onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-19 01:37:17 +01:00
Code Issues Releases Wiki Activity

********************************

Browse Source 
Merge branch inet-addr-changes r61
********************************
This commit is contained in:
Vadim Kurland 2008-04-13 07:06:30 +00:00
parent 0c0a149c32
commit 58355d5aab
61 changed files with 1657 additions and 1617 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/cisco_lib/Helper.cpp
View File

@ -28,7 +28,7 @@
#include <fwbuilder/Interface.h>
#include <fwbuilder/ObjectGroup.h>
#include <fwbuilder/IPAddress.h>
#include <fwbuilder/InetAddr.h>
#include <fwbuilder/FWObjectDatabase.h>
#include <fwbuilder/RuleElement.h>
#include <fwbuilder/Rule.h>
@ -41,21 +41,6 @@ using namespace libfwbuilder;
using namespace fwcompiler;
using namespace std;
bool Helper::belongsTo(Address *obj, const IPAddress &a)
{
const IPNetwork n1( obj->getAddress() ,
(Interface::cast(obj))?Netmask("255.255.255.255"):obj->getNetmask() );
return n1.belongs(a);
}
bool Helper::belongsTo(Address *obj, Address *addr)
{
return belongsTo(obj,addr->getAddress());
}
static unsigned long calculateDimension(FWObject* obj)
{
if (Group::cast(obj)!=NULL) {
@ -118,14 +103,13 @@ string Helper::findInterfaceByAddress(libfwbuilder::Address *obj)
return findInterfaceByAddress(obj->getAddress());
}
string Helper::findInterfaceByAddress(const libfwbuilder::IPAddress &addr)
string Helper::findInterfaceByAddress(const libfwbuilder::InetAddr &addr)
{
Firewall *fw=compiler->fw;
list<FWObject*> l2=fw->getByType(Interface::TYPENAME);
for (list<FWObject*>::iterator i=l2.begin(); i!=l2.end(); ++i) {
Interface *iface=Interface::cast(*i);
IPNetwork n( iface->getAddress() , iface->getNetmask() );
if ( n.belongs( addr ) ) return iface->getId();
if ( iface->belongs( addr ) ) return iface->getId();
}
return "";
}
@ -135,7 +119,7 @@ string Helper::findInterfaceByNetzone(Address *obj)
return findInterfaceByNetzone(obj->getAddress());
}
string Helper::findInterfaceByNetzone(const IPAddress &addr) throw(string)
string Helper::findInterfaceByNetzone(const InetAddr &addr) throw(string)
{
Firewall *fw=compiler->fw;
map<string,FWObject*> zones;
@ -150,7 +134,7 @@ string Helper::findInterfaceByNetzone(const IPAddress &addr) throw(string)
j!=netzone->end(); ++j)
{
assert(Address::cast(*j)!=NULL);
if ( belongsTo( Address::cast(*j) , addr ) )
if (Address::cast(*j)->belongs(addr))
zones[(*i)->getId()]=netzone;
}
}
@ -249,7 +233,7 @@ list<string> Helper::findInterfaceByNetzoneOrAll(RuleElement *re)
string triplet::hash()
{
return string(src->getAddress()) + "." +
string(dst->getAddress()) + "." +
return src->getAddress().toString() + "." +
dst->getAddress().toString() + "." +
srv->getId();
}

12
src/cisco_lib/Helper.h
View File

@ -40,14 +40,6 @@ namespace fwcompiler {
{
fwcompiler::Compiler *compiler;
/**
* this methods checks if object addr belongs to network or address obj
*/
bool belongsTo(libfwbuilder::Address *obj,
const libfwbuilder::IPAddress &a);
bool belongsTo(libfwbuilder::Address *obj,
libfwbuilder::Address *addr);
public:
Helper(fwcompiler::Compiler *comp) { compiler=comp; }
@ -57,14 +49,14 @@ namespace fwcompiler {
* finds interface of the firewall to whose subnet object
* 'obj' belongs to. Returns interface ID
*/
std::string findInterfaceByAddress(const libfwbuilder::IPAddress &a);
std::string findInterfaceByAddress(const libfwbuilder::InetAddr &a);
std::string findInterfaceByAddress(libfwbuilder::Address *obj);
/**
* finds interface of the firewall associated with the netzone
* that object 'obj' belongs to. Returns interface ID
*/
std::string findInterfaceByNetzone(const libfwbuilder::IPAddress &a)
std::string findInterfaceByNetzone(const libfwbuilder::InetAddr &a)
throw(std::string);
std::string findInterfaceByNetzone(libfwbuilder::Address *obj);
std::list<std::string> findInterfaceByNetzoneOrAll(

4
src/cisco_lib/PolicyCompiler_cisco.cpp
View File

@ -409,7 +409,7 @@ bool PolicyCompiler_cisco::splitIfRuleElementMatchesFW::processNext()
Address *a=Address::cast(obj);
assert(a!=NULL);
// IPAddress obj_addr=a->getAddress();
// InetAddr obj_addr=a->getAddress();
if (cisco_comp->complexMatch(a,cisco_comp->fw)) {
@ -697,7 +697,7 @@ bool PolicyCompiler_cisco::splitByNetworkZonesForRE::processNext()
Address *a=Address::cast(obj);
assert(a!=NULL);
// IPAddress obj_addr=a->getAddress();
// InetAddr obj_addr=a->getAddress();
try
{

12
src/fwbedit/fwbedit.cpp
View File

@ -251,7 +251,7 @@ bool testIPv4(string s)
bool res=false;
try
{
IPAddress( s.c_str() );
InetAddr( s.c_str() );
res=true;
} catch (FWException &ex)
{ }
@ -682,7 +682,7 @@ int main(int argc, char * const *argv)
{
IPv4 *o=IPv4::cast(nobj);
o->setName(name);
o->setAddress(addr1);
o->setAddress(InetAddr(addr1));
}
}
@ -705,8 +705,8 @@ int main(int argc, char * const *argv)
FWObject *nobj=createObject(objtype,"/"+lib+"/"+systemGroupPaths[objtype]);
AddressRange *o=AddressRange::cast(nobj);
o->setName(name);
o->setRangeStart(IPAddress(addr1));
o->setRangeEnd(IPAddress(addr2));
o->setRangeStart(InetAddr(addr1));
o->setRangeEnd(InetAddr(addr2));
}
else if (objtype==ObjectGroup::TYPENAME)
@ -723,8 +723,8 @@ int main(int argc, char * const *argv)
FWObject *nobj=createObject(objtype,"/"+lib+"/"+systemGroupPaths[objtype]);
Network *o=Network::cast(nobj);
o->setName(name);
o->setAddress(addr1);
o->setNetmask(addr2);
o->setAddress(InetAddr(addr1));
o->setNetmask(InetNetmask(addr2));
}
else if (objtype==Firewall::TYPENAME)
{

9
src/fwblookup/fwblookup.cpp
View File

@ -316,9 +316,12 @@ int main(int argc, char * const *argv)
{
if (Host::isA(obj) || Firewall::isA(obj))
{
IPAddress ma=Host::cast(obj)->getManagementAddress();
if (ma!=IPAddress("0.0.0.0")) cout << ma.toString() << endl;
else {
InetAddr ma = Host::cast(obj)->getManagementAddress();
if (ma != InetAddr::getAny())
{
cout << ma.toString() << endl;
} else
{
SNPRINTF(errstr,sizeof(errstr),
_("Object %s (ID='%s') does not have management interface"),
obj->getName().c_str(),

8
src/gui/AddressRangeDialog.cpp
View File

@ -118,7 +118,7 @@ void AddressRangeDialog::validate(bool *res)
assert(s!=NULL);
try
{
IPAddress(m_dialog->rangeStart->text().toLatin1().constData());
InetAddr(m_dialog->rangeStart->text().toLatin1().constData());
} catch (FWException &ex)
{
*res=false;
@ -129,7 +129,7 @@ void AddressRangeDialog::validate(bool *res)
}
try
{
IPAddress(m_dialog->rangeEnd->text().toLatin1().constData());
InetAddr(m_dialog->rangeEnd->text().toLatin1().constData());
} catch (FWException &ex)
{
*res=false;
@ -161,8 +161,8 @@ void AddressRangeDialog::applyChanges()
obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) );
try
{
s->setRangeStart( IPAddress(m_dialog->rangeStart->text().toLatin1().constData()) );
s->setRangeEnd( IPAddress(m_dialog->rangeEnd->text().toLatin1().constData()) );
s->setRangeStart( InetAddr(m_dialog->rangeStart->text().toLatin1().constData()) );
s->setRangeEnd( InetAddr(m_dialog->rangeEnd->text().toLatin1().constData()) );
} catch (FWException &ex)
{

99
src/gui/DiscoveryDruid.cpp
View File

@ -64,7 +64,8 @@
#include "fwbuilder/IPv4.h"
#include "fwbuilder/Host.h"
#include "fwbuilder/Network.h"
#include "fwbuilder/IPAddress.h"
#include "fwbuilder/InetAddr.h"
#include "fwbuilder/InetAddrMask.h"
#include "fwbuilder/Firewall.h"
#include "fwbuilder/dns.h"
@ -620,7 +621,7 @@ void DiscoveryDruid::updatePrg()
void DiscoveryDruid::getNameServers()
{
multimap<string,libfwbuilder::IPAddress> ns_records;
multimap<string,libfwbuilder::InetAddr> ns_records;
string domain_name=m_dialog->domainname->text().toLatin1().constData();
DNS_getNS_query *dns=new DNS_getNS_query(domain_name);
@ -642,7 +643,7 @@ void DiscoveryDruid::getNameServers()
m_dialog->dnscustom->setChecked(true);
return ;
}
multimap<string,IPAddress>::iterator i;
multimap<string,InetAddr>::iterator i;
m_dialog->nameserverlist->clear();
NameServers.clear();
@ -653,7 +654,7 @@ void DiscoveryDruid::getNameServers()
QString qs = s.c_str();
m_dialog->nameserverlist->addItem(qs);
IPAddress *na=new IPAddress( (*i).second );
InetAddr *na=new InetAddr( (*i).second );
NameServers[qs] = *na;
}
}
@ -835,7 +836,7 @@ void DiscoveryDruid::startConfigImport()
}
}
IPAddress DiscoveryDruid::getNS()
InetAddr DiscoveryDruid::getNS()
{
string ns;
if (m_dialog->dnscustom->isChecked())
@ -844,17 +845,17 @@ IPAddress DiscoveryDruid::getNS()
try
{
return IPAddress(ns);
return InetAddr(ns);
} catch (FWException &ex)
{
/* perhaps not address but host name */
list<IPAddress> addr;
list<InetAddr> addr;
try
{
addr=DNS::getHostByName(ns);
} catch (FWException &ex)
{
return IPAddress();
return InetAddr();
}
return addr.front();
@ -866,7 +867,7 @@ IPAddress DiscoveryDruid::getNS()
void DiscoveryDruid::startDNSScan()
{
IPAddress ns=getNS();
InetAddr ns=getNS();
string domain_name=m_dialog->domainname->text().toLatin1().constData();
DNS_findA_query *q=new DNS_findA_query();
@ -893,14 +894,14 @@ void DiscoveryDruid::startDNSScan()
}
}
IPAddress DiscoveryDruid::getSeedHostAddress()
InetAddr DiscoveryDruid::getSeedHostAddress()
{
libfwbuilder::IPAddress seed_host_addr;
libfwbuilder::InetAddr seed_host_addr;
if (!m_dialog->seedhostname->text().isEmpty())
{
try
{
seed_host_addr=IPAddress(m_dialog->seedhostname->text().toLatin1().constData());
seed_host_addr=InetAddr(m_dialog->seedhostname->text().toLatin1().constData());
return seed_host_addr;
} catch(const FWException &ex)
{
@ -909,9 +910,9 @@ IPAddress DiscoveryDruid::getSeedHostAddress()
try
{
QString a = getAddrByName( m_dialog->seedhostname->text() );
return IPAddress( a.toLatin1().constData() );
return InetAddr( a.toLatin1().constData() );
#if 0
list<IPAddress> v=DNS::getHostByName( m_dialog->seedhostname->text().toLatin1().constData() );
list<InetAddr> v=DNS::getHostByName( m_dialog->seedhostname->text().toLatin1().constData() );
seed_host_addr = v.front();
return seed_host_addr;
#endif
@ -932,10 +933,10 @@ void DiscoveryDruid::startSNMPScan()
{
try
{
IPNetwork in(
IPAddress(m_dialog->snmpinaddr->text().toLatin1().constData()),
Netmask(m_dialog->snmpinmask->text().toLatin1().constData())
);
InetAddrMask in(
InetAddr(m_dialog->snmpinaddr->text().toLatin1().constData()),
InetNetmask(m_dialog->snmpinmask->text().toLatin1().constData())
);
include_networks.push_back(in);
}
catch (const FWException &ex)
@ -1013,12 +1014,12 @@ void DiscoveryDruid::changedNameServer()
return;
}
if(isIPAddress(s))
if(isInetAddr(s))
{
timer->stop();
m_dialog->DNSprogress_2->hide();
QString rs=testIPAddress(s);
QString rs=testInetAddr(s);
if (rs.isEmpty())
{
m_dialog->nameserver_error->setText(" ");
@ -1070,13 +1071,13 @@ void DiscoveryDruid::typedCustomNS()
}
}
bool DiscoveryDruid::isIPAddress(const QString s)
bool DiscoveryDruid::isInetAddr(const QString s)
{
QRegExp r=QRegExp("^(\\d|\\.)+$",Qt::CaseInsensitive); //non wildcard
return r.exactMatch(s);
}
QString DiscoveryDruid::testIPAddress(const QString s)
QString DiscoveryDruid::testInetAddr(const QString s)
{
QString res;
QRegExp r=QRegExp("^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",Qt::CaseInsensitive); //non wildcard
@ -1084,7 +1085,7 @@ QString DiscoveryDruid::testIPAddress(const QString s)
{
try
{
IPAddress(s.toLatin1().constData());
InetAddr(s.toLatin1().constData());
} catch(const FWException &ex)
{
res=ex.toString().c_str();
@ -1388,9 +1389,9 @@ void DiscoveryDruid::loadDataFromDNS()
DNS_findA_query *q=(DNS_findA_query*)bop;
Objects.clear();
map<string,set<IPAddress> > t = q->getResult();
map<string,set<InetAddr> > t = q->getResult();
for(map<string,set<IPAddress> >::iterator j = t.begin(); j!=t.end(); ++j)
for(map<string,set<InetAddr> >::iterator j = t.begin(); j!=t.end(); ++j)
{
ObjectDescriptor od;
od.addr = *((*j).second.begin());
@ -1476,8 +1477,8 @@ void DiscoveryDruid::loadDataFromCrawler()
Objects.clear();
Networks.clear();
set<IPNetwork>::iterator m;
set<IPNetwork> s = q->getNetworks();
set<InetAddrMask>::iterator m;
set<InetAddrMask> s = q->getNetworks();
if (fwbdebug)
qDebug(QString("got %1 networks").arg(s.size()).toAscii().constData());
@ -1486,16 +1487,16 @@ void DiscoveryDruid::loadDataFromCrawler()
{
ObjectDescriptor od;
od.sysname=(string)*m;
od.addr=m->getAddress();
od.netmask=m->getNetmask();
od.type=Network::TYPENAME;
od.isSelected=false;
od.sysname = m->toString();
od.addr = m->getAddress();
od.netmask = m->getNetmask();
od.type = Network::TYPENAME;
od.isSelected = false;
Networks[od.sysname.c_str()]= od ;
}
map<IPAddress, CrawlerFind> t = q->getAllIPs();
map<InetAddr, CrawlerFind> t = q->getAllIPs();
if (fwbdebug)
qDebug(QString("got %1 addresses").arg(t.size()).toAscii().constData());
@ -1504,7 +1505,7 @@ void DiscoveryDruid::loadDataFromCrawler()
m_dialog->discoveryprogress->setValue(0);
int cntr = 0;
map<IPAddress, CrawlerFind>::iterator j;
map<InetAddr, CrawlerFind>::iterator j;
for(j = t.begin(); j!=t.end(); ++j,++cntr)
{
m_dialog->discoveryprogress->setValue( cntr );
@ -1823,7 +1824,7 @@ void DiscoveryDruid::changedSeedHost()
}
else
{
if(isIPAddress(HostName))
if(isInetAddr(HostName))
{ // seems to be an IP Address
m_dialog->DNSprogress->hide();
timer->stop();
@ -1832,7 +1833,7 @@ void DiscoveryDruid::changedSeedHost()
{
try
{
IPAddress(HostName.toLatin1().constData());
InetAddr(HostName.toLatin1().constData());
QPalette palette = m_dialog->seedhosterror_message->palette();
palette.setColor(m_dialog->seedhosterror_message->foregroundRole(), Qt::darkGreen);
@ -1894,9 +1895,9 @@ void DiscoveryDruid::changedInclNet()
try
{
IPAddress a(m_dialog->snmpinaddr->text().toLatin1().constData());
Netmask n(m_dialog->snmpinmask->text().toLatin1().constData());
IPNetwork(a,n);
InetAddr a(m_dialog->snmpinaddr->text().toLatin1().constData());
InetNetmask n(m_dialog->snmpinmask->text().toLatin1().constData());
InetAddrMask(a,n);
m_dialog->confineerror_message->setText(" ");
isSNMPInclNetOK=true;
@ -2079,8 +2080,8 @@ void DiscoveryDruid::createRealObjects()
);
assert(net!=NULL);
net->setName(name);
net->setAddress(IPAddress(a));
net->setNetmask(Netmask(IPAddress(a)));
net->setAddress(InetAddr(a));
net->setNetmask(InetNetmask(InetAddr(a)));
mw->moveObject(m_dialog->libs->currentText(), net);
}
}
@ -2114,8 +2115,8 @@ void DiscoveryDruid::createRealObjects()
);
ipv4->setAddress(a);
ipv4->setNetmask("255.255.255.255");
ipv4->setAddress(InetAddr(a));
ipv4->setNetmask(InetNetmask());
} else
{
map<int,Interface>::const_iterator i;
@ -2162,8 +2163,8 @@ void DiscoveryDruid::createRealObjects()
);
assert(net!=NULL);
net->setName(name);
net->setAddress(IPAddress(a));
net->setNetmask(Netmask(IPAddress(a)));
net->setAddress(InetAddr(a));
net->setNetmask(InetNetmask(InetAddr(a)));
mw->moveObject(m_dialog->libs->currentText(), net);
}else if (type==IPv4::TYPENAME)
{
@ -2172,8 +2173,8 @@ void DiscoveryDruid::createRealObjects()
);
assert(obj!=NULL);
obj->setName(name);
obj->setAddress(IPAddress(a));
obj->setNetmask("255.255.255.255");
obj->setAddress(InetAddr(a));
obj->setNetmask(InetNetmask(InetAddr::getAllOnes()));
mw->moveObject(m_dialog->libs->currentText(), obj);
}
}
@ -2343,7 +2344,7 @@ void HostsFileImport::run()
*Log << "Discovery method:"
<< "Read file in hosts format. \n";
map<IPAddress, vector<string> > reverse_hosts;
map<InetAddr, vector<string> > reverse_hosts;
HostsFile *hf;
/*
* read hosts file here
@ -2377,7 +2378,7 @@ void HostsFileImport::run()
*/
hosts.clear();
map<IPAddress,vector<string> >::iterator i;
map<InetAddr,vector<string> >::iterator i;
int count=reverse_hosts.size();
int t=0;
for (i=reverse_hosts.begin(); i!=reverse_hosts.end(); ++i)

18
src/gui/DiscoveryDruid.h
View File

@ -38,7 +38,7 @@
#include "fwbuilder/Interface.h"
#include "fwbuilder/dns.h"
#include "fwbuilder/snmp.h"
#include "fwbuilder/IPAddress.h"
#include "fwbuilder/InetAddr.h"
#include "fwbuilder/Logger.h"
#include "FilterDialog.h"
@ -69,8 +69,8 @@ class ObjectDescriptor
string MAC_addr ;
libfwbuilder::HostEnt dns_info ;
libfwbuilder::IPAddress addr ;
libfwbuilder::Netmask netmask ;
libfwbuilder::InetAddr addr ;
libfwbuilder::InetNetmask netmask ;
ObjectDescriptor();
@ -194,8 +194,8 @@ private:
int FromPage;
QMap<QString,ObjectDescriptor> Objects;
QMap<QString,ObjectDescriptor> Networks;
QMap<QString,IPAddress> NameServers;
vector<libfwbuilder::IPNetwork> include_networks;
QMap<QString,InetAddr> NameServers;
vector<libfwbuilder::InetAddrMask> include_networks;
QTimer* timer;
QTimer* prg_timer;
@ -232,10 +232,10 @@ public:
void createRealObjects();
// void stripObjects();
void getNameServers();
IPAddress getNS();
IPAddress getSeedHostAddress();
bool isIPAddress(const QString s);
QString testIPAddress(const QString s);
InetAddr getNS();
InetAddr getSeedHostAddress();
bool isInetAddr(const QString s);
QString testInetAddr(const QString s);
virtual void customEvent(QEvent *event);

11
src/gui/IOSImporter.cpp
View File

@ -40,7 +40,7 @@
#include "fwbuilder/Resources.h"
#include "fwbuilder/Network.h"
#include "fwbuilder/Address.h"
#include "fwbuilder/IPAddress.h"
#include "fwbuilder/InetAddr.h"
#include "fwbuilder/IPService.h"
#include "fwbuilder/ICMPService.h"
#include "fwbuilder/TCPService.h"
@ -195,17 +195,14 @@ FWObject* IOSImporter::createAddress(const std::string &addr,
// invert netmask (this is IOS)
try
{
IPAddress orig_nm(netmask);
long nm = orig_nm.to32BitInt();
struct in_addr na;
na.s_addr = ~nm;
correct_nm = IPAddress(&na).toString();
InetAddr orig_nm(netmask);
correct_nm = (~orig_nm).toString();
return Importer::createAddress(addr, correct_nm);
} catch (FWException &ex)
{
markCurrentRuleBad(
std::string("Error converting netmask '") + netmask + "' (address " + addr + ")");
return Importer::createAddress(addr, "255.255.255.255");
return Importer::createAddress(addr, InetAddr::getAllOnes().toString());
}
}

8
src/gui/IPTImporter.cpp
View File

@ -48,7 +48,7 @@
#include "fwbuilder/Network.h"
#include "fwbuilder/Address.h"
#include "fwbuilder/AddressRange.h"
#include "fwbuilder/IPAddress.h"
#include "fwbuilder/InetAddr.h"
#include "fwbuilder/IPService.h"
#include "fwbuilder/ICMPService.h"
#include "fwbuilder/TCPService.h"
@ -727,9 +727,9 @@ void IPTImporter::pushNATRule()
addODst();
addOSrv();
if (src_nm.empty()) src_nm = "255.255.255.255";
if (dst_nm.empty()) dst_nm = "255.255.255.255";
if (nat_nm.empty()) nat_nm = "255.255.255.255";
if (src_nm.empty()) src_nm = InetAddr::getAllOnes().toString();
if (dst_nm.empty()) dst_nm = InetAddr::getAllOnes().toString();
if (nat_nm.empty()) nat_nm = InetAddr::getAllOnes().toString();
if (target=="ACCEPT")
{

12
src/gui/IPv4Dialog.cpp
View File

@ -155,7 +155,7 @@ void IPv4Dialog::validate(bool *res)
assert(s!=NULL);
try
{
IPAddress( m_dialog->address->text().toLatin1().constData() );
InetAddr( m_dialog->address->text().toLatin1().constData() );
} catch (FWException &ex)
{
*res=false;
@ -169,7 +169,7 @@ void IPv4Dialog::validate(bool *res)
{
try
{
Netmask( m_dialog->netmask->text().toLatin1().constData() );
InetNetmask( m_dialog->netmask->text().toLatin1().constData() );
} catch (FWException &ex)
{
*res=false;
@ -203,17 +203,19 @@ void IPv4Dialog::applyChanges()
try
{
s->setAddress( m_dialog->address->text().toLatin1().constData() );
s->setAddress(
InetAddr(m_dialog->address->text().toLatin1().constData()) );
} catch (FWException &ex) { }
if ( showNetmask )
{
try
{
s->setNetmask( m_dialog->netmask->text().toLatin1().constData() );
s->setNetmask(
InetNetmask(m_dialog->netmask->text().toLatin1().constData()) );
} catch (FWException &ex) { }
} else
s->setNetmask( "255.255.255.255" );
s->setNetmask(InetNetmask());
mw->updateObjName(obj,QString::fromUtf8(oldname.c_str()));

32
src/gui/Importer.cpp
View File

@ -246,8 +246,8 @@ void Importer::addInterfaceAddress(const std::string &a,
IPv4::TYPENAME,
aname);
current_interface->setUnnumbered(false);
IPv4::cast(nobj)->setAddress( a );
IPv4::cast(nobj)->setNetmask( nm );
IPv4::cast(nobj)->setAddress( InetAddr(a) );
IPv4::cast(nobj)->setNetmask( InetNetmask(nm) );
*logger << "Interface address: " << a << "/" << nm << "\n";
}
@ -395,17 +395,21 @@ void Importer::pushRule()
FWObject* Importer::makeSrcObj()
{
if ( (src_a=="" && src_nm=="") || (src_a=="0.0.0.0" && src_nm=="0.0.0.0"))
if ( (src_a=="" && src_nm=="") ||
(src_a==InetAddr::getAny().toString() &&
src_nm==InetAddr::getAny().toString()))
return NULL; // this is 'any'
if (src_nm=="") src_nm="255.255.255.255";
if (src_nm=="") src_nm=InetAddr::getAllOnes().toString();
return createAddress(src_a, src_nm);
}
FWObject* Importer::makeDstObj()
{
if ( (dst_a=="" && dst_nm=="") || (dst_a=="0.0.0.0" && dst_nm=="0.0.0.0"))
if ( (dst_a=="" && dst_nm=="") ||
(dst_a==InetAddr::getAny().toString() &&
dst_nm==InetAddr::getAny().toString()))
return NULL; // this is 'any'
if (dst_nm=="") dst_nm="255.255.255.255";
if (dst_nm=="") dst_nm=InetAddr::getAllOnes().toString();
return createAddress(dst_a, dst_nm);
}
@ -816,13 +820,13 @@ FWObject* Importer::createAddress(const std::string &addr,
std::string sig = std::string("addr-") + addr + "/" + netmask;
if (all_objects.count(sig)!=0) return all_objects[sig];
if ( netmask == "255.255.255.255" )
if ( netmask == InetAddr::getAllOnes().toString() )
{
Address *a;
std::string name = std::string("h-") + addr;
a = Address::cast(createObject(IPv4::TYPENAME, name));
a->setAddress( addr );
a->setNetmask( "255.255.255.255" );
a->setAddress(InetAddr(addr));
a->setNetmask(InetNetmask(InetAddr::getAllOnes()));
a->setComment(comment);
all_objects[sig] = a;
*logger << "Address object: " << name << "\n";
@ -834,7 +838,7 @@ FWObject* Importer::createAddress(const std::string &addr,
net = Network::cast(createObject(Network::TYPENAME, name));
try
{
net->setAddress( addr );
net->setAddress( InetAddr(addr) );
} catch (FWException &ex)
{
markCurrentRuleBad(
@ -843,7 +847,7 @@ FWObject* Importer::createAddress(const std::string &addr,
try
{
net->setNetmask( netmask );
net->setNetmask( InetNetmask(netmask) );
} catch (FWException &ex)
{
if (netmask.find('.')!=std::string::npos)
@ -862,7 +866,7 @@ FWObject* Importer::createAddress(const std::string &addr,
try
{
str >> nm_len;
net->setNetmask( Netmask(nm_len) );
net->setNetmask( InetNetmask(nm_len) );
} catch (std::exception& e)
{
// could not convert netmask as simple integer
@ -894,7 +898,7 @@ FWObject* Importer::createAddressRange(const std::string &addr1,
try
{
ar->setRangeStart( IPAddress(addr1) );
ar->setRangeStart( InetAddr(addr1) );
} catch (FWException &ex)
{
markCurrentRuleBad(
@ -903,7 +907,7 @@ FWObject* Importer::createAddressRange(const std::string &addr1,
try
{
ar->setRangeEnd( IPAddress(addr2) );
ar->setRangeEnd( InetAddr(addr2) );
} catch (FWException &ex)
{
markCurrentRuleBad(

25
src/gui/InterfaceData.cpp
View File

@ -30,7 +30,7 @@
#include "InterfaceData.h"
#include "fwbuilder/Resources.h"
#include "fwbuilder/IPAddress.h"
#include "fwbuilder/InetAddr.h"
using namespace libfwbuilder;
using namespace std;
@ -54,16 +54,17 @@ void InterfaceData::guessLabel(const string &platform)
if (!isDyn &&
!isUnnumbered &&
!isBridgePort &&
address=="127.0.0.1") label="loopback";
address == InetAddr::getLoopbackAddr().toString())
label="loopback";
}
void InterfaceData::guessSecurityLevel(const string &platform)
{
IPNetwork n10(IPAddress("10.0.0.0"),Netmask("255.0.0.0"));
IPNetwork n172(IPAddress("172.16.0.0"),Netmask("255.240.0.0"));
IPNetwork n192(IPAddress("192.168.0.0"),Netmask("255.255.0.0"));
InetAddrMask n10(InetAddr("10.0.0.0"), InetNetmask("255.0.0.0"));
InetAddrMask n172(InetAddr("172.16.0.0"), InetNetmask("255.240.0.0"));
InetAddrMask n192(InetAddr("192.168.0.0"), InetNetmask("255.255.0.0"));
securityLevel=-1;
@ -89,14 +90,14 @@ void InterfaceData::guessSecurityLevel(const string &platform)
llbl=="internal_net" ||
llbl=="internal net" ) securityLevel=100;
if ( address=="127.0.0.1") securityLevel=100;
if ( name=="Null0" ) securityLevel=100;
if ( address==InetAddr::getLoopbackAddr().toString()) securityLevel=100;
if ( name=="Null0" ) securityLevel=100;
if (securityLevel==-1 && !isDyn && !isUnnumbered && !isBridgePort)
{
if (n10.belongs( IPAddress( address ) )) securityLevel=100;
if (n172.belongs( IPAddress( address ) )) securityLevel=100;
if (n192.belongs( IPAddress( address ) )) securityLevel=100;
if (n10.belongs( InetAddr( address ) )) securityLevel=100;
if (n172.belongs( InetAddr( address ) )) securityLevel=100;
if (n192.belongs( InetAddr( address ) )) securityLevel=100;
}
if (isDyn || isUnnumbered || isBridgePort) securityLevel=0;
@ -141,13 +142,13 @@ void InterfaceData::guessSecurityLevel(const string &platform,
if (ifaces.size()==2)
{
if (ifaces.front().address=="127.0.0.1")
if (ifaces.front().address==InetAddr::getLoopbackAddr().toString())
{
ifaces.front().securityLevel=100;
ifaces.back().securityLevel=0;
} else
{
if (ifaces.back().address=="127.0.0.1")
if (ifaces.back().address==InetAddr::getLoopbackAddr().toString())
{
ifaces.front().securityLevel=0;
ifaces.back().securityLevel=100;

10
src/gui/NetworkDialog.cpp
View File

@ -114,7 +114,7 @@ void NetworkDialog::validate(bool *res)
assert(s!=NULL);
try
{
IPAddress( m_dialog->address->text().toLatin1().constData() );
InetAddr( m_dialog->address->text().toLatin1().constData() );
} catch (FWException &ex)
{
*res=false;
@ -125,7 +125,7 @@ void NetworkDialog::validate(bool *res)
}
try
{
Netmask( m_dialog->netmask->text().toLatin1().constData() );
InetNetmask( m_dialog->netmask->text().toLatin1().constData() );
} catch (FWException &ex)
{
*res=false;
@ -156,8 +156,10 @@ void NetworkDialog::applyChanges()
obj->setComment( string(m_dialog->comment->toPlainText().toUtf8().constData()) );
try
{
s->setAddress( m_dialog->address->text().toLatin1().constData() );
s->setNetmask( m_dialog->netmask->text().toLatin1().constData() );
s->setAddress(
InetAddr(m_dialog->address->text().toLatin1().constData()) );
s->setNetmask(
InetNetmask(m_dialog->netmask->text().toLatin1().constData()) );
} catch (FWException &ex)
{
/* exception thrown if user types illegal m_dialog->address or m_dialog->netmask */

3
src/gui/fwbuilder_ph.h
View File

@ -2,6 +2,8 @@
#include "utils.h"
#include "config.h"
#include <iostream>
#include "fwbuilder/InetAddr.h"
#include "fwbuilder/InetAddrMask.h"
#include "fwbuilder/Firewall.h"
#include <qcheckbox.h>
#include <qcombobox.h>
@ -104,7 +106,6 @@
#include <functional>
#include <qprinter.h>
#include <qrect.h>
#include "fwbuilder/IPAddress.h"
#include <ios>
#include <qwidget.h>
#include <qtablewidget.h>

3
src/gui/instDialog.cpp
View File

@ -766,7 +766,8 @@ bool instDialog::doInstallPage(Firewall* f)
.arg(cnf.fwobj->getName().c_str()).toLatin1().constData() );
return false;
}
if ((cnf.maddr == "" || cnf.maddr == "0.0.0.0"))
if (cnf.maddr == "" ||
cnf.maddr == QString(InetAddr::getAny().toString().c_str()))
{
addToLog(
QObject::tr("Management interface does not have IP address, can not communicate with the firewall.") );

18
src/gui/newFirewallDialog.cpp
View File

@ -256,14 +256,14 @@ void newFirewallDialog::getInterfacesViaSNMP()
getInterfacesBusy = true;
IPAddress addr;
InetAddr addr;
QString name=m_dialog->obj_name->text().toLatin1().constData();
try
{
QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) );
QString a = getAddrByName(name);
QApplication::restoreOverrideCursor();
addr = a.toAscii().constData();
addr = InetAddr(a.toAscii().constData());
} catch (FWException &ex)
{
QMessageBox::warning(
@ -587,13 +587,15 @@ void newFirewallDialog::addInterface()
addr = m_dialog->iface_addr->text();
netm = m_dialog->iface_netmask->text();
if (addr.isEmpty()) addr="0.0.0.0";
if (netm.isEmpty()) netm="0.0.0.0";
if (addr.isEmpty())
addr = QString(InetAddr::getAny().toString().c_str());
if (netm.isEmpty())
netm = QString(InetAddr::getAny().toString().c_str());
try
{
IPAddress(addr.toLatin1().constData());
Netmask(netm.toLatin1().constData());
InetAddr(addr.toLatin1().constData());
InetNetmask(netm.toLatin1().constData());
}
catch (FWException &ex)
{
@ -809,8 +811,8 @@ void newFirewallDialog::finishClicked()
{
QString addrname=QString("%1:%2:ip").arg(m_dialog->obj_name->text()).arg(name);
IPv4 *oa = IPv4::cast(mw->createObject(oi, IPv4::TYPENAME,addrname));
oa->setAddress( addr.toLatin1().constData() );
oa->setNetmask( netmask.toLatin1().constData() );
oa->setAddress( InetAddr(addr.toLatin1().constData()) );
oa->setNetmask( InetNetmask(netmask.toLatin1().constData()) );
}
// updateObjName has a side effect: it causes redraw of the ruleset
// views in the main window

21
src/gui/newHostDialog.cpp
View File

@ -248,14 +248,14 @@ void newHostDialog::getInterfacesViaSNMP()
getInterfacesBusy = true;
IPAddress addr;
InetAddr addr;
QString name=m_dialog->obj_name->text().toLatin1().constData();
try
{
QApplication::setOverrideCursor( QCursor( Qt::WaitCursor) );
QString a = getAddrByName(name);
QApplication::restoreOverrideCursor();
addr = a.toAscii().constData();
addr = InetAddr(a.toAscii().constData());
} catch (FWException &ex)
{
QMessageBox::warning(
@ -489,18 +489,21 @@ void newHostDialog::addInterface()
QString addr;
QString netm;
if (!m_dialog->iface_dyn->isChecked() && !m_dialog->iface_unnum->isChecked())
if (!m_dialog->iface_dyn->isChecked() &&
!m_dialog->iface_unnum->isChecked())
{
addr = m_dialog->iface_addr->text();
netm = m_dialog->iface_netmask->text();
if (addr.isEmpty()) addr="0.0.0.0";
if (netm.isEmpty()) netm="0.0.0.0";
if (addr.isEmpty())
addr = QString(InetAddr::getAny().toString().c_str());
if (netm.isEmpty())
netm = QString(InetAddr::getAny().toString().c_str());
try
{
IPAddress(addr.toLatin1().constData());
Netmask(netm.toLatin1().constData());
InetAddr(addr.toLatin1().constData());
InetNetmask(netm.toLatin1().constData());
}
catch (FWException &ex)
{
@ -628,8 +631,8 @@ void newHostDialog::finishClicked()
IPv4 *oa = IPv4::cast(
mw->createObject(oi, IPv4::TYPENAME,addrname)
);
oa->setAddress( addr.toLatin1().constData() );
oa->setNetmask( netmask.toLatin1().constData() );
oa->setAddress( InetAddr(addr.toLatin1().constData()) );
oa->setNetmask( InetNetmask(netmask.toLatin1().constData()) );
}
mw->updateObjName(oi,"","",false);

18
src/iosacl/PolicyCompiler_iosacl.cpp
View File

@ -109,14 +109,14 @@ int PolicyCompiler_iosacl::prolog()
{
if (netmask.find(".")!=string::npos)
{
Netmask nm(netmask);
nm.to32BitInt(); // to avoid warning abt unused var
InetNetmask nm(netmask);
nm.getLength(); // to avoid warning abt unused var
} else
{
int nm_length;
istringstream str(netmask);
str >> nm_length;
Netmask nm(nm_length);
InetNetmask nm(nm_length);
netmask = nm.toString();
}
} catch(FWException &ex)
@ -127,8 +127,8 @@ int PolicyCompiler_iosacl::prolog()
try
{
IPAddress a(addr);
a.to32BitInt();
InetAddr a(addr);
a.isAny();
} catch(FWException &ex)
{
abort("Invalid address for management subnet: '"+addr+"'");
@ -143,10 +143,10 @@ int PolicyCompiler_iosacl::prolog()
// cisco uses "wildcards" instead of netmasks
long nm = Netmask(netmask).to32BitInt();
struct in_addr na;
na.s_addr = ~nm;
IPAddress nnm(&na);
//long nm = InetNetmask(netmask).to32BitInt();
//struct in_addr na;
//na.s_addr = ~nm;
InetAddr nnm( ~(InetNetmask(netmask)) );
output << clearACLcmd << " " << temp_acl << endl;
output << "ip access-list extended " << temp_acl << endl;

20
src/iosacl/PolicyCompiler_iosacl_writers.cpp
View File

@ -371,8 +371,8 @@ string PolicyCompiler_iosacl::PrintRule::_printAddr(libfwbuilder::Address *o)
{
ostringstream str;
IPAddress srcaddr=o->getAddress();
Netmask srcmask=o->getNetmask();
InetAddr srcaddr=o->getAddress();
InetNetmask srcmask=o->getNetmask();
if (Interface::cast(o)!=NULL)
{
@ -382,18 +382,18 @@ string PolicyCompiler_iosacl::PrintRule::_printAddr(libfwbuilder::Address *o)
return string("interface ") + interface_->getLabel() + " ";
}
srcmask=Netmask("255.255.255.255");
srcmask=InetNetmask(InetAddr::getAllOnes());
}
if (IPv4::cast(o)!=NULL)
srcmask=Netmask("255.255.255.255");
srcmask=InetNetmask(InetAddr::getAllOnes());
if (srcaddr.toString()=="0.0.0.0" && srcmask.toString()=="0.0.0.0")
if (srcaddr.isAny() && srcmask.isAny())
{
str << "any ";
} else {
if (srcmask.toString()=="255.255.255.255")
if (srcmask.isHostMask())
{
str << "host " << srcaddr.toString() << " ";
} else
@ -402,10 +402,10 @@ string PolicyCompiler_iosacl::PrintRule::_printAddr(libfwbuilder::Address *o)
// cisco uses "wildcards" instead of netmasks
long nm = srcmask.to32BitInt();
struct in_addr na;
na.s_addr = ~nm;
IPAddress nnm(&na);
//long nm = srcmask.to32BitInt();
//struct in_addr na;
//na.s_addr = ~nm;
InetAddr nnm( ~srcmask );
str << nnm.toString() << " ";
}

2
src/ipf/ipf.cpp
View File

@ -319,7 +319,7 @@ int main(int argc, char * const *argv)
for (list<FWObject*>::iterator j=la.begin(); j!=la.end(); ++j)
{
IPv4 *ipv4 = IPv4::cast(*j);
if ( ipv4->getAddress().toString()=="0.0.0.0")
if ( ipv4->getAddress() == InetAddr::getAny())
{
char errstr[256];
sprintf(errstr,

2
src/ipfw/ipfw.cpp
View File

@ -286,7 +286,7 @@ int main(int argc, char * const *argv)
for (list<FWObject*>::iterator j=la.begin(); j!=la.end(); ++j)
{
IPv4 *ipv4 = IPv4::cast(*j);
if ( ipv4->getAddress().toString()=="0.0.0.0")
if ( ipv4->getAddress() == InetAddr::getAny())
{
char errstr[256];
sprintf(errstr,

58
src/ipt/NATCompiler_PrintRule.cpp
View File

@ -453,37 +453,39 @@ string NATCompiler_ipt::PrintRule::_printAddr(Address *o,bool print_mask,bool p
assert(atrt==NULL);
}
IPAddress addr=o->getAddress();
Netmask mask=o->getNetmask();
Interface *iface;
if ( (iface=Interface::cast(o))!=NULL )
if (print_range && AddressRange::cast(o)!=NULL)
{
if (iface->isDyn() && iface->getBool("use_var_address"))
{
ostr << "$" << ipt_comp->getInterfaceVarName(iface) << " ";
return ostr.str();
}
// if (Interface::cast(o)->isDyn()) return;
mask=Netmask("255.255.255.255");
}
if (IPv4::cast(o)!=NULL)
{
mask=Netmask("255.255.255.255");
}
if (print_range && AddressRange::cast(o)!=NULL) {
IPAddress a1=AddressRange::cast(o)->getRangeStart();
IPAddress a2=AddressRange::cast(o)->getRangeEnd();
InetAddr a1 = AddressRange::cast(o)->getRangeStart();
InetAddr a2 = AddressRange::cast(o)->getRangeEnd();
ostr << a1.toString() << "-" << a2.toString();
} else {
if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0") {
} else
{
const InetAddr& addr=o->getAddress();
const InetNetmask& mask=o->getNetmask();
if (addr == InetAddr::getAny() && mask == InetAddr::getAny())
{
ostr << "0/0";
} else {
} else
{
Interface *iface;
if ( (iface=Interface::cast(o))!=NULL )
{
if (iface->isDyn() && iface->getBool("use_var_address"))
{
ostr << "$" << ipt_comp->getInterfaceVarName(iface) << " ";
return ostr.str();
}
ostr << addr.toString();
return ostr.str();
}
ostr << addr.toString();
if (print_mask && mask.toString()!="255.255.255.255") {
ostr << "/" << mask.getLength();
}
if (print_mask && IPv4::cast(o)==NULL && !mask.isHostMask())
{
ostr << "/" << mask.getLength();
}
}
}
return ostr.str();
@ -571,7 +573,7 @@ bool NATCompiler_ipt::PrintRule::processNext()
* fool-proof: this is last resort check for situation when user created IPv4 object
* for the interface but left it with empty address ( 0.0.0.0 ).
*/
if ( ! physaddress.empty() && osrc->getAddress()==IPAddress("0.0.0.0"))
if ( ! physaddress.empty() && osrc->getAddress()==InetAddr())
{
;
} else

27
src/ipt/NATCompiler_ipt.cpp
View File

@ -221,21 +221,21 @@ bool NATCompiler_ipt::ConvertLoadBalancingRules::processNext()
{
RuleElementTDst *tdst=rule->getTDst(); assert(tdst);
list<IPAddress> al;
list<const InetAddr*> al;
for(list<FWObject*>::iterator i=tdst->begin(); i!=tdst->end(); i++)
{
FWObject *o= *i;
FWObject *obj = NULL;
if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer();
Address *a=Address::cast(obj);
Address *a = Address::cast(obj);
al.push_back( a->getAddress() );
al.push_back( a->getAddressPtr() );
}
al.sort();
IPAddress a1=al.front();
list<IPAddress>::iterator j=al.begin();
const InetAddr* a1 = al.front();
list<const InetAddr*>::iterator j=al.begin();
j++;
for ( ; j!=al.end(); j++)
@ -244,21 +244,23 @@ bool NATCompiler_ipt::ConvertLoadBalancingRules::processNext()
* big endian/little endian conversion for me
*/
AddressRange tar;
tar.setRangeStart( a1 );
tar.setRangeEnd( *j );
tar.setRangeStart( *a1 );
tar.setRangeEnd( *(*j) );
if ( tar.dimension() != 2 )
{
compiler->abort(
string( _("Non-contiguous address range in Translated Destination in load balancing NAT rule ") )+
rule->getLabel());
}
a1= *j;
a1 = *j;
}
AddressRange *ar= AddressRange::cast(compiler->dbcopy->create(AddressRange::TYPENAME) );
ar->setRangeStart( al.front() );
ar->setRangeEnd( al.back() );
ar->setName(string("%")+al.front().toString()+"-"+al.back().toString()+"%" );
AddressRange *ar = AddressRange::cast(
compiler->dbcopy->create(AddressRange::TYPENAME) );
ar->setRangeStart( *(al.front()) );
ar->setRangeEnd( *(al.back()) );
ar->setName(string("%")+al.front()->toString()
+"-"+al.back()->toString()+"%" );
compiler->cacheObj(ar); // to keep cache consistent
compiler->dbcopy->add(ar,false);
tdst->clearChildren();
@ -2023,7 +2025,6 @@ bool NATCompiler_ipt::processMultiAddressObjectsInRE::processNext()
dynamic_cast<OSConfigurator_linux24*>(compiler->osconfigurator);
RuleElement *re=RuleElement::cast( rule->getFirstByType(re_type) );
bool neg = re->getNeg();
if (re->size()==1)
{

26
src/ipt/OSConfigurator_linux24.cpp
View File

@ -28,6 +28,8 @@
#include "OSConfigurator_linux24.h"
#include "fwbuilder/InetAddr.h"
#include "fwbuilder/Firewall.h"
#include "fwbuilder/FWOptions.h"
#include "fwbuilder/Interface.h"
@ -199,29 +201,25 @@ void OSConfigurator_linux24::addVirtualAddressForNAT(const Network *nw)
if ( options->getBool("manage_virtual_addr") )
{
if (virtual_addresses.empty() ||
find(virtual_addresses.begin(),virtual_addresses.end(),nw->getAddress())==virtual_addresses.end())
find(virtual_addresses.begin(),virtual_addresses.end(),
nw->getAddress())==virtual_addresses.end())
{
Interface *iface=findInterfaceFor( nw, fw );
if (iface!=NULL)
{
IPNetwork n( nw->getAddress() , nw->getNetmask() );
IPAddress a;
const InetAddr& a = nw->getAddress();
string str, subnet, first, last;
a=nw->getAddress() +1;
first = a.toString();
a = n.getBroadcastAddress() -1;
last = a.toString();
first = (a + 1).toString();
last = (nw->getBroadcastAddress() -1).toString();
ostr << endl;
ostr << "a=\"" << first << "\"" << endl;
ostr << "while test \"$a\" != \"" << last << "\"; do" << endl;
ostr << " add_addr ${a} " << nw->getNetmask().getLength() << " "
<< iface->getName() << endl;
ostr << " add_addr ${a} " << nw->getNetmask().getLength()
<< " " << iface->getName() << endl;
ostr << endl;
ostr << " OIFS=$IFS" << endl;
@ -254,7 +252,8 @@ void OSConfigurator_linux24::addVirtualAddressForNAT(const Address *addr)
if ( options->getBool("manage_virtual_addr") )
{
if (virtual_addresses.empty() ||
find(virtual_addresses.begin(),virtual_addresses.end(),addr->getAddress())==virtual_addresses.end())
find(virtual_addresses.begin(),virtual_addresses.end(),
addr->getAddress())==virtual_addresses.end())
{
IPv4 *iaddr=IPv4::cast( findAddressFor(addr, fw ) );
if (iaddr!=NULL)
@ -269,7 +268,8 @@ void OSConfigurator_linux24::addVirtualAddressForNAT(const Address *addr)
virtual_addresses.push_back(addr->getAddress());
registerVirtualAddressForNat();
} else
warning(_("Can not add virtual address ") + addr->getAddress().toString() +
warning(_("Can not add virtual address ") +
addr->getAddress().toString() +
_(" (object ") + addr->getName() + ")" );
}
commands_to_add_virtual_addresses.push_back(ostr.str());

6
src/ipt/OSConfigurator_linux24.h
View File

@ -42,9 +42,9 @@ namespace fwcompiler {
class OSConfigurator_linux24 : public OSConfigurator {
OSData os_data;
std::map<std::string,std::string> address_table_objects;
std::vector<libfwbuilder::IPAddress> virtual_addresses;
std::list<std::string> commands_to_add_virtual_addresses;
std::map<std::string,std::string> address_table_objects;
std::vector<libfwbuilder::InetAddr> virtual_addresses;
std::list<std::string> commands_to_add_virtual_addresses;
std::string getInterfaceVarName(libfwbuilder::FWObject *iface);

39
src/ipt/PolicyCompiler_PrintRule.cpp
View File

@ -906,40 +906,18 @@ string PolicyCompiler_ipt::PrintRule::_printAddr(Address *o)
return ostr.str();
}
IPAddress addr;
Netmask mask;
try {
addr=o->getAddress();
const InetAddr& addr = o->getAddress();
const InetNetmask& mask = o->getNetmask();
if (Interface::cast(o)!=NULL || IPv4::cast(o)!=NULL) mask=Netmask("255.255.255.255");
else mask=o->getNetmask();
}
catch (FWException ex)
{
FWObject *obj=o;
/*
* check if this is object of class Address. since we want to
* distinguish between Host, Interface and Address, and both Host and
* Interface are inherited from Address, we can't use cast. Use isA
* instead
*/
while (obj!=NULL &&
!Host::isA(obj) &&
!Firewall::isA(obj) &&
!Network::isA(obj)) obj=obj->getParent();
compiler->error(_("Problem with address or netmask in the object or one of its interfaces: '")+obj->getName()+"'");
throw;
}
if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0")
if (addr.isAny() && mask.isAny())
{
ostr << "0/0 ";
} else
{
ostr << addr.toString();
if (mask.toString()!="255.255.255.255")
if (Interface::cast(o)==NULL && IPv4::cast(o)==NULL &&
!mask.isHostMask())
{
ostr << "/" << mask.getLength();
}
@ -1080,7 +1058,6 @@ PolicyCompiler_ipt::PrintRule::PrintRule(const std::string &name) : PolicyRulePr
bool PolicyCompiler_ipt::PrintRule::processNext()
{
PolicyCompiler_ipt *ipt_comp=dynamic_cast<PolicyCompiler_ipt*>(compiler);
PolicyRule *rule =getNext();
if (rule==NULL) return false;
@ -1147,7 +1124,7 @@ string PolicyCompiler_ipt::PrintRule::PolicyRuleToString(PolicyRule *rule)
* fool-proof: this is last resort check for situation when user created IPv4 object
* for the interface but left it with empty address ( 0.0.0.0 ).
*/
if ( ! physaddress.empty() && src->getAddress()==IPAddress("0.0.0.0"))
if ( ! physaddress.empty() && src->getAddress()==InetAddr())
{
;
} else
@ -1202,7 +1179,7 @@ string PolicyCompiler_ipt::PrintRule::_declareTable()
string PolicyCompiler_ipt::PrintRule::_flushAndSetDefaultPolicy()
{
PolicyCompiler_ipt *ipt_comp = dynamic_cast<PolicyCompiler_ipt*>(compiler);
// PolicyCompiler_ipt *ipt_comp = dynamic_cast<PolicyCompiler_ipt*>(compiler);
FWOptions *fwopt = compiler->getCachedFwOpt();
ostringstream res;

1
src/ipt/PolicyCompiler_PrintRuleIptRst.cpp
View File

@ -135,7 +135,6 @@ string PolicyCompiler_ipt::PrintRuleIptRst::_declareTable()
string PolicyCompiler_ipt::PrintRuleIptRst::_flushAndSetDefaultPolicy()
{
PolicyCompiler_ipt *ipt_comp=dynamic_cast<PolicyCompiler_ipt*>(compiler);
ostringstream res;
res << ":INPUT DROP [0:0]" << endl;

1
src/ipt/PolicyCompiler_PrintRuleIptRstEcho.cpp
View File

@ -101,7 +101,6 @@ string PolicyCompiler_ipt::PrintRuleIptRstEcho::_declareTable()
string PolicyCompiler_ipt::PrintRuleIptRstEcho::_flushAndSetDefaultPolicy()
{
PolicyCompiler_ipt *ipt_comp=dynamic_cast<PolicyCompiler_ipt*>(compiler);
ostringstream res;
res << "echo :INPUT DROP [0:0]" << endl;

33
src/ipt/PolicyCompiler_ipt.cpp
View File

@ -340,8 +340,8 @@ int PolicyCompiler_ipt::prolog()
bcast255=Address::cast(dbcopy->create(IPv4::TYPENAME) );
bcast255->setId(BCAST_255_OBJ_ID);
bcast255->setName("Broadcast_addr");
bcast255->setAddress("255.255.255.255");
bcast255->setNetmask("255.255.255.255");
bcast255->setAddress(InetAddr::getAllOnes());
bcast255->setNetmask(InetNetmask(InetAddr::getAllOnes()));
dbcopy->add(bcast255);
cacheObj(bcast255);
@ -1707,23 +1707,25 @@ bool PolicyCompiler_ipt::splitIfIfaceAndDirectionBoth::processNext()
return true;
}
bool PolicyCompiler_ipt::bridgingFw::checkForMatchingBroadcastAndMulticast(Address *addr)
bool PolicyCompiler_ipt::bridgingFw::checkForMatchingBroadcastAndMulticast(
Address *addr)
{
IPAddress obj1_addr=addr->getAddress();
if (obj1_addr!=IPAddress("0.0.0.0") &&
const InetAddr& obj1_addr = addr->getAddress();
if (!obj1_addr.isAny() &&
(obj1_addr.isBroadcast() || obj1_addr.isMulticast())
) return true;
FWObjectTypedChildIterator j=compiler->fw->findByType(Interface::TYPENAME);
for ( ; j!=j.end(); ++j )
FWObjectTypedChildIterator j= compiler->fw->findByType(Interface::TYPENAME);
for ( ; j!=j.end(); ++j )
{
Interface *iface=Interface::cast(*j);
Interface *iface = Interface::cast(*j);
if ( iface->isRegular() )
{
FWObjectTypedChildIterator k=iface->findByType(IPv4::TYPENAME);
for ( ; k!=k.end(); ++k ) {
IPv4 *ipv4=IPv4::cast(*k);
FWObjectTypedChildIterator k = iface->findByType(IPv4::TYPENAME);
for ( ; k!=k.end(); ++k )
{
IPv4 *ipv4 = IPv4::cast(*k);
/*
* bug #780345: if interface has netmask 255.255.255.255, its own
@ -1736,7 +1738,8 @@ bool PolicyCompiler_ipt::bridgingFw::checkForMatchingBroadcastAndMulticast(Addre
* interface, and the netmask is 255.255.255.255, then we get positive
* match because this routine interprets this address as a broadcast.
*/
if (ipv4->getNetmask()==Netmask("255.255.255.255")) continue;
if (ipv4->getNetmask().isHostMask())
continue;
/*
* commented out to fix bug #637694 - "bridge enbaled / management"
* Rule where firewall was in destination, and bridging option was on,
@ -1745,9 +1748,8 @@ bool PolicyCompiler_ipt::bridgingFw::checkForMatchingBroadcastAndMulticast(Addre
if ( ipv4->getAddress()==obj1_addr ) return true;
*/
IPNetwork n( ipv4->getAddress() , ipv4->getNetmask() );
if (n.getAddress()==obj1_addr) return true;
if (n.getBroadcastAddress()==obj1_addr) return true;
if (ipv4->getNetworkAddress() == obj1_addr) return true;
if (ipv4->getBroadcastAddress() == obj1_addr) return true;
}
}
}
@ -3467,7 +3469,6 @@ bool PolicyCompiler_ipt::processMultiAddressObjectsInRE::processNext()
dynamic_cast<OSConfigurator_linux24*>(compiler->osconfigurator);
RuleElement *re=RuleElement::cast( rule->getFirstByType(re_type) );
bool neg = re->getNeg();
if (re->size()==1)
{

2
src/ipt/RoutingCompiler_ipt.cpp
View File

@ -56,8 +56,6 @@ using namespace libfwbuilder;
using namespace fwcompiler;
using namespace std;
static int chain_no=0;
static std::map<std::string,int> tmp_chain_no;
string RoutingCompiler_ipt::myPlatformName() { return "iptables"; }

14
src/ipt/RoutingCompiler_ipt_writers.cpp
View File

@ -78,13 +78,15 @@ string RoutingCompiler_ipt::PrintRule::_printAddr(Address *o)
return ostr.str();
}
IPAddress addr;
Netmask mask;
InetAddr addr;
InetNetmask mask;
try {
addr=o->getAddress();
if (Interface::cast(o)!=NULL || IPv4::cast(o)!=NULL) mask=Netmask("255.255.255.255");
else mask=o->getNetmask();
if (Interface::cast(o)!=NULL || IPv4::cast(o)!=NULL)
mask = InetNetmask(InetAddr::getAllOnes());
else
mask = o->getNetmask();
}
catch (FWException ex)
{
@ -105,13 +107,13 @@ string RoutingCompiler_ipt::PrintRule::_printAddr(Address *o)
}
if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0")
if (addr == InetAddr::getAny() && mask == InetAddr::getAny())
{
ostr << "default ";
} else
{
ostr << addr.toString();
if (mask.toString()!="255.255.255.255")
if (!mask.isHostMask())
{
ostr << "/" << mask.getLength();
}

9
src/ipt/ipt.cpp
View File

@ -361,12 +361,15 @@ _("Dynamic interface %s should not have an IP address object attached to it. Thi
for (list<FWObject*>::iterator j=la.begin(); j!=la.end(); ++j)
{
IPv4 *ipv4 = IPv4::cast(*j);
if ( ipv4->getAddress().toString()=="0.0.0.0")
if ( ipv4->getAddress().isAny())
{
char errstr[256];
sprintf(errstr,
_("Interface %s has IP address \"0.0.0.0\".\n"),
iface->getName().c_str() );
"Interface %s (id=%s) has IP address %s.\n",
iface->getName().c_str(),
iface->getId().c_str(),
ipv4->getAddress().toString().c_str());
throw FWException(errstr);
}
}

2
src/pf/pf.cpp
View File

@ -344,7 +344,7 @@ _("Dynamic interface %s should not have an IP address object attached to it. Thi
for (list<FWObject*>::iterator j=la.begin(); j!=la.end(); ++j)
{
IPv4 *ipv4 = IPv4::cast(*j);
if ( ipv4->getAddress().toString()=="0.0.0.0")
if ( ipv4->getAddress() == InetAddr::getAny())
{
char errstr[256];
sprintf(errstr,

28
src/pflib/NATCompiler_ipf_writers.cpp
View File

@ -73,8 +73,8 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address *o, bool print_netmask)
{
FWOptions* options=compiler->fw->getOptionsObject();
IPAddress addr=o->getAddress();
Netmask mask=o->getNetmask();
InetAddr addr=o->getAddress();
InetNetmask mask=o->getNetmask();
if (Interface::cast(o)!=NULL && Interface::cast(o)->isDyn())
{
@ -87,12 +87,13 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address *o, bool print_netmask)
}
if (Interface::cast(o)!=NULL && ! Interface::cast(o)->isDyn())
mask=Netmask("255.255.255.255");
mask = InetNetmask(InetAddr::getAllOnes());
if (IPv4::cast(o)!=NULL)
mask=Netmask("255.255.255.255");
mask = InetNetmask(InetAddr::getAllOnes());
if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0") {
if (addr.isAny() && mask.isAny())
{
compiler->output << "any ";
} else {
@ -105,18 +106,19 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address *o, bool print_netmask)
void NATCompiler_ipf::PrintRule::_printAddr_R(Address *o, bool print_netmask)
{
IPAddress addr=o->getAddress();
Netmask mask=o->getNetmask();
InetAddr addr = o->getAddress();
InetNetmask mask = o->getNetmask();
if (Interface::cast(o)!=NULL)
mask=Netmask("255.255.255.255");
if (Interface::cast(o) != NULL)
mask = InetNetmask(InetAddr::getAllOnes());
if (IPv4::cast(o)!=NULL)
mask=Netmask("255.255.255.255");
mask = InetNetmask(InetAddr::getAllOnes());
if (addr.toString()=="0.0.0.0" && print_netmask && mask.toString()=="255.255.255.255")
if (addr.isAny() && print_netmask && mask.isHostMask())
{
compiler->output << "0/32 ";
else
} else
{
compiler->output << addr.toString();
if (print_netmask)
@ -137,7 +139,7 @@ void NATCompiler_ipf::PrintRule::_printAddr_R_LB(RuleElementTDst *tdst)
Address *a=Address::cast(obj);
IPAddress addr=a->getAddress();
InetAddr addr=a->getAddress();
if (!first) compiler->output << ",";
compiler->output << addr.toString();

2
src/pflib/NATCompiler_pf.cpp
View File

@ -90,7 +90,7 @@ int NATCompiler_pf::prolog()
/* pseudo-host with ip address 127.0.0.1 We'll use it for redirection NAT rules */
//FWObject *grp;
loopback_address=IPv4::cast(dbcopy->create(IPv4::TYPENAME) );
loopback_address->setAddress("127.0.0.1");
loopback_address->setAddress(InetAddr::getLoopbackAddr());
loopback_address->setName("__loopback_address__");
loopback_address->setId("__loopback_address_id__");
dbcopy->add(loopback_address,false);

14
src/pflib/NATCompiler_pf_writers.cpp
View File

@ -325,8 +325,8 @@ void NATCompiler_pf::PrintRule::_printAddr(FWObject *o)
}
Address *a = Address::cast(o);
IPAddress addr=a->getAddress();
Netmask mask=a->getNetmask();
InetAddr addr=a->getAddress();
InetNetmask mask=a->getNetmask();
if (Interface::cast(o)!=NULL)
{
@ -337,18 +337,20 @@ void NATCompiler_pf::PrintRule::_printAddr(FWObject *o)
return;
}
mask=Netmask("255.255.255.255");
mask = InetNetmask(InetAddr::getAllOnes());
}
if (IPv4::cast(o)!=NULL) {
mask=Netmask("255.255.255.255");
mask = InetNetmask(InetAddr::getAllOnes());
}
if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0") {
if (addr.isAny() && mask.isAny())
{
compiler->output << "any ";
} else {
compiler->output << addr.toString();
if (mask.toString()!="255.255.255.255") {
if (!mask.isHostMask())
{
compiler->output << "/" << mask.getLength();
}
compiler->output << " ";

5
src/pflib/OSConfigurator_freebsd.cpp
View File

@ -116,9 +116,8 @@ void OSConfigurator_freebsd::addVirtualAddressForNAT(const Address *addr)
for ( ; j!=j.end(); ++j )
{
IPv4 *iaddr=IPv4::cast(*j);
IPNetwork n( iaddr->getAddress() , iaddr->getNetmask() );
if ( n.belongs( addr->getAddress() ) ) {
if ( ipv4->belongs( addr->getAddress() ) )
{
output << "ifconfig "
<< iface->getName() << " "
<< addr->getAddress().toString() << " alias" << endl;

2
src/pflib/OSConfigurator_freebsd.h
View File

@ -38,7 +38,7 @@ namespace fwcompiler {
OSData os_data;
std::vector<libfwbuilder::IPAddress> virtual_addresses;
std::vector<libfwbuilder::InetAddr> virtual_addresses;
std::string getInterfaceVarName(libfwbuilder::FWObject *iface);

2
src/pflib/OSConfigurator_macosx.h
View File

@ -38,7 +38,7 @@ namespace fwcompiler {
OSData os_data;
std::vector<libfwbuilder::IPAddress> virtual_addresses;
std::vector<libfwbuilder::InetAddr> virtual_addresses;
public:

5
src/pflib/OSConfigurator_openbsd.cpp
View File

@ -117,9 +117,8 @@ void OSConfigurator_openbsd::addVirtualAddressForNAT(const Address *addr)
FWObjectTypedChildIterator j=iface->findByType(IPv4::TYPENAME);
for ( ; j!=j.end(); ++j ) {
IPv4 *iaddr=IPv4::cast(*j);
IPNetwork n( iaddr->getAddress() , iaddr->getNetmask() );
if ( n.belongs( addr->getAddress() ) ) {
if ( ipv4->belongs( addr->getAddress() ) )
{
output << "ifconfig "
<< iface->getName() << " "
<< addr->getAddress().toString() << " alias" << endl;

2
src/pflib/OSConfigurator_openbsd.h
View File

@ -38,7 +38,7 @@ namespace fwcompiler {
OSData os_data;
std::vector<libfwbuilder::IPAddress> virtual_addresses;
std::vector<libfwbuilder::InetAddr> virtual_addresses;
public:

5
src/pflib/OSConfigurator_solaris.cpp
View File

@ -128,9 +128,8 @@ void OSConfigurator_solaris::addVirtualAddressForNAT(const Address *addr)
for ( ; j!=j.end(); ++j )
{
IPv4 *iaddr=IPv4::cast(*j);
IPNetwork n( iaddr->getAddress() , iaddr->getNetmask() );
if ( n.belongs( addr->getAddress() ) ) {
if ( ipv4->belongs( addr->getAddress() ) )
{
output << "ifconfig "
<< iface->getName() << " "
<< addr->getAddress().toString() << " alias" << endl;

4
src/pflib/OSConfigurator_solaris.h
View File

@ -29,7 +29,7 @@
#include "config.h"
#include "fwcompiler/OSConfigurator.h"
#include "fwbuilder/IPAddress.h"
#include "fwbuilder/InetAddr.h"
#include <vector>
@ -41,7 +41,7 @@ namespace fwcompiler {
OSData os_data;
std::vector<libfwbuilder::IPAddress> virtual_addresses;
std::vector<libfwbuilder::InetAddr> virtual_addresses;
public:

14
src/pflib/PolicyCompiler_ipf_writers.cpp
View File

@ -267,8 +267,8 @@ void PolicyCompiler_ipf::PrintRule::_printAddr(Address *o,bool neg)
assert(atrt==NULL);
}
IPAddress addr=o->getAddress();
Netmask mask=o->getNetmask();
InetAddr addr=o->getAddress();
InetNetmask mask=o->getNetmask();
if (options->getBool("dynAddr") &&
Interface::cast(o)!=NULL && Interface::cast(o)->isDyn())
@ -279,19 +279,21 @@ void PolicyCompiler_ipf::PrintRule::_printAddr(Address *o,bool neg)
}
if (Interface::cast(o)!=NULL) {
mask=Netmask("255.255.255.255");
mask = InetNetmask(InetAddr::getAllOnes());
}
if (IPv4::cast(o)!=NULL) {
mask=Netmask("255.255.255.255");
mask = InetNetmask(InetAddr::getAllOnes());
}
if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0") {
if (addr.isAny() && mask.isAny())
{
compiler->output << "any ";
} else {
if (neg) compiler->output << "! ";
compiler->output << addr.toString();
if (mask.toString()!="255.255.255.255") {
if (!mask.isHostMask())
{
compiler->output << "/" << mask.getLength();
}
compiler->output << " ";

13
src/pflib/PolicyCompiler_ipfw_writers.cpp
View File

@ -290,20 +290,21 @@ void PolicyCompiler_ipfw::PrintRule::_printAddr(Address *o,bool neg)
assert(atrt==NULL);
}
IPAddress addr=o->getAddress();
Netmask mask=o->getNetmask();
InetAddr addr=o->getAddress();
InetNetmask mask=o->getNetmask();
if (Interface::cast(o)!=NULL) mask=Netmask("255.255.255.255");
if (IPv4::cast(o)!=NULL) mask=Netmask("255.255.255.255");
if (Interface::cast(o)!=NULL) mask = InetNetmask(InetAddr::getAllOnes());
if (IPv4::cast(o)!=NULL) mask = InetNetmask(InetAddr::getAllOnes());
if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0")
if (addr.isAny() && mask.isAny())
{
compiler->output << "any ";
} else
{
if (neg) compiler->output << "not ";
compiler->output << addr.toString();
if (mask.toString()!="255.255.255.255") {
if (!mask.isHostMask())
{
compiler->output << "/" << mask.getLength();
}
compiler->output << " ";

12
src/pflib/PolicyCompiler_pf.cpp
View File

@ -388,24 +388,24 @@ void PolicyCompiler_pf::addDefaultPolicyRule()
cacheObj(ssh); // to keep cache consistent
string mgmt_addr = getCachedFwOpt()->getStr("mgmt_addr");
IPAddress addr;
Netmask netmask(32);
InetAddr addr;
InetNetmask netmask(InetAddr::getAllOnes());
try
{
addr = IPAddress(mgmt_addr);
addr = InetAddr(mgmt_addr);
string::size_type sep = mgmt_addr.find("/");
if (sep != string::npos)
{
addr = IPAddress(mgmt_addr.substr(0,sep));
addr = InetAddr(mgmt_addr.substr(0,sep));
string nm = mgmt_addr.substr(sep+1);
int o1,o2,o3,o4;
if(sscanf(nm.c_str(), "%3u.%3u.%3u.%3u", &o1, &o2, &o3, &o4)==4)
{
netmask = Netmask(nm);
netmask = InetNetmask(nm);
} else
{
sscanf(nm.c_str(),"%u",&o1);
netmask = Netmask(o1);
netmask = InetNetmask(o1);
}
}
} catch(FWException &ex)

22
src/pflib/PolicyCompiler_pf_writers.cpp
View File

@ -187,7 +187,7 @@ void PolicyCompiler_pf::PrintRule::_printRouteOptions(PolicyRule *rule)
try
{
string a = roaddr.substr(0,sp);
IPAddress roaddr_addr = IPAddress(a);
InetAddr roaddr_addr = InetAddr(a);
} catch (FWException &ex)
{
compiler->abort(
@ -195,14 +195,14 @@ void PolicyCompiler_pf::PrintRule::_printRouteOptions(PolicyRule *rule)
}
try
{
Netmask roaddr_netmask;
InetNetmask roaddr_netmask;
string n = roaddr.substr(sp+1);
if (n.find('.')!=std::string::npos)
{
roaddr_netmask = n;
roaddr_netmask = InetNetmask(n);
} else
{
roaddr_netmask = Netmask(
roaddr_netmask = InetNetmask(
atoi(n.c_str()));
}
if (roaddr_netmask.getLength()==32)
@ -224,7 +224,7 @@ void PolicyCompiler_pf::PrintRule::_printRouteOptions(PolicyRule *rule)
// roaddr is just an addres
try
{
IPAddress roaddr_addr = IPAddress(roaddr);
InetAddr roaddr_addr = InetAddr(roaddr);
} catch (FWException &ex)
{
compiler->abort(
@ -596,8 +596,8 @@ void PolicyCompiler_pf::PrintRule::_printAddr(Address *o,bool neg)
assert(atrt==NULL);
}
IPAddress addr=o->getAddress();
Netmask mask=o->getNetmask();
InetAddr addr=o->getAddress();
InetNetmask mask=o->getNetmask();
if (Interface::cast(o)!=NULL)
{
@ -608,22 +608,22 @@ void PolicyCompiler_pf::PrintRule::_printAddr(Address *o,bool neg)
return;
}
mask=Netmask("255.255.255.255");
mask = InetNetmask(InetAddr::getAllOnes());
}
if (IPv4::cast(o)!=NULL)
{
mask=Netmask("255.255.255.255");
mask = InetNetmask(InetAddr::getAllOnes());
}
if (addr.toString()=="0.0.0.0" && mask.toString()=="0.0.0.0")
if (addr.isAny() && mask.isAny())
{
compiler->output << "any ";
} else
{
// if (neg) compiler->output << "! ";
compiler->output << addr.toString();
if (mask.toString()!="255.255.255.255")
if (!mask.isHostMask())
{
compiler->output << "/" << mask.getLength();
}

9
src/pflib/TableFactory.cpp
View File

@ -212,15 +212,16 @@ string TableFactory::PrintTables()
if (A==NULL)
throw(FWException("table object must be an address: '"+o->getTypeName()+"'"));
IPAddress addr=A->getAddress();
Netmask mask=A->getNetmask();
InetAddr addr=A->getAddress();
InetNetmask mask=A->getNetmask();
if (IPv4::cast(A)!=NULL) {
mask=Netmask("255.255.255.255");
mask = InetNetmask(InetAddr::getAllOnes());
}
output << addr.toString();
if (mask.toString()!="255.255.255.255") {
if (!mask.isHostMask())
{
output << "/" << mask.getLength();
}
}

83
src/pix/NATCompiler_pix.cpp
View File

@ -36,7 +36,7 @@
#include "fwbuilder/UDPService.h"
#include "fwbuilder/Interface.h"
#include "fwbuilder/IPv4.h"
#include "fwbuilder/IPAddress.h"
#include "fwbuilder/InetAddr.h"
#include "fwbuilder/Network.h"
#include "fwbuilder/Resources.h"
#include "fwbuilder/AddressTable.h"
@ -421,8 +421,8 @@ bool NATCompiler_pix::verifyRuleElements::processNext()
if (Network::isA(odst) && Network::isA(tdst))
{
Netmask n1=(Interface::cast(odst))?Netmask("255.255.255.255"):odst->getNetmask();
Netmask n2=(Interface::cast(tdst))?Netmask("255.255.255.255"):tdst->getNetmask();
InetNetmask n1=(Interface::cast(odst))?InetNetmask(InetAddr::getAllOnes()):odst->getNetmask();
InetNetmask n2=(Interface::cast(tdst))?InetNetmask(InetAddr::getAllOnes()):tdst->getNetmask();
if ( !(n1==n2) )
compiler->abort(
@ -883,8 +883,8 @@ bool NATCompiler_pix::mergeNATCmd::processNext()
*/
if (natcmd==nc) break;
IPAddress a1=natcmd->t_addr->getAddress();
IPAddress a2=nc->t_addr->getAddress();
InetAddr a1=natcmd->t_addr->getAddress();
InetAddr a2=nc->t_addr->getAddress();
Interface *int1=natcmd->t_iface;
Interface *int2=nc->t_iface;
@ -1136,17 +1136,16 @@ NATCompiler_pix::DetectOverlap::~DetectOverlap() {};
bool NATCompiler_pix::DetectOverlap::checkOverlapping(
const libfwbuilder::Address &addr1,
const libfwbuilder::IPAddress &addr2)
const libfwbuilder::InetAddr &addr2)
{
if (AddressRange::isA(&addr1))
{
const IPAddress a1=AddressRange::constcast(&addr1)->getRangeStart();
const IPAddress a2=AddressRange::constcast(&addr1)->getRangeEnd();
const InetAddr a1=AddressRange::constcast(&addr1)->getRangeStart();
const InetAddr a2=AddressRange::constcast(&addr1)->getRangeEnd();
return (addr2==a1 || addr2==a2 || (addr2>a1 && addr2<a2));
} else
{
return addr1.getAddress() == addr2 ||
IPNetwork(addr1.getAddress(),addr1.getNetmask()).belongs(addr2);
return addr1.getAddress() == addr2 || addr1.belongs(addr2);
}
}
@ -1154,8 +1153,8 @@ string NATCompiler_pix::DetectOverlap::printGlobalPoolAddress(const Address &poo
{
if (AddressRange::isA(&pool))
{
const IPAddress a1=AddressRange::constcast(&pool)->getRangeStart();
const IPAddress a2=AddressRange::constcast(&pool)->getRangeEnd();
const InetAddr a1=AddressRange::constcast(&pool)->getRangeStart();
const InetAddr a2=AddressRange::constcast(&pool)->getRangeEnd();
return a1.toString()+"-"+a2.toString();
} else
{
@ -1183,14 +1182,11 @@ bool NATCompiler_pix::DetectGlobalPoolProblems::processNext()
+printGlobalPoolAddress(*(natcmd->t_addr))
+" overlaps with interface address. Rule "
+rule->getLabel());
IPNetwork iface_net(natcmd->t_iface->getAddress(),
natcmd->t_iface->getNetmask());
if (checkOverlapping(*(natcmd->t_addr),
iface_net.getBroadcastAddress()) ||
natcmd->t_iface->getBroadcastAddress()) ||
checkOverlapping(*(natcmd->t_addr),
iface_net.getAddress()) )
natcmd->t_iface->getAddress()) )
compiler->warning("Global pool "
+printGlobalPoolAddress(*(natcmd->t_addr))
+" overlaps with broadcast address. Rule "
@ -1273,7 +1269,7 @@ bool NATCompiler_pix::DetectOverlappingGlobalPoolsAndStaticRules::processNext()
if (natcmd->type== INTERFACE)
{
addr.setNetmask("255.255.255.255");
addr.setNetmask(InetNetmask(InetAddr::getAllOnes()));
}
if ( checkOverlapping( addr, outa->getAddress()) ||
@ -1314,11 +1310,11 @@ bool NATCompiler_pix::DetectDuplicateNAT::processNext()
Interface *int1=natcmd->t_iface;
Interface *int2=nc->t_iface;
// IPAddress a1=natcmd->o_addr->getAddress();
// IPAddress a2=nc->o_addr->getAddress();
// InetAddr a1=natcmd->o_addr->getAddress();
// InetAddr a2=nc->o_addr->getAddress();
//
// Netmask m1=natcmd->o_addr->getNetmask();
// Netmask m2=nc->o_addr->getNetmask();
// InetNetmask m1=natcmd->o_addr->getInetNetmask();
// InetNetmask m2=nc->o_addr->getNetmask();
if ( int1->getId()==int2->getId() &&
natcmd->o_src==nc->o_src &&
@ -1357,9 +1353,6 @@ bool NATCompiler_pix::DetectOverlappingStatics::processNext()
{
StaticCmd *scmd=pix_comp->static_commands[ rule->getInt("sc_cmd") ];
IPNetwork nn1( scmd->iaddr->getAddress(), scmd->iaddr->getNetmask() );
IPNetwork nn2( scmd->oaddr->getAddress(), scmd->oaddr->getNetmask() );
for (map<int,StaticCmd*>::iterator i1=pix_comp->static_commands.begin();
i1!=pix_comp->static_commands.end(); i1++ )
{
@ -1374,32 +1367,30 @@ bool NATCompiler_pix::DetectOverlappingStatics::processNext()
*(sc->tsrv) == *(scmd->tsrv) &&
*(sc->osrc) == *(scmd->osrc) &&
sc->oaddr->getId() == scmd->oaddr->getId())
compiler->abort("Static NAT rules overlap or are redundant : rules "+
sc->rule+" and "+scmd->rule+" : "+
"outside address: "+
"interface "+Interface::cast(scmd->oaddr)->getLabel()+
" inside address: "+
scmd->iaddr->getAddress().toString()+"/"+
scmd->iaddr->getNetmask().toString());
compiler->abort(
"Static NAT rules overlap or are redundant : rules "+
sc->rule+" and "+scmd->rule+" : "+
"outside address: "+
"interface "+Interface::cast(scmd->oaddr)->getLabel()+
" inside address: "+
scmd->iaddr->getAddress().toString()+"/"+
scmd->iaddr->getNetmask().toString());
} else
{
IPNetwork n1( sc->iaddr->getAddress(), sc->iaddr->getNetmask() );
IPNetwork n2( sc->oaddr->getAddress(), sc->oaddr->getNetmask() );
if ( *(sc->osrv) == *(scmd->osrv) &&
*(sc->tsrv) == *(scmd->tsrv) &&
*(sc->osrc) == *(scmd->osrc) &&
( ! getOverlap(nn1,n1).empty() || ! getOverlap(nn2,n2).empty() ) )
compiler->abort("Static NAT rules overlap or are redundant : rules "+
sc->rule+" and "+scmd->rule+" : "+
"outside address: "+
scmd->oaddr->getAddress().toString()+"/"+
scmd->oaddr->getNetmask().toString()+
" inside address: "+
scmd->iaddr->getAddress().toString()+"/"+
scmd->iaddr->getNetmask().toString());
( ! getOverlap(*(scmd->iaddr), *(sc->iaddr)).empty() ||
! getOverlap(*(scmd->oaddr), *(sc->oaddr)).empty() ) )
compiler->abort(
"Static NAT rules overlap or are redundant : rules "+
sc->rule+" and "+scmd->rule+" : "+
"outside address: "+
scmd->oaddr->getAddress().toString()+"/"+
scmd->oaddr->getNetmask().toString()+
" inside address: "+
scmd->iaddr->getAddress().toString()+"/"+
scmd->iaddr->getNetmask().toString());
}
}
}

6
src/pix/NATCompiler_pix.h
View File

@ -373,7 +373,7 @@ namespace fwcompiler {
{
protected:
bool checkOverlapping(const libfwbuilder::Address &a1,
const libfwbuilder::IPAddress &a2);
const libfwbuilder::InetAddr &a2);
std::string printGlobalPoolAddress(const libfwbuilder::Address &pool);
public:
DetectOverlap(const std::string &n) : NATRuleProcessor(n){}
@ -419,8 +419,8 @@ namespace fwcompiler {
protected:
typedef struct {
std::string iface1, iface2;
libfwbuilder::IPAddress addr;
libfwbuilder::Netmask mask;
libfwbuilder::InetAddr addr;
libfwbuilder::InetNetmask mask;
} nonat_static_parameters;
std::deque<nonat_static_parameters> all_nonat_statics;
public:

6
src/pix/NATCompiler_pix_writers.cpp
View File

@ -449,9 +449,9 @@ bool NATCompiler_pix::PrintRule::processNext()
{
StaticCmd *scmd=pix_comp->static_commands[ rule->getInt("sc_cmd") ];
IPAddress outa=scmd->oaddr->getAddress();
Netmask outm=scmd->oaddr->getNetmask();
IPAddress insa=scmd->iaddr->getAddress();
InetAddr outa=scmd->oaddr->getAddress();
InetNetmask outm=scmd->oaddr->getNetmask();
InetAddr insa=scmd->iaddr->getAddress();
/*
* we verify that odst and tdst have the same size in verifyRuleElements,
* so we can rely on that now.

6
src/pix/OSConfigurator_pix_os.cpp
View File

@ -193,7 +193,7 @@ string OSConfigurator_pix_os::_printLogging()
if ( ! syslog_host.empty() )
{
string iface_id=helper.findInterfaceByNetzone(IPAddress(syslog_host));
string iface_id=helper.findInterfaceByNetzone(InetAddr(syslog_host));
if (iface_id.empty()) abort("Log server "+syslog_host+" does not belong to any known network zone");
Interface *syslog_iface = getCachedFwInterface(iface_id);
@ -257,7 +257,7 @@ string OSConfigurator_pix_os::_printSNMPServer(const std::string &srv,int poll_
ostringstream str;
string iface_id=helper.findInterfaceByNetzone( IPAddress(srv) );
string iface_id=helper.findInterfaceByNetzone( InetAddr(srv) );
if (iface_id.empty())
abort(string("SNMP server ")+srv+" does not belong to any known network zone");
Interface *snmp_iface = getCachedFwInterface(iface_id);
@ -335,7 +335,7 @@ string OSConfigurator_pix_os::_printNTPServer(const std::string &srv,bool pref)
ostringstream str;
string iface_id=helper.findInterfaceByNetzone( IPAddress(srv) );
string iface_id=helper.findInterfaceByNetzone( InetAddr(srv) );
if (iface_id.empty()) abort("NTP server "+srv+" does not belong to any known network zone");
Interface *ntp_iface = getCachedFwInterface(iface_id);
str << "ntp server " << srv << " source " << ntp_iface->getLabel();

2
src/pix/PIXObjectGroup.h
View File

@ -50,7 +50,7 @@ class PIXGroup : public libfwbuilder::Group {
virtual ~PIXGroup() {};
DECLARE_FWOBJECT_SUBTYPE(PIXGroup);
virtual bool validateChild(FWObject *o) { return true; }
virtual bool validateChild(FWObject*) { return true; }
void setPIXGroupType(pix_group_type _gt) { gt=_gt; }
pix_group_type getPIXGroupType() { return gt; }

9
src/pix/PolicyCompiler_pix.cpp
View File

@ -123,14 +123,14 @@ int PolicyCompiler_pix::prolog()
{
if (netmask.find(".")!=string::npos)
{
Netmask nm(netmask);
nm.to32BitInt(); // to avoid warning abt unused var
InetNetmask nm(netmask);
nm.isAny(); // to avoid warning abt unused var
} else
{
int nm_length;
istringstream str(netmask);
str >> nm_length;
Netmask nm(nm_length);
InetNetmask nm(nm_length);
netmask = nm.toString();
}
} catch(FWException &ex)
@ -141,8 +141,7 @@ int PolicyCompiler_pix::prolog()
try
{
IPAddress a(addr);
a.to32BitInt();
InetAddr(addr);
} catch(FWException &ex)
{
abort("Invalid address for management subnet: '"+addr+"'");

16
src/pix/PolicyCompiler_pix_writers.cpp
View File

@ -161,10 +161,10 @@ bool PolicyCompiler_pix::PrintObjectGroupsAndClearCommands::processNext()
{
Address *a=Address::cast(obj);
assert(a!=NULL);
IPAddress addr=a->getAddress();
InetAddr addr=a->getAddress();
pix_comp->output << " network-object ";
if (Network::cast(obj)!=NULL) {
Netmask mask=a->getNetmask();
InetNetmask mask=a->getNetmask();
pix_comp->output << addr.toString() << " ";
pix_comp->output << mask.toString() << " ";
} else {
@ -352,8 +352,8 @@ string PolicyCompiler_pix::PrintRule::_printAddr(libfwbuilder::Address *o)
{
ostringstream str;
IPAddress srcaddr=o->getAddress();
Netmask srcmask=o->getNetmask();
InetAddr srcaddr=o->getAddress();
InetNetmask srcmask=o->getNetmask();
if (Interface::cast(o)!=NULL)
{
@ -363,18 +363,18 @@ string PolicyCompiler_pix::PrintRule::_printAddr(libfwbuilder::Address *o)
return string("interface ") + interface_->getLabel() + " ";
}
srcmask=Netmask("255.255.255.255");
srcmask=InetNetmask(InetAddr::getAllOnes());
}
if (IPv4::cast(o)!=NULL)
srcmask=Netmask("255.255.255.255");
srcmask=InetNetmask(InetAddr::getAllOnes());
if (srcaddr.toString()=="0.0.0.0" && srcmask.toString()=="0.0.0.0")
if (srcaddr.isAny() && srcmask.isAny())
{
str << "any ";
} else {
if (srcmask.toString()=="255.255.255.255")
if (srcmask.isHostMask())
{
str << "host " << srcaddr.toString() << " ";
} else

2
test/ipf/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="2.1.15" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="4" id="root">
<Library color="#FFFFFF" comment="" id="id40D07E7A" name="LAX" ro="True">
<ObjectGroup id="id40D07E7B" name="Objects">
<ObjectGroup id="id40D07E7B_og_ats_1" name="Address Tables"/>

2
test/ipfw/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="2.1.15" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="4" id="root">
<Library color="#FFFFFF" comment="" id="id40D07E7A" name="LAX" ro="False">
<ObjectGroup id="id40D07E7B" name="Objects">
<ObjectGroup id="id40D07E7B_og_ats_1" name="Address Tables"/>

536
test/ipt/objects-for-regression-tests.fwb
View File

@ -1,14 +1,14 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="2.1.15" lastModified="1196093903" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="4" lastModified="1206322269" id="root">
<Library color="#d2ffd0" comment="User defined objects" id="syslib001" name="User">
<ObjectGroup id="stdid01_1" name="Objects">
<ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables">
<AddressTable comment="" filename="/home/vadim/Projects/fwb2.1/fwb2/fwbuilder2/test/ipt/addr-table-1.tbl" id="id4385C1081434" name="addrtbl 1" run_time="False"/>
<AddressTable comment="" filename="addr-table-1.tbl" id="id4385C1081434" name="addrtbl 1" run_time="False"/>
<AddressTable comment="" filename="addr-table-1.tbl" id="id4389EE9018346" name="addr-table-1" run_time="False"/>
<AddressTable comment="this is run-time table" filename="block-hosts.tbl" id="id4389EE9118346" name="block these" run_time="True"/>
<AddressTable comment="the name contains character that is special to shell" filename="/home/vadim/tmp/bug-1544488/addr-table-1.tbl" id="id44F7056328576" name="atbl.1" run_time="True"/>
<AddressTable comment="" filename="/home/vadim/Projects/fwb2.1/fwb2/fwbuilder2/test/ipt/emtpy-table.tbl" id="id459673BE7794" name="empty table" run_time="False"/>
<AddressTable comment="" filename="emtpy-table.tbl" id="id459673BE7794" name="empty table" run_time="False"/>
</ObjectGroup>
<ObjectGroup id="stdid01_1_og_dnsn_1" name="DNS Names">
<DNSName comment="" dnsrec="www.cnn.com" id="id43869E8C18346" name="cnn (ct)" run_time="False"/>
@ -20,11 +20,11 @@
<DNSName comment="" dnsrec="www.heise.de" id="id44EC181D8791" name="heise" run_time="True"/>
</ObjectGroup>
<ObjectGroup id="stdid16_1" name="Addresses">
<IPv4 address="192.168.1.0" comment="" id="id417B3641" name="net_address" netmask="255.255.255.255"/>
<IPv4 address="61.150.47.112" comment="" id="id4388C37D674" name="sapmhost1" netmask="255.255.255.255"/>
<IPv4 address="0.0.0.0" comment="" id="id44C0695713221" name="this_host" netmask="255.255.255.255"/>
<IPv4 address="1.1.1.1" comment="" id="id44F7082928576" name="some address" netmask="255.255.255.255"/>
<IPv4 address="224.0.0.18" comment="" id="id45D61A0923626" name="VRRP" netmask="255.255.255.255"/>
<IPv4 comment="" id="id417B3641" name="net_address" address="192.168.1.0" netmask="255.255.255.255"/>
<IPv4 comment="" id="id4388C37D674" name="sapmhost1" address="61.150.47.112" netmask="255.255.255.255"/>
<IPv4 comment="" id="id44C0695713221" name="this_host" address="0.0.0.0" netmask="255.255.255.255"/>
<IPv4 comment="" id="id44F7082928576" name="some address" address="1.1.1.1" netmask="255.255.255.255"/>
<IPv4 comment="" id="id45D61A0923626" name="VRRP" address="224.0.0.18" netmask="255.255.255.255"/>
</ObjectGroup>
<ObjectGroup id="stdid04_1" name="Groups">
<ObjectGroup id="id3B4572AF" name="group1">
@ -103,11 +103,15 @@
<ObjectRef ref="id3AFB6706"/>
<ObjectRef ref="id3AFB68D2"/>
</ObjectGroup>
<ObjectGroup comment="a group of run-time dns objects" id="id47CBF5D129252" name="DNS objects">
<ObjectRef ref="id43869E8D18346"/>
<ObjectRef ref="id4387287A18346"/>
</ObjectGroup>
</ObjectGroup>
<ObjectGroup id="stdid02_1" name="Hosts">
<Host comment="multicast address which is _not_ local link multicast&#10;" id="id3A84EECE" name="DHCP-Servers (multicast)">
<Interface bridgeport="False" dyn="False" id="id3D84EED2" name="interface1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="224.0.1.141" id="id3D84EEDA" name="DHCP-Servers (multicast)" netmask="255.255.255.0"/>
<IPv4 id="id3D84EEDA" name="DHCP-Servers (multicast)" address="224.0.1.141" netmask="255.255.255.0"/>
</Interface>
<Management address="224.0.1.141">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -124,7 +128,7 @@
</Host>
<Host comment="" id="id3CFBE20C" name="broadcast">
<Interface bridgeport="False" dyn="False" id="id3CFBE20C-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="255.255.255.255" comment="" id="id3CFBE20C-i-1-addr" name="broadcast:address" netmask="255.255.255.255"/>
<IPv4 comment="" id="id3CFBE20C-i-1-addr" name="broadcast:address" address="255.255.255.255" netmask="255.255.255.255"/>
</Interface>
<Management address="255.255.255.255">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -141,7 +145,7 @@
</Host>
<Host comment="" id="id3D151943" name="dmzhost1">
<Interface bridgeport="False" dyn="False" id="id3D151943-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.10" id="id3D151943-i-1-addr" name="address" netmask="255.255.255.255"/>
<IPv4 id="id3D151943-i-1-addr" name="address" address="192.168.2.10" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.2.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -158,7 +162,7 @@
</Host>
<Host comment="" id="id3D151947" name="dmzhost2">
<Interface bridgeport="False" dyn="False" id="id3D151947-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.11" id="id3D151947-i-1-addr" name="address" netmask="255.255.255.255"/>
<IPv4 id="id3D151947-i-1-addr" name="address" address="192.168.2.11" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.2.11">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -175,7 +179,7 @@
</Host>
<Host comment="this host is used in firewall14" id="id3DE7223E" name="h-fw14-eth1-1">
<Interface bridgeport="False" dyn="False" id="id3DE72244" name="interface1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.22" comment="" id="id3DE72245" name="h-fw14-eth1-1" netmask="255.255.255.255"/>
<IPv4 comment="" id="id3DE72245" name="h-fw14-eth1-1" address="22.22.23.22" netmask="255.255.255.255"/>
</Interface>
<Management address="22.22.23.160">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -192,7 +196,7 @@
</Host>
<Host comment="this host is used in firewall14" id="id3DE72236" name="h-fw14-eth1-2">
<Interface bridgeport="False" dyn="False" id="id3DE7223A" name="interface1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.160" comment="" id="id3DE7223B" name="h-fw14-eth1-2" netmask="255.255.255.255"/>
<IPv4 comment="" id="id3DE7223B" name="h-fw14-eth1-2" address="22.22.23.160" netmask="255.255.255.255"/>
</Interface>
<Management address="22.22.23.160">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -209,7 +213,7 @@
</Host>
<Host comment="this host is used in firewall14" id="id3DE722F1" name="h-fw14-eth1-N">
<Interface bridgeport="False" dyn="False" id="id3DE722F7" name="interface1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.40" comment="" id="id3DE722F8" name="h-fw14-eth1-1" netmask="255.255.255.255"/>
<IPv4 comment="" id="id3DE722F8" name="h-fw14-eth1-1" address="22.22.23.40" netmask="255.255.255.255"/>
</Interface>
<Management address="22.22.23.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -226,7 +230,7 @@
</Host>
<Host comment="this host has the same IP address as firewall1 and firewall2" id="id3AFC0F70" name="host-fw2">
<Interface bridgeport="False" dyn="False" id="id3AFC0F70-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3AFC0F70-i-ipv4" name="address" netmask="255.255.255.255"/>
<IPv4 id="id3AFC0F70-i-ipv4" name="address" address="22.22.22.22" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -239,7 +243,7 @@
</Host>
<Host comment="" id="id3BF1B3E1" name="host-with-mac-1">
<Interface bridgeport="False" comment="" dyn="False" id="id3BF1B3E2" label="" mgmt="False" name="host-with-mac-1:1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.10" comment="" id="id3BF1B3E2-ipv4" name="host-with-mac-1/addr" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3BF1B3E2-ipv4" name="host-with-mac-1/addr" address="192.168.1.10" netmask="255.255.255.0"/>
<physAddress address="00:10:4b:de:e9:6f" id="id3BF1B3E2-pa" name="host-with-mac-1:1-pa"/>
</Interface>
<Management address="192.168.1.10">
@ -304,7 +308,7 @@
</Host>
<Host comment="this host has an interface with both IP address and MAC address chld objects,&#10;but option &quot;turn on MAC address matching&quot; is NOT activated" id="id3E0F3FC8" name="host-with-mac-5">
<Interface bridgeport="False" comment="" dyn="False" id="id3E0F3FC9" label="" mgmt="False" name="host-with-mac-5:1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.15" comment="" id="id3E0F3FCA" name="host-with-mac-5/addr" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3E0F3FCA" name="host-with-mac-5/addr" address="192.168.1.15" netmask="255.255.255.0"/>
<physAddress address="aa:bb:cc:dd:ee:ff" comment="" id="id3E0F3FCB" name="host-with-mac-5:1-pa"/>
</Interface>
<Management address="192.168.1.15">
@ -321,7 +325,7 @@
</Host>
<Host comment="" id="host-hostA" name="hostA">
<Interface bridgeport="False" dyn="False" id="host-hostA-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.10" id="host-hostA-i-ipv4" name="address" netmask="255.255.255.255"/>
<IPv4 id="host-hostA-i-ipv4" name="address" address="192.168.1.10" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -334,7 +338,7 @@
</Host>
<Host comment="translated address for hostA" id="id3AFADBF9" name="hostA-NAT">
<Interface bridgeport="False" dyn="False" id="id3AFADBF9-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="22.22.22.23" id="id3AFADBF9-i-ipv4" name="address" netmask="255.255.255.255"/>
<IPv4 id="id3AFADBF9-i-ipv4" name="address" address="22.22.22.23" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -347,7 +351,7 @@
</Host>
<Host comment="" id="host-hostB" name="hostB">
<Interface bridgeport="False" dyn="False" id="host-hostB-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.20" id="host-hostB-i-ipv4" name="address" netmask="255.255.255.255"/>
<IPv4 id="host-hostB-i-ipv4" name="address" address="192.168.1.20" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.20">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -360,7 +364,7 @@
</Host>
<Host comment="" id="id3BD6736B" name="hostB-NAT">
<Interface bridgeport="False" dyn="False" id="id3BD6736B-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="22.22.23.24" id="id3BD6736B-i-ipv4" name="address" netmask="255.255.255.255"/>
<IPv4 id="id3BD6736B-i-ipv4" name="address" address="22.22.23.24" netmask="255.255.255.255"/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
@ -368,7 +372,7 @@
</Host>
<Host comment="the same address as internal iface of firewall1" id="id3AFC191C" name="hostF-int">
<Interface bridgeport="False" dyn="False" id="id3AFC191C-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3AFC191C-i-ipv4" name="address" netmask="255.255.255.255"/>
<IPv4 id="id3AFC191C-i-ipv4" name="address" address="192.168.1.1" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -381,8 +385,8 @@
</Host>
<Host comment="this host has multiple interfaces" id="id3DECF4EB" name="hostM-outside">
<Interface bridgeport="False" comment="" dyn="False" id="id3DECF4EC" label="" mgmt="False" name="hostM-iface" security_level="100" unnum="False" unprotected="False">
<IPv4 address="222.222.222.40" comment="" id="id3DECF4ED" name="address" netmask="255.255.255.0"/>
<IPv4 address="222.222.222.41" comment="" id="id3DECF62C" name="hostM-outside" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3DECF4ED" name="address" address="222.222.222.40" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3DECF62C" name="hostM-outside" address="222.222.222.41" netmask="255.255.255.0"/>
</Interface>
<Management address="22.22.22.23">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -398,10 +402,10 @@
</Host>
<Host comment="this host has multiple interfaces" id="id3DECF622" name="hostN-outside">
<Interface bridgeport="False" dyn="False" id="id3DECF623" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="222.222.222.40" comment="" id="id3DECF624" name="address" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3DECF624" name="address" address="222.222.222.40" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3DECF62A" name="unknown" security_level="0" unnum="False" unprotected="False">
<IPv4 address="222.222.222.41" comment="" id="id3DECF62B" name="hostM-outside" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3DECF62B" name="hostM-outside" address="222.222.222.41" netmask="255.255.255.0"/>
</Interface>
<Management address="222.222.222.41">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -417,13 +421,13 @@
</Host>
<Host comment="host on subnet 22.22.22.0 with several addresses" id="id3DE47B6C" name="hostZ-outside">
<Interface bridgeport="False" comment="" dyn="False" id="id3DE47B6D" label="" mgmt="False" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="22.22.22.23" comment="" id="id3DE47B6E" name="hZ-eth0" netmask="255.255.255.255"/>
<IPv4 comment="" id="id3DE47B6E" name="hZ-eth0" address="22.22.22.23" netmask="255.255.255.255"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3DE47B76" label="" mgmt="False" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="22.22.22.24" comment="" id="id3DE47B77" name="hZ-eth1" netmask="255.255.255.255"/>
<IPv4 comment="" id="id3DE47B77" name="hZ-eth1" address="22.22.22.24" netmask="255.255.255.255"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3DE47B78" label="" mgmt="False" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="22.22.22.25" comment="" id="id3DE47B79" name="hZ-eth2" netmask="255.255.255.255"/>
<IPv4 comment="" id="id3DE47B79" name="hZ-eth2" address="22.22.22.25" netmask="255.255.255.255"/>
</Interface>
<Management address="22.22.22.23">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -439,7 +443,7 @@
</Host>
<Host comment="broadcast on internal subnet" id="id3B64FFAC" name="local-bcast">
<Interface bridgeport="False" dyn="False" id="id3B64FFAC-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.255" comment="" id="id3B64FFAC-i-ipv4" name="local-bcast:addess" netmask="255.255.255.255"/>
<IPv4 comment="" id="id3B64FFAC-i-ipv4" name="local-bcast:addess" address="192.168.1.255" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.255">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -455,7 +459,7 @@
</Host>
<Host comment="" id="id3CD87A53" name="h192.168.1.11">
<Interface bridgeport="False" dyn="False" id="id3CD87A53-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.11" id="id3CD87A53-i-1-addr" name="address" netmask="255.255.255.255"/>
<IPv4 id="id3CD87A53-i-1-addr" name="address" address="192.168.1.11" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.11">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -472,7 +476,7 @@
</Host>
<Host comment="" id="id3CD87A5E" name="h192.168.1.12">
<Interface bridgeport="False" dyn="False" id="id3CD87A5E-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.12" id="id3CD87A5E-i-1-addr" name="address" netmask="255.255.255.255"/>
<IPv4 id="id3CD87A5E-i-1-addr" name="address" address="192.168.1.12" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.12">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -489,7 +493,7 @@
</Host>
<Host comment="" id="id3CD87A6D" name="h192.168.1.13">
<Interface bridgeport="False" dyn="False" id="id3CD87A6D-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.13" id="id3CD87A6D-i-1-addr" name="address" netmask="255.255.255.255"/>
<IPv4 id="id3CD87A6D-i-1-addr" name="address" address="192.168.1.13" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.13">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -506,7 +510,7 @@
</Host>
<Host comment="" id="id3CD87A7C" name="h192.168.1.14">
<Interface bridgeport="False" dyn="False" id="id3CD87A7C-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.14" id="id3CD87A7C-i-1-addr" name="address" netmask="255.255.255.255"/>
<IPv4 id="id3CD87A7C-i-1-addr" name="address" address="192.168.1.14" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.14">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -523,7 +527,7 @@
</Host>
<Host comment="" id="id3CD87A8B" name="h192.168.1.15">
<Interface bridgeport="False" dyn="False" id="id3CD87A8B-i" name="interface-1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.15" id="id3CD87A8B-i-1-addr" name="address" netmask="255.255.255.255"/>
<IPv4 id="id3CD87A8B-i-1-addr" name="address" address="192.168.1.15" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.15">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -540,7 +544,7 @@
</Host>
<Host comment="local link multicast address" id="id3D84EEC8" name="ospf routers (multicast)">
<Interface bridgeport="False" dyn="False" id="id3D84EECC" name="interface1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="224.0.0.5" id="id3D84EECD" name="ospf routers (multicast)" netmask="255.255.255.0"/>
<IPv4 id="id3D84EECD" name="ospf routers (multicast)" address="224.0.0.5" netmask="255.255.255.0"/>
</Interface>
<Management address="224.0.0.5">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -557,7 +561,7 @@
</Host>
<Host comment="some host outside our network" id="id3B19C5EB" name="outside-host">
<Interface bridgeport="False" dyn="False" id="id3B19C5EB-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="200.200.200.200" id="id3B19C5EB-i-ipv4" name="address" netmask="255.255.255.255"/>
<IPv4 id="id3B19C5EB-i-ipv4" name="address" address="200.200.200.200" netmask="255.255.255.255"/>
</Interface>
<HostOptions>
<Option name="use_mac_addr_filter">false</Option>
@ -565,7 +569,7 @@
</Host>
<Host comment="" id="host-secondary1-com" name="secondary1.com">
<Interface bridgeport="False" dyn="False" id="host-secondary1-com-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="211.11.11.11" id="host-secondary1-com-i-ipv4" name="address" netmask="255.255.255.255"/>
<IPv4 id="host-secondary1-com-i-ipv4" name="address" address="211.11.11.11" netmask="255.255.255.255"/>
</Interface>
<Management address="211.11.11.11">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -578,7 +582,7 @@
</Host>
<Host comment="" id="host-secondary2-com" name="secondary2.com">
<Interface bridgeport="False" dyn="False" id="host-secondary2-com-i" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="211.22.22.22" id="host-secondary2-com-i-ipv4" name="address" netmask="255.255.255.255"/>
<IPv4 id="host-secondary2-com-i-ipv4" name="address" address="211.22.22.22" netmask="255.255.255.255"/>
</Interface>
<Management address="211.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -591,7 +595,7 @@
</Host>
<Host comment="" id="id3BF23930" name="z-host">
<Interface bridgeport="False" dyn="False" id="id3BF23931" name="unknown" security_level="100" unnum="False" unprotected="False">
<IPv4 address="0.0.0.0" id="id3BF23931-ipv4" name="address" netmask=""/>
<IPv4 id="id3BF23931-ipv4" name="address" address="0.0.0.0" netmask="0.0.0.0"/>
<physAddress address="00:a0:24:53:06:8c" id="id3BF23931-pa" name="unknown-pa"/>
</Interface>
<Management address="0.0.0.0">
@ -605,7 +609,7 @@
</Host>
<Host comment="" id="id3D84F6D7" name="zero address">
<Interface bridgeport="False" dyn="False" id="id3D84F6DB" name="interface1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="0.0.0.0" comment="" id="id3D84F6DC" name="zero addr(ip)" netmask="0.0.0.0"/>
<IPv4 comment="" id="id3D84F6DC" name="zero addr(ip)" address="0.0.0.0" netmask="0.0.0.0"/>
<physAddress address="00:00:00:00:00:00" comment="" id="id3E192A36" name="zero addr(MAC)"/>
</Interface>
<Management address="0.0.0.0">
@ -623,10 +627,10 @@
</Host>
<Host id="id3E9870D1" name="like fw5">
<Interface bridgeport="False" dyn="False" id="id3E9870D7" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3E9870D8" name="like fw5:eth0(ip)" netmask="255.255.255.0"/>
<IPv4 id="id3E9870D8" name="like fw5:eth0(ip)" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3E9870D9" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id3E9870DA" name="like fw5:eth1(ip)" netmask="255.255.255.0"/>
<IPv4 id="id3E9870DA" name="like fw5:eth1(ip)" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -639,7 +643,7 @@
</Host>
<Host id="id3E9BC536" name="squid-box">
<Interface bridgeport="False" dyn="False" id="id3E9BC538" name="interface1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.100" id="id3E9BC539" name="squid-box:interface1(ip)" netmask="255.255.255.255"/>
<IPv4 id="id3E9BC539" name="squid-box:interface1(ip)" address="192.168.1.100" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -652,7 +656,7 @@
</Host>
<Host id="id3EE4CC6E" name="like fw18(eth1)">
<Interface bridgeport="False" dyn="False" id="id3EE4CC70" name="interface1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="66.66.66.130" id="id3EE4CC71" name="like fw18(eth1):interface1(ip)" netmask="255.255.255.255"/>
<IPv4 id="id3EE4CC71" name="like fw18(eth1):interface1(ip)" address="66.66.66.130" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -665,7 +669,7 @@
</Host>
<Host comment="this host has the same IP address as firewall 'firewall', plus it has MAC address.&#10;Testing for a combination of &quot;--mac --source-mac&quot; in the OUTPUT chain.&#10;" id="id3F14DFB8" name="fw-with-mac-1">
<Interface bridgeport="False" comment="" dyn="False" id="id3F14DFB9" label="" mgmt="False" name="host-with-mac-1:1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id3F14DFBA" name="host-with-mac-1/addr" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3F14DFBA" name="host-with-mac-1/addr" address="192.168.1.1" netmask="255.255.255.0"/>
<physAddress address="00:10:4b:de:e9:6f" id="id3F14DFBB" name="host-with-mac-1:1-pa"/>
</Interface>
<Management address="192.168.1.10">
@ -682,7 +686,7 @@
</Host>
<Host comment="this host has the same IP address as firewall 'firewall', plus it has MAC address.&#10;Testing for a combination of &quot;--mac --source-mac&quot; in the OUTPUT chain.&#10;" id="id3F14E244" name="fw-with-mac-2">
<Interface bridgeport="False" comment="" dyn="False" id="id3F14E245" label="" mgmt="False" name="host-with-mac-1:1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id3F14E246" name="host-with-mac-1/addr" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3F14E246" name="host-with-mac-1/addr" address="192.168.1.1" netmask="255.255.255.0"/>
<physAddress address="00:10:4b:de:e9:6f" id="id3F14E247" name="host-with-mac-1:1-pa"/>
</Interface>
<Management address="192.168.1.1">
@ -699,7 +703,7 @@
</Host>
<Host comment="usef in fw7&#10;" id="id40236C4D" name="dhcpserver">
<Interface bridgeport="False" dyn="False" id="id40236C4F" name="interface1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.10" id="id40236C50" name="dhcpserver:interface1(ip)" netmask="255.255.255.255"/>
<IPv4 id="id40236C50" name="dhcpserver:interface1(ip)" address="192.168.2.10" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.2.10">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -716,7 +720,7 @@
</Host>
<Host id="id40236C9A" name="unknown">
<Interface bridgeport="False" dyn="False" id="id40236C9C" name="interface1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="0.0.0.0" id="id40236C9D" name="unknown:interface1(ip)" netmask="255.255.255.255"/>
<IPv4 id="id40236C9D" name="unknown:interface1(ip)" address="0.0.0.0" netmask="255.255.255.255"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -729,7 +733,7 @@
</Host>
<Host id="id40F195D2" name="hostC">
<Interface bridgeport="False" dyn="False" id="id40F195D4" label="" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.50" id="id40F195D6" name="hostC:eth0:ip" netmask="255.255.255.0"/>
<IPv4 id="id40F195D6" name="hostC:eth0:ip" address="192.168.1.50" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -740,7 +744,7 @@
</Host>
<Host comment="" id="id43913DCB25682" name="hostAt">
<Interface bridgeport="False" dyn="False" id="id43913DCD25682" label="" name="hostA_eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.10" id="id43913DCE25682" name="hostAt:hostA_eth0:ip" netmask="255.255.255.255"/>
<IPv4 id="id43913DCE25682" name="hostAt:hostA_eth0:ip" address="192.168.1.10" netmask="255.255.255.255"/>
</Interface>
<Management address="192.168.1.10">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -755,8 +759,8 @@
</HostOptions>
</Host>
<Host comment="This object represents a PC with a single network interface" id="id445F59D831658" name="exthost223">
<Interface bridgeport="False" dyn="False" id="id445F59DA31658" label="" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="223.223.223.223" comment="" id="id445F59DB31658" name="exthost223:eth0:ip" netmask="255.255.255.0"/>
<Interface bridgeport="False" comment="" dyn="False" id="id445F59DA31658" label="" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 comment="" id="id445F59DB31658" name="exthost223:eth0:ip" address="223.223.223.223" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -767,6 +771,26 @@
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
<Host comment="" id="id47CD183A7550" name="host with multiple interfaces">
<Interface bridgeport="False" dyn="False" id="id47CD183C7550" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 id="id47CD183D7550" name="host with multiple interfaces:eth0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id47CD183E7550" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 id="id47CD183F7550" name="host with multiple interfaces:eth1:ip" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id47CD49057550" label="" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 comment="" id="id47CD49067550" name="host with multiple interfaces:eth2:ip" address="77.77.77.77" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<HostOptions>
<Option name="use_mac_addr">false</Option>
<Option name="use_mac_addr_filter">False</Option>
</HostOptions>
</Host>
</ObjectGroup>
<ObjectGroup id="stdid03_1" name="Networks">
<Network comment="" id="net-Internal_net" name="Internal_net" address="192.168.1.0" netmask="255.255.255.0"/>
@ -964,7 +988,7 @@
</ServiceGroup>
</ServiceGroup>
<ObjectGroup id="stdid12_1" name="Firewalls">
<Firewall comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" host_OS="linux24" id="fw-firewall2" inactive="False" lastCompiled="1188096924" lastInstalled="1142003872" lastModified="1184809081" name="firewall" platform="iptables" ro="False" version="">
<Firewall comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule&#10;" host_OS="linux24" id="fw-firewall2" inactive="False" lastCompiled="1188096924" lastInstalled="1142003872" lastModified="1206322269" name="firewall" platform="iptables" ro="False" version="">
<NAT id="nat-firewall2">
<NATRule comment="" disabled="False" id="nat-firewall2-0" position="0">
<OSrc neg="False">
@ -2615,10 +2639,10 @@
</Policy>
<Routing id="fw-firewall2-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="if-FW-firewall2-eth1" label="" mgmt="False" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="222.222.222.222" id="if-FW-firewall2-eth1-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="if-FW-firewall2-eth1-ipv4" name="address" address="222.222.222.222" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="if-FW-firewall2-eth0" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="if-FW-firewall2-eth0-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="if-FW-firewall2-eth0-ipv4" name="address" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -3989,19 +4013,19 @@
</Policy>
<Routing id="id3AF5AA0A-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3AF5AA96" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3AF5AA96-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3AF5AA96-ipv4" name="address" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3AF5AA99" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3AF5AA99-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3AF5AA99-ipv4" name="address" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B0B4BC8" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id3B0B4BC8-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3B0B4BC8-ipv4" name="address" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B0B4D35" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3B0B4D35-ipv4" name="address" netmask="255.0.0.0"/>
<IPv4 id="id3B0B4D35-ipv4" name="address" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B11F434" name="eth3" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.23" id="id3B11F434-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3B11F434-ipv4" name="address" address="22.22.23.23" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -4093,7 +4117,7 @@
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " host_OS="linux24" id="id3AFB66C6" inactive="False" lastCompiled="1188315148" lastInstalled="1142003872" lastModified="1188315856" name="firewall2" platform="iptables" ro="False" version="">
<Firewall comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " host_OS="linux24" id="id3AFB66C6" inactive="False" lastCompiled="1188315148" lastInstalled="1142003872" lastModified="1197388709" name="firewall2" platform="iptables" ro="False" version="">
<NAT id="id3AFB66C7">
<NATRule disabled="False" id="id3AFB66C8" position="0">
<OSrc neg="False">
@ -5554,21 +5578,21 @@
</Policy>
<Routing id="id3AFB66C6-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3AFB6703" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id3AFB6703-ipv4" name="fw2:eth0:ip - internal" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3AFB6703-ipv4" name="fw2:eth0:ip - internal" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3AFB6706" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" comment="" id="id3AFB6706-ipv4" name="fw2:eth1:ip - external" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3AFB6706-ipv4" name="fw2:eth1:ip - external" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3AFB68D2" label="" mgmt="False" name="eth3" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.23" comment="" id="id3AFB68D2-ipv4" name="fw2:eth3:0" netmask="255.255.255.0"/>
<IPv4 address="22.22.25.50" comment="" id="id3D5DEADC" name="fw2:eth3:1" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3AFB68D2-ipv4" name="fw2:eth3:0" address="22.22.23.23" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3D5DEADC" name="fw2:eth3:1" address="22.22.25.50" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B0221F1" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" comment="" id="id3B0221F1-ipv4" name="fw2:eth2:1" netmask="255.255.255.0"/>
<IPv4 address="192.168.2.40" comment="" id="id3DD1E161" name="fw2:eth2:2" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3B0221F1-ipv4" name="fw2:eth2:1" address="192.168.2.1" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3DD1E161" name="fw2:eth2:2" address="192.168.2.40" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3CD2449F" label="" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3CD2449F-ipv4" name="address" netmask="255.0.0.0"/>
<IPv4 id="id3CD2449F-ipv4" name="address" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -5585,6 +5609,7 @@
<Option name="bridging_fw">False</Option>
<Option name="check_shading">False</Option>
<Option name="clamp_mss_to_mtu">True</Option>
<Option name="classify_mark_terminating">False</Option>
<Option name="cmdline"></Option>
<Option name="compiler"></Option>
<Option name="configure_interfaces">True</Option>
@ -5640,6 +5665,7 @@
<Option name="mgmt_addr"></Option>
<Option name="mgmt_ssh">False</Option>
<Option name="no_iochains_for_any">False</Option>
<Option name="no_ipv6_default_policy">False</Option>
<Option name="no_optimisation">False</Option>
<Option name="output_file"></Option>
<Option name="platform">iptables</Option>
@ -5655,7 +5681,7 @@
<Option name="ulog_nlgroup">1</Option>
<Option name="ulog_qthreshold">1</Option>
<Option name="useULOG">False</Option>
<Option name="use_ULOG">False</Option>
<Option name="use_ULOG">True</Option>
<Option name="use_ip_tool">True</Option>
<Option name="use_iptables_restore">False</Option>
<Option name="use_numeric_log_levels">False</Option>
@ -6214,16 +6240,16 @@
</Policy>
<Routing id="id3B0226B6-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3B02270A" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3B02270A-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3B02270A-ipv4" name="address" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B02270C" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3B02270C-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3B02270C-ipv4" name="address" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B0B57D2" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id3B0B57D2-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3B0B57D2-ipv4" name="address" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id465D5AF12072" label="" mgmt="False" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" comment="" id="id465D89B62072" name="firewall3:lo:ip" netmask="255.0.0.0"/>
<IPv4 comment="" id="id465D89B62072" name="firewall3:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -6996,19 +7022,19 @@
</Policy>
<Routing id="id3B0C6380-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3B0C63DF" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3B0C63DF-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3B0C63DF-ipv4" name="address" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="True" id="id3B0C63E1" label="" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="0.0.0.0" id="id3B0C63E1-ipv4" name="address" netmask="0.0.0.0"/>
<IPv4 id="id3B0C63E1-ipv4" name="address" address="0.0.0.0" netmask="0.0.0.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B0C63F3" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id3B0C63F3-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3B0C63F3-ipv4" name="address" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B0C63F5" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3B0C63F5-ipv4" name="address" netmask="255.0.0.0"/>
<IPv4 id="id3B0C63F5-ipv4" name="address" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3CD88A77" label="" name="eth3" security_level="0" unnum="False" unprotected="False">
<IPv4 address="222.222.222.222" id="id3CD88A77-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3CD88A77-ipv4" name="address" address="222.222.222.222" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -7102,7 +7128,7 @@
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="testing firewall_is_part_of_any_and_networks&#10;also testing SNAT and DNAT rules when external interface&#10;has dynamic address&#10;&#10;dynamic interface ppp0 has an address object attached to it&#10;(interface used to be static and had an address, then got&#10;converted to dynamic but address object is still there). Compiler&#10;should ignore this address object and issue a warning.&#10;" host_OS="linux24" id="id3B19BEE6" lastCompiled="1188097203" lastInstalled="1142003872" lastModified="1142003913" name="firewall5" platform="iptables" ro="False">
<Firewall comment="testing firewall_is_part_of_any_and_networks&#10;also testing SNAT and DNAT rules when external interface&#10;has dynamic address&#10;&#10;dynamic interface ppp0 has an address object attached to it&#10;(interface used to be static and had an address, then got&#10;converted to dynamic but address object is still there). Compiler&#10;should ignore this address object and issue a warning.&#10;" host_OS="linux24" id="id3B19BEE6" lastCompiled="1204560061" lastInstalled="1142003872" lastModified="1204560033" name="firewall5" platform="iptables" ro="False">
<NAT id="id3B19BEE7">
<NATRule disabled="False" id="id3CFD9EE2" position="0">
<OSrc neg="False">
@ -7146,7 +7172,28 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3CF5B9DB" position="2">
<NATRule comment="" disabled="False" id="id47CC86147550" position="2">
<OSrc neg="False">
<ObjectRef ref="id47CD183A7550"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="sysid1"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFADBF9"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule comment="" disabled="False" id="id3CF5B9DB" position="3">
<OSrc neg="False">
<ObjectRef ref="sysid0"/>
</OSrc>
@ -7309,7 +7356,7 @@
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3E9870D1"/>
<ObjectRef ref="id47CD183A7550"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
@ -7328,7 +7375,7 @@
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id3E9870D1"/>
<ObjectRef ref="id47CD183A7550"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="tcp-SSH"/>
@ -7443,13 +7490,13 @@
</Policy>
<Routing id="id3B19BEE6-routing"/>
<Interface bridgeport="False" comment="" dyn="True" id="id3B19BF3A" label="" mgmt="False" name="ppp0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id3EF959F7" name="firewall5:ppp0(ip)" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3EF959F7" name="firewall5:ppp0(ip)" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3B19BF58" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3B19BF58-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3B19BF58-ipv4" name="address" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3B19C51D" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id3B19C51D-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3B19C51D-ipv4" name="address" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="True" id="id3E8F5B6F" label="" mgmt="False" name="ppp1" security_level="0" unnum="False" unprotected="False"/>
<Management address="192.168.1.1">
@ -7711,10 +7758,10 @@
</Policy>
<Routing id="id3AF5A2BA-routing"/>
<Interface bridgeport="False" dyn="False" id="id3AF5A2CB" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3AF5A2CB-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3AF5A2CB-ipv4" name="address" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3AFB7090" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3AFB7090-ipv4" name="address" netmask="255.0.0.0"/>
<IPv4 id="id3AFB7090-ipv4" name="address" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Management address="127.0.0.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -8087,19 +8134,19 @@
</Policy>
<Routing id="id3C698F1D-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3C699013" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3C699013-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3C699013-ipv4" name="address" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3C69901D" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3C69901D-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3C69901D-ipv4" name="address" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3C699030" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" comment="" id="id3C699030-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3C699030-ipv4" name="address" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3C699032" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3C699032-ipv4" name="address" netmask="255.0.0.0"/>
<IPv4 id="id3C699032-ipv4" name="address" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3C699034" name="eth3" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.23" id="id3C699034-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3C699034-ipv4" name="address" address="22.22.23.23" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -8497,19 +8544,19 @@
</Policy>
<Routing id="id3C69BD4F-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3C69BD5C" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3C69BD5C-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3C69BD5C-ipv4" name="address" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3C69BD5E" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3C69BD5E-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3C69BD5E-ipv4" name="address" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3C69BD68" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id3C69BD68-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3C69BD68-ipv4" name="address" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3C69BD6A" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3C69BD6A-ipv4" name="address" netmask="255.0.0.0"/>
<IPv4 id="id3C69BD6A-ipv4" name="address" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3C69BD6C" name="eth3" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.23" id="id3C69BD6C-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3C69BD6C-ipv4" name="address" address="22.22.23.23" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -8592,13 +8639,13 @@
<Policy id="id3D0C1E71"/>
<Routing id="id3D0C1E6E-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3D0C1E77" label="fw8:eth0" mgmt="False" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="33.33.33.33" id="id3D0C1E77-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3D0C1E77-ipv4" name="address" address="33.33.33.33" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3D0C1E7A" label="fw8:eth1" mgmt="False" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="172.16.1.1" id="id3D0C1E7A-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3D0C1E7A-ipv4" name="address" address="172.16.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3D0C1E7D" label="fw8:eth2" mgmt="True" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.100.1" id="id3D0C1E7D-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3D0C1E7D-ipv4" name="address" address="192.168.100.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="True" id="id3EE24D62" label="fw8:ppp0" mgmt="False" name="ppp0" security_level="0" unnum="False" unprotected="False"/>
<Management address="192.168.100.1">
@ -8990,13 +9037,13 @@
</Policy>
<Routing id="id3D4DF34B-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3D4DF3B2" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3D4DF3B2-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3D4DF3B2-ipv4" name="address" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3D4DF3C8" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3D4DF3C8-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3D4DF3C8-ipv4" name="address" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3D4DF3CC" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3D4DF3CC-ipv4" name="address" netmask="255.0.0.0"/>
<IPv4 id="id3D4DF3CC-ipv4" name="address" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -9282,13 +9329,13 @@
</Policy>
<Routing id="id3D4F0A55-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3D4F0AA8" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3D4F0AA8-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3D4F0AA8-ipv4" name="address" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3D4F0AAA" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3D4F0AAA-ipv4" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3D4F0AAA-ipv4" name="address" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3D4F0AAC" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3D4F0AAC-ipv4" name="address" netmask="255.0.0.0"/>
<IPv4 id="id3D4F0AAC-ipv4" name="address" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -9803,11 +9850,11 @@
<Interface bridgeport="False" comment="this interface is part of the bridge" dyn="False" id="id3D94D531" label="" mgmt="False" name="eth0" security_level="100" unnum="True" unprotected="False"/>
<Interface bridgeport="False" comment="" dyn="True" id="id3D94D552" label="" mgmt="False" name="eth2" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" dyn="False" id="id3D94D558" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3D94D559" name="address" netmask="255.0.0.0"/>
<IPv4 id="id3D94D559" name="address" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="True" id="id3E21FC66" label="" mgmt="False" name="br0" security_level="100" unnum="False" unprotected="False"/>
<Interface bridgeport="False" comment="this interface has netmask 255.255.255.255, which is an error&#10;but compiler should handle it properly anyway.&#10;One typical mistake is to put rules that have fw or its interface&#10;in DST into FORWARD chain (shouldbe INPUT chain)&#10;&#10;This is the management interface of the bridging fw. This interface is connected to&#10;the protected subnet. There may be another interface connected to the same&#10;subnet, but that interface would be a bridging interface and have no address.&#10;" dyn="False" id="id3F28B886" label="" mgmt="True" name="eth3" security_level="100" unnum="False" unprotected="False">
<IPv4 address="10.1.1.1" comment="" id="id3F28B88A" name="firewall11:eth3(ip)" netmask="255.255.255.255"/>
<IPv4 comment="" id="id3F28B88A" name="firewall11:eth3(ip)" address="10.1.1.1" netmask="255.255.255.255"/>
</Interface>
<Interface bridgeport="False" comment="this interface is also a part of the bridge" dyn="False" id="id3F77AFD4" label="" mgmt="False" name="eth1" security_level="100" unnum="True" unprotected="False"/>
<Management address="10.1.1.1">
@ -10155,10 +10202,10 @@
</Policy>
<Routing id="id3DDDE6C3-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3DDDE6CE" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3DDDE6D0" name="firewall12" netmask="255.255.255.0"/>
<IPv4 id="id3DDDE6D0" name="firewall12" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3DDDE6D1" label="" mgmt="False" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.22" id="id3DDDE6D3" name="firewall12" netmask="255.255.255.0"/>
<IPv4 id="id3DDDE6D3" name="firewall12" address="22.22.23.22" netmask="255.255.255.0"/>
</Interface>
<Management address="22.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -10329,10 +10376,10 @@
</Policy>
<Routing id="id3DE68A18-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3DE68A83" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3DE68A84" name="firewall12" netmask="255.255.255.0"/>
<IPv4 id="id3DE68A84" name="firewall12" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3DE68A86" label="" mgmt="False" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.22" id="id3DE68A87" name="firewall12" netmask="255.255.255.0"/>
<IPv4 id="id3DE68A87" name="firewall12" address="22.22.23.22" netmask="255.255.255.0"/>
</Interface>
<Management address="22.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -10551,14 +10598,14 @@
<Policy id="id3DE71233"/>
<Routing id="id3DE71215-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3DE71252" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.22" comment="" id="id3DE71253" name="fe14:eth0" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3DE71253" name="fe14:eth0" address="192.168.1.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3DE71255" label="eth1(outside)" mgmt="False" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.22" comment="" id="id3DE71256" name="fw14:eth1:1" netmask="255.255.255.0"/>
<IPv4 address="22.22.23.160" comment="this address belongs to subnets of both interfaces - eth1 and eth2" id="id3DE71282" name="fw14:eth1:2" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3DE71256" name="fw14:eth1:1" address="22.22.23.22" netmask="255.255.255.0"/>
<IPv4 comment="this address belongs to subnets of both interfaces - eth1 and eth2" id="id3DE71282" name="fw14:eth1:2" address="22.22.23.160" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3DE7127D" label="eth2(dmz)" mgmt="False" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.132" comment="this interface is on the subnet that overlaps with eth1" id="id3DE7127F" name="fw14:eth2" netmask="255.255.255.128"/>
<IPv4 comment="this interface is on the subnet that overlaps with eth1" id="id3DE7127F" name="fw14:eth2" address="22.22.23.132" netmask="255.255.255.128"/>
</Interface>
<Management address="192.168.1.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -10668,13 +10715,13 @@
</Policy>
<Routing id="id3DE9128A-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3DE912F5" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3DE912F6" name="firewall12" netmask="255.255.255.0"/>
<IPv4 id="id3DE912F6" name="firewall12" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3DE912F8" label="" mgmt="False" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.22" id="id3DE912F9" name="firewall12" netmask="255.255.255.0"/>
<IPv4 id="id3DE912F9" name="firewall12" address="22.22.23.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3E587D10" label="" mgmt="False" name="lo" security_level="0" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" comment="" id="id3E587D14" name="firewall15:lo(ip)" netmask="255.0.0.0"/>
<IPv4 comment="" id="id3E587D14" name="firewall15:lo(ip)" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Management address="22.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -11082,13 +11129,13 @@
</Policy>
<Routing id="id3E189481-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3E1894E6" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.22" comment="" id="id3E1894E7" name="firewall16:eth0:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3E1894E7" name="firewall16:eth0:ip" address="192.168.1.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3E1894E9" label="eth1(outside)" mgmt="False" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.22" comment="" id="id3E1894EA" name="firewall16:eth1:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3E1894EA" name="firewall16:eth1:ip" address="22.22.23.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3E1894ED" label="eth2(dmz)" mgmt="False" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" comment="this interface is on the subnet that overlaps with eth1" id="id3E1894EE" name="firewall16:eth2:ip" netmask="255.255.255.0"/>
<IPv4 comment="this interface is on the subnet that overlaps with eth1" id="id3E1894EE" name="firewall16:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -11382,21 +11429,21 @@
</Policy>
<Routing id="id3E1C6B9C-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3E1C6BDD" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3E1C6BDE" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3E1C6BDE" name="address" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3E1C6BE0" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id3E1C6BE1" name="address" netmask="255.255.255.0"/>
<IPv4 address="33.33.33.33" comment="" id="id3E1C6BFB" name="firewall17:eth1(ip)" netmask="255.255.255.0"/>
<IPv4 id="id3E1C6BE1" name="address" address="22.22.22.22" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3E1C6BFB" name="firewall17:eth1(ip)" address="33.33.33.33" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3E1C6BEB" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" comment="" id="id3E1C6BEC" name="address" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3E1C6BEC" name="address" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3E1C6BEE" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3E1C6BEF" name="address" netmask="255.0.0.0"/>
<IPv4 id="id3E1C6BEF" name="address" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3E1C6BF1" name="eth3" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.23" id="id3E1C6BF2" name="address" netmask="255.255.255.0"/>
<IPv4 address="44.44.44.44" comment="" id="id3E1C6BFC" name="firewall17:eth3(ip)" netmask="255.255.255.0"/>
<IPv4 id="id3E1C6BF2" name="address" address="22.22.23.23" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3E1C6BFC" name="firewall17:eth3(ip)" address="44.44.44.44" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -11724,16 +11771,16 @@
</Policy>
<Routing id="id3EE4CB81-routing"/>
<Interface bridgeport="False" dyn="False" id="id3EE4CB88" label="" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="66.66.66.1" comment="" id="id3EE4CB8A" name="firewall18:eth2(ip)" netmask="255.255.255.128"/>
<IPv4 comment="" id="id3EE4CB8A" name="firewall18:eth2(ip)" address="66.66.66.1" netmask="255.255.255.128"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3EE4CB8B" label="" name="eth0" security_level="33" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3EE4CB8D" name="firewall18:eth0(ip)" netmask="255.255.255.0"/>
<IPv4 id="id3EE4CB8D" name="firewall18:eth0(ip)" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3EE4CB8E" label="" name="eth1" security_level="66" unnum="False" unprotected="False">
<IPv4 address="66.66.66.130" comment="" id="id3EE4CB90" name="firewall18:eth1(ip)" netmask="255.255.255.128"/>
<IPv4 comment="" id="id3EE4CB90" name="firewall18:eth1(ip)" address="66.66.66.130" netmask="255.255.255.128"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3EE4CB91" label="" name="lo" security_level="99" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3EE4CB93" name="firewall18:lo(ip)" netmask="255.0.0.0"/>
<IPv4 id="id3EE4CB93" name="firewall18:lo(ip)" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="True" id="id3EE4CD4C" label="" mgmt="False" name="ppp0" security_level="0" unnum="False" unprotected="False"/>
<Management address="0.0.0.0">
@ -12102,16 +12149,16 @@
</Policy>
<Routing id="id3EF7F809-routing"/>
<Interface bridgeport="False" dyn="False" id="id3EF7F86E" label="" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="66.66.66.1" comment="" id="id3EF7F86F" name="firewall18:eth2(ip)" netmask="255.255.255.128"/>
<IPv4 comment="" id="id3EF7F86F" name="firewall18:eth2(ip)" address="66.66.66.1" netmask="255.255.255.128"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3EF7F871" label="" name="eth0" security_level="33" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3EF7F872" name="firewall18:eth0(ip)" netmask="255.255.255.0"/>
<IPv4 id="id3EF7F872" name="firewall18:eth0(ip)" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3EF7F87E" label="" name="eth1" security_level="66" unnum="False" unprotected="False">
<IPv4 address="66.66.66.130" comment="" id="id3EF7F87F" name="firewall18:eth1(ip)" netmask="255.255.255.128"/>
<IPv4 comment="" id="id3EF7F87F" name="firewall18:eth1(ip)" address="66.66.66.130" netmask="255.255.255.128"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3EF7F881" label="" name="lo" security_level="99" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3EF7F882" name="firewall18:lo(ip)" netmask="255.0.0.0"/>
<IPv4 id="id3EF7F882" name="firewall18:lo(ip)" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="True" id="id3EF7F8B0" label="" mgmt="False" name="ppp0" security_level="0" unnum="False" unprotected="False"/>
<Management address="0.0.0.0">
@ -12636,13 +12683,13 @@
</Policy>
<Routing id="id3EFBC648-routing"/>
<Interface bridgeport="False" comment="" dyn="True" id="id3EFBC6F1" label="" mgmt="False" name="ppp*" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id3EFBC6F2" name="firewall5:ppp0(ip)" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3EFBC6F2" name="firewall5:ppp0(ip)" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3EFBC6FF" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3EFBC700" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3EFBC700" name="address" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id3EFBC702" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id3EFBC703" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3EFBC703" name="address" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -12825,10 +12872,10 @@
<Interface bridgeport="False" comment="" dyn="True" id="id3F29FAF4" label="" mgmt="False" name="eth0" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" comment="" dyn="True" id="id3F29FAF7" label="" mgmt="False" name="eth1" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" dyn="False" id="id3F29FB06" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3F29FB07" name="address" netmask="255.0.0.0"/>
<IPv4 id="id3F29FB07" name="address" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3F29FB90" label="" mgmt="True" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.100" comment="" id="id3F29FB92" name="firewall21:eth2(ip)" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3F29FB92" name="firewall21:eth2(ip)" address="192.168.1.100" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -13024,10 +13071,10 @@
</Policy>
<Routing id="id3FADB89A-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id3FADB988" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id3FADB989" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3FADB989" name="address" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id3FADB98B" label="" mgmt="False" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id3FADB98C" name="address" netmask="255.255.255.0"/>
<IPv4 id="id3FADB98C" name="address" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -13419,10 +13466,10 @@
<Routing id="id3FB32E8E-routing"/>
<Interface bridgeport="False" comment="this interface is part of the bridge" dyn="False" id="id3FB32F13" label="" mgmt="False" name="eth*" security_level="100" unnum="True" unprotected="False"/>
<Interface bridgeport="False" dyn="False" id="id3FB32F49" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id3FB32F4A" name="address" netmask="255.0.0.0"/>
<IPv4 id="id3FB32F4A" name="address" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="c" dyn="False" id="id3FB32F4C" label="" mgmt="False" name="br0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id3FB331CD" name="firewall23:br0(ip)" netmask="255.255.255.0"/>
<IPv4 comment="" id="id3FB331CD" name="firewall23:br0(ip)" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -13889,10 +13936,10 @@
<Routing id="id402B23A8-routing"/>
<Interface bridgeport="False" comment="this interface is part of the bridge" dyn="False" id="id402B2411" label="" mgmt="False" name="tun*" security_level="100" unnum="True" unprotected="False"/>
<Interface bridgeport="False" dyn="False" id="id402B2459" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id402B245A" name="address" netmask="255.0.0.0"/>
<IPv4 id="id402B245A" name="address" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id402B245C" label="" mgmt="False" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id402B245D" name="firewall23:eth0(ip)" netmask="255.255.255.0"/>
<IPv4 comment="" id="id402B245D" name="firewall23:eth0(ip)" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -14072,10 +14119,10 @@
</Policy>
<Routing id="id41528C2C-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id41528C53" label="outside" mgmt="True" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="10.3.14.58" comment="" id="id41528C88" name="rh90:eth0:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id41528C88" name="rh90:eth0:ip" address="10.3.14.58" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id41528C6A" label="loopback" mgmt="False" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" comment="" id="id41528C82" name="rh90:lo:ip" netmask="255.0.0.0"/>
<IPv4 comment="" id="id41528C82" name="rh90:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -14094,10 +14141,10 @@ cat &gt; %FWDIR%/%FWSCRIPT%;
echo '%FWBPROMPT%'; chmod +x %FWDIR%/%FWSCRIPT%; sudo -S %FWDIR%/%FWSCRIPT%; sudo -S ps ax|awk '/shutdown/ {printf &quot;kill %d\n&quot;,$1;}'|sh
echo '%FWBPROMPT%'; chmod +x %FWDIR%/%FWSCRIPT%; sudo -S %FWDIR%/%FWSCRIPT%; sudo -S ps ax|awk '/shutdown/ {printf "kill %d\n",$1;}'|sh
echo '%FWBPROMPT%'; chmod +x %FWDIR%/%FWSCRIPT%; sudo -S %FWDIR%/%FWSCRIPT%; sudo -S ps ax|awk '/shutdown/ {printf &quot;kill %d\n&quot;,$1;}'|sh
echo '%FWBPROMPT%'; chmod +x %FWDIR%/%FWSCRIPT%; sudo -S %FWDIR%/%FWSCRIPT%; sudo -S ps ax|awk '/shutdown/ {printf "kill %d\n",$1;}'|sh
@ -14119,10 +14166,10 @@ cat &gt; %FWDIR%/%FWSCRIPT%;
echo '%FWBPROMPT%'; sh %FWDIR%/%FWSCRIPT%; ps ax|awk '/shutdown/ {printf &quot;kill %d\n&quot;,$1;}'|sh
echo '%FWBPROMPT%'; sh %FWDIR%/%FWSCRIPT%; ps ax|awk '/shutdown/ {printf "kill %d\n",$1;}'|sh
echo '%FWBPROMPT%'; sh %FWDIR%/%FWSCRIPT%; ps ax|awk '/shutdown/ {printf &quot;kill %d\n&quot;,$1;}'|sh
echo '%FWBPROMPT%'; sh %FWDIR%/%FWSCRIPT%; ps ax|awk '/shutdown/ {printf "kill %d\n",$1;}'|sh
@ -14622,13 +14669,13 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Policy>
<Routing id="id417C680B-routing"/>
<Interface bridgeport="False" comment="" dyn="True" id="id417C68C6" label="" mgmt="False" name="ppp*" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id417C6932" name="firewall25:ppp*:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id417C6932" name="firewall25:ppp*:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id417C6933" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id417C6937" name="firewall25:eth0:ip" netmask="255.255.255.0"/>
<IPv4 id="id417C6937" name="firewall25:eth0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id417C6938" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id417C6950" name="firewall25:eth2:ip" netmask="255.255.255.0"/>
<IPv4 id="id417C6950" name="firewall25:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -15156,10 +15203,10 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Routing id="id418C4609-routing"/>
<Interface bridgeport="False" comment="" dyn="True" id="id418C46C4" label="" mgmt="False" name="ppp" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" comment="" dyn="False" id="id418C4731" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id418C4735" name="firewall26:eth0:ip" netmask="255.255.255.0"/>
<IPv4 id="id418C4735" name="firewall26:eth0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id418C4736" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id418C474E" name="firewall26:eth2:ip" netmask="255.255.255.0"/>
<IPv4 id="id418C474E" name="firewall26:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -15246,7 +15293,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">True</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="this firewall uses iptables-restore format&#10;all interfaces have static addresses, script pipes iptables commands straight to iptables-restore" host_OS="linux24" id="id4183D041" lastCompiled="1188097071" lastInstalled="1142003872" lastModified="1142003913" name="firewall27" platform="iptables" ro="False" version="">
<Firewall comment="this firewall uses iptables-restore format&#10;all interfaces have static addresses, script pipes iptables commands straight to iptables-restore" host_OS="linux24" id="id4183D041" inactive="False" lastCompiled="1197477543" lastInstalled="1142003872" lastModified="1197477519" name="firewall27" platform="iptables" ro="False" version="">
<NAT id="id4183D0C3">
<NATRule disabled="False" id="id4183D0C4" position="0">
<OSrc neg="False">
@ -15686,13 +15733,13 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Policy>
<Routing id="id4183D041-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id4183D0FC" label="" mgmt="False" name="ppp" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.0.2.1" comment="" id="id4183D18A" name="firewall27:ppp:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id4183D18A" name="firewall27:ppp:ip" address="192.0.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id4183D167" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id4183D16B" name="firewall27:eth0:ip" netmask="255.255.255.0"/>
<IPv4 id="id4183D16B" name="firewall27:eth0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id4183D16C" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id4183D184" name="firewall27:eth2:ip" netmask="255.255.255.0"/>
<IPv4 id="id4183D184" name="firewall27:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -15883,10 +15930,10 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Policy>
<Routing id="id419DC88E-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id419DC8CF" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.0" comment="" id="id419DC8D3" name="firewall28:eth0:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id419DC8D3" name="firewall28:eth0:ip" address="192.168.1.0" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id419DC8D4" label="" mgmt="False" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.22" id="id419DC8D8" name="firewall28:eth1:ip" netmask="255.255.255.0"/>
<IPv4 id="id419DC8D8" name="firewall28:eth1:ip" address="22.22.23.22" netmask="255.255.255.0"/>
</Interface>
<Management address="22.22.22.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -16073,10 +16120,10 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Interface bridgeport="False" comment="VLAN interface" dyn="True" id="id41D29492" label="" mgmt="False" name="eth0.200" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" comment="VLAN interface" dyn="True" id="id41D294A9" label="" mgmt="False" name="eth0.100" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" dyn="False" id="id41D294AC" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id41D294B0" name="firewall29:lo:ip" netmask="255.0.0.0"/>
<IPv4 id="id41D294B0" name="firewall29:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id41D294B1" label="" mgmt="True" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.100" comment="" id="id41D294B5" name="firewall29:eth1:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id41D294B5" name="firewall29:eth1:ip" address="192.168.1.100" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -16216,13 +16263,13 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Policy>
<Routing id="id41F62B80-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id41F62C34" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id41F62C38" name="firewall30:eth0:ip" netmask="255.255.255.0"/>
<IPv4 id="id41F62C38" name="firewall30:eth0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id41F62C39" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id41F62C51" name="firewall30:eth1:ip" netmask="255.255.255.0"/>
<IPv4 id="id41F62C51" name="firewall30:eth1:ip" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id41F62C57" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id41F62C5B" name="firewall30:lo:ip" netmask="255.0.0.0"/>
<IPv4 id="id41F62C5B" name="firewall30:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -16437,10 +16484,10 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Policy>
<Routing id="id429910D5-routing"/>
<Interface bridgeport="False" comment="" dyn="False" id="id429910DC" label="" mgmt="False" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="33.33.33.33" id="id429910E0" name="firewall31:eth0:ip" netmask="255.255.255.0"/>
<IPv4 id="id429910E0" name="firewall31:eth0:ip" address="33.33.33.33" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id429910E1" label="" mgmt="False" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id429910E5" name="firewall31:eth1:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id429910E5" name="firewall31:eth1:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="True" id="id429910EB" label="" mgmt="False" name="ppp0" security_level="0" unnum="False" unprotected="False"/>
<Management address="0.0.0.0">
@ -16523,7 +16570,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="testing AddressTable" host_OS="linux24" id="id43868A331434" lastCompiled="1188097112" lastInstalled="1142003872" lastModified="0" name="firewall32" platform="iptables" ro="False" version="">
<Firewall comment="testing AddressTable" host_OS="linux24" id="id43868A331434" lastCompiled="1188097112" lastInstalled="1142003872" lastModified="1205611789" name="firewall32" platform="iptables" ro="False" version="">
<NAT id="id43868A6D1434">
<NATRule disabled="False" id="id43868A6E1434" position="0">
<OSrc neg="False">
@ -16629,10 +16676,10 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Routing id="id43868A7D1434"/>
<Interface bridgeport="False" comment="VLAN interface" dyn="True" id="id43868A7F1434" label="" mgmt="False" name="eth0.100" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" dyn="False" id="id43868A801434" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id43868A821434" name="firewall32:lo:ip" netmask="255.0.0.0"/>
<IPv4 id="id43868A821434" name="firewall32:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id43868A831434" label="" mgmt="True" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.100" comment="" id="id43868A851434" name="firewall32:eth1:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id43868A851434" name="firewall32:eth1:ip" address="192.168.1.100" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -16724,7 +16771,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="testing DNSName object" host_OS="linux24" id="id43867C1018346" lastCompiled="1188097121" lastInstalled="1142003872" lastModified="0" name="firewall33" platform="iptables" ro="False" version="">
<Firewall comment="testing DNSName object" host_OS="linux24" id="id43867C1018346" lastCompiled="1188097121" lastInstalled="1142003872" lastModified="1205119254" name="firewall33" platform="iptables" ro="False" version="">
<NAT id="id43867C4818346">
<NATRule disabled="False" id="id43867C4918346" position="0">
<OSrc neg="False">
@ -17061,7 +17108,28 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</When>
<PolicyRuleOptions/>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id43867C3C18346" log="True" position="12">
<PolicyRule action="Accept" comment="test for bug #1905718&#10;Group of DNS Name objects considered empty&#10;" direction="Both" disabled="False" id="id47CBF5D429252" log="False" position="12">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="id47CBF5D129252"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="sysid0"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="color">#C0BA44</Option>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule action="Deny" direction="Both" disabled="False" id="id43867C3C18346" log="True" position="13">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -17085,10 +17153,10 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Routing id="id43867C5718346"/>
<Interface bridgeport="False" comment="VLAN interface" dyn="True" id="id43867C5818346" label="" mgmt="False" name="eth0.100" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" dyn="False" id="id43867C5918346" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id43867C5B18346" name="firewall33:lo:ip" netmask="255.0.0.0"/>
<IPv4 id="id43867C5B18346" name="firewall33:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id43867C5C18346" label="" mgmt="True" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.100" comment="" id="id43867C5E18346" name="firewall33:eth1:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id43867C5E18346" name="firewall33:eth1:ip" address="192.168.1.100" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -17180,7 +17248,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall comment="testing AddressTable object" host_OS="linux24" id="id4389EDAE18346" inactive="False" lastCompiled="1188097128" lastInstalled="1142003872" lastModified="1167289689" name="firewall34" platform="iptables" ro="False" version="">
<Firewall comment="testing AddressTable object" host_OS="linux24" id="id4389EDAE18346" inactive="False" lastCompiled="1188097128" lastInstalled="1142003872" lastModified="1205611807" name="firewall34" platform="iptables" ro="False" version="">
<NAT id="id4389EE4818346">
<NATRule disabled="False" id="id4389EEB018346" position="0">
<OSrc neg="True">
@ -17555,10 +17623,10 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Routing id="id4389EE8318346"/>
<Interface bridgeport="False" comment="VLAN interface" dyn="True" id="id4389EE8418346" label="" mgmt="False" name="eth0.100" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" dyn="False" id="id4389EE8518346" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id4389EE8718346" name="firewall34:lo:ip" netmask="255.0.0.0"/>
<IPv4 id="id4389EE8718346" name="firewall34:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id4389EE8818346" label="" mgmt="True" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.100" comment="" id="id4389EE8A18346" name="firewall34:eth1:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id4389EE8A18346" name="firewall34:eth1:ip" address="192.168.1.100" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -17935,10 +18003,10 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Routing id="id439255AB25682"/>
<Interface bridgeport="False" comment="VLAN interface" dyn="True" id="id439255AC25682" label="" mgmt="False" name="eth0.100" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" dyn="False" id="id439255AD25682" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id439255AF25682" name="firewall35:lo:ip" netmask="255.0.0.0"/>
<IPv4 id="id439255AF25682" name="firewall35:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id439255B025682" label="" mgmt="True" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.100" comment="" id="id439255B225682" name="firewall35:eth1:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id439255B225682" name="firewall35:eth1:ip" address="192.168.1.100" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.100">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -18331,16 +18399,16 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</RoutingRule>
</Routing>
<Interface bridgeport="False" comment="" dyn="False" id="id43A2C03B16451" label="" mgmt="False" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.0.2.1" comment="This is a test address, change it to your real one" id="id43A2C03D16451" name="firewall36:eth0:ip" netmask="255.255.255.0"/>
<IPv4 comment="This is a test address, change it to your real one" id="id43A2C03D16451" name="firewall36:eth0:ip" address="192.0.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id43A2C03E16451" label="" mgmt="True" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id43A2C04016451" name="firewall36:eth1:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id43A2C04016451" name="firewall36:eth1:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id43A2C04116451" label="loopback" mgmt="False" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" comment="" id="id43A2C04316451" name="firewall36:lo:ip" netmask="255.0.0.0"/>
<IPv4 comment="" id="id43A2C04316451" name="firewall36:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id43A2C04416451" label="" mgmt="False" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.0.100.1" comment="" id="id43A2C04616451" name="firewall36:eth2:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id43A2C04616451" name="firewall36:eth2:ip" address="192.0.100.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -19299,13 +19367,13 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Policy>
<Routing id="id43BB81789745"/>
<Interface bridgeport="False" comment="" dyn="False" id="id43BB81799745" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.22" comment="" id="id43BB817B9745" name="firewall37:eth0:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id43BB817B9745" name="firewall37:eth0:ip" address="192.168.1.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id43BB817C9745" label="eth1(outside)" mgmt="False" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.22" comment="" id="id43BB817E9745" name="firewall37:eth1:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id43BB817E9745" name="firewall37:eth1:ip" address="22.22.23.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id43BB817F9745" label="eth2(dmz)" mgmt="False" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" comment="this interface is on the subnet that overlaps with eth1" id="id43BB81819745" name="firewall37:eth2:ip" netmask="255.255.255.0"/>
<IPv4 comment="this interface is on the subnet that overlaps with eth1" id="id43BB81819745" name="firewall37:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -19859,13 +19927,13 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Policy>
<Routing id="id43BBF1F99745"/>
<Interface bridgeport="False" comment="" dyn="False" id="id43BBF1FA9745" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.22" comment="" id="id43BBF1FC9745" name="firewall38:eth0:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id43BBF1FC9745" name="firewall38:eth0:ip" address="192.168.1.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id43BBF1FD9745" label="eth1(outside)" mgmt="False" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.22" comment="" id="id43BBF1FF9745" name="firewall38:eth1:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id43BBF1FF9745" name="firewall38:eth1:ip" address="22.22.23.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id43BBF2009745" label="eth2(dmz)" mgmt="False" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" comment="this interface is on the subnet that overlaps with eth1" id="id43BBF2029745" name="firewall38:eth2:ip" netmask="255.255.255.0"/>
<IPv4 comment="this interface is on the subnet that overlaps with eth1" id="id43BBF2029745" name="firewall38:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -20412,10 +20480,10 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Routing id="id440C062C14846"/>
<Interface bridgeport="True" comment="this interface is part of the bridge" dyn="False" id="id440C062D14846" label="" mgmt="False" name="eth2" security_level="100" unnum="False" unprotected="False"/>
<Interface bridgeport="False" dyn="False" id="id440C062E14846" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id440C063014846" name="firewall23-1:lo:ip" netmask="255.0.0.0"/>
<IPv4 id="id440C063014846" name="firewall23-1:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id440C063114846" label="" mgmt="False" name="br0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id440C063314846" name="firewall23-1:br0:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id440C063314846" name="firewall23-1:br0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="True" comment="" dyn="False" id="id440C063914846" label="" mgmt="False" name="eth3" security_level="100" unnum="False" unprotected="False"/>
<Management address="192.168.1.1">
@ -21494,13 +21562,13 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Policy>
<Routing id="id445DA36A30753"/>
<Interface bridgeport="False" comment="" dyn="False" id="id445DA36B30753" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.22" comment="" id="id445DA36D30753" name="firewall39:eth0:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id445DA36D30753" name="firewall39:eth0:ip" address="192.168.1.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id445DA36E30753" label="eth1(outside)" mgmt="False" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.22" comment="" id="id445DA37030753" name="firewall39:eth1:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id445DA37030753" name="firewall39:eth1:ip" address="22.22.23.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id445DA37130753" label="eth2(dmz)" mgmt="False" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" comment="this interface is on the subnet that overlaps with eth1" id="id445DA37330753" name="firewall39:eth2:ip" netmask="255.255.255.0"/>
<IPv4 comment="this interface is on the subnet that overlaps with eth1" id="id445DA37330753" name="firewall39:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -21813,16 +21881,16 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Policy>
<Routing id="id4492FF3D24380"/>
<Interface bridgeport="False" comment="" dyn="False" id="id4492FF4E24380" label="" mgmt="False" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.0.2.1" comment="This is a test address, change it to your real one" id="id4492FF5024380" name="firewall40:eth0:ip" netmask="255.255.255.0"/>
<IPv4 comment="This is a test address, change it to your real one" id="id4492FF5024380" name="firewall40:eth0:ip" address="192.0.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id4492FF5424380" label="loopback" mgmt="False" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" comment="" id="id4492FF5624380" name="firewall40:lo:ip" netmask="255.0.0.0"/>
<IPv4 comment="" id="id4492FF5624380" name="firewall40:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id4492FF5724380" label="" mgmt="False" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.0.100.1" comment="" id="id4492FF5924380" name="firewall40:eth2:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id4492FF5924380" name="firewall40:eth2:ip" address="192.0.100.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id4492FF6024380" label="" mgmt="True" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id4492FF6124380" name="firewall40:eth1:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id4492FF6124380" name="firewall40:eth1:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -21963,10 +22031,10 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Policy>
<Routing id="id44EC18178791"/>
<Interface bridgeport="False" dyn="False" id="id44EC18188791" label="ext" name="eth0" security_level="0" unnum="False" unprotected="False">
<IPv4 address="1.1.1.1" id="id44EC18198791" name="firewall41:eth0:ip" netmask="255.255.255.0"/>
<IPv4 id="id44EC18198791" name="firewall41:eth0:ip" address="1.1.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id44EC181A8791" label="int" name="eth1" security_level="50" unnum="False" unprotected="False">
<IPv4 address="2.2.2.2" id="id44EC181B8791" name="firewall41:eth1:ip" netmask="255.255.255.0"/>
<IPv4 id="id44EC181B8791" name="firewall41:eth1:ip" address="2.2.2.2" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -22214,13 +22282,13 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Policy>
<Routing id="id4513DEAB2143"/>
<Interface bridgeport="False" dyn="False" id="id4513DEAC2143" label="" name="eth0" security_level="50" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id4513DEAD2143" name="test-shadowing-1:eth0:ip" netmask="255.255.255.0"/>
<IPv4 id="id4513DEAD2143" name="test-shadowing-1:eth0:ip" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id4513DEAE2143" label="" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id4513DEAF2143" name="test-shadowing-1:eth1:ip" netmask="255.255.255.0"/>
<IPv4 id="id4513DEAF2143" name="test-shadowing-1:eth1:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id4513DEB02143" label="" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id4513DEB12143" name="test-shadowing-1:eth2:ip" netmask="255.255.255.0"/>
<IPv4 id="id4513DEB12143" name="test-shadowing-1:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.2.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -22457,13 +22525,13 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Policy>
<Routing id="id451489082143"/>
<Interface bridgeport="False" dyn="False" id="id451489092143" label="" name="eth0" security_level="50" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id4514890B2143" name="test-shadowing-2:eth0:ip" netmask="255.255.255.0"/>
<IPv4 id="id4514890B2143" name="test-shadowing-2:eth0:ip" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id4514890C2143" label="" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id4514890E2143" name="test-shadowing-2:eth1:ip" netmask="255.255.255.0"/>
<IPv4 id="id4514890E2143" name="test-shadowing-2:eth1:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id4514890F2143" label="" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id451489112143" name="test-shadowing-2:eth2:ip" netmask="255.255.255.0"/>
<IPv4 id="id451489112143" name="test-shadowing-2:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.2.1">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -23678,13 +23746,13 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Policy>
<Routing id="id45AB5C6225451"/>
<Interface bridgeport="False" comment="" dyn="False" id="id45AB5C6325451" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.22" comment="" id="id45AB5C6525451" name="firewall37-1:eth0:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id45AB5C6525451" name="firewall37-1:eth0:ip" address="192.168.1.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id45AB5C6625451" label="eth1(outside)" mgmt="False" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.22" comment="" id="id45AB5C6825451" name="firewall37-1:eth1:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id45AB5C6825451" name="firewall37-1:eth1:ip" address="22.22.23.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id45AB5C6925451" label="eth2(dmz)" mgmt="False" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" comment="this interface is on the subnet that overlaps with eth1" id="id45AB5C6B25451" name="firewall37-1:eth2:ip" netmask="255.255.255.0"/>
<IPv4 comment="this interface is on the subnet that overlaps with eth1" id="id45AB5C6B25451" name="firewall37-1:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.22">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
@ -23862,11 +23930,11 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Routing id="id46EFBE4631183"/>
<Interface bridgeport="False" comment="" dyn="True" id="id46EFBE4731183" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False"/>
<Interface bridgeport="False" dyn="False" id="id46EFBE4A31183" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id46EFBE4C31183" name="firewall42:eth1:ip" netmask="255.255.255.0"/>
<IPv4 id="id46EFBE4C31183" name="firewall42:eth1:ip" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id46EFBE5031183" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id46EFBE5231183" name="firewall42:lo:ip" netmask="255.0.0.0"/>
<IPv4 address="192.168.1.1" comment="" id="id46EFBE5B31183" name="firewall42:lo:ip-1" netmask="255.255.255.0"/>
<IPv4 id="id46EFBE5231183" name="firewall42:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
<IPv4 comment="" id="id46EFBE5B31183" name="firewall42:lo:ip-1" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -24095,14 +24163,14 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Policy>
<Routing id="id47339EDD19714"/>
<Interface bridgeport="False" comment="" dyn="False" id="id47339EDE19714" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id47339EF819714" name="firewall50:eth0:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id47339EF819714" name="firewall50:eth0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id47339EDF19714" name="eth1" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.22.22" id="id47339EE119714" name="firewall50:eth1:ip" netmask="255.255.255.0"/>
<IPv4 id="id47339EE119714" name="firewall50:eth1:ip" address="22.22.22.22" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id47339EE219714" name="lo" security_level="100" unnum="False" unprotected="False">
<IPv4 address="127.0.0.1" id="id47339EE519714" name="firewall50:lo:ip1" netmask="255.0.0.0"/>
<IPv4 address="192.168.1.1" comment="" id="id47339EE619714" name="firewall50:lo:ip2" netmask="255.255.255.0"/>
<IPv4 id="id47339EE519714" name="firewall50:lo:ip1" address="127.0.0.1" netmask="255.0.0.0"/>
<IPv4 comment="" id="id47339EE619714" name="firewall50:lo:ip2" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -24204,7 +24272,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Library>
<Library id="sysid99" name="Deleted Objects" ro="False">
<ObjectRef ref="sysid0"/>
<IPv4 address="192.168.1.1" comment="" id="id41D295E2" name="firewall30:ppp.200*:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id41D295E2" name="firewall30:ppp.200*:ip" address="192.168.1.1" netmask="255.255.255.0"/>
<Firewall comment="dynamic wildcard interface with a dot in the name" host_OS="linux24" id="id41D294BB" lastCompiled="0" lastInstalled="0" lastModified="0" name="firewall30" platform="iptables" ro="False" version="">
<NAT id="id41D2953D">
<NATRule disabled="False" id="id41D2953E" position="0">
@ -24646,10 +24714,10 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Routing id="id41D294BB-routing"/>
<Interface bridgeport="False" comment="" dyn="True" id="id41D29576" label="" mgmt="False" name="ppp.200*" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" comment="" dyn="False" id="id41D295E3" label="" mgmt="True" name="eth0" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" id="id41D295E7" name="firewall30:eth0:ip" netmask="255.255.255.0"/>
<IPv4 id="id41D295E7" name="firewall30:eth0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id41D295E8" name="eth2" security_level="0" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id41D29600" name="firewall30:eth2:ip" netmask="255.255.255.0"/>
<IPv4 id="id41D29600" name="firewall30:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Management address="192.168.1.1">
<SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
@ -24738,19 +24806,19 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</FirewallOptions>
</Firewall>
<Interface bridgeport="False" dyn="False" id="id41F62C5C" name="eth3" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.23" id="id41F62C60" name="firewall30:eth3:ip" netmask="255.255.255.0"/>
<IPv4 id="id41F62C60" name="firewall30:eth3:ip" address="22.22.23.23" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id41F62C52" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" comment="" id="id41F62C56" name="firewall30:eth2:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id41F62C56" name="firewall30:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="" dyn="False" id="id429910E6" label="fw8:eth2" mgmt="True" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.100.1" id="id429910EA" name="firewall31:eth2:ip" netmask="255.255.255.0"/>
<IPv4 id="id429910EA" name="firewall31:eth2:ip" address="192.168.100.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" comment="VLAN interface" dyn="True" id="id43868A7E1434" label="" mgmt="False" name="eth0.200" security_level="0" unnum="False" unprotected="False"/>
<Interface bridgeport="False" comment="" dyn="False" id="id4492FF5124380" label="" mgmt="True" name="eth1" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.1.1" comment="" id="id4492FF5324380" name="firewall40:eth1:ip" netmask="255.255.255.0"/>
<IPv4 comment="" id="id4492FF5324380" name="firewall40:eth1:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Interface>
<IPv4 address="0.0.0.0" id="id4492FF5F24380" name="firewall40:eth0:ip-1" netmask="0.0.0.0"/>
<IPv4 id="id4492FF5F24380" name="firewall40:eth0:ip-1" address="0.0.0.0" netmask="0.0.0.0"/>
<Library color="#d2ffd0" comment="" id="id44EC13FB8791" name="tmp" ro="False">
<ObjectGroup id="id44EC13FC8791" name="Objects">
<ObjectGroup id="id44EC13FD8791" name="Addresses"/>
@ -24774,12 +24842,12 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<IntervalGroup id="id44EC140D8791" name="Time"/>
</Library>
<Interface bridgeport="False" dyn="False" id="id46EFBE4D31183" name="eth2" security_level="100" unnum="False" unprotected="False">
<IPv4 address="192.168.2.1" id="id46EFBE4F31183" name="firewall42:eth2:ip" netmask="255.255.255.0"/>
<IPv4 id="id46EFBE4F31183" name="firewall42:eth2:ip" address="192.168.2.1" netmask="255.255.255.0"/>
</Interface>
<Interface bridgeport="False" dyn="False" id="id46EFBE5331183" name="eth3" security_level="0" unnum="False" unprotected="False">
<IPv4 address="22.22.23.23" id="id46EFBE5531183" name="firewall42:eth3:ip" netmask="255.255.255.0"/>
<IPv4 id="id46EFBE5531183" name="firewall42:eth3:ip" address="22.22.23.23" netmask="255.255.255.0"/>
</Interface>
<IPv4 address="192.168.1.1" id="id46EFBE4931183" name="firewall42:eth0:ip" netmask="255.255.255.0"/>
<IPv4 id="id46EFBE4931183" name="firewall42:eth0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
</Library>
<Library color="#FFFFFF" comment="" id="id4387B43718346" name="transfer" ro="False">
<ObjectGroup id="id4387B43818346" name="Objects">

1868
test/pf/objects-for-regression-tests.fwb
View File

File diff suppressed because it is too large Load Diff

4
test/pix/quick-cmp.sh
View File

@ -2,7 +2,9 @@
$XMLFILE=@ARGV[0];
$DIFFCMD="diff -0 -u -b -B -I \"! Generated\" ";
$DIFFCMD="diff -C 1 -c -b -B -I \"! Generated\" -I 'Activating ' -I '! Firewall Builder fwb_pix v' -I 'Can not find file' ";
#$DIFFCMD="diff -u -b -B -I \"! Generated\" ";
while (<>) {
$str=$_;