onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-20 18:27:16 +01:00
Code Issues Releases Wiki Activity

support for userService in compiler for pf

Browse Source
This commit is contained in:
Vadim Kurland 2008-06-07 03:09:38 +00:00
parent 6f13268ae5
commit 47a435f7d3
4 changed files with 472 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/ChangeLog
View File

@ -1,5 +1,9 @@
2008-06-06 Vadim Kurland <vadim@vk.crocodile.org>
* PolicyCompiler_pf_writers.cpp (PrintRule::_printUser): Support
for UserService in compiler for PF. FR #1948872: "User based
rules"
* FWBSettings.cpp (FWBSettings::restoreGeometry): the program will
remember window size and restore it on subsequent runs, but will
not remember window position on the screen. This caused problems

1
src/pflib/PolicyCompiler_pf.h
View File

@ -424,6 +424,7 @@ namespace fwcompiler {
virtual void _printAF(libfwbuilder::PolicyRule *r);
virtual void _printLabel(libfwbuilder::PolicyRule *r);
virtual void _printQueue(libfwbuilder::PolicyRule *r);
virtual void _printUser(libfwbuilder::PolicyRule *r);
virtual void _printTag(libfwbuilder::PolicyRule *r);
virtual std::string _printLogPrefix(libfwbuilder::PolicyRule *r,const std::string &prefix);

100
src/pflib/PolicyCompiler_pf_writers.cpp
View File

@ -34,6 +34,7 @@
#include "fwbuilder/UDPService.h"
#include "fwbuilder/CustomService.h"
#include "fwbuilder/TagService.h"
#include "fwbuilder/UserService.h"
#include "fwbuilder/Policy.h"
#include "fwbuilder/FWOptions.h"
#include "fwbuilder/FWObjectDatabase.h"
@ -282,6 +283,43 @@ void PolicyCompiler_pf::PrintRule::_printQueue(PolicyRule *rule)
compiler->output << "queue " << ruleopt->getStr("classify_str") << " ";
}
void PolicyCompiler_pf::PrintRule::_printUser(PolicyRule *rule)
{
RuleElementSrv *srvrel = rule->getSrv();
FWObject *o = srvrel->front();
if (o && FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer();
Service *srv= Service::cast(o);
if (!UserService::isA(srv)) return;
ostringstream str;
if (srvrel->size()==1)
{
str << "user ";
if (srvrel->getNeg()) str << "!= ";
str << UserService::constcast(srv)->getUserId() << " ";
compiler->output << str.str() << " ";
} else
{
int counter = 0;
for (FWObject::iterator i=srvrel->begin(); i!=srvrel->end(); i++)
{
FWObject *o= *i;
if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer();
Service *s=Service::cast( o );
assert(s);
if (counter > 0) str << ",";
str << " ";
if (srvrel->getNeg()) str << "!= ";
str << UserService::constcast(s)->getUserId();
counter++;
}
if ( counter )
{
compiler->output << "user {" << str.str() << " } ";
}
}
}
void PolicyCompiler_pf::PrintRule::_printTag(PolicyRule *rule)
{
if (rule->getAction() == PolicyRule::Tag)
@ -375,7 +413,8 @@ void PolicyCompiler_pf::PrintRule::_printProtocol(libfwbuilder::Service *srv)
if (!srv->isAny() &&
!CustomService::isA(srv) &&
!TagService::isA(srv) &&
!TagService::isA(srv) &&
!UserService::isA(srv) &&
srv->getProtocolName()!="ip")
{
compiler->output << "proto ";
@ -430,7 +469,7 @@ string PolicyCompiler_pf::PrintRule::_printPort(int rs,int re,bool neg)
}
/*
* we made sure that all services in rel represent the same protocol
* we made sure that all services in rel represent the same protocol.
*/
void PolicyCompiler_pf::PrintRule::_printSrcService(RuleElementSrv *rel)
{
@ -441,33 +480,40 @@ void PolicyCompiler_pf::PrintRule::_printSrcService(RuleElementSrv *rel)
if (o && FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer();
Service *srv= Service::cast(o);
string prefix = "";
if (UDPService::isA(srv) || TCPService::isA(srv)) prefix = "port ";
if (rel->size()==1) {
if (UDPService::isA(srv) || TCPService::isA(srv)) {
if (rel->size()==1)
{
if (UDPService::isA(srv) || TCPService::isA(srv))
{
string str=_printSrcService( srv , rel->getNeg());
if (! str.empty() ) compiler->output << "port " << str << " ";
}
} else {
if (! str.empty() ) compiler->output << prefix << str << " ";
}
} else
{
string str;
for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++) {
for (FWObject::iterator i=rel->begin(); i!=rel->end(); i++)
{
FWObject *o= *i;
if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer();
Service *s=Service::cast( o );
if (FWReference::cast(o)!=NULL)
o=FWReference::cast(o)->getPointer();
Service *s = Service::cast( o );
assert(s);
if (UDPService::isA(srv) || TCPService::isA(srv)) {
string str1= _printSrcService(s , rel->getNeg() );
if (! str.empty() && ! str1.empty() ) str = str + ", ";
str = str + str1;
}
}
if ( !str.empty() ) {
compiler->output << "port { " << str << "} ";
string str1;
if (UDPService::isA(srv) || TCPService::isA(srv))
str1 = _printSrcService(s , rel->getNeg() );
if (! str.empty() && ! str1.empty() ) str = str + ", ";
str = str + str1;
}
if ( !str.empty() )
compiler->output << prefix << "{ " << str << "} ";
}
}
string PolicyCompiler_pf::PrintRule::_printSrcService(Service *srv,bool neg)
string PolicyCompiler_pf::PrintRule::_printSrcService(Service *srv, bool neg)
{
ostringstream str;
if (TCPService::isA(srv) || UDPService::isA(srv))
@ -483,10 +529,8 @@ void PolicyCompiler_pf::PrintRule::_printDstService(RuleElementSrv *rel)
{
FWObject *o=rel->front();
if (o && FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer();
Service *srv= Service::cast(o);
if (rel->size()==1)
{
string str=_printDstService( srv , rel->getNeg());
@ -507,9 +551,9 @@ void PolicyCompiler_pf::PrintRule::_printDstService(RuleElementSrv *rel)
str=_printTCPFlags(TCPService::cast(srv));
if (!str.empty()) compiler->output << "flags " << str << " ";
}
if (IPService::isA(srv) && (srv->getBool("fragm") || srv->getBool("short_fragm")) )
if (IPService::isA(srv) &&
(srv->getBool("fragm") || srv->getBool("short_fragm")) )
compiler->output << " fragment ";
} else
{
string str;
@ -532,13 +576,15 @@ void PolicyCompiler_pf::PrintRule::_printDstService(RuleElementSrv *rel)
if (ICMPService::isA(srv))
compiler->output << "icmp-type { " << str << " } ";
else
{
compiler->output << str << " " << endl;
}
}
}
}
}
string PolicyCompiler_pf::PrintRule::_printDstService(Service *srv,bool neg)
string PolicyCompiler_pf::PrintRule::_printDstService(Service *srv, bool neg)
{
ostringstream str;
if (TCPService::isA(srv) || UDPService::isA(srv))
@ -557,7 +603,8 @@ string PolicyCompiler_pf::PrintRule::_printDstService(Service *srv,bool neg)
if (CustomService::isA(srv))
{
str << CustomService::cast(srv)->getCodeForPlatform( compiler->myPlatformName() ) << " ";
str << CustomService::cast(srv)->getCodeForPlatform(
compiler->myPlatformName() ) << " ";
}
if (TagService::isA(srv))
@ -802,6 +849,7 @@ bool PolicyCompiler_pf::PrintRule::processNext()
_printDstService(srvrel);
_printTag(rule);
_printUser(rule);
/*
* Dealing with "keep state" and "modulate state" flags

395
test/pf/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="9" lastModified="1212696679" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="9" lastModified="1212808094" id="root">
<Library color="#d2ffd0" comment="User defined objects" id="syslib001" name="User" ro="False">
<ObjectGroup id="stdid01_1" name="Objects">
<ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables">
@ -514,7 +514,11 @@
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
</CustomService>
</ServiceGroup>
<ServiceGroup id="stdid05_1_userservices" name="Users"/>
<ServiceGroup id="stdid05_1_userservices" name="Users">
<UserService comment="" id="id4849253820246" name="user2000" userid="2000"/>
<UserService comment="" id="id484A558E5896" name="user500" userid="500"/>
<UserService comment="" id="id484A6C525896" name="proxy" userid="proxy"/>
</ServiceGroup>
</ServiceGroup>
<ObjectGroup id="stdid12_1" name="Firewalls">
<Firewall comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" host_OS="openbsd" id="fw-firewall2" inactive="False" lastCompiled="1157930800" lastInstalled="0" lastModified="1202682308" name="firewall" platform="pf" ro="False" version="">
@ -11031,6 +11035,389 @@
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="testing rules using UserService object&#10;Note that iptables does not allow entering&#10;iptables command that tries to match using module 'owner' in any chain&#10;other than OUTPUT. This includes user defined chains too (it checks&#10;how control passes to user defined chain and blocks command if&#10;it appears that user defined chain gets control not from OUTPUT)&#10;&#10;" host_OS="openbsd" id="id4848F19020246" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1212808094" name="firewall62" platform="pf" ro="False" version="4.x">
<NAT id="id4848F1D320246" name="NAT"/>
<Policy id="id4848F19620246" name="Policy">
<PolicyRule action="Accept" comment="rule from FR 1948872&#10;should generate&#10;pass in quick on en0 user proxy&#10;" direction="Inbound" disabled="False" group="" id="id484A6C465896" log="False" position="0">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id484A6C525896"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id4848F1D520246"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4848F19720246" log="False" position="1">
<Src neg="False">
<ObjectRef ref="id4848F19020246"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id4849253820246"/>
<ServiceRef ref="id484A558E5896"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" group="" id="id484A55A15896" log="False" position="2">
<Src neg="False">
<ObjectRef ref="id4848F19020246"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id4849253820246"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Outbound" disabled="False" group="" id="id484A8D2620246" log="False" position="3">
<Src neg="False">
<ObjectRef ref="id4848F19020246"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id4849253820246"/>
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" group="" id="id484A599620246" log="False" position="4">
<Src neg="False">
<ObjectRef ref="id4848F19020246"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id4849253820246"/>
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Outbound" disabled="False" group="" id="id484A8D3820246" log="False" position="5">
<Src neg="False">
<ObjectRef ref="id4848F19020246"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id4849253820246"/>
<ServiceRef ref="tcp-HTTP"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" group="" id="id4848F1A320246" log="False" position="6">
<Src neg="False">
<ObjectRef ref="id4848F1D520246"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id4849253820246"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" group="" id="id4848F1AF20246" log="False" position="7">
<Src neg="False">
<ObjectRef ref="id3CEBFDFC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id4849253820246"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" group="" id="id4848F1BB20246" log="False" position="8">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4848F19020246"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id4849253820246"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" group="" id="id484A558F5896" log="False" position="9">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4848F19020246"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id4849253820246"/>
<ServiceRef ref="id484A558E5896"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" group="" id="id484AF47A20246" log="False" position="10">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id4848F19020246"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id4849253820246"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" group="" id="id484A261420246" log="False" position="11">
<Src neg="True">
<ObjectRef ref="id3CEBFDFC"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id4849253820246"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Accept" comment="" direction="Both" disabled="False" group="" id="id484A260320246" log="False" position="12">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="True">
<ObjectRef ref="id4848F19020246"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id4849253820246"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id4848F1C720246" log="False" position="13">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<Routing id="id4848F1D420246" name="Routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id4848F1D520246" label="" mgmt="True" name="en0" security_level="100" unnum="False" unprotected="False">
<IPv4 comment="" id="id4848F1D720246" name="firewall62:en0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id4848F1D820246" label="" mgmt="False" name="en1" security_level="0" unnum="False" unprotected="False">
<IPv4 comment="" id="id4848F1DA20246" name="firewall62:en1:ip" address="222.222.222.222" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">True</Option>
<Option name="accept_new_tcp_with_no_syn">True</Option>
<Option name="action_on_reject"></Option>
<Option name="activationCmd"></Option>
<Option name="add_check_state_rule">true</Option>
<Option name="admUser"></Option>
<Option name="altAddress"></Option>
<Option name="bridging_fw">False</Option>
<Option name="check_shading">True</Option>
<Option name="clamp_mss_to_mtu">False</Option>
<Option name="classify_mark_terminating">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="configure_interfaces">True</Option>
<Option name="debug">False</Option>
<Option name="drop_invalid">False</Option>
<Option name="eliminate_duplicates">true</Option>
<Option name="enable_ipv6">False</Option>
<Option name="epilog_script"></Option>
<Option name="firewall_dir">/etc</Option>
<Option name="firewall_is_part_of_any_and_networks">True</Option>
<Option name="freebsd_ip_forward">1</Option>
<Option name="ignore_empty_groups">False</Option>
<Option name="in_out_code">true</Option>
<Option name="iosacl_add_clear_statements">true</Option>
<Option name="iosacl_assume_fw_part_of_any">true</Option>
<Option name="iosacl_include_comments">true</Option>
<Option name="ipv4_6_order">ipv4_first</Option>
<Option name="limit_suffix"></Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">True</Option>
<Option name="local_nat">False</Option>
<Option name="log_all">False</Option>
<Option name="log_invalid">False</Option>
<Option name="log_ip_opt">False</Option>
<Option name="log_level">info</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="log_tcp_opt">False</Option>
<Option name="log_tcp_seq">False</Option>
<Option name="loopback_interface">lo0</Option>
<Option name="macosx_ip_forward">1</Option>
<Option name="manage_virtual_addr">True</Option>
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="no_ipv6_default_policy">False</Option>
<Option name="openbsd_ip_forward">1</Option>
<Option name="output_file"></Option>
<Option name="pass_all_out">false</Option>
<Option name="pf_limit_frags">5000</Option>
<Option name="pf_limit_states">10000</Option>
<Option name="pf_scrub_maxmss">1460</Option>
<Option name="pf_timeout_frag">30</Option>
<Option name="pf_timeout_interval">10</Option>
<Option name="pix_add_clear_statements">true</Option>
<Option name="pix_assume_fw_part_of_any">true</Option>
<Option name="pix_default_logint">300</Option>
<Option name="pix_emblem_log_format">false</Option>
<Option name="pix_emulate_out_acl">true</Option>
<Option name="pix_floodguard">true</Option>
<Option name="pix_include_comments">true</Option>
<Option name="pix_route_dnat_supported">true</Option>
<Option name="pix_rule_syslog_settings">false</Option>
<Option name="pix_security_fragguard_supported">true</Option>
<Option name="pix_syslog_device_id_supported">false</Option>
<Option name="pix_use_acl_remarks">true</Option>
<Option name="prolog_place">top</Option>
<Option name="prolog_script"></Option>
<Option name="prompt1">$ </Option>
<Option name="prompt2"> # </Option>
<Option name="solaris_ip_forward">1</Option>
<Option name="sshArgs"></Option>
<Option name="ulog_cprange">0</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
<Option name="use_ULOG">False</Option>
<Option name="use_iptables_restore">False</Option>
<Option name="use_numeric_log_levels">False</Option>
<Option name="verify_interfaces">True</Option>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<IntervalGroup id="stdid11_1" name="Time"/>
<ObjectRef ref="id483F5B7623190"/>
@ -11049,6 +11436,10 @@
<ObjectRef ref="id484A06094626"/>
<ObjectRef ref="id484A06174626"/>
<ObjectRef ref="id484A06184626"/>
<ObjectRef ref="id4848F1D520246"/>
<ObjectRef ref="id4848F19620246"/>
<ObjectRef ref="id4848F1D320246"/>
<ObjectRef ref="id4848F1D420246"/>
</Library>
<Library id="sysid99" name="Deleted Objects" ro="False">
<ObjectRef ref="host-hostB"/>