diff --git a/doc/ChangeLog b/doc/ChangeLog index 8bbd2340a..a1198fcf0 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,42 @@ +2011-01-22 vadim + + * FWObjectDatabase_create_object.cpp (registerObjectType): see + #1972 implemented mechanism that allows me to register new object + types created and used outside of libfwbuilder API. This means + FWObjectDatabase can then copy and manipulate object trees that + use these new object types. + + * NamedObjectsAndGroupsSupport.cpp (saveObjectGroups): see #1968, + #1972 Class NamedObjectsManager maintains its own copy of object + tree that holds object group objects it creates during compiler + passes. This allows me to maitain one common set of object groups + for both policy and nat compilers and avoid creating duplicate and + redundant object-group statements. + + * NamedObjectsManagerPIX.cpp (getClearCommands): see #1968, #1972 + class NamedObjectsManager (and derived classes for IOS and PIX) + generate "clear" commands. This way, I can generate correct set + of "clear" commands that take into account any named objects and + object-groups that could be created during both policy and nat + compiler passes. + +2011-01-21 vadim + + * FWObject.cpp (init): see #1972 Seaprated object creation and + initialization. Some complex objects need to create a set of + standard child objects. Previously this was done in a special type + of constructor which required pointer to the object tree root + (FWObjectDatabase*). This created problems with implementation + of the method to register functions that create objects of new + types outside of the API. Now all objects have just a basic set + of constructors, plus method init() that can initialize them. + + * FWObjectDatabase_create_object.cpp (registerObjectType): see + #1972 implemented mechanism that allows me to register new object + types created and used outside of libfwbuilder API. This means + FWObjectDatabase can then copy and manipulate object trees that + use these new object types. + 2011-01-20 vadim * NamedObjectsAndGroupsSupport.cpp (getNamedObjectsDefinitions): diff --git a/src/cisco_lib/CompilerDriver_iosacl_run.cpp b/src/cisco_lib/CompilerDriver_iosacl_run.cpp index 42cff952e..2b80b4d8b 100644 --- a/src/cisco_lib/CompilerDriver_iosacl_run.cpp +++ b/src/cisco_lib/CompilerDriver_iosacl_run.cpp @@ -42,6 +42,7 @@ #include "RoutingCompiler_iosacl.h" #include "OSConfigurator_ios.h" #include "NamedObjectsAndGroupsSupport.h" +#include "NamedObjectsManagerIOS.h" #include "fwbuilder/Resources.h" #include "fwbuilder/FWObjectDatabase.h" @@ -185,7 +186,7 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id, if (!single_rule_compile_on) system_configuration_script = safetyNetInstall(fw); - NamedObjectManager named_object_manager(fw); + NamedObjectManagerIOS named_object_manager(fw); // command line options -4 and -6 control address family for which // script will be generated. If "-4" is used, only ipv4 part will @@ -334,6 +335,12 @@ QString CompilerDriver_iosacl::run(const std::string &cluster_id, policy_script + routing_script).c_str())); } + if ( fw->getOptionsObject()->getBool("iosacl_acl_basic") || + fw->getOptionsObject()->getBool("iosacl_acl_substitution")) + { + clear_commands += named_object_manager.getClearCommands() + "\n"; + } + system_configuration_script += clear_commands; system_configuration_script += object_groups_definitions; diff --git a/src/cisco_lib/CompilerDriver_pix_run.cpp b/src/cisco_lib/CompilerDriver_pix_run.cpp index ed0f67a6e..ca73889b4 100644 --- a/src/cisco_lib/CompilerDriver_pix_run.cpp +++ b/src/cisco_lib/CompilerDriver_pix_run.cpp @@ -43,6 +43,8 @@ #include "RoutingCompiler_pix.h" #include "OSConfigurator_pix_os.h" #include "NamedObjectsAndGroupsSupport.h" +#include "NamedObjectsManagerPIX.h" +#include "NamedObjectsManagerASA8.h" #include "Helper.h" @@ -288,7 +290,7 @@ QString CompilerDriver_pix::run(const std::string &cluster_id, copies_of_cluster_interfaces.pop_front(); } - NamedObjectManager named_object_manager(fw); + NamedObjectManagerPIX named_object_manager(fw); all_interfaces = fw->getByTypeDeep(Interface::TYPENAME); @@ -491,8 +493,9 @@ QString CompilerDriver_pix::run(const std::string &cluster_id, } system_configuration_script = oscnf->getCompiledScript(); - if (have_object_groups) clear_commands += "clear conf object-group\n"; - if (have_named_objects) clear_commands += "clear conf object\n"; + + clear_commands += named_object_manager.getClearCommands() + "\n"; + system_configuration_script += clear_commands; system_configuration_script += "\n"; system_configuration_script += object_groups_definitions; diff --git a/src/cisco_lib/CompilerDriver_procurve_acl_run.cpp b/src/cisco_lib/CompilerDriver_procurve_acl_run.cpp index f5bbd75e0..175981129 100644 --- a/src/cisco_lib/CompilerDriver_procurve_acl_run.cpp +++ b/src/cisco_lib/CompilerDriver_procurve_acl_run.cpp @@ -42,6 +42,7 @@ #include "RoutingCompiler_procurve_acl.h" #include "OSConfigurator_procurve.h" #include "NamedObjectsAndGroupsSupport.h" +#include "NamedObjectsManagerIOS.h" #include "fwbuilder/Resources.h" #include "fwbuilder/FWObjectDatabase.h" @@ -172,7 +173,7 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id, if (!single_rule_compile_on) system_configuration_script = safetyNetInstall(fw); - NamedObjectManager named_object_manager(fw); + NamedObjectManagerIOS named_object_manager(fw); // command line options -4 and -6 control address family for which // script will be generated. If "-4" is used, only ipv4 part will @@ -321,6 +322,12 @@ QString CompilerDriver_procurve_acl::run(const std::string &cluster_id, policy_script + routing_script).c_str())); } + if ( fw->getOptionsObject()->getBool("procurve_acl_acl_basic") || + fw->getOptionsObject()->getBool("procurve_acl_acl_substitution")) + { + clear_commands += named_object_manager.getClearCommands() + "\n"; + } + system_configuration_script += clear_commands; system_configuration_script += object_groups_definitions; diff --git a/src/cisco_lib/NATCompiler_asa8.cpp b/src/cisco_lib/NATCompiler_asa8.cpp index 73008fae4..854954eec 100644 --- a/src/cisco_lib/NATCompiler_asa8.cpp +++ b/src/cisco_lib/NATCompiler_asa8.cpp @@ -481,7 +481,6 @@ string NATCompiler_asa8::printClearCommands() "version_" + version + "/pix_commands/clear_nat") << endl; } - output << endl; return output.str(); } diff --git a/src/cisco_lib/NATCompiler_pix.cpp b/src/cisco_lib/NATCompiler_pix.cpp index c5760b6e0..c45eb58d0 100644 --- a/src/cisco_lib/NATCompiler_pix.cpp +++ b/src/cisco_lib/NATCompiler_pix.cpp @@ -1864,7 +1864,6 @@ string NATCompiler_pix::printClearCommands() "version_" + version + "/pix_commands/clear_nat") << endl; } - output << endl; return output.str(); } @@ -1878,9 +1877,6 @@ class MergeConflictRes : public FWObjectDatabase::ConflictResolutionPredicate void NATCompiler_pix::setNamedObjectManager(NamedObjectManager *mgr) { named_objects_manager = mgr; - // initialize object groups support - MergeConflictRes merge_predicate; - dbcopy->merge(mgr->object_groups_tree, &merge_predicate); mgr->setWorkingObjectTree(dbcopy); } diff --git a/src/cisco_lib/NamedObjectsAndGroupsSupport.cpp b/src/cisco_lib/NamedObjectsAndGroupsSupport.cpp index d8a63a212..dc1818fff 100644 --- a/src/cisco_lib/NamedObjectsAndGroupsSupport.cpp +++ b/src/cisco_lib/NamedObjectsAndGroupsSupport.cpp @@ -2,11 +2,9 @@ Firewall Builder - Copyright (C) 2010 NetCitadel, LLC + Copyright (C) 2011 NetCitadel, LLC - Author: Vadim Kurland vadim@vk.crocodile.org - - $Id$ + Author: Vadim Kurland vadim@fwbuilder.org This program is free software which we release under the GNU General Public License. You may redistribute and/or modify this program under the terms @@ -27,7 +25,6 @@ #include "NamedObjectsAndGroupsSupport.h" #include "NamedObject.h" -//#include "ObjectGroupFactory.h" #include "PIXObjectGroup.h" #include "ASA8ObjectGroup.h" @@ -139,7 +136,9 @@ bool NamedObjectManager::haveNamedObjects() bool NamedObjectManager::haveObjectGroups() { - return (getObjectGroupsGroup()->size() > 0); + FWObject *object_groups = object_groups_tree->findInIndex( + FWObjectDatabase::getIntId(object_groups_group_id)); + return (object_groups->size() > 0); } string NamedObjectManager::getNamedObjectsDefinitions() @@ -169,6 +168,11 @@ string NamedObjectManager::getNamedObjectsDefinitions() return output.join("\n").toUtf8().constData(); } +string NamedObjectManager::getClearCommands() +{ + return ""; +} + BaseObjectGroup* NamedObjectManager::createObjectGroup() { BaseObjectGroup *grp = NULL; @@ -186,8 +190,17 @@ BaseObjectGroup* NamedObjectManager::createObjectGroup() return grp; } +class MergeConflictRes : public FWObjectDatabase::ConflictResolutionPredicate +{ + public: + MergeConflictRes() { } + virtual bool askUser(FWObject*, FWObject*) {return false;} +}; + void NamedObjectManager::setWorkingObjectTree(FWObjectDatabase *dbcopy) { + MergeConflictRes merge_predicate; + dbcopy->merge(object_groups_tree, &merge_predicate); work_db = dbcopy; } @@ -204,7 +217,7 @@ void NamedObjectManager::saveObjectGroups() { object_groups_tree->clearChildren(); - FWObject *work_object_groups = getObjectGroupsGroup(); // finds it in work_db + FWObject *work_object_groups = getObjectGroupsGroupInWorkTree(); // finds it in work_db // move from work tree to object_groups_tree object_groups_tree->add(work_object_groups); @@ -228,7 +241,7 @@ void NamedObjectManager::saveObjectGroups() //object_groups_tree->dump(true, true); } -Group* NamedObjectManager::getObjectGroupsGroup() +Group* NamedObjectManager::getObjectGroupsGroupInWorkTree() { return Group::cast(work_db->findInIndex( FWObjectDatabase::getIntId(object_groups_group_id))); @@ -247,7 +260,7 @@ BaseObjectGroup* CreateObjectGroups::findObjectGroup(RuleElement *re) for (FWObject::iterator i1=re->begin(); i1!=re->end(); ++i1) relement.push_back(FWReference::getObject(*i1)); - FWObject *object_groups = named_objects_manager->getObjectGroupsGroup(); + FWObject *object_groups = named_objects_manager->getObjectGroupsGroupInWorkTree(); for (FWObject::iterator i=object_groups->begin(); i!=object_groups->end(); ++i) { BaseObjectGroup *og = dynamic_cast(*i); @@ -292,7 +305,7 @@ bool CreateObjectGroups::processNext() if (obj_group==NULL) { obj_group = named_objects_manager->createObjectGroup(); - named_objects_manager->getObjectGroupsGroup()->add(obj_group); + named_objects_manager->getObjectGroupsGroupInWorkTree()->add(obj_group); packObjects(re, obj_group); diff --git a/src/cisco_lib/NamedObjectsAndGroupsSupport.h b/src/cisco_lib/NamedObjectsAndGroupsSupport.h index 3eabbd1ce..d8c7a655b 100644 --- a/src/cisco_lib/NamedObjectsAndGroupsSupport.h +++ b/src/cisco_lib/NamedObjectsAndGroupsSupport.h @@ -42,30 +42,50 @@ namespace fwcompiler class NamedObjectManager { - -public: - std::map named_objects; +protected: std::string platform; std::string version; -// storage for object groups created to be used with PIX command object-group + // storage for object groups created to be used with PIX + // command object-group std::string object_groups_group_id; + + /* + * This is a storage object tree. Method saveObjectGroups() + * copies object groups objects created during compiler pass + * in the working tree work_db to this tree. There should be + * no access to the storage tree from outside, it should only + * be used by methods of this class that generate commands for + * object groups definitions or "clear" commands. + */ libfwbuilder::FWObjectDatabase *object_groups_tree; - //const libfwbuilder::Firewall *fw; + /* + * This is a working object tree. When compilers need to + * interact with named object manager, they should use this + * object tree. Access to the group that holds created object + * groups is provided by method + * getObjectGroupsGroupInWorkTree() that finds it in the + * working tree + */ libfwbuilder::FWObjectDatabase *work_db; +public: + std::map named_objects; + + NamedObjectManager(const libfwbuilder::Firewall *_fw); virtual ~NamedObjectManager(); void addNamedObject(const libfwbuilder::FWObject *obj); NamedObject* getNamedObject(const libfwbuilder::FWObject *obj); - std::string getNamedObjectsDefinitions(); - + virtual std::string getNamedObjectsDefinitions(); + virtual std::string getClearCommands(); + bool haveNamedObjects(); bool haveObjectGroups(); BaseObjectGroup* createObjectGroup(); - libfwbuilder::Group* getObjectGroupsGroup(); + libfwbuilder::Group* getObjectGroupsGroupInWorkTree(); void setWorkingObjectTree(libfwbuilder::FWObjectDatabase *dbcopy); diff --git a/src/cisco_lib/NamedObjectsManagerASA8.h b/src/cisco_lib/NamedObjectsManagerASA8.h new file mode 100644 index 000000000..a9929c479 --- /dev/null +++ b/src/cisco_lib/NamedObjectsManagerASA8.h @@ -0,0 +1,45 @@ +/* + + Firewall Builder + + Copyright (C) 2010-2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef _NAMED_OBJECTS_MANAGER_ASA8_HH +#define _NAMED_OBJECTS_MANAGER_ASA8_HH + +#include "config.h" + +#include "NamedObjectsManagerPIX.h" + + +namespace fwcompiler +{ + + class NamedObjectManagerASA8 : public NamedObjectManagerPIX + { + +public: + NamedObjectManagerASA8(const libfwbuilder::Firewall *fw) : + NamedObjectManagerPIX(fw) {} + virtual ~NamedObjectManagerASA8() {}; + }; +} + +#endif diff --git a/src/cisco_lib/NamedObjectsManagerIOS.cpp b/src/cisco_lib/NamedObjectsManagerIOS.cpp new file mode 100644 index 000000000..270b795d2 --- /dev/null +++ b/src/cisco_lib/NamedObjectsManagerIOS.cpp @@ -0,0 +1,65 @@ +/* + + Firewall Builder + + Copyright (C) 2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include "NamedObjectsManagerIOS.h" +#include "NamedObject.h" +#include "BaseObjectGroup.h" + +#include +#include + + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + +NamedObjectManagerIOS::NamedObjectManagerIOS(const Firewall *fw) : + NamedObjectManager(fw) +{ +} + +NamedObjectManagerIOS::~NamedObjectManagerIOS() +{ +} + +string NamedObjectManagerIOS::getClearCommands() +{ + ostringstream output; + + FWObject *object_groups = object_groups_tree->findInIndex( + FWObjectDatabase::getIntId(object_groups_group_id)); + + for (FWObject::iterator i=object_groups->begin(); i!=object_groups->end(); ++i) + { + BaseObjectGroup *og = dynamic_cast(*i); + assert(og!=NULL); + output << "no " << og->getObjectGroupHeader() << endl; + } + + return output.str(); +} + + diff --git a/src/cisco_lib/NamedObjectsManagerIOS.h b/src/cisco_lib/NamedObjectsManagerIOS.h new file mode 100644 index 000000000..eab27afc1 --- /dev/null +++ b/src/cisco_lib/NamedObjectsManagerIOS.h @@ -0,0 +1,48 @@ +/* + + Firewall Builder + + Copyright (C) 2010-2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef _NAMED_OBJECTS_MANAGER_IOS_HH +#define _NAMED_OBJECTS_MANAGER_IOS_HH + +#include "config.h" + +#include "NamedObjectsAndGroupsSupport.h" + +#include "fwbuilder/Firewall.h" + + +namespace fwcompiler +{ + + class NamedObjectManagerIOS : public NamedObjectManager + { + +public: + NamedObjectManagerIOS(const libfwbuilder::Firewall *_fw); + virtual ~NamedObjectManagerIOS(); + + virtual std::string getClearCommands(); + }; +} + +#endif diff --git a/src/cisco_lib/NamedObjectsManagerPIX.cpp b/src/cisco_lib/NamedObjectsManagerPIX.cpp new file mode 100644 index 000000000..ca32caa85 --- /dev/null +++ b/src/cisco_lib/NamedObjectsManagerPIX.cpp @@ -0,0 +1,57 @@ +/* + + Firewall Builder + + Copyright (C) 2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#include "config.h" + +#include "NamedObjectsManagerPIX.h" +#include "PIXObjectGroup.h" + +#include +#include + + +using namespace libfwbuilder; +using namespace fwcompiler; +using namespace std; + + +NamedObjectManagerPIX::NamedObjectManagerPIX(const Firewall *fw) : + NamedObjectManager(fw) +{ +} + +NamedObjectManagerPIX::~NamedObjectManagerPIX() +{ +} + +string NamedObjectManagerPIX::getClearCommands() +{ + ostringstream output; + + if (haveObjectGroups()) output << "clear conf object-group" << endl; + if (haveNamedObjects()) output << "clear conf object" << endl; + + return output.str(); +} + + diff --git a/src/cisco_lib/NamedObjectsManagerPIX.h b/src/cisco_lib/NamedObjectsManagerPIX.h new file mode 100644 index 000000000..da7508b0e --- /dev/null +++ b/src/cisco_lib/NamedObjectsManagerPIX.h @@ -0,0 +1,48 @@ +/* + + Firewall Builder + + Copyright (C) 2010-2011 NetCitadel, LLC + + Author: Vadim Kurland vadim@fwbuilder.org + + This program is free software which we release under the GNU General Public + License. You may redistribute and/or modify this program under the terms + of that license as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + To get a copy of the GNU General Public License, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +#ifndef _NAMED_OBJECTS_MANAGER_PIX_HH +#define _NAMED_OBJECTS_MANAGER_PIX_HH + +#include "config.h" + +#include "NamedObjectsAndGroupsSupport.h" + +#include "fwbuilder/Firewall.h" + + +namespace fwcompiler +{ + + class NamedObjectManagerPIX : public NamedObjectManager + { + +public: + NamedObjectManagerPIX(const libfwbuilder::Firewall *_fw); + virtual ~NamedObjectManagerPIX(); + + virtual std::string getClearCommands(); + }; +} + +#endif diff --git a/src/cisco_lib/PolicyCompiler_cisco.cpp b/src/cisco_lib/PolicyCompiler_cisco.cpp index a00a201bd..04670ab19 100644 --- a/src/cisco_lib/PolicyCompiler_cisco.cpp +++ b/src/cisco_lib/PolicyCompiler_cisco.cpp @@ -817,19 +817,10 @@ string PolicyCompiler_cisco::printClearCommands() return ""; } -class MergeConflictRes : public FWObjectDatabase::ConflictResolutionPredicate -{ - public: - MergeConflictRes() { } - virtual bool askUser(FWObject*, FWObject*) {return false;} -}; - void PolicyCompiler_cisco::setNamedObjectManager(NamedObjectManager *mgr) { named_objects_manager = mgr; // initialize object groups support - MergeConflictRes merge_predicate; - dbcopy->merge(mgr->object_groups_tree, &merge_predicate); mgr->setWorkingObjectTree(dbcopy); } diff --git a/src/cisco_lib/PolicyCompiler_iosacl.cpp b/src/cisco_lib/PolicyCompiler_iosacl.cpp index d3b307d76..8649dd650 100644 --- a/src/cisco_lib/PolicyCompiler_iosacl.cpp +++ b/src/cisco_lib/PolicyCompiler_iosacl.cpp @@ -533,15 +533,15 @@ string PolicyCompiler_iosacl::printClearCommands() { ostringstream output; - string vers = fw->getStr("version"); + string version = fw->getStr("version"); string platform = fw->getStr("platform"); string xml_element = "clear_ip_acl"; if (ipv6) xml_element = "clear_ipv6_acl"; string clearACLCmd = Resources::platform_res[platform]->getResourceStr( - string("/FWBuilderResources/Target/options/")+ - "version_"+vers+"/iosacl_commands/" + xml_element); + string("/FWBuilderResources/Target/options/") + + "version_" + version + "/iosacl_commands/" + xml_element); assert( !clearACLCmd.empty()); @@ -554,19 +554,8 @@ string PolicyCompiler_iosacl::printClearCommands() ciscoACL *acl = (*i).second; output << clearACLCmd << " " << acl->workName() << endl; } - output << endl; - - FWObject *object_groups = named_objects_manager->getObjectGroupsGroup(); - for (FWObject::iterator i=object_groups->begin(); i!=object_groups->end(); ++i) - { - BaseObjectGroup *og = dynamic_cast(*i); - assert(og!=NULL); - output << "no " << og->getObjectGroupHeader() << endl; - } } - output << endl; - return output.str(); } diff --git a/src/cisco_lib/PolicyCompiler_pix.cpp b/src/cisco_lib/PolicyCompiler_pix.cpp index 047fb28ad..bc9a84989 100644 --- a/src/cisco_lib/PolicyCompiler_pix.cpp +++ b/src/cisco_lib/PolicyCompiler_pix.cpp @@ -753,7 +753,6 @@ string PolicyCompiler_pix::printClearCommands() output << clearACLcmd << " " << acl->workName() << endl; } //output << clearOGcmd << endl; - output << endl; } if ( !fw->getOptionsObject()->getBool("pix_acl_no_clear") ) @@ -762,7 +761,6 @@ string PolicyCompiler_pix::printClearCommands() output << clearTelnetcmd << endl; } - output << endl; return output.str(); } diff --git a/src/cisco_lib/cisco_lib.pro b/src/cisco_lib/cisco_lib.pro index db5eea065..204e852c9 100644 --- a/src/cisco_lib/cisco_lib.pro +++ b/src/cisco_lib/cisco_lib.pro @@ -7,6 +7,8 @@ TEMPLATE = lib SOURCES = PolicyCompiler_cisco.cpp \ PolicyCompiler_cisco_acls.cpp \ NamedObjectsAndGroupsSupport.cpp \ + NamedObjectsManagerIOS.cpp \ + NamedObjectsManagerPIX.cpp \ RoutingCompiler_cisco.cpp \ RoutingCompiler_cisco_writers.cpp \ splitByNetworkZonesForRE.cpp \ @@ -60,6 +62,9 @@ HEADERS = ../../config.h \ NamedObject.h \ ASA8TwiceNatLogic.h \ NamedObjectsAndGroupsSupport.h \ + NamedObjectsManagerIOS.h \ + NamedObjectsManagerPIX.h \ + NamedObjectsManagerASA8.h \ inspectionProtocol.h \ InspectionClassMap.h \ PolicyCompiler_cisco.h \ diff --git a/test/iosacl/auto-interface-test.fw.orig b/test/iosacl/auto-interface-test.fw.orig index f1046f089..cfaaabdc1 100755 --- a/test/iosacl/auto-interface-test.fw.orig +++ b/test/iosacl/auto-interface-test.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:20 2011 PST by vadim +! Generated Sat Jan 22 09:53:49 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! @@ -40,8 +40,6 @@ no ip access-list extended e1_1_in no ip access-list extended e1_1_out no ip access-list extended fe0_0_in no ip access-list extended fe0_0_out - - no ipv6 access-list ipv6_Policy_v6_e1_0_in no ipv6 access-list ipv6_Policy_v6_e1_0_out no ipv6 access-list ipv6_Policy_v6_e1_1_in diff --git a/test/iosacl/c3620.fw.orig b/test/iosacl/c3620.fw.orig index 34a735be9..8eef6c172 100755 --- a/test/iosacl/c3620.fw.orig +++ b/test/iosacl/c3620.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:20 2011 PST by vadim +! Generated Sat Jan 22 09:53:49 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/ccie4u-r1.fw.orig b/test/iosacl/ccie4u-r1.fw.orig index a50983262..c872e476a 100755 --- a/test/iosacl/ccie4u-r1.fw.orig +++ b/test/iosacl/ccie4u-r1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:21 2011 PST by vadim +! Generated Sat Jan 22 09:53:49 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! @@ -64,8 +64,6 @@ no ip access-list extended r1-ipv4_fe0_0_in no ip access-list extended r1-ipv4_fe0_0_out no ip access-list extended r1-ipv4_fe0_1_in no ip access-list extended r1-ipv4_fe0_1_out - - no ipv6 access-list ipv6_fe0_0_in no ipv6 access-list ipv6_fe0_0_out no ipv6 access-list ipv6_fe0_1_in diff --git a/test/iosacl/dynamips1-og.fw.orig b/test/iosacl/dynamips1-og.fw.orig index 62a4031af..07980ed38 100755 --- a/test/iosacl/dynamips1-og.fw.orig +++ b/test/iosacl/dynamips1-og.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:21 2011 PST by vadim +! Generated Sat Jan 22 09:53:49 2011 PST by vadim ! ! Compiled for iosacl 12.4 ! @@ -25,16 +25,13 @@ no ip access-list extended fe0_0_in no ip access-list extended fe0_0_out - +no ipv6 access-list ipv6_fe0_0_in +no ipv6 access-list ipv6_fe0_0_out no object-group network id29216X37699.src.net.0 no object-group service id29216X37699.srv.udp.0 no object-group network id18740X37673.dst.net.0 no object-group network id18964X37673.src.net.0 -no ipv6 access-list ipv6_fe0_0_in -no ipv6 access-list ipv6_fe0_0_out - - object-group network id29216X37699.src.net.0 host 61.150.47.112 host 192.168.1.0 diff --git a/test/iosacl/firewall-ipv6-1.fw.orig b/test/iosacl/firewall-ipv6-1.fw.orig index b7509269c..826ae3f28 100755 --- a/test/iosacl/firewall-ipv6-1.fw.orig +++ b/test/iosacl/firewall-ipv6-1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:21 2011 PST by vadim +! Generated Sat Jan 22 09:53:50 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! @@ -61,8 +61,6 @@ interface Ethernet0/0 exit no ip access-list extended fw-ipv6-1-ipv4_e0_0_in no ip access-list extended fw-ipv6-1-ipv4_e0_0_out - - no ipv6 access-list ipv6_e0_0_in no ipv6 access-list ipv6_e0_0_out diff --git a/test/iosacl/firewall-ipv6-2.fw.orig b/test/iosacl/firewall-ipv6-2.fw.orig index c4cec7fc8..3f53a79cd 100755 --- a/test/iosacl/firewall-ipv6-2.fw.orig +++ b/test/iosacl/firewall-ipv6-2.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:21 2011 PST by vadim +! Generated Sat Jan 22 09:53:50 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! @@ -60,8 +60,6 @@ interface Ethernet0/0 exit no ip access-list extended fw-ipv6-2-ipv4_e0_0_in no ip access-list extended fw-ipv6-2-ipv4_e0_0_out - - no ipv6 access-list ipv6_e0_0_in no ipv6 access-list ipv6_e0_0_out diff --git a/test/iosacl/firewall-ipv6-3.fw.orig b/test/iosacl/firewall-ipv6-3.fw.orig index 43e2d9e0c..248a5db78 100755 --- a/test/iosacl/firewall-ipv6-3.fw.orig +++ b/test/iosacl/firewall-ipv6-3.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:22 2011 PST by vadim +! Generated Sat Jan 22 09:53:50 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! @@ -37,12 +37,8 @@ interface Ethernet0/0 exit no ip access-list extended e0_0_in no ip access-list extended e0_0_out - - no ipv6 access-list ipv6_e0_0_in no ipv6 access-list ipv6_e0_0_out - - no ipv6 access-list ipv6_fw-ipv6-3-ipv6-2_e0_0_in no ipv6 access-list ipv6_fw-ipv6-3-ipv6-2_e0_0_out diff --git a/test/iosacl/testios1-1.fw.orig b/test/iosacl/testios1-1.fw.orig index 7e2303f7c..5d09dcc3b 100755 --- a/test/iosacl/testios1-1.fw.orig +++ b/test/iosacl/testios1-1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:22 2011 PST by vadim +! Generated Sat Jan 22 09:53:51 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/testios1.fw.orig b/test/iosacl/testios1.fw.orig index 7e5563753..ed1550512 100755 --- a/test/iosacl/testios1.fw.orig +++ b/test/iosacl/testios1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:22 2011 PST by vadim +! Generated Sat Jan 22 09:53:50 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/testios2.fw.orig b/test/iosacl/testios2.fw.orig index d03159e99..7426ed5a4 100755 --- a/test/iosacl/testios2.fw.orig +++ b/test/iosacl/testios2.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:22 2011 PST by vadim +! Generated Sat Jan 22 09:53:51 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/testios20-v12.3.fw.orig b/test/iosacl/testios20-v12.3.fw.orig index 8454fb1ba..af60af927 100755 --- a/test/iosacl/testios20-v12.3.fw.orig +++ b/test/iosacl/testios20-v12.3.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:23 2011 PST by vadim +! Generated Sat Jan 22 09:53:51 2011 PST by vadim ! ! Compiled for iosacl 12.3 ! diff --git a/test/iosacl/testios20.fw.orig b/test/iosacl/testios20.fw.orig index 3d07d8a1e..2f898bb37 100755 --- a/test/iosacl/testios20.fw.orig +++ b/test/iosacl/testios20.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:22 2011 PST by vadim +! Generated Sat Jan 22 09:53:51 2011 PST by vadim ! ! Compiled for iosacl 12.4 ! diff --git a/test/iosacl/testios3.fw.orig b/test/iosacl/testios3.fw.orig index d69e39cc1..5cee535e0 100755 --- a/test/iosacl/testios3.fw.orig +++ b/test/iosacl/testios3.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:23 2011 PST by vadim +! Generated Sat Jan 22 09:53:52 2011 PST by vadim ! ! Compiled for iosacl 12.1 ! diff --git a/test/iosacl/testios4.fw.orig b/test/iosacl/testios4.fw.orig index 6d021825c..af4843e71 100755 --- a/test/iosacl/testios4.fw.orig +++ b/test/iosacl/testios4.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:23 2011 PST by vadim +! Generated Sat Jan 22 09:53:52 2011 PST by vadim ! ! Compiled for iosacl 12.4 ! @@ -38,7 +38,6 @@ no ip access-list extended e0_in no ip access-list extended e0_out no ip access-list extended e1_in no ip access-list extended e1_out - no object-group network .src.net.0 no object-group network id47180X84238.src.net.0 no object-group network id47180X84238.dst.net.0 diff --git a/test/iosacl/testios5-1.fw.orig b/test/iosacl/testios5-1.fw.orig index 8498a5c9c..bad231adf 100755 --- a/test/iosacl/testios5-1.fw.orig +++ b/test/iosacl/testios5-1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:23 2011 PST by vadim +! Generated Sat Jan 22 09:53:52 2011 PST by vadim ! ! Compiled for iosacl 12.4 ! @@ -38,7 +38,6 @@ no ip access-list extended e0_in no ip access-list extended e0_out no ip access-list extended e1_in no ip access-list extended e1_out - no object-group network .src.net.0 no object-group network id115999X79820.src.net.0 no object-group network id115999X79820.dst.net.0 diff --git a/test/iosacl/testios5.fw.orig b/test/iosacl/testios5.fw.orig index be7379db5..538bf4ba2 100755 --- a/test/iosacl/testios5.fw.orig +++ b/test/iosacl/testios5.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_iosacl v4.2.0.3440 +! Firewall Builder fwb_iosacl v4.2.0.3441 ! -! Generated Thu Jan 20 16:31:23 2011 PST by vadim +! Generated Sat Jan 22 09:53:52 2011 PST by vadim ! ! Compiled for iosacl 12.4 ! diff --git a/test/pix/cluster1-1_pix1.fw.orig b/test/pix/cluster1-1_pix1.fw.orig index 59e42e6fd..1e4f29709 100755 --- a/test/pix/cluster1-1_pix1.fw.orig +++ b/test/pix/cluster1-1_pix1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:17 2011 PST by vadim +! Generated Sat Jan 22 10:06:04 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported @@ -118,14 +118,13 @@ clear xlate clear config static clear config global clear config nat - clear config access-list clear config icmp clear config telnet - clear conf object-group clear conf object + object-group network id56590X61097.src.net.0 network-object host 10.3.14.206 network-object host 10.3.14.207 diff --git a/test/pix/cluster1-1_pix2.fw.orig b/test/pix/cluster1-1_pix2.fw.orig index 745ab8868..a8c799dbf 100755 --- a/test/pix/cluster1-1_pix2.fw.orig +++ b/test/pix/cluster1-1_pix2.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:17 2011 PST by vadim +! Generated Sat Jan 22 10:06:04 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported @@ -118,14 +118,13 @@ clear xlate clear config static clear config global clear config nat - clear config access-list clear config icmp clear config telnet - clear conf object-group clear conf object + object-group network id56590X61097.src.net.0 network-object host 10.3.14.206 network-object host 10.3.14.207 diff --git a/test/pix/cluster1_pix1.fw.orig b/test/pix/cluster1_pix1.fw.orig index 5c6380400..8e0b9add9 100755 --- a/test/pix/cluster1_pix1.fw.orig +++ b/test/pix/cluster1_pix1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:17 2011 PST by vadim +! Generated Sat Jan 22 10:06:04 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported @@ -118,14 +118,13 @@ clear xlate clear config static clear config global clear config nat - clear config access-list clear config icmp clear config telnet - clear conf object-group clear conf object + object-group network id2913X78273.src.net.0 network-object host 10.3.14.206 network-object host 10.3.14.207 diff --git a/test/pix/cluster1_pix2.fw.orig b/test/pix/cluster1_pix2.fw.orig index b69d491fb..42647513b 100755 --- a/test/pix/cluster1_pix2.fw.orig +++ b/test/pix/cluster1_pix2.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:17 2011 PST by vadim +! Generated Sat Jan 22 10:06:04 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported @@ -118,14 +118,13 @@ clear xlate clear config static clear config global clear config nat - clear config access-list clear config icmp clear config telnet - clear conf object-group clear conf object + object-group network id2913X78273.src.net.0 network-object host 10.3.14.206 network-object host 10.3.14.207 diff --git a/test/pix/firewall.fw.orig b/test/pix/firewall.fw.orig index 5721119e6..30d93edaa 100755 --- a/test/pix/firewall.fw.orig +++ b/test/pix/firewall.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:02 2011 PST by vadim +! Generated Sat Jan 22 10:05:46 2011 PST by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported @@ -265,17 +265,15 @@ clear xlate clear static clear global clear nat - clear access-list dmz_acl_in clear access-list inside_acl_in clear access-list outside_acl_in - clear icmp clear telnet - clear conf object-group clear conf object + object-group network id3C4E4C38.dst.net.0 network-object host 211.11.11.11 network-object host 211.22.22.22 diff --git a/test/pix/firewall1.fw.orig b/test/pix/firewall1.fw.orig index 23965732a..46e94259d 100755 --- a/test/pix/firewall1.fw.orig +++ b/test/pix/firewall1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:02 2011 PST by vadim +! Generated Sat Jan 22 10:05:46 2011 PST by vadim ! ! Compiled for pix 6.1 ! Outbound ACLs: not supported diff --git a/test/pix/firewall10.fw.orig b/test/pix/firewall10.fw.orig index cb4f58daa..c560e350f 100755 --- a/test/pix/firewall10.fw.orig +++ b/test/pix/firewall10.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:03 2011 PST by vadim +! Generated Sat Jan 22 10:05:47 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported @@ -91,11 +91,10 @@ fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 - - clear conf object-group clear conf object + object-group network id3DB0FA90.dst.net.0 network-object host 211.11.11.11 network-object host 211.22.22.22 diff --git a/test/pix/firewall11.fw.orig b/test/pix/firewall11.fw.orig index 99adfe830..85f0d54f4 100755 --- a/test/pix/firewall11.fw.orig +++ b/test/pix/firewall11.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:03 2011 PST by vadim +! Generated Sat Jan 22 10:05:47 2011 PST by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall12.fw.orig b/test/pix/firewall12.fw.orig index d34dfa13e..c84cdeb55 100755 --- a/test/pix/firewall12.fw.orig +++ b/test/pix/firewall12.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:04 2011 PST by vadim +! Generated Sat Jan 22 10:05:48 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported @@ -87,11 +87,10 @@ fixup protocol ftp 21 fixup protocol http 80 fixup protocol icmp error - - clear conf object-group clear conf object + object-group network id3F8F95CD.dst.net.0 network-object host 192.0.2.20 network-object host 192.0.2.21 diff --git a/test/pix/firewall13.fw.orig b/test/pix/firewall13.fw.orig index c322e0544..7b4abaa27 100755 --- a/test/pix/firewall13.fw.orig +++ b/test/pix/firewall13.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:04 2011 PST by vadim +! Generated Sat Jan 22 10:05:48 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall14.fw.orig b/test/pix/firewall14.fw.orig index 335089d44..672e0a10c 100755 --- a/test/pix/firewall14.fw.orig +++ b/test/pix/firewall14.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:05 2011 PST by vadim +! Generated Sat Jan 22 10:05:49 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall2.fw.orig b/test/pix/firewall2.fw.orig index 7ebe62a72..52c4182a9 100755 --- a/test/pix/firewall2.fw.orig +++ b/test/pix/firewall2.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:05 2011 PST by vadim +! Generated Sat Jan 22 10:05:50 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported @@ -67,14 +67,13 @@ clear xlate clear static clear global clear nat - clear access-list clear icmp clear telnet - clear conf object-group clear conf object + object-group service id3D6EF08C.srv.tcp.0 tcp port-object eq 80 port-object eq 119 diff --git a/test/pix/firewall20.fw.orig b/test/pix/firewall20.fw.orig index fc6842a2f..46821389f 100755 --- a/test/pix/firewall20.fw.orig +++ b/test/pix/firewall20.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:06 2011 PST by vadim +! Generated Sat Jan 22 10:05:50 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall21-1.fw.orig b/test/pix/firewall21-1.fw.orig index 0fa301b58..2426936aa 100755 --- a/test/pix/firewall21-1.fw.orig +++ b/test/pix/firewall21-1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:07 2011 PST by vadim +! Generated Sat Jan 22 10:05:51 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall21.fw.orig b/test/pix/firewall21.fw.orig index 77c1c53cb..670576698 100755 --- a/test/pix/firewall21.fw.orig +++ b/test/pix/firewall21.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:06 2011 PST by vadim +! Generated Sat Jan 22 10:05:51 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/firewall22.fw.orig b/test/pix/firewall22.fw.orig index a11d43450..2f728c76a 100755 --- a/test/pix/firewall22.fw.orig +++ b/test/pix/firewall22.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:07 2011 PST by vadim +! Generated Sat Jan 22 10:05:52 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/firewall3.fw.orig b/test/pix/firewall3.fw.orig index 3dd3be5c7..b52da3374 100755 --- a/test/pix/firewall3.fw.orig +++ b/test/pix/firewall3.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:07 2011 PST by vadim +! Generated Sat Jan 22 10:05:52 2011 PST by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall33.fw.orig b/test/pix/firewall33.fw.orig index 690418f3c..c0ff2e48a 100755 --- a/test/pix/firewall33.fw.orig +++ b/test/pix/firewall33.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:08 2011 PST by vadim +! Generated Sat Jan 22 10:05:53 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported @@ -66,11 +66,10 @@ floodguard disable - - clear conf object-group clear conf object + object-group network id43867C2418346.src.net.0 network-object host 157.166.224.25 network-object host 157.166.224.26 diff --git a/test/pix/firewall34.fw.orig b/test/pix/firewall34.fw.orig index 894c6fcb3..d62e9efca 100755 --- a/test/pix/firewall34.fw.orig +++ b/test/pix/firewall34.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:08 2011 PST by vadim +! Generated Sat Jan 22 10:05:53 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported @@ -61,11 +61,10 @@ floodguard disable - - clear conf object-group clear conf object + object-group network id16988X10208.dst.net.0 network-object 192.168.1.1 255.255.255.255 network-object 192.168.1.2 255.255.255.255 @@ -75,61 +74,6 @@ object-group network id16988X10208.dst.net.0 exit object-group network id4390C25825682.dst.net.0 - network-object 58.33.181.83 255.255.255.255 - network-object 58.53.82.190 255.255.255.255 - network-object 58.231.13.78 255.255.255.255 - network-object host 61.150.47.112 - network-object 61.184.14.102 255.255.255.255 - network-object 64.106.85.186 255.255.255.255 - network-object 70.228.60.100 255.255.255.255 - network-object 80.51.236.6 255.255.255.255 - network-object 80.243.72.149 255.255.255.255 - network-object 80.249.77.34 255.255.255.255 - network-object 81.2.36.254 255.255.255.255 - network-object 81.196.74.125 255.255.255.255 - network-object 82.77.37.174 255.255.255.255 - network-object 82.117.221.205 255.255.255.255 - network-object 82.143.196.17 255.255.255.255 - network-object 84.90.8.198 255.255.255.255 - network-object 151.8.224.178 255.255.255.255 - network-object 168.156.76.20 255.255.255.255 - network-object 193.207.126.36 255.255.255.255 - network-object 195.136.186.35 255.255.255.255 - network-object 196.15.136.15 255.255.255.255 - network-object 201.10.180.138 255.255.255.255 - network-object 201.17.93.16 255.255.255.255 - network-object 201.36.156.121 255.255.255.255 - network-object 202.96.112.93 255.255.255.255 - network-object 202.103.25.253 255.255.255.255 - network-object 203.162.3.209 255.255.255.255 - network-object 203.209.124.144 255.255.255.255 - network-object 210.106.193.237 255.255.255.255 - network-object 210.222.114.102 255.255.255.255 - network-object 211.144.143.143 255.255.255.255 - network-object 211.172.218.237 255.255.255.255 - network-object 211.250.16.132 255.255.255.255 - network-object 212.21.241.31 255.255.255.255 - network-object 212.100.212.100 255.255.255.255 - network-object 218.18.72.252 255.255.255.255 - network-object 218.39.114.122 255.255.255.255 - network-object 218.55.115.43 255.255.255.255 - network-object 218.104.138.146 255.255.255.255 - network-object 219.132.104.160 255.255.255.255 - network-object 220.71.17.86 255.255.255.255 - network-object 220.81.50.105 255.255.255.255 - network-object 220.91.99.46 255.255.255.255 - network-object 221.14.249.242 255.255.255.255 - network-object 221.166.177.135 255.255.255.255 - network-object 221.198.33.38 255.255.255.255 - network-object 221.202.160.233 255.255.255.255 - network-object 221.205.54.125 255.255.255.255 - network-object 221.217.44.248 255.255.255.255 - network-object 222.100.212.223 255.255.255.255 - network-object 222.121.118.144 255.255.255.255 - network-object 222.174.113.2 255.255.255.255 -exit - -object-group network id4388CFF8674.src.net.0 network-object 58.33.181.83 255.255.255.255 network-object 58.53.82.190 255.255.255.255 network-object 58.231.13.78 255.255.255.255 @@ -215,7 +159,7 @@ access-list outside_acl_in deny tcp any object-group id4390C25825682.dst.net.0 access-list inside_acl_in deny tcp any object-group id4390C25825682.dst.net.0 eq 25 ! ! Rule 5 (global) -access-list outside_acl_in deny ip object-group id4388CFF8674.src.net.0 any log 6 interval 300 +access-list outside_acl_in deny ip object-group id4390C25825682.dst.net.0 any log 6 interval 300 ! ! Rule 6 (global) access-list outside_acl_in deny ip object-group id4390C25825682.dst.net.0 any log 6 interval 300 diff --git a/test/pix/firewall4.fw.orig b/test/pix/firewall4.fw.orig index 7002eed34..e7c772072 100755 --- a/test/pix/firewall4.fw.orig +++ b/test/pix/firewall4.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:08 2011 PST by vadim +! Generated Sat Jan 22 10:05:54 2011 PST by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported @@ -79,14 +79,13 @@ clear xlate clear static clear global clear nat - clear access-list clear icmp clear telnet - clear conf object-group clear conf object + object-group service id3D79A1C2.srv.tcp.0 tcp port-object eq 22 port-object eq 80 diff --git a/test/pix/firewall50.fw.orig b/test/pix/firewall50.fw.orig index 6642aaae0..f8d387f6b 100755 --- a/test/pix/firewall50.fw.orig +++ b/test/pix/firewall50.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:09 2011 PST by vadim +! Generated Sat Jan 22 10:05:54 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported @@ -116,17 +116,15 @@ clear xlate clear config static clear config global clear config nat - clear config access-list dmz_acl_in clear config access-list inside_acl_in clear config access-list outside_acl_in - clear config icmp clear config telnet - clear conf object-group clear conf object + object-group network id45142FA628543.dst.net.0 network-object host 211.11.11.11 network-object host 211.22.22.22 diff --git a/test/pix/firewall6.fw.orig b/test/pix/firewall6.fw.orig index a43bca9d9..fdfedb54e 100755 --- a/test/pix/firewall6.fw.orig +++ b/test/pix/firewall6.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:09 2011 PST by vadim +! Generated Sat Jan 22 10:05:55 2011 PST by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported @@ -80,7 +80,6 @@ clear xlate clear static clear global clear nat - clear access-list clear icmp clear telnet diff --git a/test/pix/firewall8.fw.orig b/test/pix/firewall8.fw.orig index 007d0aee6..376b7b6e5 100755 --- a/test/pix/firewall8.fw.orig +++ b/test/pix/firewall8.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:10 2011 PST by vadim +! Generated Sat Jan 22 10:05:56 2011 PST by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall80.fw.orig b/test/pix/firewall80.fw.orig index 8f595b978..65835d1c9 100755 --- a/test/pix/firewall80.fw.orig +++ b/test/pix/firewall80.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:11 2011 PST by vadim +! Generated Sat Jan 22 10:05:56 2011 PST by vadim ! ! Compiled for pix 8.2 ! Outbound ACLs: supported @@ -90,14 +90,13 @@ clear xlate clear config static clear config global clear config nat - clear config access-list clear config icmp clear config telnet - clear conf object-group clear conf object + object-group icmp-type id19186X29796.srv.icmp.0 icmp-object 8 icmp-object 0 diff --git a/test/pix/firewall81.fw.orig b/test/pix/firewall81.fw.orig index bd23bfbdc..8637f3f0b 100755 --- a/test/pix/firewall81.fw.orig +++ b/test/pix/firewall81.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:11 2011 PST by vadim +! Generated Sat Jan 22 10:05:57 2011 PST by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported @@ -91,20 +91,12 @@ parameters clear xlate clear config nat - clear config access-list clear config icmp clear config telnet - clear conf object -object service http.0 - service tcp destination eq 80 -quit -object network hostA:eth0.0 - host 192.168.1.10 -quit object service http.0 service tcp destination eq 80 quit diff --git a/test/pix/firewall82.fw.orig b/test/pix/firewall82.fw.orig index abda79ec4..a092a48d2 100755 --- a/test/pix/firewall82.fw.orig +++ b/test/pix/firewall82.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:11 2011 PST by vadim +! Generated Sat Jan 22 10:05:57 2011 PST by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported @@ -91,20 +91,12 @@ parameters clear xlate clear config nat - clear config access-list clear config icmp clear config telnet - clear conf object -object service http.0 - service tcp destination eq 80 -quit -object network hostA:eth0.0 - host 192.168.1.10 -quit object service http.0 service tcp destination eq 80 quit diff --git a/test/pix/firewall83.fw.orig b/test/pix/firewall83.fw.orig index 4fb295d81..ec9231d90 100755 --- a/test/pix/firewall83.fw.orig +++ b/test/pix/firewall83.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:12 2011 PST by vadim +! Generated Sat Jan 22 10:05:57 2011 PST by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported @@ -89,20 +89,12 @@ parameters clear xlate clear config nat - clear config access-list clear config icmp clear config telnet - clear conf object -object service http.0 - service tcp destination eq 80 -quit -object network hostA:eth0.0 - host 192.168.1.10 -quit object service http.0 service tcp destination eq 80 quit diff --git a/test/pix/firewall9.fw.orig b/test/pix/firewall9.fw.orig index 4c2f863af..c088250d6 100755 --- a/test/pix/firewall9.fw.orig +++ b/test/pix/firewall9.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:12 2011 PST by vadim +! Generated Sat Jan 22 10:05:58 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall90.fw.orig b/test/pix/firewall90.fw.orig index 5ed1b75c3..281ea9309 100755 --- a/test/pix/firewall90.fw.orig +++ b/test/pix/firewall90.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:13 2011 PST by vadim +! Generated Sat Jan 22 10:05:58 2011 PST by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported @@ -92,14 +92,13 @@ parameters clear xlate clear config nat - clear config access-list clear config icmp clear config telnet - clear conf object-group clear conf object + object service http.0 service tcp destination eq 80 quit @@ -229,81 +228,6 @@ object-group network id77971X5929.tsrc.net.1 network-object object outside_range-1.0 network-object object external_gw2.0 exit -object service http.0 - service tcp destination eq 80 -quit - -object service smtp.0 - service tcp destination eq 25 -quit - -object service smtps.0 - service tcp destination eq 465 -quit - -object service squid.0 - service tcp destination eq 3128 -quit - -object network spamhost1.0 - host 61.150.47.112 -quit - -object network external_gw_1.0 - host 22.22.22.254 -quit - -object network external_gw2.0 - host 22.22.22.100 -quit - -object network spamhost2.0 - host 61.150.47.113 -quit - -object network hostA:eth0.0 - host 192.168.1.10 -quit - -object network Internal_net.0 - subnet 192.168.1.0 255.255.255.0 -quit - -object network internal_subnet_1.0 - subnet 192.168.1.0 255.255.255.192 -quit - -object network internal_subnet_2.0 - subnet 192.168.1.64 255.255.255.192 -quit - -object network ext_subnet.0 - subnet 22.22.22.128 255.255.255.224 -quit - -object network ext_subnet-192.0 - subnet 22.22.22.128 255.255.255.192 -quit - -object network test_range_1.0 - range 192.168.1.11 192.168.1.15 -quit - -object network outside_range.0 - range 22.22.22.21 22.22.22.25 -quit - -object network outside_range-1.0 - range 22.22.22.30 22.22.22.40 -quit - -object network firewall90:FastEthernet1:ip.0 - host 22.22.22.22 -quit - -object network firewall90:FastEthernet1:ip-1.0 - host 22.22.22.23 -quit object-group network id78630X30274.src.net.0 network-object 10.1.2.0 255.255.255.0 diff --git a/test/pix/firewall91.fw.orig b/test/pix/firewall91.fw.orig index 3aba43856..a6136f594 100755 --- a/test/pix/firewall91.fw.orig +++ b/test/pix/firewall91.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:13 2011 PST by vadim +! Generated Sat Jan 22 10:05:59 2011 PST by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported @@ -94,44 +94,12 @@ parameters clear xlate clear config nat - clear config access-list clear config icmp clear config telnet - clear conf object -object service http.0 - service tcp destination eq 80 -quit -object service https.0 - service tcp destination eq 443 -quit - -object service squid.0 - service tcp destination eq 3128 -quit - -object network external_gw2.0 - host 22.22.22.100 -quit - -object network hostA:eth0.0 - host 192.168.1.10 -quit - -object network internal_subnet_1.0 - subnet 192.168.1.0 255.255.255.192 -quit - -object network test_range_1.0 - range 192.168.1.11 192.168.1.15 -quit - -object network outside_range.0 - range 22.22.22.21 22.22.22.25 -quit object service http.0 service tcp destination eq 80 quit diff --git a/test/pix/firewall92.fw.orig b/test/pix/firewall92.fw.orig index 97a1dd6c3..395c659b9 100755 --- a/test/pix/firewall92.fw.orig +++ b/test/pix/firewall92.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:13 2011 PST by vadim +! Generated Sat Jan 22 10:05:59 2011 PST by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported @@ -89,14 +89,13 @@ parameters clear xlate clear config nat - clear config access-list clear config icmp clear config telnet - clear conf object-group clear conf object + object service http.0 service tcp destination eq 80 quit @@ -133,37 +132,6 @@ object-group network id20655X6113.osrc.net.0 network-object object internal_subnet_1.0 network-object object internal_subnet_2.0 exit -object service http.0 - service tcp destination eq 80 -quit - -object service smtp.0 - service tcp destination eq 25 -quit - -object network spamhost1.0 - host 61.150.47.112 -quit - -object network hostA:eth0.0 - host 192.168.1.10 -quit - -object network Internal_net.0 - subnet 192.168.1.0 255.255.255.0 -quit - -object network internal_subnet_1.0 - subnet 192.168.1.0 255.255.255.192 -quit - -object network internal_subnet_2.0 - subnet 192.168.1.64 255.255.255.192 -quit - -object network test_range_1.0 - range 192.168.1.11 192.168.1.15 -quit !################ diff --git a/test/pix/firewall93.fw.orig b/test/pix/firewall93.fw.orig index a987c054a..ee83556b3 100755 --- a/test/pix/firewall93.fw.orig +++ b/test/pix/firewall93.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:14 2011 PST by vadim +! Generated Sat Jan 22 10:06:00 2011 PST by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported @@ -91,9 +91,9 @@ service-policy global_policy global clear xlate clear config nat - clear conf object + object network dmz-range-1.0 range 172.16.0.10 172.16.0.15 quit diff --git a/test/pix/firewall94.fw.orig b/test/pix/firewall94.fw.orig index 89b5c34e5..7dc106b10 100755 --- a/test/pix/firewall94.fw.orig +++ b/test/pix/firewall94.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:14 2011 PST by vadim +! Generated Sat Jan 22 10:06:00 2011 PST by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported @@ -77,10 +77,10 @@ service-policy global_policy global clear config access-list clear config icmp clear config telnet - clear conf object-group clear conf object + object network inside-range-1.0 range 10.0.0.5 10.0.0.10 quit diff --git a/test/pix/fwsm1.fw.orig b/test/pix/fwsm1.fw.orig index 03ab7dc83..3eddee72e 100755 --- a/test/pix/fwsm1.fw.orig +++ b/test/pix/fwsm1.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:15 2011 PST by vadim +! Generated Sat Jan 22 10:06:01 2011 PST by vadim ! ! Compiled for fwsm 2.3 ! Outbound ACLs: supported @@ -98,17 +98,15 @@ clear xlate clear static clear global clear nat - clear access-list dmz_acl_in clear access-list inside_acl_in clear access-list outside_acl_in - clear icmp clear telnet - clear conf object-group clear conf object + object-group network id444A03DE9567.dst.net.0 network-object host 211.11.11.11 network-object host 211.22.22.22 diff --git a/test/pix/fwsm2.fw.orig b/test/pix/fwsm2.fw.orig index 6ba2ce0b9..fe55e3f9b 100755 --- a/test/pix/fwsm2.fw.orig +++ b/test/pix/fwsm2.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:15 2011 PST by vadim +! Generated Sat Jan 22 10:06:01 2011 PST by vadim ! ! Compiled for fwsm 4.x ! Outbound ACLs: supported @@ -111,17 +111,15 @@ clear xlate clear config static clear config global clear config nat - clear config access-list dmz_acl_in clear config access-list inside_acl_in clear config access-list outside_acl_in - clear config icmp clear config telnet - clear conf object-group clear conf object + object-group network id17298X54624.dst.net.0 network-object host 211.11.11.11 network-object host 211.22.22.22 diff --git a/test/pix/pix515.fw.orig b/test/pix/pix515.fw.orig index 3bccccdb2..5414930a4 100755 --- a/test/pix/pix515.fw.orig +++ b/test/pix/pix515.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:16 2011 PST by vadim +! Generated Sat Jan 22 10:06:02 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported @@ -88,10 +88,8 @@ clear xlate clear config static clear config global clear config nat - clear config access-list inside_acl_in clear config access-list outside_acl_in - clear config icmp clear config telnet diff --git a/test/pix/real.fw.orig b/test/pix/real.fw.orig index fc5099a9a..c22dd2a79 100755 --- a/test/pix/real.fw.orig +++ b/test/pix/real.fw.orig @@ -1,9 +1,9 @@ ! ! This is automatically generated file. DO NOT MODIFY ! ! -! Firewall Builder fwb_pix v4.2.0.3440 +! Firewall Builder fwb_pix v4.2.0.3441 ! -! Generated Thu Jan 20 17:13:16 2011 PST by vadim +! Generated Sat Jan 22 10:06:02 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported @@ -90,7 +90,6 @@ clear xlate clear static clear global clear nat - clear access-list clear icmp clear telnet diff --git a/test/procurve_acl/Makefile b/test/procurve_acl/Makefile new file mode 100644 index 000000000..280c2c97d --- /dev/null +++ b/test/procurve_acl/Makefile @@ -0,0 +1,17 @@ + +FW_OBJECTS := $(shell fwbedit list -f objects-for-regression-tests.fwb -o /User/Firewalls -c -F%name% | sort) +CL_OBJECTS := $(shell fwbedit list -f cluster-tests.fwb -o /User/Clusters -c -F%name% | sort) + + +$(FW_OBJECTS): + fwb_procurve_acl -f objects-for-regression-tests.fwb -xt $@ + +$(CL_OBJECTS): + fwb_procurve_acl -f cluster-tests.fwb -xt -xc $@ + +.PHONY: all firewalls clusters $(FW_OBJECTS) $(CL_OBJECTS) +all: firewalls clusters + +firewalls: $(FW_OBJECTS) + +clusters: $(CL_OBJECTS) diff --git a/test/procurve_acl/testhp1.fw.orig b/test/procurve_acl/testhp1.fw.orig index 615d3d2b3..13cd98b70 100755 --- a/test/procurve_acl/testhp1.fw.orig +++ b/test/procurve_acl/testhp1.fw.orig @@ -1,9 +1,9 @@ ; ; This is automatically generated file. DO NOT MODIFY ! ; -; Firewall Builder fwb_procurve_acl v4.2.0.3440 +; Firewall Builder fwb_procurve_acl v4.2.0.3441 ; -; Generated Thu Jan 20 16:26:46 2011 PST by vadim +; Generated Sat Jan 22 10:08:30 2011 PST by vadim ; ; Compiled for procurve_acl K.13 ; diff --git a/test/procurve_acl/testhp2.fw.orig b/test/procurve_acl/testhp2.fw.orig index ae9d0bf25..359f1056d 100755 --- a/test/procurve_acl/testhp2.fw.orig +++ b/test/procurve_acl/testhp2.fw.orig @@ -1,9 +1,9 @@ ; ; This is automatically generated file. DO NOT MODIFY ! ; -; Firewall Builder fwb_procurve_acl v4.2.0.3440 +; Firewall Builder fwb_procurve_acl v4.2.0.3441 ; -; Generated Thu Jan 20 16:26:47 2011 PST by vadim +; Generated Sat Jan 22 10:08:30 2011 PST by vadim ; ; Compiled for procurve_acl K.13 ; diff --git a/test/procurve_acl/testhp3.fw.orig b/test/procurve_acl/testhp3.fw.orig index edbffbeb6..c4b3529a1 100755 --- a/test/procurve_acl/testhp3.fw.orig +++ b/test/procurve_acl/testhp3.fw.orig @@ -1,9 +1,9 @@ ; ; This is automatically generated file. DO NOT MODIFY ! ; -; Firewall Builder fwb_procurve_acl v4.2.0.3440 +; Firewall Builder fwb_procurve_acl v4.2.0.3441 ; -; Generated Thu Jan 20 16:26:47 2011 PST by vadim +; Generated Sat Jan 22 10:08:30 2011 PST by vadim ; ; Compiled for procurve_acl K.13 ; diff --git a/test/procurve_acl/testhp4.fw.orig b/test/procurve_acl/testhp4.fw.orig index 1a191ad7b..5307afb39 100755 --- a/test/procurve_acl/testhp4.fw.orig +++ b/test/procurve_acl/testhp4.fw.orig @@ -1,9 +1,9 @@ ; ; This is automatically generated file. DO NOT MODIFY ! ; -; Firewall Builder fwb_procurve_acl v4.2.0.3440 +; Firewall Builder fwb_procurve_acl v4.2.0.3441 ; -; Generated Thu Jan 20 16:26:47 2011 PST by vadim +; Generated Sat Jan 22 10:08:30 2011 PST by vadim ; ; Compiled for procurve_acl K.13 ;