From 2b67a0a491ac21923288b64423b6591de1768b6f Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Fri, 13 May 2011 13:06:42 -0700 Subject: [PATCH] see #2399, #2340 rules that require tagging, classification or routing are now split so that regular actions such as Accept are implemented using normal rules in the table "filter" and rules in table "mangle" only implement tagging, classification and routing. See ChangeLog for longer description --- doc/ChangeLog | 20 + src/iptlib/CompilerDriver_ipt.cpp | 49 +- src/iptlib/CompilerDriver_ipt.h | 2 - src/iptlib/CompilerDriver_ipt_run.cpp | 1 - src/iptlib/NATCompiler_PrintRuleIptRst.cpp | 29 - src/iptlib/NATCompiler_ipt.cpp | 5 +- src/iptlib/PolicyCompiler_PrintRule.cpp | 1 + src/iptlib/PolicyCompiler_ipt.cpp | 170 ++--- src/iptlib/PolicyCompiler_ipt.h | 24 +- src/iptlib/PolicyCompiler_ipt_optimizer.cpp | 5 + .../linux24/script_body_iptables_shell | 25 + .../linux24/script_body_single_rule | 17 +- test/ipt/cluster1_secuwall-1.fw.orig | 6 +- test/ipt/firewall-base-rulesets.fw.orig | 6 +- test/ipt/firewall-ipv6-1.fw.orig | 6 +- test/ipt/firewall-ipv6-2.fw.orig | 6 +- test/ipt/firewall-ipv6-3.fw.orig | 6 +- test/ipt/firewall-ipv6-4-1.fw.orig | 6 +- test/ipt/firewall-ipv6-4.fw.orig | 6 +- test/ipt/firewall-ipv6-5.fw.orig | 6 +- test/ipt/firewall-ipv6-6.fw.orig | 6 +- test/ipt/firewall-ipv6-7.fw.orig | 6 +- test/ipt/firewall-ipv6-8.fw.orig | 6 +- ...-ipv6-ipt-reset-prolog-after-flush.fw.orig | 14 +- ...-ipt-reset-prolog-after-interfaces.fw.orig | 14 +- ...firewall-ipv6-ipt-reset-prolog-top.fw.orig | 14 +- test/ipt/firewall-ipv6-nd-ns-1.fw.orig | 6 +- test/ipt/firewall-ipv6-nd-ns-2.fw.orig | 6 +- .../firewall-ipv6-prolog-after-flush.fw.orig | 6 +- ...ewall-ipv6-prolog-after-interfaces.fw.orig | 6 +- test/ipt/firewall-ipv6-prolog-top.fw.orig | 6 +- test/ipt/firewall-server-1-s.fw.orig | 6 +- test/ipt/firewall.fw.orig | 6 +- test/ipt/firewall1.fw.orig | 6 +- test/ipt/firewall10.fw.orig | 6 +- test/ipt/firewall11.fw.orig | 6 +- test/ipt/firewall12.fw.orig | 6 +- test/ipt/firewall13.fw.orig | 6 +- test/ipt/firewall14.fw.orig | 6 +- test/ipt/firewall15.fw.orig | 6 +- test/ipt/firewall16.fw.orig | 6 +- test/ipt/firewall17.fw.orig | 6 +- test/ipt/firewall18.fw.orig | 6 +- test/ipt/firewall19.fw.orig | 6 +- test/ipt/firewall2-1.fw.orig | 6 +- test/ipt/firewall2-2.fw.orig | 6 +- test/ipt/firewall2-3.fw.orig | 6 +- test/ipt/firewall2-4.fw.orig | 6 +- test/ipt/firewall2-5.fw.orig | 6 +- test/ipt/firewall2-6.fw.orig | 6 +- test/ipt/firewall2-7.fw.orig | 6 +- test/ipt/firewall2.fw.orig | 6 +- test/ipt/firewall20-ipv6.fw.orig | 6 +- test/ipt/firewall20.fw.orig | 6 +- test/ipt/firewall21-1.fw.orig | 6 +- test/ipt/firewall21.fw.orig | 6 +- test/ipt/firewall22.fw.orig | 6 +- test/ipt/firewall23-1.fw.orig | 21 +- test/ipt/firewall23.fw.orig | 6 +- test/ipt/firewall24.fw.orig | 6 +- test/ipt/firewall25.fw.orig | 35 +- test/ipt/firewall26.fw.orig | 6 +- test/ipt/firewall27.fw.orig | 6 +- test/ipt/firewall28.fw.orig | 6 +- test/ipt/firewall29.fw.orig | 6 +- test/ipt/firewall3.fw.orig | 6 +- test/ipt/firewall30.fw.orig | 6 +- test/ipt/firewall31.fw.orig | 6 +- test/ipt/firewall32.fw.orig | 6 +- test/ipt/firewall33-1.fw.orig | 17 +- test/ipt/firewall33.fw.orig | 17 +- test/ipt/firewall34.fw.orig | 6 +- test/ipt/firewall35.fw.orig | 6 +- test/ipt/firewall36-1.fw.orig | 6 +- test/ipt/firewall36-2.fw.orig | 6 +- test/ipt/firewall36.fw.orig | 42 +- test/ipt/firewall37-1.fw.orig | 476 +++++++++--- test/ipt/firewall37.fw.orig | 713 +++++++++++++----- test/ipt/firewall38.fw.orig | 63 +- test/ipt/firewall39.fw.orig | 136 +--- test/ipt/firewall4.fw.orig | 6 +- test/ipt/firewall40-1.fw.orig | 22 +- test/ipt/firewall40-2.fw.orig | 22 +- test/ipt/firewall40.fw.orig | 26 +- test/ipt/firewall41-1.fw.orig | 6 +- test/ipt/firewall41.fw.orig | 6 +- test/ipt/firewall42.fw.orig | 6 +- test/ipt/firewall5.fw.orig | 6 +- test/ipt/firewall50.fw.orig | 6 +- test/ipt/firewall51.fw.orig | 6 +- test/ipt/firewall6.fw.orig | 6 +- test/ipt/firewall60.fw.orig | 6 +- test/ipt/firewall61-1.2.5.fw.orig | 6 +- test/ipt/firewall61-1.2.6.fw.orig | 6 +- test/ipt/firewall61-1.3.x.fw.orig | 6 +- test/ipt/firewall61-1.4.fw.orig | 6 +- test/ipt/firewall62.fw.orig | 6 +- test/ipt/firewall63.fw.orig | 6 +- test/ipt/firewall7.fw.orig | 6 +- test/ipt/firewall70.fw.orig | 6 +- test/ipt/firewall71.fw.orig | 6 +- test/ipt/firewall72-1.3.x.fw.orig | 6 +- test/ipt/firewall72-1.4.3.fw.orig | 6 +- test/ipt/firewall73.fw.orig | 6 +- test/ipt/firewall74.fw.orig | 6 +- test/ipt/firewall8.fw.orig | 6 +- test/ipt/firewall80.fw.orig | 6 +- test/ipt/firewall81.fw.orig | 6 +- test/ipt/firewall82.fw.orig | 6 +- test/ipt/firewall82_A.fw.orig | 6 +- test/ipt/firewall82_B.fw.orig | 6 +- test/ipt/firewall9.fw.orig | 6 +- test/ipt/firewall90.fw.orig | 6 +- test/ipt/firewall91.fw.orig | 6 +- test/ipt/firewall92.fw.orig | 6 +- test/ipt/firewall93.fw.orig | 6 +- test/ipt/fw-A.fw.orig | 6 +- test/ipt/fw1.fw.orig | 6 +- test/ipt/fwbuilder.fw.orig | 6 +- .../heartbeat_cluster_1_d_linux-1-d.fw.orig | 6 +- .../heartbeat_cluster_1_d_linux-2-d.fw.orig | 6 +- test/ipt/heartbeat_cluster_1_linux-1.fw.orig | 6 +- test/ipt/heartbeat_cluster_1_linux-2.fw.orig | 6 +- test/ipt/heartbeat_cluster_2_linux-1.fw.orig | 6 +- test/ipt/heartbeat_cluster_2_linux-2.fw.orig | 6 +- test/ipt/host.fw.orig | 6 +- test/ipt/openais_cluster_1_linux-1.fw.orig | 6 +- test/ipt/openais_cluster_1_linux-2.fw.orig | 6 +- test/ipt/rc.firewall.local | 4 +- test/ipt/rh90.fw.orig | 6 +- .../ipt/secuwall_cluster_1_secuwall-1.fw.orig | 6 +- test/ipt/server-cluster-1_server-1.fw.orig | 6 +- test/ipt/server-cluster-1_server-2.fw.orig | 6 +- test/ipt/test-shadowing-1.fw.orig | 6 +- test/ipt/test-shadowing-2.fw.orig | 6 +- test/ipt/test-shadowing-3.fw.orig | 6 +- test/ipt/test_fw.fw.orig | 6 +- test/ipt/vrrp_cluster_1_linux-1.fw.orig | 6 +- test/ipt/vrrp_cluster_1_linux-2.fw.orig | 6 +- test/ipt/vrrp_cluster_2_linux-1.fw.orig | 6 +- test/ipt/vrrp_cluster_2_linux-2.fw.orig | 6 +- test/ipt/vrrp_cluster_2_linux-3.fw.orig | 6 +- 142 files changed, 1548 insertions(+), 1120 deletions(-) create mode 100644 src/res/configlets/linux24/script_body_iptables_shell diff --git a/doc/ChangeLog b/doc/ChangeLog index b508a51dd..99632795b 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,23 @@ +2011-05-13 vadim + + * CompilerDriver_ipt_run.cpp (run): see #2400 'Mixing Actions + "Accept" and "Classify" results in incorrect rules', see #2399 + 'Mixing Actions "Accept" and "Tag" results in incorrect ruleset'. + After we made Tag, Classify and Route rule options instead of + actions, rules that mix these options with actions "Accept" and + others, except for "Continue", should be treated differently. The + action are now implemented using iptables rules in the table + "filter" and additional rules in table "mangle" is used to + implement only tagging, classification or routing. Generated + script does not change default action in table "mangle" and + assumes it is "ACCEPT" so adding rules with target ACCEPT in + mangle table should not be necessary. Another change because of + this affects branching rules that use option "create branch in + mangle table in addition to the filter table". These rules used to + duplicate the same action and logging rules in mangle. Now they + dont do this and only create rules in mangle if branch rule set + performs tagging, classification or routing. + 2011-05-11 vadim * newFirewallDialog.cpp (finishClicked): fixes #2395 "Crash when diff --git a/src/iptlib/CompilerDriver_ipt.cpp b/src/iptlib/CompilerDriver_ipt.cpp index f58222ba1..fd4c638ee 100644 --- a/src/iptlib/CompilerDriver_ipt.cpp +++ b/src/iptlib/CompilerDriver_ipt.cpp @@ -91,46 +91,6 @@ void CompilerDriver_ipt::assignRuleSetChain(RuleSet *ruleset) } -void CompilerDriver_ipt::findBranchesInMangleTable(Firewall *fw, - list &all_policies) -{ - // special but common case: if we only have one policy, there is - // no need to check if we have to do branching in mangle table - // since we do not have any branching rules in that case. - if (all_policies.size() > 1) - { - for (list::iterator i=all_policies.begin(); - i!=all_policies.end(); ++i) - { - for (list::iterator r=(*i)->begin(); - r!=(*i)->end(); ++r) - { - PolicyRule *rule = PolicyRule::cast(*r); - if (rule == NULL) continue; // skip RuleSetOptions object - FWOptions *ruleopt = rule->getOptionsObject(); - if (rule->getAction() == PolicyRule::Branch && - ruleopt->getBool("ipt_branch_in_mangle")) - { - RuleSet *ruleset = rule->getBranch(); - if (ruleset == NULL) - { - abort(fw, *i, rule, - "Action branch does not point to any rule set"); - } - - for (list::iterator br=ruleset->begin(); - br!=ruleset->end(); ++br) - { - Rule *b_rule = Rule::cast(*br); - if (b_rule == NULL) continue; // skip RuleSetOptions object - ruleopt = b_rule->getOptionsObject(); - ruleopt->setBool("put_in_mangle_table", true); - } - } - } - } - } -} /* * TODO: use configlet to define structure of generated script. Need 2 @@ -151,6 +111,10 @@ string CompilerDriver_ipt::dumpScript(Firewall *fw, const string& filter_script, bool ipv6_policy) { + + // cerr << "nat script" << endl; + // cerr << "\"" << nat_script << "\"" << endl; + ostringstream res; ostringstream script; string prolog_place = fw->getOptionsObject()->getStr("prolog_place"); @@ -169,11 +133,14 @@ string CompilerDriver_ipt::dumpScript(Firewall *fw, { conf = new Configlet(fw, "linux24", "script_body_iptables_restore"); } else - conf = new Configlet(fw, "linux24", "script_body_single_rule"); + conf = new Configlet(fw, "linux24", "script_body_iptables_shell"); } conf->setVariable("auto", have_auto); + conf->setVariable("iptables_restore_format", + fw->getOptionsObject()->getBool("use_iptables_restore")); + conf->setVariable("filter", !filter_script.empty()); conf->setVariable("filter_or_auto", have_auto || !filter_script.empty()); conf->setVariable("filter_auto_script", automatic_rules_script.c_str()); diff --git a/src/iptlib/CompilerDriver_ipt.h b/src/iptlib/CompilerDriver_ipt.h index 5100f72ab..f1e80bde7 100644 --- a/src/iptlib/CompilerDriver_ipt.h +++ b/src/iptlib/CompilerDriver_ipt.h @@ -93,8 +93,6 @@ public: const std::string &single_rule_id); void assignRuleSetChain(libfwbuilder::RuleSet *ruleset); - void findBranchesInMangleTable(libfwbuilder::Firewall*, - std::list &all_policies); std::string dumpScript(libfwbuilder::Firewall *fw, const std::string& automatic_rules_script, diff --git a/src/iptlib/CompilerDriver_ipt_run.cpp b/src/iptlib/CompilerDriver_ipt_run.cpp index 801e16c68..086b225bb 100644 --- a/src/iptlib/CompilerDriver_ipt_run.cpp +++ b/src/iptlib/CompilerDriver_ipt_run.cpp @@ -231,7 +231,6 @@ QString CompilerDriver_ipt::run(const std::string &cluster_id, vector ipv4_6_runs; findImportedRuleSets(fw, all_policies); - findBranchesInMangleTable(fw, all_policies); findImportedRuleSets(fw, all_nat); try diff --git a/src/iptlib/NATCompiler_PrintRuleIptRst.cpp b/src/iptlib/NATCompiler_PrintRuleIptRst.cpp index d01bee142..2199948fe 100644 --- a/src/iptlib/NATCompiler_PrintRuleIptRst.cpp +++ b/src/iptlib/NATCompiler_PrintRuleIptRst.cpp @@ -78,35 +78,6 @@ string NATCompiler_ipt::PrintRuleIptRst::_printRuleLabel(NATRule *rule) Resources::os_res[compiler->fw->getStr("host_OS")]->Resources::getResourceBool("/FWBuilderResources/Target/options/suppress_comments"); return compiler->printComment(rule, current_rule_label, "#", nocomm); - -#if 0 - ostringstream res; - - string rl=rule->getLabel(); - if (rl!=current_rule_label) - { - if (!compiler->inSingleRuleCompileMode() && !nocomm) - { - res << "# " << endl; - res << "# Rule " << rl << endl; - res << "# " << endl; - } - -/* do not put comment in the script if it is intended for linksys */ - if (!nocomm || compiler->inSingleRuleCompileMode()) - { - QStringList comm = QString(rule->getComment().c_str()).split("\n"); - foreach(QString line, comm) - { - res << "# " << line.toStdString() << endl; - } - //res << "# " << endl; - } - current_rule_label=rl; - } - - return res.str(); -#endif } bool NATCompiler_ipt::PrintRuleIptRst::processNext() diff --git a/src/iptlib/NATCompiler_ipt.cpp b/src/iptlib/NATCompiler_ipt.cpp index 69c3b5bf6..e9305022f 100644 --- a/src/iptlib/NATCompiler_ipt.cpp +++ b/src/iptlib/NATCompiler_ipt.cpp @@ -2608,13 +2608,14 @@ void NATCompiler_ipt::compile() add( new simplePrintProgress() ); runRuleProcessors(); - } void NATCompiler_ipt::epilog() { - if (fwopt->getBool("use_iptables_restore")) + if (fwopt->getBool("use_iptables_restore") && + getCompiledScriptLength()>0 && + ! inSingleRuleCompileMode()) { output << "#" << endl; } diff --git a/src/iptlib/PolicyCompiler_PrintRule.cpp b/src/iptlib/PolicyCompiler_PrintRule.cpp index ca340845e..e829c5769 100644 --- a/src/iptlib/PolicyCompiler_PrintRule.cpp +++ b/src/iptlib/PolicyCompiler_PrintRule.cpp @@ -57,6 +57,7 @@ #include #include +#include #include #include diff --git a/src/iptlib/PolicyCompiler_ipt.cpp b/src/iptlib/PolicyCompiler_ipt.cpp index 22fff16df..010e1f1c8 100644 --- a/src/iptlib/PolicyCompiler_ipt.cpp +++ b/src/iptlib/PolicyCompiler_ipt.cpp @@ -519,102 +519,55 @@ bool PolicyCompiler_ipt::dropTerminatingTargets::processNext() return true; } -/* - * see #2367 #2397 TODO: this rule processor is not used anymore, remove. - * - * - * This rule processor converts non-terminating targets CLASSIFY and - * MARK to terminating targets (equivalent) by splitting the rule and - * adding one more rule with target ACCEPT. - * - * Note that target ROUTE is terminating unless parameter "--continue" - * is present. We add "--continue" if action is Continue, otherwise - * the rule does not need to be split and we carry action Accept further. - * - * Call this rule processor at the very end of the chain when all - * splits are done and target is set via "ipt_target" - */ -bool PolicyCompiler_ipt::splitTagClassifyOrRouteIfAction::processNext() +bool PolicyCompiler_ipt::clearTagClassifyOrRouteIfFilter::processNext() { PolicyCompiler_ipt *ipt_comp = dynamic_cast(compiler); PolicyRule *rule = getNext(); if (rule==NULL) return false; - string tgt = rule->getStr("ipt_target"); - FWOptions *ruleopt = rule->getOptionsObject(); - - if (ipt_comp->my_table=="mangle" && - (rule->getTagging() || rule->getClassification()) && - rule->getAction() != PolicyRule::Continue) + + if (ipt_comp->my_table != "mangle") { - RuleElementSrc *nsrc; - RuleElementDst *ndst; - RuleElementSrv *nsrv; - RuleElementItf *nitfre; - PolicyRule *r, *r2; + rule->setClassification(false); + rule->setRouting(false); + rule->setTagging(false); + } - string this_chain = rule->getStr("ipt_chain"); - string new_chain = this_chain; + tmp_queue.push_back(rule); + return true; +} - nsrc = rule->getSrc(); - ndst = rule->getDst(); - nsrv = rule->getSrv(); - nitfre = rule->getItf(); +bool PolicyCompiler_ipt::clearActionInTagClassifyIfMangle::processNext() +{ + PolicyCompiler_ipt *ipt_comp = dynamic_cast(compiler); + PolicyRule *rule = getNext(); if (rule==NULL) return false; - if (!nsrc->isAny() || - !ndst->isAny() || - !nsrv->isAny() || - !nitfre->isAny()) - { - new_chain = ipt_comp->getNewTmpChainName(rule); - r = compiler->dbcopy->createPolicyRule(); - compiler->temp_ruleset->add(r); - r->duplicate(rule); - r->setStr("subrule_suffix", "ntt"); - r->setStr("ipt_target", new_chain); - r->setClassification(false); - r->setRouting(false); - r->setTagging(false); - r->setLogging(false); - r->setAction(PolicyRule::Continue); - tmp_queue.push_back(r); - } + if (ipt_comp->my_table == "mangle" && + (rule->getTagging() || rule->getClassification()) + ) + rule->setAction(PolicyRule::Continue); - r = compiler->dbcopy->createPolicyRule(); - compiler->temp_ruleset->add(r); - r->duplicate(rule); - nsrc = r->getSrc(); nsrc->reset(); - ndst = r->getDst(); ndst->reset(); - nsrv = r->getSrv(); nsrv->reset(); - nitfre = r->getItf(); nitfre->reset(); - ruleopt = r->getOptionsObject(); - ruleopt->setInt("limit_value",-1); - ruleopt->setInt("limit_value",-1); - ruleopt->setInt("connlimit_value",-1); - ruleopt->setInt("hashlimit_value",-1); - ruleopt->setBool("stateless",true); - r->setLogging(false); - r->setStr("ipt_chain", new_chain); - r->setStr("upstream_rule_chain", this_chain); - r->setAction(PolicyRule::Continue); - ipt_comp->registerChain(new_chain); - ipt_comp->insertUpstreamChain(this_chain, new_chain); - tmp_queue.push_back(r); + tmp_queue.push_back(rule); + return true; +} - r2 = compiler->dbcopy->createPolicyRule(); - compiler->temp_ruleset->add(r2); - r2->duplicate(r); - r2->setClassification(false); - r2->setRouting(false); - r2->setTagging(false); - r2->setLogging(false); - r2->setAction( rule->getAction()); - - ruleopt = r2->getOptionsObject(); - ruleopt->setBool("stateless", true); - tmp_queue.push_back(r2); +/* + * in a rule generates some code in both filter and mangle tables and + * has logging turned on, we should log only once. Will log in filter. + * However if the rule belongs to mangle-only rule set, we should log + * in mangle. + */ +bool PolicyCompiler_ipt::clearLogInTagClassifyOrRouteIfMangle::processNext() +{ + PolicyCompiler_ipt *ipt_comp = dynamic_cast(compiler); + PolicyRule *rule = getNext(); if (rule==NULL) return false; + FWOptions *rulesetopts = ipt_comp->getSourceRuleSet()->getOptionsObject(); + if (rulesetopts->getBool("mangle_only_rule_set")) + { + tmp_queue.push_back(rule); return true; } + if (ipt_comp->my_table == "mangle") rule->setLogging(false); tmp_queue.push_back(rule); return true; } @@ -648,13 +601,8 @@ bool PolicyCompiler_ipt::splitIfTagClassifyOrRoute::processNext() nitfre = rule->getItf(); if ( - (! nsrc->isAny() || ! ndst->isAny() || ! nsrv->isAny() || ! nitfre->isAny()) && - ( - number_of_options > 1 || - ( - ! rule->getRouting() && rule->getAction() != PolicyRule::Continue - ) - ) + (! nsrc->isAny() || ! ndst->isAny() || + ! nsrv->isAny() || ! nitfre->isAny()) && number_of_options > 1 ) { new_chain = ipt_comp->getNewTmpChainName(rule); @@ -812,17 +760,6 @@ bool PolicyCompiler_ipt::Route::processNext() return true; } - -/* - * A note about CLASSIFY target in iptables: - * - * CLASSIFY only works in mangle table in POSTROUTING chain. - * the man page does not mention this, but module documentation - * in p-o-m says so. - * - * per bug #1618329: "Wrong in-code comment" this comment is incorrect, - * CLASSIFY target is valid in POSTROUTING, OUTPUT and FORWARD chains. - */ bool PolicyCompiler_ipt::dropMangleTableRules::processNext() { PolicyRule *rule=getNext(); if (rule==NULL) return false; @@ -833,9 +770,9 @@ bool PolicyCompiler_ipt::dropMangleTableRules::processNext() FWOptions *rulesetopts = ipt_comp->getSourceRuleSet()->getOptionsObject(); if (rulesetopts->getBool("mangle_only_rule_set")) return true; - if (rule->getTagging() || - rule->getRouting() || - rule->getClassification()) return true; + if ( rule->getAction() == PolicyRule::Continue && ! rule->getLogging() && + (rule->getTagging() || rule->getRouting() || rule->getClassification())) + return true; // Another special case (while working on #1415, although not // related directly): branching rule that has "branch in mangle table" @@ -2307,12 +2244,15 @@ bool PolicyCompiler_ipt::splitIfSrcAny::processNext() r->setDirection( PolicyRule::Outbound ); tmp_queue.push_back(r); - // if this rule is for mangle table, need to put it into - // POSTROUTING chain as well because some targets that - // work with mangle table can only go into POSTROUTING chain - // such as CLASSIFY - if (ipt_comp->my_table=="mangle" && - rule->getClassification()) + /* + * A note about CLASSIFY target in iptables: + * + * CLASSIFY only works in mangle table in POSTROUTING chain. + * the man page does not mention this, but module + * documentation in p-o-m says so. + */ + + if (ipt_comp->my_table=="mangle" && rule->getClassification()) { r= compiler->dbcopy->createPolicyRule(); compiler->temp_ruleset->add(r); @@ -4285,6 +4225,12 @@ void PolicyCompiler_ipt::compile() add( new checkForUnsupportedCombinationsInMangle( "Check for unsupported Tag+Route and Classify+Route combinations")); + add( new clearTagClassifyOrRouteIfFilter( + "Clear Tag, Classify and Route options in filter table")); + add( new clearLogInTagClassifyOrRouteIfMangle( + "clear logging in rules with Tag, Classify or Route options in mangle")); + add( new clearActionInTagClassifyIfMangle( + "clear action in rules with Tag and Classify in mangle")); add( new storeAction("store original action of this rule")); @@ -4712,7 +4658,9 @@ string PolicyCompiler_ipt::debugPrintRule(Rule *r) void PolicyCompiler_ipt::epilog() { - if (fwopt->getBool("use_iptables_restore") && getCompiledScriptLength()>0) + if (fwopt->getBool("use_iptables_restore") && + getCompiledScriptLength()>0 && + ! inSingleRuleCompileMode()) { output << "#" << endl; } diff --git a/src/iptlib/PolicyCompiler_ipt.h b/src/iptlib/PolicyCompiler_ipt.h index f26ebfc63..ff14a7c48 100644 --- a/src/iptlib/PolicyCompiler_ipt.h +++ b/src/iptlib/PolicyCompiler_ipt.h @@ -236,6 +236,24 @@ protected: */ DECLARE_POLICY_RULE_PROCESSOR(splitIfTagClassifyOrRoute); + /** + * clears options Tag, Classify and Route in filter table + */ + DECLARE_POLICY_RULE_PROCESSOR(clearTagClassifyOrRouteIfFilter); + + /** + * turns off logging in rules with options Tag, Classify or + * Route in table mangle + */ + DECLARE_POLICY_RULE_PROCESSOR(clearLogInTagClassifyOrRouteIfMangle); + + /** + * switches action to Continue in rules with options Tag, + * Classify in mangle table. We deal with other actions in + * table filter. + */ + DECLARE_POLICY_RULE_PROCESSOR(clearActionInTagClassifyIfMangle); + /** * this processor checks if the rule is associated with an @@ -682,12 +700,6 @@ protected: */ DECLARE_POLICY_RULE_PROCESSOR(decideOnChainForClassify); - /** - * Split rules with options Tag, Classiyfy and Route if action - * is not Continue - */ - DECLARE_POLICY_RULE_PROCESSOR(splitTagClassifyOrRouteIfAction); - /** * drop rules with terminating targets. Used as part of the * shadowing detection for non-terminating rules in the mangle diff --git a/src/iptlib/PolicyCompiler_ipt_optimizer.cpp b/src/iptlib/PolicyCompiler_ipt_optimizer.cpp index f1ae5531f..89d59bb6d 100644 --- a/src/iptlib/PolicyCompiler_ipt_optimizer.cpp +++ b/src/iptlib/PolicyCompiler_ipt_optimizer.cpp @@ -123,6 +123,11 @@ void PolicyCompiler_ipt::optimize1::optimizeForRuleElement( } } r->setStr("ipt_target",new_chain); + + r->setClassification(false); + r->setRouting(false); + r->setTagging(false); + tmp_queue.push_back(r); FWOptions *ruleopt=rule->getOptionsObject(); diff --git a/src/res/configlets/linux24/script_body_iptables_shell b/src/res/configlets/linux24/script_body_iptables_shell new file mode 100644 index 000000000..68b4b9645 --- /dev/null +++ b/src/res/configlets/linux24/script_body_iptables_shell @@ -0,0 +1,25 @@ +## -*- mode: shell-script; -*- +## +## To be able to make changes to the part of configuration created +## from this configlet you need to copy this file to the directory +## fwbuilder/configlets/linux24/ in your home directory and modify it. +## Double "##" comments are removed during processing but single "#" +## comments are be retained and appear in the generated script. Empty +## lines are removed as well. +## +## Configlets support simple macro language with these constructs: +## {{$var}} is variable expansion +## {{if var}} is conditional operator. +## +## this template is used for single rule compile, both +## iptables-restore and regular, as well as for the regular +## (not iptables-restore) script +{{if auto}}{{$filter_auto_script}} +{{$mangle_auto_script}}{{endif}} + +{{if nat}}{{$nat_script}}{{endif}} + +{{if mangle}}{{$mangle_script}}{{endif}} + +{{if filter}}{{$filter_script}}{{endif}} + diff --git a/src/res/configlets/linux24/script_body_single_rule b/src/res/configlets/linux24/script_body_single_rule index 68b4b9645..704b1899d 100644 --- a/src/res/configlets/linux24/script_body_single_rule +++ b/src/res/configlets/linux24/script_body_single_rule @@ -14,12 +14,19 @@ ## this template is used for single rule compile, both ## iptables-restore and regular, as well as for the regular ## (not iptables-restore) script -{{if auto}}{{$filter_auto_script}} -{{$mangle_auto_script}}{{endif}} -{{if nat}}{{$nat_script}}{{endif}} +{{if filter}} +{{if iptables_restore_format}}echo '*filter' {{endif}} +{{$filter_script}} +{{endif}} -{{if mangle}}{{$mangle_script}}{{endif}} +{{if mangle}} +{{if iptables_restore_format}}echo '*mangle' {{endif}} +{{$mangle_script}} +{{endif}} -{{if filter}}{{$filter_script}}{{endif}} +{{if nat}} +{{if iptables_restore_format}}echo '*nat' {{endif}} +{{$nat_script}} +{{endif}} diff --git a/test/ipt/cluster1_secuwall-1.fw.orig b/test/ipt/cluster1_secuwall-1.fw.orig index f9d5d9b6c..ee3aa5009 100755 --- a/test/ipt/cluster1_secuwall-1.fw.orig +++ b/test/ipt/cluster1_secuwall-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:53 2011 PDT by vadim +# Generated Fri May 13 12:36:56 2011 PDT by vadim # # files: * cluster1_secuwall-1.fw /etc/cluster1_secuwall-1.fw # @@ -588,7 +588,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:53 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:56 2011 by vadim" log "Database was cluster-tests.fwb" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-base-rulesets.fw.orig b/test/ipt/firewall-base-rulesets.fw.orig index 7355bb691..0307140c7 100755 --- a/test/ipt/firewall-base-rulesets.fw.orig +++ b/test/ipt/firewall-base-rulesets.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:07 2011 PDT by vadim +# Generated Fri May 13 12:36:09 2011 PDT by vadim # # files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw # @@ -445,7 +445,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:07 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:09 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-1.fw.orig b/test/ipt/firewall-ipv6-1.fw.orig index 0435f1265..e615bf432 100755 --- a/test/ipt/firewall-ipv6-1.fw.orig +++ b/test/ipt/firewall-ipv6-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:16 2011 PDT by vadim +# Generated Fri May 13 12:36:19 2011 PDT by vadim # # files: * firewall-ipv6-1.fw /etc/firewall-ipv6-1.fw # @@ -702,7 +702,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:16 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:19 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-2.fw.orig b/test/ipt/firewall-ipv6-2.fw.orig index a0df875f7..d82623733 100755 --- a/test/ipt/firewall-ipv6-2.fw.orig +++ b/test/ipt/firewall-ipv6-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:16 2011 PDT by vadim +# Generated Fri May 13 12:36:19 2011 PDT by vadim # # files: * firewall-ipv6-2.fw /etc/firewall-ipv6-2.fw # @@ -966,7 +966,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:16 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:19 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-3.fw.orig b/test/ipt/firewall-ipv6-3.fw.orig index 9f086050d..5a2c60a67 100755 --- a/test/ipt/firewall-ipv6-3.fw.orig +++ b/test/ipt/firewall-ipv6-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:27 2011 PDT by vadim +# Generated Fri May 13 12:36:29 2011 PDT by vadim # # files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw # @@ -596,7 +596,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:27 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-4-1.fw.orig b/test/ipt/firewall-ipv6-4-1.fw.orig index 771dcade3..be6e864bf 100755 --- a/test/ipt/firewall-ipv6-4-1.fw.orig +++ b/test/ipt/firewall-ipv6-4-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:38 2011 PDT by vadim +# Generated Fri May 13 12:36:40 2011 PDT by vadim # # files: * firewall-ipv6-4-1.fw /etc/firewall-ipv6-4-1.fw # @@ -545,7 +545,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:38 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:40 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-4.fw.orig b/test/ipt/firewall-ipv6-4.fw.orig index 31c6df5ee..54ec72810 100755 --- a/test/ipt/firewall-ipv6-4.fw.orig +++ b/test/ipt/firewall-ipv6-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:27 2011 PDT by vadim +# Generated Fri May 13 12:36:29 2011 PDT by vadim # # files: * firewall-ipv6-4.fw /etc/firewall-ipv6-4.fw # @@ -581,7 +581,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:27 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-5.fw.orig b/test/ipt/firewall-ipv6-5.fw.orig index 442c05ae4..6d14e000d 100755 --- a/test/ipt/firewall-ipv6-5.fw.orig +++ b/test/ipt/firewall-ipv6-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:29 2011 PDT by vadim +# Generated Fri May 13 12:36:31 2011 PDT by vadim # # files: * firewall-ipv6-5.fw /etc/firewall-ipv6-5.fw # @@ -412,7 +412,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:29 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:31 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-6.fw.orig b/test/ipt/firewall-ipv6-6.fw.orig index 7b7d981f1..db10ada5a 100755 --- a/test/ipt/firewall-ipv6-6.fw.orig +++ b/test/ipt/firewall-ipv6-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:31 2011 PDT by vadim +# Generated Fri May 13 12:36:33 2011 PDT by vadim # # files: * firewall-ipv6-6.fw /etc/firewall-ipv6-6.fw # @@ -399,7 +399,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:31 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:33 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-7.fw.orig b/test/ipt/firewall-ipv6-7.fw.orig index 2ca8fa147..076a6a689 100755 --- a/test/ipt/firewall-ipv6-7.fw.orig +++ b/test/ipt/firewall-ipv6-7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:32 2011 PDT by vadim +# Generated Fri May 13 12:36:34 2011 PDT by vadim # # files: * firewall-ipv6-7.fw /etc/firewall-ipv6-7.fw # @@ -443,7 +443,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:32 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:34 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-8.fw.orig b/test/ipt/firewall-ipv6-8.fw.orig index a209f766c..80cdeb975 100755 --- a/test/ipt/firewall-ipv6-8.fw.orig +++ b/test/ipt/firewall-ipv6-8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:34 2011 PDT by vadim +# Generated Fri May 13 12:36:36 2011 PDT by vadim # # files: * firewall-ipv6-8.fw /etc/firewall-ipv6-8.fw # @@ -484,7 +484,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:34 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig index 7d5631f63..9eba5a192 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:35 2011 PDT by vadim +# Generated Fri May 13 12:54:33 2011 PDT by vadim # # files: * firewall-ipv6-ipt-reset-prolog-after-flush.fw /etc/firewall-ipv6-ipt-reset-prolog-after-flush.fw # @@ -378,14 +378,6 @@ script_body() { - echo '*nat' - # ================ Table 'nat', rule set NAT - echo :PREROUTING ACCEPT [0:0] - echo :POSTROUTING ACCEPT [0:0] - echo :OUTPUT ACCEPT [0:0] - # - echo COMMIT - ) | $IP6TABLES_RESTORE; IPTABLES_RESTORE_RES=$? @@ -450,7 +442,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:35 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:54:33 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig index ffb2ebcbc..bd59e33f0 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:37 2011 PDT by vadim +# Generated Fri May 13 12:36:39 2011 PDT by vadim # # files: * firewall-ipv6-ipt-reset-prolog-after-interfaces.fw /etc/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw # @@ -378,14 +378,6 @@ script_body() { - echo '*nat' - # ================ Table 'nat', rule set NAT - echo :PREROUTING ACCEPT [0:0] - echo :POSTROUTING ACCEPT [0:0] - echo :OUTPUT ACCEPT [0:0] - # - echo COMMIT - ) | $IP6TABLES_RESTORE; IPTABLES_RESTORE_RES=$? @@ -450,7 +442,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:37 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:39 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig index 77a5d8ec7..14b73a811 100755 --- a/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig +++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:39 2011 PDT by vadim +# Generated Fri May 13 12:36:41 2011 PDT by vadim # # files: * firewall-ipv6-ipt-reset-prolog-top.fw /etc/firewall-ipv6-ipt-reset-prolog-top.fw # @@ -378,14 +378,6 @@ script_body() { - echo '*nat' - # ================ Table 'nat', rule set NAT - echo :PREROUTING ACCEPT [0:0] - echo :POSTROUTING ACCEPT [0:0] - echo :OUTPUT ACCEPT [0:0] - # - echo COMMIT - ) | $IP6TABLES_RESTORE; IPTABLES_RESTORE_RES=$? @@ -450,7 +442,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:39 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:41 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-nd-ns-1.fw.orig b/test/ipt/firewall-ipv6-nd-ns-1.fw.orig index f367b0c33..5baf21355 100755 --- a/test/ipt/firewall-ipv6-nd-ns-1.fw.orig +++ b/test/ipt/firewall-ipv6-nd-ns-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:40 2011 PDT by vadim +# Generated Fri May 13 12:36:42 2011 PDT by vadim # # files: * firewall-ipv6-nd-ns-1.fw /etc/firewall-ipv6-nd-ns-1.fw # @@ -442,7 +442,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:40 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:42 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-nd-ns-2.fw.orig b/test/ipt/firewall-ipv6-nd-ns-2.fw.orig index eb5a71ca2..60f06eb5a 100755 --- a/test/ipt/firewall-ipv6-nd-ns-2.fw.orig +++ b/test/ipt/firewall-ipv6-nd-ns-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:41 2011 PDT by vadim +# Generated Fri May 13 12:36:44 2011 PDT by vadim # # files: * firewall-ipv6-nd-ns-2.fw /etc/firewall-ipv6-nd-ns-2.fw # @@ -446,7 +446,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:41 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:44 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig b/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig index 8e6997df3..d1283e1b8 100755 --- a/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:42 2011 PDT by vadim +# Generated Fri May 13 12:36:44 2011 PDT by vadim # # files: * firewall-ipv6-prolog-after-flush.fw /etc/firewall-ipv6-prolog-after-flush.fw # @@ -420,7 +420,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:42 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:44 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig b/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig index ae9618fd4..23f8e2230 100755 --- a/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:43 2011 PDT by vadim +# Generated Fri May 13 12:36:46 2011 PDT by vadim # # files: * firewall-ipv6-prolog-after-interfaces.fw /etc/firewall-ipv6-prolog-after-interfaces.fw # @@ -420,7 +420,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:43 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:46 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall-ipv6-prolog-top.fw.orig b/test/ipt/firewall-ipv6-prolog-top.fw.orig index d30e9f600..7aa41c806 100755 --- a/test/ipt/firewall-ipv6-prolog-top.fw.orig +++ b/test/ipt/firewall-ipv6-prolog-top.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:44 2011 PDT by vadim +# Generated Fri May 13 12:36:46 2011 PDT by vadim # # files: * firewall-ipv6-prolog-top.fw /etc/firewall-ipv6-prolog-top.fw # @@ -420,7 +420,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:44 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:46 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall-server-1-s.fw.orig b/test/ipt/firewall-server-1-s.fw.orig index 534f4c570..d0850e4f8 100755 --- a/test/ipt/firewall-server-1-s.fw.orig +++ b/test/ipt/firewall-server-1-s.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:45 2011 PDT by vadim +# Generated Fri May 13 12:36:48 2011 PDT by vadim # # files: * firewall-server-1-s.fw /etc/fw/firewall-server-1-s.fw # @@ -393,7 +393,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:45 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall.fw.orig b/test/ipt/firewall.fw.orig index b60aa67d0..6238bdd83 100755 --- a/test/ipt/firewall.fw.orig +++ b/test/ipt/firewall.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:22 2011 PDT by vadim +# Generated Fri May 13 12:34:27 2011 PDT by vadim # # files: * firewall.fw /etc/fw/firewall.fw # @@ -1376,7 +1376,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:22 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:27 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall1.fw.orig b/test/ipt/firewall1.fw.orig index e1189c057..47648a97d 100755 --- a/test/ipt/firewall1.fw.orig +++ b/test/ipt/firewall1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.ma_1 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Tue May 3 19:32:00 2011 PDT by vadim +# Generated Fri May 13 12:34:28 2011 PDT by vadim # # files: * firewall1.fw /etc/fw/firewall1.fw # @@ -1248,7 +1248,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue May 3 19:32:00 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:28 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall10.fw.orig b/test/ipt/firewall10.fw.orig index 1aa94975c..6910474b2 100755 --- a/test/ipt/firewall10.fw.orig +++ b/test/ipt/firewall10.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:24 2011 PDT by vadim +# Generated Fri May 13 12:34:29 2011 PDT by vadim # # files: * firewall10.fw /etc/fw/firewall10.fw # @@ -473,7 +473,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:24 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:29 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall11.fw.orig b/test/ipt/firewall11.fw.orig index 3ac648663..ffe377be7 100755 --- a/test/ipt/firewall11.fw.orig +++ b/test/ipt/firewall11.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:26 2011 PDT by vadim +# Generated Fri May 13 12:34:31 2011 PDT by vadim # # files: * firewall11.fw /etc/fw/firewall11.fw # @@ -589,7 +589,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:26 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:31 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall12.fw.orig b/test/ipt/firewall12.fw.orig index 81f0342f2..14f496aa2 100755 --- a/test/ipt/firewall12.fw.orig +++ b/test/ipt/firewall12.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:26 2011 PDT by vadim +# Generated Fri May 13 12:34:31 2011 PDT by vadim # # files: * firewall12.fw /etc/fw/firewall12.fw # @@ -511,7 +511,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:26 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:31 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall13.fw.orig b/test/ipt/firewall13.fw.orig index e2b92e5a1..9eaaf5d64 100755 --- a/test/ipt/firewall13.fw.orig +++ b/test/ipt/firewall13.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:29 2011 PDT by vadim +# Generated Fri May 13 12:34:33 2011 PDT by vadim # # files: * firewall13.fw /etc/fw/firewall13.fw # @@ -385,7 +385,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:29 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:33 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall14.fw.orig b/test/ipt/firewall14.fw.orig index 97382f6a0..304aaeded 100755 --- a/test/ipt/firewall14.fw.orig +++ b/test/ipt/firewall14.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:29 2011 PDT by vadim +# Generated Fri May 13 12:34:33 2011 PDT by vadim # # files: * firewall14.fw /etc/fw/firewall14.fw # @@ -404,7 +404,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:29 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:33 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall15.fw.orig b/test/ipt/firewall15.fw.orig index cc6e4eae4..d0345aabc 100755 --- a/test/ipt/firewall15.fw.orig +++ b/test/ipt/firewall15.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:31 2011 PDT by vadim +# Generated Fri May 13 12:34:36 2011 PDT by vadim # # files: * firewall15.fw /etc/fw/firewall15.fw # @@ -388,7 +388,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:31 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall16.fw.orig b/test/ipt/firewall16.fw.orig index a56a69ce8..bb925ab5e 100755 --- a/test/ipt/firewall16.fw.orig +++ b/test/ipt/firewall16.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:31 2011 PDT by vadim +# Generated Fri May 13 12:34:36 2011 PDT by vadim # # files: * firewall16.fw /etc/fw/firewall16.fw # @@ -492,7 +492,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:31 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall17.fw.orig b/test/ipt/firewall17.fw.orig index 5ab159d46..2bcce249f 100755 --- a/test/ipt/firewall17.fw.orig +++ b/test/ipt/firewall17.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:33 2011 PDT by vadim +# Generated Fri May 13 12:34:38 2011 PDT by vadim # # files: * firewall17.fw /etc/fw/firewall17.fw # @@ -471,7 +471,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:33 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:38 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall18.fw.orig b/test/ipt/firewall18.fw.orig index a8d0aed49..44d3fade8 100755 --- a/test/ipt/firewall18.fw.orig +++ b/test/ipt/firewall18.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:33 2011 PDT by vadim +# Generated Fri May 13 12:34:38 2011 PDT by vadim # # files: * firewall18.fw /etc/fw/firewall18.fw # @@ -504,7 +504,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:33 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:38 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall19.fw.orig b/test/ipt/firewall19.fw.orig index 71e2ccae4..b96dc6555 100755 --- a/test/ipt/firewall19.fw.orig +++ b/test/ipt/firewall19.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:35 2011 PDT by vadim +# Generated Fri May 13 12:34:40 2011 PDT by vadim # # files: * firewall19.fw /etc/fw/firewall19.fw # @@ -508,7 +508,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:35 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:40 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall2-1.fw.orig b/test/ipt/firewall2-1.fw.orig index 50946a2b3..7ab8b99f8 100755 --- a/test/ipt/firewall2-1.fw.orig +++ b/test/ipt/firewall2-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:43 2011 PDT by vadim +# Generated Fri May 13 12:34:48 2011 PDT by vadim # # files: * firewall2-1.fw /etc/fw/firewall2-1.fw # @@ -1430,7 +1430,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:43 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:48 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-2.fw.orig b/test/ipt/firewall2-2.fw.orig index c18d72998..24db957c8 100755 --- a/test/ipt/firewall2-2.fw.orig +++ b/test/ipt/firewall2-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:46 2011 PDT by vadim +# Generated Fri May 13 12:34:51 2011 PDT by vadim # # files: * firewall2-2.fw /etc/fw/firewall2-2.fw # @@ -1259,7 +1259,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:46 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:51 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-3.fw.orig b/test/ipt/firewall2-3.fw.orig index 1d27dd501..552730a88 100755 --- a/test/ipt/firewall2-3.fw.orig +++ b/test/ipt/firewall2-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:48 2011 PDT by vadim +# Generated Fri May 13 12:34:53 2011 PDT by vadim # # files: * firewall2-3.fw /etc/fw/firewall2-3.fw # @@ -1118,7 +1118,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:48 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:53 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-4.fw.orig b/test/ipt/firewall2-4.fw.orig index 98682d210..ea9ac52e9 100755 --- a/test/ipt/firewall2-4.fw.orig +++ b/test/ipt/firewall2-4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:50 2011 PDT by vadim +# Generated Fri May 13 12:34:55 2011 PDT by vadim # # files: * firewall2-4.fw /etc/fw/firewall2-4.fw # @@ -424,7 +424,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:50 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:55 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-5.fw.orig b/test/ipt/firewall2-5.fw.orig index 417589041..701756229 100755 --- a/test/ipt/firewall2-5.fw.orig +++ b/test/ipt/firewall2-5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:52 2011 PDT by vadim +# Generated Fri May 13 12:34:58 2011 PDT by vadim # # files: * firewall2-5.fw /etc/fw/firewall2-5.fw # @@ -455,7 +455,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:52 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:58 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-6.fw.orig b/test/ipt/firewall2-6.fw.orig index 2c23f4b8e..8edb25113 100755 --- a/test/ipt/firewall2-6.fw.orig +++ b/test/ipt/firewall2-6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.ma_1 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Tue May 3 19:32:31 2011 PDT by vadim +# Generated Fri May 13 12:35:00 2011 PDT by vadim # # files: * firewall2-6.fw /etc/fw/firewall2-6.fw # @@ -482,7 +482,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue May 3 19:32:31 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:00 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2-7.fw.orig b/test/ipt/firewall2-7.fw.orig index 80c653eb7..0718b12ed 100755 --- a/test/ipt/firewall2-7.fw.orig +++ b/test/ipt/firewall2-7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:57 2011 PDT by vadim +# Generated Fri May 13 12:35:03 2011 PDT by vadim # # files: * firewall2-7.fw /etc/fw/firewall2-7.fw # @@ -424,7 +424,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:57 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:03 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall2.fw.orig b/test/ipt/firewall2.fw.orig index d79276efa..45faca955 100755 --- a/test/ipt/firewall2.fw.orig +++ b/test/ipt/firewall2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:37 2011 PDT by vadim +# Generated Fri May 13 12:34:42 2011 PDT by vadim # # files: * firewall2.fw /etc/fw/firewall2.fw # @@ -1482,7 +1482,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:37 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:42 2011 by vadim" check_tools check_run_time_address_table_files diff --git a/test/ipt/firewall20-ipv6.fw.orig b/test/ipt/firewall20-ipv6.fw.orig index 3e7859999..ec9d25e6a 100755 --- a/test/ipt/firewall20-ipv6.fw.orig +++ b/test/ipt/firewall20-ipv6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:39 2011 PDT by vadim +# Generated Fri May 13 12:34:44 2011 PDT by vadim # # files: * firewall20-ipv6.fw /etc/fw/firewall20-ipv6.fw # @@ -456,7 +456,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:39 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:44 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall20.fw.orig b/test/ipt/firewall20.fw.orig index e093bb46b..9564fa35f 100755 --- a/test/ipt/firewall20.fw.orig +++ b/test/ipt/firewall20.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:37 2011 PDT by vadim +# Generated Fri May 13 12:34:42 2011 PDT by vadim # # files: * firewall20.fw /etc/fw/firewall20.fw # @@ -674,7 +674,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:37 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:42 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall21-1.fw.orig b/test/ipt/firewall21-1.fw.orig index 9b62dda2d..9d0cc40ea 100755 --- a/test/ipt/firewall21-1.fw.orig +++ b/test/ipt/firewall21-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:42 2011 PDT by vadim +# Generated Fri May 13 12:34:46 2011 PDT by vadim # # files: * firewall21-1.fw /etc/fw/firewall21-1.fw # @@ -470,7 +470,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:42 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:46 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall21.fw.orig b/test/ipt/firewall21.fw.orig index 0102938e1..fca090b56 100755 --- a/test/ipt/firewall21.fw.orig +++ b/test/ipt/firewall21.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:39 2011 PDT by vadim +# Generated Fri May 13 12:34:44 2011 PDT by vadim # # files: * firewall21.fw /etc/fw/firewall21.fw # @@ -469,7 +469,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:39 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:44 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall22.fw.orig b/test/ipt/firewall22.fw.orig index 0af776aa4..3ce60ac1d 100755 --- a/test/ipt/firewall22.fw.orig +++ b/test/ipt/firewall22.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:43 2011 PDT by vadim +# Generated Fri May 13 12:34:48 2011 PDT by vadim # # files: * firewall22.fw /etc/fw/firewall22.fw # @@ -390,7 +390,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:43 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall23-1.fw.orig b/test/ipt/firewall23-1.fw.orig index 008c504c1..32a1362ff 100755 --- a/test/ipt/firewall23-1.fw.orig +++ b/test/ipt/firewall23-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:48 2011 PDT by vadim +# Generated Fri May 13 12:34:53 2011 PDT by vadim # # files: * firewall23-1.fw /etc/fw/firewall23-1.fw # @@ -299,22 +299,19 @@ script_body() { # echo "Rule 13 (eth2)" # - $IPTABLES -t mangle -A POSTROUTING -m physdev --physdev-out eth2 -p tcp -m tcp -d 192.168.1.0/24 --dport 22 -j CLASSIFY --set-class 1:12 + $IPTABLES -t mangle -A POSTROUTING -m physdev --physdev-out eth2 -p tcp -m tcp -d 192.168.1.0/24 --dport 22 -j CLASSIFY --set-class 1:12 # # Rule 14 (eth3) # echo "Rule 14 (eth3)" # - $IPTABLES -t mangle -A POSTROUTING -m physdev --physdev-out eth3 -p tcp -m tcp -d 192.168.1.0/24 --dport 22 -j CLASSIFY --set-class 2:12 + $IPTABLES -t mangle -A POSTROUTING -m physdev --physdev-out eth3 -p tcp -m tcp -d 192.168.1.0/24 --dport 22 -j CLASSIFY --set-class 2:12 # # Rule 15 (eth2) # echo "Rule 15 (eth2)" # - $IPTABLES -N Out_RULE_15 -t mangle - $IPTABLES -t mangle -A POSTROUTING -m physdev --physdev-out eth2 -p tcp -m tcp -d 192.168.1.0/24 --dport 22 -j Out_RULE_15 - $IPTABLES -t mangle -A Out_RULE_15 -j LOG --log-level debug - $IPTABLES -t mangle -A Out_RULE_15 -j CLASSIFY --set-class 1:12 + $IPTABLES -t mangle -A POSTROUTING -m physdev --physdev-out eth2 -p tcp -m tcp -d 192.168.1.0/24 --dport 22 -j CLASSIFY --set-class 1:12 # ================ Table 'filter', rule set Policy # @@ -425,6 +422,12 @@ script_body() { # $IPTABLES -A FORWARD -m physdev --physdev-out eth3 -s 192.168.1.10 -d 224.0.0.0/4 -m state --state NEW -j ACCEPT # + # Rule 15 (eth2) + # + echo "Rule 15 (eth2)" + # + $IPTABLES -A FORWARD -m physdev --physdev-out eth2 -p tcp -m tcp -d 192.168.1.0/24 --dport 22 -j LOG --log-level debug + # # Rule 16 (global) # echo "Rule 16 (global)" @@ -561,7 +564,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:48 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:53 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall23.fw.orig b/test/ipt/firewall23.fw.orig index 72f5e635a..d77643c02 100755 --- a/test/ipt/firewall23.fw.orig +++ b/test/ipt/firewall23.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:46 2011 PDT by vadim +# Generated Fri May 13 12:34:50 2011 PDT by vadim # # files: * firewall23.fw /etc/fw/firewall23.fw # @@ -476,7 +476,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:46 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:50 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall24.fw.orig b/test/ipt/firewall24.fw.orig index 57ae9783b..0b36e4f03 100755 --- a/test/ipt/firewall24.fw.orig +++ b/test/ipt/firewall24.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:50 2011 PDT by vadim +# Generated Fri May 13 12:34:55 2011 PDT by vadim # # files: * firewall24.fw /etc/fw/firewall24.fw # @@ -493,7 +493,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:50 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:55 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall25.fw.orig b/test/ipt/firewall25.fw.orig index a64d05e69..4a426f806 100755 --- a/test/ipt/firewall25.fw.orig +++ b/test/ipt/firewall25.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:52 2011 PDT by vadim +# Generated Fri May 13 12:34:58 2011 PDT by vadim # # files: * firewall25.fw /etc/fw/firewall25.fw # @@ -506,6 +506,15 @@ script_body() { echo "-A Cid417C6878.1 -s 192.168.1.0/24 -j ACCEPT " echo "-A Cid417C6878.1 -s 192.168.2.0/24 -j ACCEPT " # + # Rule 17 (global) + # this rule should go to mangle table, + # since we also have default rule that goes to mangle (TCPMSS) + # and pure mangle ruleset, making sure all rules for + # mangle table end up with one COMMIT + echo "-A OUTPUT -m state --state NEW -j LOG " + echo "-A INPUT -m state --state NEW -j LOG " + echo "-A FORWARD -m state --state NEW -j LOG " + # # Rule 18 (global) echo "-A OUTPUT -j policy_2 " echo "-A INPUT -j policy_2 " @@ -530,18 +539,6 @@ script_body() { echo '*mangle' # ================ Table 'mangle', automatic rules echo "-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu" - # ================ Table 'mangle', rule set policy_2 - # - # Rule policy_2 0 (eth2) - echo ":policy_2 - [0:0]" - echo "-A policy_2 -o eth2 -m state --state NEW -j ACCEPT " - # - # Rule policy_2 1 (global) - echo ":policy_2_1 - [0:0]" - echo "-A policy_2 -j policy_2_1 " - echo "-A policy_2_1 -j LOG " - echo "-A policy_2_1 -j DROP " - # # ================ Table 'mangle', rule set policy_2_mangle # # Rule policy_2_mangle 0 (eth2) @@ -570,13 +567,11 @@ script_body() { # since we also have default rule that goes to mangle (TCPMSS) # and pure mangle ruleset, making sure all rules for # mangle table end up with one COMMIT - echo ":RULE_17 - [0:0]" - echo "-A OUTPUT -m state --state NEW -j RULE_17 " - echo "-A PREROUTING -m state --state NEW -j RULE_17 " - echo "-A RULE_17 -j LOG " - echo "-A RULE_17 -j MARK --set-mark 10" + echo "-A OUTPUT -m state --state NEW -j MARK --set-mark 10" + echo "-A PREROUTING -m state --state NEW -j MARK --set-mark 10" # # Rule 18 (global) + echo ":policy_2 - [0:0]" echo "-A PREROUTING -j policy_2 " echo "-A POSTROUTING -j policy_2 " echo "-A FORWARD -j policy_2 " @@ -689,7 +684,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:52 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:34:58 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall26.fw.orig b/test/ipt/firewall26.fw.orig index e8f94facd..214bf610e 100755 --- a/test/ipt/firewall26.fw.orig +++ b/test/ipt/firewall26.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:55 2011 PDT by vadim +# Generated Fri May 13 12:35:00 2011 PDT by vadim # # files: * firewall26.fw /etc/fw/firewall26.fw # @@ -562,7 +562,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:55 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:00 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall27.fw.orig b/test/ipt/firewall27.fw.orig index 6b714b49c..789d9a5ee 100755 --- a/test/ipt/firewall27.fw.orig +++ b/test/ipt/firewall27.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:28:57 2011 PDT by vadim +# Generated Fri May 13 12:35:03 2011 PDT by vadim # # files: * firewall27.fw /etc/fw/firewall27.fw # @@ -546,7 +546,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:28:57 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:03 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall28.fw.orig b/test/ipt/firewall28.fw.orig index 386e56cbe..155a0bb73 100755 --- a/test/ipt/firewall28.fw.orig +++ b/test/ipt/firewall28.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:00 2011 PDT by vadim +# Generated Fri May 13 12:35:05 2011 PDT by vadim # # files: * firewall28.fw /etc/fw/firewall28.fw # @@ -409,7 +409,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:00 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:05 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall29.fw.orig b/test/ipt/firewall29.fw.orig index a3dfff3d8..e74df367a 100755 --- a/test/ipt/firewall29.fw.orig +++ b/test/ipt/firewall29.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:00 2011 PDT by vadim +# Generated Fri May 13 12:35:05 2011 PDT by vadim # # files: * firewall29.fw /etc/fw/firewall29.fw # @@ -440,7 +440,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:00 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:05 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall3.fw.orig b/test/ipt/firewall3.fw.orig index 0e0dff37d..ce79b2664 100755 --- a/test/ipt/firewall3.fw.orig +++ b/test/ipt/firewall3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:02 2011 PDT by vadim +# Generated Fri May 13 12:35:08 2011 PDT by vadim # # files: * firewall3.fw /etc/fw/firewall3.fw # @@ -578,7 +578,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:02 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:08 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall30.fw.orig b/test/ipt/firewall30.fw.orig index 892fde0a9..2f894a645 100755 --- a/test/ipt/firewall30.fw.orig +++ b/test/ipt/firewall30.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:02 2011 PDT by vadim +# Generated Fri May 13 12:35:08 2011 PDT by vadim # # files: * firewall30.fw /etc/fw/firewall30.fw # @@ -375,7 +375,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:02 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:08 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall31.fw.orig b/test/ipt/firewall31.fw.orig index 23539d245..e6f972061 100755 --- a/test/ipt/firewall31.fw.orig +++ b/test/ipt/firewall31.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:05 2011 PDT by vadim +# Generated Fri May 13 12:35:10 2011 PDT by vadim # # files: * firewall31.fw /etc/fw/firewall31.fw # @@ -445,7 +445,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:05 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:10 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall32.fw.orig b/test/ipt/firewall32.fw.orig index 68ca4faa8..c6b42f539 100755 --- a/test/ipt/firewall32.fw.orig +++ b/test/ipt/firewall32.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:05 2011 PDT by vadim +# Generated Fri May 13 12:35:10 2011 PDT by vadim # # files: * firewall32.fw /etc/fw/firewall32.fw # @@ -416,7 +416,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:05 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:10 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall33-1.fw.orig b/test/ipt/firewall33-1.fw.orig index 68b060dc5..b21ef9a87 100755 --- a/test/ipt/firewall33-1.fw.orig +++ b/test/ipt/firewall33-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:13 2011 PDT by vadim +# Generated Fri May 13 12:35:17 2011 PDT by vadim # # files: * firewall33-1.fw /etc/fw/firewall33-1.fw # @@ -395,11 +395,12 @@ script_body() { # $IPTABLES -N Cid438728A918346.0 $IPTABLES -A Policy -m state --state NEW -j Cid438728A918346.0 - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.48 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.49 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.50 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.51 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.52 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.153.99 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.153.103 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.153.104 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.153.105 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.153.106 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.153.147 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN @@ -525,7 +526,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:13 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:17 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall33.fw.orig b/test/ipt/firewall33.fw.orig index 22710057e..0655410c4 100755 --- a/test/ipt/firewall33.fw.orig +++ b/test/ipt/firewall33.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:13 2011 PDT by vadim +# Generated Fri May 13 12:35:17 2011 PDT by vadim # # files: * firewall33.fw /etc/fw/firewall33.fw # @@ -443,11 +443,12 @@ script_body() { $IPTABLES -A OUTPUT -m state --state NEW -j Cid438728A918346.0 $IPTABLES -A INPUT -m state --state NEW -j Cid438728A918346.0 $IPTABLES -A FORWARD -m state --state NEW -j Cid438728A918346.0 - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.48 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.49 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.50 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.51 -j RETURN - $IPTABLES -A Cid438728A918346.0 -d 74.125.224.52 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.153.99 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.153.103 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.153.104 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.153.105 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.153.106 -j RETURN + $IPTABLES -A Cid438728A918346.0 -d 74.125.153.147 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.25 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.224.26 -j RETURN $IPTABLES -A Cid438728A918346.0 -d 157.166.226.25 -j RETURN @@ -572,7 +573,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:13 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:17 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall34.fw.orig b/test/ipt/firewall34.fw.orig index 257a59a1c..3664bbfcb 100755 --- a/test/ipt/firewall34.fw.orig +++ b/test/ipt/firewall34.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:15 2011 PDT by vadim +# Generated Fri May 13 12:35:20 2011 PDT by vadim # # files: * firewall34.fw /etc/fw/firewall34.fw # @@ -648,7 +648,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:15 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:20 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall35.fw.orig b/test/ipt/firewall35.fw.orig index b88dd8a68..45732ab99 100755 --- a/test/ipt/firewall35.fw.orig +++ b/test/ipt/firewall35.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:15 2011 PDT by vadim +# Generated Fri May 13 12:35:20 2011 PDT by vadim # # files: * firewall35.fw /etc/fw/firewall35.fw # @@ -540,7 +540,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:15 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:20 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36-1.fw.orig b/test/ipt/firewall36-1.fw.orig index c580cbb1b..62c76ab50 100755 --- a/test/ipt/firewall36-1.fw.orig +++ b/test/ipt/firewall36-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:17 2011 PDT by vadim +# Generated Fri May 13 12:35:22 2011 PDT by vadim # # files: * firewall36-1.fw /etc/firewall36-1.fw # @@ -433,7 +433,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:17 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:22 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36-2.fw.orig b/test/ipt/firewall36-2.fw.orig index 9379fa2dd..5c7c33b7e 100755 --- a/test/ipt/firewall36-2.fw.orig +++ b/test/ipt/firewall36-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:20 2011 PDT by vadim +# Generated Fri May 13 12:35:25 2011 PDT by vadim # # files: * firewall36-2.fw /etc/firewall36-2.fw # @@ -433,7 +433,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:20 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:25 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall36.fw.orig b/test/ipt/firewall36.fw.orig index 34df54adb..3fa5e2eeb 100755 --- a/test/ipt/firewall36.fw.orig +++ b/test/ipt/firewall36.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:17 2011 PDT by vadim +# Generated Fri May 13 12:35:22 2011 PDT by vadim # # files: * firewall36.fw /etc/firewall36.fw # @@ -316,32 +316,32 @@ script_body() { # echo "Rule 1 (global)" # - $IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type any -j ROUTE --oif eth1 + $IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type any -j ROUTE --oif eth1 # # Rule 2 (global) # echo "Rule 2 (global)" # - $IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp --dport 80 -j ROUTE --oif eth1 --continue + $IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp --dport 80 -j ROUTE --oif eth1 --continue # # Rule 3 (global) # echo "Rule 3 (global)" # - $IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp --dport 22 -j ROUTE --gw 1.2.3.4 --continue + $IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp --dport 22 -j ROUTE --gw 1.2.3.4 --continue # # Rule 4 (global) # echo "Rule 4 (global)" # - $IPTABLES -t mangle -A PREROUTING -p icmp -m icmp --icmp-type any -j ROUTE --iif eth1 + $IPTABLES -t mangle -A PREROUTING -p icmp -m icmp --icmp-type any -j ROUTE --iif eth1 # # Rule 5 (global) # echo "Rule 5 (global)" # - $IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp --dport 13 -j ROUTE --gw 1.2.3.4 --tee - $IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --dport 13 -j ROUTE --gw 1.2.3.4 --tee + $IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp --dport 13 -j ROUTE --gw 1.2.3.4 --tee + $IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --dport 13 -j ROUTE --gw 1.2.3.4 --tee # ================ Table 'filter', rule set Policy # @@ -355,6 +355,30 @@ script_body() { $IPTABLES -A OUTPUT -s 192.168.1.0/24 -m state --state NEW -j ACCEPT $IPTABLES -A FORWARD -s 192.168.1.0/24 -m state --state NEW -j ACCEPT # + # Rule 1 (global) + # + echo "Rule 1 (global)" + # + $IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type any -j ACCEPT + $IPTABLES -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT + $IPTABLES -A FORWARD -p icmp -m icmp --icmp-type any -j ACCEPT + # + # Rule 4 (global) + # + echo "Rule 4 (global)" + # + $IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type any -j ACCEPT + $IPTABLES -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT + $IPTABLES -A FORWARD -p icmp -m icmp --icmp-type any -j ACCEPT + # + # Rule 5 (global) + # + echo "Rule 5 (global)" + # + $IPTABLES -A OUTPUT -p tcp -m tcp --dport 13 -j ACCEPT + $IPTABLES -A INPUT -p tcp -m tcp --dport 13 -j ACCEPT + $IPTABLES -A FORWARD -p tcp -m tcp --dport 13 -j ACCEPT + # # Rule 6 (global) # echo "Rule 6 (global)" @@ -548,7 +572,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:17 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:22 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall37-1.fw.orig b/test/ipt/firewall37-1.fw.orig index bc020038a..08c363f80 100755 --- a/test/ipt/firewall37-1.fw.orig +++ b/test/ipt/firewall37-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.ma_1 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Tue May 3 20:22:31 2011 PDT by vadim +# Generated Fri May 13 12:35:27 2011 PDT by vadim # # files: * firewall37-1.fw /etc/fw/firewall37-1.fw # @@ -327,19 +327,7 @@ script_body() { echo "Rule rule27_branch 0 (global)" # $IPTABLES -N rule27_branch -t mangle - $IPTABLES -N Cid45AB5C2E25451.0 -t mangle - $IPTABLES -t mangle -A rule27_branch -p tcp -m tcp --tcp-flags ALL ACK -j Cid45AB5C2E25451.0 - $IPTABLES -t mangle -A Cid45AB5C2E25451.0 -j CLASSIFY --set-class 1:16 - $IPTABLES -t mangle -A Cid45AB5C2E25451.0 -j ACCEPT - # - # Rule rule27_branch 1 (global) - # - echo "Rule rule27_branch 1 (global)" - # - $IPTABLES -N rule27_branch_1 -t mangle - $IPTABLES -t mangle -A rule27_branch -p tcp -m tcp --dport 80 -m state --state NEW -j rule27_branch_1 - $IPTABLES -t mangle -A rule27_branch_1 -j LOG --log-level info --log-prefix "RULE 1 -- ACCEPT " - $IPTABLES -t mangle -A rule27_branch_1 -j ACCEPT + $IPTABLES -t mangle -A rule27_branch -p tcp -m tcp --tcp-flags ALL ACK -j CLASSIFY --set-class 1:16 # ================ Table 'mangle', rule set Policy # # Rule 0 (global) @@ -347,27 +335,20 @@ script_body() { echo "Rule 0 (global)" # # terminating target - $IPTABLES -N Cid45AB5AAD25451.0 -t mangle - $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j Cid45AB5AAD25451.0 - $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j Cid45AB5AAD25451.0 - $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j Cid45AB5AAD25451.0 - $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid45AB5AAD25451.0 - $IPTABLES -t mangle -A Cid45AB5AAD25451.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid45AB5AAD25451.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 16 # # Rule 1 (global) # echo "Rule 1 (global)" # # terminating target - $IPTABLES -N RULE_1 -t mangle - $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j RULE_1 - $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j RULE_1 - $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j RULE_1 - $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j RULE_1 - $IPTABLES -t mangle -A RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- ACCEPT " - $IPTABLES -t mangle -A RULE_1 -j MARK --set-mark 16 - $IPTABLES -t mangle -A RULE_1 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 16 # # Rule 2 (global) # @@ -381,64 +362,53 @@ script_body() { $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid45AB5AC525451.0 $IPTABLES -t mangle -A Cid45AB5AC525451.0 -s 192.168.1.0/24 -j RETURN $IPTABLES -t mangle -A Cid45AB5AC525451.0 -s 192.168.2.0/24 -j RETURN - $IPTABLES -N RULE_2_3 -t mangle - $IPTABLES -t mangle -A Cid45AB5AC525451.0 -j RULE_2_3 - $IPTABLES -t mangle -A RULE_2_3 -j LOG --log-level info --log-prefix "RULE 2 -- ACCEPT " - $IPTABLES -t mangle -A RULE_2_3 -j MARK --set-mark 16 - $IPTABLES -t mangle -A RULE_2_3 -j ACCEPT + $IPTABLES -t mangle -A Cid45AB5AC525451.0 -j MARK --set-mark 16 # # Rule 3 (eth1) # echo "Rule 3 (eth1)" # # terminating target - $IPTABLES -N Cid45AB5AD225451.0 -t mangle - $IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j Cid45AB5AD225451.0 - $IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j Cid45AB5AD225451.0 - $IPTABLES -t mangle -A Cid45AB5AD225451.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid45AB5AD225451.0 -j ACCEPT + $IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j MARK --set-mark 16 # # Rule 4 (eth1) # echo "Rule 4 (eth1)" # # temrinating target - $IPTABLES -N Cid45AB5ADE25451.0 -t mangle - $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j Cid45AB5ADE25451.0 - $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j Cid45AB5ADE25451.0 - $IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j Cid45AB5ADE25451.0 - $IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j Cid45AB5ADE25451.0 - $IPTABLES -t mangle -A Cid45AB5ADE25451.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid45AB5ADE25451.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16 # # Rule 5 (global) # echo "Rule 5 (global)" # # terminating and CONNMARK - $IPTABLES -N Cid45AB5AEA25451.0 -t mangle - $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j Cid45AB5AEA25451.0 - $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j Cid45AB5AEA25451.0 - $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j Cid45AB5AEA25451.0 - $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid45AB5AEA25451.0 - $IPTABLES -t mangle -A Cid45AB5AEA25451.0 -j MARK --set-mark 10 - $IPTABLES -t mangle -A Cid45AB5AEA25451.0 -j CONNMARK --save-mark - $IPTABLES -t mangle -A Cid45AB5AEA25451.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j CONNMARK --save-mark # # Rule 6 (global) # echo "Rule 6 (global)" # # terminating and CONNMARK - $IPTABLES -N RULE_6 -t mangle - $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j RULE_6 - $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j RULE_6 - $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j RULE_6 - $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j RULE_6 - $IPTABLES -t mangle -A RULE_6 -j LOG --log-level info --log-prefix "RULE 6 -- ACCEPT " - $IPTABLES -t mangle -A RULE_6 -j MARK --set-mark 10 - $IPTABLES -t mangle -A RULE_6 -j CONNMARK --save-mark - $IPTABLES -t mangle -A RULE_6 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j CONNMARK --save-mark # # Rule 7 (global) # @@ -452,38 +422,32 @@ script_body() { $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid45AB5B0225451.0 $IPTABLES -t mangle -A Cid45AB5B0225451.0 -s 192.168.1.0/24 -j RETURN $IPTABLES -t mangle -A Cid45AB5B0225451.0 -s 192.168.2.0/24 -j RETURN - $IPTABLES -N RULE_7_3 -t mangle - $IPTABLES -t mangle -A Cid45AB5B0225451.0 -j RULE_7_3 - $IPTABLES -t mangle -A RULE_7_3 -j LOG --log-level info --log-prefix "RULE 7 -- ACCEPT " - $IPTABLES -t mangle -A RULE_7_3 -j MARK --set-mark 10 - $IPTABLES -t mangle -A RULE_7_3 -j CONNMARK --save-mark - $IPTABLES -t mangle -A RULE_7_3 -j ACCEPT + $IPTABLES -t mangle -A Cid45AB5B0225451.0 -j MARK --set-mark 10 + $IPTABLES -t mangle -A Cid45AB5B0225451.0 -j CONNMARK --save-mark # # Rule 8 (eth1) # echo "Rule 8 (eth1)" # # terminating and CONNMARK - $IPTABLES -N Cid45AB5B0F25451.0 -t mangle - $IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j Cid45AB5B0F25451.0 - $IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j Cid45AB5B0F25451.0 - $IPTABLES -t mangle -A Cid45AB5B0F25451.0 -j MARK --set-mark 8 - $IPTABLES -t mangle -A Cid45AB5B0F25451.0 -j CONNMARK --save-mark - $IPTABLES -t mangle -A Cid45AB5B0F25451.0 -j ACCEPT + $IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j MARK --set-mark 8 + $IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j MARK --set-mark 8 + $IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j CONNMARK --save-mark # # Rule 9 (eth1) # echo "Rule 9 (eth1)" # # terminating and CONNMARK - $IPTABLES -N Cid45AB5B1B25451.0 -t mangle - $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j Cid45AB5B1B25451.0 - $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j Cid45AB5B1B25451.0 - $IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j Cid45AB5B1B25451.0 - $IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j Cid45AB5B1B25451.0 - $IPTABLES -t mangle -A Cid45AB5B1B25451.0 -j MARK --set-mark 9 - $IPTABLES -t mangle -A Cid45AB5B1B25451.0 -j CONNMARK --save-mark - $IPTABLES -t mangle -A Cid45AB5B1B25451.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 9 + $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j MARK --set-mark 9 + $IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 9 + $IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j MARK --set-mark 9 + $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j CONNMARK --save-mark # # Rule 11 (global) # @@ -493,20 +457,14 @@ script_body() { # this rule, and the next one, should place # CLASSIFY rule in a separate chain # and pass control to it using -g - $IPTABLES -N Cid45AB5B9525451.0 -t mangle - $IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type 3 -j Cid45AB5B9525451.0 - $IPTABLES -t mangle -A Cid45AB5B9525451.0 -j CLASSIFY --set-class 1:10 - $IPTABLES -t mangle -A Cid45AB5B9525451.0 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type 3 -j CLASSIFY --set-class 1:10 # # Rule 12 (eth0) # echo "Rule 12 (eth0)" # # second rule for bug #1618381 - $IPTABLES -N Cid45AB5BA125451.0 -t mangle - $IPTABLES -t mangle -A POSTROUTING -o eth0 -j Cid45AB5BA125451.0 - $IPTABLES -t mangle -A Cid45AB5BA125451.0 -j CLASSIFY --set-class 1:11 - $IPTABLES -t mangle -A Cid45AB5BA125451.0 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -o eth0 -j CLASSIFY --set-class 1:11 # # Rule 13 (global) # @@ -518,7 +476,6 @@ script_body() { $IPTABLES -t mangle -A Cid45AB5BAD25451.0 -s 192.168.1.0/24 -j RETURN $IPTABLES -t mangle -A Cid45AB5BAD25451.0 -s 192.168.2.0/24 -j RETURN $IPTABLES -t mangle -A Cid45AB5BAD25451.0 -j CLASSIFY --set-class 1:10 - $IPTABLES -t mangle -A Cid45AB5BAD25451.0 -j ACCEPT # # Rule 14 (global) # @@ -531,7 +488,6 @@ script_body() { $IPTABLES -t mangle -A Cid45AB5BBA25451.0 -s 192.168.1.0/24 -j RETURN $IPTABLES -t mangle -A Cid45AB5BBA25451.0 -s 192.168.2.0/24 -j RETURN $IPTABLES -t mangle -A Cid45AB5BBA25451.0 -j CLASSIFY --set-class 1:10 - $IPTABLES -t mangle -A Cid45AB5BBA25451.0 -j ACCEPT # # Rule 15 (eth0) # @@ -541,12 +497,9 @@ script_body() { # this rule uses multiport # and has to be split because # of that - $IPTABLES -N Cid45AB5BC825451.0 -t mangle - $IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp --dport 10000:11000 -j Cid45AB5BC825451.0 - $IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j Cid45AB5BC825451.0 - $IPTABLES -t mangle -A POSTROUTING -o eth0 -p udp -m udp -m multiport --dports 53,161 -j Cid45AB5BC825451.0 - $IPTABLES -t mangle -A Cid45AB5BC825451.0 -j CLASSIFY --set-class 1:11 - $IPTABLES -t mangle -A Cid45AB5BC825451.0 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp --dport 10000:11000 -j CLASSIFY --set-class 1:11 + $IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j CLASSIFY --set-class 1:11 + $IPTABLES -t mangle -A POSTROUTING -o eth0 -p udp -m udp -m multiport --dports 53,161 -j CLASSIFY --set-class 1:11 # # Rule 16 (global) # @@ -556,30 +509,20 @@ script_body() { # this rule, and the next one, should place # CLASSIFY rule in a separate chain # and pass control to it using -g - $IPTABLES -N Cid45AB5BD525451.0 -t mangle - $IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type 3 -j Cid45AB5BD525451.0 - $IPTABLES -t mangle -A Cid45AB5BD525451.0 -j CLASSIFY --set-class 1:10 - $IPTABLES -t mangle -A Cid45AB5BD525451.0 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type 3 -j CLASSIFY --set-class 1:10 # # Rule 17 (eth0) # echo "Rule 17 (eth0)" # # second rule for bug #1618381 - $IPTABLES -N Cid45AB5BE125451.0 -t mangle - $IPTABLES -t mangle -A POSTROUTING -o eth0 -j Cid45AB5BE125451.0 - $IPTABLES -t mangle -A Cid45AB5BE125451.0 -j CLASSIFY --set-class 1:11 - $IPTABLES -t mangle -A Cid45AB5BE125451.0 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -o eth0 -j CLASSIFY --set-class 1:11 # # Rule 18 (eth0) # echo "Rule 18 (eth0)" # - $IPTABLES -N Out_RULE_18 -t mangle - $IPTABLES -t mangle -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j Out_RULE_18 - $IPTABLES -t mangle -A Out_RULE_18 -j LOG --log-level info --log-prefix "RULE 18 -- ACCEPT " - $IPTABLES -t mangle -A Out_RULE_18 -j CLASSIFY --set-class 1:11 - $IPTABLES -t mangle -A Out_RULE_18 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j CLASSIFY --set-class 1:11 # # Rule 19 (global) # @@ -591,7 +534,6 @@ script_body() { $IPTABLES -t mangle -A Cid45AB5BF925451.0 -s 192.168.1.0/24 -j RETURN $IPTABLES -t mangle -A Cid45AB5BF925451.0 -s 192.168.2.0/24 -j RETURN $IPTABLES -t mangle -A Cid45AB5BF925451.0 -j CLASSIFY --set-class 1:10 - $IPTABLES -t mangle -A Cid45AB5BF925451.0 -j ACCEPT # # Rule 20 (global) # @@ -604,7 +546,6 @@ script_body() { $IPTABLES -t mangle -A Cid45AB5C0625451.0 -s 192.168.1.0/24 -j RETURN $IPTABLES -t mangle -A Cid45AB5C0625451.0 -s 192.168.2.0/24 -j RETURN $IPTABLES -t mangle -A Cid45AB5C0625451.0 -j CLASSIFY --set-class 1:10 - $IPTABLES -t mangle -A Cid45AB5C0625451.0 -j ACCEPT # # Rule 21 (eth0) # @@ -614,12 +555,9 @@ script_body() { # this rule uses multiport # and has to be split because # of that - $IPTABLES -N Cid45AB5C1425451.0 -t mangle - $IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp --dport 10000:11000 -j Cid45AB5C1425451.0 - $IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j Cid45AB5C1425451.0 - $IPTABLES -t mangle -A POSTROUTING -o eth0 -p udp -m udp -m multiport --dports 53,161 -j Cid45AB5C1425451.0 - $IPTABLES -t mangle -A Cid45AB5C1425451.0 -j CLASSIFY --set-class 1:11 - $IPTABLES -t mangle -A Cid45AB5C1425451.0 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp --dport 10000:11000 -j CLASSIFY --set-class 1:11 + $IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j CLASSIFY --set-class 1:11 + $IPTABLES -t mangle -A POSTROUTING -o eth0 -p udp -m udp -m multiport --dports 53,161 -j CLASSIFY --set-class 1:11 # # Rule 22 (global) # @@ -634,17 +572,155 @@ script_body() { # ================ Table 'filter', rule set rule27_branch # + # Rule rule27_branch 0 (global) + # + echo "Rule rule27_branch 0 (global)" + # + $IPTABLES -N rule27_branch + $IPTABLES -A rule27_branch -p tcp -m tcp --tcp-flags ALL ACK -j ACCEPT + # # Rule rule27_branch 1 (global) # echo "Rule rule27_branch 1 (global)" # - $IPTABLES -N rule27_branch $IPTABLES -N rule27_branch_1 $IPTABLES -A rule27_branch -p tcp -m tcp --dport 80 -m state --state NEW -j rule27_branch_1 $IPTABLES -A rule27_branch_1 -j LOG --log-level info --log-prefix "RULE 1 -- ACCEPT " $IPTABLES -A rule27_branch_1 -j ACCEPT # ================ Table 'filter', rule set Policy # + # Rule 0 (global) + # + echo "Rule 0 (global)" + # + # terminating target + $IPTABLES -A OUTPUT -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A OUTPUT -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A INPUT -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A INPUT -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -p ah -m state --state NEW -j ACCEPT + # + # Rule 1 (global) + # + echo "Rule 1 (global)" + # + # terminating target + $IPTABLES -N RULE_1 + $IPTABLES -A OUTPUT -p 50 -m state --state NEW -j RULE_1 + $IPTABLES -A OUTPUT -p ah -m state --state NEW -j RULE_1 + $IPTABLES -A INPUT -p 50 -m state --state NEW -j RULE_1 + $IPTABLES -A INPUT -p ah -m state --state NEW -j RULE_1 + $IPTABLES -A FORWARD -p 50 -m state --state NEW -j RULE_1 + $IPTABLES -A FORWARD -p ah -m state --state NEW -j RULE_1 + $IPTABLES -A RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- ACCEPT " + $IPTABLES -A RULE_1 -j ACCEPT + # + # Rule 2 (global) + # + echo "Rule 2 (global)" + # + # terminating target + $IPTABLES -N Cid45AB5AC525451.0 + $IPTABLES -A OUTPUT -p 50 -m state --state NEW -j Cid45AB5AC525451.0 + $IPTABLES -A OUTPUT -p ah -m state --state NEW -j Cid45AB5AC525451.0 + $IPTABLES -A INPUT -p 50 -m state --state NEW -j Cid45AB5AC525451.0 + $IPTABLES -A INPUT -p ah -m state --state NEW -j Cid45AB5AC525451.0 + $IPTABLES -A FORWARD -p 50 -m state --state NEW -j Cid45AB5AC525451.0 + $IPTABLES -A FORWARD -p ah -m state --state NEW -j Cid45AB5AC525451.0 + $IPTABLES -A Cid45AB5AC525451.0 -s 192.168.1.0/24 -j RETURN + $IPTABLES -A Cid45AB5AC525451.0 -s 192.168.2.0/24 -j RETURN + $IPTABLES -N RULE_2_3 + $IPTABLES -A Cid45AB5AC525451.0 -j RULE_2_3 + $IPTABLES -A RULE_2_3 -j LOG --log-level info --log-prefix "RULE 2 -- ACCEPT " + $IPTABLES -A RULE_2_3 -j ACCEPT + # + # Rule 3 (eth1) + # + echo "Rule 3 (eth1)" + # + # terminating target + $IPTABLES -A INPUT -i eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A INPUT -i eth1 -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -i eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -i eth1 -p ah -m state --state NEW -j ACCEPT + # + # Rule 4 (eth1) + # + echo "Rule 4 (eth1)" + # + # temrinating target + $IPTABLES -A OUTPUT -o eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A OUTPUT -o eth1 -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -o eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -o eth1 -p ah -m state --state NEW -j ACCEPT + # + # Rule 5 (global) + # + echo "Rule 5 (global)" + # + # terminating and CONNMARK + $IPTABLES -A OUTPUT -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A OUTPUT -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A INPUT -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A INPUT -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -p ah -m state --state NEW -j ACCEPT + # + # Rule 6 (global) + # + echo "Rule 6 (global)" + # + # terminating and CONNMARK + $IPTABLES -N RULE_6 + $IPTABLES -A OUTPUT -p 50 -m state --state NEW -j RULE_6 + $IPTABLES -A OUTPUT -p ah -m state --state NEW -j RULE_6 + $IPTABLES -A INPUT -p 50 -m state --state NEW -j RULE_6 + $IPTABLES -A INPUT -p ah -m state --state NEW -j RULE_6 + $IPTABLES -A FORWARD -p 50 -m state --state NEW -j RULE_6 + $IPTABLES -A FORWARD -p ah -m state --state NEW -j RULE_6 + $IPTABLES -A RULE_6 -j LOG --log-level info --log-prefix "RULE 6 -- ACCEPT " + $IPTABLES -A RULE_6 -j ACCEPT + # + # Rule 7 (global) + # + echo "Rule 7 (global)" + # + # terminating and CONNMARK + $IPTABLES -N Cid45AB5B0225451.0 + $IPTABLES -A OUTPUT -p 50 -m state --state NEW -j Cid45AB5B0225451.0 + $IPTABLES -A OUTPUT -p ah -m state --state NEW -j Cid45AB5B0225451.0 + $IPTABLES -A INPUT -p 50 -m state --state NEW -j Cid45AB5B0225451.0 + $IPTABLES -A INPUT -p ah -m state --state NEW -j Cid45AB5B0225451.0 + $IPTABLES -A FORWARD -p 50 -m state --state NEW -j Cid45AB5B0225451.0 + $IPTABLES -A FORWARD -p ah -m state --state NEW -j Cid45AB5B0225451.0 + $IPTABLES -A Cid45AB5B0225451.0 -s 192.168.1.0/24 -j RETURN + $IPTABLES -A Cid45AB5B0225451.0 -s 192.168.2.0/24 -j RETURN + $IPTABLES -N RULE_7_3 + $IPTABLES -A Cid45AB5B0225451.0 -j RULE_7_3 + $IPTABLES -A RULE_7_3 -j LOG --log-level info --log-prefix "RULE 7 -- ACCEPT " + $IPTABLES -A RULE_7_3 -j ACCEPT + # + # Rule 8 (eth1) + # + echo "Rule 8 (eth1)" + # + # terminating and CONNMARK + $IPTABLES -A INPUT -i eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A INPUT -i eth1 -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -i eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -i eth1 -p ah -m state --state NEW -j ACCEPT + # + # Rule 9 (eth1) + # + echo "Rule 9 (eth1)" + # + # terminating and CONNMARK + $IPTABLES -A OUTPUT -o eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A OUTPUT -o eth1 -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -o eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -o eth1 -p ah -m state --state NEW -j ACCEPT + # # Rule 10 (global) # echo "Rule 10 (global)" @@ -652,6 +728,160 @@ script_body() { $IPTABLES -A OUTPUT -p tcp -m tcp -d 192.168.2.10 --dport 80 -j QUEUE $IPTABLES -A FORWARD -p tcp -m tcp -d 192.168.2.10 --dport 80 -j QUEUE # + # Rule 11 (global) + # + echo "Rule 11 (global)" + # + # testing for bug #1618381 + # this rule, and the next one, should place + # CLASSIFY rule in a separate chain + # and pass control to it using -g + $IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT + $IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT + $IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j ACCEPT + # + # Rule 12 (eth0) + # + echo "Rule 12 (eth0)" + # + # second rule for bug #1618381 + $IPTABLES -A INPUT -i eth0 -j ACCEPT + $IPTABLES -A FORWARD -i eth0 -j ACCEPT + $IPTABLES -A OUTPUT -o eth0 -j ACCEPT + $IPTABLES -A FORWARD -o eth0 -j ACCEPT + # + # Rule 13 (global) + # + echo "Rule 13 (global)" + # + # testing for bug #1618381 + $IPTABLES -N Cid45AB5BAD25451.0 + $IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5BAD25451.0 + $IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5BAD25451.0 + $IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j Cid45AB5BAD25451.0 + $IPTABLES -A Cid45AB5BAD25451.0 -s 192.168.1.0/24 -j RETURN + $IPTABLES -A Cid45AB5BAD25451.0 -s 192.168.2.0/24 -j RETURN + $IPTABLES -A Cid45AB5BAD25451.0 -j ACCEPT + # + # Rule 14 (global) + # + echo "Rule 14 (global)" + # + # testing for bug #1618381 + $IPTABLES -N Cid45AB5BBA25451.0 + $IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5BBA25451.0 + $IPTABLES -A OUTPUT -p tcp -m tcp --dport 80 -j Cid45AB5BBA25451.0 + $IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5BBA25451.0 + $IPTABLES -A INPUT -p tcp -m tcp --dport 80 -j Cid45AB5BBA25451.0 + $IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j Cid45AB5BBA25451.0 + $IPTABLES -A FORWARD -p tcp -m tcp --dport 80 -j Cid45AB5BBA25451.0 + $IPTABLES -A Cid45AB5BBA25451.0 -s 192.168.1.0/24 -j RETURN + $IPTABLES -A Cid45AB5BBA25451.0 -s 192.168.2.0/24 -j RETURN + $IPTABLES -A Cid45AB5BBA25451.0 -j ACCEPT + # + # Rule 15 (eth0) + # + echo "Rule 15 (eth0)" + # + # bug #1618381 + # this rule uses multiport + # and has to be split because + # of that + $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT + $IPTABLES -A INPUT -i eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT + $IPTABLES -A INPUT -i eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT + $IPTABLES -A FORWARD -i eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT + $IPTABLES -A FORWARD -i eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT + $IPTABLES -A FORWARD -i eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT + $IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT + $IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT + $IPTABLES -A OUTPUT -o eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT + $IPTABLES -A FORWARD -o eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT + $IPTABLES -A FORWARD -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT + $IPTABLES -A FORWARD -o eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT + # + # Rule 16 (global) + # + echo "Rule 16 (global)" + # + # testing for bug #1618381 + # this rule, and the next one, should place + # CLASSIFY rule in a separate chain + # and pass control to it using -g + $IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT + $IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT + $IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j ACCEPT + # + # Rule 17 (eth0) + # + echo "Rule 17 (eth0)" + # + # second rule for bug #1618381 + $IPTABLES -A INPUT -i eth0 -j ACCEPT + $IPTABLES -A FORWARD -i eth0 -j ACCEPT + $IPTABLES -A OUTPUT -o eth0 -j ACCEPT + $IPTABLES -A FORWARD -o eth0 -j ACCEPT + # + # Rule 18 (eth0) + # + echo "Rule 18 (eth0)" + # + $IPTABLES -N Out_RULE_18 + $IPTABLES -A OUTPUT -o eth0 -s 192.168.1.0/24 -j Out_RULE_18 + $IPTABLES -A FORWARD -o eth0 -s 192.168.1.0/24 -j Out_RULE_18 + $IPTABLES -A Out_RULE_18 -j LOG --log-level info --log-prefix "RULE 18 -- ACCEPT " + $IPTABLES -A Out_RULE_18 -j ACCEPT + # + # Rule 19 (global) + # + echo "Rule 19 (global)" + # + # testing for bug #1618381 + $IPTABLES -N Cid45AB5BF925451.0 + $IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5BF925451.0 + $IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5BF925451.0 + $IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j Cid45AB5BF925451.0 + $IPTABLES -A Cid45AB5BF925451.0 -s 192.168.1.0/24 -j RETURN + $IPTABLES -A Cid45AB5BF925451.0 -s 192.168.2.0/24 -j RETURN + $IPTABLES -A Cid45AB5BF925451.0 -j ACCEPT + # + # Rule 20 (global) + # + echo "Rule 20 (global)" + # + # testing for bug #1618381 + $IPTABLES -N Cid45AB5C0625451.0 + $IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5C0625451.0 + $IPTABLES -A OUTPUT -p tcp -m tcp --dport 80 -j Cid45AB5C0625451.0 + $IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j Cid45AB5C0625451.0 + $IPTABLES -A INPUT -p tcp -m tcp --dport 80 -j Cid45AB5C0625451.0 + $IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j Cid45AB5C0625451.0 + $IPTABLES -A FORWARD -p tcp -m tcp --dport 80 -j Cid45AB5C0625451.0 + $IPTABLES -A Cid45AB5C0625451.0 -s 192.168.1.0/24 -j RETURN + $IPTABLES -A Cid45AB5C0625451.0 -s 192.168.2.0/24 -j RETURN + $IPTABLES -A Cid45AB5C0625451.0 -j ACCEPT + # + # Rule 21 (eth0) + # + echo "Rule 21 (eth0)" + # + # bug #1618381 + # this rule uses multiport + # and has to be split because + # of that + $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT + $IPTABLES -A INPUT -i eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT + $IPTABLES -A INPUT -i eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT + $IPTABLES -A FORWARD -i eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT + $IPTABLES -A FORWARD -i eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT + $IPTABLES -A FORWARD -i eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT + $IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT + $IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT + $IPTABLES -A OUTPUT -o eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT + $IPTABLES -A FORWARD -o eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT + $IPTABLES -A FORWARD -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT + $IPTABLES -A FORWARD -o eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT + # # Rule 22 (global) # echo "Rule 22 (global)" @@ -736,7 +966,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue May 3 20:22:31 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:27 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall37.fw.orig b/test/ipt/firewall37.fw.orig index b7aef5a00..dbb4c5686 100755 --- a/test/ipt/firewall37.fw.orig +++ b/test/ipt/firewall37.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.ma_1 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Tue May 3 20:28:13 2011 PDT by vadim +# Generated Fri May 13 12:35:30 2011 PDT by vadim # # files: * firewall37.fw /etc/fw/firewall37.fw # @@ -14,11 +14,11 @@ # normal script mode (not using iptables-restore) +# firewall37:mangle_rules:4: error: DNSName object "6bone.net (ct)" (compile time) can not resolve dns name "6bone.net" (AF_INET): Host or network '6bone.net' not found; last error: Unknown error Using dummy address in test mode +# firewall37:mangle_rules:4: error: DNSName object "6bone.net (ct)" (compile time) can not resolve dns name "6bone.net" (AF_INET): Host or network '6bone.net' not found; last error: Unknown error Using dummy address in test mode # firewall37:mangle_rules:7: warning: Empty group or address table object 'empty Ogroup' # firewall37:mangle_rules:7: warning: After removal of all empty groups and address table objects rule element Src becomes 'any' in the rule mangle_rules 7 (global) # Dropping rule mangle_rules 7 (global) because option 'Ignore rules with empty groups' is in effect -# firewall37:mangle_rules:4: error: DNSName object "6bone.net (ct)" (compile time) can not resolve dns name "6bone.net" (AF_INET): Host or network '6bone.net' not found; last error: Unknown error Using dummy address in test mode -# firewall37:mangle_rules:4: error: DNSName object "6bone.net (ct)" (compile time) can not resolve dns name "6bone.net" (AF_INET): Host or network '6bone.net' not found; last error: Unknown error Using dummy address in test mode # firewall37:mangle_rules:13: error: DNSName object "6bone.net (ct)" (compile time) can not resolve dns name "6bone.net" (AF_INET): Host or network '6bone.net' not found; last error: Unknown error Using dummy address in test mode @@ -332,142 +332,103 @@ script_body() { echo "Rule mymark 0 (global)" # $IPTABLES -N mymark -t mangle - $IPTABLES -N Cid29866X28575.0 -t mangle - $IPTABLES -t mangle -A mymark -d 192.168.2.0/24 -m state --state NEW -j Cid29866X28575.0 - $IPTABLES -t mangle -A Cid29866X28575.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid29866X28575.0 -j ACCEPT + $IPTABLES -t mangle -A mymark -d 192.168.2.0/24 -m state --state NEW -j MARK --set-mark 16 # # Rule mymark 1 (global) # echo "Rule mymark 1 (global)" # - $IPTABLES -t mangle -A mymark -j MARK --set-mark 2 - $IPTABLES -t mangle -A mymark -j ACCEPT + $IPTABLES -t mangle -A mymark -m state --state NEW -j MARK --set-mark 2 # ================ Table 'mangle', rule set Policy # # Rule 0 (global) # echo "Rule 0 (global)" # - $IPTABLES -N Cid43BBA6A09745.0 -t mangle - $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j Cid43BBA6A09745.0 - $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j Cid43BBA6A09745.0 - $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j Cid43BBA6A09745.0 - $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid43BBA6A09745.0 - $IPTABLES -t mangle -A Cid43BBA6A09745.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid43BBA6A09745.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 16 # # Rule 1 (global) # echo "Rule 1 (global)" # - $IPTABLES -N RULE_1 -t mangle - $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j RULE_1 - $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j RULE_1 - $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j RULE_1 - $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j RULE_1 - $IPTABLES -t mangle -A RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- ACCEPT " - $IPTABLES -t mangle -A RULE_1 -j MARK --set-mark 16 - $IPTABLES -t mangle -A RULE_1 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 16 # # Rule 2 (global) # echo "Rule 2 (global)" # - $IPTABLES -N Cid483502D710047.0 -t mangle - $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j Cid483502D710047.0 - $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j Cid483502D710047.0 - $IPTABLES -t mangle -A Cid483502D710047.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid483502D710047.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 16 # # Rule 3 (eth1) # echo "Rule 3 (eth1)" # - $IPTABLES -N Cid30009X2275.0 -t mangle - $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j Cid30009X2275.0 - $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j Cid30009X2275.0 - $IPTABLES -t mangle -A Cid30009X2275.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid30009X2275.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16 # # Rule 4 (global) # echo "Rule 4 (global)" # - $IPTABLES -N RULE_4 -t mangle - $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j RULE_4 - $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j RULE_4 - $IPTABLES -t mangle -A RULE_4 -j LOG --log-level info --log-prefix "RULE 4 -- ACCEPT " - $IPTABLES -t mangle -A RULE_4 -j MARK --set-mark 16 - $IPTABLES -t mangle -A RULE_4 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 16 # # Rule 5 (eth1) # echo "Rule 5 (eth1)" # - $IPTABLES -N Cid43501X5007.1 -t mangle - $IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -m state --state NEW -j Cid43501X5007.1 $IPTABLES -N Cid43501X5007.0 -t mangle - $IPTABLES -t mangle -A Cid43501X5007.1 -p 50 -j Cid43501X5007.0 - $IPTABLES -t mangle -A Cid43501X5007.1 -p ah -j Cid43501X5007.0 - $IPTABLES -t mangle -A Cid43501X5007.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid43501X5007.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -m state --state NEW -j Cid43501X5007.0 + $IPTABLES -t mangle -A Cid43501X5007.0 -p 50 -j MARK --set-mark 16 + $IPTABLES -t mangle -A Cid43501X5007.0 -p ah -j MARK --set-mark 16 # # Rule 6 (eth1) # echo "Rule 6 (eth1)" # - $IPTABLES -N Cid43518X5007.1 -t mangle - $IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -m state --state NEW -j Cid43518X5007.1 $IPTABLES -N Cid43518X5007.0 -t mangle - $IPTABLES -t mangle -A Cid43518X5007.1 -p 50 -j Cid43518X5007.0 - $IPTABLES -t mangle -A Cid43518X5007.1 -p ah -j Cid43518X5007.0 - $IPTABLES -t mangle -A Cid43518X5007.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid43518X5007.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -m state --state NEW -j Cid43518X5007.0 + $IPTABLES -t mangle -A Cid43518X5007.0 -p 50 -j MARK --set-mark 16 + $IPTABLES -t mangle -A Cid43518X5007.0 -p ah -j MARK --set-mark 16 # # Rule 7 (eth1) # echo "Rule 7 (eth1)" # - $IPTABLES -N Cid43535X5007.0 -t mangle - $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j Cid43535X5007.0 - $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j Cid43535X5007.0 - $IPTABLES -t mangle -A Cid43535X5007.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid43535X5007.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16 # # Rule 8 (eth1) # echo "Rule 8 (eth1)" # - $IPTABLES -N Cid43554X5007.1 -t mangle - $IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -j Cid43554X5007.1 $IPTABLES -N Cid43554X5007.0 -t mangle - $IPTABLES -t mangle -A Cid43554X5007.1 -p 50 -j Cid43554X5007.0 - $IPTABLES -t mangle -A Cid43554X5007.1 -p ah -j Cid43554X5007.0 - $IPTABLES -t mangle -A Cid43554X5007.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid43554X5007.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -j Cid43554X5007.0 + $IPTABLES -t mangle -A Cid43554X5007.0 -p 50 -j MARK --set-mark 16 + $IPTABLES -t mangle -A Cid43554X5007.0 -p ah -j MARK --set-mark 16 # # Rule 9 (eth1) # echo "Rule 9 (eth1)" # - $IPTABLES -N Cid43571X5007.1 -t mangle - $IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -j Cid43571X5007.1 $IPTABLES -N Cid43571X5007.0 -t mangle - $IPTABLES -t mangle -A Cid43571X5007.1 -p 50 -j Cid43571X5007.0 - $IPTABLES -t mangle -A Cid43571X5007.1 -p ah -j Cid43571X5007.0 - $IPTABLES -t mangle -A Cid43571X5007.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid43571X5007.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -o eth1 -s 22.22.23.22 -j Cid43571X5007.0 + $IPTABLES -t mangle -A Cid43571X5007.0 -p 50 -j MARK --set-mark 16 + $IPTABLES -t mangle -A Cid43571X5007.0 -p ah -j MARK --set-mark 16 # # Rule 10 (eth1) # echo "Rule 10 (eth1)" # - $IPTABLES -N Cid43588X5007.0 -t mangle - $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -j Cid43588X5007.0 - $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -j Cid43588X5007.0 - $IPTABLES -t mangle -A Cid43588X5007.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid43588X5007.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -j MARK --set-mark 16 + $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -j MARK --set-mark 16 # # Rule 11 (global) # @@ -480,79 +441,62 @@ script_body() { $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid43BBCC139745.0 $IPTABLES -t mangle -A Cid43BBCC139745.0 -s 192.168.1.0/24 -j RETURN $IPTABLES -t mangle -A Cid43BBCC139745.0 -s 192.168.2.0/24 -j RETURN - $IPTABLES -N RULE_11_3 -t mangle - $IPTABLES -t mangle -A Cid43BBCC139745.0 -j RULE_11_3 - $IPTABLES -t mangle -A RULE_11_3 -j LOG --log-level info --log-prefix "RULE 11 -- ACCEPT " - $IPTABLES -t mangle -A RULE_11_3 -j MARK --set-mark 16 - $IPTABLES -t mangle -A RULE_11_3 -j ACCEPT + $IPTABLES -t mangle -A Cid43BBCC139745.0 -j MARK --set-mark 16 # # Rule 12 (eth1) # echo "Rule 12 (eth1)" # - $IPTABLES -N Cid4665E24F7765.0 -t mangle - $IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j Cid4665E24F7765.0 - $IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j Cid4665E24F7765.0 - $IPTABLES -t mangle -A Cid4665E24F7765.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid4665E24F7765.0 -j ACCEPT - $IPTABLES -N Cid4665E24F7765.1 -t mangle - $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j Cid4665E24F7765.1 - $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j Cid4665E24F7765.1 - $IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j Cid4665E24F7765.1 - $IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j Cid4665E24F7765.1 - $IPTABLES -t mangle -A Cid4665E24F7765.1 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid4665E24F7765.1 -j ACCEPT + $IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16 # # Rule 13 (eth1) # echo "Rule 13 (eth1)" # - $IPTABLES -N Cid43BBCC3D9745.0 -t mangle - $IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j Cid43BBCC3D9745.0 - $IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j Cid43BBCC3D9745.0 - $IPTABLES -t mangle -A Cid43BBCC3D9745.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid43BBCC3D9745.0 -j ACCEPT + $IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j MARK --set-mark 16 # # Rule 14 (eth1) # echo "Rule 14 (eth1)" # - $IPTABLES -N Cid459E471C10946.0 -t mangle - $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j Cid459E471C10946.0 - $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j Cid459E471C10946.0 - $IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j Cid459E471C10946.0 - $IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j Cid459E471C10946.0 - $IPTABLES -t mangle -A Cid459E471C10946.0 -j MARK --set-mark 16 - $IPTABLES -t mangle -A Cid459E471C10946.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 16 + $IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j MARK --set-mark 16 # # Rule 15 (global) # echo "Rule 15 (global)" # # using CONNMARK - $IPTABLES -N Cid4483A4BD1810.0 -t mangle - $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j Cid4483A4BD1810.0 - $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j Cid4483A4BD1810.0 - $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j Cid4483A4BD1810.0 - $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid4483A4BD1810.0 - $IPTABLES -t mangle -A Cid4483A4BD1810.0 -j MARK --set-mark 10 - $IPTABLES -t mangle -A Cid4483A4BD1810.0 -j CONNMARK --save-mark - $IPTABLES -t mangle -A Cid4483A4BD1810.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j CONNMARK --save-mark # # Rule 16 (global) # echo "Rule 16 (global)" # # using CONNMARK - $IPTABLES -N RULE_16 -t mangle - $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j RULE_16 - $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j RULE_16 - $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j RULE_16 - $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j RULE_16 - $IPTABLES -t mangle -A RULE_16 -j LOG --log-level info --log-prefix "RULE 16 -- ACCEPT " - $IPTABLES -t mangle -A RULE_16 -j MARK --set-mark 10 - $IPTABLES -t mangle -A RULE_16 -j CONNMARK --save-mark - $IPTABLES -t mangle -A RULE_16 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A OUTPUT -p 50 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A OUTPUT -p ah -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A PREROUTING -p 50 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j CONNMARK --save-mark # # Rule 17 (global) # @@ -566,57 +510,44 @@ script_body() { $IPTABLES -t mangle -A PREROUTING -p ah -m state --state NEW -j Cid4483A4DF1810.0 $IPTABLES -t mangle -A Cid4483A4DF1810.0 -s 192.168.1.0/24 -j RETURN $IPTABLES -t mangle -A Cid4483A4DF1810.0 -s 192.168.2.0/24 -j RETURN - $IPTABLES -N RULE_17_3 -t mangle - $IPTABLES -t mangle -A Cid4483A4DF1810.0 -j RULE_17_3 - $IPTABLES -t mangle -A RULE_17_3 -j LOG --log-level info --log-prefix "RULE 17 -- ACCEPT " - $IPTABLES -t mangle -A RULE_17_3 -j MARK --set-mark 10 - $IPTABLES -t mangle -A RULE_17_3 -j CONNMARK --save-mark - $IPTABLES -t mangle -A RULE_17_3 -j ACCEPT + $IPTABLES -t mangle -A Cid4483A4DF1810.0 -j MARK --set-mark 10 + $IPTABLES -t mangle -A Cid4483A4DF1810.0 -j CONNMARK --save-mark # # Rule 18 (eth1) # echo "Rule 18 (eth1)" # # using CONNMARK - $IPTABLES -N Cid4483A4F01810.0 -t mangle - $IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j Cid4483A4F01810.0 - $IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j Cid4483A4F01810.0 - $IPTABLES -t mangle -A Cid4483A4F01810.0 -j MARK --set-mark 10 - $IPTABLES -t mangle -A Cid4483A4F01810.0 -j CONNMARK --save-mark - $IPTABLES -t mangle -A Cid4483A4F01810.0 -j ACCEPT + $IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -m state --state NEW -j CONNMARK --save-mark # # Rule 19 (eth1) # echo "Rule 19 (eth1)" # # using CONNMARK - $IPTABLES -N Cid459E472D10946.0 -t mangle - $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j Cid459E472D10946.0 - $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j Cid459E472D10946.0 - $IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j Cid459E472D10946.0 - $IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j Cid459E472D10946.0 - $IPTABLES -t mangle -A Cid459E472D10946.0 -j MARK --set-mark 10 - $IPTABLES -t mangle -A Cid459E472D10946.0 -j CONNMARK --save-mark - $IPTABLES -t mangle -A Cid459E472D10946.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j MARK --set-mark 10 + $IPTABLES -t mangle -A OUTPUT -o eth1 -p 50 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A OUTPUT -o eth1 -p ah -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A POSTROUTING -o eth1 -p 50 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A POSTROUTING -o eth1 -p ah -m state --state NEW -j CONNMARK --save-mark # # Rule 22 (global) # echo "Rule 22 (global)" # - $IPTABLES -N Cid43BB81879745.0 -t mangle - $IPTABLES -t mangle -A POSTROUTING -s 192.168.1.0/24 -j Cid43BB81879745.0 - $IPTABLES -t mangle -A Cid43BB81879745.0 -j CLASSIFY --set-class 1:2 - $IPTABLES -t mangle -A Cid43BB81879745.0 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -s 192.168.1.0/24 -j CLASSIFY --set-class 1:2 # # Rule 23 (global) # echo "Rule 23 (global)" # - $IPTABLES -N RULE_23 -t mangle - $IPTABLES -t mangle -A POSTROUTING -s 192.168.1.0/24 -j RULE_23 - $IPTABLES -t mangle -A RULE_23 -j LOG --log-level info --log-prefix "RULE 23 -- ACCEPT " - $IPTABLES -t mangle -A RULE_23 -j CLASSIFY --set-class 1:2 - $IPTABLES -t mangle -A RULE_23 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -s 192.168.1.0/24 -j CLASSIFY --set-class 1:2 # # Rule 24 (global) # @@ -627,7 +558,6 @@ script_body() { $IPTABLES -t mangle -A Cid451E56936383.0 -s 192.168.1.0/24 -j RETURN $IPTABLES -t mangle -A Cid451E56936383.0 -s 192.168.2.0/24 -j RETURN $IPTABLES -t mangle -A Cid451E56936383.0 -j CLASSIFY --set-class 1:2 - $IPTABLES -t mangle -A Cid451E56936383.0 -j ACCEPT # # Rule 25 (global) # @@ -637,49 +567,31 @@ script_body() { $IPTABLES -t mangle -A POSTROUTING -j Cid451E56A46383.0 $IPTABLES -t mangle -A Cid451E56A46383.0 -s 192.168.1.0/24 -j RETURN $IPTABLES -t mangle -A Cid451E56A46383.0 -s 192.168.2.0/24 -j RETURN - $IPTABLES -N RULE_25_3 -t mangle - $IPTABLES -t mangle -A Cid451E56A46383.0 -j RULE_25_3 - $IPTABLES -t mangle -A RULE_25_3 -j LOG --log-level info --log-prefix "RULE 25 -- ACCEPT " - $IPTABLES -t mangle -A RULE_25_3 -j CLASSIFY --set-class 1:2 - $IPTABLES -t mangle -A RULE_25_3 -j ACCEPT + $IPTABLES -t mangle -A Cid451E56A46383.0 -j CLASSIFY --set-class 1:2 # # Rule 26 (eth1) # echo "Rule 26 (eth1)" # - $IPTABLES -N Cid451EAD596383.0 -t mangle - $IPTABLES -t mangle -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Cid451EAD596383.0 - $IPTABLES -t mangle -A Cid451EAD596383.0 -j CLASSIFY --set-class 1:2 - $IPTABLES -t mangle -A Cid451EAD596383.0 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j CLASSIFY --set-class 1:2 # # Rule 27 (eth1) # echo "Rule 27 (eth1)" # - $IPTABLES -N Out_RULE_27 -t mangle - $IPTABLES -t mangle -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j Out_RULE_27 - $IPTABLES -t mangle -A Out_RULE_27 -j LOG --log-level info --log-prefix "RULE 27 -- ACCEPT " - $IPTABLES -t mangle -A Out_RULE_27 -j CLASSIFY --set-class 1:2 - $IPTABLES -t mangle -A Out_RULE_27 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j CLASSIFY --set-class 1:2 # # Rule 28 (eth1) # echo "Rule 28 (eth1)" # - $IPTABLES -N Cid451ED8E76383.0 -t mangle - $IPTABLES -t mangle -A POSTROUTING -o ! eth1 -s 192.168.1.0/24 -j Cid451ED8E76383.0 - $IPTABLES -t mangle -A Cid451ED8E76383.0 -j CLASSIFY --set-class 1:2 - $IPTABLES -t mangle -A Cid451ED8E76383.0 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -o ! eth1 -s 192.168.1.0/24 -j CLASSIFY --set-class 1:2 # # Rule 29 (eth1) # echo "Rule 29 (eth1)" # - $IPTABLES -N Out_RULE_29 -t mangle - $IPTABLES -t mangle -A POSTROUTING -o ! eth1 -s 192.168.1.0/24 -j Out_RULE_29 - $IPTABLES -t mangle -A Out_RULE_29 -j LOG --log-level info --log-prefix "RULE 29 -- ACCEPT " - $IPTABLES -t mangle -A Out_RULE_29 -j CLASSIFY --set-class 1:2 - $IPTABLES -t mangle -A Out_RULE_29 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -o ! eth1 -s 192.168.1.0/24 -j CLASSIFY --set-class 1:2 # # Rule 30 (global) # @@ -688,20 +600,14 @@ script_body() { # testing for bug #1618381 # classify action is non-terminating # in this firewall object - $IPTABLES -N Cid4599A9DC19324.0 -t mangle - $IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type 3 -j Cid4599A9DC19324.0 - $IPTABLES -t mangle -A Cid4599A9DC19324.0 -j CLASSIFY --set-class 1:10 - $IPTABLES -t mangle -A Cid4599A9DC19324.0 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -p icmp -m icmp --icmp-type 3 -j CLASSIFY --set-class 1:10 # # Rule 31 (eth0) # echo "Rule 31 (eth0)" # # second rule for bug #1618381 - $IPTABLES -N Cid4599A9E919324.0 -t mangle - $IPTABLES -t mangle -A POSTROUTING -o eth0 -j Cid4599A9E919324.0 - $IPTABLES -t mangle -A Cid4599A9E919324.0 -j CLASSIFY --set-class 1:11 - $IPTABLES -t mangle -A Cid4599A9E919324.0 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -o eth0 -j CLASSIFY --set-class 1:11 # # Rule 32 (global) # @@ -713,7 +619,6 @@ script_body() { $IPTABLES -t mangle -A Cid459A026219324.0 -s 192.168.1.0/24 -j RETURN $IPTABLES -t mangle -A Cid459A026219324.0 -s 192.168.2.0/24 -j RETURN $IPTABLES -t mangle -A Cid459A026219324.0 -j CLASSIFY --set-class 1:10 - $IPTABLES -t mangle -A Cid459A026219324.0 -j ACCEPT # # Rule 33 (global) # @@ -726,7 +631,6 @@ script_body() { $IPTABLES -t mangle -A Cid459A5AFB19324.0 -s 192.168.1.0/24 -j RETURN $IPTABLES -t mangle -A Cid459A5AFB19324.0 -s 192.168.2.0/24 -j RETURN $IPTABLES -t mangle -A Cid459A5AFB19324.0 -j CLASSIFY --set-class 1:10 - $IPTABLES -t mangle -A Cid459A5AFB19324.0 -j ACCEPT # # Rule 34 (eth0) # @@ -736,23 +640,17 @@ script_body() { # this rule uses multiport # and has to be split because # of that - $IPTABLES -N Cid459A875F19324.0 -t mangle - $IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp --dport 10000:11000 -j Cid459A875F19324.0 - $IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j Cid459A875F19324.0 - $IPTABLES -t mangle -A POSTROUTING -o eth0 -p udp -m udp -m multiport --dports 53,161 -j Cid459A875F19324.0 - $IPTABLES -t mangle -A Cid459A875F19324.0 -j CLASSIFY --set-class 1:11 - $IPTABLES -t mangle -A Cid459A875F19324.0 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp --dport 10000:11000 -j CLASSIFY --set-class 1:11 + $IPTABLES -t mangle -A POSTROUTING -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j CLASSIFY --set-class 1:11 + $IPTABLES -t mangle -A POSTROUTING -o eth0 -p udp -m udp -m multiport --dports 53,161 -j CLASSIFY --set-class 1:11 # # Rule 36 (global) # echo "Rule 36 (global)" # - $IPTABLES -N RULE_36 -t mangle - $IPTABLES -t mangle -A PREROUTING -j RULE_36 - $IPTABLES -t mangle -A RULE_36 -j LOG --log-level info --log-prefix "RULE 36 -- BRANCH " - $IPTABLES -t mangle -A RULE_36 -j mymark - $IPTABLES -t mangle -A POSTROUTING -j RULE_36 - $IPTABLES -t mangle -A FORWARD -j RULE_36 + $IPTABLES -t mangle -A PREROUTING -j mymark + $IPTABLES -t mangle -A POSTROUTING -j mymark + $IPTABLES -t mangle -A FORWARD -j mymark # ================ Table 'mangle', rule set mangle_rules # # Rule mangle_rules 0 (global) @@ -767,21 +665,16 @@ script_body() { # echo "Rule mangle_rules 1 (global)" # - $IPTABLES -N Cid56804X29169.0 -t mangle - $IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -j Cid56804X29169.0 - $IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -m state --state NEW -j Cid56804X29169.0 - $IPTABLES -t mangle -A Cid56804X29169.0 -j MARK --set-mark 1 - $IPTABLES -t mangle -A Cid56804X29169.0 -j CONNMARK --save-mark - $IPTABLES -t mangle -A Cid56804X29169.0 -j ACCEPT + $IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -j MARK --set-mark 1 + $IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -m state --state NEW -j MARK --set-mark 1 + $IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -j CONNMARK --save-mark + $IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -m state --state NEW -j CONNMARK --save-mark # # Rule mangle_rules 2 (global) # echo "Rule mangle_rules 2 (global)" # - $IPTABLES -N Cid56817X29169.0 -t mangle - $IPTABLES -t mangle -A POSTROUTING -m mark --mark 1 -j Cid56817X29169.0 - $IPTABLES -t mangle -A Cid56817X29169.0 -j CLASSIFY --set-class 1:12 - $IPTABLES -t mangle -A Cid56817X29169.0 -j ACCEPT + $IPTABLES -t mangle -A POSTROUTING -m mark --mark 1 -j CLASSIFY --set-class 1:12 # # Rule mangle_rules 4 (global) # @@ -884,8 +777,248 @@ script_body() { $IPTABLES -t mangle -A Cid43052X80179.0 -s 6bone.net -j ACCEPT $IPTABLES -t mangle -A Cid43052X80179.0 -s ny6ix.net -j ACCEPT + # ================ Table 'filter', rule set mymark + # + # Rule mymark 0 (global) + # + echo "Rule mymark 0 (global)" + # + $IPTABLES -N mymark + $IPTABLES -A mymark -d 192.168.2.0/24 -m state --state NEW -j ACCEPT + # + # Rule mymark 1 (global) + # + echo "Rule mymark 1 (global)" + # + $IPTABLES -A mymark -m state --state NEW -j ACCEPT # ================ Table 'filter', rule set Policy # + # Rule 0 (global) + # + echo "Rule 0 (global)" + # + $IPTABLES -A OUTPUT -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A OUTPUT -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A INPUT -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A INPUT -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -p ah -m state --state NEW -j ACCEPT + # + # Rule 1 (global) + # + echo "Rule 1 (global)" + # + $IPTABLES -N RULE_1 + $IPTABLES -A OUTPUT -p 50 -m state --state NEW -j RULE_1 + $IPTABLES -A OUTPUT -p ah -m state --state NEW -j RULE_1 + $IPTABLES -A INPUT -p 50 -m state --state NEW -j RULE_1 + $IPTABLES -A INPUT -p ah -m state --state NEW -j RULE_1 + $IPTABLES -A FORWARD -p 50 -m state --state NEW -j RULE_1 + $IPTABLES -A FORWARD -p ah -m state --state NEW -j RULE_1 + $IPTABLES -A RULE_1 -j LOG --log-level info --log-prefix "RULE 1 -- ACCEPT " + $IPTABLES -A RULE_1 -j ACCEPT + # + # Rule 2 (global) + # + echo "Rule 2 (global)" + # + $IPTABLES -N Cid483502D710047.0 + $IPTABLES -A INPUT -p 50 -m state --state NEW -j Cid483502D710047.0 + $IPTABLES -A INPUT -p ah -m state --state NEW -j Cid483502D710047.0 + $IPTABLES -A Cid483502D710047.0 -s 22.22.23.22 -j ACCEPT + $IPTABLES -A Cid483502D710047.0 -s 192.168.1.22 -j ACCEPT + $IPTABLES -A Cid483502D710047.0 -s 192.168.2.1 -j ACCEPT + $IPTABLES -A OUTPUT -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A OUTPUT -p ah -m state --state NEW -j ACCEPT + # + # Rule 3 (eth1) + # + echo "Rule 3 (eth1)" + # + $IPTABLES -A OUTPUT -o eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A OUTPUT -o eth1 -p ah -m state --state NEW -j ACCEPT + # + # Rule 4 (global) + # + echo "Rule 4 (global)" + # + $IPTABLES -N Cid483502E810047.0 + $IPTABLES -A INPUT -p 50 -m state --state NEW -j Cid483502E810047.0 + $IPTABLES -A INPUT -p ah -m state --state NEW -j Cid483502E810047.0 + $IPTABLES -N RULE_4 + $IPTABLES -A Cid483502E810047.0 -s 22.22.23.22 -j RULE_4 + $IPTABLES -A Cid483502E810047.0 -s 192.168.1.22 -j RULE_4 + $IPTABLES -A Cid483502E810047.0 -s 192.168.2.1 -j RULE_4 + $IPTABLES -A OUTPUT -p 50 -m state --state NEW -j RULE_4 + $IPTABLES -A OUTPUT -p ah -m state --state NEW -j RULE_4 + $IPTABLES -A RULE_4 -j LOG --log-level info --log-prefix "RULE 4 -- ACCEPT " + $IPTABLES -A RULE_4 -j ACCEPT + # + # Rule 5 (eth1) + # + echo "Rule 5 (eth1)" + # + $IPTABLES -N Cid43501X5007.0 + $IPTABLES -A OUTPUT -o eth1 -s 22.22.23.22 -m state --state NEW -j Cid43501X5007.0 + $IPTABLES -A Cid43501X5007.0 -p 50 -j ACCEPT + $IPTABLES -A Cid43501X5007.0 -p ah -j ACCEPT + # + # Rule 6 (eth1) + # + echo "Rule 6 (eth1)" + # + $IPTABLES -N Cid43518X5007.0 + $IPTABLES -A OUTPUT -o eth1 -s 22.22.23.22 -m state --state NEW -j Cid43518X5007.0 + $IPTABLES -A Cid43518X5007.0 -p 50 -j ACCEPT + $IPTABLES -A Cid43518X5007.0 -p ah -j ACCEPT + # + # Rule 7 (eth1) + # + echo "Rule 7 (eth1)" + # + $IPTABLES -A OUTPUT -o eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A OUTPUT -o eth1 -p ah -m state --state NEW -j ACCEPT + # + # Rule 8 (eth1) + # + echo "Rule 8 (eth1)" + # + $IPTABLES -N Cid43554X5007.0 + $IPTABLES -A OUTPUT -o eth1 -s 22.22.23.22 -j Cid43554X5007.0 + $IPTABLES -A Cid43554X5007.0 -p 50 -j ACCEPT + $IPTABLES -A Cid43554X5007.0 -p ah -j ACCEPT + # + # Rule 9 (eth1) + # + echo "Rule 9 (eth1)" + # + $IPTABLES -N Cid43571X5007.0 + $IPTABLES -A OUTPUT -o eth1 -s 22.22.23.22 -j Cid43571X5007.0 + $IPTABLES -A Cid43571X5007.0 -p 50 -j ACCEPT + $IPTABLES -A Cid43571X5007.0 -p ah -j ACCEPT + # + # Rule 10 (eth1) + # + echo "Rule 10 (eth1)" + # + $IPTABLES -A OUTPUT -o eth1 -p 50 -j ACCEPT + $IPTABLES -A OUTPUT -o eth1 -p ah -j ACCEPT + # + # Rule 11 (global) + # + echo "Rule 11 (global)" + # + $IPTABLES -N Cid43BBCC139745.0 + $IPTABLES -A OUTPUT -p 50 -m state --state NEW -j Cid43BBCC139745.0 + $IPTABLES -A OUTPUT -p ah -m state --state NEW -j Cid43BBCC139745.0 + $IPTABLES -A INPUT -p 50 -m state --state NEW -j Cid43BBCC139745.0 + $IPTABLES -A INPUT -p ah -m state --state NEW -j Cid43BBCC139745.0 + $IPTABLES -A FORWARD -p 50 -m state --state NEW -j Cid43BBCC139745.0 + $IPTABLES -A FORWARD -p ah -m state --state NEW -j Cid43BBCC139745.0 + $IPTABLES -A Cid43BBCC139745.0 -s 192.168.1.0/24 -j RETURN + $IPTABLES -A Cid43BBCC139745.0 -s 192.168.2.0/24 -j RETURN + $IPTABLES -N RULE_11_3 + $IPTABLES -A Cid43BBCC139745.0 -j RULE_11_3 + $IPTABLES -A RULE_11_3 -j LOG --log-level info --log-prefix "RULE 11 -- ACCEPT " + $IPTABLES -A RULE_11_3 -j ACCEPT + # + # Rule 12 (eth1) + # + echo "Rule 12 (eth1)" + # + $IPTABLES -A INPUT -i eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A INPUT -i eth1 -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -i eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -i eth1 -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A OUTPUT -o eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A OUTPUT -o eth1 -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -o eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -o eth1 -p ah -m state --state NEW -j ACCEPT + # + # Rule 13 (eth1) + # + echo "Rule 13 (eth1)" + # + $IPTABLES -A INPUT -i eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A INPUT -i eth1 -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -i eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -i eth1 -p ah -m state --state NEW -j ACCEPT + # + # Rule 14 (eth1) + # + echo "Rule 14 (eth1)" + # + $IPTABLES -A OUTPUT -o eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A OUTPUT -o eth1 -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -o eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -o eth1 -p ah -m state --state NEW -j ACCEPT + # + # Rule 15 (global) + # + echo "Rule 15 (global)" + # + # using CONNMARK + $IPTABLES -A OUTPUT -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A OUTPUT -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A INPUT -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A INPUT -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -p ah -m state --state NEW -j ACCEPT + # + # Rule 16 (global) + # + echo "Rule 16 (global)" + # + # using CONNMARK + $IPTABLES -N RULE_16 + $IPTABLES -A OUTPUT -p 50 -m state --state NEW -j RULE_16 + $IPTABLES -A OUTPUT -p ah -m state --state NEW -j RULE_16 + $IPTABLES -A INPUT -p 50 -m state --state NEW -j RULE_16 + $IPTABLES -A INPUT -p ah -m state --state NEW -j RULE_16 + $IPTABLES -A FORWARD -p 50 -m state --state NEW -j RULE_16 + $IPTABLES -A FORWARD -p ah -m state --state NEW -j RULE_16 + $IPTABLES -A RULE_16 -j LOG --log-level info --log-prefix "RULE 16 -- ACCEPT " + $IPTABLES -A RULE_16 -j ACCEPT + # + # Rule 17 (global) + # + echo "Rule 17 (global)" + # + # using CONNMARK + $IPTABLES -N Cid4483A4DF1810.0 + $IPTABLES -A OUTPUT -p 50 -m state --state NEW -j Cid4483A4DF1810.0 + $IPTABLES -A OUTPUT -p ah -m state --state NEW -j Cid4483A4DF1810.0 + $IPTABLES -A INPUT -p 50 -m state --state NEW -j Cid4483A4DF1810.0 + $IPTABLES -A INPUT -p ah -m state --state NEW -j Cid4483A4DF1810.0 + $IPTABLES -A FORWARD -p 50 -m state --state NEW -j Cid4483A4DF1810.0 + $IPTABLES -A FORWARD -p ah -m state --state NEW -j Cid4483A4DF1810.0 + $IPTABLES -A Cid4483A4DF1810.0 -s 192.168.1.0/24 -j RETURN + $IPTABLES -A Cid4483A4DF1810.0 -s 192.168.2.0/24 -j RETURN + $IPTABLES -N RULE_17_3 + $IPTABLES -A Cid4483A4DF1810.0 -j RULE_17_3 + $IPTABLES -A RULE_17_3 -j LOG --log-level info --log-prefix "RULE 17 -- ACCEPT " + $IPTABLES -A RULE_17_3 -j ACCEPT + # + # Rule 18 (eth1) + # + echo "Rule 18 (eth1)" + # + # using CONNMARK + $IPTABLES -A INPUT -i eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A INPUT -i eth1 -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -i eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -i eth1 -p ah -m state --state NEW -j ACCEPT + # + # Rule 19 (eth1) + # + echo "Rule 19 (eth1)" + # + # using CONNMARK + $IPTABLES -A OUTPUT -o eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A OUTPUT -o eth1 -p ah -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -o eth1 -p 50 -m state --state NEW -j ACCEPT + $IPTABLES -A FORWARD -o eth1 -p ah -m state --state NEW -j ACCEPT + # # Rule 20 (global) # echo "Rule 20 (global)" @@ -902,6 +1035,171 @@ script_body() { $IPTABLES -A OUTPUT -p tcp -m tcp -d 192.168.2.10 --dport 80 -j QUEUE $IPTABLES -A FORWARD -p tcp -m tcp -d 192.168.2.10 --dport 80 -j QUEUE # + # Rule 22 (global) + # + echo "Rule 22 (global)" + # + $IPTABLES -A INPUT -s 192.168.1.0/24 -j ACCEPT + $IPTABLES -A OUTPUT -s 192.168.1.0/24 -j ACCEPT + $IPTABLES -A FORWARD -s 192.168.1.0/24 -j ACCEPT + # + # Rule 23 (global) + # + echo "Rule 23 (global)" + # + $IPTABLES -N RULE_23 + $IPTABLES -A INPUT -s 192.168.1.0/24 -j RULE_23 + $IPTABLES -A OUTPUT -s 192.168.1.0/24 -j RULE_23 + $IPTABLES -A FORWARD -s 192.168.1.0/24 -j RULE_23 + $IPTABLES -A RULE_23 -j LOG --log-level info --log-prefix "RULE 23 -- ACCEPT " + $IPTABLES -A RULE_23 -j ACCEPT + # + # Rule 24 (global) + # + echo "Rule 24 (global)" + # + $IPTABLES -N Cid451E56936383.0 + $IPTABLES -A OUTPUT -j Cid451E56936383.0 + $IPTABLES -A INPUT -j Cid451E56936383.0 + $IPTABLES -A FORWARD -j Cid451E56936383.0 + $IPTABLES -A Cid451E56936383.0 -s 192.168.1.0/24 -j RETURN + $IPTABLES -A Cid451E56936383.0 -s 192.168.2.0/24 -j RETURN + $IPTABLES -A Cid451E56936383.0 -j ACCEPT + # + # Rule 25 (global) + # + echo "Rule 25 (global)" + # + $IPTABLES -N Cid451E56A46383.0 + $IPTABLES -A OUTPUT -j Cid451E56A46383.0 + $IPTABLES -A INPUT -j Cid451E56A46383.0 + $IPTABLES -A FORWARD -j Cid451E56A46383.0 + $IPTABLES -A Cid451E56A46383.0 -s 192.168.1.0/24 -j RETURN + $IPTABLES -A Cid451E56A46383.0 -s 192.168.2.0/24 -j RETURN + $IPTABLES -N RULE_25_3 + $IPTABLES -A Cid451E56A46383.0 -j RULE_25_3 + $IPTABLES -A RULE_25_3 -j LOG --log-level info --log-prefix "RULE 25 -- ACCEPT " + $IPTABLES -A RULE_25_3 -j ACCEPT + # + # Rule 26 (eth1) + # + echo "Rule 26 (eth1)" + # + $IPTABLES -A INPUT -i eth1 -s 192.168.1.0/24 -j ACCEPT + $IPTABLES -A FORWARD -i eth1 -s 192.168.1.0/24 -j ACCEPT + $IPTABLES -A OUTPUT -o eth1 -s 192.168.1.0/24 -j ACCEPT + $IPTABLES -A FORWARD -o eth1 -s 192.168.1.0/24 -j ACCEPT + # + # Rule 27 (eth1) + # + echo "Rule 27 (eth1)" + # + $IPTABLES -N In_RULE_27 + $IPTABLES -A INPUT -i eth1 -s 192.168.1.0/24 -j In_RULE_27 + $IPTABLES -A FORWARD -i eth1 -s 192.168.1.0/24 -j In_RULE_27 + $IPTABLES -A In_RULE_27 -j LOG --log-level info --log-prefix "RULE 27 -- ACCEPT " + $IPTABLES -A In_RULE_27 -j ACCEPT + $IPTABLES -N Out_RULE_27 + $IPTABLES -A OUTPUT -o eth1 -s 192.168.1.0/24 -j Out_RULE_27 + $IPTABLES -A FORWARD -o eth1 -s 192.168.1.0/24 -j Out_RULE_27 + $IPTABLES -A Out_RULE_27 -j LOG --log-level info --log-prefix "RULE 27 -- ACCEPT " + $IPTABLES -A Out_RULE_27 -j ACCEPT + # + # Rule 28 (eth1) + # + echo "Rule 28 (eth1)" + # + $IPTABLES -A INPUT -i ! eth1 -s 192.168.1.0/24 -j ACCEPT + $IPTABLES -A FORWARD -i ! eth1 -s 192.168.1.0/24 -j ACCEPT + $IPTABLES -A OUTPUT -o ! eth1 -s 192.168.1.0/24 -j ACCEPT + $IPTABLES -A FORWARD -o ! eth1 -s 192.168.1.0/24 -j ACCEPT + # + # Rule 29 (eth1) + # + echo "Rule 29 (eth1)" + # + $IPTABLES -N In_RULE_29 + $IPTABLES -A INPUT -i ! eth1 -s 192.168.1.0/24 -j In_RULE_29 + $IPTABLES -A FORWARD -i ! eth1 -s 192.168.1.0/24 -j In_RULE_29 + $IPTABLES -A In_RULE_29 -j LOG --log-level info --log-prefix "RULE 29 -- ACCEPT " + $IPTABLES -A In_RULE_29 -j ACCEPT + $IPTABLES -N Out_RULE_29 + $IPTABLES -A OUTPUT -o ! eth1 -s 192.168.1.0/24 -j Out_RULE_29 + $IPTABLES -A FORWARD -o ! eth1 -s 192.168.1.0/24 -j Out_RULE_29 + $IPTABLES -A Out_RULE_29 -j LOG --log-level info --log-prefix "RULE 29 -- ACCEPT " + $IPTABLES -A Out_RULE_29 -j ACCEPT + # + # Rule 30 (global) + # + echo "Rule 30 (global)" + # + # testing for bug #1618381 + # classify action is non-terminating + # in this firewall object + $IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT + $IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT + $IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j ACCEPT + # + # Rule 31 (eth0) + # + echo "Rule 31 (eth0)" + # + # second rule for bug #1618381 + $IPTABLES -A INPUT -i eth0 -j ACCEPT + $IPTABLES -A FORWARD -i eth0 -j ACCEPT + $IPTABLES -A OUTPUT -o eth0 -j ACCEPT + $IPTABLES -A FORWARD -o eth0 -j ACCEPT + # + # Rule 32 (global) + # + echo "Rule 32 (global)" + # + # testing for bug #1618381 + $IPTABLES -N Cid459A026219324.0 + $IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j Cid459A026219324.0 + $IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j Cid459A026219324.0 + $IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j Cid459A026219324.0 + $IPTABLES -A Cid459A026219324.0 -s 192.168.1.0/24 -j RETURN + $IPTABLES -A Cid459A026219324.0 -s 192.168.2.0/24 -j RETURN + $IPTABLES -A Cid459A026219324.0 -j ACCEPT + # + # Rule 33 (global) + # + echo "Rule 33 (global)" + # + # testing for bug #1618381 + $IPTABLES -N Cid459A5AFB19324.0 + $IPTABLES -A OUTPUT -p icmp -m icmp --icmp-type 3 -j Cid459A5AFB19324.0 + $IPTABLES -A OUTPUT -p tcp -m tcp --dport 80 -j Cid459A5AFB19324.0 + $IPTABLES -A INPUT -p icmp -m icmp --icmp-type 3 -j Cid459A5AFB19324.0 + $IPTABLES -A INPUT -p tcp -m tcp --dport 80 -j Cid459A5AFB19324.0 + $IPTABLES -A FORWARD -p icmp -m icmp --icmp-type 3 -j Cid459A5AFB19324.0 + $IPTABLES -A FORWARD -p tcp -m tcp --dport 80 -j Cid459A5AFB19324.0 + $IPTABLES -A Cid459A5AFB19324.0 -s 192.168.1.0/24 -j RETURN + $IPTABLES -A Cid459A5AFB19324.0 -s 192.168.2.0/24 -j RETURN + $IPTABLES -A Cid459A5AFB19324.0 -j ACCEPT + # + # Rule 34 (eth0) + # + echo "Rule 34 (eth0)" + # + # bug #1618381 + # this rule uses multiport + # and has to be split because + # of that + $IPTABLES -A INPUT -i eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT + $IPTABLES -A INPUT -i eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT + $IPTABLES -A INPUT -i eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT + $IPTABLES -A FORWARD -i eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT + $IPTABLES -A FORWARD -i eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT + $IPTABLES -A FORWARD -i eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT + $IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT + $IPTABLES -A OUTPUT -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT + $IPTABLES -A OUTPUT -o eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT + $IPTABLES -A FORWARD -o eth0 -p tcp -m tcp --dport 10000:11000 -j ACCEPT + $IPTABLES -A FORWARD -o eth0 -p tcp -m tcp -m multiport --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540 -j ACCEPT + $IPTABLES -A FORWARD -o eth0 -p udp -m udp -m multiport --dports 53,161 -j ACCEPT + # # Rule 35 (global) # echo "Rule 35 (global)" @@ -919,7 +1217,6 @@ script_body() { $IPTABLES -A INPUT -j RULE_36 $IPTABLES -A FORWARD -j RULE_36 $IPTABLES -A RULE_36 -j LOG --log-level info --log-prefix "RULE 36 -- BRANCH " - $IPTABLES -N mymark $IPTABLES -A RULE_36 -j mymark # # Rule 37 (global) @@ -987,7 +1284,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue May 3 20:28:13 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:30 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall38.fw.orig b/test/ipt/firewall38.fw.orig index 68ff21e71..8cdbc2d1a 100755 --- a/test/ipt/firewall38.fw.orig +++ b/test/ipt/firewall38.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.ma_1 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Tue May 3 19:32:56 2011 PDT by vadim +# Generated Fri May 13 12:35:28 2011 PDT by vadim # # files: * firewall38.fw /etc/fw/firewall38.fw # @@ -313,6 +313,36 @@ script_body() { echo "-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT " # ================ Table 'filter', rule set Policy # + # Rule 1 (global) + echo "-A OUTPUT -p 50 -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 1 -- CONTINUE \"" + echo "-A OUTPUT -p ah -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 1 -- CONTINUE \"" + echo "-A INPUT -p 50 -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 1 -- CONTINUE \"" + echo "-A INPUT -p ah -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 1 -- CONTINUE \"" + echo "-A FORWARD -p 50 -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 1 -- CONTINUE \"" + echo "-A FORWARD -p ah -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 1 -- CONTINUE \"" + # + # Rule 2 (global) + echo ":Cid43BBF1AD9745.0 - [0:0]" + echo "-A OUTPUT -s ! 192.168.1.0/24 -m state --state NEW -j Cid43BBF1AD9745.0 " + echo "-A Cid43BBF1AD9745.0 -p 50 -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \"" + echo "-A Cid43BBF1AD9745.0 -p ah -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \"" + echo ":Cid43BBF1AD9745.1 - [0:0]" + echo "-A INPUT -s ! 192.168.1.0/24 -m state --state NEW -j Cid43BBF1AD9745.1 " + echo "-A Cid43BBF1AD9745.1 -p 50 -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \"" + echo "-A Cid43BBF1AD9745.1 -p ah -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \"" + echo ":Cid43BBF1AD9745.2 - [0:0]" + echo "-A OUTPUT -s ! 192.168.1.0/24 -m state --state NEW -j Cid43BBF1AD9745.2 " + echo "-A Cid43BBF1AD9745.2 -p 50 -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \"" + echo "-A Cid43BBF1AD9745.2 -p ah -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \"" + echo ":Cid43BBF1AD9745.3 - [0:0]" + echo "-A FORWARD -s ! 192.168.1.0/24 -m state --state NEW -j Cid43BBF1AD9745.3 " + echo "-A Cid43BBF1AD9745.3 -p 50 -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \"" + echo "-A Cid43BBF1AD9745.3 -p ah -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \"" + # + # Rule 5 (global) + echo "-A INPUT -p tcp -m tcp -s 22.22.23.22 --dport 80 -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 5 -- CONTINUE \"" + echo "-A OUTPUT -p tcp -m tcp -s 22.22.23.22 --dport 80 -m state --state NEW -j LOG --log-level info --log-prefix \"RULE 5 -- CONTINUE \"" + # # Rule 9 (global) echo "-A OUTPUT -m mark --mark 16 -m state --state NEW -j ACCEPT " echo "-A INPUT -m mark --mark 16 -m state --state NEW -j ACCEPT " @@ -372,26 +402,20 @@ script_body() { echo "-A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 16" # # Rule 1 (global) - echo ":RULE_1 - [0:0]" - echo "-A OUTPUT -p 50 -m state --state NEW -j RULE_1 " - echo "-A OUTPUT -p ah -m state --state NEW -j RULE_1 " - echo "-A PREROUTING -p 50 -m state --state NEW -j RULE_1 " - echo "-A PREROUTING -p ah -m state --state NEW -j RULE_1 " - echo "-A RULE_1 -j LOG --log-level info --log-prefix \"RULE 1 -- CONTINUE \"" - echo "-A RULE_1 -j MARK --set-mark 16" + echo "-A OUTPUT -p 50 -m state --state NEW -j MARK --set-mark 16" + echo "-A OUTPUT -p ah -m state --state NEW -j MARK --set-mark 16" + echo "-A PREROUTING -p 50 -m state --state NEW -j MARK --set-mark 16" + echo "-A PREROUTING -p ah -m state --state NEW -j MARK --set-mark 16" # # Rule 2 (global) echo ":Cid43BBF1AD9745.0 - [0:0]" echo "-A OUTPUT -s ! 192.168.1.0/24 -m state --state NEW -j Cid43BBF1AD9745.0 " - echo ":RULE_2 - [0:0]" - echo "-A Cid43BBF1AD9745.0 -p 50 -j RULE_2 " - echo "-A Cid43BBF1AD9745.0 -p ah -j RULE_2 " + echo "-A Cid43BBF1AD9745.0 -p 50 -j MARK --set-mark 16" + echo "-A Cid43BBF1AD9745.0 -p ah -j MARK --set-mark 16" echo ":Cid43BBF1AD9745.1 - [0:0]" echo "-A PREROUTING -s ! 192.168.1.0/24 -m state --state NEW -j Cid43BBF1AD9745.1 " - echo "-A Cid43BBF1AD9745.1 -p 50 -j RULE_2 " - echo "-A Cid43BBF1AD9745.1 -p ah -j RULE_2 " - echo "-A RULE_2 -j LOG --log-level info --log-prefix \"RULE 2 -- CONTINUE \"" - echo "-A RULE_2 -j MARK --set-mark 16" + echo "-A Cid43BBF1AD9745.1 -p 50 -j MARK --set-mark 16" + echo "-A Cid43BBF1AD9745.1 -p ah -j MARK --set-mark 16" # # Rule 3 (eth1) echo "-A PREROUTING -i eth1 -p 50 -m state --state NEW -j MARK --set-mark 16" @@ -402,10 +426,7 @@ script_body() { echo "-A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -j MARK --set-mark 2" # # Rule 5 (global) - echo ":RULE_5 - [0:0]" - echo "-A OUTPUT -p tcp -m tcp -s 22.22.23.22 --dport 80 -m state --state NEW -j RULE_5 " - echo "-A RULE_5 -j LOG --log-level info --log-prefix \"RULE 5 -- CONTINUE \"" - echo "-A RULE_5 -j MARK --set-mark 2" + echo "-A OUTPUT -p tcp -m tcp -s 22.22.23.22 --dport 80 -m state --state NEW -j MARK --set-mark 2" # # Rule 6 (eth1) echo "-A OUTPUT -o eth1 -p tcp -m tcp -s 22.22.23.22 --dport 80 -m state --state NEW -j MARK --set-mark 2" @@ -498,7 +519,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue May 3 19:32:56 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:28 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall39.fw.orig b/test/ipt/firewall39.fw.orig index 11d39091d..930c7752c 100755 --- a/test/ipt/firewall39.fw.orig +++ b/test/ipt/firewall39.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:25 2011 PDT by vadim +# Generated Fri May 13 12:35:30 2011 PDT by vadim # # files: * firewall39.fw /etc/fw/firewall39.fw # @@ -319,101 +319,6 @@ script_body() { $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j ACCEPT $IPTABLES -t nat -A PREROUTING -s 192.168.1.0/24 -j ACCEPT - # ================ Table 'mangle', rule set rule0_branch - # - # Rule rule0_branch 0 (global) - # - echo "Rule rule0_branch 0 (global)" - # - $IPTABLES -N rule0_branch -t mangle - $IPTABLES -N rule0_branch_0 -t mangle - $IPTABLES -t mangle -A rule0_branch -m state --state NEW -j rule0_branch_0 - $IPTABLES -t mangle -A rule0_branch_0 -j LOG --log-level info --log-prefix "RULE 0 -- ACCEPT " - $IPTABLES -t mangle -A rule0_branch_0 -j ACCEPT - # ================ Table 'mangle', rule set rule1_branch - # - # Rule rule1_branch 0 (global) - # - echo "Rule rule1_branch 0 (global)" - # - $IPTABLES -N rule1_branch -t mangle - $IPTABLES -N rule1_branch_0 -t mangle - $IPTABLES -t mangle -A rule1_branch -d 192.168.2.10 -j rule1_branch_0 - $IPTABLES -t mangle -A rule1_branch_0 -j LOG --log-level info --log-prefix "RULE 0 -- DENY " - $IPTABLES -t mangle -A rule1_branch_0 -j DROP - # - # Rule rule1_branch 1 (global) - # - echo "Rule rule1_branch 1 (global)" - # - $IPTABLES -t mangle -A rule1_branch -m state --state NEW -j ACCEPT - # ================ Table 'mangle', rule set rule2_branch - # - # Rule rule2_branch 0 (global) - # - echo "Rule rule2_branch 0 (global)" - # - $IPTABLES -N rule2_branch -t mangle - $IPTABLES -N rule2_branch_0 -t mangle - $IPTABLES -t mangle -A rule2_branch -d ! 192.168.2.10 -j rule2_branch_0 - $IPTABLES -t mangle -A rule2_branch_0 -j LOG --log-level info --log-prefix "RULE 0 -- DENY " - $IPTABLES -t mangle -A rule2_branch_0 -j DROP - # - # Rule rule2_branch 1 (global) - # - echo "Rule rule2_branch 1 (global)" - # - $IPTABLES -t mangle -A rule2_branch -s 222.222.222.0/24 -d 192.168.2.10 -m state --state NEW -j ACCEPT - # - # Rule rule2_branch 2 (global) - # - echo "Rule rule2_branch 2 (global)" - # - $IPTABLES -N rule2_branch_2 -t mangle - $IPTABLES -t mangle -A rule2_branch -j rule2_branch_2 - $IPTABLES -t mangle -A rule2_branch_2 -j LOG --log-level info --log-prefix "RULE 2 -- DENY " - $IPTABLES -t mangle -A rule2_branch_2 -j DROP - # ================ Table 'mangle', rule set rule3_branch - # - # Rule rule3_branch 0 (eth1) - # - echo "Rule rule3_branch 0 (eth1)" - # - $IPTABLES -N rule3_branch -t mangle - $IPTABLES -t mangle -A rule3_branch -i eth1 -d 22.22.23.22 -m state --state NEW -j ACCEPT - $IPTABLES -t mangle -A rule3_branch -i eth1 -d 192.168.1.22 -m state --state NEW -j ACCEPT - $IPTABLES -t mangle -A rule3_branch -i eth1 -d 192.168.2.1 -m state --state NEW -j ACCEPT - # - # Rule rule3_branch 1 (global) - # - echo "Rule rule3_branch 1 (global)" - # - $IPTABLES -N rule3_branch_1 -t mangle - $IPTABLES -t mangle -A rule3_branch -j rule3_branch_1 - $IPTABLES -t mangle -A rule3_branch_1 -j LOG --log-level info --log-prefix "RULE 1 -- DENY " - $IPTABLES -t mangle -A rule3_branch_1 -j DROP - # ================ Table 'mangle', rule set rule4_branch - # - # Rule rule4_branch 0 (eth1) - # - echo "Rule rule4_branch 0 (eth1)" - # - $IPTABLES -N rule4_branch -t mangle - $IPTABLES -N In_rule4_branch_0 -t mangle - $IPTABLES -t mangle -A rule4_branch -i eth1 -j In_rule4_branch_0 - $IPTABLES -t mangle -A In_rule4_branch_0 -j LOG --log-level info --log-prefix "RULE 0 -- BRANCH " - $IPTABLES -N rule_4_0_branch -t mangle - $IPTABLES -t mangle -A In_rule4_branch_0 -j rule_4_0_branch - # - # Rule rule4_branch 1 (eth0) - # - echo "Rule rule4_branch 1 (eth0)" - # - $IPTABLES -N In_rule4_branch_1 -t mangle - $IPTABLES -t mangle -A rule4_branch -i eth0 -j In_rule4_branch_1 - $IPTABLES -t mangle -A In_rule4_branch_1 -j LOG --log-level info --log-prefix "RULE 1 -- BRANCH " - $IPTABLES -N rule_4_1_branch -t mangle - $IPTABLES -t mangle -A In_rule4_branch_1 -j rule_4_1_branch # ================ Table 'mangle', rule set Policy # # Rule 7 (global) @@ -422,6 +327,7 @@ script_body() { # # green rules branch # also in mangle table + $IPTABLES -N rule0_branch -t mangle $IPTABLES -t mangle -A PREROUTING -p 50 -j rule0_branch $IPTABLES -t mangle -A PREROUTING -p ah -j rule0_branch $IPTABLES -t mangle -A POSTROUTING -p 50 -j rule0_branch @@ -433,15 +339,13 @@ script_body() { # echo "Rule 8 (global)" # - $IPTABLES -N RULE_8 -t mangle - $IPTABLES -t mangle -A PREROUTING -p 50 -j RULE_8 - $IPTABLES -t mangle -A PREROUTING -p ah -j RULE_8 - $IPTABLES -t mangle -A RULE_8 -j LOG --log-level info --log-prefix "RULE 8 -- BRANCH " - $IPTABLES -t mangle -A RULE_8 -j rule1_branch - $IPTABLES -t mangle -A POSTROUTING -p 50 -j RULE_8 - $IPTABLES -t mangle -A POSTROUTING -p ah -j RULE_8 - $IPTABLES -t mangle -A FORWARD -p 50 -j RULE_8 - $IPTABLES -t mangle -A FORWARD -p ah -j RULE_8 + $IPTABLES -N rule1_branch -t mangle + $IPTABLES -t mangle -A PREROUTING -p 50 -j rule1_branch + $IPTABLES -t mangle -A PREROUTING -p ah -j rule1_branch + $IPTABLES -t mangle -A POSTROUTING -p 50 -j rule1_branch + $IPTABLES -t mangle -A POSTROUTING -p ah -j rule1_branch + $IPTABLES -t mangle -A FORWARD -p 50 -j rule1_branch + $IPTABLES -t mangle -A FORWARD -p ah -j rule1_branch # # Rule 9 (global) # @@ -449,24 +353,23 @@ script_body() { # $IPTABLES -N Cid464C29BB3999.0 -t mangle $IPTABLES -t mangle -A PREROUTING -s ! 192.168.1.0/24 -j Cid464C29BB3999.0 - $IPTABLES -N RULE_9 -t mangle - $IPTABLES -t mangle -A Cid464C29BB3999.0 -p 50 -j RULE_9 - $IPTABLES -t mangle -A Cid464C29BB3999.0 -p ah -j RULE_9 - $IPTABLES -t mangle -A RULE_9 -j LOG --log-level info --log-prefix "RULE 9 -- BRANCH " - $IPTABLES -t mangle -A RULE_9 -j rule2_branch + $IPTABLES -N rule2_branch -t mangle + $IPTABLES -t mangle -A Cid464C29BB3999.0 -p 50 -j rule2_branch + $IPTABLES -t mangle -A Cid464C29BB3999.0 -p ah -j rule2_branch $IPTABLES -N Cid464C29BB3999.1 -t mangle $IPTABLES -t mangle -A POSTROUTING -s ! 192.168.1.0/24 -j Cid464C29BB3999.1 - $IPTABLES -t mangle -A Cid464C29BB3999.1 -p 50 -j RULE_9 - $IPTABLES -t mangle -A Cid464C29BB3999.1 -p ah -j RULE_9 + $IPTABLES -t mangle -A Cid464C29BB3999.1 -p 50 -j rule2_branch + $IPTABLES -t mangle -A Cid464C29BB3999.1 -p ah -j rule2_branch $IPTABLES -N Cid464C29BB3999.2 -t mangle $IPTABLES -t mangle -A FORWARD -s ! 192.168.1.0/24 -j Cid464C29BB3999.2 - $IPTABLES -t mangle -A Cid464C29BB3999.2 -p 50 -j RULE_9 - $IPTABLES -t mangle -A Cid464C29BB3999.2 -p ah -j RULE_9 + $IPTABLES -t mangle -A Cid464C29BB3999.2 -p 50 -j rule2_branch + $IPTABLES -t mangle -A Cid464C29BB3999.2 -p ah -j rule2_branch # # Rule 10 (eth1) # echo "Rule 10 (eth1)" # + $IPTABLES -N rule3_branch -t mangle $IPTABLES -t mangle -A PREROUTING -i eth1 -p 50 -j rule3_branch $IPTABLES -t mangle -A PREROUTING -i eth1 -p ah -j rule3_branch $IPTABLES -t mangle -A FORWARD -i eth1 -p 50 -j rule3_branch @@ -485,6 +388,7 @@ script_body() { # echo "Rule 12 (global)" # + $IPTABLES -N rule4_branch -t mangle $IPTABLES -t mangle -A PREROUTING -p tcp -m tcp -d 192.168.2.10 --dport 80 -j rule4_branch $IPTABLES -t mangle -A POSTROUTING -p tcp -m tcp -d 192.168.2.10 --dport 80 -j rule4_branch $IPTABLES -t mangle -A FORWARD -p tcp -m tcp -d 192.168.2.10 --dport 80 -j rule4_branch @@ -895,7 +799,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:25 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:30 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall4.fw.orig b/test/ipt/firewall4.fw.orig index 498511c1b..5c3cb7d75 100755 --- a/test/ipt/firewall4.fw.orig +++ b/test/ipt/firewall4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:27 2011 PDT by vadim +# Generated Fri May 13 12:35:32 2011 PDT by vadim # # files: * firewall4.fw /etc/fw/firewall4.fw # @@ -710,7 +710,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:27 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:32 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40-1.fw.orig b/test/ipt/firewall40-1.fw.orig index 018ac293e..8ca12db7b 100755 --- a/test/ipt/firewall40-1.fw.orig +++ b/test/ipt/firewall40-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.ma_1 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Tue May 3 19:33:01 2011 PDT by vadim +# Generated Fri May 13 12:35:34 2011 PDT by vadim # # files: * firewall40-1.fw /etc/firewall40-1.fw # @@ -353,11 +353,8 @@ script_body() { # $IPTABLES -N Cid55038X29165.0 -t mangle $IPTABLES -t mangle -A Policy_1 -s 192.168.1.0/24 -m state --state NEW -j Cid55038X29165.0 - $IPTABLES -N Policy_1_6 -t mangle - $IPTABLES -t mangle -A Cid55038X29165.0 -d 22.22.22.0/24 -j Policy_1_6 - $IPTABLES -t mangle -A Cid55038X29165.0 -d 33.33.33.0/24 -j Policy_1_6 - $IPTABLES -t mangle -A Policy_1_6 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE " - $IPTABLES -t mangle -A Policy_1_6 -j MARK --set-mark 8 + $IPTABLES -t mangle -A Cid55038X29165.0 -d 22.22.22.0/24 -j MARK --set-mark 8 + $IPTABLES -t mangle -A Cid55038X29165.0 -d 33.33.33.0/24 -j MARK --set-mark 8 # ================ Table 'filter', rule set Policy_1 # @@ -378,6 +375,15 @@ script_body() { $IPTABLES -A Policy_1 -j Policy_1_5 $IPTABLES -A Policy_1_5 -j LOG --log-level info --log-prefix "RULE 5 -- DENY " $IPTABLES -A Policy_1_5 -j DROP + # + # Rule Policy_1 6 (global) + # + echo "Rule Policy_1 6 (global)" + # + $IPTABLES -N Cid55038X29165.0 + $IPTABLES -A Policy_1 -s 192.168.1.0/24 -m state --state NEW -j Cid55038X29165.0 + $IPTABLES -A Cid55038X29165.0 -d 22.22.22.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE " + $IPTABLES -A Cid55038X29165.0 -d 33.33.33.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE " # ================ Table 'filter', rule set Policy # # Rule 0 (global) @@ -446,7 +452,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue May 3 19:33:01 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:34 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40-2.fw.orig b/test/ipt/firewall40-2.fw.orig index 2a13a6d47..6dfd0bbae 100755 --- a/test/ipt/firewall40-2.fw.orig +++ b/test/ipt/firewall40-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.ma_1 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Tue May 3 19:33:02 2011 PDT by vadim +# Generated Fri May 13 12:35:34 2011 PDT by vadim # # files: * firewall40-2.fw /etc/firewall40-2.fw # @@ -353,11 +353,8 @@ script_body() { # $IPTABLES -N Cid55227X22068.0 -t mangle $IPTABLES -t mangle -A Policy_1 -s 192.168.1.0/24 -m state --state NEW -j Cid55227X22068.0 - $IPTABLES -N Policy_1_6 -t mangle - $IPTABLES -t mangle -A Cid55227X22068.0 -d 22.22.22.0/24 -j Policy_1_6 - $IPTABLES -t mangle -A Cid55227X22068.0 -d 33.33.33.0/24 -j Policy_1_6 - $IPTABLES -t mangle -A Policy_1_6 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE " - $IPTABLES -t mangle -A Policy_1_6 -j MARK --set-mark 8 + $IPTABLES -t mangle -A Cid55227X22068.0 -d 22.22.22.0/24 -j MARK --set-mark 8 + $IPTABLES -t mangle -A Cid55227X22068.0 -d 33.33.33.0/24 -j MARK --set-mark 8 # ================ Table 'filter', rule set Policy_1 # @@ -378,6 +375,15 @@ script_body() { $IPTABLES -A Policy_1 -j Policy_1_5 $IPTABLES -A Policy_1_5 -j LOG --log-level info --log-prefix "RULE 5 -- DENY " $IPTABLES -A Policy_1_5 -j DROP + # + # Rule Policy_1 6 (global) + # + echo "Rule Policy_1 6 (global)" + # + $IPTABLES -N Cid55227X22068.0 + $IPTABLES -A Policy_1 -s 192.168.1.0/24 -m state --state NEW -j Cid55227X22068.0 + $IPTABLES -A Cid55227X22068.0 -d 22.22.22.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE " + $IPTABLES -A Cid55227X22068.0 -d 33.33.33.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE " } ip_forward() { @@ -433,7 +439,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue May 3 19:33:02 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:34 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall40.fw.orig b/test/ipt/firewall40.fw.orig index 9aef6f114..0d18e2ee7 100755 --- a/test/ipt/firewall40.fw.orig +++ b/test/ipt/firewall40.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.ma_1 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Tue May 3 19:33:00 2011 PDT by vadim +# Generated Fri May 13 12:35:32 2011 PDT by vadim # # files: * firewall40.fw /etc/firewall40.fw # @@ -352,11 +352,8 @@ script_body() { # $IPTABLES -N Cid37084X26841.0 -t mangle $IPTABLES -t mangle -A PREROUTING -s 192.168.1.0/24 -m state --state NEW -j Cid37084X26841.0 - $IPTABLES -N RULE_6 -t mangle - $IPTABLES -t mangle -A Cid37084X26841.0 -d 22.22.22.0/24 -j RULE_6 - $IPTABLES -t mangle -A Cid37084X26841.0 -d 33.33.33.0/24 -j RULE_6 - $IPTABLES -t mangle -A RULE_6 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE " - $IPTABLES -t mangle -A RULE_6 -j MARK --set-mark 8 + $IPTABLES -t mangle -A Cid37084X26841.0 -d 22.22.22.0/24 -j MARK --set-mark 8 + $IPTABLES -t mangle -A Cid37084X26841.0 -d 33.33.33.0/24 -j MARK --set-mark 8 # ================ Table 'filter', rule set Policy # @@ -380,6 +377,19 @@ script_body() { $IPTABLES -A FORWARD -j RULE_5 $IPTABLES -A RULE_5 -j LOG --log-level info --log-prefix "RULE 5 -- DENY " $IPTABLES -A RULE_5 -j DROP + # + # Rule 6 (global) + # + echo "Rule 6 (global)" + # + $IPTABLES -N Cid37084X26841.0 + $IPTABLES -A OUTPUT -s 192.168.1.0/24 -m state --state NEW -j Cid37084X26841.0 + $IPTABLES -A Cid37084X26841.0 -d 22.22.22.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE " + $IPTABLES -A Cid37084X26841.0 -d 33.33.33.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE " + $IPTABLES -N Cid37084X26841.1 + $IPTABLES -A FORWARD -s 192.168.1.0/24 -m state --state NEW -j Cid37084X26841.1 + $IPTABLES -A Cid37084X26841.1 -d 22.22.22.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE " + $IPTABLES -A Cid37084X26841.1 -d 33.33.33.0/24 -j LOG --log-level info --log-prefix "RULE 6 -- CONTINUE " } ip_forward() { @@ -435,7 +445,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Tue May 3 19:33:00 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:32 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall41-1.fw.orig b/test/ipt/firewall41-1.fw.orig index eb1e071d9..53ac8848d 100755 --- a/test/ipt/firewall41-1.fw.orig +++ b/test/ipt/firewall41-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:31 2011 PDT by vadim +# Generated Fri May 13 12:35:36 2011 PDT by vadim # # files: * firewall41-1.fw /etc/firewall41-1.fw # @@ -575,7 +575,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:31 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:36 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall41.fw.orig b/test/ipt/firewall41.fw.orig index 6cd1f94dc..43fadaebc 100755 --- a/test/ipt/firewall41.fw.orig +++ b/test/ipt/firewall41.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:33 2011 PDT by vadim +# Generated Fri May 13 12:35:37 2011 PDT by vadim # # files: * firewall41.fw /etc/firewall41.fw # @@ -459,7 +459,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:33 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:37 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall42.fw.orig b/test/ipt/firewall42.fw.orig index aa9a4fc29..44d821e1f 100755 --- a/test/ipt/firewall42.fw.orig +++ b/test/ipt/firewall42.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:35 2011 PDT by vadim +# Generated Fri May 13 12:35:39 2011 PDT by vadim # # files: * firewall42.fw /etc/fw/firewall42.fw # @@ -382,7 +382,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:35 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:39 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall5.fw.orig b/test/ipt/firewall5.fw.orig index f0db7bbaf..9407cbdf0 100755 --- a/test/ipt/firewall5.fw.orig +++ b/test/ipt/firewall5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:35 2011 PDT by vadim +# Generated Fri May 13 12:35:40 2011 PDT by vadim # # files: * firewall5.fw /etc/fw/firewall5.fw # @@ -622,7 +622,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:35 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:40 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall50.fw.orig b/test/ipt/firewall50.fw.orig index b4fa4f7b8..37270e219 100755 --- a/test/ipt/firewall50.fw.orig +++ b/test/ipt/firewall50.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:37 2011 PDT by vadim +# Generated Fri May 13 12:35:41 2011 PDT by vadim # # files: * firewall50.fw /etc/fw/firewall50.fw # @@ -418,7 +418,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:37 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:41 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall51.fw.orig b/test/ipt/firewall51.fw.orig index 906e24ab9..498a8d856 100755 --- a/test/ipt/firewall51.fw.orig +++ b/test/ipt/firewall51.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:37 2011 PDT by vadim +# Generated Fri May 13 12:35:42 2011 PDT by vadim # # files: * firewall51.fw /etc/fw/firewall51.fw # @@ -491,7 +491,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:37 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:42 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall6.fw.orig b/test/ipt/firewall6.fw.orig index 38c46d34e..2ff207975 100755 --- a/test/ipt/firewall6.fw.orig +++ b/test/ipt/firewall6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:39 2011 PDT by vadim +# Generated Fri May 13 12:35:43 2011 PDT by vadim # # files: * firewall6.fw /etc/fw/firewall6.fw # @@ -513,7 +513,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:39 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:43 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall60.fw.orig b/test/ipt/firewall60.fw.orig index bee949199..f49aaada2 100755 --- a/test/ipt/firewall60.fw.orig +++ b/test/ipt/firewall60.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:40 2011 PDT by vadim +# Generated Fri May 13 12:35:44 2011 PDT by vadim # # files: * firewall60.fw /etc/firewall60.fw # @@ -419,7 +419,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:40 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:44 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.2.5.fw.orig b/test/ipt/firewall61-1.2.5.fw.orig index d970659b1..7fb0e6715 100755 --- a/test/ipt/firewall61-1.2.5.fw.orig +++ b/test/ipt/firewall61-1.2.5.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:41 2011 PDT by vadim +# Generated Fri May 13 12:35:45 2011 PDT by vadim # # files: * firewall61-1.2.5.fw /etc/firewall61-1.2.5.fw # @@ -499,7 +499,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:41 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:45 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.2.6.fw.orig b/test/ipt/firewall61-1.2.6.fw.orig index e7090eba1..ab3c1fff1 100755 --- a/test/ipt/firewall61-1.2.6.fw.orig +++ b/test/ipt/firewall61-1.2.6.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:42 2011 PDT by vadim +# Generated Fri May 13 12:35:46 2011 PDT by vadim # # files: * firewall61-1.2.6.fw /etc/firewall61-1.2.6.fw # @@ -505,7 +505,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:42 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:46 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.3.x.fw.orig b/test/ipt/firewall61-1.3.x.fw.orig index a60c6d854..74890ba44 100755 --- a/test/ipt/firewall61-1.3.x.fw.orig +++ b/test/ipt/firewall61-1.3.x.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:43 2011 PDT by vadim +# Generated Fri May 13 12:35:47 2011 PDT by vadim # # files: * firewall61-1.3.x.fw /etc/firewall61-1.3.x.fw # @@ -492,7 +492,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:43 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:47 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall61-1.4.fw.orig b/test/ipt/firewall61-1.4.fw.orig index a88cf75ca..5bea37f7a 100755 --- a/test/ipt/firewall61-1.4.fw.orig +++ b/test/ipt/firewall61-1.4.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:44 2011 PDT by vadim +# Generated Fri May 13 12:35:48 2011 PDT by vadim # # files: * firewall61-1.4.fw /etc/firewall61-1.4.fw # @@ -493,7 +493,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:44 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall62.fw.orig b/test/ipt/firewall62.fw.orig index 041010e3d..d63aafa13 100755 --- a/test/ipt/firewall62.fw.orig +++ b/test/ipt/firewall62.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:45 2011 PDT by vadim +# Generated Fri May 13 12:35:49 2011 PDT by vadim # # files: * firewall62.fw /etc/firewall62.fw # @@ -569,7 +569,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:45 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:49 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall63.fw.orig b/test/ipt/firewall63.fw.orig index fb60ba511..02cbcd031 100755 --- a/test/ipt/firewall63.fw.orig +++ b/test/ipt/firewall63.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:46 2011 PDT by vadim +# Generated Fri May 13 12:35:50 2011 PDT by vadim # # files: * firewall63.fw /etc/firewall63.fw # @@ -389,7 +389,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:46 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:50 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall7.fw.orig b/test/ipt/firewall7.fw.orig index 9029e907e..2e52e7950 100755 --- a/test/ipt/firewall7.fw.orig +++ b/test/ipt/firewall7.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:48 2011 PDT by vadim +# Generated Fri May 13 12:35:51 2011 PDT by vadim # # files: * firewall7.fw /etc/fw/firewall7.fw # @@ -473,7 +473,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:48 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:51 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall70.fw.orig b/test/ipt/firewall70.fw.orig index 1c2df7ba5..622a341a5 100755 --- a/test/ipt/firewall70.fw.orig +++ b/test/ipt/firewall70.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:48 2011 PDT by vadim +# Generated Fri May 13 12:35:52 2011 PDT by vadim # # files: * firewall70.fw iptables.sh # @@ -412,7 +412,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:48 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:52 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall71.fw.orig b/test/ipt/firewall71.fw.orig index c0ed5fd21..fc3d47644 100755 --- a/test/ipt/firewall71.fw.orig +++ b/test/ipt/firewall71.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:50 2011 PDT by vadim +# Generated Fri May 13 12:35:53 2011 PDT by vadim # # files: * firewall71.fw /etc/fw/firewall71.fw # @@ -428,7 +428,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:50 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:53 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall72-1.3.x.fw.orig b/test/ipt/firewall72-1.3.x.fw.orig index 4ea761153..643b2b62a 100755 --- a/test/ipt/firewall72-1.3.x.fw.orig +++ b/test/ipt/firewall72-1.3.x.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:50 2011 PDT by vadim +# Generated Fri May 13 12:35:54 2011 PDT by vadim # # files: * firewall72-1.3.x.fw /etc/fw/firewall72-1.3.x.fw # @@ -560,7 +560,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:50 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:54 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall72-1.4.3.fw.orig b/test/ipt/firewall72-1.4.3.fw.orig index b518c5967..964fe0b04 100755 --- a/test/ipt/firewall72-1.4.3.fw.orig +++ b/test/ipt/firewall72-1.4.3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:52 2011 PDT by vadim +# Generated Fri May 13 12:35:55 2011 PDT by vadim # # files: * firewall72-1.4.3.fw /etc/fw/firewall72-1.4.3.fw # @@ -560,7 +560,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:52 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:55 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall73.fw.orig b/test/ipt/firewall73.fw.orig index 2309cc480..7097d6aff 100755 --- a/test/ipt/firewall73.fw.orig +++ b/test/ipt/firewall73.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:52 2011 PDT by vadim +# Generated Fri May 13 12:35:56 2011 PDT by vadim # # files: * firewall73.fw /etc/fw/firewall73.fw # @@ -523,7 +523,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:52 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:56 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall74.fw.orig b/test/ipt/firewall74.fw.orig index 657f21ca4..8cdc1d487 100755 --- a/test/ipt/firewall74.fw.orig +++ b/test/ipt/firewall74.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:54 2011 PDT by vadim +# Generated Fri May 13 12:35:57 2011 PDT by vadim # # files: * firewall74.fw /etc/fw/firewall74.fw # @@ -375,7 +375,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:54 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:57 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall8.fw.orig b/test/ipt/firewall8.fw.orig index c2d9c6dff..92a3ffabe 100755 --- a/test/ipt/firewall8.fw.orig +++ b/test/ipt/firewall8.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:54 2011 PDT by vadim +# Generated Fri May 13 12:35:58 2011 PDT by vadim # # files: * firewall8.fw /etc/fw/firewall8.fw # @@ -358,7 +358,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:54 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:58 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall80.fw.orig b/test/ipt/firewall80.fw.orig index fa125e6ff..86e0f623c 100755 --- a/test/ipt/firewall80.fw.orig +++ b/test/ipt/firewall80.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:56 2011 PDT by vadim +# Generated Fri May 13 12:35:59 2011 PDT by vadim # # files: * firewall80.fw /etc/fw/firewall80.fw # @@ -399,7 +399,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:56 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:59 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall81.fw.orig b/test/ipt/firewall81.fw.orig index 5330dd19f..b025591ff 100755 --- a/test/ipt/firewall81.fw.orig +++ b/test/ipt/firewall81.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:56 2011 PDT by vadim +# Generated Fri May 13 12:36:00 2011 PDT by vadim # # files: * firewall81.fw /etc/fw/firewall81.fw # @@ -420,7 +420,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:56 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:00 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82.fw.orig b/test/ipt/firewall82.fw.orig index fceb729fb..ba72f4879 100755 --- a/test/ipt/firewall82.fw.orig +++ b/test/ipt/firewall82.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:58 2011 PDT by vadim +# Generated Fri May 13 12:36:01 2011 PDT by vadim # # files: * firewall82.fw /etc/firewall82.fw # @@ -411,7 +411,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:58 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:01 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82_A.fw.orig b/test/ipt/firewall82_A.fw.orig index cc128ec40..61175dd71 100755 --- a/test/ipt/firewall82_A.fw.orig +++ b/test/ipt/firewall82_A.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:59 2011 PDT by vadim +# Generated Fri May 13 12:36:02 2011 PDT by vadim # # files: * firewall82_A.fw /etc/fw/firewall82_A.fw # @@ -400,7 +400,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:29:59 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:02 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall82_B.fw.orig b/test/ipt/firewall82_B.fw.orig index e38c92bfe..7f282b44c 100755 --- a/test/ipt/firewall82_B.fw.orig +++ b/test/ipt/firewall82_B.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:00 2011 PDT by vadim +# Generated Fri May 13 12:36:03 2011 PDT by vadim # # files: * firewall82_B.fw /etc/fw/firewall82_B.fw # @@ -363,7 +363,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:00 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:03 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall9.fw.orig b/test/ipt/firewall9.fw.orig index ab7cd720f..e2bdc64ec 100755 --- a/test/ipt/firewall9.fw.orig +++ b/test/ipt/firewall9.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:01 2011 PDT by vadim +# Generated Fri May 13 12:36:04 2011 PDT by vadim # # files: * firewall9.fw /etc/fw/firewall9.fw # @@ -621,7 +621,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:01 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:04 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall90.fw.orig b/test/ipt/firewall90.fw.orig index 91d1c8285..0e89aa744 100755 --- a/test/ipt/firewall90.fw.orig +++ b/test/ipt/firewall90.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:03 2011 PDT by vadim +# Generated Fri May 13 12:36:05 2011 PDT by vadim # # files: * firewall90.fw /etc/fw/firewall90.fw # @@ -383,7 +383,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:03 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:05 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall91.fw.orig b/test/ipt/firewall91.fw.orig index 2850e9a54..4a7016619 100755 --- a/test/ipt/firewall91.fw.orig +++ b/test/ipt/firewall91.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:03 2011 PDT by vadim +# Generated Fri May 13 12:36:06 2011 PDT by vadim # # files: * firewall91.fw /etc/fw/firewall91.fw # @@ -383,7 +383,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:03 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:06 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall92.fw.orig b/test/ipt/firewall92.fw.orig index 511be8b9d..54f223a02 100755 --- a/test/ipt/firewall92.fw.orig +++ b/test/ipt/firewall92.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:05 2011 PDT by vadim +# Generated Fri May 13 12:36:07 2011 PDT by vadim # # files: * firewall92.fw /etc/fw/firewall92.fw # @@ -419,7 +419,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:05 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:07 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/firewall93.fw.orig b/test/ipt/firewall93.fw.orig index a46ef9d25..120a012bc 100755 --- a/test/ipt/firewall93.fw.orig +++ b/test/ipt/firewall93.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:05 2011 PDT by vadim +# Generated Fri May 13 12:36:08 2011 PDT by vadim # # files: * firewall93.fw /etc/fw/firewall93.fw # @@ -458,7 +458,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:05 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:08 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fw-A.fw.orig b/test/ipt/fw-A.fw.orig index e8c3ef992..112c271d0 100755 --- a/test/ipt/fw-A.fw.orig +++ b/test/ipt/fw-A.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:47 2011 PDT by vadim +# Generated Fri May 13 12:36:50 2011 PDT by vadim # # files: * fw-A.fw /sw/FWbuilder/fw-A.fw # @@ -724,7 +724,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:47 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:50 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fw1.fw.orig b/test/ipt/fw1.fw.orig index 93addeb42..57b6363bf 100755 --- a/test/ipt/fw1.fw.orig +++ b/test/ipt/fw1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:46 2011 PDT by vadim +# Generated Fri May 13 12:36:48 2011 PDT by vadim # # files: * fw1.fw /etc/fw1.fw # @@ -525,7 +525,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:46 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:48 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/fwbuilder.fw.orig b/test/ipt/fwbuilder.fw.orig index dd6e6da96..6e8fc434a 100755 --- a/test/ipt/fwbuilder.fw.orig +++ b/test/ipt/fwbuilder.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:29:33 2011 PDT by vadim +# Generated Fri May 13 12:35:38 2011 PDT by vadim # # files: * fwbuilder.fw /etc/init.d/fwbuilder.fw # @@ -483,7 +483,7 @@ status_action() { } start() { - log "Activating firewall script generated Thu May 5 20:29:33 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:35:38 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig b/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig index 914c2a856..2f4cbfbb0 100755 --- a/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig +++ b/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:54 2011 PDT by vadim +# Generated Fri May 13 12:36:57 2011 PDT by vadim # # files: * heartbeat_cluster_1_d_linux-1-d.fw firewall.sh # @@ -722,7 +722,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:54 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig b/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig index b5078a2ab..ff0454eed 100755 --- a/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig +++ b/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:54 2011 PDT by vadim +# Generated Fri May 13 12:36:57 2011 PDT by vadim # # files: * heartbeat_cluster_1_d_linux-2-d.fw firewall.sh # @@ -726,7 +726,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:54 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_linux-1.fw.orig b/test/ipt/heartbeat_cluster_1_linux-1.fw.orig index 620e84fe6..24f55c05b 100755 --- a/test/ipt/heartbeat_cluster_1_linux-1.fw.orig +++ b/test/ipt/heartbeat_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:53 2011 PDT by vadim +# Generated Fri May 13 12:36:57 2011 PDT by vadim # # files: * heartbeat_cluster_1_linux-1.fw /etc/heartbeat_cluster_1_linux-1.fw # @@ -843,7 +843,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:53 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_1_linux-2.fw.orig b/test/ipt/heartbeat_cluster_1_linux-2.fw.orig index 2764c8e60..b5ad43389 100755 --- a/test/ipt/heartbeat_cluster_1_linux-2.fw.orig +++ b/test/ipt/heartbeat_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:53 2011 PDT by vadim +# Generated Fri May 13 12:36:57 2011 PDT by vadim # # files: * heartbeat_cluster_1_linux-2.fw /etc/heartbeat_cluster_1_linux-2.fw # @@ -741,7 +741,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:53 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_2_linux-1.fw.orig b/test/ipt/heartbeat_cluster_2_linux-1.fw.orig index de06aa300..007f901a8 100755 --- a/test/ipt/heartbeat_cluster_2_linux-1.fw.orig +++ b/test/ipt/heartbeat_cluster_2_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:54 2011 PDT by vadim +# Generated Fri May 13 12:36:57 2011 PDT by vadim # # files: * heartbeat_cluster_2_linux-1.fw /etc/heartbeat_cluster_2_linux-1.fw # @@ -707,7 +707,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:54 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/heartbeat_cluster_2_linux-2.fw.orig b/test/ipt/heartbeat_cluster_2_linux-2.fw.orig index fe274cb58..48f678425 100755 --- a/test/ipt/heartbeat_cluster_2_linux-2.fw.orig +++ b/test/ipt/heartbeat_cluster_2_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:54 2011 PDT by vadim +# Generated Fri May 13 12:36:57 2011 PDT by vadim # # files: * heartbeat_cluster_2_linux-2.fw /etc/heartbeat_cluster_2_linux-2.fw # @@ -620,7 +620,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:54 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/host.fw.orig b/test/ipt/host.fw.orig index b94adb91b..2af128391 100755 --- a/test/ipt/host.fw.orig +++ b/test/ipt/host.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:47 2011 PDT by vadim +# Generated Fri May 13 12:36:50 2011 PDT by vadim # # files: * host.fw /etc/fw/host.fw # @@ -422,7 +422,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:47 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:50 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/openais_cluster_1_linux-1.fw.orig b/test/ipt/openais_cluster_1_linux-1.fw.orig index a9929a511..564e8bddb 100755 --- a/test/ipt/openais_cluster_1_linux-1.fw.orig +++ b/test/ipt/openais_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:54 2011 PDT by vadim +# Generated Fri May 13 12:36:57 2011 PDT by vadim # # files: * openais_cluster_1_linux-1.fw /etc/openais_cluster_1_linux-1.fw # @@ -707,7 +707,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:54 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/openais_cluster_1_linux-2.fw.orig b/test/ipt/openais_cluster_1_linux-2.fw.orig index a238047e9..1d052a5f6 100755 --- a/test/ipt/openais_cluster_1_linux-2.fw.orig +++ b/test/ipt/openais_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:54 2011 PDT by vadim +# Generated Fri May 13 12:36:58 2011 PDT by vadim # # files: * openais_cluster_1_linux-2.fw /etc/openais_cluster_1_linux-2.fw # @@ -611,7 +611,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:54 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/rc.firewall.local b/test/ipt/rc.firewall.local index 5e358adc0..2d743877f 100755 --- a/test/ipt/rc.firewall.local +++ b/test/ipt/rc.firewall.local @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.3.0.1 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Tue May 10 14:07:58 2011 PDT by vadim +# Generated Fri May 13 12:36:52 2011 PDT by vadim # # files: * rc.firewall.local /etc/rc.d//rc.firewall.local # diff --git a/test/ipt/rh90.fw.orig b/test/ipt/rh90.fw.orig index 5608a0434..d35448a9b 100755 --- a/test/ipt/rh90.fw.orig +++ b/test/ipt/rh90.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:49 2011 PDT by vadim +# Generated Fri May 13 12:36:52 2011 PDT by vadim # # files: * rh90.fw /etc/rh90.fw # @@ -421,7 +421,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:49 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:52 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig b/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig index 3b852a5cf..8e22073df 100755 --- a/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig +++ b/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:54 2011 PDT by vadim +# Generated Fri May 13 12:36:57 2011 PDT by vadim # # files: * secuwall_cluster_1_secuwall-1.fw /etc/secuwall_cluster_1_secuwall-1.fw # @@ -405,7 +405,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:54 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:57 2011 by vadim" log "Database was cluster-tests.fwb" check_tools check_run_time_address_table_files diff --git a/test/ipt/server-cluster-1_server-1.fw.orig b/test/ipt/server-cluster-1_server-1.fw.orig index 365c4f221..7b1026523 100755 --- a/test/ipt/server-cluster-1_server-1.fw.orig +++ b/test/ipt/server-cluster-1_server-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:55 2011 PDT by vadim +# Generated Fri May 13 12:36:58 2011 PDT by vadim # # files: * server-cluster-1_server-1.fw /etc/fw/server-cluster-1_server-1.fw # @@ -400,7 +400,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:55 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/server-cluster-1_server-2.fw.orig b/test/ipt/server-cluster-1_server-2.fw.orig index dbedabce6..37015e47f 100755 --- a/test/ipt/server-cluster-1_server-2.fw.orig +++ b/test/ipt/server-cluster-1_server-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:55 2011 PDT by vadim +# Generated Fri May 13 12:36:58 2011 PDT by vadim # # files: * server-cluster-1_server-2.fw /etc/fw/server-cluster-1_server-2.fw # @@ -397,7 +397,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:55 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-1.fw.orig b/test/ipt/test-shadowing-1.fw.orig index cee003451..db60f9286 100755 --- a/test/ipt/test-shadowing-1.fw.orig +++ b/test/ipt/test-shadowing-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:51 2011 PDT by vadim +# Generated Fri May 13 12:36:54 2011 PDT by vadim # # files: * test-shadowing-1.fw /etc/test-shadowing-1.fw # @@ -471,7 +471,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:51 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:54 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-2.fw.orig b/test/ipt/test-shadowing-2.fw.orig index 01e8b9dd2..5c7ba87c7 100755 --- a/test/ipt/test-shadowing-2.fw.orig +++ b/test/ipt/test-shadowing-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:52 2011 PDT by vadim +# Generated Fri May 13 12:36:56 2011 PDT by vadim # # files: * test-shadowing-2.fw /etc/test-shadowing-2.fw # @@ -429,7 +429,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:52 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:56 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test-shadowing-3.fw.orig b/test/ipt/test-shadowing-3.fw.orig index fdc71c6cf..892d9af92 100755 --- a/test/ipt/test-shadowing-3.fw.orig +++ b/test/ipt/test-shadowing-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:53 2011 PDT by vadim +# Generated Fri May 13 12:36:56 2011 PDT by vadim # # files: * test-shadowing-3.fw /etc/test-shadowing-3.fw # @@ -478,7 +478,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:53 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:56 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/test_fw.fw.orig b/test/ipt/test_fw.fw.orig index 242c6e248..cb5ec9e15 100755 --- a/test/ipt/test_fw.fw.orig +++ b/test/ipt/test_fw.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:51 2011 PDT by vadim +# Generated Fri May 13 12:36:54 2011 PDT by vadim # # files: * test_fw.fw /etc/test_fw.fw # @@ -570,7 +570,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:51 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:54 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_1_linux-1.fw.orig b/test/ipt/vrrp_cluster_1_linux-1.fw.orig index 598bc4c7d..75627b5a7 100755 --- a/test/ipt/vrrp_cluster_1_linux-1.fw.orig +++ b/test/ipt/vrrp_cluster_1_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:55 2011 PDT by vadim +# Generated Fri May 13 12:36:58 2011 PDT by vadim # # files: * vrrp_cluster_1_linux-1.fw /etc/vrrp_cluster_1_linux-1.fw # @@ -710,7 +710,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:55 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_1_linux-2.fw.orig b/test/ipt/vrrp_cluster_1_linux-2.fw.orig index 4df73690a..f686acd6b 100755 --- a/test/ipt/vrrp_cluster_1_linux-2.fw.orig +++ b/test/ipt/vrrp_cluster_1_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:55 2011 PDT by vadim +# Generated Fri May 13 12:36:58 2011 PDT by vadim # # files: * vrrp_cluster_1_linux-2.fw /etc/vrrp_cluster_1_linux-2.fw # @@ -615,7 +615,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:55 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-1.fw.orig b/test/ipt/vrrp_cluster_2_linux-1.fw.orig index 5c6f35701..ddffae290 100755 --- a/test/ipt/vrrp_cluster_2_linux-1.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-1.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:55 2011 PDT by vadim +# Generated Fri May 13 12:36:58 2011 PDT by vadim # # files: * vrrp_cluster_2_linux-1.fw /etc/vrrp_cluster_2_linux-1.fw # @@ -642,7 +642,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:55 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-2.fw.orig b/test/ipt/vrrp_cluster_2_linux-2.fw.orig index d0590432f..610ec84a9 100755 --- a/test/ipt/vrrp_cluster_2_linux-2.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-2.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:55 2011 PDT by vadim +# Generated Fri May 13 12:36:58 2011 PDT by vadim # # files: * vrrp_cluster_2_linux-2.fw /etc/vrrp_cluster_2_linux-2.fw # @@ -547,7 +547,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:55 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files diff --git a/test/ipt/vrrp_cluster_2_linux-3.fw.orig b/test/ipt/vrrp_cluster_2_linux-3.fw.orig index 769cf54f7..f28be10c5 100755 --- a/test/ipt/vrrp_cluster_2_linux-3.fw.orig +++ b/test/ipt/vrrp_cluster_2_linux-3.fw.orig @@ -2,9 +2,9 @@ # # This is automatically generated file. DO NOT MODIFY ! # -# Firewall Builder fwb_ipt v4.2.1.3538 +# Firewall Builder fwb_ipt v4.3.0.3542 # -# Generated Thu May 5 20:30:55 2011 PDT by vadim +# Generated Fri May 13 12:36:58 2011 PDT by vadim # # files: * vrrp_cluster_2_linux-3.fw /etc/vrrp_cluster_2_linux-3.fw # @@ -523,7 +523,7 @@ test -z "$cmd" && { case "$cmd" in start) - log "Activating firewall script generated Thu May 5 20:30:55 2011 by vadim" + log "Activating firewall script generated Fri May 13 12:36:58 2011 by vadim" check_tools prolog_commands check_run_time_address_table_files