t mangle
$IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type 3 -j Cid45AB5B9525451.0
$IPTABLES -t mangle -A Cid45AB5B9525451.0 -j CLASSIFY --set-class 1:10
$IPTABLES -t mangle -A Cid45AB5B9525451.0 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type 3 -j CLASSIFY --set-class 1:10
#
# Rule 12 (eth0)
#
echo "Rule 12 (eth0)"
#
# second rule for bug #1618381
$IPTABLES -N Cid45AB5BA125451.0 -t mangle
$IPTABLES -t mangle -A POSTROUTING -o eth0 -j Cid45AB5BA125451.0
$IPTABLES -t mangle -A Cid45AB5BA125451.0 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A Cid45AB5BA125451.0 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -o eth0 -j CLASSIFY --set-class 1:11
#
# Rule 13 (global)
#
@ -518,7 +476,6 @@ script_body() {
$IPTABLES -t mangle -A Cid45AB5BAD25451.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -t mangle -A Cid45AB5BAD25451.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -t mangle -A Cid45AB5BAD25451.0 -j CLASSIFY --set-class 1:10
$IPTABLES -t mangle -A Cid45AB5BAD25451.0 -j ACCEPT
#
# Rule 14 (global)
#
@ -531,7 +488,6 @@ script_body() {
$IPTABLES -t mangle -A Cid45AB5BBA25451.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -t mangle -A Cid45AB5BBA25451.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -t mangle -A Cid45AB5BBA25451.0 -j CLASSIFY --set-class 1:10
$IPTABLES -t mangle -A Cid45AB5BBA25451.0 -j ACCEPT
#
# Rule 15 (eth0)
#
@ -541,12 +497,9 @@ script_body() {
# this rule uses multiport
# and has to be split because
# of that
$IPTABLES -N Cid45AB5BC825451.0 -t mangle
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp --dport 10000:11000 -j Cid45AB5BC825451.0
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j Cid45AB5BC825451.0
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p udp -m udp -m multiport --dports 53,161 -j Cid45AB5BC825451.0
$IPTABLES -t mangle -A Cid45AB5BC825451.0 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A Cid45AB5BC825451.0 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp --dport 10000:11000 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p udp -m udp -m multiport --dports 53,161 -j CLASSIFY --set-class 1:11
#
# Rule 16 (global)
#
@ -556,30 +509,20 @@ script_body() {
# this rule, and the next one, should place
# CLASSIFY rule in a separate chain
# and pass control to it using -g
$IPTABLES -N Cid45AB5BD525451.0 -t mangle
$IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type 3 -j Cid45AB5BD525451.0
$IPTABLES -t mangle -A Cid45AB5BD525451.0 -j CLASSIFY --set-class 1:10
$IPTABLES -t mangle -A Cid45AB5BD525451.0 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type 3 -j CLASSIFY --set-class 1:10
#
# Rule 17 (eth0)
#
echo "Rule 17 (eth0)"
#
# second rule for bug #1618381
$IPTABLES -N Cid45AB5BE125451.0 -t mangle
$IPTABLES -t mangle -A POSTROUTING -o eth0 -j Cid45AB5BE125451.0
$IPTABLES -t mangle -A Cid45AB5BE125451.0 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A Cid45AB5BE125451.0 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -o eth0 -j CLASSIFY --set-class 1:11
#
# Rule 18 (eth0)
#
echo "Rule 18 (eth0)"
#
$IPTABLES -N Out_RULE_18 -t mangle
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j Out_RULE_18
$IPTABLES -t mangle -A Out_RULE_18 -j LOG --log-level info --log-prefix "RULE 18 -- ACCEPT "
$IPTABLES -t mangle -A Out_RULE_18 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A Out_RULE_18 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j CLASSIFY --set-class 1:11
#
# Rule 19 (global)
#
@ -591,7 +534,6 @@ script_body() {
$IPTABLES -t mangle -A Cid45AB5BF925451.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -t mangle -A Cid45AB5BF925451.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -t mangle -A Cid45AB5BF925451.0 -j CLASSIFY --set-class 1:10
$IPTABLES -t mangle -A Cid45AB5BF925451.0 -j ACCEPT
#
# Rule 20 (global)
#
@ -604,7 +546,6 @@ script_body() {
$IPTABLES -t mangle -A Cid45AB5C0625451.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -t mangle -A Cid45AB5C0625451.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -t mangle -A Cid45AB5C0625451.0 -j CLASSIFY --set-class 1:10
$IPTABLES -t mangle -A Cid45AB5C0625451.0 -j ACCEPT
#
# Rule 21 (eth0)
#
@ -614,12 +555,9 @@ script_body() {
# this rule uses multiport
# and has to be split because
# of that
$IPTABLES -N Cid45AB5C1425451.0 -t mangle
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp --dport 10000:11000 -j Cid45AB5C1425451.0
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j Cid45AB5C1425451.0
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p udp -m udp -m multiport --dports 53,161 -j Cid45AB5C1425451.0
$IPTABLES -t mangle -A Cid45AB5C1425451.0 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A Cid45AB5C1425451.0 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp --dport 10000:11000 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p udp -m udp -m multiport --dports 53,161 -j CLASSIFY --set-class 1:11
#
# Rule 22 (global)
#
@ -634,17 +572,155 @@ script_body() {
# ================ Table 'filter', rule set rule27_branch
#
# Rule rule27_branch 0 (global)
#
echo "Rule rule27_branch 0 (global)"
#
$IPTABLES -N rule27_branch
$IPTABLES -A rule27_branch -p tcp -m tcp --tcp-flags ALL ACK -j ACCEPT
#
# Rule rule27_branch 1 (global)
#
echo "Rule rule27_branch 1 (global)"
#
$IPTABLES -N rule27_branch
$IPTABLES -N rule27_branch_1
$IPTABLES -A rule27_branch -p tcp -m tcp --dport 80 -m state --state NEW -j rule27_branch_1
$IPTABLES -A rule27_branch_1 -j LOG --log-level info --log-prefix "RULE 1 -- ACCEPT "
$IPTABLES -A rule27_branch_1 -j ACCEPT
# ================ Table 'filter', rule set Policy
#
# Rule 0 (global)
#
echo "Rule 0 (global)"
#
# terminating target
$IPTABLES -A OUTPUT -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -p ah -m state --state NEW -j ACCEPT
#
# Rule 1 (global)
#
echo "Rule 1 (global)"
#
# terminating target
$IPTABLES -N RULE_1
$IPTABLES -A OUTPUT -p 50 -m state --state NEW -j RULE_1
$IPTABLES -A OUTPUT -p ah -m state --state NEW -j RULE_1
$IPTABLES -A INPUT -p 50 -m state --state NEW -j RULE_1
$IPTABLES -A INPUT -p ah -m state --state NEW -j RULE_1
$IPTABLES -A FORWARD -p 50 -m state --state NEW -j RULE_1
$IPTABLES -A FORWARD -p ah -m state --state NEW -j RULE_1
$IPTABLES -A RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- ACCEPT "
$IPTABLES -A RULE_1 -j ACCEPT
#
# Rule 2 (global)
#
echo "Rule 2 (global)"
#
# terminating target
$IPTABLES -N Cid45AB5AC525451.0
$IPTABLES -A OUTPUT -p 50 -m state --state NEW -j Cid45AB5AC525451.0
$IPTABLES -A OUTPUT -p ah -m state --state NEW -j Cid45AB5AC525451.0
$IPTABLES -A INPUT -p 50 -m state --state NEW -j Cid45AB5AC525451.0
$IPTABLES -A INPUT -p ah -m state --state NEW -j Cid45AB5AC525451.0
$IPTABLES -A FORWARD -p 50 -m state --state NEW -j Cid45AB5AC525451.0
$IPTABLES -A FORWARD -p ah -m state --state NEW -j Cid45AB5AC525451.0
$IPTABLES -A Cid45AB5AC525451.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -A Cid45AB5AC525451.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -N RULE_2_3
$IPTABLES -A Cid45AB5AC525451.0 -j RULE_2_3
$IPTABLES -A RULE_2_3 -j LOG --log-level info --log-prefix "RULE 2 -- ACCEPT "
$IPTABLES -A RULE_2_3 -j ACCEPT
#
# Rule 3 (eth1)
#
echo "Rule 3 (eth1)"
#
# terminating target
$IPTABLES -A INPUT -i eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i eth1 -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -p ah -m state --state NEW -j ACCEPT
#
# Rule 4 (eth1)
#
echo "Rule 4 (eth1)"
#
# temrinating target
$IPTABLES -A OUTPUT -o eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o eth1 -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -p ah -m state --state NEW -j ACCEPT
#
# Rule 5 (global)
#
echo "Rule 5 (global)"
#
# terminating and CONNMARK
$IPTABLES -A OUTPUT -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -p ah -m state --state NEW -j ACCEPT
#
# Rule 6 (global)
#
echo "Rule 6 (global)"
#
# terminating and CONNMARK
$IPTABLES -N RULE_6
$IPTABLES -A OUTPUT -p 50 -m state --state NEW -j RULE_6
$IPTABLES -A OUTPUT -p ah -m state --state NEW -j RULE_6
$IPTABLES -A INPUT -p 50 -m state --state NEW -j RULE_6
$IPTABLES -A INPUT -p ah -m state --state NEW -j RULE_6
$IPTABLES -A FORWARD -p 50 -m state --state NEW -j RULE_6
$IPTABLES -A FORWARD -p ah -m state --state NEW -j RULE_6
$IPTABLES -A RULE_6 -j LOG --log-level info --log-prefix "RULE 6 -- ACCEPT "
$IPTABLES -A RULE_6 -j ACCEPT
#
# Rule 7 (global)
#
echo "Rule 7 (global)"
#
# terminating and CONNMARK
$IPTABLES -N Cid45AB5B0225451.0
$IPTABLES -A OUTPUT -p 50 -m state --state NEW -j Cid45AB5B0225451.0
$IPTABLES -A OUTPUT -p ah -m state --state NEW -j Cid45AB5B0225451.0
$IPTABLES -A INPUT -p 50 -m state --state NEW -j Cid45AB5B0225451.0
$IPTABLES -A INPUT -p ah -m state --state NEW -j Cid45AB5B0225451.0
$IPTABLES -A FORWARD -p 50 -m state --state NEW -j Cid45AB5B0225451.0
$IPTABLES -A FORWARD -p ah -m state --state NEW -j Cid45AB5B0225451.0
$IPTABLES -A Cid45AB5B0225451.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -A Cid45AB5B0225451.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -N RULE_7_3
$IPTABLES -A Cid45AB5B0225451.0 -j RULE_7_3
$IPTABLES -A RULE_7_3 -j LOG --log-level info --log-prefix "RULE 7 -- ACCEPT "
$IPTABLES -A RULE_7_3 -j ACCEPT
#
# Rule 8 (eth1)
#
echo "Rule 8 (eth1)"
#
# terminating and CONNMARK
$IPTABLES -A INPUT -i eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i eth1 -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -p ah -m state --state NEW -j ACCEPT
#
# Rule 9 (eth1)
#
echo "Rule 9 (eth1)"
#
# terminating and CONNMARK
$IPTABLES -A OUTPUT -o eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o eth1 -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -p ah -m state --state NEW -j ACCEPT
#
# Rule 10 (global)
#
echo "Rule 10 (global)"
@ -652,6 +728,160 @@ script_body() {
$IPTABLES -A OUTPUT -p tcp -m tcp -d 192.168.2.10 --dport 80 -j QUEUE
$IPTABLES -A FORWARD -p tcp -m tcp -d 192.168.2.10 --dport 80 -j QUEUE
#
# Rule 11 (global)
#
echo "Rule 11 (global)"
#
# testing for bug #1618381
# this rule, and the next one, should place
# CLASSIFY rule in a separate chain
# and pass control to it using -g
$IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j ACCEPT
#
# Rule 12 (eth0)
#
echo "Rule 12 (eth0)"
#
# second rule for bug #1618381
$IPTABLES -A INPUT -i eth0 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -j ACCEPT
#
# Rule 13 (global)
#
echo "Rule 13 (global)"
#
# testing for bug #1618381
$IPTABLES -N Cid45AB5BAD25451.0
$IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5BAD25451.0
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5BAD25451.0
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j Cid45AB5BAD25451.0
$IPTABLES -A Cid45AB5BAD25451.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -A Cid45AB5BAD25451.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -A Cid45AB5BAD25451.0 -j ACCEPT
#
# Rule 14 (global)
#
echo "Rule 14 (global)"
#
# testing for bug #1618381
$IPTABLES -N Cid45AB5BBA25451.0
$IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5BBA25451.0
$IPTABLES -A OUTPUT -p tcp -m tcp --dport 80 -j Cid45AB5BBA25451.0
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5BBA25451.0
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 -j Cid45AB5BBA25451.0
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j Cid45AB5BBA25451.0
$IPTABLES -A FORWARD -p tcp -m tcp --dport 80 -j Cid45AB5BBA25451.0
$IPTABLES -A Cid45AB5BBA25451.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -A Cid45AB5BBA25451.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -A Cid45AB5BBA25451.0 -j ACCEPT
#
# Rule 15 (eth0)
#
echo "Rule 15 (eth0)"
#
# bug #1618381
# this rule uses multiport
# and has to be split because
# of that
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT
#
# Rule 16 (global)
#
echo "Rule 16 (global)"
#
# testing for bug #1618381
# this rule, and the next one, should place
# CLASSIFY rule in a separate chain
# and pass control to it using -g
$IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j ACCEPT
#
# Rule 17 (eth0)
#
echo "Rule 17 (eth0)"
#
# second rule for bug #1618381
$IPTABLES -A INPUT -i eth0 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -j ACCEPT
#
# Rule 18 (eth0)
#
echo "Rule 18 (eth0)"
#
$IPTABLES -N Out_RULE_18
$IPTABLES -A OUTPUT -o eth0 -s 192.168.1.0/24 -j Out_RULE_18
$IPTABLES -A FORWARD -o eth0 -s 192.168.1.0/24 -j Out_RULE_18
$IPTABLES -A Out_RULE_18 -j LOG --log-level info --log-prefix "RULE 18 -- ACCEPT "
$IPTABLES -A Out_RULE_18 -j ACCEPT
#
# Rule 19 (global)
#
echo "Rule 19 (global)"
#
# testing for bug #1618381
$IPTABLES -N Cid45AB5BF925451.0
$IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5BF925451.0
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5BF925451.0
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j Cid45AB5BF925451.0
$IPTABLES -A Cid45AB5BF925451.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -A Cid45AB5BF925451.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -A Cid45AB5BF925451.0 -j ACCEPT
#
# Rule 20 (global)
#
echo "Rule 20 (global)"
#
# testing for bug #1618381
$IPTABLES -N Cid45AB5C0625451.0
$IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5C0625451.0
$IPTABLES -A OUTPUT -p tcp -m tcp --dport 80 -j Cid45AB5C0625451.0
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5C0625451.0
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 -j Cid45AB5C0625451.0
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j Cid45AB5C0625451.0
$IPTABLES -A FORWARD -p tcp -m tcp --dport 80 -j Cid45AB5C0625451.0
$IPTABLES -A Cid45AB5C0625451.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -A Cid45AB5C0625451.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -A Cid45AB5C0625451.0 -j ACCEPT
#
# Rule 21 (eth0)
#
echo "Rule 21 (eth0)"
#
# bug #1618381
# this rule uses multiport
# and has to be split because
# of that
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT
#
# Rule 22 (global)
#
echo "Rule 22 (global)"
@ -736,7 +966,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue May 3 20:22:31 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:27 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

713
test/ipt/firewall37.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.ma_1
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Tue May 3 20:28:13 2011 PDT by vadim
# Generated Fri May 13 12:35:30 2011 PDT by vadim
#
# files: * firewall37.fw /etc/fw/firewall37.fw
#
@ -14,11 +14,11 @@
# normal script mode (not using iptables-restore)
# firewall37:mangle_rules:4: error: DNSName object "6bone.net (ct)" (compile time) can not resolve dns name "6bone.net" (AF_INET): Host or network '6bone.net' not found; last error: Unknown error Using dummy address in test mode
# firewall37:mangle_rules:4: error: DNSName object "6bone.net (ct)" (compile time) can not resolve dns name "6bone.net" (AF_INET): Host or network '6bone.net' not found; last error: Unknown error Using dummy address in test mode
# firewall37:mangle_rules:7: warning: Empty group or address table object 'empty Ogroup'
# firewall37:mangle_rules:7: warning: After removal of all empty groups and address table objects rule element Src becomes 'any' in the rule mangle_rules 7 (global)
# Dropping rule mangle_rules 7 (global) because option 'Ignore rules with empty groups' is in effect
# firewall37:mangle_rules:4: error: DNSName object "6bone.net (ct)" (compile time) can not resolve dns name "6bone.net" (AF_INET): Host or network '6bone.net' not found; last error: Unknown error Using dummy address in test mode
# firewall37:mangle_rules:4: error: DNSName object "6bone.net (ct)" (compile time) can not resolve dns name "6bone.net" (AF_INET): Host or network '6bone.net' not found; last error: Unknown error Using dummy address in test mode
# firewall37:mangle_rules:13: error: DNSName object "6bone.net (ct)" (compile time) can not resolve dns name "6bone.net" (AF_INET): Host or network '6bone.net' not found; last error: Unknown error Using dummy address in test mode
@ -332,142 +332,103 @@ script_body() {
echo "Rule mymark 0 (global)"
#
$IPTABLES -N mymark -t mangle
$IPTABLES -N Cid29866X28575.0 -t mangle
$IPTABLES -t mangle -A mymark -d 192.168.2.0/24 -m state --state NEW -j Cid29866X28575.0
$IPTABLES -t mangle -A Cid29866X28575.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid29866X28575.0 -j ACCEPT
$IPTABLES -t mangle -A mymark -d 192.168.2.0/24 -m state --state NEW -j MARK --set-mark 16
#
# Rule mymark 1 (global)
#
echo "Rule mymark 1 (global)"
#
$IPTABLES -t mangle -A mymark -j MARK --set-mark 2
$IPTABLES -t mangle -A mymark -j ACCEPT
$IPTABLES -t mangle -A mymark -m state --state NEW -j MARK --set-mark 2
# ================ Table 'mangle', rule set Policy
#
# Rule 0 (global)
#
echo "Rule 0 (global)"
#
$IPTABLES -N Cid43BBA6A09745.0 -t mangle
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j Cid43BBA6A09745.0
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j Cid43BBA6A09745.0
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j Cid43BBA6A09745.0
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid43BBA6A09745.0
$IPTABLES -t mangle -A Cid43BBA6A09745.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid43BBA6A09745.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 16
#
# Rule 1 (global)
#
echo "Rule 1 (global)"
#
$IPTABLES -N RULE_1 -t mangle
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j RULE_1
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j RULE_1
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j RULE_1
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j RULE_1
$IPTABLES -t mangle -A RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- ACCEPT "
$IPTABLES -t mangle -A RULE_1 -j MARK --set-mark 16
$IPTABLES -t mangle -A RULE_1 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 16
#
# Rule 2 (global)
#
echo "Rule 2 (global)"
#
$IPTABLES -N Cid483502D710047.0 -t mangle
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j Cid483502D710047.0
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j Cid483502D710047.0
$IPTABLES -t mangle -A Cid483502D710047.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid483502D710047.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 16
#
# Rule 3 (eth1)
#
echo "Rule 3 (eth1)"
#
$IPTABLES -N Cid30009X2275.0 -t mangle
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j Cid30009X2275.0
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j Cid30009X2275.0
$IPTABLES -t mangle -A Cid30009X2275.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid30009X2275.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16
#
# Rule 4 (global)
#
echo "Rule 4 (global)"
#
$IPTABLES -N RULE_4 -t mangle
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j RULE_4
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j RULE_4
$IPTABLES -t mangle -A RULE_4 -j LOG --log-level info --log-prefix "RULE 4 -- ACCEPT "
$IPTABLES -t mangle -A RULE_4 -j MARK --set-mark 16
$IPTABLES -t mangle -A RULE_4 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 16
#
# Rule 5 (eth1)
#
echo "Rule 5 (eth1)"
#
$IPTABLES -N Cid43501X5007.1 -t mangle
$IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -m state --state NEW -j Cid43501X5007.1
$IPTABLES -N Cid43501X5007.0 -t mangle
$IPTABLES -t mangle -A Cid43501X5007.1 -p 50 -j Cid43501X5007.0
$IPTABLES -t mangle -A Cid43501X5007.1 -p ah -j Cid43501X5007.0
$IPTABLES -t mangle -A Cid43501X5007.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid43501X5007.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -m state --state NEW -j Cid43501X5007.0
$IPTABLES -t mangle -A Cid43501X5007.0 -p 50 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid43501X5007.0 -p ah -j MARK --set-mark 16
#
# Rule 6 (eth1)
#
echo "Rule 6 (eth1)"
#
$IPTABLES -N Cid43518X5007.1 -t mangle
$IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -m state --state NEW -j Cid43518X5007.1
$IPTABLES -N Cid43518X5007.0 -t mangle
$IPTABLES -t mangle -A Cid43518X5007.1 -p 50 -j Cid43518X5007.0
$IPTABLES -t mangle -A Cid43518X5007.1 -p ah -j Cid43518X5007.0
$IPTABLES -t mangle -A Cid43518X5007.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid43518X5007.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -m state --state NEW -j Cid43518X5007.0
$IPTABLES -t mangle -A Cid43518X5007.0 -p 50 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid43518X5007.0 -p ah -j MARK --set-mark 16
#
# Rule 7 (eth1)
#
echo "Rule 7 (eth1)"
#
$IPTABLES -N Cid43535X5007.0 -t mangle
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j Cid43535X5007.0
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j Cid43535X5007.0
$IPTABLES -t mangle -A Cid43535X5007.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid43535X5007.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16
#
# Rule 8 (eth1)
#
echo "Rule 8 (eth1)"
#
$IPTABLES -N Cid43554X5007.1 -t mangle
$IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -j Cid43554X5007.1
$IPTABLES -N Cid43554X5007.0 -t mangle
$IPTABLES -t mangle -A Cid43554X5007.1 -p 50 -j Cid43554X5007.0
$IPTABLES -t mangle -A Cid43554X5007.1 -p ah -j Cid43554X5007.0
$IPTABLES -t mangle -A Cid43554X5007.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid43554X5007.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -j Cid43554X5007.0
$IPTABLES -t mangle -A Cid43554X5007.0 -p 50 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid43554X5007.0 -p ah -j MARK --set-mark 16
#
# Rule 9 (eth1)
#
echo "Rule 9 (eth1)"
#
$IPTABLES -N Cid43571X5007.1 -t mangle
$IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -j Cid43571X5007.1
$IPTABLES -N Cid43571X5007.0 -t mangle
$IPTABLES -t mangle -A Cid43571X5007.1 -p 50 -j Cid43571X5007.0
$IPTABLES -t mangle -A Cid43571X5007.1 -p ah -j Cid43571X5007.0
$IPTABLES -t mangle -A Cid43571X5007.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid43571X5007.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -j Cid43571X5007.0
$IPTABLES -t mangle -A Cid43571X5007.0 -p 50 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid43571X5007.0 -p ah -j MARK --set-mark 16
#
# Rule 10 (eth1)
#
echo "Rule 10 (eth1)"
#
$IPTABLES -N Cid43588X5007.0 -t mangle
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -j Cid43588X5007.0
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -j Cid43588X5007.0
$IPTABLES -t mangle -A Cid43588X5007.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid43588X5007.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -j MARK --set-mark 16
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -j MARK --set-mark 16
#
# Rule 11 (global)
#
@ -480,79 +441,62 @@ script_body() {
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid43BBCC139745.0
$IPTABLES -t mangle -A Cid43BBCC139745.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -t mangle -A Cid43BBCC139745.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -N RULE_11_3 -t mangle
$IPTABLES -t mangle -A Cid43BBCC139745.0 -j RULE_11_3
$IPTABLES -t mangle -A RULE_11_3 -j LOG --log-level info --log-prefix "RULE 11 -- ACCEPT "
$IPTABLES -t mangle -A RULE_11_3 -j MARK --set-mark 16
$IPTABLES -t mangle -A RULE_11_3 -j ACCEPT
$IPTABLES -t mangle -A Cid43BBCC139745.0 -j MARK --set-mark 16
#
# Rule 12 (eth1)
#
echo "Rule 12 (eth1)"
#
$IPTABLES -N Cid4665E24F7765.0 -t mangle
$IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j Cid4665E24F7765.0
$IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j Cid4665E24F7765.0
$IPTABLES -t mangle -A Cid4665E24F7765.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid4665E24F7765.0 -j ACCEPT
$IPTABLES -N Cid4665E24F7765.1 -t mangle
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j Cid4665E24F7765.1
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j Cid4665E24F7765.1
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j Cid4665E24F7765.1
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j Cid4665E24F7765.1
$IPTABLES -t mangle -A Cid4665E24F7765.1 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid4665E24F7765.1 -j ACCEPT
$IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16
#
# Rule 13 (eth1)
#
echo "Rule 13 (eth1)"
#
$IPTABLES -N Cid43BBCC3D9745.0 -t mangle
$IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j Cid43BBCC3D9745.0
$IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j Cid43BBCC3D9745.0
$IPTABLES -t mangle -A Cid43BBCC3D9745.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid43BBCC3D9745.0 -j ACCEPT
$IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j MARK --set-mark 16
#
# Rule 14 (eth1)
#
echo "Rule 14 (eth1)"
#
$IPTABLES -N Cid459E471C10946.0 -t mangle
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j Cid459E471C10946.0
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j Cid459E471C10946.0
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j Cid459E471C10946.0
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j Cid459E471C10946.0
$IPTABLES -t mangle -A Cid459E471C10946.0 -j MARK --set-mark 16
$IPTABLES -t mangle -A Cid459E471C10946.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16
#
# Rule 15 (global)
#
echo "Rule 15 (global)"
#
# using CONNMARK
$IPTABLES -N Cid4483A4BD1810.0 -t mangle
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j Cid4483A4BD1810.0
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j Cid4483A4BD1810.0
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j Cid4483A4BD1810.0
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid4483A4BD1810.0
$IPTABLES -t mangle -A Cid4483A4BD1810.0 -j MARK --set-mark 10
$IPTABLES -t mangle -A Cid4483A4BD1810.0 -j CONNMARK --save-mark
$IPTABLES -t mangle -A Cid4483A4BD1810.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j CONNMARK --save-mark
#
# Rule 16 (global)
#
echo "Rule 16 (global)"
#
# using CONNMARK
$IPTABLES -N RULE_16 -t mangle
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j RULE_16
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j RULE_16
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j RULE_16
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j RULE_16
$IPTABLES -t mangle -A RULE_16 -j LOG --log-level info --log-prefix "RULE 16 -- ACCEPT "
$IPTABLES -t mangle -A RULE_16 -j MARK --set-mark 10
$IPTABLES -t mangle -A RULE_16 -j CONNMARK --save-mark
$IPTABLES -t mangle -A RULE_16 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j CONNMARK --save-mark
#
# Rule 17 (global)
#
@ -566,57 +510,44 @@ script_body() {
$IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid4483A4DF1810.0
$IPTABLES -t mangle -A Cid4483A4DF1810.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -t mangle -A Cid4483A4DF1810.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -N RULE_17_3 -t mangle
$IPTABLES -t mangle -A Cid4483A4DF1810.0 -j RULE_17_3
$IPTABLES -t mangle -A RULE_17_3 -j LOG --log-level info --log-prefix "RULE 17 -- ACCEPT "
$IPTABLES -t mangle -A RULE_17_3 -j MARK --set-mark 10
$IPTABLES -t mangle -A RULE_17_3 -j CONNMARK --save-mark
$IPTABLES -t mangle -A RULE_17_3 -j ACCEPT
$IPTABLES -t mangle -A Cid4483A4DF1810.0 -j MARK --set-mark 10
$IPTABLES -t mangle -A Cid4483A4DF1810.0 -j CONNMARK --save-mark
#
# Rule 18 (eth1)
#
echo "Rule 18 (eth1)"
#
# using CONNMARK
$IPTABLES -N Cid4483A4F01810.0 -t mangle
$IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j Cid4483A4F01810.0
$IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j Cid4483A4F01810.0
$IPTABLES -t mangle -A Cid4483A4F01810.0 -j MARK --set-mark 10
$IPTABLES -t mangle -A Cid4483A4F01810.0 -j CONNMARK --save-mark
$IPTABLES -t mangle -A Cid4483A4F01810.0 -j ACCEPT
$IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j CONNMARK --save-mark
#
# Rule 19 (eth1)
#
echo "Rule 19 (eth1)"
#
# using CONNMARK
$IPTABLES -N Cid459E472D10946.0 -t mangle
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j Cid459E472D10946.0
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j Cid459E472D10946.0
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j Cid459E472D10946.0
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j Cid459E472D10946.0
$IPTABLES -t mangle -A Cid459E472D10946.0 -j MARK --set-mark 10
$IPTABLES -t mangle -A Cid459E472D10946.0 -j CONNMARK --save-mark
$IPTABLES -t mangle -A Cid459E472D10946.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j MARK --set-mark 10
$IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j CONNMARK --save-mark
#
# Rule 22 (global)
#
echo "Rule 22 (global)"
#
$IPTABLES -N Cid43BB81879745.0 -t mangle
$IPTABLES -t mangle -A POSTROUTING -s 192.168.1.0/24 -j Cid43BB81879745.0
$IPTABLES -t mangle -A Cid43BB81879745.0 -j CLASSIFY --set-class 1:2
$IPTABLES -t mangle -A Cid43BB81879745.0 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -s 192.168.1.0/24 -j CLASSIFY --set-class 1:2
#
# Rule 23 (global)
#
echo "Rule 23 (global)"
#
$IPTABLES -N RULE_23 -t mangle
$IPTABLES -t mangle -A POSTROUTING -s 192.168.1.0/24 -j RULE_23
$IPTABLES -t mangle -A RULE_23 -j LOG --log-level info --log-prefix "RULE 23 -- ACCEPT "
$IPTABLES -t mangle -A RULE_23 -j CLASSIFY --set-class 1:2
$IPTABLES -t mangle -A RULE_23 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -s 192.168.1.0/24 -j CLASSIFY --set-class 1:2
#
# Rule 24 (global)
#
@ -627,7 +558,6 @@ script_body() {
$IPTABLES -t mangle -A Cid451E56936383.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -t mangle -A Cid451E56936383.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -t mangle -A Cid451E56936383.0 -j CLASSIFY --set-class 1:2
$IPTABLES -t mangle -A Cid451E56936383.0 -j ACCEPT
#
# Rule 25 (global)
#
@ -637,49 +567,31 @@ script_body() {
$IPTABLES -t mangle -A POSTROUTING -j Cid451E56A46383.0
$IPTABLES -t mangle -A Cid451E56A46383.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -t mangle -A Cid451E56A46383.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -N RULE_25_3 -t mangle
$IPTABLES -t mangle -A Cid451E56A46383.0 -j RULE_25_3
$IPTABLES -t mangle -A RULE_25_3 -j LOG --log-level info --log-prefix "RULE 25 -- ACCEPT "
$IPTABLES -t mangle -A RULE_25_3 -j CLASSIFY --set-class 1:2
$IPTABLES -t mangle -A RULE_25_3 -j ACCEPT
$IPTABLES -t mangle -A Cid451E56A46383.0 -j CLASSIFY --set-class 1:2
#
# Rule 26 (eth1)
#
echo "Rule 26 (eth1)"
#
$IPTABLES -N Cid451EAD596383.0 -t mangle
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid451EAD596383.0
$IPTABLES -t mangle -A Cid451EAD596383.0 -j CLASSIFY --set-class 1:2
$IPTABLES -t mangle -A Cid451EAD596383.0 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j CLASSIFY --set-class 1:2
#
# Rule 27 (eth1)
#
echo "Rule 27 (eth1)"
#
$IPTABLES -N Out_RULE_27 -t mangle
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Out_RULE_27
$IPTABLES -t mangle -A Out_RULE_27 -j LOG --log-level info --log-prefix "RULE 27 -- ACCEPT "
$IPTABLES -t mangle -A Out_RULE_27 -j CLASSIFY --set-class 1:2
$IPTABLES -t mangle -A Out_RULE_27 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j CLASSIFY --set-class 1:2
#
# Rule 28 (eth1)
#
echo "Rule 28 (eth1)"
#
$IPTABLES -N Cid451ED8E76383.0 -t mangle
$IPTABLES -t mangle -A POSTROUTING -o ! eth1 -s 192.168.1.0/24 -j Cid451ED8E76383.0
$IPTABLES -t mangle -A Cid451ED8E76383.0 -j CLASSIFY --set-class 1:2
$IPTABLES -t mangle -A Cid451ED8E76383.0 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -o ! eth1 -s 192.168.1.0/24 -j CLASSIFY --set-class 1:2
#
# Rule 29 (eth1)
#
echo "Rule 29 (eth1)"
#
$IPTABLES -N Out_RULE_29 -t mangle
$IPTABLES -t mangle -A POSTROUTING -o ! eth1 -s 192.168.1.0/24 -j Out_RULE_29
$IPTABLES -t mangle -A Out_RULE_29 -j LOG --log-level info --log-prefix "RULE 29 -- ACCEPT "
$IPTABLES -t mangle -A Out_RULE_29 -j CLASSIFY --set-class 1:2
$IPTABLES -t mangle -A Out_RULE_29 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -o ! eth1 -s 192.168.1.0/24 -j CLASSIFY --set-class 1:2
#
# Rule 30 (global)
#
@ -688,20 +600,14 @@ script_body() {
# testing for bug #1618381
# classify action is non-terminating
# in this firewall object
$IPTABLES -N Cid4599A9DC19324.0 -t mangle
$IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type 3 -j Cid4599A9DC19324.0
$IPTABLES -t mangle -A Cid4599A9DC19324.0 -j CLASSIFY --set-class 1:10
$IPTABLES -t mangle -A Cid4599A9DC19324.0 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type 3 -j CLASSIFY --set-class 1:10
#
# Rule 31 (eth0)
#
echo "Rule 31 (eth0)"
#
# second rule for bug #1618381
$IPTABLES -N Cid4599A9E919324.0 -t mangle
$IPTABLES -t mangle -A POSTROUTING -o eth0 -j Cid4599A9E919324.0
$IPTABLES -t mangle -A Cid4599A9E919324.0 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A Cid4599A9E919324.0 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -o eth0 -j CLASSIFY --set-class 1:11
#
# Rule 32 (global)
#
@ -713,7 +619,6 @@ script_body() {
$IPTABLES -t mangle -A Cid459A026219324.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -t mangle -A Cid459A026219324.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -t mangle -A Cid459A026219324.0 -j CLASSIFY --set-class 1:10
$IPTABLES -t mangle -A Cid459A026219324.0 -j ACCEPT
#
# Rule 33 (global)
#
@ -726,7 +631,6 @@ script_body() {
$IPTABLES -t mangle -A Cid459A5AFB19324.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -t mangle -A Cid459A5AFB19324.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -t mangle -A Cid459A5AFB19324.0 -j CLASSIFY --set-class 1:10
$IPTABLES -t mangle -A Cid459A5AFB19324.0 -j ACCEPT
#
# Rule 34 (eth0)
#
@ -736,23 +640,17 @@ script_body() {
# this rule uses multiport
# and has to be split because
# of that
$IPTABLES -N Cid459A875F19324.0 -t mangle
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp --dport 10000:11000 -j Cid459A875F19324.0
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j Cid459A875F19324.0
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p udp -m udp -m multiport --dports 53,161 -j Cid459A875F19324.0
$IPTABLES -t mangle -A Cid459A875F19324.0 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A Cid459A875F19324.0 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp --dport 10000:11000 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j CLASSIFY --set-class 1:11
$IPTABLES -t mangle -A POSTROUTING -o eth0 -p udp -m udp -m multiport --dports 53,161 -j CLASSIFY --set-class 1:11
#
# Rule 36 (global)
#
echo "Rule 36 (global)"
#
$IPTABLES -N RULE_36 -t mangle
$IPTABLES -t mangle -A PREROUTING -j RULE_36
$IPTABLES -t mangle -A RULE_36 -j LOG --log-level info --log-prefix "RULE 36 -- BRANCH "
$IPTABLES -t mangle -A RULE_36 -j mymark
$IPTABLES -t mangle -A POSTROUTING -j RULE_36
$IPTABLES -t mangle -A FORWARD -j RULE_36
$IPTABLES -t mangle -A PREROUTING -j mymark
$IPTABLES -t mangle -A POSTROUTING -j mymark
$IPTABLES -t mangle -A FORWARD -j mymark
# ================ Table 'mangle', rule set mangle_rules
#
# Rule mangle_rules 0 (global)
@ -767,21 +665,16 @@ script_body() {
#
echo "Rule mangle_rules 1 (global)"
#
$IPTABLES -N Cid56804X29169.0 -t mangle
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -j Cid56804X29169.0
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -m state --state NEW -j Cid56804X29169.0
$IPTABLES -t mangle -A Cid56804X29169.0 -j MARK --set-mark 1
$IPTABLES -t mangle -A Cid56804X29169.0 -j CONNMARK --save-mark
$IPTABLES -t mangle -A Cid56804X29169.0 -j ACCEPT
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -j MARK --set-mark 1
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -m state --state NEW -j MARK --set-mark 1
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -j CONNMARK --save-mark
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -m state --state NEW -j CONNMARK --save-mark
#
# Rule mangle_rules 2 (global)
#
echo "Rule mangle_rules 2 (global)"
#
$IPTABLES -N Cid56817X29169.0 -t mangle
$IPTABLES -t mangle -A POSTROUTING -m mark --mark 1 -j Cid56817X29169.0
$IPTABLES -t mangle -A Cid56817X29169.0 -j CLASSIFY --set-class 1:12
$IPTABLES -t mangle -A Cid56817X29169.0 -j ACCEPT
$IPTABLES -t mangle -A POSTROUTING -m mark --mark 1 -j CLASSIFY --set-class 1:12
#
# Rule mangle_rules 4 (global)
#
@ -884,8 +777,248 @@ script_body() {
$IPTABLES -t mangle -A Cid43052X80179.0 -s 6bone.net -j ACCEPT
$IPTABLES -t mangle -A Cid43052X80179.0 -s ny6ix.net -j ACCEPT
# ================ Table 'filter', rule set mymark
#
# Rule mymark 0 (global)
#
echo "Rule mymark 0 (global)"
#
$IPTABLES -N mymark
$IPTABLES -A mymark -d 192.168.2.0/24 -m state --state NEW -j ACCEPT
#
# Rule mymark 1 (global)
#
echo "Rule mymark 1 (global)"
#
$IPTABLES -A mymark -m state --state NEW -j ACCEPT
# ================ Table 'filter', rule set Policy
#
# Rule 0 (global)
#
echo "Rule 0 (global)"
#
$IPTABLES -A OUTPUT -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -p ah -m state --state NEW -j ACCEPT
#
# Rule 1 (global)
#
echo "Rule 1 (global)"
#
$IPTABLES -N RULE_1
$IPTABLES -A OUTPUT -p 50 -m state --state NEW -j RULE_1
$IPTABLES -A OUTPUT -p ah -m state --state NEW -j RULE_1
$IPTABLES -A INPUT -p 50 -m state --state NEW -j RULE_1
$IPTABLES -A INPUT -p ah -m state --state NEW -j RULE_1
$IPTABLES -A FORWARD -p 50 -m state --state NEW -j RULE_1
$IPTABLES -A FORWARD -p ah -m state --state NEW -j RULE_1
$IPTABLES -A RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- ACCEPT "
$IPTABLES -A RULE_1 -j ACCEPT
#
# Rule 2 (global)
#
echo "Rule 2 (global)"
#
$IPTABLES -N Cid483502D710047.0
$IPTABLES -A INPUT -p 50 -m state --state NEW -j Cid483502D710047.0
$IPTABLES -A INPUT -p ah -m state --state NEW -j Cid483502D710047.0
$IPTABLES -A Cid483502D710047.0 -s 22.22.23.22 -j ACCEPT
$IPTABLES -A Cid483502D710047.0 -s 192.168.1.22 -j ACCEPT
$IPTABLES -A Cid483502D710047.0 -s 192.168.2.1 -j ACCEPT
$IPTABLES -A OUTPUT -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p ah -m state --state NEW -j ACCEPT
#
# Rule 3 (eth1)
#
echo "Rule 3 (eth1)"
#
$IPTABLES -A OUTPUT -o eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o eth1 -p ah -m state --state NEW -j ACCEPT
#
# Rule 4 (global)
#
echo "Rule 4 (global)"
#
$IPTABLES -N Cid483502E810047.0
$IPTABLES -A INPUT -p 50 -m state --state NEW -j Cid483502E810047.0
$IPTABLES -A INPUT -p ah -m state --state NEW -j Cid483502E810047.0
$IPTABLES -N RULE_4
$IPTABLES -A Cid483502E810047.0 -s 22.22.23.22 -j RULE_4
$IPTABLES -A Cid483502E810047.0 -s 192.168.1.22 -j RULE_4
$IPTABLES -A Cid483502E810047.0 -s 192.168.2.1 -j RULE_4
$IPTABLES -A OUTPUT -p 50 -m state --state NEW -j RULE_4
$IPTABLES -A OUTPUT -p ah -m state --state NEW -j RULE_4
$IPTABLES -A RULE_4 -j LOG --log-level info --log-prefix "RULE 4 -- ACCEPT "
$IPTABLES -A RULE_4 -j ACCEPT
#
# Rule 5 (eth1)
#
echo "Rule 5 (eth1)"
#
$IPTABLES -N Cid43501X5007.0
$IPTABLES -A OUTPUT -o eth1 -s 22.22.23.22 -m state --state NEW -j Cid43501X5007.0
$IPTABLES -A Cid43501X5007.0 -p 50 -j ACCEPT
$IPTABLES -A Cid43501X5007.0 -p ah -j ACCEPT
#
# Rule 6 (eth1)
#
echo "Rule 6 (eth1)"
#
$IPTABLES -N Cid43518X5007.0
$IPTABLES -A OUTPUT -o eth1 -s 22.22.23.22 -m state --state NEW -j Cid43518X5007.0
$IPTABLES -A Cid43518X5007.0 -p 50 -j ACCEPT
$IPTABLES -A Cid43518X5007.0 -p ah -j ACCEPT
#
# Rule 7 (eth1)
#
echo "Rule 7 (eth1)"
#
$IPTABLES -A OUTPUT -o eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o eth1 -p ah -m state --state NEW -j ACCEPT
#
# Rule 8 (eth1)
#
echo "Rule 8 (eth1)"
#
$IPTABLES -N Cid43554X5007.0
$IPTABLES -A OUTPUT -o eth1 -s 22.22.23.22 -j Cid43554X5007.0
$IPTABLES -A Cid43554X5007.0 -p 50 -j ACCEPT
$IPTABLES -A Cid43554X5007.0 -p ah -j ACCEPT
#
# Rule 9 (eth1)
#
echo "Rule 9 (eth1)"
#
$IPTABLES -N Cid43571X5007.0
$IPTABLES -A OUTPUT -o eth1 -s 22.22.23.22 -j Cid43571X5007.0
$IPTABLES -A Cid43571X5007.0 -p 50 -j ACCEPT
$IPTABLES -A Cid43571X5007.0 -p ah -j ACCEPT
#
# Rule 10 (eth1)
#
echo "Rule 10 (eth1)"
#
$IPTABLES -A OUTPUT -o eth1 -p 50 -j ACCEPT
$IPTABLES -A OUTPUT -o eth1 -p ah -j ACCEPT
#
# Rule 11 (global)
#
echo "Rule 11 (global)"
#
$IPTABLES -N Cid43BBCC139745.0
$IPTABLES -A OUTPUT -p 50 -m state --state NEW -j Cid43BBCC139745.0
$IPTABLES -A OUTPUT -p ah -m state --state NEW -j Cid43BBCC139745.0
$IPTABLES -A INPUT -p 50 -m state --state NEW -j Cid43BBCC139745.0
$IPTABLES -A INPUT -p ah -m state --state NEW -j Cid43BBCC139745.0
$IPTABLES -A FORWARD -p 50 -m state --state NEW -j Cid43BBCC139745.0
$IPTABLES -A FORWARD -p ah -m state --state NEW -j Cid43BBCC139745.0
$IPTABLES -A Cid43BBCC139745.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -A Cid43BBCC139745.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -N RULE_11_3
$IPTABLES -A Cid43BBCC139745.0 -j RULE_11_3
$IPTABLES -A RULE_11_3 -j LOG --log-level info --log-prefix "RULE 11 -- ACCEPT "
$IPTABLES -A RULE_11_3 -j ACCEPT
#
# Rule 12 (eth1)
#
echo "Rule 12 (eth1)"
#
$IPTABLES -A INPUT -i eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i eth1 -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o eth1 -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -p ah -m state --state NEW -j ACCEPT
#
# Rule 13 (eth1)
#
echo "Rule 13 (eth1)"
#
$IPTABLES -A INPUT -i eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i eth1 -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -p ah -m state --state NEW -j ACCEPT
#
# Rule 14 (eth1)
#
echo "Rule 14 (eth1)"
#
$IPTABLES -A OUTPUT -o eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o eth1 -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -p ah -m state --state NEW -j ACCEPT
#
# Rule 15 (global)
#
echo "Rule 15 (global)"
#
# using CONNMARK
$IPTABLES -A OUTPUT -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -p ah -m state --state NEW -j ACCEPT
#
# Rule 16 (global)
#
echo "Rule 16 (global)"
#
# using CONNMARK
$IPTABLES -N RULE_16
$IPTABLES -A OUTPUT -p 50 -m state --state NEW -j RULE_16
$IPTABLES -A OUTPUT -p ah -m state --state NEW -j RULE_16
$IPTABLES -A INPUT -p 50 -m state --state NEW -j RULE_16
$IPTABLES -A INPUT -p ah -m state --state NEW -j RULE_16
$IPTABLES -A FORWARD -p 50 -m state --state NEW -j RULE_16
$IPTABLES -A FORWARD -p ah -m state --state NEW -j RULE_16
$IPTABLES -A RULE_16 -j LOG --log-level info --log-prefix "RULE 16 -- ACCEPT "
$IPTABLES -A RULE_16 -j ACCEPT
#
# Rule 17 (global)
#
echo "Rule 17 (global)"
#
# using CONNMARK
$IPTABLES -N Cid4483A4DF1810.0
$IPTABLES -A OUTPUT -p 50 -m state --state NEW -j Cid4483A4DF1810.0
$IPTABLES -A OUTPUT -p ah -m state --state NEW -j Cid4483A4DF1810.0
$IPTABLES -A INPUT -p 50 -m state --state NEW -j Cid4483A4DF1810.0
$IPTABLES -A INPUT -p ah -m state --state NEW -j Cid4483A4DF1810.0
$IPTABLES -A FORWARD -p 50 -m state --state NEW -j Cid4483A4DF1810.0
$IPTABLES -A FORWARD -p ah -m state --state NEW -j Cid4483A4DF1810.0
$IPTABLES -A Cid4483A4DF1810.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -A Cid4483A4DF1810.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -N RULE_17_3
$IPTABLES -A Cid4483A4DF1810.0 -j RULE_17_3
$IPTABLES -A RULE_17_3 -j LOG --log-level info --log-prefix "RULE 17 -- ACCEPT "
$IPTABLES -A RULE_17_3 -j ACCEPT
#
# Rule 18 (eth1)
#
echo "Rule 18 (eth1)"
#
# using CONNMARK
$IPTABLES -A INPUT -i eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i eth1 -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -p ah -m state --state NEW -j ACCEPT
#
# Rule 19 (eth1)
#
echo "Rule 19 (eth1)"
#
# using CONNMARK
$IPTABLES -A OUTPUT -o eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o eth1 -p ah -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -p 50 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -p ah -m state --state NEW -j ACCEPT
#
# Rule 20 (global)
#
echo "Rule 20 (global)"
@ -902,6 +1035,171 @@ script_body() {
$IPTABLES -A OUTPUT -p tcp -m tcp -d 192.168.2.10 --dport 80 -j QUEUE
$IPTABLES -A FORWARD -p tcp -m tcp -d 192.168.2.10 --dport 80 -j QUEUE
#
# Rule 22 (global)
#
echo "Rule 22 (global)"
#
$IPTABLES -A INPUT -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -A OUTPUT -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -A FORWARD -s 192.168.1.0/24 -j ACCEPT
#
# Rule 23 (global)
#
echo "Rule 23 (global)"
#
$IPTABLES -N RULE_23
$IPTABLES -A INPUT -s 192.168.1.0/24 -j RULE_23
$IPTABLES -A OUTPUT -s 192.168.1.0/24 -j RULE_23
$IPTABLES -A FORWARD -s 192.168.1.0/24 -j RULE_23
$IPTABLES -A RULE_23 -j LOG --log-level info --log-prefix "RULE 23 -- ACCEPT "
$IPTABLES -A RULE_23 -j ACCEPT
#
# Rule 24 (global)
#
echo "Rule 24 (global)"
#
$IPTABLES -N Cid451E56936383.0
$IPTABLES -A OUTPUT -j Cid451E56936383.0
$IPTABLES -A INPUT -j Cid451E56936383.0
$IPTABLES -A FORWARD -j Cid451E56936383.0
$IPTABLES -A Cid451E56936383.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -A Cid451E56936383.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -A Cid451E56936383.0 -j ACCEPT
#
# Rule 25 (global)
#
echo "Rule 25 (global)"
#
$IPTABLES -N Cid451E56A46383.0
$IPTABLES -A OUTPUT -j Cid451E56A46383.0
$IPTABLES -A INPUT -j Cid451E56A46383.0
$IPTABLES -A FORWARD -j Cid451E56A46383.0
$IPTABLES -A Cid451E56A46383.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -A Cid451E56A46383.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -N RULE_25_3
$IPTABLES -A Cid451E56A46383.0 -j RULE_25_3
$IPTABLES -A RULE_25_3 -j LOG --log-level info --log-prefix "RULE 25 -- ACCEPT "
$IPTABLES -A RULE_25_3 -j ACCEPT
#
# Rule 26 (eth1)
#
echo "Rule 26 (eth1)"
#
$IPTABLES -A INPUT -i eth1 -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -A OUTPUT -o eth1 -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -s 192.168.1.0/24 -j ACCEPT
#
# Rule 27 (eth1)
#
echo "Rule 27 (eth1)"
#
$IPTABLES -N In_RULE_27
$IPTABLES -A INPUT -i eth1 -s 192.168.1.0/24 -j In_RULE_27
$IPTABLES -A FORWARD -i eth1 -s 192.168.1.0/24 -j In_RULE_27
$IPTABLES -A In_RULE_27 -j LOG --log-level info --log-prefix "RULE 27 -- ACCEPT "
$IPTABLES -A In_RULE_27 -j ACCEPT
$IPTABLES -N Out_RULE_27
$IPTABLES -A OUTPUT -o eth1 -s 192.168.1.0/24 -j Out_RULE_27
$IPTABLES -A FORWARD -o eth1 -s 192.168.1.0/24 -j Out_RULE_27
$IPTABLES -A Out_RULE_27 -j LOG --log-level info --log-prefix "RULE 27 -- ACCEPT "
$IPTABLES -A Out_RULE_27 -j ACCEPT
#
# Rule 28 (eth1)
#
echo "Rule 28 (eth1)"
#
$IPTABLES -A INPUT -i ! eth1 -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -A FORWARD -i ! eth1 -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -A OUTPUT -o ! eth1 -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -A FORWARD -o ! eth1 -s 192.168.1.0/24 -j ACCEPT
#
# Rule 29 (eth1)
#
echo "Rule 29 (eth1)"
#
$IPTABLES -N In_RULE_29
$IPTABLES -A INPUT -i ! eth1 -s 192.168.1.0/24 -j In_RULE_29
$IPTABLES -A FORWARD -i ! eth1 -s 192.168.1.0/24 -j In_RULE_29
$IPTABLES -A In_RULE_29 -j LOG --log-level info --log-prefix "RULE 29 -- ACCEPT "
$IPTABLES -A In_RULE_29 -j ACCEPT
$IPTABLES -N Out_RULE_29
$IPTABLES -A OUTPUT -o ! eth1 -s 192.168.1.0/24 -j Out_RULE_29
$IPTABLES -A FORWARD -o ! eth1 -s 192.168.1.0/24 -j Out_RULE_29
$IPTABLES -A Out_RULE_29 -j LOG --log-level info --log-prefix "RULE 29 -- ACCEPT "
$IPTABLES -A Out_RULE_29 -j ACCEPT
#
# Rule 30 (global)
#
echo "Rule 30 (global)"
#
# testing for bug #1618381
# classify action is non-terminating
# in this firewall object
$IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j ACCEPT
#
# Rule 31 (eth0)
#
echo "Rule 31 (eth0)"
#
# second rule for bug #1618381
$IPTABLES -A INPUT -i eth0 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -j ACCEPT
#
# Rule 32 (global)
#
echo "Rule 32 (global)"
#
# testing for bug #1618381
$IPTABLES -N Cid459A026219324.0
$IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j Cid459A026219324.0
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j Cid459A026219324.0
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j Cid459A026219324.0
$IPTABLES -A Cid459A026219324.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -A Cid459A026219324.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -A Cid459A026219324.0 -j ACCEPT
#
# Rule 33 (global)
#
echo "Rule 33 (global)"
#
# testing for bug #1618381
$IPTABLES -N Cid459A5AFB19324.0
$IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j Cid459A5AFB19324.0
$IPTABLES -A OUTPUT -p tcp -m tcp --dport 80 -j Cid459A5AFB19324.0
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j Cid459A5AFB19324.0
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 -j Cid459A5AFB19324.0
$IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j Cid459A5AFB19324.0
$IPTABLES -A FORWARD -p tcp -m tcp --dport 80 -j Cid459A5AFB19324.0
$IPTABLES -A Cid459A5AFB19324.0 -s 192.168.1.0/24 -j RETURN
$IPTABLES -A Cid459A5AFB19324.0 -s 192.168.2.0/24 -j RETURN
$IPTABLES -A Cid459A5AFB19324.0 -j ACCEPT
#
# Rule 34 (eth0)
#
echo "Rule 34 (eth0)"
#
# bug #1618381
# this rule uses multiport
# and has to be split because
# of that
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT
#
# Rule 35 (global)
#
echo "Rule 35 (global)"
@ -919,7 +1217,6 @@ script_body() {
$IPTABLES -A INPUT -j RULE_36
$IPTABLES -A FORWARD -j RULE_36
$IPTABLES -A RULE_36 -j LOG --log-level info --log-prefix "RULE 36 -- BRANCH "
$IPTABLES -N mymark
$IPTABLES -A RULE_36 -j mymark
#
# Rule 37 (global)
@ -987,7 +1284,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue May 3 20:28:13 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:30 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

63
test/ipt/firewall38.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.ma_1
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Tue May 3 19:32:56 2011 PDT by vadim
# Generated Fri May 13 12:35:28 2011 PDT by vadim
#
# files: * firewall38.fw /etc/fw/firewall38.fw
#
@ -313,6 +313,36 @@ script_body() {
echo "-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT "
# ================ Table 'filter', rule set Policy
#
# Rule 1 (global)
echo "-A OUTPUT -p 50 -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 1 -- CONTINUE \""
echo "-A OUTPUT -p ah -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 1 -- CONTINUE \""
echo "-A INPUT -p 50 -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 1 -- CONTINUE \""
echo "-A INPUT -p ah -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 1 -- CONTINUE \""
echo "-A FORWARD -p 50 -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 1 -- CONTINUE \""
echo "-A FORWARD -p ah -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 1 -- CONTINUE \""
#
# Rule 2 (global)
echo ":Cid43BBF1AD9745.0 - [0:0]"
echo "-A OUTPUT -s ! 192.168.1.0/24 -m state --state NEW -j Cid43BBF1AD9745.0 "
echo "-A Cid43BBF1AD9745.0 -p 50 -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \""
echo "-A Cid43BBF1AD9745.0 -p ah -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \""
echo ":Cid43BBF1AD9745.1 - [0:0]"
echo "-A INPUT -s ! 192.168.1.0/24 -m state --state NEW -j Cid43BBF1AD9745.1 "
echo "-A Cid43BBF1AD9745.1 -p 50 -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \""
echo "-A Cid43BBF1AD9745.1 -p ah -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \""
echo ":Cid43BBF1AD9745.2 - [0:0]"
echo "-A OUTPUT -s ! 192.168.1.0/24 -m state --state NEW -j Cid43BBF1AD9745.2 "
echo "-A Cid43BBF1AD9745.2 -p 50 -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \""
echo "-A Cid43BBF1AD9745.2 -p ah -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \""
echo ":Cid43BBF1AD9745.3 - [0:0]"
echo "-A FORWARD -s ! 192.168.1.0/24 -m state --state NEW -j Cid43BBF1AD9745.3 "
echo "-A Cid43BBF1AD9745.3 -p 50 -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \""
echo "-A Cid43BBF1AD9745.3 -p ah -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \""
#
# Rule 5 (global)
echo "-A INPUT -p tcp -m tcp -s 22.22.23.22 --dport 80 -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 5 -- CONTINUE \""
echo "-A OUTPUT -p tcp -m tcp -s 22.22.23.22 --dport 80 -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 5 -- CONTINUE \""
#
# Rule 9 (global)
echo "-A OUTPUT -m mark --mark 16 -m state --state NEW -j ACCEPT "
echo "-A INPUT -m mark --mark 16 -m state --state NEW -j ACCEPT "
@ -372,26 +402,20 @@ script_body() {
echo "-A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 16"
#
# Rule 1 (global)
echo ":RULE_1 - [0:0]"
echo "-A OUTPUT -p 50 -m state --state NEW -j RULE_1 "
echo "-A OUTPUT -p ah -m state --state NEW -j RULE_1 "
echo "-A PREROUTING -p 50 -m state --state NEW -j RULE_1 "
echo "-A PREROUTING -p ah -m state --state NEW -j RULE_1 "
echo "-A RULE_1 -j LOG --log-level info --log-prefix \"RULE 1 -- CONTINUE \""
echo "-A RULE_1 -j MARK --set-mark 16"
echo "-A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 16"
echo "-A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 16"
echo "-A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 16"
echo "-A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 16"
#
# Rule 2 (global)
echo ":Cid43BBF1AD9745.0 - [0:0]"
echo "-A OUTPUT -s ! 192.168.1.0/24 -m state --state NEW -j Cid43BBF1AD9745.0 "
echo ":RULE_2 - [0:0]"
echo "-A Cid43BBF1AD9745.0 -p 50 -j RULE_2 "
echo "-A Cid43BBF1AD9745.0 -p ah -j RULE_2 "
echo "-A Cid43BBF1AD9745.0 -p 50 -j MARK --set-mark 16"
echo "-A Cid43BBF1AD9745.0 -p ah -j MARK --set-mark 16"
echo ":Cid43BBF1AD9745.1 - [0:0]"
echo "-A PREROUTING -s ! 192.168.1.0/24 -m state --state NEW -j Cid43BBF1AD9745.1 "
echo "-A Cid43BBF1AD9745.1 -p 50 -j RULE_2 "
echo "-A Cid43BBF1AD9745.1 -p ah -j RULE_2 "
echo "-A RULE_2 -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \""
echo "-A RULE_2 -j MARK --set-mark 16"
echo "-A Cid43BBF1AD9745.1 -p 50 -j MARK --set-mark 16"
echo "-A Cid43BBF1AD9745.1 -p ah -j MARK --set-mark 16"
#
# Rule 3 (eth1)
echo "-A PREROUTING -i eth1 -p 50 -m state --state NEW -j MARK --set-mark 16"
@ -402,10 +426,7 @@ script_body() {
echo "-A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -j MARK --set-mark 2"
#
# Rule 5 (global)
echo ":RULE_5 - [0:0]"
echo "-A OUTPUT -p tcp -m tcp -s 22.22.23.22 --dport 80 -m state --state NEW -j RULE_5 "
echo "-A RULE_5 -j LOG --log-level info --log-prefix \"RULE 5 -- CONTINUE \""
echo "-A RULE_5 -j MARK --set-mark 2"
echo "-A OUTPUT -p tcp -m tcp -s 22.22.23.22 --dport 80 -m state --state NEW -j MARK --set-mark 2"
#
# Rule 6 (eth1)
echo "-A OUTPUT -o eth1 -p tcp -m tcp -s 22.22.23.22 --dport 80 -m state --state NEW -j MARK --set-mark 2"
@ -498,7 +519,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue May 3 19:32:56 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:28 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

136
test/ipt/firewall39.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:25 2011 PDT by vadim
# Generated Fri May 13 12:35:30 2011 PDT by vadim
#
# files: * firewall39.fw /etc/fw/firewall39.fw
#
@ -319,101 +319,6 @@ script_body() {
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -j ACCEPT
# ================ Table 'mangle', rule set rule0_branch
#
# Rule rule0_branch 0 (global)
#
echo "Rule rule0_branch 0 (global)"
#
$IPTABLES -N rule0_branch -t mangle
$IPTABLES -N rule0_branch_0 -t mangle
$IPTABLES -t mangle -A rule0_branch -m state --state NEW -j rule0_branch_0
$IPTABLES -t mangle -A rule0_branch_0 -j LOG --log-level info --log-prefix "RULE 0 -- ACCEPT "
$IPTABLES -t mangle -A rule0_branch_0 -j ACCEPT
# ================ Table 'mangle', rule set rule1_branch
#
# Rule rule1_branch 0 (global)
#
echo "Rule rule1_branch 0 (global)"
#
$IPTABLES -N rule1_branch -t mangle
$IPTABLES -N rule1_branch_0 -t mangle
$IPTABLES -t mangle -A rule1_branch -d 192.168.2.10 -j rule1_branch_0
$IPTABLES -t mangle -A rule1_branch_0 -j LOG --log-level info --log-prefix "RULE 0 -- DENY "
$IPTABLES -t mangle -A rule1_branch_0 -j DROP
#
# Rule rule1_branch 1 (global)
#
echo "Rule rule1_branch 1 (global)"
#
$IPTABLES -t mangle -A rule1_branch -m state --state NEW -j ACCEPT
# ================ Table 'mangle', rule set rule2_branch
#
# Rule rule2_branch 0 (global)
#
echo "Rule rule2_branch 0 (global)"
#
$IPTABLES -N rule2_branch -t mangle
$IPTABLES -N rule2_branch_0 -t mangle
$IPTABLES -t mangle -A rule2_branch -d ! 192.168.2.10 -j rule2_branch_0
$IPTABLES -t mangle -A rule2_branch_0 -j LOG --log-level info --log-prefix "RULE 0 -- DENY "
$IPTABLES -t mangle -A rule2_branch_0 -j DROP
#
# Rule rule2_branch 1 (global)
#
echo "Rule rule2_branch 1 (global)"
#
$IPTABLES -t mangle -A rule2_branch -s 222.222.222.0/24 -d 192.168.2.10 -m state --state NEW -j ACCEPT
#
# Rule rule2_branch 2 (global)
#
echo "Rule rule2_branch 2 (global)"
#
$IPTABLES -N rule2_branch_2 -t mangle
$IPTABLES -t mangle -A rule2_branch -j rule2_branch_2
$IPTABLES -t mangle -A rule2_branch_2 -j LOG --log-level info --log-prefix "RULE 2 -- DENY "
$IPTABLES -t mangle -A rule2_branch_2 -j DROP
# ================ Table 'mangle', rule set rule3_branch
#
# Rule rule3_branch 0 (eth1)
#
echo "Rule rule3_branch 0 (eth1)"
#
$IPTABLES -N rule3_branch -t mangle
$IPTABLES -t mangle -A rule3_branch -i eth1 -d 22.22.23.22 -m state --state NEW -j ACCEPT
$IPTABLES -t mangle -A rule3_branch -i eth1 -d 192.168.1.22 -m state --state NEW -j ACCEPT
$IPTABLES -t mangle -A rule3_branch -i eth1 -d 192.168.2.1 -m state --state NEW -j ACCEPT
#
# Rule rule3_branch 1 (global)
#
echo "Rule rule3_branch 1 (global)"
#
$IPTABLES -N rule3_branch_1 -t mangle
$IPTABLES -t mangle -A rule3_branch -j rule3_branch_1
$IPTABLES -t mangle -A rule3_branch_1 -j LOG --log-level info --log-prefix "RULE 1 -- DENY "
$IPTABLES -t mangle -A rule3_branch_1 -j DROP
# ================ Table 'mangle', rule set rule4_branch
#
# Rule rule4_branch 0 (eth1)
#
echo "Rule rule4_branch 0 (eth1)"
#
$IPTABLES -N rule4_branch -t mangle
$IPTABLES -N In_rule4_branch_0 -t mangle
$IPTABLES -t mangle -A rule4_branch -i eth1 -j In_rule4_branch_0
$IPTABLES -t mangle -A In_rule4_branch_0 -j LOG --log-level info --log-prefix "RULE 0 -- BRANCH "
$IPTABLES -N rule_4_0_branch -t mangle
$IPTABLES -t mangle -A In_rule4_branch_0 -j rule_4_0_branch
#
# Rule rule4_branch 1 (eth0)
#
echo "Rule rule4_branch 1 (eth0)"
#
$IPTABLES -N In_rule4_branch_1 -t mangle
$IPTABLES -t mangle -A rule4_branch -i eth0 -j In_rule4_branch_1
$IPTABLES -t mangle -A In_rule4_branch_1 -j LOG --log-level info --log-prefix "RULE 1 -- BRANCH "
$IPTABLES -N rule_4_1_branch -t mangle
$IPTABLES -t mangle -A In_rule4_branch_1 -j rule_4_1_branch
# ================ Table 'mangle', rule set Policy
#
# Rule 7 (global)
@ -422,6 +327,7 @@ script_body() {
#
# green rules branch
# also in mangle table
$IPTABLES -N rule0_branch -t mangle
$IPTABLES -t mangle -A PREROUTING -p 50 -j rule0_branch
$IPTABLES -t mangle -A PREROUTING -p ah -j rule0_branch
$IPTABLES -t mangle -A POSTROUTING -p 50 -j rule0_branch
@ -433,15 +339,13 @@ script_body() {
#
echo "Rule 8 (global)"
#
$IPTABLES -N RULE_8 -t mangle
$IPTABLES -t mangle -A PREROUTING -p 50 -j RULE_8
$IPTABLES -t mangle -A PREROUTING -p ah -j RULE_8
$IPTABLES -t mangle -A RULE_8 -j LOG --log-level info --log-prefix "RULE 8 -- BRANCH "
$IPTABLES -t mangle -A RULE_8 -j rule1_branch
$IPTABLES -t mangle -A POSTROUTING -p 50 -j RULE_8
$IPTABLES -t mangle -A POSTROUTING -p ah -j RULE_8
$IPTABLES -t mangle -A FORWARD -p 50 -j RULE_8
$IPTABLES -t mangle -A FORWARD -p ah -j RULE_8
$IPTABLES -N rule1_branch -t mangle
$IPTABLES -t mangle -A PREROUTING -p 50 -j rule1_branch
$IPTABLES -t mangle -A PREROUTING -p ah -j rule1_branch
$IPTABLES -t mangle -A POSTROUTING -p 50 -j rule1_branch
$IPTABLES -t mangle -A POSTROUTING -p ah -j rule1_branch
$IPTABLES -t mangle -A FORWARD -p 50 -j rule1_branch
$IPTABLES -t mangle -A FORWARD -p ah -j rule1_branch
#
# Rule 9 (global)
#
@ -449,24 +353,23 @@ script_body() {
#
$IPTABLES -N Cid464C29BB3999.0 -t mangle
$IPTABLES -t mangle -A PREROUTING -s ! 192.168.1.0/24 -j Cid464C29BB3999.0
$IPTABLES -N RULE_9 -t mangle
$IPTABLES -t mangle -A Cid464C29BB3999.0 -p 50 -j RULE_9
$IPTABLES -t mangle -A Cid464C29BB3999.0 -p ah -j RULE_9
$IPTABLES -t mangle -A RULE_9 -j LOG --log-level info --log-prefix "RULE 9 -- BRANCH "
$IPTABLES -t mangle -A RULE_9 -j rule2_branch
$IPTABLES -N rule2_branch -t mangle
$IPTABLES -t mangle -A Cid464C29BB3999.0 -p 50 -j rule2_branch
$IPTABLES -t mangle -A Cid464C29BB3999.0 -p ah -j rule2_branch
$IPTABLES -N Cid464C29BB3999.1 -t mangle
$IPTABLES -t mangle -A POSTROUTING -s ! 192.168.1.0/24 -j Cid464C29BB3999.1
$IPTABLES -t mangle -A Cid464C29BB3999.1 -p 50 -j RULE_9
$IPTABLES -t mangle -A Cid464C29BB3999.1 -p ah -j RULE_9
$IPTABLES -t mangle -A Cid464C29BB3999.1 -p 50 -j rule2_branch
$IPTABLES -t mangle -A Cid464C29BB3999.1 -p ah -j rule2_branch
$IPTABLES -N Cid464C29BB3999.2 -t mangle
$IPTABLES -t mangle -A FORWARD -s ! 192.168.1.0/24 -j Cid464C29BB3999.2
$IPTABLES -t mangle -A Cid464C29BB3999.2 -p 50 -j RULE_9
$IPTABLES -t mangle -A Cid464C29BB3999.2 -p ah -j RULE_9
$IPTABLES -t mangle -A Cid464C29BB3999.2 -p 50 -j rule2_branch
$IPTABLES -t mangle -A Cid464C29BB3999.2 -p ah -j rule2_branch
#
# Rule 10 (eth1)
#
echo "Rule 10 (eth1)"
#
$IPTABLES -N rule3_branch -t mangle
$IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -j rule3_branch
$IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -j rule3_branch
$IPTABLES -t mangle -A FORWARD -i eth1 -p 50 -j rule3_branch
@ -485,6 +388,7 @@ script_body() {
#
echo "Rule 12 (global)"
#
$IPTABLES -N rule4_branch -t mangle
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp -d 192.168.2.10 --dport 80 -j rule4_branch
$IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp -d 192.168.2.10 --dport 80 -j rule4_branch
$IPTABLES -t mangle -A FORWARD -p tcp -m tcp -d 192.168.2.10 --dport 80 -j rule4_branch
@ -895,7 +799,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:25 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:30 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:27 2011 PDT by vadim
# Generated Fri May 13 12:35:32 2011 PDT by vadim
#
# files: * firewall4.fw /etc/fw/firewall4.fw
#
@ -710,7 +710,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:27 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:32 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

22
test/ipt/firewall40-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.ma_1
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Tue May 3 19:33:01 2011 PDT by vadim
# Generated Fri May 13 12:35:34 2011 PDT by vadim
#
# files: * firewall40-1.fw /etc/firewall40-1.fw
#
@ -353,11 +353,8 @@ script_body() {
#
$IPTABLES -N Cid55038X29165.0 -t mangle
$IPTABLES -t mangle -A Policy_1 -s 192.168.1.0/24 -m state --state NEW -j Cid55038X29165.0
$IPTABLES -N Policy_1_6 -t mangle
$IPTABLES -t mangle -A Cid55038X29165.0 -d 22.22.22.0/24 -j Policy_1_6
$IPTABLES -t mangle -A Cid55038X29165.0 -d 33.33.33.0/24 -j Policy_1_6
$IPTABLES -t mangle -A Policy_1_6 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE "
$IPTABLES -t mangle -A Policy_1_6 -j MARK --set-mark 8
$IPTABLES -t mangle -A Cid55038X29165.0 -d 22.22.22.0/24 -j MARK --set-mark 8
$IPTABLES -t mangle -A Cid55038X29165.0 -d 33.33.33.0/24 -j MARK --set-mark 8
# ================ Table 'filter', rule set Policy_1
#
@ -378,6 +375,15 @@ script_body() {
$IPTABLES -A Policy_1 -j Policy_1_5
$IPTABLES -A Policy_1_5 -j LOG --log-level info --log-prefix "RULE 5 -- DENY "
$IPTABLES -A Policy_1_5 -j DROP
#
# Rule Policy_1 6 (global)
#
echo "Rule Policy_1 6 (global)"
#
$IPTABLES -N Cid55038X29165.0
$IPTABLES -A Policy_1 -s 192.168.1.0/24 -m state --state NEW -j Cid55038X29165.0
$IPTABLES -A Cid55038X29165.0 -d 22.22.22.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE "
$IPTABLES -A Cid55038X29165.0 -d 33.33.33.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE "
# ================ Table 'filter', rule set Policy
#
# Rule 0 (global)
@ -446,7 +452,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue May 3 19:33:01 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:34 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

22
test/ipt/firewall40-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.ma_1
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Tue May 3 19:33:02 2011 PDT by vadim
# Generated Fri May 13 12:35:34 2011 PDT by vadim
#
# files: * firewall40-2.fw /etc/firewall40-2.fw
#
@ -353,11 +353,8 @@ script_body() {
#
$IPTABLES -N Cid55227X22068.0 -t mangle
$IPTABLES -t mangle -A Policy_1 -s 192.168.1.0/24 -m state --state NEW -j Cid55227X22068.0
$IPTABLES -N Policy_1_6 -t mangle
$IPTABLES -t mangle -A Cid55227X22068.0 -d 22.22.22.0/24 -j Policy_1_6
$IPTABLES -t mangle -A Cid55227X22068.0 -d 33.33.33.0/24 -j Policy_1_6
$IPTABLES -t mangle -A Policy_1_6 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE "
$IPTABLES -t mangle -A Policy_1_6 -j MARK --set-mark 8
$IPTABLES -t mangle -A Cid55227X22068.0 -d 22.22.22.0/24 -j MARK --set-mark 8
$IPTABLES -t mangle -A Cid55227X22068.0 -d 33.33.33.0/24 -j MARK --set-mark 8
# ================ Table 'filter', rule set Policy_1
#
@ -378,6 +375,15 @@ script_body() {
$IPTABLES -A Policy_1 -j Policy_1_5
$IPTABLES -A Policy_1_5 -j LOG --log-level info --log-prefix "RULE 5 -- DENY "
$IPTABLES -A Policy_1_5 -j DROP
#
# Rule Policy_1 6 (global)
#
echo "Rule Policy_1 6 (global)"
#
$IPTABLES -N Cid55227X22068.0
$IPTABLES -A Policy_1 -s 192.168.1.0/24 -m state --state NEW -j Cid55227X22068.0
$IPTABLES -A Cid55227X22068.0 -d 22.22.22.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE "
$IPTABLES -A Cid55227X22068.0 -d 33.33.33.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE "
}
ip_forward() {
@ -433,7 +439,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue May 3 19:33:02 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:34 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

26
test/ipt/firewall40.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.ma_1
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Tue May 3 19:33:00 2011 PDT by vadim
# Generated Fri May 13 12:35:32 2011 PDT by vadim
#
# files: * firewall40.fw /etc/firewall40.fw
#
@ -352,11 +352,8 @@ script_body() {
#
$IPTABLES -N Cid37084X26841.0 -t mangle
$IPTABLES -t mangle -A PREROUTING -s 192.168.1.0/24 -m state --state NEW -j Cid37084X26841.0
$IPTABLES -N RULE_6 -t mangle
$IPTABLES -t mangle -A Cid37084X26841.0 -d 22.22.22.0/24 -j RULE_6
$IPTABLES -t mangle -A Cid37084X26841.0 -d 33.33.33.0/24 -j RULE_6
$IPTABLES -t mangle -A RULE_6 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE "
$IPTABLES -t mangle -A RULE_6 -j MARK --set-mark 8
$IPTABLES -t mangle -A Cid37084X26841.0 -d 22.22.22.0/24 -j MARK --set-mark 8
$IPTABLES -t mangle -A Cid37084X26841.0 -d 33.33.33.0/24 -j MARK --set-mark 8
# ================ Table 'filter', rule set Policy
#
@ -380,6 +377,19 @@ script_body() {
$IPTABLES -A FORWARD -j RULE_5
$IPTABLES -A RULE_5 -j LOG --log-level info --log-prefix "RULE 5 -- DENY "
$IPTABLES -A RULE_5 -j DROP
#
# Rule 6 (global)
#
echo "Rule 6 (global)"
#
$IPTABLES -N Cid37084X26841.0
$IPTABLES -A OUTPUT -s 192.168.1.0/24 -m state --state NEW -j Cid37084X26841.0
$IPTABLES -A Cid37084X26841.0 -d 22.22.22.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE "
$IPTABLES -A Cid37084X26841.0 -d 33.33.33.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE "
$IPTABLES -N Cid37084X26841.1
$IPTABLES -A FORWARD -s 192.168.1.0/24 -m state --state NEW -j Cid37084X26841.1
$IPTABLES -A Cid37084X26841.1 -d 22.22.22.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE "
$IPTABLES -A Cid37084X26841.1 -d 33.33.33.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE "
}
ip_forward() {
@ -435,7 +445,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Tue May 3 19:33:00 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:32 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall41-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:31 2011 PDT by vadim
# Generated Fri May 13 12:35:36 2011 PDT by vadim
#
# files: * firewall41-1.fw /etc/firewall41-1.fw
#
@ -575,7 +575,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:31 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:36 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall41.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:33 2011 PDT by vadim
# Generated Fri May 13 12:35:37 2011 PDT by vadim
#
# files: * firewall41.fw /etc/firewall41.fw
#
@ -459,7 +459,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:33 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:37 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall42.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:35 2011 PDT by vadim
# Generated Fri May 13 12:35:39 2011 PDT by vadim
#
# files: * firewall42.fw /etc/fw/firewall42.fw
#
@ -382,7 +382,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:35 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:39 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:35 2011 PDT by vadim
# Generated Fri May 13 12:35:40 2011 PDT by vadim
#
# files: * firewall5.fw /etc/fw/firewall5.fw
#
@ -622,7 +622,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:35 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:40 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall50.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:37 2011 PDT by vadim
# Generated Fri May 13 12:35:41 2011 PDT by vadim
#
# files: * firewall50.fw /etc/fw/firewall50.fw
#
@ -418,7 +418,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:37 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:41 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall51.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:37 2011 PDT by vadim
# Generated Fri May 13 12:35:42 2011 PDT by vadim
#
# files: * firewall51.fw /etc/fw/firewall51.fw
#
@ -491,7 +491,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:37 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:42 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:39 2011 PDT by vadim
# Generated Fri May 13 12:35:43 2011 PDT by vadim
#
# files: * firewall6.fw /etc/fw/firewall6.fw
#
@ -513,7 +513,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:39 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:43 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall60.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:40 2011 PDT by vadim
# Generated Fri May 13 12:35:44 2011 PDT by vadim
#
# files: * firewall60.fw /etc/firewall60.fw
#
@ -419,7 +419,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:40 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:44 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.2.5.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:41 2011 PDT by vadim
# Generated Fri May 13 12:35:45 2011 PDT by vadim
#
# files: * firewall61-1.2.5.fw /etc/firewall61-1.2.5.fw
#
@ -499,7 +499,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:41 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:45 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.2.6.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:42 2011 PDT by vadim
# Generated Fri May 13 12:35:46 2011 PDT by vadim
#
# files: * firewall61-1.2.6.fw /etc/firewall61-1.2.6.fw
#
@ -505,7 +505,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:42 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:46 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.3.x.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:43 2011 PDT by vadim
# Generated Fri May 13 12:35:47 2011 PDT by vadim
#
# files: * firewall61-1.3.x.fw /etc/firewall61-1.3.x.fw
#
@ -492,7 +492,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:43 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:47 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall61-1.4.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:44 2011 PDT by vadim
# Generated Fri May 13 12:35:48 2011 PDT by vadim
#
# files: * firewall61-1.4.fw /etc/firewall61-1.4.fw
#
@ -493,7 +493,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:44 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall62.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:45 2011 PDT by vadim
# Generated Fri May 13 12:35:49 2011 PDT by vadim
#
# files: * firewall62.fw /etc/firewall62.fw
#
@ -569,7 +569,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:45 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:49 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall63.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:46 2011 PDT by vadim
# Generated Fri May 13 12:35:50 2011 PDT by vadim
#
# files: * firewall63.fw /etc/firewall63.fw
#
@ -389,7 +389,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:46 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:50 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall7.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:48 2011 PDT by vadim
# Generated Fri May 13 12:35:51 2011 PDT by vadim
#
# files: * firewall7.fw /etc/fw/firewall7.fw
#
@ -473,7 +473,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:48 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:51 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall70.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:48 2011 PDT by vadim
# Generated Fri May 13 12:35:52 2011 PDT by vadim
#
# files: * firewall70.fw iptables.sh
#
@ -412,7 +412,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:48 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:52 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall71.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:50 2011 PDT by vadim
# Generated Fri May 13 12:35:53 2011 PDT by vadim
#
# files: * firewall71.fw /etc/fw/firewall71.fw
#
@ -428,7 +428,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:50 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:53 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall72-1.3.x.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:50 2011 PDT by vadim
# Generated Fri May 13 12:35:54 2011 PDT by vadim
#
# files: * firewall72-1.3.x.fw /etc/fw/firewall72-1.3.x.fw
#
@ -560,7 +560,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:50 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:54 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall72-1.4.3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:52 2011 PDT by vadim
# Generated Fri May 13 12:35:55 2011 PDT by vadim
#
# files: * firewall72-1.4.3.fw /etc/fw/firewall72-1.4.3.fw
#
@ -560,7 +560,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:52 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:55 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall73.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:52 2011 PDT by vadim
# Generated Fri May 13 12:35:56 2011 PDT by vadim
#
# files: * firewall73.fw /etc/fw/firewall73.fw
#
@ -523,7 +523,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:52 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:56 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall74.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:54 2011 PDT by vadim
# Generated Fri May 13 12:35:57 2011 PDT by vadim
#
# files: * firewall74.fw /etc/fw/firewall74.fw
#
@ -375,7 +375,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:54 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall8.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:54 2011 PDT by vadim
# Generated Fri May 13 12:35:58 2011 PDT by vadim
#
# files: * firewall8.fw /etc/fw/firewall8.fw
#
@ -358,7 +358,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:54 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall80.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:56 2011 PDT by vadim
# Generated Fri May 13 12:35:59 2011 PDT by vadim
#
# files: * firewall80.fw /etc/fw/firewall80.fw
#
@ -399,7 +399,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:56 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:59 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall81.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:56 2011 PDT by vadim
# Generated Fri May 13 12:36:00 2011 PDT by vadim
#
# files: * firewall81.fw /etc/fw/firewall81.fw
#
@ -420,7 +420,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:56 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:00 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall82.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:58 2011 PDT by vadim
# Generated Fri May 13 12:36:01 2011 PDT by vadim
#
# files: * firewall82.fw /etc/firewall82.fw
#
@ -411,7 +411,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:58 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:01 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall82_A.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:59 2011 PDT by vadim
# Generated Fri May 13 12:36:02 2011 PDT by vadim
#
# files: * firewall82_A.fw /etc/fw/firewall82_A.fw
#
@ -400,7 +400,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:29:59 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:02 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall82_B.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:00 2011 PDT by vadim
# Generated Fri May 13 12:36:03 2011 PDT by vadim
#
# files: * firewall82_B.fw /etc/fw/firewall82_B.fw
#
@ -363,7 +363,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:00 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:03 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall9.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:01 2011 PDT by vadim
# Generated Fri May 13 12:36:04 2011 PDT by vadim
#
# files: * firewall9.fw /etc/fw/firewall9.fw
#
@ -621,7 +621,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:01 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:04 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall90.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:03 2011 PDT by vadim
# Generated Fri May 13 12:36:05 2011 PDT by vadim
#
# files: * firewall90.fw /etc/fw/firewall90.fw
#
@ -383,7 +383,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:03 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:05 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall91.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:03 2011 PDT by vadim
# Generated Fri May 13 12:36:06 2011 PDT by vadim
#
# files: * firewall91.fw /etc/fw/firewall91.fw
#
@ -383,7 +383,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:03 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:06 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall92.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:05 2011 PDT by vadim
# Generated Fri May 13 12:36:07 2011 PDT by vadim
#
# files: * firewall92.fw /etc/fw/firewall92.fw
#
@ -419,7 +419,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:05 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:07 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/firewall93.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:05 2011 PDT by vadim
# Generated Fri May 13 12:36:08 2011 PDT by vadim
#
# files: * firewall93.fw /etc/fw/firewall93.fw
#
@ -458,7 +458,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:05 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:08 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/fw-A.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:47 2011 PDT by vadim
# Generated Fri May 13 12:36:50 2011 PDT by vadim
#
# files: * fw-A.fw /sw/FWbuilder/fw-A.fw
#
@ -724,7 +724,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:47 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:50 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/fw1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:46 2011 PDT by vadim
# Generated Fri May 13 12:36:48 2011 PDT by vadim
#
# files: * fw1.fw /etc/fw1.fw
#
@ -525,7 +525,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:46 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:48 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/fwbuilder.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:29:33 2011 PDT by vadim
# Generated Fri May 13 12:35:38 2011 PDT by vadim
#
# files: * fwbuilder.fw /etc/init.d/fwbuilder.fw
#
@ -483,7 +483,7 @@ status_action() {
}
start() {
log "Activating firewall script generated Thu May 5 20:29:33 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:35:38 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:54 2011 PDT by vadim
# Generated Fri May 13 12:36:57 2011 PDT by vadim
#
# files: * heartbeat_cluster_1_d_linux-1-d.fw firewall.sh
#
@ -722,7 +722,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:54 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:54 2011 PDT by vadim
# Generated Fri May 13 12:36:57 2011 PDT by vadim
#
# files: * heartbeat_cluster_1_d_linux-2-d.fw firewall.sh
#
@ -726,7 +726,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:54 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:53 2011 PDT by vadim
# Generated Fri May 13 12:36:57 2011 PDT by vadim
#
# files: * heartbeat_cluster_1_linux-1.fw /etc/heartbeat_cluster_1_linux-1.fw
#
@ -843,7 +843,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:53 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:53 2011 PDT by vadim
# Generated Fri May 13 12:36:57 2011 PDT by vadim
#
# files: * heartbeat_cluster_1_linux-2.fw /etc/heartbeat_cluster_1_linux-2.fw
#
@ -741,7 +741,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:53 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_2_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:54 2011 PDT by vadim
# Generated Fri May 13 12:36:57 2011 PDT by vadim
#
# files: * heartbeat_cluster_2_linux-1.fw /etc/heartbeat_cluster_2_linux-1.fw
#
@ -707,7 +707,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:54 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/heartbeat_cluster_2_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:54 2011 PDT by vadim
# Generated Fri May 13 12:36:57 2011 PDT by vadim
#
# files: * heartbeat_cluster_2_linux-2.fw /etc/heartbeat_cluster_2_linux-2.fw
#
@ -620,7 +620,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:54 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/host.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:47 2011 PDT by vadim
# Generated Fri May 13 12:36:50 2011 PDT by vadim
#
# files: * host.fw /etc/fw/host.fw
#
@ -422,7 +422,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:47 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:50 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/openais_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:54 2011 PDT by vadim
# Generated Fri May 13 12:36:57 2011 PDT by vadim
#
# files: * openais_cluster_1_linux-1.fw /etc/openais_cluster_1_linux-1.fw
#
@ -707,7 +707,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:54 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/openais_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:54 2011 PDT by vadim
# Generated Fri May 13 12:36:58 2011 PDT by vadim
#
# files: * openais_cluster_1_linux-2.fw /etc/openais_cluster_1_linux-2.fw
#
@ -611,7 +611,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:54 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

4
test/ipt/rc.firewall.local
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.3.0.1
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Tue May 10 14:07:58 2011 PDT by vadim
# Generated Fri May 13 12:36:52 2011 PDT by vadim
#
# files: * rc.firewall.local /etc/rc.d//rc.firewall.local
#

6
test/ipt/rh90.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:49 2011 PDT by vadim
# Generated Fri May 13 12:36:52 2011 PDT by vadim
#
# files: * rh90.fw /etc/rh90.fw
#
@ -421,7 +421,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:49 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:52 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/secuwall_cluster_1_secuwall-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:54 2011 PDT by vadim
# Generated Fri May 13 12:36:57 2011 PDT by vadim
#
# files: * secuwall_cluster_1_secuwall-1.fw /etc/secuwall_cluster_1_secuwall-1.fw
#
@ -405,7 +405,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:54 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim"
log "Database was cluster-tests.fwb"
check_tools
check_run_time_address_table_files

6
test/ipt/server-cluster-1_server-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:55 2011 PDT by vadim
# Generated Fri May 13 12:36:58 2011 PDT by vadim
#
# files: * server-cluster-1_server-1.fw /etc/fw/server-cluster-1_server-1.fw
#
@ -400,7 +400,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:55 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/server-cluster-1_server-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:55 2011 PDT by vadim
# Generated Fri May 13 12:36:58 2011 PDT by vadim
#
# files: * server-cluster-1_server-2.fw /etc/fw/server-cluster-1_server-2.fw
#
@ -397,7 +397,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:55 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:51 2011 PDT by vadim
# Generated Fri May 13 12:36:54 2011 PDT by vadim
#
# files: * test-shadowing-1.fw /etc/test-shadowing-1.fw
#
@ -471,7 +471,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:51 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:54 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:52 2011 PDT by vadim
# Generated Fri May 13 12:36:56 2011 PDT by vadim
#
# files: * test-shadowing-2.fw /etc/test-shadowing-2.fw
#
@ -429,7 +429,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:52 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:56 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test-shadowing-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:53 2011 PDT by vadim
# Generated Fri May 13 12:36:56 2011 PDT by vadim
#
# files: * test-shadowing-3.fw /etc/test-shadowing-3.fw
#
@ -478,7 +478,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:53 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:56 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/test_fw.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:51 2011 PDT by vadim
# Generated Fri May 13 12:36:54 2011 PDT by vadim
#
# files: * test_fw.fw /etc/test_fw.fw
#
@ -570,7 +570,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:51 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:54 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_1_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:55 2011 PDT by vadim
# Generated Fri May 13 12:36:58 2011 PDT by vadim
#
# files: * vrrp_cluster_1_linux-1.fw /etc/vrrp_cluster_1_linux-1.fw
#
@ -710,7 +710,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:55 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_1_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:55 2011 PDT by vadim
# Generated Fri May 13 12:36:58 2011 PDT by vadim
#
# files: * vrrp_cluster_1_linux-2.fw /etc/vrrp_cluster_1_linux-2.fw
#
@ -615,7 +615,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:55 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_2_linux-1.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:55 2011 PDT by vadim
# Generated Fri May 13 12:36:58 2011 PDT by vadim
#
# files: * vrrp_cluster_2_linux-1.fw /etc/vrrp_cluster_2_linux-1.fw
#
@ -642,7 +642,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:55 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_2_linux-2.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:55 2011 PDT by vadim
# Generated Fri May 13 12:36:58 2011 PDT by vadim
#
# files: * vrrp_cluster_2_linux-2.fw /etc/vrrp_cluster_2_linux-2.fw
#
@ -547,7 +547,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:55 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files

6
test/ipt/vrrp_cluster_2_linux-3.fw.orig
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v4.2.1.3538
# Firewall Builder fwb_ipt v4.3.0.3542
#
# Generated Thu May 5 20:30:55 2011 PDT by vadim
# Generated Fri May 13 12:36:58 2011 PDT by vadim
#
# files: * vrrp_cluster_2_linux-3.fw /etc/vrrp_cluster_2_linux-3.fw
#
@ -523,7 +523,7 @@ test -z "$cmd" && {
case "$cmd" in
start)
log "Activating firewall script generated Thu May 5 20:30:55 2011 by vadim"
log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim"
check_tools
prolog_commands
check_run_time_address_table_files