onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 09:47:20 +01:00
Code Issues Releases Wiki Activity

see #1968, #1972 object group deduplication finally works

Browse Source
This commit is contained in:
Vadim Kurland 2011-01-22 10:18:19 -08:00
parent 1d5c7db396
commit 555e9425eb
75 changed files with 536 additions and 448 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
doc/ChangeLog
View File

@ -1,3 +1,42 @@
2011-01-22 vadim <vadim@netcitadel.com>
* FWObjectDatabase_create_object.cpp (registerObjectType): see
#1972 implemented mechanism that allows me to register new object
types created and used outside of libfwbuilder API. This means
FWObjectDatabase can then copy and manipulate object trees that
use these new object types.
* NamedObjectsAndGroupsSupport.cpp (saveObjectGroups): see #1968,
#1972 Class NamedObjectsManager maintains its own copy of object
tree that holds object group objects it creates during compiler
passes. This allows me to maitain one common set of object groups
for both policy and nat compilers and avoid creating duplicate and
redundant object-group statements.
* NamedObjectsManagerPIX.cpp (getClearCommands): see #1968, #1972
class NamedObjectsManager (and derived classes for IOS and PIX)
generate "clear" commands. This way, I can generate correct set
of "clear" commands that take into account any named objects and
object-groups that could be created during both policy and nat
compiler passes.
2011-01-21 vadim <vadim@netcitadel.com>
* FWObject.cpp (init): see #1972 Seaprated object creation and
initialization. Some complex objects need to create a set of
standard child objects. Previously this was done in a special type
of constructor which required pointer to the object tree root
(FWObjectDatabase*). This created problems with implementation
of the method to register functions that create objects of new
types outside of the API. Now all objects have just a basic set
of constructors, plus method init() that can initialize them.
* FWObjectDatabase_create_object.cpp (registerObjectType): see
#1972 implemented mechanism that allows me to register new object
types created and used outside of libfwbuilder API. This means
FWObjectDatabase can then copy and manipulate object trees that
use these new object types.
2011-01-20 vadim <vadim@netcitadel.com>
* NamedObjectsAndGroupsSupport.cpp (getNamedObjectsDefinitions):

9
src/cisco_lib/CompilerDriver_iosacl_run.cpp
View File

@ -42,6 +42,7 @@
#include "RoutingCompiler_iosacl.h"
#include "OSConfigurator_ios.h"
#include "NamedObjectsAndGroupsSupport.h"
#include "NamedObjectsManagerIOS.h"
#include "fwbuilder/Resources.h"
#include "fwbuilder/FWObjectDatabase.h"
@ -185,7 +186,7 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id,
if (!single_rule_compile_on)
system_configuration_script = safetyNetInstall(fw);
NamedObjectManager named_object_manager(fw);
NamedObjectManagerIOS named_object_manager(fw);
// command line options -4 and -6 control address family for which
// script will be generated. If "-4" is used, only ipv4 part will
@ -334,6 +335,12 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id,
policy_script + routing_script).c_str()));
}
if ( fw->getOptionsObject()->getBool("iosacl_acl_basic") ||
fw->getOptionsObject()->getBool("iosacl_acl_substitution"))
{
clear_commands += named_object_manager.getClearCommands() + "\n";
}
system_configuration_script += clear_commands;
system_configuration_script += object_groups_definitions;

9
src/cisco_lib/CompilerDriver_pix_run.cpp
View File

@ -43,6 +43,8 @@
#include "RoutingCompiler_pix.h"
#include "OSConfigurator_pix_os.h"
#include "NamedObjectsAndGroupsSupport.h"
#include "NamedObjectsManagerPIX.h"
#include "NamedObjectsManagerASA8.h"
#include "Helper.h"
@ -288,7 +290,7 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
copies_of_cluster_interfaces.pop_front();
}
NamedObjectManager named_object_manager(fw);
NamedObjectManagerPIX named_object_manager(fw);
all_interfaces = fw->getByTypeDeep(Interface::TYPENAME);
@ -491,8 +493,9 @@ QString CompilerDriver_pix::run(const std::string &cluster_id,
}
system_configuration_script = oscnf->getCompiledScript();
if (have_object_groups) clear_commands += "clear conf object-group\n";
if (have_named_objects) clear_commands += "clear conf object\n";
clear_commands += named_object_manager.getClearCommands() + "\n";
system_configuration_script += clear_commands;
system_configuration_script += "\n";
system_configuration_script += object_groups_definitions;

9
src/cisco_lib/CompilerDriver_procurve_acl_run.cpp
View File

@ -42,6 +42,7 @@
#include "RoutingCompiler_procurve_acl.h"
#include "OSConfigurator_procurve.h"
#include "NamedObjectsAndGroupsSupport.h"
#include "NamedObjectsManagerIOS.h"
#include "fwbuilder/Resources.h"
#include "fwbuilder/FWObjectDatabase.h"
@ -172,7 +173,7 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id,
if (!single_rule_compile_on)
system_configuration_script = safetyNetInstall(fw);
NamedObjectManager named_object_manager(fw);
NamedObjectManagerIOS named_object_manager(fw);
// command line options -4 and -6 control address family for which
// script will be generated. If "-4" is used, only ipv4 part will
@ -321,6 +322,12 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id,
policy_script + routing_script).c_str()));
}
if ( fw->getOptionsObject()->getBool("procurve_acl_acl_basic") ||
fw->getOptionsObject()->getBool("procurve_acl_acl_substitution"))
{
clear_commands += named_object_manager.getClearCommands() + "\n";
}
system_configuration_script += clear_commands;
system_configuration_script += object_groups_definitions;

1
src/cisco_lib/NATCompiler_asa8.cpp
View File

@ -481,7 +481,6 @@ string NATCompiler_asa8::printClearCommands()
"version_" + version + "/pix_commands/clear_nat") << endl;
}
output << endl;
return output.str();
}

4
src/cisco_lib/NATCompiler_pix.cpp
View File

@ -1864,7 +1864,6 @@ string NATCompiler_pix::printClearCommands()
"version_" + version + "/pix_commands/clear_nat") << endl;
}
output << endl;
return output.str();
}
@ -1878,9 +1877,6 @@ class MergeConflictRes : public FWObjectDatabase::ConflictResolutionPredicate
void NATCompiler_pix::setNamedObjectManager(NamedObjectManager *mgr)
{
named_objects_manager = mgr;
// initialize object groups support
MergeConflictRes merge_predicate;
dbcopy->merge(mgr->object_groups_tree, &merge_predicate);
mgr->setWorkingObjectTree(dbcopy);
}

33
src/cisco_lib/NamedObjectsAndGroupsSupport.cpp
View File

@ -2,11 +2,9 @@
Firewall Builder
Copyright (C) 2010 NetCitadel, LLC
Copyright (C) 2011 NetCitadel, LLC
Author: Vadim Kurland vadim@vk.crocodile.org
$Id$
Author: Vadim Kurland vadim@fwbuilder.org
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
@ -27,7 +25,6 @@
#include "NamedObjectsAndGroupsSupport.h"
#include "NamedObject.h"
//#include "ObjectGroupFactory.h"
#include "PIXObjectGroup.h"
#include "ASA8ObjectGroup.h"
@ -139,7 +136,9 @@ bool NamedObjectManager::haveNamedObjects()
bool NamedObjectManager::haveObjectGroups()
{
return (getObjectGroupsGroup()->size() > 0);
FWObject *object_groups = object_groups_tree->findInIndex(
FWObjectDatabase::getIntId(object_groups_group_id));
return (object_groups->size() > 0);
}
string NamedObjectManager::getNamedObjectsDefinitions()
@ -169,6 +168,11 @@ string NamedObjectManager::getNamedObjectsDefinitions()
return output.join("\n").toUtf8().constData();
}
string NamedObjectManager::getClearCommands()
{
return "";
}
BaseObjectGroup* NamedObjectManager::createObjectGroup()
{
BaseObjectGroup *grp = NULL;
@ -186,8 +190,17 @@ BaseObjectGroup* NamedObjectManager::createObjectGroup()
return grp;
}
class MergeConflictRes : public FWObjectDatabase::ConflictResolutionPredicate
{
public:
MergeConflictRes() { }
virtual bool askUser(FWObject*, FWObject*) {return false;}
};
void NamedObjectManager::setWorkingObjectTree(FWObjectDatabase *dbcopy)
{
MergeConflictRes merge_predicate;
dbcopy->merge(object_groups_tree, &merge_predicate);
work_db = dbcopy;
}
@ -204,7 +217,7 @@ void NamedObjectManager::saveObjectGroups()
{
object_groups_tree->clearChildren();
FWObject *work_object_groups = getObjectGroupsGroup(); // finds it in work_db
FWObject *work_object_groups = getObjectGroupsGroupInWorkTree(); // finds it in work_db
// move from work tree to object_groups_tree
object_groups_tree->add(work_object_groups);
@ -228,7 +241,7 @@ void NamedObjectManager::saveObjectGroups()
//object_groups_tree->dump(true, true);
}
Group* NamedObjectManager::getObjectGroupsGroup()
Group* NamedObjectManager::getObjectGroupsGroupInWorkTree()
{
return Group::cast(work_db->findInIndex(
FWObjectDatabase::getIntId(object_groups_group_id)));
@ -247,7 +260,7 @@ BaseObjectGroup* CreateObjectGroups::findObjectGroup(RuleElement *re)
for (FWObject::iterator i1=re->begin(); i1!=re->end(); ++i1)
relement.push_back(FWReference::getObject(*i1));
FWObject *object_groups = named_objects_manager->getObjectGroupsGroup();
FWObject *object_groups = named_objects_manager->getObjectGroupsGroupInWorkTree();
for (FWObject::iterator i=object_groups->begin(); i!=object_groups->end(); ++i)
{
BaseObjectGroup *og = dynamic_cast<BaseObjectGroup*>(*i);
@ -292,7 +305,7 @@ bool CreateObjectGroups::processNext()
if (obj_group==NULL)
{
obj_group = named_objects_manager->createObjectGroup();
named_objects_manager->getObjectGroupsGroup()->add(obj_group);
named_objects_manager->getObjectGroupsGroupInWorkTree()->add(obj_group);
packObjects(re, obj_group);

36
src/cisco_lib/NamedObjectsAndGroupsSupport.h
View File

@ -42,30 +42,50 @@ namespace fwcompiler
class NamedObjectManager
{
public:
std::map<int, NamedObject*> named_objects;
protected:
std::string platform;
std::string version;
// storage for object groups created to be used with PIX command object-group
// storage for object groups created to be used with PIX
// command object-group
std::string object_groups_group_id;
/*
* This is a storage object tree. Method saveObjectGroups()
* copies object groups objects created during compiler pass
* in the working tree work_db to this tree. There should be
* no access to the storage tree from outside, it should only
* be used by methods of this class that generate commands for
* object groups definitions or "clear" commands.
*/
libfwbuilder::FWObjectDatabase *object_groups_tree;
//const libfwbuilder::Firewall *fw;
/*
* This is a working object tree. When compilers need to
* interact with named object manager, they should use this
* object tree. Access to the group that holds created object
* groups is provided by method
* getObjectGroupsGroupInWorkTree() that finds it in the
* working tree
*/
libfwbuilder::FWObjectDatabase *work_db;
public:
std::map<int, NamedObject*> named_objects;
NamedObjectManager(const libfwbuilder::Firewall *_fw);
virtual ~NamedObjectManager();
void addNamedObject(const libfwbuilder::FWObject *obj);
NamedObject* getNamedObject(const libfwbuilder::FWObject *obj);
std::string getNamedObjectsDefinitions();
virtual std::string getNamedObjectsDefinitions();
virtual std::string getClearCommands();
bool haveNamedObjects();
bool haveObjectGroups();
BaseObjectGroup* createObjectGroup();
libfwbuilder::Group* getObjectGroupsGroup();
libfwbuilder::Group* getObjectGroupsGroupInWorkTree();
void setWorkingObjectTree(libfwbuilder::FWObjectDatabase *dbcopy);

45
src/cisco_lib/NamedObjectsManagerASA8.h Normal file
View File

@ -0,0 +1,45 @@
/*
Firewall Builder
Copyright (C) 2010-2011 NetCitadel, LLC
Author: Vadim Kurland vadim@fwbuilder.org
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef _NAMED_OBJECTS_MANAGER_ASA8_HH
#define _NAMED_OBJECTS_MANAGER_ASA8_HH
#include "config.h"
#include "NamedObjectsManagerPIX.h"
namespace fwcompiler
{
class NamedObjectManagerASA8 : public NamedObjectManagerPIX
{
public:
NamedObjectManagerASA8(const libfwbuilder::Firewall *fw) :
NamedObjectManagerPIX(fw) {}
virtual ~NamedObjectManagerASA8() {};
};
}
#endif

65
src/cisco_lib/NamedObjectsManagerIOS.cpp Normal file
View File

@ -0,0 +1,65 @@
/*
Firewall Builder
Copyright (C) 2011 NetCitadel, LLC
Author: Vadim Kurland vadim@fwbuilder.org
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "config.h"
#include "NamedObjectsManagerIOS.h"
#include "NamedObject.h"
#include "BaseObjectGroup.h"
#include <sstream>
#include <assert.h>
using namespace libfwbuilder;
using namespace fwcompiler;
using namespace std;
NamedObjectManagerIOS::NamedObjectManagerIOS(const Firewall *fw) :
NamedObjectManager(fw)
{
}
NamedObjectManagerIOS::~NamedObjectManagerIOS()
{
}
string NamedObjectManagerIOS::getClearCommands()
{
ostringstream output;
FWObject *object_groups = object_groups_tree->findInIndex(
FWObjectDatabase::getIntId(object_groups_group_id));
for (FWObject::iterator i=object_groups->begin(); i!=object_groups->end(); ++i)
{
BaseObjectGroup *og = dynamic_cast<BaseObjectGroup*>(*i);
assert(og!=NULL);
output << "no " << og->getObjectGroupHeader() << endl;
}
return output.str();
}

48
src/cisco_lib/NamedObjectsManagerIOS.h Normal file
View File

@ -0,0 +1,48 @@
/*
Firewall Builder
Copyright (C) 2010-2011 NetCitadel, LLC
Author: Vadim Kurland vadim@fwbuilder.org
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef _NAMED_OBJECTS_MANAGER_IOS_HH
#define _NAMED_OBJECTS_MANAGER_IOS_HH
#include "config.h"
#include "NamedObjectsAndGroupsSupport.h"
#include "fwbuilder/Firewall.h"
namespace fwcompiler
{
class NamedObjectManagerIOS : public NamedObjectManager
{
public:
NamedObjectManagerIOS(const libfwbuilder::Firewall *_fw);
virtual ~NamedObjectManagerIOS();
virtual std::string getClearCommands();
};
}
#endif

57
src/cisco_lib/NamedObjectsManagerPIX.cpp Normal file
View File

@ -0,0 +1,57 @@
/*
Firewall Builder
Copyright (C) 2011 NetCitadel, LLC
Author: Vadim Kurland vadim@fwbuilder.org
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include "config.h"
#include "NamedObjectsManagerPIX.h"
#include "PIXObjectGroup.h"
#include <sstream>
#include <assert.h>
using namespace libfwbuilder;
using namespace fwcompiler;
using namespace std;
NamedObjectManagerPIX::NamedObjectManagerPIX(const Firewall *fw) :
NamedObjectManager(fw)
{
}
NamedObjectManagerPIX::~NamedObjectManagerPIX()
{
}
string NamedObjectManagerPIX::getClearCommands()
{
ostringstream output;
if (haveObjectGroups()) output << "clear conf object-group" << endl;
if (haveNamedObjects()) output << "clear conf object" << endl;
return output.str();
}

48
src/cisco_lib/NamedObjectsManagerPIX.h Normal file
View File

@ -0,0 +1,48 @@
/*
Firewall Builder
Copyright (C) 2010-2011 NetCitadel, LLC
Author: Vadim Kurland vadim@fwbuilder.org
This program is free software which we release under the GNU General Public
License. You may redistribute and/or modify this program under the terms
of that license as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To get a copy of the GNU General Public License, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef _NAMED_OBJECTS_MANAGER_PIX_HH
#define _NAMED_OBJECTS_MANAGER_PIX_HH
#include "config.h"
#include "NamedObjectsAndGroupsSupport.h"
#include "fwbuilder/Firewall.h"
namespace fwcompiler
{
class NamedObjectManagerPIX : public NamedObjectManager
{
public:
NamedObjectManagerPIX(const libfwbuilder::Firewall *_fw);
virtual ~NamedObjectManagerPIX();
virtual std::string getClearCommands();
};
}
#endif

9
src/cisco_lib/PolicyCompiler_cisco.cpp
View File

@ -817,19 +817,10 @@ string PolicyCompiler_cisco::printClearCommands()
return "";
}
class MergeConflictRes : public FWObjectDatabase::ConflictResolutionPredicate
{
public:
MergeConflictRes() { }
virtual bool askUser(FWObject*, FWObject*) {return false;}
};
void PolicyCompiler_cisco::setNamedObjectManager(NamedObjectManager *mgr)
{
named_objects_manager = mgr;
// initialize object groups support
MergeConflictRes merge_predicate;
dbcopy->merge(mgr->object_groups_tree, &merge_predicate);
mgr->setWorkingObjectTree(dbcopy);
}

17
src/cisco_lib/PolicyCompiler_iosacl.cpp
View File

@ -533,15 +533,15 @@ string PolicyCompiler_iosacl::printClearCommands()
{
ostringstream output;
string vers = fw->getStr("version");
string version = fw->getStr("version");
string platform = fw->getStr("platform");
string xml_element = "clear_ip_acl";
if (ipv6) xml_element = "clear_ipv6_acl";
string clearACLCmd = Resources::platform_res[platform]->getResourceStr(
string("/FWBuilderResources/Target/options/")+
"version_"+vers+"/iosacl_commands/" + xml_element);
string("/FWBuilderResources/Target/options/") +
"version_" + version + "/iosacl_commands/" + xml_element);
assert( !clearACLCmd.empty());
@ -554,19 +554,8 @@ string PolicyCompiler_iosacl::printClearCommands()
ciscoACL *acl = (*i).second;
output << clearACLCmd << " " << acl->workName() << endl;
}
output << endl;
FWObject *object_groups = named_objects_manager->getObjectGroupsGroup();
for (FWObject::iterator i=object_groups->begin(); i!=object_groups->end(); ++i)
{
BaseObjectGroup *og = dynamic_cast<BaseObjectGroup*>(*i);
assert(og!=NULL);
output << "no " << og->getObjectGroupHeader() << endl;
}
}
output << endl;
return output.str();
}

2
src/cisco_lib/PolicyCompiler_pix.cpp
View File

@ -753,7 +753,6 @@ string PolicyCompiler_pix::printClearCommands()
output << clearACLcmd << " " << acl->workName() << endl;
}
//output << clearOGcmd << endl;
output << endl;
}
if ( !fw->getOptionsObject()->getBool("pix_acl_no_clear") )
@ -762,7 +761,6 @@ string PolicyCompiler_pix::printClearCommands()
output << clearTelnetcmd << endl;
}
output << endl;
return output.str();
}

5
src/cisco_lib/cisco_lib.pro
View File

@ -7,6 +7,8 @@ TEMPLATE = lib
SOURCES = PolicyCompiler_cisco.cpp \
PolicyCompiler_cisco_acls.cpp \
NamedObjectsAndGroupsSupport.cpp \
NamedObjectsManagerIOS.cpp \
NamedObjectsManagerPIX.cpp \
RoutingCompiler_cisco.cpp \
RoutingCompiler_cisco_writers.cpp \
splitByNetworkZonesForRE.cpp \
@ -60,6 +62,9 @@ HEADERS = ../../config.h \
NamedObject.h \
ASA8TwiceNatLogic.h \
NamedObjectsAndGroupsSupport.h \
NamedObjectsManagerIOS.h \
NamedObjectsManagerPIX.h \
NamedObjectsManagerASA8.h \
inspectionProtocol.h \
InspectionClassMap.h \
PolicyCompiler_cisco.h \

6
test/iosacl/auto-interface-test.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:20 2011 PST by vadim
! Generated Sat Jan 22 09:53:49 2011 PST by vadim
!
! Compiled for iosacl 12.1
!
@ -40,8 +40,6 @@ no ip access-list extended e1_1_in
no ip access-list extended e1_1_out
no ip access-list extended fe0_0_in
no ip access-list extended fe0_0_out
no ipv6 access-list ipv6_Policy_v6_e1_0_in
no ipv6 access-list ipv6_Policy_v6_e1_0_out
no ipv6 access-list ipv6_Policy_v6_e1_1_in

4
test/iosacl/c3620.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:20 2011 PST by vadim
! Generated Sat Jan 22 09:53:49 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

6
test/iosacl/ccie4u-r1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:21 2011 PST by vadim
! Generated Sat Jan 22 09:53:49 2011 PST by vadim
!
! Compiled for iosacl 12.1
!
@ -64,8 +64,6 @@ no ip access-list extended r1-ipv4_fe0_0_in
no ip access-list extended r1-ipv4_fe0_0_out
no ip access-list extended r1-ipv4_fe0_1_in
no ip access-list extended r1-ipv4_fe0_1_out
no ipv6 access-list ipv6_fe0_0_in
no ipv6 access-list ipv6_fe0_0_out
no ipv6 access-list ipv6_fe0_1_in

11
test/iosacl/dynamips1-og.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:21 2011 PST by vadim
! Generated Sat Jan 22 09:53:49 2011 PST by vadim
!
! Compiled for iosacl 12.4
!
@ -25,16 +25,13 @@
no ip access-list extended fe0_0_in
no ip access-list extended fe0_0_out
no ipv6 access-list ipv6_fe0_0_in
no ipv6 access-list ipv6_fe0_0_out
no object-group network id29216X37699.src.net.0
no object-group service id29216X37699.srv.udp.0
no object-group network id18740X37673.dst.net.0
no object-group network id18964X37673.src.net.0
no ipv6 access-list ipv6_fe0_0_in
no ipv6 access-list ipv6_fe0_0_out
object-group network id29216X37699.src.net.0
host 61.150.47.112
host 192.168.1.0

6
test/iosacl/firewall-ipv6-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:21 2011 PST by vadim
! Generated Sat Jan 22 09:53:50 2011 PST by vadim
!
! Compiled for iosacl 12.1
!
@ -61,8 +61,6 @@ interface Ethernet0/0
exit
no ip access-list extended fw-ipv6-1-ipv4_e0_0_in
no ip access-list extended fw-ipv6-1-ipv4_e0_0_out
no ipv6 access-list ipv6_e0_0_in
no ipv6 access-list ipv6_e0_0_out

6
test/iosacl/firewall-ipv6-2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:21 2011 PST by vadim
! Generated Sat Jan 22 09:53:50 2011 PST by vadim
!
! Compiled for iosacl 12.1
!
@ -60,8 +60,6 @@ interface Ethernet0/0
exit
no ip access-list extended fw-ipv6-2-ipv4_e0_0_in
no ip access-list extended fw-ipv6-2-ipv4_e0_0_out
no ipv6 access-list ipv6_e0_0_in
no ipv6 access-list ipv6_e0_0_out

8
test/iosacl/firewall-ipv6-3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:22 2011 PST by vadim
! Generated Sat Jan 22 09:53:50 2011 PST by vadim
!
! Compiled for iosacl 12.1
!
@ -37,12 +37,8 @@ interface Ethernet0/0
exit
no ip access-list extended e0_0_in
no ip access-list extended e0_0_out
no ipv6 access-list ipv6_e0_0_in
no ipv6 access-list ipv6_e0_0_out
no ipv6 access-list ipv6_fw-ipv6-3-ipv6-2_e0_0_in
no ipv6 access-list ipv6_fw-ipv6-3-ipv6-2_e0_0_out

4
test/iosacl/testios1-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:22 2011 PST by vadim
! Generated Sat Jan 22 09:53:51 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/testios1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:22 2011 PST by vadim
! Generated Sat Jan 22 09:53:50 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/testios2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:22 2011 PST by vadim
! Generated Sat Jan 22 09:53:51 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/testios20-v12.3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:23 2011 PST by vadim
! Generated Sat Jan 22 09:53:51 2011 PST by vadim
!
! Compiled for iosacl 12.3
!

4
test/iosacl/testios20.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:22 2011 PST by vadim
! Generated Sat Jan 22 09:53:51 2011 PST by vadim
!
! Compiled for iosacl 12.4
!

4
test/iosacl/testios3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:23 2011 PST by vadim
! Generated Sat Jan 22 09:53:52 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

5
test/iosacl/testios4.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:23 2011 PST by vadim
! Generated Sat Jan 22 09:53:52 2011 PST by vadim
!
! Compiled for iosacl 12.4
!
@ -38,7 +38,6 @@ no ip access-list extended e0_in
no ip access-list extended e0_out
no ip access-list extended e1_in
no ip access-list extended e1_out
no object-group network .src.net.0
no object-group network id47180X84238.src.net.0
no object-group network id47180X84238.dst.net.0

5
test/iosacl/testios5-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:23 2011 PST by vadim
! Generated Sat Jan 22 09:53:52 2011 PST by vadim
!
! Compiled for iosacl 12.4
!
@ -38,7 +38,6 @@ no ip access-list extended e0_in
no ip access-list extended e0_out
no ip access-list extended e1_in
no ip access-list extended e1_out
no object-group network .src.net.0
no object-group network id115999X79820.src.net.0
no object-group network id115999X79820.dst.net.0

4
test/iosacl/testios5.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3440
! Firewall Builder fwb_iosacl v4.2.0.3441
!
! Generated Thu Jan 20 16:31:23 2011 PST by vadim
! Generated Sat Jan 22 09:53:52 2011 PST by vadim
!
! Compiled for iosacl 12.4
!

7
test/pix/cluster1-1_pix1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:17 2011 PST by vadim
! Generated Sat Jan 22 10:06:04 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported
@ -118,14 +118,13 @@ clear xlate
clear config static
clear config global
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear conf object-group
clear conf object
object-group network id56590X61097.src.net.0
network-object host 10.3.14.206
network-object host 10.3.14.207

7
test/pix/cluster1-1_pix2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:17 2011 PST by vadim
! Generated Sat Jan 22 10:06:04 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported
@ -118,14 +118,13 @@ clear xlate
clear config static
clear config global
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear conf object-group
clear conf object
object-group network id56590X61097.src.net.0
network-object host 10.3.14.206
network-object host 10.3.14.207

7
test/pix/cluster1_pix1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:17 2011 PST by vadim
! Generated Sat Jan 22 10:06:04 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported
@ -118,14 +118,13 @@ clear xlate
clear config static
clear config global
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear conf object-group
clear conf object
object-group network id2913X78273.src.net.0
network-object host 10.3.14.206
network-object host 10.3.14.207

7
test/pix/cluster1_pix2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:17 2011 PST by vadim
! Generated Sat Jan 22 10:06:04 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported
@ -118,14 +118,13 @@ clear xlate
clear config static
clear config global
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear conf object-group
clear conf object
object-group network id2913X78273.src.net.0
network-object host 10.3.14.206
network-object host 10.3.14.207

8
test/pix/firewall.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:02 2011 PST by vadim
! Generated Sat Jan 22 10:05:46 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported
@ -265,17 +265,15 @@ clear xlate
clear static
clear global
clear nat
clear access-list dmz_acl_in
clear access-list inside_acl_in
clear access-list outside_acl_in
clear icmp
clear telnet
clear conf object-group
clear conf object
object-group network id3C4E4C38.dst.net.0
network-object host 211.11.11.11
network-object host 211.22.22.22

4
test/pix/firewall1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:02 2011 PST by vadim
! Generated Sat Jan 22 10:05:46 2011 PST by vadim
!
! Compiled for pix 6.1
! Outbound ACLs: not supported

7
test/pix/firewall10.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:03 2011 PST by vadim
! Generated Sat Jan 22 10:05:47 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -91,11 +91,10 @@ fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
clear conf object-group
clear conf object
object-group network id3DB0FA90.dst.net.0
network-object host 211.11.11.11
network-object host 211.22.22.22

4
test/pix/firewall11.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:03 2011 PST by vadim
! Generated Sat Jan 22 10:05:47 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

7
test/pix/firewall12.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:04 2011 PST by vadim
! Generated Sat Jan 22 10:05:48 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -87,11 +87,10 @@ fixup protocol ftp 21
fixup protocol http 80
fixup protocol icmp error
clear conf object-group
clear conf object
object-group network id3F8F95CD.dst.net.0
network-object host 192.0.2.20
network-object host 192.0.2.21

4
test/pix/firewall13.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:04 2011 PST by vadim
! Generated Sat Jan 22 10:05:48 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall14.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:05 2011 PST by vadim
! Generated Sat Jan 22 10:05:49 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

7
test/pix/firewall2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:05 2011 PST by vadim
! Generated Sat Jan 22 10:05:50 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -67,14 +67,13 @@ clear xlate
clear static
clear global
clear nat
clear access-list
clear icmp
clear telnet
clear conf object-group
clear conf object
object-group service id3D6EF08C.srv.tcp.0 tcp
port-object eq 80
port-object eq 119

4
test/pix/firewall20.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:06 2011 PST by vadim
! Generated Sat Jan 22 10:05:50 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall21-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:07 2011 PST by vadim
! Generated Sat Jan 22 10:05:51 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

4
test/pix/firewall21.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:06 2011 PST by vadim
! Generated Sat Jan 22 10:05:51 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall22.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:07 2011 PST by vadim
! Generated Sat Jan 22 10:05:52 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

4
test/pix/firewall3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:07 2011 PST by vadim
! Generated Sat Jan 22 10:05:52 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

7
test/pix/firewall33.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:08 2011 PST by vadim
! Generated Sat Jan 22 10:05:53 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -66,11 +66,10 @@ floodguard disable
clear conf object-group
clear conf object
object-group network id43867C2418346.src.net.0
network-object host 157.166.224.25
network-object host 157.166.224.26

64
test/pix/firewall34.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:08 2011 PST by vadim
! Generated Sat Jan 22 10:05:53 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -61,11 +61,10 @@ floodguard disable
clear conf object-group
clear conf object
object-group network id16988X10208.dst.net.0
network-object 192.168.1.1 255.255.255.255
network-object 192.168.1.2 255.255.255.255
@ -75,61 +74,6 @@ object-group network id16988X10208.dst.net.0
exit
object-group network id4390C25825682.dst.net.0
network-object 58.33.181.83 255.255.255.255
network-object 58.53.82.190 255.255.255.255
network-object 58.231.13.78 255.255.255.255
network-object host 61.150.47.112
network-object 61.184.14.102 255.255.255.255
network-object 64.106.85.186 255.255.255.255
network-object 70.228.60.100 255.255.255.255
network-object 80.51.236.6 255.255.255.255
network-object 80.243.72.149 255.255.255.255
network-object 80.249.77.34 255.255.255.255
network-object 81.2.36.254 255.255.255.255
network-object 81.196.74.125 255.255.255.255
network-object 82.77.37.174 255.255.255.255
network-object 82.117.221.205 255.255.255.255
network-object 82.143.196.17 255.255.255.255
network-object 84.90.8.198 255.255.255.255
network-object 151.8.224.178 255.255.255.255
network-object 168.156.76.20 255.255.255.255
network-object 193.207.126.36 255.255.255.255
network-object 195.136.186.35 255.255.255.255
network-object 196.15.136.15 255.255.255.255
network-object 201.10.180.138 255.255.255.255
network-object 201.17.93.16 255.255.255.255
network-object 201.36.156.121 255.255.255.255
network-object 202.96.112.93 255.255.255.255
network-object 202.103.25.253 255.255.255.255
network-object 203.162.3.209 255.255.255.255
network-object 203.209.124.144 255.255.255.255
network-object 210.106.193.237 255.255.255.255
network-object 210.222.114.102 255.255.255.255
network-object 211.144.143.143 255.255.255.255
network-object 211.172.218.237 255.255.255.255
network-object 211.250.16.132 255.255.255.255
network-object 212.21.241.31 255.255.255.255
network-object 212.100.212.100 255.255.255.255
network-object 218.18.72.252 255.255.255.255
network-object 218.39.114.122 255.255.255.255
network-object 218.55.115.43 255.255.255.255
network-object 218.104.138.146 255.255.255.255
network-object 219.132.104.160 255.255.255.255
network-object 220.71.17.86 255.255.255.255
network-object 220.81.50.105 255.255.255.255
network-object 220.91.99.46 255.255.255.255
network-object 221.14.249.242 255.255.255.255
network-object 221.166.177.135 255.255.255.255
network-object 221.198.33.38 255.255.255.255
network-object 221.202.160.233 255.255.255.255
network-object 221.205.54.125 255.255.255.255
network-object 221.217.44.248 255.255.255.255
network-object 222.100.212.223 255.255.255.255
network-object 222.121.118.144 255.255.255.255
network-object 222.174.113.2 255.255.255.255
exit
object-group network id4388CFF8674.src.net.0
network-object 58.33.181.83 255.255.255.255
network-object 58.53.82.190 255.255.255.255
network-object 58.231.13.78 255.255.255.255
@ -215,7 +159,7 @@ access-list outside_acl_in deny tcp any object-group id4390C25825682.dst.net.0
access-list inside_acl_in deny tcp any object-group id4390C25825682.dst.net.0 eq 25
!
! Rule 5 (global)
access-list outside_acl_in deny ip object-group id4388CFF8674.src.net.0 any log 6 interval 300
access-list outside_acl_in deny ip object-group id4390C25825682.dst.net.0 any log 6 interval 300
!
! Rule 6 (global)
access-list outside_acl_in deny ip object-group id4390C25825682.dst.net.0 any log 6 interval 300

7
test/pix/firewall4.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:08 2011 PST by vadim
! Generated Sat Jan 22 10:05:54 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported
@ -79,14 +79,13 @@ clear xlate
clear static
clear global
clear nat
clear access-list
clear icmp
clear telnet
clear conf object-group
clear conf object
object-group service id3D79A1C2.srv.tcp.0 tcp
port-object eq 22
port-object eq 80

8
test/pix/firewall50.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:09 2011 PST by vadim
! Generated Sat Jan 22 10:05:54 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported
@ -116,17 +116,15 @@ clear xlate
clear config static
clear config global
clear config nat
clear config access-list dmz_acl_in
clear config access-list inside_acl_in
clear config access-list outside_acl_in
clear config icmp
clear config telnet
clear conf object-group
clear conf object
object-group network id45142FA628543.dst.net.0
network-object host 211.11.11.11
network-object host 211.22.22.22

5
test/pix/firewall6.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:09 2011 PST by vadim
! Generated Sat Jan 22 10:05:55 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported
@ -80,7 +80,6 @@ clear xlate
clear static
clear global
clear nat
clear access-list
clear icmp
clear telnet

4
test/pix/firewall8.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:10 2011 PST by vadim
! Generated Sat Jan 22 10:05:56 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

7
test/pix/firewall80.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:11 2011 PST by vadim
! Generated Sat Jan 22 10:05:56 2011 PST by vadim
!
! Compiled for pix 8.2
! Outbound ACLs: supported
@ -90,14 +90,13 @@ clear xlate
clear config static
clear config global
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear conf object-group
clear conf object
object-group icmp-type id19186X29796.srv.icmp.0
icmp-object 8
icmp-object 0

12
test/pix/firewall81.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:11 2011 PST by vadim
! Generated Sat Jan 22 10:05:57 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -91,20 +91,12 @@ parameters
clear xlate
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear conf object
object service http.0
service tcp destination eq 80
quit
object network hostA:eth0.0
host 192.168.1.10
quit
object service http.0
service tcp destination eq 80
quit

12
test/pix/firewall82.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:11 2011 PST by vadim
! Generated Sat Jan 22 10:05:57 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -91,20 +91,12 @@ parameters
clear xlate
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear conf object
object service http.0
service tcp destination eq 80
quit
object network hostA:eth0.0
host 192.168.1.10
quit
object service http.0
service tcp destination eq 80
quit

12
test/pix/firewall83.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:12 2011 PST by vadim
! Generated Sat Jan 22 10:05:57 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -89,20 +89,12 @@ parameters
clear xlate
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear conf object
object service http.0
service tcp destination eq 80
quit
object network hostA:eth0.0
host 192.168.1.10
quit
object service http.0
service tcp destination eq 80
quit

4
test/pix/firewall9.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:12 2011 PST by vadim
! Generated Sat Jan 22 10:05:58 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

82
test/pix/firewall90.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:13 2011 PST by vadim
! Generated Sat Jan 22 10:05:58 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -92,14 +92,13 @@ parameters
clear xlate
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear conf object-group
clear conf object
object service http.0
service tcp destination eq 80
quit
@ -229,81 +228,6 @@ object-group network id77971X5929.tsrc.net.1
network-object object outside_range-1.0
network-object object external_gw2.0
exit
object service http.0
service tcp destination eq 80
quit
object service smtp.0
service tcp destination eq 25
quit
object service smtps.0
service tcp destination eq 465
quit
object service squid.0
service tcp destination eq 3128
quit
object network spamhost1.0
host 61.150.47.112
quit
object network external_gw_1.0
host 22.22.22.254
quit
object network external_gw2.0
host 22.22.22.100
quit
object network spamhost2.0
host 61.150.47.113
quit
object network hostA:eth0.0
host 192.168.1.10
quit
object network Internal_net.0
subnet 192.168.1.0 255.255.255.0
quit
object network internal_subnet_1.0
subnet 192.168.1.0 255.255.255.192
quit
object network internal_subnet_2.0
subnet 192.168.1.64 255.255.255.192
quit
object network ext_subnet.0
subnet 22.22.22.128 255.255.255.224
quit
object network ext_subnet-192.0
subnet 22.22.22.128 255.255.255.192
quit
object network test_range_1.0
range 192.168.1.11 192.168.1.15
quit
object network outside_range.0
range 22.22.22.21 22.22.22.25
quit
object network outside_range-1.0
range 22.22.22.30 22.22.22.40
quit
object network firewall90:FastEthernet1:ip.0
host 22.22.22.22
quit
object network firewall90:FastEthernet1:ip-1.0
host 22.22.22.23
quit
object-group network id78630X30274.src.net.0
network-object 10.1.2.0 255.255.255.0

36
test/pix/firewall91.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:13 2011 PST by vadim
! Generated Sat Jan 22 10:05:59 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -94,44 +94,12 @@ parameters
clear xlate
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear conf object
object service http.0
service tcp destination eq 80
quit
object service https.0
service tcp destination eq 443
quit
object service squid.0
service tcp destination eq 3128
quit
object network external_gw2.0
host 22.22.22.100
quit
object network hostA:eth0.0
host 192.168.1.10
quit
object network internal_subnet_1.0
subnet 192.168.1.0 255.255.255.192
quit
object network test_range_1.0
range 192.168.1.11 192.168.1.15
quit
object network outside_range.0
range 22.22.22.21 22.22.22.25
quit
object service http.0
service tcp destination eq 80
quit

38
test/pix/firewall92.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:13 2011 PST by vadim
! Generated Sat Jan 22 10:05:59 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -89,14 +89,13 @@ parameters
clear xlate
clear config nat
clear config access-list
clear config icmp
clear config telnet
clear conf object-group
clear conf object
object service http.0
service tcp destination eq 80
quit
@ -133,37 +132,6 @@ object-group network id20655X6113.osrc.net.0
network-object object internal_subnet_1.0
network-object object internal_subnet_2.0
exit
object service http.0
service tcp destination eq 80
quit
object service smtp.0
service tcp destination eq 25
quit
object network spamhost1.0
host 61.150.47.112
quit
object network hostA:eth0.0
host 192.168.1.10
quit
object network Internal_net.0
subnet 192.168.1.0 255.255.255.0
quit
object network internal_subnet_1.0
subnet 192.168.1.0 255.255.255.192
quit
object network internal_subnet_2.0
subnet 192.168.1.64 255.255.255.192
quit
object network test_range_1.0
range 192.168.1.11 192.168.1.15
quit
!################

6
test/pix/firewall93.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:14 2011 PST by vadim
! Generated Sat Jan 22 10:06:00 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -91,9 +91,9 @@ service-policy global_policy global
clear xlate
clear config nat
clear conf object
object network dmz-range-1.0
range 172.16.0.10 172.16.0.15
quit

6
test/pix/firewall94.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:14 2011 PST by vadim
! Generated Sat Jan 22 10:06:00 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -77,10 +77,10 @@ service-policy global_policy global
clear config access-list
clear config icmp
clear config telnet
clear conf object-group
clear conf object
object network inside-range-1.0
range 10.0.0.5 10.0.0.10
quit

8
test/pix/fwsm1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:15 2011 PST by vadim
! Generated Sat Jan 22 10:06:01 2011 PST by vadim
!
! Compiled for fwsm 2.3
! Outbound ACLs: supported
@ -98,17 +98,15 @@ clear xlate
clear static
clear global
clear nat
clear access-list dmz_acl_in
clear access-list inside_acl_in
clear access-list outside_acl_in
clear icmp
clear telnet
clear conf object-group
clear conf object
object-group network id444A03DE9567.dst.net.0
network-object host 211.11.11.11
network-object host 211.22.22.22

8
test/pix/fwsm2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:15 2011 PST by vadim
! Generated Sat Jan 22 10:06:01 2011 PST by vadim
!
! Compiled for fwsm 4.x
! Outbound ACLs: supported
@ -111,17 +111,15 @@ clear xlate
clear config static
clear config global
clear config nat
clear config access-list dmz_acl_in
clear config access-list inside_acl_in
clear config access-list outside_acl_in
clear config icmp
clear config telnet
clear conf object-group
clear conf object
object-group network id17298X54624.dst.net.0
network-object host 211.11.11.11
network-object host 211.22.22.22

6
test/pix/pix515.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:16 2011 PST by vadim
! Generated Sat Jan 22 10:06:02 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported
@ -88,10 +88,8 @@ clear xlate
clear config static
clear config global
clear config nat
clear config access-list inside_acl_in
clear config access-list outside_acl_in
clear config icmp
clear config telnet

5
test/pix/real.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_pix v4.2.0.3440
! Firewall Builder fwb_pix v4.2.0.3441
!
! Generated Thu Jan 20 17:13:16 2011 PST by vadim
! Generated Sat Jan 22 10:06:02 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -90,7 +90,6 @@ clear xlate
clear static
clear global
clear nat
clear access-list
clear icmp
clear telnet

17
test/procurve_acl/Makefile Normal file
View File

@ -0,0 +1,17 @@
FW_OBJECTS := $(shell fwbedit list -f objects-for-regression-tests.fwb -o /User/Firewalls -c -F%name% | sort)
CL_OBJECTS := $(shell fwbedit list -f cluster-tests.fwb -o /User/Clusters -c -F%name% | sort)
$(FW_OBJECTS):
fwb_procurve_acl -f objects-for-regression-tests.fwb -xt $@
$(CL_OBJECTS):
fwb_procurve_acl -f cluster-tests.fwb -xt -xc $@
.PHONY: all firewalls clusters $(FW_OBJECTS) $(CL_OBJECTS)
all: firewalls clusters
firewalls: $(FW_OBJECTS)
clusters: $(CL_OBJECTS)

4
test/procurve_acl/testhp1.fw.orig
View File

@ -1,9 +1,9 @@
;
; This is automatically generated file. DO NOT MODIFY !
;
; Firewall Builder fwb_procurve_acl v4.2.0.3440
; Firewall Builder fwb_procurve_acl v4.2.0.3441
;
; Generated Thu Jan 20 16:26:46 2011 PST by vadim
; Generated Sat Jan 22 10:08:30 2011 PST by vadim
;
; Compiled for procurve_acl K.13
;

4
test/procurve_acl/testhp2.fw.orig
View File

@ -1,9 +1,9 @@
;
; This is automatically generated file. DO NOT MODIFY !
;
; Firewall Builder fwb_procurve_acl v4.2.0.3440
; Firewall Builder fwb_procurve_acl v4.2.0.3441
;
; Generated Thu Jan 20 16:26:47 2011 PST by vadim
; Generated Sat Jan 22 10:08:30 2011 PST by vadim
;
; Compiled for procurve_acl K.13
;

4
test/procurve_acl/testhp3.fw.orig
View File

@ -1,9 +1,9 @@
;
; This is automatically generated file. DO NOT MODIFY !
;
; Firewall Builder fwb_procurve_acl v4.2.0.3440
; Firewall Builder fwb_procurve_acl v4.2.0.3441
;
; Generated Thu Jan 20 16:26:47 2011 PST by vadim
; Generated Sat Jan 22 10:08:30 2011 PST by vadim
;
; Compiled for procurve_acl K.13
;

4
test/procurve_acl/testhp4.fw.orig
View File

@ -1,9 +1,9 @@
;
; This is automatically generated file. DO NOT MODIFY !
;
; Firewall Builder fwb_procurve_acl v4.2.0.3440
; Firewall Builder fwb_procurve_acl v4.2.0.3441
;
; Generated Thu Jan 20 16:26:47 2011 PST by vadim
; Generated Sat Jan 22 10:08:30 2011 PST by vadim
;
; Compiled for procurve_acl K.13
;