mirror of
https://github.com/fwbuilder/fwbuilder
synced 2025-11-06 18:52:58 +01:00
see #2394 using InterfaceProperties class to guess where WORD is an interface name or host name; Lexer generates IPV6 token for "1000:1010" port range configuration, could not find a way to fix this in the lexer so using this token to parse port ranges in the parser; added unit test for host "from" and "to" matches, including interface name and host name matches
This commit is contained in:
Vadim Kurland
parent
b9dfdd5d2c
commit
58eb1a865e
@ -42,6 +42,7 @@
|
||||
#include <QDebug>
|
||||
#include <QObject>
|
||||
#include <QStringList>
|
||||
#include <QRegExp>
|
||||
|
||||
|
||||
using namespace std;
|
||||
@ -63,6 +64,18 @@ bool interfaceProperties::looksLikeVlanInterface(const QString &int_name)
|
||||
return parseVlan(int_name, NULL, NULL);
|
||||
}
|
||||
|
||||
/*
|
||||
* common denominator interface name guess. Something like "eth0",
|
||||
* "foo0", "longname0", "name0.1", "name0:1". This is mostly intended
|
||||
* for Linux and BSD, even though it probably matches some Cisco
|
||||
* interfaces too.
|
||||
*/
|
||||
bool interfaceProperties::looksLikeInterface(const QString &name)
|
||||
{
|
||||
QRegExp basic_interface_name_pattern("^[a-zA-Z]+\\d{1,}(\\.\\d{1,})?(:\\d{1,})?$");
|
||||
return (basic_interface_name_pattern.indexIn(name) != -1);
|
||||
}
|
||||
|
||||
// simple name validation: does not allow space and "-"
|
||||
// However some platform permit space (procurve).
|
||||
bool interfaceProperties::basicValidateInterfaceName(Interface *,
|
||||
|
||||
@ -76,6 +76,8 @@ public:
|
||||
}
|
||||
}
|
||||
|
||||
virtual bool looksLikeInterface(const QString&);
|
||||
|
||||
virtual bool parseVlan(const QString&, QString*, int*);
|
||||
virtual bool isValidVlanInterfaceName(const QString &,
|
||||
const QString &,
|
||||
|
||||
@ -47,6 +47,7 @@ public:
|
||||
INTERFACE_NETWORK,
|
||||
INTERFACE_BROADCAST,
|
||||
INTERFACE_CONFIGURATION,
|
||||
INTERFACE_OR_HOST_NAME,
|
||||
TABLE } address_type;
|
||||
|
||||
address_type at;
|
||||
|
||||
@ -37,6 +37,7 @@
|
||||
#include "fwbuilder/AddressRange.h"
|
||||
#include "fwbuilder/AddressTable.h"
|
||||
#include "fwbuilder/AttachedNetworks.h"
|
||||
#include "fwbuilder/DNSName.h"
|
||||
#include "fwbuilder/FWObjectDatabase.h"
|
||||
#include "fwbuilder/ICMPService.h"
|
||||
#include "fwbuilder/IPService.h"
|
||||
@ -452,11 +453,30 @@ FWObject* PFImporter::makeAddressObj(AddressSpec &as)
|
||||
{
|
||||
if (as.at == AddressSpec::ANY) return NULL;
|
||||
|
||||
if (as.at == AddressSpec::INTERFACE_NAME)
|
||||
if (as.at == AddressSpec::INTERFACE_OR_HOST_NAME)
|
||||
{
|
||||
Interface *intf = getInterfaceByName(as.address);
|
||||
assert(intf!=NULL);
|
||||
return intf;
|
||||
interfaceProperties *int_prop =
|
||||
interfacePropertiesObjectFactory::getInterfacePropertiesObject(
|
||||
user_choice_host_os);
|
||||
if (int_prop->looksLikeInterface(as.address.c_str()))
|
||||
{
|
||||
Interface *intf = getInterfaceByName(as.address);
|
||||
if (intf == NULL)
|
||||
{
|
||||
// this interface was never used in "on <intf>" clause before
|
||||
newInterface(as.address);
|
||||
intf = getInterfaceByName(as.address);
|
||||
}
|
||||
return intf;
|
||||
} else
|
||||
{
|
||||
// TODO: create and return DNSName object
|
||||
ObjectSignature sig(error_tracker);
|
||||
sig.type_name = DNSName::TYPENAME;
|
||||
sig.object_name = QString::fromUtf8(as.address.c_str());
|
||||
sig.dns_name = QString::fromUtf8(as.address.c_str());
|
||||
return address_maker->createObject(sig);
|
||||
}
|
||||
}
|
||||
|
||||
if (as.at == AddressSpec::INTERFACE_NETWORK)
|
||||
|
||||
@ -50,6 +50,17 @@ public:
|
||||
PortSpec(const std::string s1, const std::string s2, const std::string s3)
|
||||
{ port1 = s1; port2 = s2; port_op = s3; }
|
||||
|
||||
void setFromPortRange(const std::string &port_range)
|
||||
{
|
||||
std::size_t n = port_range.find(':');
|
||||
if ( n != std::string::npos )
|
||||
{
|
||||
port1 = port_range.substr(0, n);
|
||||
port2 = port_range.substr(n+1);
|
||||
port_op = ":";
|
||||
}
|
||||
}
|
||||
|
||||
std::string toString()
|
||||
{ return std::string("PortSpec: ") + port_op + " " + port1 + " " + port2; }
|
||||
};
|
||||
|
||||
@ -54,13 +54,15 @@ FWObject* AddressObjectMaker::createObject(ObjectSignature &sig)
|
||||
|
||||
if (sig.type_name == AddressRange::TYPENAME)
|
||||
obj = createAddressRange(sig);
|
||||
else
|
||||
{
|
||||
if (sig.type_name == AddressTable::TYPENAME)
|
||||
obj = createAddressTable(sig);
|
||||
else
|
||||
obj = createAddress(sig);
|
||||
}
|
||||
|
||||
if (sig.type_name == AddressTable::TYPENAME)
|
||||
obj = createAddressTable(sig);
|
||||
|
||||
if (sig.type_name == DNSName::TYPENAME)
|
||||
obj = createDNSName(sig);
|
||||
|
||||
if (obj == NULL)
|
||||
obj = createAddress(sig);
|
||||
|
||||
// Now I should build new signature because actual object type has
|
||||
// only been determined in createAddress()
|
||||
@ -198,3 +200,17 @@ FWObject* AddressObjectMaker::createAddressTable(ObjectSignature &sig)
|
||||
at->setSourceName(sig.address_table_name.toStdString());
|
||||
return at;
|
||||
}
|
||||
|
||||
FWObject* AddressObjectMaker::createDNSName(ObjectSignature &sig)
|
||||
{
|
||||
FWObject *obj = findMatchingObject(sig);
|
||||
if (obj) return obj;
|
||||
|
||||
DNSName *dns_obj = DNSName::cast(
|
||||
ObjectMaker::createObject(DNSName::TYPENAME,
|
||||
sig.object_name.toUtf8().constData()));
|
||||
assert(dns_obj!=NULL);
|
||||
dns_obj->setRunTime(true);
|
||||
dns_obj->setSourceName(sig.dns_name.toStdString());
|
||||
return dns_obj;
|
||||
}
|
||||
|
||||
@ -52,6 +52,7 @@ protected:
|
||||
virtual libfwbuilder::FWObject* createAddress(ObjectSignature &sig);
|
||||
virtual libfwbuilder::FWObject* createAddressRange(ObjectSignature &sig);
|
||||
virtual libfwbuilder::FWObject* createAddressTable(ObjectSignature &sig);
|
||||
virtual libfwbuilder::FWObject* createDNSName(ObjectSignature &sig);
|
||||
|
||||
};
|
||||
|
||||
|
||||
@ -22,7 +22,6 @@ SOURCES = QStringListOperators.cpp \
|
||||
PIXImporterRun.cpp \
|
||||
PFImporter.cpp \
|
||||
PFImporterRun.cpp \
|
||||
IfconfigImporter.cpp
|
||||
|
||||
HEADERS = QStringListOperators.h \
|
||||
PreImport.h \
|
||||
@ -36,7 +35,6 @@ HEADERS = QStringListOperators.h \
|
||||
IPTImporter.h \
|
||||
PIXImporter.h \
|
||||
PFImporter.h \
|
||||
IfconfigImporter.h \
|
||||
InterfaceSpec.h \
|
||||
AddressSpec.h \
|
||||
PortSpec.h \
|
||||
|
||||
@ -44,39 +44,39 @@ PFCfgLexer::PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& st
|
||||
|
||||
void PFCfgLexer::initLiterals()
|
||||
{
|
||||
literals["vrrp"] = 83;
|
||||
literals["vrrp"] = 84;
|
||||
literals["critical"] = 119;
|
||||
literals["ospf"] = 81;
|
||||
literals["rdp"] = 75;
|
||||
literals["ospf"] = 82;
|
||||
literals["rdp"] = 76;
|
||||
literals["disable"] = 126;
|
||||
literals["return-rst"] = 55;
|
||||
literals["return-rst"] = 56;
|
||||
literals["scrub"] = 12;
|
||||
literals["source-hash"] = 45;
|
||||
literals["bitmask"] = 43;
|
||||
literals["source-hash"] = 46;
|
||||
literals["bitmask"] = 44;
|
||||
literals["ipsec"] = 109;
|
||||
literals["inet"] = 67;
|
||||
literals["inet"] = 68;
|
||||
literals["pcp"] = 111;
|
||||
literals["emergencies"] = 121;
|
||||
literals["debugging"] = 120;
|
||||
literals["hex-key"] = 46;
|
||||
literals["hex-key"] = 47;
|
||||
literals["persist"] = 16;
|
||||
literals["snp"] = 115;
|
||||
literals["timeout"] = 51;
|
||||
literals["to"] = 64;
|
||||
literals["timeout"] = 52;
|
||||
literals["to"] = 65;
|
||||
literals["flags"] = 93;
|
||||
literals["isis"] = 85;
|
||||
literals["isis"] = 86;
|
||||
literals["icmp6-type"] = 96;
|
||||
literals["const"] = 17;
|
||||
literals["return"] = 54;
|
||||
literals["return"] = 55;
|
||||
literals["pptp"] = 113;
|
||||
literals["pass"] = 35;
|
||||
literals["no"] = 33;
|
||||
literals["static-port"] = 37;
|
||||
literals["from"] = 86;
|
||||
literals["from"] = 87;
|
||||
literals["igrp"] = 108;
|
||||
literals["pim"] = 112;
|
||||
literals["tagged"] = 97;
|
||||
literals["rsvp"] = 76;
|
||||
literals["rsvp"] = 77;
|
||||
literals["route-to"] = 91;
|
||||
literals["nos"] = 110;
|
||||
literals["quit"] = 105;
|
||||
@ -86,13 +86,13 @@ void PFCfgLexer::initLiterals()
|
||||
literals["modulate"] = 100;
|
||||
literals["nat"] = 34;
|
||||
literals["range"] = 117;
|
||||
literals["urpf-failed"] = 87;
|
||||
literals["out"] = 60;
|
||||
literals["urpf-failed"] = 88;
|
||||
literals["out"] = 61;
|
||||
literals["queue"] = 10;
|
||||
literals["gre"] = 77;
|
||||
literals["gre"] = 78;
|
||||
literals["set"] = 11;
|
||||
literals["warnings"] = 125;
|
||||
literals["ah"] = 79;
|
||||
literals["ah"] = 80;
|
||||
literals["host"] = 116;
|
||||
literals["interface"] = 106;
|
||||
literals["rip"] = 114;
|
||||
@ -102,49 +102,49 @@ void PFCfgLexer::initLiterals()
|
||||
literals["file"] = 19;
|
||||
literals["network"] = 26;
|
||||
literals["synproxy"] = 101;
|
||||
literals["round-robin"] = 48;
|
||||
literals["round-robin"] = 49;
|
||||
literals["altq"] = 9;
|
||||
literals["any"] = 88;
|
||||
literals["esp"] = 78;
|
||||
literals["any"] = 89;
|
||||
literals["esp"] = 79;
|
||||
literals["alerts"] = 118;
|
||||
literals["all"] = 62;
|
||||
literals["drop"] = 53;
|
||||
literals["return-icmp"] = 57;
|
||||
literals["inet6"] = 68;
|
||||
literals["all"] = 63;
|
||||
literals["drop"] = 54;
|
||||
literals["return-icmp"] = 58;
|
||||
literals["inet6"] = 69;
|
||||
literals["inactive"] = 127;
|
||||
literals["label"] = 103;
|
||||
literals["no-route"] = 89;
|
||||
literals["udp"] = 74;
|
||||
literals["no-route"] = 90;
|
||||
literals["udp"] = 75;
|
||||
literals["reply-to"] = 92;
|
||||
literals["tag"] = 98;
|
||||
literals["port"] = 41;
|
||||
literals["code"] = 95;
|
||||
literals["ip"] = 70;
|
||||
literals["ip"] = 71;
|
||||
literals["table"] = 13;
|
||||
literals["eigrp"] = 80;
|
||||
literals["eigrp"] = 81;
|
||||
literals["errors"] = 122;
|
||||
literals["sticky-address"] = 49;
|
||||
literals["ipip"] = 82;
|
||||
literals["sticky-address"] = 50;
|
||||
literals["ipip"] = 83;
|
||||
literals["antispoof"] = 8;
|
||||
literals["random"] = 44;
|
||||
literals["binat"] = 50;
|
||||
literals["igmp"] = 72;
|
||||
literals["on"] = 66;
|
||||
literals["random"] = 45;
|
||||
literals["binat"] = 51;
|
||||
literals["igmp"] = 73;
|
||||
literals["on"] = 67;
|
||||
literals["state"] = 102;
|
||||
literals["string-key"] = 47;
|
||||
literals["log"] = 61;
|
||||
literals["proto"] = 69;
|
||||
literals["string-key"] = 48;
|
||||
literals["log"] = 62;
|
||||
literals["proto"] = 70;
|
||||
literals["rdr"] = 38;
|
||||
literals["informational"] = 123;
|
||||
literals["self"] = 30;
|
||||
literals["in"] = 59;
|
||||
literals["in"] = 60;
|
||||
literals["keep"] = 99;
|
||||
literals["block"] = 52;
|
||||
literals["l2tp"] = 84;
|
||||
literals["quick"] = 65;
|
||||
literals["user"] = 63;
|
||||
literals["icmp"] = 71;
|
||||
literals["tcp"] = 73;
|
||||
literals["block"] = 53;
|
||||
literals["l2tp"] = 85;
|
||||
literals["quick"] = 66;
|
||||
literals["user"] = 64;
|
||||
literals["icmp"] = 72;
|
||||
literals["tcp"] = 74;
|
||||
}
|
||||
|
||||
ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken()
|
||||
@ -488,7 +488,7 @@ void PFCfgLexer::mNEWLINE(bool _createToken) {
|
||||
|
||||
}
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1370 "pf.g"
|
||||
#line 1403 "pf.g"
|
||||
newline();
|
||||
#line 494 "PFCfgLexer.cpp"
|
||||
}
|
||||
@ -569,7 +569,7 @@ void PFCfgLexer::mWhitespace(bool _createToken) {
|
||||
}
|
||||
}
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1365 "pf.g"
|
||||
#line 1398 "pf.g"
|
||||
_ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP;
|
||||
#line 575 "PFCfgLexer.cpp"
|
||||
}
|
||||
@ -651,8 +651,48 @@ void PFCfgLexer::mHEX_DIGIT(bool _createToken) {
|
||||
_ttype = HEX_DIGIT;
|
||||
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
|
||||
|
||||
matchRange('0','9');
|
||||
matchRange('a','f');
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case 0x30 /* '0' */ :
|
||||
case 0x31 /* '1' */ :
|
||||
case 0x32 /* '2' */ :
|
||||
case 0x33 /* '3' */ :
|
||||
case 0x34 /* '4' */ :
|
||||
case 0x35 /* '5' */ :
|
||||
case 0x36 /* '6' */ :
|
||||
case 0x37 /* '7' */ :
|
||||
case 0x38 /* '8' */ :
|
||||
case 0x39 /* '9' */ :
|
||||
{
|
||||
matchRange('0','9');
|
||||
break;
|
||||
}
|
||||
case 0x61 /* 'a' */ :
|
||||
case 0x62 /* 'b' */ :
|
||||
case 0x63 /* 'c' */ :
|
||||
case 0x64 /* 'd' */ :
|
||||
case 0x65 /* 'e' */ :
|
||||
case 0x66 /* 'f' */ :
|
||||
{
|
||||
matchRange('a','f');
|
||||
break;
|
||||
}
|
||||
case 0x41 /* 'A' */ :
|
||||
case 0x42 /* 'B' */ :
|
||||
case 0x43 /* 'C' */ :
|
||||
case 0x44 /* 'D' */ :
|
||||
case 0x45 /* 'E' */ :
|
||||
case 0x46 /* 'F' */ :
|
||||
{
|
||||
matchRange('A','F');
|
||||
break;
|
||||
}
|
||||
default:
|
||||
{
|
||||
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
|
||||
}
|
||||
}
|
||||
}
|
||||
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
|
||||
_token = makeToken(_ttype);
|
||||
_token->setText(text.substr(_begin, text.length()-_begin));
|
||||
@ -716,17 +756,17 @@ void PFCfgLexer::mNUM_HEX_4DIGIT(bool _createToken) {
|
||||
|
||||
mHEX_DIGIT(false);
|
||||
{
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
if ((_tokenSet_2.member(LA(1)))) {
|
||||
{
|
||||
mHEX_DIGIT(false);
|
||||
}
|
||||
{
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
if ((_tokenSet_2.member(LA(1)))) {
|
||||
{
|
||||
mHEX_DIGIT(false);
|
||||
}
|
||||
{
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
if ((_tokenSet_2.member(LA(1)))) {
|
||||
mHEX_DIGIT(false);
|
||||
}
|
||||
else {
|
||||
@ -756,146 +796,76 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
|
||||
_ttype = NUMBER_ADDRESS_OR_WORD;
|
||||
ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
|
||||
|
||||
bool synPredMatched227 = false;
|
||||
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) {
|
||||
int _m227 = mark();
|
||||
synPredMatched227 = true;
|
||||
bool synPredMatched240 = false;
|
||||
if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (_tokenSet_3.member(LA(3))))) {
|
||||
int _m240 = mark();
|
||||
synPredMatched240 = true;
|
||||
inputState->guessing++;
|
||||
try {
|
||||
{
|
||||
mNUM_3DIGIT(false);
|
||||
match('.' /* charlit */ );
|
||||
mNUM_3DIGIT(false);
|
||||
match('.' /* charlit */ );
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
match(':' /* charlit */ );
|
||||
}
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
|
||||
synPredMatched227 = false;
|
||||
synPredMatched240 = false;
|
||||
}
|
||||
rewind(_m227);
|
||||
rewind(_m240);
|
||||
inputState->guessing--;
|
||||
}
|
||||
if ( synPredMatched227 ) {
|
||||
if ( synPredMatched240 ) {
|
||||
{
|
||||
mNUM_3DIGIT(false);
|
||||
match('.' /* charlit */ );
|
||||
mNUM_3DIGIT(false);
|
||||
match('.' /* charlit */ );
|
||||
mNUM_3DIGIT(false);
|
||||
match('.' /* charlit */ );
|
||||
mNUM_3DIGIT(false);
|
||||
}
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1407 "pf.g"
|
||||
_ttype = IPV4;
|
||||
#line 792 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else {
|
||||
bool synPredMatched234 = false;
|
||||
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) {
|
||||
int _m234 = mark();
|
||||
synPredMatched234 = true;
|
||||
bool synPredMatched245 = false;
|
||||
if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (_tokenSet_3.member(LA(3))))) {
|
||||
int _m245 = mark();
|
||||
synPredMatched245 = true;
|
||||
inputState->guessing++;
|
||||
try {
|
||||
{
|
||||
{ // ( ... )+
|
||||
int _cnt231=0;
|
||||
int _cnt244=0;
|
||||
for (;;) {
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
mDIGIT(false);
|
||||
if ((_tokenSet_2.member(LA(1)))) {
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
match(':' /* charlit */ );
|
||||
}
|
||||
else {
|
||||
if ( _cnt231>=1 ) { goto _loop231; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
if ( _cnt244>=1 ) { goto _loop244; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt231++;
|
||||
_cnt244++;
|
||||
}
|
||||
_loop231:;
|
||||
} // ( ... )+
|
||||
match('.' /* charlit */ );
|
||||
{ // ( ... )+
|
||||
int _cnt233=0;
|
||||
for (;;) {
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
mDIGIT(false);
|
||||
}
|
||||
else {
|
||||
if ( _cnt233>=1 ) { goto _loop233; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt233++;
|
||||
}
|
||||
_loop233:;
|
||||
_loop244:;
|
||||
} // ( ... )+
|
||||
match(':' /* charlit */ );
|
||||
}
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
|
||||
synPredMatched234 = false;
|
||||
synPredMatched245 = false;
|
||||
}
|
||||
rewind(_m234);
|
||||
rewind(_m245);
|
||||
inputState->guessing--;
|
||||
}
|
||||
if ( synPredMatched234 ) {
|
||||
if ( synPredMatched245 ) {
|
||||
{
|
||||
{ // ( ... )+
|
||||
int _cnt237=0;
|
||||
int _cnt248=0;
|
||||
for (;;) {
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
mDIGIT(false);
|
||||
}
|
||||
else {
|
||||
if ( _cnt237>=1 ) { goto _loop237; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt237++;
|
||||
}
|
||||
_loop237:;
|
||||
} // ( ... )+
|
||||
match('.' /* charlit */ );
|
||||
{ // ( ... )+
|
||||
int _cnt239=0;
|
||||
for (;;) {
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
mDIGIT(false);
|
||||
}
|
||||
else {
|
||||
if ( _cnt239>=1 ) { goto _loop239; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt239++;
|
||||
}
|
||||
_loop239:;
|
||||
} // ( ... )+
|
||||
}
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1410 "pf.g"
|
||||
_ttype = NUMBER;
|
||||
#line 875 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else {
|
||||
bool synPredMatched258 = false;
|
||||
if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x39 /* '9' */ )))) {
|
||||
int _m258 = mark();
|
||||
synPredMatched258 = true;
|
||||
inputState->guessing++;
|
||||
try {
|
||||
{
|
||||
match(':' /* charlit */ );
|
||||
match(':' /* charlit */ );
|
||||
if ((_tokenSet_2.member(LA(1)))) {
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
}
|
||||
match(':' /* charlit */ );
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
|
||||
synPredMatched258 = false;
|
||||
else {
|
||||
if ( _cnt248>=1 ) { goto _loop248; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
rewind(_m258);
|
||||
inputState->guessing--;
|
||||
|
||||
_cnt248++;
|
||||
}
|
||||
if ( synPredMatched258 ) {
|
||||
match(':' /* charlit */ );
|
||||
match(':' /* charlit */ );
|
||||
_loop248:;
|
||||
} // ( ... )+
|
||||
match(':' /* charlit */ );
|
||||
{
|
||||
if ((_tokenSet_2.member(LA(1)))) {
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
{ // ( ... )*
|
||||
for (;;) {
|
||||
@ -904,311 +874,367 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
}
|
||||
else {
|
||||
goto _loop260;
|
||||
goto _loop251;
|
||||
}
|
||||
|
||||
}
|
||||
_loop260:;
|
||||
_loop251:;
|
||||
} // ( ... )*
|
||||
}
|
||||
else {
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1451 "pf.g"
|
||||
_ttype = IPV6;
|
||||
#line 893 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else if ((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (_tokenSet_3.member(LA(3)))) {
|
||||
{
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
{ // ( ... )+
|
||||
int _cnt254=0;
|
||||
for (;;) {
|
||||
if ((LA(1) == 0x3a /* ':' */ )) {
|
||||
match(':' /* charlit */ );
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
}
|
||||
else {
|
||||
if ( _cnt254>=1 ) { goto _loop254; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt254++;
|
||||
}
|
||||
_loop254:;
|
||||
} // ( ... )+
|
||||
}
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1453 "pf.g"
|
||||
_ttype = IPV6;
|
||||
#line 918 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else {
|
||||
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
else {
|
||||
bool synPredMatched256 = false;
|
||||
if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (_tokenSet_2.member(LA(3))))) {
|
||||
int _m256 = mark();
|
||||
synPredMatched256 = true;
|
||||
inputState->guessing++;
|
||||
try {
|
||||
{
|
||||
match(':' /* charlit */ );
|
||||
match(':' /* charlit */ );
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
}
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
|
||||
synPredMatched256 = false;
|
||||
}
|
||||
rewind(_m256);
|
||||
inputState->guessing--;
|
||||
}
|
||||
if ( synPredMatched256 ) {
|
||||
match(':' /* charlit */ );
|
||||
match(':' /* charlit */ );
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
{ // ( ... )*
|
||||
for (;;) {
|
||||
if ((LA(1) == 0x3a /* ':' */ )) {
|
||||
match(':' /* charlit */ );
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
}
|
||||
else {
|
||||
goto _loop258;
|
||||
}
|
||||
|
||||
}
|
||||
_loop258:;
|
||||
} // ( ... )*
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1457 "pf.g"
|
||||
_ttype = IPV6;
|
||||
#line 966 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else {
|
||||
bool synPredMatched260 = false;
|
||||
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) {
|
||||
int _m260 = mark();
|
||||
synPredMatched260 = true;
|
||||
inputState->guessing++;
|
||||
try {
|
||||
{
|
||||
mNUM_3DIGIT(false);
|
||||
match('.' /* charlit */ );
|
||||
mNUM_3DIGIT(false);
|
||||
match('.' /* charlit */ );
|
||||
}
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
|
||||
synPredMatched260 = false;
|
||||
}
|
||||
rewind(_m260);
|
||||
inputState->guessing--;
|
||||
}
|
||||
if ( synPredMatched260 ) {
|
||||
{
|
||||
mNUM_3DIGIT(false);
|
||||
match('.' /* charlit */ );
|
||||
mNUM_3DIGIT(false);
|
||||
match('.' /* charlit */ );
|
||||
mNUM_3DIGIT(false);
|
||||
match('.' /* charlit */ );
|
||||
mNUM_3DIGIT(false);
|
||||
}
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1433 "pf.g"
|
||||
_ttype = IPV6;
|
||||
#line 917 "PFCfgLexer.cpp"
|
||||
#line 1475 "pf.g"
|
||||
_ttype = IPV4;
|
||||
#line 1002 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else {
|
||||
bool synPredMatched243 = false;
|
||||
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )))) {
|
||||
int _m243 = mark();
|
||||
synPredMatched243 = true;
|
||||
bool synPredMatched267 = false;
|
||||
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_4.member(LA(2))) && (_tokenSet_4.member(LA(3))))) {
|
||||
int _m267 = mark();
|
||||
synPredMatched267 = true;
|
||||
inputState->guessing++;
|
||||
try {
|
||||
{
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
match(':' /* charlit */ );
|
||||
{ // ( ... )+
|
||||
int _cnt264=0;
|
||||
for (;;) {
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
mDIGIT(false);
|
||||
}
|
||||
else {
|
||||
if ( _cnt264>=1 ) { goto _loop264; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt264++;
|
||||
}
|
||||
_loop264:;
|
||||
} // ( ... )+
|
||||
match('.' /* charlit */ );
|
||||
{ // ( ... )+
|
||||
int _cnt266=0;
|
||||
for (;;) {
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
mDIGIT(false);
|
||||
}
|
||||
else {
|
||||
if ( _cnt266>=1 ) { goto _loop266; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt266++;
|
||||
}
|
||||
_loop266:;
|
||||
} // ( ... )+
|
||||
}
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
|
||||
synPredMatched243 = false;
|
||||
synPredMatched267 = false;
|
||||
}
|
||||
rewind(_m243);
|
||||
rewind(_m267);
|
||||
inputState->guessing--;
|
||||
}
|
||||
if ( synPredMatched243 ) {
|
||||
if ( synPredMatched267 ) {
|
||||
{
|
||||
bool synPredMatched248 = false;
|
||||
if ((((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ )))) {
|
||||
int _m248 = mark();
|
||||
synPredMatched248 = true;
|
||||
inputState->guessing++;
|
||||
try {
|
||||
{
|
||||
{ // ( ... )+
|
||||
int _cnt247=0;
|
||||
for (;;) {
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
match(':' /* charlit */ );
|
||||
}
|
||||
else {
|
||||
if ( _cnt247>=1 ) { goto _loop247; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt247++;
|
||||
}
|
||||
_loop247:;
|
||||
} // ( ... )+
|
||||
match(':' /* charlit */ );
|
||||
}
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
|
||||
synPredMatched248 = false;
|
||||
}
|
||||
rewind(_m248);
|
||||
inputState->guessing--;
|
||||
}
|
||||
if ( synPredMatched248 ) {
|
||||
{
|
||||
{ // ( ... )+
|
||||
int _cnt251=0;
|
||||
for (;;) {
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
match(':' /* charlit */ );
|
||||
}
|
||||
else {
|
||||
if ( _cnt251>=1 ) { goto _loop251; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt251++;
|
||||
}
|
||||
_loop251:;
|
||||
} // ( ... )+
|
||||
match(':' /* charlit */ );
|
||||
{
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
{ // ( ... )*
|
||||
for (;;) {
|
||||
if ((LA(1) == 0x3a /* ':' */ )) {
|
||||
match(':' /* charlit */ );
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
}
|
||||
else {
|
||||
goto _loop254;
|
||||
}
|
||||
|
||||
}
|
||||
_loop254:;
|
||||
} // ( ... )*
|
||||
}
|
||||
else {
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1424 "pf.g"
|
||||
_ttype = IPV6;
|
||||
#line 1014 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */ && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */ && LA(3) <= 0x3a /* ':' */ ))) {
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
{ // ( ... )+
|
||||
int _cnt256=0;
|
||||
for (;;) {
|
||||
if ((LA(1) == 0x3a /* ':' */ )) {
|
||||
match(':' /* charlit */ );
|
||||
mNUM_HEX_4DIGIT(false);
|
||||
}
|
||||
else {
|
||||
if ( _cnt256>=1 ) { goto _loop256; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt256++;
|
||||
}
|
||||
_loop256:;
|
||||
} // ( ... )+
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1427 "pf.g"
|
||||
_ttype = IPV6;
|
||||
#line 1037 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else {
|
||||
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
|
||||
}
|
||||
|
||||
}
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1429 "pf.g"
|
||||
_ttype = IPV6;
|
||||
#line 1048 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else if ((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (true)) {
|
||||
match(':' /* charlit */ );
|
||||
match(':' /* charlit */ );
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1436 "pf.g"
|
||||
_ttype = IPV6;
|
||||
#line 1057 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) {
|
||||
{ // ( ... )+
|
||||
int _cnt241=0;
|
||||
int _cnt270=0;
|
||||
for (;;) {
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
mDIGIT(false);
|
||||
}
|
||||
else {
|
||||
if ( _cnt241>=1 ) { goto _loop241; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
if ( _cnt270>=1 ) { goto _loop270; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt241++;
|
||||
_cnt270++;
|
||||
}
|
||||
_loop241:;
|
||||
_loop270:;
|
||||
} // ( ... )+
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1415 "pf.g"
|
||||
_ttype = INT_CONST;
|
||||
#line 1078 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else if ((LA(1) == 0x3a /* ':' */ ) && (true)) {
|
||||
match(':' /* charlit */ );
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1439 "pf.g"
|
||||
_ttype = COLON;
|
||||
#line 1086 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else if ((_tokenSet_3.member(LA(1)))) {
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case 0x61 /* 'a' */ :
|
||||
case 0x62 /* 'b' */ :
|
||||
case 0x63 /* 'c' */ :
|
||||
case 0x64 /* 'd' */ :
|
||||
case 0x65 /* 'e' */ :
|
||||
case 0x66 /* 'f' */ :
|
||||
case 0x67 /* 'g' */ :
|
||||
case 0x68 /* 'h' */ :
|
||||
case 0x69 /* 'i' */ :
|
||||
case 0x6a /* 'j' */ :
|
||||
case 0x6b /* 'k' */ :
|
||||
case 0x6c /* 'l' */ :
|
||||
case 0x6d /* 'm' */ :
|
||||
case 0x6e /* 'n' */ :
|
||||
case 0x6f /* 'o' */ :
|
||||
case 0x70 /* 'p' */ :
|
||||
case 0x71 /* 'q' */ :
|
||||
case 0x72 /* 'r' */ :
|
||||
case 0x73 /* 's' */ :
|
||||
case 0x74 /* 't' */ :
|
||||
case 0x75 /* 'u' */ :
|
||||
case 0x76 /* 'v' */ :
|
||||
case 0x77 /* 'w' */ :
|
||||
case 0x78 /* 'x' */ :
|
||||
case 0x79 /* 'y' */ :
|
||||
case 0x7a /* 'z' */ :
|
||||
{
|
||||
matchRange('a','z');
|
||||
break;
|
||||
}
|
||||
case 0x41 /* 'A' */ :
|
||||
case 0x42 /* 'B' */ :
|
||||
case 0x43 /* 'C' */ :
|
||||
case 0x44 /* 'D' */ :
|
||||
case 0x45 /* 'E' */ :
|
||||
case 0x46 /* 'F' */ :
|
||||
case 0x47 /* 'G' */ :
|
||||
case 0x48 /* 'H' */ :
|
||||
case 0x49 /* 'I' */ :
|
||||
case 0x4a /* 'J' */ :
|
||||
case 0x4b /* 'K' */ :
|
||||
case 0x4c /* 'L' */ :
|
||||
case 0x4d /* 'M' */ :
|
||||
case 0x4e /* 'N' */ :
|
||||
case 0x4f /* 'O' */ :
|
||||
case 0x50 /* 'P' */ :
|
||||
case 0x51 /* 'Q' */ :
|
||||
case 0x52 /* 'R' */ :
|
||||
case 0x53 /* 'S' */ :
|
||||
case 0x54 /* 'T' */ :
|
||||
case 0x55 /* 'U' */ :
|
||||
case 0x56 /* 'V' */ :
|
||||
case 0x57 /* 'W' */ :
|
||||
case 0x58 /* 'X' */ :
|
||||
case 0x59 /* 'Y' */ :
|
||||
case 0x5a /* 'Z' */ :
|
||||
{
|
||||
matchRange('A','Z');
|
||||
break;
|
||||
}
|
||||
default:
|
||||
{
|
||||
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
|
||||
}
|
||||
}
|
||||
}
|
||||
{ // ( ... )*
|
||||
match('.' /* charlit */ );
|
||||
{ // ( ... )+
|
||||
int _cnt272=0;
|
||||
for (;;) {
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
mDIGIT(false);
|
||||
}
|
||||
else {
|
||||
if ( _cnt272>=1 ) { goto _loop272; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt272++;
|
||||
}
|
||||
_loop272:;
|
||||
} // ( ... )+
|
||||
}
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1478 "pf.g"
|
||||
_ttype = NUMBER;
|
||||
#line 1085 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else {
|
||||
bool synPredMatched230 = false;
|
||||
if (((_tokenSet_2.member(LA(1))) && (_tokenSet_3.member(LA(2))) && (true))) {
|
||||
int _m230 = mark();
|
||||
synPredMatched230 = true;
|
||||
inputState->guessing++;
|
||||
try {
|
||||
{
|
||||
{ // ( ... )+
|
||||
int _cnt229=0;
|
||||
for (;;) {
|
||||
if ((_tokenSet_2.member(LA(1)))) {
|
||||
mHEX_DIGIT(false);
|
||||
}
|
||||
else {
|
||||
if ( _cnt229>=1 ) { goto _loop229; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt229++;
|
||||
}
|
||||
_loop229:;
|
||||
} // ( ... )+
|
||||
match(':' /* charlit */ );
|
||||
}
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
|
||||
synPredMatched230 = false;
|
||||
}
|
||||
rewind(_m230);
|
||||
inputState->guessing--;
|
||||
}
|
||||
if ( synPredMatched230 ) {
|
||||
{
|
||||
{
|
||||
{ // ( ... )+
|
||||
int _cnt234=0;
|
||||
for (;;) {
|
||||
if ((_tokenSet_2.member(LA(1)))) {
|
||||
mHEX_DIGIT(false);
|
||||
}
|
||||
else {
|
||||
if ( _cnt234>=1 ) { goto _loop234; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt234++;
|
||||
}
|
||||
_loop234:;
|
||||
} // ( ... )+
|
||||
{ // ( ... )+
|
||||
int _cnt238=0;
|
||||
for (;;) {
|
||||
if ((LA(1) == 0x3a /* ':' */ )) {
|
||||
match(':' /* charlit */ );
|
||||
{ // ( ... )*
|
||||
for (;;) {
|
||||
if ((_tokenSet_2.member(LA(1)))) {
|
||||
mHEX_DIGIT(false);
|
||||
}
|
||||
else {
|
||||
goto _loop237;
|
||||
}
|
||||
|
||||
}
|
||||
_loop237:;
|
||||
} // ( ... )*
|
||||
}
|
||||
else {
|
||||
if ( _cnt238>=1 ) { goto _loop238; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt238++;
|
||||
}
|
||||
_loop238:;
|
||||
} // ( ... )+
|
||||
}
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1442 "pf.g"
|
||||
_ttype = IPV6;
|
||||
#line 1166 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
}
|
||||
else if ((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (true)) {
|
||||
match(':' /* charlit */ );
|
||||
match(':' /* charlit */ );
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1459 "pf.g"
|
||||
_ttype = IPV6;
|
||||
#line 1176 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else if ((LA(1) == 0x3a /* ':' */ ) && (true)) {
|
||||
match(':' /* charlit */ );
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1461 "pf.g"
|
||||
_ttype = COLON;
|
||||
#line 1184 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) {
|
||||
{ // ( ... )+
|
||||
int _cnt274=0;
|
||||
for (;;) {
|
||||
if (((LA(1) >= 0x30 /* '0' */ && LA(1) <= 0x39 /* '9' */ ))) {
|
||||
mDIGIT(false);
|
||||
}
|
||||
else {
|
||||
if ( _cnt274>=1 ) { goto _loop274; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
|
||||
}
|
||||
|
||||
_cnt274++;
|
||||
}
|
||||
_loop274:;
|
||||
} // ( ... )+
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1480 "pf.g"
|
||||
_ttype = INT_CONST;
|
||||
#line 1205 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else if ((_tokenSet_5.member(LA(1))) && (true) && (true)) {
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case 0x22 /* '\"' */ :
|
||||
case 0x61 /* 'a' */ :
|
||||
case 0x62 /* 'b' */ :
|
||||
case 0x63 /* 'c' */ :
|
||||
case 0x64 /* 'd' */ :
|
||||
case 0x65 /* 'e' */ :
|
||||
case 0x66 /* 'f' */ :
|
||||
case 0x67 /* 'g' */ :
|
||||
case 0x68 /* 'h' */ :
|
||||
case 0x69 /* 'i' */ :
|
||||
case 0x6a /* 'j' */ :
|
||||
case 0x6b /* 'k' */ :
|
||||
case 0x6c /* 'l' */ :
|
||||
case 0x6d /* 'm' */ :
|
||||
case 0x6e /* 'n' */ :
|
||||
case 0x6f /* 'o' */ :
|
||||
case 0x70 /* 'p' */ :
|
||||
case 0x71 /* 'q' */ :
|
||||
case 0x72 /* 'r' */ :
|
||||
case 0x73 /* 's' */ :
|
||||
case 0x74 /* 't' */ :
|
||||
case 0x75 /* 'u' */ :
|
||||
case 0x76 /* 'v' */ :
|
||||
case 0x77 /* 'w' */ :
|
||||
case 0x78 /* 'x' */ :
|
||||
case 0x79 /* 'y' */ :
|
||||
case 0x7a /* 'z' */ :
|
||||
{
|
||||
match('\"' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x24 /* '$' */ :
|
||||
{
|
||||
match('$' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x25 /* '%' */ :
|
||||
{
|
||||
match('%' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x26 /* '&' */ :
|
||||
{
|
||||
match('&' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x2d /* '-' */ :
|
||||
{
|
||||
match('-' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x30 /* '0' */ :
|
||||
case 0x31 /* '1' */ :
|
||||
case 0x32 /* '2' */ :
|
||||
case 0x33 /* '3' */ :
|
||||
case 0x34 /* '4' */ :
|
||||
case 0x35 /* '5' */ :
|
||||
case 0x36 /* '6' */ :
|
||||
case 0x37 /* '7' */ :
|
||||
case 0x38 /* '8' */ :
|
||||
case 0x39 /* '9' */ :
|
||||
{
|
||||
matchRange('0','9');
|
||||
break;
|
||||
}
|
||||
case 0x3b /* ';' */ :
|
||||
{
|
||||
match(';' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x3f /* '?' */ :
|
||||
{
|
||||
match('?' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x40 /* '@' */ :
|
||||
{
|
||||
match('@' /* charlit */ );
|
||||
matchRange('a','z');
|
||||
break;
|
||||
}
|
||||
case 0x41 /* 'A' */ :
|
||||
@ -1241,74 +1267,172 @@ void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
|
||||
matchRange('A','Z');
|
||||
break;
|
||||
}
|
||||
case 0x5c /* '\\' */ :
|
||||
{
|
||||
match('\\' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x5e /* '^' */ :
|
||||
{
|
||||
match('^' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x5f /* '_' */ :
|
||||
{
|
||||
match('_' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x60 /* '`' */ :
|
||||
{
|
||||
match('`' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x61 /* 'a' */ :
|
||||
case 0x62 /* 'b' */ :
|
||||
case 0x63 /* 'c' */ :
|
||||
case 0x64 /* 'd' */ :
|
||||
case 0x65 /* 'e' */ :
|
||||
case 0x66 /* 'f' */ :
|
||||
case 0x67 /* 'g' */ :
|
||||
case 0x68 /* 'h' */ :
|
||||
case 0x69 /* 'i' */ :
|
||||
case 0x6a /* 'j' */ :
|
||||
case 0x6b /* 'k' */ :
|
||||
case 0x6c /* 'l' */ :
|
||||
case 0x6d /* 'm' */ :
|
||||
case 0x6e /* 'n' */ :
|
||||
case 0x6f /* 'o' */ :
|
||||
case 0x70 /* 'p' */ :
|
||||
case 0x71 /* 'q' */ :
|
||||
case 0x72 /* 'r' */ :
|
||||
case 0x73 /* 's' */ :
|
||||
case 0x74 /* 't' */ :
|
||||
case 0x75 /* 'u' */ :
|
||||
case 0x76 /* 'v' */ :
|
||||
case 0x77 /* 'w' */ :
|
||||
case 0x78 /* 'x' */ :
|
||||
case 0x79 /* 'y' */ :
|
||||
case 0x7a /* 'z' */ :
|
||||
{
|
||||
matchRange('a','z');
|
||||
break;
|
||||
}
|
||||
default:
|
||||
{
|
||||
goto _loop263;
|
||||
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
|
||||
}
|
||||
}
|
||||
}
|
||||
{ // ( ... )*
|
||||
for (;;) {
|
||||
switch ( LA(1)) {
|
||||
case 0x22 /* '\"' */ :
|
||||
{
|
||||
match('\"' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x24 /* '$' */ :
|
||||
{
|
||||
match('$' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x25 /* '%' */ :
|
||||
{
|
||||
match('%' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x26 /* '&' */ :
|
||||
{
|
||||
match('&' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x2d /* '-' */ :
|
||||
{
|
||||
match('-' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x2e /* '.' */ :
|
||||
{
|
||||
match('.' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x30 /* '0' */ :
|
||||
case 0x31 /* '1' */ :
|
||||
case 0x32 /* '2' */ :
|
||||
case 0x33 /* '3' */ :
|
||||
case 0x34 /* '4' */ :
|
||||
case 0x35 /* '5' */ :
|
||||
case 0x36 /* '6' */ :
|
||||
case 0x37 /* '7' */ :
|
||||
case 0x38 /* '8' */ :
|
||||
case 0x39 /* '9' */ :
|
||||
{
|
||||
matchRange('0','9');
|
||||
break;
|
||||
}
|
||||
case 0x3b /* ';' */ :
|
||||
{
|
||||
match(';' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x3f /* '?' */ :
|
||||
{
|
||||
match('?' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x40 /* '@' */ :
|
||||
{
|
||||
match('@' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x41 /* 'A' */ :
|
||||
case 0x42 /* 'B' */ :
|
||||
case 0x43 /* 'C' */ :
|
||||
case 0x44 /* 'D' */ :
|
||||
case 0x45 /* 'E' */ :
|
||||
case 0x46 /* 'F' */ :
|
||||
case 0x47 /* 'G' */ :
|
||||
case 0x48 /* 'H' */ :
|
||||
case 0x49 /* 'I' */ :
|
||||
case 0x4a /* 'J' */ :
|
||||
case 0x4b /* 'K' */ :
|
||||
case 0x4c /* 'L' */ :
|
||||
case 0x4d /* 'M' */ :
|
||||
case 0x4e /* 'N' */ :
|
||||
case 0x4f /* 'O' */ :
|
||||
case 0x50 /* 'P' */ :
|
||||
case 0x51 /* 'Q' */ :
|
||||
case 0x52 /* 'R' */ :
|
||||
case 0x53 /* 'S' */ :
|
||||
case 0x54 /* 'T' */ :
|
||||
case 0x55 /* 'U' */ :
|
||||
case 0x56 /* 'V' */ :
|
||||
case 0x57 /* 'W' */ :
|
||||
case 0x58 /* 'X' */ :
|
||||
case 0x59 /* 'Y' */ :
|
||||
case 0x5a /* 'Z' */ :
|
||||
{
|
||||
matchRange('A','Z');
|
||||
break;
|
||||
}
|
||||
case 0x5c /* '\\' */ :
|
||||
{
|
||||
match('\\' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x5e /* '^' */ :
|
||||
{
|
||||
match('^' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x5f /* '_' */ :
|
||||
{
|
||||
match('_' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x60 /* '`' */ :
|
||||
{
|
||||
match('`' /* charlit */ );
|
||||
break;
|
||||
}
|
||||
case 0x61 /* 'a' */ :
|
||||
case 0x62 /* 'b' */ :
|
||||
case 0x63 /* 'c' */ :
|
||||
case 0x64 /* 'd' */ :
|
||||
case 0x65 /* 'e' */ :
|
||||
case 0x66 /* 'f' */ :
|
||||
case 0x67 /* 'g' */ :
|
||||
case 0x68 /* 'h' */ :
|
||||
case 0x69 /* 'i' */ :
|
||||
case 0x6a /* 'j' */ :
|
||||
case 0x6b /* 'k' */ :
|
||||
case 0x6c /* 'l' */ :
|
||||
case 0x6d /* 'm' */ :
|
||||
case 0x6e /* 'n' */ :
|
||||
case 0x6f /* 'o' */ :
|
||||
case 0x70 /* 'p' */ :
|
||||
case 0x71 /* 'q' */ :
|
||||
case 0x72 /* 'r' */ :
|
||||
case 0x73 /* 's' */ :
|
||||
case 0x74 /* 't' */ :
|
||||
case 0x75 /* 'u' */ :
|
||||
case 0x76 /* 'v' */ :
|
||||
case 0x77 /* 'w' */ :
|
||||
case 0x78 /* 'x' */ :
|
||||
case 0x79 /* 'y' */ :
|
||||
case 0x7a /* 'z' */ :
|
||||
{
|
||||
matchRange('a','z');
|
||||
break;
|
||||
}
|
||||
default:
|
||||
{
|
||||
goto _loop277;
|
||||
}
|
||||
}
|
||||
}
|
||||
_loop277:;
|
||||
} // ( ... )*
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1493 "pf.g"
|
||||
_ttype = WORD;
|
||||
#line 1430 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
_loop263:;
|
||||
} // ( ... )*
|
||||
if ( inputState->guessing==0 ) {
|
||||
#line 1451 "pf.g"
|
||||
_ttype = WORD;
|
||||
#line 1306 "PFCfgLexer.cpp"
|
||||
}
|
||||
}
|
||||
else {
|
||||
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
|
||||
}
|
||||
}}}
|
||||
}}}}
|
||||
_ttype = testLiteralsTable(_ttype);
|
||||
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
|
||||
_token = makeToken(_ttype);
|
||||
@ -1326,15 +1450,15 @@ void PFCfgLexer::mSTRING(bool _createToken) {
|
||||
match('\"' /* charlit */ );
|
||||
{ // ( ... )*
|
||||
for (;;) {
|
||||
if ((_tokenSet_4.member(LA(1)))) {
|
||||
if ((_tokenSet_6.member(LA(1)))) {
|
||||
matchNot('\"' /* charlit */ );
|
||||
}
|
||||
else {
|
||||
goto _loop266;
|
||||
goto _loop280;
|
||||
}
|
||||
|
||||
}
|
||||
_loop266:;
|
||||
_loop280:;
|
||||
} // ( ... )*
|
||||
match('\"' /* charlit */ );
|
||||
if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
|
||||
@ -1753,14 +1877,20 @@ const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295
|
||||
// 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91
|
||||
// 0x92 0x93 0x94 0x95 0x96 0x97 0x98
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_1(_tokenSet_1_data_,16);
|
||||
const unsigned long PFCfgLexer::_tokenSet_2_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// . 0 1 2 3 4 5 6 7 8 9
|
||||
const unsigned long PFCfgLexer::_tokenSet_2_data_[] = { 0UL, 67043328UL, 126UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// 0 1 2 3 4 5 6 7 8 9 A B C D E F a b c d e f
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_2(_tokenSet_2_data_,10);
|
||||
const unsigned long PFCfgLexer::_tokenSet_3_data_[] = { 0UL, 0UL, 134217726UL, 134217726UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgLexer::_tokenSet_3_data_[] = { 0UL, 134152192UL, 126UL, 126UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// 0 1 2 3 4 5 6 7 8 9 : A B C D E F a b c d e f
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_3(_tokenSet_3_data_,10);
|
||||
const unsigned long PFCfgLexer::_tokenSet_4_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// . 0 1 2 3 4 5 6 7 8 9
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_4(_tokenSet_4_data_,10);
|
||||
const unsigned long PFCfgLexer::_tokenSet_5_data_[] = { 0UL, 0UL, 134217726UL, 134217726UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h
|
||||
// i j k l m n o p q r s t u v w x y z
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_3(_tokenSet_3_data_,10);
|
||||
const unsigned long PFCfgLexer::_tokenSet_4_data_[] = { 4294967288UL, 4294967291UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_5(_tokenSet_5_data_,10);
|
||||
const unsigned long PFCfgLexer::_tokenSet_6_data_[] = { 4294967288UL, 4294967291UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x10 0x11 0x12 0x13
|
||||
// 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f ! # $
|
||||
// % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F
|
||||
@ -1768,5 +1898,5 @@ const unsigned long PFCfgLexer::_tokenSet_4_data_[] = { 4294967288UL, 4294967291
|
||||
// h i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83
|
||||
// 0x84 0x85 0x86 0x87 0x88 0x89 0x8a 0x8b 0x8c 0x8d 0x8e 0x8f 0x90 0x91
|
||||
// 0x92 0x93 0x94 0x95 0x96 0x97 0x98
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_4(_tokenSet_4_data_,16);
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_6(_tokenSet_6_data_,16);
|
||||
|
||||
|
||||
@ -102,6 +102,10 @@ private:
|
||||
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_3;
|
||||
static const unsigned long _tokenSet_4_data_[];
|
||||
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_4;
|
||||
static const unsigned long _tokenSet_5_data_[];
|
||||
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_5;
|
||||
static const unsigned long _tokenSet_6_data_[];
|
||||
static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_6;
|
||||
};
|
||||
|
||||
#endif /*INC_PFCfgLexer_hpp_*/
|
||||
|
||||
@ -435,7 +435,7 @@ void PFCfgParser::no_nat_rule() {
|
||||
|
||||
try { // for error handling
|
||||
match(NO);
|
||||
#line 317 "pf.g"
|
||||
#line 318 "pf.g"
|
||||
|
||||
importer->clear();
|
||||
importer->setCurrentLineNumber(LT(0)->getLine());
|
||||
@ -474,7 +474,7 @@ void PFCfgParser::nat_rule() {
|
||||
|
||||
try { // for error handling
|
||||
match(NAT);
|
||||
#line 334 "pf.g"
|
||||
#line 335 "pf.g"
|
||||
|
||||
if ( importer->action != "nonat" )
|
||||
{
|
||||
@ -491,7 +491,7 @@ void PFCfgParser::nat_rule() {
|
||||
case PASS:
|
||||
{
|
||||
match(PASS);
|
||||
#line 346 "pf.g"
|
||||
#line 347 "pf.g"
|
||||
|
||||
importer->error_tracker->registerError(
|
||||
QString("import of 'nat pass' commands is not supported."));
|
||||
@ -651,7 +651,7 @@ void PFCfgParser::nat_rule() {
|
||||
case TAG:
|
||||
{
|
||||
tag_clause();
|
||||
#line 359 "pf.g"
|
||||
#line 360 "pf.g"
|
||||
|
||||
importer->error_tracker->registerError(
|
||||
QString("import of 'nat ... tag' commands is not supported."));
|
||||
@ -696,7 +696,7 @@ void PFCfgParser::nat_rule() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 367 "pf.g"
|
||||
#line 368 "pf.g"
|
||||
|
||||
importer->nat_group = importer->tmp_group;
|
||||
|
||||
@ -706,7 +706,7 @@ void PFCfgParser::nat_rule() {
|
||||
case PORT:
|
||||
{
|
||||
portspec();
|
||||
#line 372 "pf.g"
|
||||
#line 373 "pf.g"
|
||||
|
||||
importer->nat_port_group = importer->tmp_port_group;
|
||||
|
||||
@ -754,7 +754,7 @@ void PFCfgParser::nat_rule() {
|
||||
case STATIC_PORT:
|
||||
{
|
||||
match(STATIC_PORT);
|
||||
#line 378 "pf.g"
|
||||
#line 379 "pf.g"
|
||||
importer->nat_rule_opt_2 = "static-port";
|
||||
#line 760 "PFCfgParser.cpp"
|
||||
break;
|
||||
@ -781,7 +781,7 @@ void PFCfgParser::nat_rule() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 381 "pf.g"
|
||||
#line 382 "pf.g"
|
||||
|
||||
importer->pushRule();
|
||||
|
||||
@ -799,7 +799,7 @@ void PFCfgParser::rdr_rule() {
|
||||
|
||||
try { // for error handling
|
||||
match(RDR);
|
||||
#line 390 "pf.g"
|
||||
#line 391 "pf.g"
|
||||
|
||||
if ( importer->action != "nonat" )
|
||||
{
|
||||
@ -816,7 +816,7 @@ void PFCfgParser::rdr_rule() {
|
||||
case PASS:
|
||||
{
|
||||
match(PASS);
|
||||
#line 402 "pf.g"
|
||||
#line 403 "pf.g"
|
||||
|
||||
importer->error_tracker->registerError(
|
||||
QString("import of 'nat pass' commands is not supported."));
|
||||
@ -976,7 +976,7 @@ void PFCfgParser::rdr_rule() {
|
||||
case TAG:
|
||||
{
|
||||
tag_clause();
|
||||
#line 415 "pf.g"
|
||||
#line 416 "pf.g"
|
||||
|
||||
importer->error_tracker->registerError(
|
||||
QString("import of 'nat ... tag' commands is not supported."));
|
||||
@ -1021,7 +1021,7 @@ void PFCfgParser::rdr_rule() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 423 "pf.g"
|
||||
#line 424 "pf.g"
|
||||
|
||||
importer->nat_group = importer->tmp_group;
|
||||
|
||||
@ -1031,7 +1031,7 @@ void PFCfgParser::rdr_rule() {
|
||||
case PORT:
|
||||
{
|
||||
portspec();
|
||||
#line 428 "pf.g"
|
||||
#line 429 "pf.g"
|
||||
|
||||
importer->nat_port_group = importer->tmp_port_group;
|
||||
|
||||
@ -1084,7 +1084,7 @@ void PFCfgParser::rdr_rule() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 434 "pf.g"
|
||||
#line 435 "pf.g"
|
||||
|
||||
importer->pushRule();
|
||||
|
||||
@ -1102,7 +1102,7 @@ void PFCfgParser::binat_rule() {
|
||||
|
||||
try { // for error handling
|
||||
match(BINAT);
|
||||
#line 562 "pf.g"
|
||||
#line 565 "pf.g"
|
||||
|
||||
importer->clear();
|
||||
importer->setCurrentLineNumber(LT(0)->getLine());
|
||||
@ -1123,7 +1123,7 @@ void PFCfgParser::pass_rule() {
|
||||
|
||||
try { // for error handling
|
||||
match(PASS);
|
||||
#line 596 "pf.g"
|
||||
#line 599 "pf.g"
|
||||
|
||||
importer->clear();
|
||||
importer->setCurrentLineNumber(LT(0)->getLine());
|
||||
@ -1133,7 +1133,7 @@ void PFCfgParser::pass_rule() {
|
||||
|
||||
#line 1135 "PFCfgParser.cpp"
|
||||
rule_extended();
|
||||
#line 604 "pf.g"
|
||||
#line 607 "pf.g"
|
||||
|
||||
importer->pushRule();
|
||||
|
||||
@ -1151,7 +1151,7 @@ void PFCfgParser::block_rule() {
|
||||
|
||||
try { // for error handling
|
||||
match(BLOCK);
|
||||
#line 611 "pf.g"
|
||||
#line 614 "pf.g"
|
||||
|
||||
importer->clear();
|
||||
importer->setCurrentLineNumber(LT(0)->getLine());
|
||||
@ -1207,7 +1207,7 @@ void PFCfgParser::block_rule() {
|
||||
}
|
||||
}
|
||||
rule_extended();
|
||||
#line 620 "pf.g"
|
||||
#line 623 "pf.g"
|
||||
|
||||
importer->pushRule();
|
||||
|
||||
@ -1225,7 +1225,7 @@ void PFCfgParser::timeout_rule() {
|
||||
|
||||
try { // for error handling
|
||||
match(TIMEOUT);
|
||||
#line 573 "pf.g"
|
||||
#line 576 "pf.g"
|
||||
|
||||
importer->clear();
|
||||
importer->setCurrentLineNumber(LT(0)->getLine());
|
||||
@ -1277,10 +1277,11 @@ void PFCfgParser::tableaddr_spec() {
|
||||
match(WORD);
|
||||
#line 256 "pf.g"
|
||||
|
||||
as.at = AddressSpec::INTERFACE_NAME;
|
||||
// interface name or domain/host name
|
||||
as.at = AddressSpec::INTERFACE_OR_HOST_NAME;
|
||||
as.address = LT(0)->getText();
|
||||
|
||||
#line 1284 "PFCfgParser.cpp"
|
||||
#line 1285 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case COLON:
|
||||
@ -1291,43 +1292,43 @@ void PFCfgParser::tableaddr_spec() {
|
||||
case NETWORK:
|
||||
{
|
||||
match(NETWORK);
|
||||
#line 264 "pf.g"
|
||||
#line 265 "pf.g"
|
||||
|
||||
as.at = AddressSpec::INTERFACE_NETWORK;
|
||||
|
||||
#line 1299 "PFCfgParser.cpp"
|
||||
#line 1300 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case BROADCAST:
|
||||
{
|
||||
match(BROADCAST);
|
||||
#line 269 "pf.g"
|
||||
#line 270 "pf.g"
|
||||
|
||||
as.at = AddressSpec::INTERFACE_BROADCAST;
|
||||
|
||||
#line 1309 "PFCfgParser.cpp"
|
||||
#line 1310 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case PEER:
|
||||
{
|
||||
match(PEER);
|
||||
#line 274 "pf.g"
|
||||
#line 275 "pf.g"
|
||||
|
||||
importer->error_tracker->registerError(
|
||||
QString("import of 'interface:peer' is not supported."));
|
||||
|
||||
#line 1320 "PFCfgParser.cpp"
|
||||
#line 1321 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case INT_CONST:
|
||||
{
|
||||
match(INT_CONST);
|
||||
#line 280 "pf.g"
|
||||
#line 281 "pf.g"
|
||||
|
||||
importer->error_tracker->registerError(
|
||||
QString("import of 'interface:0' is not supported."));
|
||||
|
||||
#line 1331 "PFCfgParser.cpp"
|
||||
#line 1332 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@ -1358,33 +1359,33 @@ void PFCfgParser::tableaddr_spec() {
|
||||
case SELF:
|
||||
{
|
||||
match(SELF);
|
||||
#line 288 "pf.g"
|
||||
#line 289 "pf.g"
|
||||
|
||||
as.at = AddressSpec::SPECIAL_ADDRESS;
|
||||
as.address = "self";
|
||||
|
||||
#line 1367 "PFCfgParser.cpp"
|
||||
#line 1368 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case IPV4:
|
||||
{
|
||||
match(IPV4);
|
||||
#line 294 "pf.g"
|
||||
#line 295 "pf.g"
|
||||
|
||||
as.at = AddressSpec::HOST_ADDRESS;
|
||||
as.address = LT(0)->getText();
|
||||
|
||||
#line 1378 "PFCfgParser.cpp"
|
||||
#line 1379 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case SLASH:
|
||||
{
|
||||
match(SLASH);
|
||||
#line 300 "pf.g"
|
||||
#line 301 "pf.g"
|
||||
|
||||
as.at = AddressSpec::NETWORK_ADDRESS;
|
||||
|
||||
#line 1388 "PFCfgParser.cpp"
|
||||
#line 1389 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case IPV4:
|
||||
@ -1403,11 +1404,11 @@ void PFCfgParser::tableaddr_spec() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 304 "pf.g"
|
||||
#line 305 "pf.g"
|
||||
|
||||
as.netmask = LT(0)->getText();
|
||||
|
||||
#line 1411 "PFCfgParser.cpp"
|
||||
#line 1412 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case WORD:
|
||||
@ -1433,11 +1434,11 @@ void PFCfgParser::tableaddr_spec() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 309 "pf.g"
|
||||
#line 310 "pf.g"
|
||||
|
||||
importer->tmp_group.push_back(as);
|
||||
|
||||
#line 1441 "PFCfgParser.cpp"
|
||||
#line 1442 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -1490,11 +1491,11 @@ void PFCfgParser::logging() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 686 "pf.g"
|
||||
#line 689 "pf.g"
|
||||
|
||||
importer->logging = true;
|
||||
|
||||
#line 1498 "PFCfgParser.cpp"
|
||||
#line 1499 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -1546,11 +1547,11 @@ void PFCfgParser::address_family() {
|
||||
case INET6:
|
||||
{
|
||||
match(INET6);
|
||||
#line 738 "pf.g"
|
||||
#line 741 "pf.g"
|
||||
|
||||
importer->address_family = LT(0)->getText();
|
||||
|
||||
#line 1554 "PFCfgParser.cpp"
|
||||
#line 1555 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@ -1586,14 +1587,14 @@ void PFCfgParser::hosts() {
|
||||
case ALL:
|
||||
{
|
||||
match(ALL);
|
||||
#line 781 "pf.g"
|
||||
#line 784 "pf.g"
|
||||
|
||||
importer->src_group.push_back(
|
||||
AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0"));
|
||||
importer->dst_group.push_back(
|
||||
AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0"));
|
||||
|
||||
#line 1597 "PFCfgParser.cpp"
|
||||
#line 1598 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case NEWLINE:
|
||||
@ -1697,9 +1698,9 @@ void PFCfgParser::tagged() {
|
||||
case EXLAMATION:
|
||||
{
|
||||
match(EXLAMATION);
|
||||
#line 1081 "pf.g"
|
||||
#line 1088 "pf.g"
|
||||
importer->tagged_neg = true;
|
||||
#line 1703 "PFCfgParser.cpp"
|
||||
#line 1704 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case TAGGED:
|
||||
@ -1714,11 +1715,11 @@ void PFCfgParser::tagged() {
|
||||
}
|
||||
match(TAGGED);
|
||||
match(WORD);
|
||||
#line 1083 "pf.g"
|
||||
#line 1090 "pf.g"
|
||||
|
||||
importer->tagged = LT(0)->getText();
|
||||
|
||||
#line 1722 "PFCfgParser.cpp"
|
||||
#line 1723 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -1732,11 +1733,11 @@ void PFCfgParser::tag_clause() {
|
||||
try { // for error handling
|
||||
match(TAG);
|
||||
match(WORD);
|
||||
#line 1090 "pf.g"
|
||||
#line 1097 "pf.g"
|
||||
|
||||
importer->tag = LT(0)->getText();
|
||||
|
||||
#line 1740 "PFCfgParser.cpp"
|
||||
#line 1741 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -1746,9 +1747,9 @@ void PFCfgParser::tag_clause() {
|
||||
|
||||
void PFCfgParser::redirhost() {
|
||||
Tracer traceInOut(this, "redirhost");
|
||||
#line 445 "pf.g"
|
||||
#line 446 "pf.g"
|
||||
AddressSpec as;
|
||||
#line 1752 "PFCfgParser.cpp"
|
||||
#line 1753 "PFCfgParser.cpp"
|
||||
|
||||
try { // for error handling
|
||||
{
|
||||
@ -1756,22 +1757,22 @@ void PFCfgParser::redirhost() {
|
||||
case IPV4:
|
||||
{
|
||||
match(IPV4);
|
||||
#line 448 "pf.g"
|
||||
#line 449 "pf.g"
|
||||
|
||||
as.at = AddressSpec::HOST_ADDRESS;
|
||||
as.address = LT(0)->getText();
|
||||
|
||||
#line 1765 "PFCfgParser.cpp"
|
||||
#line 1766 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case SLASH:
|
||||
{
|
||||
match(SLASH);
|
||||
#line 454 "pf.g"
|
||||
#line 455 "pf.g"
|
||||
|
||||
as.at = AddressSpec::NETWORK_ADDRESS;
|
||||
|
||||
#line 1775 "PFCfgParser.cpp"
|
||||
#line 1776 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case IPV4:
|
||||
@ -1790,11 +1791,11 @@ void PFCfgParser::redirhost() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 458 "pf.g"
|
||||
#line 459 "pf.g"
|
||||
|
||||
as.netmask = LT(0)->getText();
|
||||
|
||||
#line 1798 "PFCfgParser.cpp"
|
||||
#line 1799 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case NEWLINE:
|
||||
@ -1824,26 +1825,26 @@ void PFCfgParser::redirhost() {
|
||||
{
|
||||
match(OPENING_PAREN);
|
||||
match(WORD);
|
||||
#line 465 "pf.g"
|
||||
#line 466 "pf.g"
|
||||
|
||||
// interface name or domain/host name
|
||||
as.at = AddressSpec::INTERFACE_NAME;
|
||||
as.at = AddressSpec::INTERFACE_OR_HOST_NAME;
|
||||
as.address = LT(0)->getText();
|
||||
|
||||
#line 1834 "PFCfgParser.cpp"
|
||||
#line 1835 "PFCfgParser.cpp"
|
||||
match(CLOSING_PAREN);
|
||||
break;
|
||||
}
|
||||
case WORD:
|
||||
{
|
||||
match(WORD);
|
||||
#line 473 "pf.g"
|
||||
#line 474 "pf.g"
|
||||
|
||||
// interface name or domain/host name
|
||||
as.at = AddressSpec::INTERFACE_NAME;
|
||||
as.at = AddressSpec::INTERFACE_OR_HOST_NAME;
|
||||
as.address = LT(0)->getText();
|
||||
|
||||
#line 1847 "PFCfgParser.cpp"
|
||||
#line 1848 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@ -1852,11 +1853,11 @@ void PFCfgParser::redirhost() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 479 "pf.g"
|
||||
#line 480 "pf.g"
|
||||
|
||||
importer->tmp_group.push_back(as);
|
||||
|
||||
#line 1860 "PFCfgParser.cpp"
|
||||
#line 1861 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -1911,45 +1912,52 @@ void PFCfgParser::redirhost_list() {
|
||||
|
||||
void PFCfgParser::portspec() {
|
||||
Tracer traceInOut(this, "portspec");
|
||||
#line 504 "pf.g"
|
||||
#line 505 "pf.g"
|
||||
PortSpec ps;
|
||||
#line 1917 "PFCfgParser.cpp"
|
||||
#line 1918 "PFCfgParser.cpp"
|
||||
|
||||
try { // for error handling
|
||||
match(PORT);
|
||||
port_def();
|
||||
#line 507 "pf.g"
|
||||
|
||||
ps.port1 = importer->tmp_port_def;
|
||||
ps.port2 = ps.port1;
|
||||
ps.port_op = "=";
|
||||
|
||||
#line 1928 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case COLON:
|
||||
case WORD:
|
||||
case INT_CONST:
|
||||
{
|
||||
match(COLON);
|
||||
#line 513 "pf.g"
|
||||
ps.port_op = ":";
|
||||
#line 1936 "PFCfgParser.cpp"
|
||||
port_def();
|
||||
#line 509 "pf.g"
|
||||
|
||||
ps.port1 = importer->tmp_port_def;
|
||||
ps.port2 = ps.port1;
|
||||
ps.port_op = "=";
|
||||
|
||||
#line 1934 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case IPV6:
|
||||
{
|
||||
match(IPV6);
|
||||
#line 516 "pf.g"
|
||||
|
||||
ps.setFromPortRange(LT(0)->getText());
|
||||
|
||||
#line 1944 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case STAR:
|
||||
{
|
||||
match(STAR);
|
||||
#line 515 "pf.g"
|
||||
#line 520 "pf.g"
|
||||
ps.port2 = "65535";
|
||||
#line 1944 "PFCfgParser.cpp"
|
||||
#line 1952 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case WORD:
|
||||
case INT_CONST:
|
||||
case NEWLINE:
|
||||
case STATIC_PORT:
|
||||
case BITMASK:
|
||||
case RANDOM:
|
||||
case SOURCE_HASH:
|
||||
case ROUND_ROBIN:
|
||||
{
|
||||
port_def();
|
||||
#line 517 "pf.g"
|
||||
ps.port2 = importer->tmp_port_def;
|
||||
#line 1953 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@ -1960,26 +1968,17 @@ void PFCfgParser::portspec() {
|
||||
}
|
||||
break;
|
||||
}
|
||||
case NEWLINE:
|
||||
case STATIC_PORT:
|
||||
case BITMASK:
|
||||
case RANDOM:
|
||||
case SOURCE_HASH:
|
||||
case ROUND_ROBIN:
|
||||
{
|
||||
break;
|
||||
}
|
||||
default:
|
||||
{
|
||||
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 520 "pf.g"
|
||||
#line 523 "pf.g"
|
||||
|
||||
importer->tmp_port_group.push_back(ps);
|
||||
|
||||
#line 1983 "PFCfgParser.cpp"
|
||||
#line 1982 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -1996,49 +1995,49 @@ void PFCfgParser::pooltype() {
|
||||
case BITMASK:
|
||||
{
|
||||
match(BITMASK);
|
||||
#line 534 "pf.g"
|
||||
#line 537 "pf.g"
|
||||
importer->nat_rule_opt_1 = "bitmask";
|
||||
#line 2002 "PFCfgParser.cpp"
|
||||
#line 2001 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case RANDOM:
|
||||
{
|
||||
match(RANDOM);
|
||||
#line 536 "pf.g"
|
||||
#line 539 "pf.g"
|
||||
importer->nat_rule_opt_1 = "random";
|
||||
#line 2010 "PFCfgParser.cpp"
|
||||
#line 2009 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case SOURCE_HASH:
|
||||
{
|
||||
match(SOURCE_HASH);
|
||||
#line 538 "pf.g"
|
||||
#line 541 "pf.g"
|
||||
importer->nat_rule_opt_1 = "source-hash";
|
||||
#line 2018 "PFCfgParser.cpp"
|
||||
#line 2017 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case HEX_KEY:
|
||||
{
|
||||
match(HEX_KEY);
|
||||
#line 541 "pf.g"
|
||||
#line 544 "pf.g"
|
||||
|
||||
importer->error_tracker->registerError(
|
||||
QString("import of 'nat' commands with 'source-hash hex-key' "
|
||||
"option is not supported"));
|
||||
|
||||
#line 2030 "PFCfgParser.cpp"
|
||||
#line 2029 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case STRING_KEY:
|
||||
{
|
||||
match(STRING_KEY);
|
||||
#line 548 "pf.g"
|
||||
#line 551 "pf.g"
|
||||
|
||||
importer->error_tracker->registerError(
|
||||
QString("import of 'nat' commands with 'source-hash string-key' "
|
||||
"option is not supported"));
|
||||
|
||||
#line 2042 "PFCfgParser.cpp"
|
||||
#line 2041 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case NEWLINE:
|
||||
@ -2058,9 +2057,9 @@ void PFCfgParser::pooltype() {
|
||||
case ROUND_ROBIN:
|
||||
{
|
||||
match(ROUND_ROBIN);
|
||||
#line 555 "pf.g"
|
||||
#line 558 "pf.g"
|
||||
importer->nat_rule_opt_1 = "round-robin";
|
||||
#line 2064 "PFCfgParser.cpp"
|
||||
#line 2063 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@ -2116,11 +2115,11 @@ void PFCfgParser::port_def() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 1201 "pf.g"
|
||||
#line 1234 "pf.g"
|
||||
|
||||
importer->tmp_port_def = LT(0)->getText();
|
||||
|
||||
#line 2124 "PFCfgParser.cpp"
|
||||
#line 2123 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -2444,37 +2443,37 @@ void PFCfgParser::block_return() {
|
||||
case DROP:
|
||||
{
|
||||
match(DROP);
|
||||
#line 628 "pf.g"
|
||||
#line 631 "pf.g"
|
||||
importer->block_action_params.push_back("drop");
|
||||
#line 2450 "PFCfgParser.cpp"
|
||||
#line 2449 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case RETURN:
|
||||
{
|
||||
match(RETURN);
|
||||
#line 630 "pf.g"
|
||||
#line 633 "pf.g"
|
||||
importer->block_action_params.push_back("return");
|
||||
#line 2458 "PFCfgParser.cpp"
|
||||
#line 2457 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case RETURN_RST:
|
||||
{
|
||||
match(RETURN_RST);
|
||||
#line 632 "pf.g"
|
||||
#line 635 "pf.g"
|
||||
importer->block_action_params.push_back("return-rst");
|
||||
#line 2466 "PFCfgParser.cpp"
|
||||
#line 2465 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case TTL:
|
||||
{
|
||||
match(TTL);
|
||||
match(INT_CONST);
|
||||
#line 635 "pf.g"
|
||||
#line 638 "pf.g"
|
||||
|
||||
importer->error_tracker->registerError(
|
||||
QString("Import of \"block return-rst ttl number\" is not supported. "));
|
||||
|
||||
#line 2478 "PFCfgParser.cpp"
|
||||
#line 2477 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case NEWLINE:
|
||||
@ -2517,9 +2516,9 @@ void PFCfgParser::block_return() {
|
||||
case RETURN_ICMP:
|
||||
{
|
||||
match(RETURN_ICMP);
|
||||
#line 641 "pf.g"
|
||||
#line 644 "pf.g"
|
||||
importer->block_action_params.push_back("return-icmp");
|
||||
#line 2523 "PFCfgParser.cpp"
|
||||
#line 2522 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case OPENING_PAREN:
|
||||
@ -2543,9 +2542,9 @@ void PFCfgParser::block_return() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 645 "pf.g"
|
||||
#line 648 "pf.g"
|
||||
importer->block_action_params.push_back(LT(0)->getText());
|
||||
#line 2549 "PFCfgParser.cpp"
|
||||
#line 2548 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case COMMA:
|
||||
@ -2569,12 +2568,12 @@ void PFCfgParser::block_return() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 649 "pf.g"
|
||||
#line 652 "pf.g"
|
||||
|
||||
importer->error_tracker->registerError(
|
||||
QString("Import of \"block return-icmp (icmp_code, icmp6_code)\" is not supported"));
|
||||
|
||||
#line 2578 "PFCfgParser.cpp"
|
||||
#line 2577 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case CLOSING_PAREN:
|
||||
@ -2630,13 +2629,13 @@ void PFCfgParser::block_return() {
|
||||
case RETURN_ICMP6:
|
||||
{
|
||||
match(RETURN_ICMP6);
|
||||
#line 658 "pf.g"
|
||||
#line 661 "pf.g"
|
||||
|
||||
importer->error_tracker->registerError(
|
||||
QString("Import of \"block return-icmp6\" is not supported"));
|
||||
importer->block_action_params.push_back("return-icmp");
|
||||
|
||||
#line 2640 "PFCfgParser.cpp"
|
||||
#line 2639 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@ -2674,11 +2673,11 @@ void PFCfgParser::direction() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 679 "pf.g"
|
||||
#line 682 "pf.g"
|
||||
|
||||
importer->direction = LT(0)->getText();
|
||||
|
||||
#line 2682 "PFCfgParser.cpp"
|
||||
#line 2681 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -2691,11 +2690,11 @@ void PFCfgParser::quick() {
|
||||
|
||||
try { // for error handling
|
||||
match(QUICK);
|
||||
#line 708 "pf.g"
|
||||
#line 711 "pf.g"
|
||||
|
||||
importer->quick = true;
|
||||
|
||||
#line 2699 "PFCfgParser.cpp"
|
||||
#line 2698 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -2792,9 +2791,9 @@ void PFCfgParser::logopts() {
|
||||
for (;;) {
|
||||
if ((LA(1) == COMMA)) {
|
||||
match(COMMA);
|
||||
#line 695 "pf.g"
|
||||
#line 698 "pf.g"
|
||||
importer->logopts += ",";
|
||||
#line 2798 "PFCfgParser.cpp"
|
||||
#line 2797 "PFCfgParser.cpp"
|
||||
logopt();
|
||||
}
|
||||
else {
|
||||
@ -2831,11 +2830,11 @@ void PFCfgParser::logopt() {
|
||||
{
|
||||
match(TO);
|
||||
match(WORD);
|
||||
#line 702 "pf.g"
|
||||
#line 705 "pf.g"
|
||||
|
||||
importer->logopts += LT(0)->getText();
|
||||
|
||||
#line 2839 "PFCfgParser.cpp"
|
||||
#line 2838 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@ -2852,9 +2851,9 @@ void PFCfgParser::logopt() {
|
||||
|
||||
void PFCfgParser::ifspec() {
|
||||
Tracer traceInOut(this, "ifspec");
|
||||
#line 716 "pf.g"
|
||||
#line 719 "pf.g"
|
||||
InterfaceSpec is;
|
||||
#line 2858 "PFCfgParser.cpp"
|
||||
#line 2857 "PFCfgParser.cpp"
|
||||
|
||||
try { // for error handling
|
||||
{
|
||||
@ -2862,9 +2861,9 @@ void PFCfgParser::ifspec() {
|
||||
case EXLAMATION:
|
||||
{
|
||||
match(EXLAMATION);
|
||||
#line 717 "pf.g"
|
||||
#line 720 "pf.g"
|
||||
is.neg = true;
|
||||
#line 2868 "PFCfgParser.cpp"
|
||||
#line 2867 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case WORD:
|
||||
@ -2878,13 +2877,13 @@ void PFCfgParser::ifspec() {
|
||||
}
|
||||
}
|
||||
match(WORD);
|
||||
#line 719 "pf.g"
|
||||
#line 722 "pf.g"
|
||||
|
||||
is.name = LT(0)->getText();
|
||||
importer->iface_group.push_back(is);
|
||||
importer->newInterface(is.name);
|
||||
|
||||
#line 2888 "PFCfgParser.cpp"
|
||||
#line 2887 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -3077,11 +3076,11 @@ void PFCfgParser::proto_name() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 758 "pf.g"
|
||||
#line 761 "pf.g"
|
||||
|
||||
importer->proto_list.push_back(LT(0)->getText());
|
||||
|
||||
#line 3085 "PFCfgParser.cpp"
|
||||
#line 3084 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -3094,11 +3093,11 @@ void PFCfgParser::proto_number() {
|
||||
|
||||
try { // for error handling
|
||||
match(INT_CONST);
|
||||
#line 764 "pf.g"
|
||||
#line 767 "pf.g"
|
||||
|
||||
importer->proto_list.push_back(LT(0)->getText());
|
||||
|
||||
#line 3102 "PFCfgParser.cpp"
|
||||
#line 3101 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -3266,9 +3265,9 @@ void PFCfgParser::src_hosts_part() {
|
||||
case SELF:
|
||||
case IPV4:
|
||||
case OPENING_PAREN:
|
||||
case IPV6:
|
||||
case ANY:
|
||||
case NO_ROUTE:
|
||||
case IPV6:
|
||||
{
|
||||
common_hosts_part();
|
||||
break;
|
||||
@ -3276,13 +3275,13 @@ void PFCfgParser::src_hosts_part() {
|
||||
case URPF_FAILED:
|
||||
{
|
||||
match(URPF_FAILED);
|
||||
#line 804 "pf.g"
|
||||
#line 807 "pf.g"
|
||||
|
||||
importer->tmp_group.push_back(
|
||||
AddressSpec(AddressSpec::SPECIAL_ADDRESS, false,
|
||||
"urpf-failed", ""));
|
||||
|
||||
#line 3286 "PFCfgParser.cpp"
|
||||
#line 3285 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@ -3291,13 +3290,13 @@ void PFCfgParser::src_hosts_part() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 810 "pf.g"
|
||||
#line 813 "pf.g"
|
||||
|
||||
importer->src_neg = importer->tmp_neg;
|
||||
importer->src_group.splice(importer->src_group.begin(),
|
||||
importer->tmp_group);
|
||||
|
||||
#line 3301 "PFCfgParser.cpp"
|
||||
#line 3300 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -3327,18 +3326,30 @@ void PFCfgParser::src_port_part() {
|
||||
port_op_list();
|
||||
break;
|
||||
}
|
||||
case IPV6:
|
||||
{
|
||||
match(IPV6);
|
||||
#line 1147 "pf.g"
|
||||
|
||||
PortSpec ps;
|
||||
ps.setFromPortRange(LT(0)->getText());
|
||||
importer->tmp_port_group.push_back(ps);
|
||||
|
||||
#line 3339 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
{
|
||||
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 1134 "pf.g"
|
||||
#line 1153 "pf.g"
|
||||
|
||||
importer->src_port_group.splice(importer->src_port_group.begin(),
|
||||
importer->tmp_port_group);
|
||||
|
||||
#line 3342 "PFCfgParser.cpp"
|
||||
#line 3353 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -3351,13 +3362,13 @@ void PFCfgParser::dst_hosts_part() {
|
||||
|
||||
try { // for error handling
|
||||
common_hosts_part();
|
||||
#line 819 "pf.g"
|
||||
#line 822 "pf.g"
|
||||
|
||||
importer->dst_neg = importer->tmp_neg;
|
||||
importer->dst_group.splice(importer->dst_group.begin(),
|
||||
importer->tmp_group);
|
||||
|
||||
#line 3361 "PFCfgParser.cpp"
|
||||
#line 3372 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -3387,18 +3398,30 @@ void PFCfgParser::dst_port_part() {
|
||||
port_op_list();
|
||||
break;
|
||||
}
|
||||
case IPV6:
|
||||
{
|
||||
match(IPV6);
|
||||
#line 1169 "pf.g"
|
||||
|
||||
PortSpec ps;
|
||||
ps.setFromPortRange(LT(0)->getText());
|
||||
importer->tmp_port_group.push_back(ps);
|
||||
|
||||
#line 3411 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
{
|
||||
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 1142 "pf.g"
|
||||
#line 1175 "pf.g"
|
||||
|
||||
importer->dst_port_group.splice(importer->dst_port_group.begin(),
|
||||
importer->tmp_port_group);
|
||||
|
||||
#line 3402 "PFCfgParser.cpp"
|
||||
#line 3425 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -3414,23 +3437,23 @@ void PFCfgParser::common_hosts_part() {
|
||||
case ANY:
|
||||
{
|
||||
match(ANY);
|
||||
#line 828 "pf.g"
|
||||
#line 831 "pf.g"
|
||||
|
||||
importer->tmp_group.push_back(
|
||||
AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0"));
|
||||
|
||||
#line 3423 "PFCfgParser.cpp"
|
||||
#line 3446 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case NO_ROUTE:
|
||||
{
|
||||
match(NO_ROUTE);
|
||||
#line 834 "pf.g"
|
||||
#line 837 "pf.g"
|
||||
|
||||
importer->tmp_group.push_back(
|
||||
AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "no-route", ""));
|
||||
|
||||
#line 3434 "PFCfgParser.cpp"
|
||||
#line 3457 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case WORD:
|
||||
@ -3465,9 +3488,9 @@ void PFCfgParser::host() {
|
||||
Tracer traceInOut(this, "host");
|
||||
ANTLR_USE_NAMESPACE(antlr)RefToken tn = ANTLR_USE_NAMESPACE(antlr)nullToken;
|
||||
ANTLR_USE_NAMESPACE(antlr)RefToken in = ANTLR_USE_NAMESPACE(antlr)nullToken;
|
||||
#line 844 "pf.g"
|
||||
#line 847 "pf.g"
|
||||
AddressSpec as;
|
||||
#line 3471 "PFCfgParser.cpp"
|
||||
#line 3494 "PFCfgParser.cpp"
|
||||
|
||||
try { // for error handling
|
||||
{
|
||||
@ -3475,9 +3498,9 @@ void PFCfgParser::host() {
|
||||
case EXLAMATION:
|
||||
{
|
||||
match(EXLAMATION);
|
||||
#line 845 "pf.g"
|
||||
#line 848 "pf.g"
|
||||
as.neg = true;
|
||||
#line 3481 "PFCfgParser.cpp"
|
||||
#line 3504 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case WORD:
|
||||
@ -3500,13 +3523,13 @@ void PFCfgParser::host() {
|
||||
case WORD:
|
||||
{
|
||||
match(WORD);
|
||||
#line 848 "pf.g"
|
||||
#line 851 "pf.g"
|
||||
|
||||
// interface name or domain/host name
|
||||
as.at = AddressSpec::INTERFACE_NAME;
|
||||
as.at = AddressSpec::INTERFACE_OR_HOST_NAME;
|
||||
as.address = LT(0)->getText();
|
||||
|
||||
#line 3510 "PFCfgParser.cpp"
|
||||
#line 3533 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case COLON:
|
||||
@ -3517,43 +3540,43 @@ void PFCfgParser::host() {
|
||||
case NETWORK:
|
||||
{
|
||||
match(NETWORK);
|
||||
#line 857 "pf.g"
|
||||
#line 860 "pf.g"
|
||||
|
||||
as.at = AddressSpec::INTERFACE_NETWORK;
|
||||
|
||||
#line 3525 "PFCfgParser.cpp"
|
||||
#line 3548 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case BROADCAST:
|
||||
{
|
||||
match(BROADCAST);
|
||||
#line 862 "pf.g"
|
||||
#line 865 "pf.g"
|
||||
|
||||
as.at = AddressSpec::INTERFACE_BROADCAST;
|
||||
|
||||
#line 3535 "PFCfgParser.cpp"
|
||||
#line 3558 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case PEER:
|
||||
{
|
||||
match(PEER);
|
||||
#line 867 "pf.g"
|
||||
#line 870 "pf.g"
|
||||
|
||||
importer->error_tracker->registerError(
|
||||
QString("import of 'interface:peer' is not supported."));
|
||||
|
||||
#line 3546 "PFCfgParser.cpp"
|
||||
#line 3569 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case INT_CONST:
|
||||
{
|
||||
match(INT_CONST);
|
||||
#line 873 "pf.g"
|
||||
#line 876 "pf.g"
|
||||
|
||||
importer->error_tracker->registerError(
|
||||
QString("import of 'interface:0' is not supported."));
|
||||
|
||||
#line 3557 "PFCfgParser.cpp"
|
||||
#line 3580 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@ -3596,44 +3619,45 @@ void PFCfgParser::host() {
|
||||
case SELF:
|
||||
{
|
||||
match(SELF);
|
||||
#line 881 "pf.g"
|
||||
#line 884 "pf.g"
|
||||
|
||||
as.at = AddressSpec::SPECIAL_ADDRESS;
|
||||
as.address = "self";
|
||||
|
||||
#line 3605 "PFCfgParser.cpp"
|
||||
#line 3628 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case IPV6:
|
||||
{
|
||||
match(IPV6);
|
||||
#line 887 "pf.g"
|
||||
#line 890 "pf.g"
|
||||
|
||||
importer->addMessageToLog(QString("IPv6 import is not supported. "));
|
||||
importer->error_tracker->registerError(
|
||||
QString("IPv6 import is not supported. "));
|
||||
consumeUntil(NEWLINE);
|
||||
|
||||
#line 3616 "PFCfgParser.cpp"
|
||||
#line 3640 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case IPV4:
|
||||
{
|
||||
match(IPV4);
|
||||
#line 893 "pf.g"
|
||||
#line 897 "pf.g"
|
||||
|
||||
as.at = AddressSpec::HOST_ADDRESS;
|
||||
as.address = LT(0)->getText();
|
||||
|
||||
#line 3627 "PFCfgParser.cpp"
|
||||
#line 3651 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case SLASH:
|
||||
{
|
||||
match(SLASH);
|
||||
#line 899 "pf.g"
|
||||
#line 903 "pf.g"
|
||||
|
||||
as.at = AddressSpec::NETWORK_ADDRESS;
|
||||
|
||||
#line 3637 "PFCfgParser.cpp"
|
||||
#line 3661 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case IPV4:
|
||||
@ -3652,11 +3676,11 @@ void PFCfgParser::host() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 903 "pf.g"
|
||||
#line 907 "pf.g"
|
||||
|
||||
as.netmask = LT(0)->getText();
|
||||
|
||||
#line 3660 "PFCfgParser.cpp"
|
||||
#line 3684 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case NEWLINE:
|
||||
@ -3694,12 +3718,12 @@ void PFCfgParser::host() {
|
||||
tn = LT(1);
|
||||
match(WORD);
|
||||
match(GREATER_THAN);
|
||||
#line 909 "pf.g"
|
||||
#line 913 "pf.g"
|
||||
|
||||
as.at = AddressSpec::TABLE;
|
||||
as.address = tn->getText();
|
||||
|
||||
#line 3703 "PFCfgParser.cpp"
|
||||
#line 3727 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case OPENING_PAREN:
|
||||
@ -3708,12 +3732,13 @@ void PFCfgParser::host() {
|
||||
in = LT(1);
|
||||
match(WORD);
|
||||
match(CLOSING_PAREN);
|
||||
#line 915 "pf.g"
|
||||
#line 919 "pf.g"
|
||||
|
||||
as.at = AddressSpec::INTERFACE_NAME;
|
||||
// interface name or domain/host name
|
||||
as.at = AddressSpec::INTERFACE_OR_HOST_NAME;
|
||||
as.address = in->getText();
|
||||
|
||||
#line 3717 "PFCfgParser.cpp"
|
||||
#line 3742 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@ -3722,11 +3747,11 @@ void PFCfgParser::host() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 920 "pf.g"
|
||||
#line 925 "pf.g"
|
||||
|
||||
importer->tmp_group.push_back(as);
|
||||
|
||||
#line 3730 "PFCfgParser.cpp"
|
||||
#line 3755 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -3784,11 +3809,11 @@ void PFCfgParser::route_to() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 942 "pf.g"
|
||||
#line 947 "pf.g"
|
||||
|
||||
importer->route_type = PFImporter::ROUTE_TO;
|
||||
|
||||
#line 3792 "PFCfgParser.cpp"
|
||||
#line 3817 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -3819,11 +3844,11 @@ void PFCfgParser::reply_to() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 949 "pf.g"
|
||||
#line 954 "pf.g"
|
||||
|
||||
importer->route_type = PFImporter::REPLY_TO;
|
||||
|
||||
#line 3827 "PFCfgParser.cpp"
|
||||
#line 3852 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -3837,16 +3862,16 @@ void PFCfgParser::routehost() {
|
||||
ANTLR_USE_NAMESPACE(antlr)RefToken v6 = ANTLR_USE_NAMESPACE(antlr)nullToken;
|
||||
ANTLR_USE_NAMESPACE(antlr)RefToken nm = ANTLR_USE_NAMESPACE(antlr)nullToken;
|
||||
ANTLR_USE_NAMESPACE(antlr)RefToken nm6 = ANTLR_USE_NAMESPACE(antlr)nullToken;
|
||||
#line 954 "pf.g"
|
||||
#line 959 "pf.g"
|
||||
RouteSpec rs;
|
||||
#line 3843 "PFCfgParser.cpp"
|
||||
#line 3868 "PFCfgParser.cpp"
|
||||
|
||||
try { // for error handling
|
||||
match(OPENING_PAREN);
|
||||
match(WORD);
|
||||
#line 956 "pf.g"
|
||||
#line 961 "pf.g"
|
||||
rs.iface = LT(0)->getText();
|
||||
#line 3850 "PFCfgParser.cpp"
|
||||
#line 3875 "PFCfgParser.cpp"
|
||||
{
|
||||
switch ( LA(1)) {
|
||||
case IPV4:
|
||||
@ -3904,11 +3929,12 @@ void PFCfgParser::routehost() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 958 "pf.g"
|
||||
#line 963 "pf.g"
|
||||
|
||||
if (v6)
|
||||
{
|
||||
importer->addMessageToLog(QString("IPv6 import is not supported. "));
|
||||
importer->error_tracker->registerError(
|
||||
QString("IPv6 import is not supported. "));
|
||||
consumeUntil(NEWLINE);
|
||||
} else
|
||||
{
|
||||
@ -3917,7 +3943,7 @@ void PFCfgParser::routehost() {
|
||||
importer->route_group.push_back(rs);
|
||||
}
|
||||
|
||||
#line 3921 "PFCfgParser.cpp"
|
||||
#line 3947 "PFCfgParser.cpp"
|
||||
match(CLOSING_PAREN);
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
@ -4042,12 +4068,12 @@ void PFCfgParser::tcp_flags() {
|
||||
case ANY:
|
||||
{
|
||||
match(ANY);
|
||||
#line 1014 "pf.g"
|
||||
#line 1020 "pf.g"
|
||||
|
||||
importer->flags_check = "none";
|
||||
importer->flags_mask = "none";
|
||||
|
||||
#line 4051 "PFCfgParser.cpp"
|
||||
#line 4077 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case WORD:
|
||||
@ -4103,7 +4129,7 @@ void PFCfgParser::tcp_flags() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 1020 "pf.g"
|
||||
#line 1026 "pf.g"
|
||||
|
||||
if (check)
|
||||
importer->flags_check = check->getText();
|
||||
@ -4114,7 +4140,7 @@ void PFCfgParser::tcp_flags() {
|
||||
else
|
||||
importer->flags_mask = "all";
|
||||
|
||||
#line 4118 "PFCfgParser.cpp"
|
||||
#line 4144 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@ -4166,12 +4192,13 @@ void PFCfgParser::icmp6_type() {
|
||||
|
||||
try { // for error handling
|
||||
match(ICMP6_TYPE);
|
||||
#line 1074 "pf.g"
|
||||
#line 1080 "pf.g"
|
||||
|
||||
importer->addMessageToLog(QString("ICMP6 import is not supported. "));
|
||||
importer->error_tracker->registerError(
|
||||
QString("ICMP6 import is not supported. "));
|
||||
consumeUntil(NEWLINE);
|
||||
|
||||
#line 4175 "PFCfgParser.cpp"
|
||||
#line 4202 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -4211,11 +4238,11 @@ void PFCfgParser::state() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 1105 "pf.g"
|
||||
#line 1112 "pf.g"
|
||||
|
||||
importer->state_op = LT(0)->getText();
|
||||
|
||||
#line 4219 "PFCfgParser.cpp"
|
||||
#line 4246 "PFCfgParser.cpp"
|
||||
match(STATE);
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
@ -4234,29 +4261,29 @@ void PFCfgParser::queue() {
|
||||
case WORD:
|
||||
{
|
||||
match(WORD);
|
||||
#line 1114 "pf.g"
|
||||
#line 1121 "pf.g"
|
||||
importer->queue += LT(0)->getText();
|
||||
#line 4240 "PFCfgParser.cpp"
|
||||
#line 4267 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case OPENING_PAREN:
|
||||
{
|
||||
match(OPENING_PAREN);
|
||||
match(WORD);
|
||||
#line 1117 "pf.g"
|
||||
#line 1124 "pf.g"
|
||||
importer->queue += LT(0)->getText();
|
||||
#line 4249 "PFCfgParser.cpp"
|
||||
#line 4276 "PFCfgParser.cpp"
|
||||
{ // ( ... )*
|
||||
for (;;) {
|
||||
if ((LA(1) == COMMA)) {
|
||||
match(COMMA);
|
||||
#line 1119 "pf.g"
|
||||
#line 1126 "pf.g"
|
||||
importer->queue += ",";
|
||||
#line 4256 "PFCfgParser.cpp"
|
||||
#line 4283 "PFCfgParser.cpp"
|
||||
match(WORD);
|
||||
#line 1120 "pf.g"
|
||||
#line 1127 "pf.g"
|
||||
importer->queue += LT(0)->getText();
|
||||
#line 4260 "PFCfgParser.cpp"
|
||||
#line 4287 "PFCfgParser.cpp"
|
||||
}
|
||||
else {
|
||||
goto _loop180;
|
||||
@ -4296,9 +4323,9 @@ void PFCfgParser::label() {
|
||||
|
||||
void PFCfgParser::icmp_type_code() {
|
||||
Tracer traceInOut(this, "icmp_type_code");
|
||||
#line 1042 "pf.g"
|
||||
#line 1048 "pf.g"
|
||||
IcmpSpec is;
|
||||
#line 4302 "PFCfgParser.cpp"
|
||||
#line 4329 "PFCfgParser.cpp"
|
||||
|
||||
try { // for error handling
|
||||
{
|
||||
@ -4306,17 +4333,17 @@ void PFCfgParser::icmp_type_code() {
|
||||
case WORD:
|
||||
{
|
||||
match(WORD);
|
||||
#line 1044 "pf.g"
|
||||
#line 1050 "pf.g"
|
||||
is.icmp_type_name = LT(0)->getText();
|
||||
#line 4312 "PFCfgParser.cpp"
|
||||
#line 4339 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case INT_CONST:
|
||||
{
|
||||
match(INT_CONST);
|
||||
#line 1046 "pf.g"
|
||||
#line 1052 "pf.g"
|
||||
is.icmp_type_int = LT(0)->getText();
|
||||
#line 4320 "PFCfgParser.cpp"
|
||||
#line 4347 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@ -4335,17 +4362,17 @@ void PFCfgParser::icmp_type_code() {
|
||||
case WORD:
|
||||
{
|
||||
match(WORD);
|
||||
#line 1051 "pf.g"
|
||||
#line 1057 "pf.g"
|
||||
is.icmp_code_name = LT(0)->getText();
|
||||
#line 4341 "PFCfgParser.cpp"
|
||||
#line 4368 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case INT_CONST:
|
||||
{
|
||||
match(INT_CONST);
|
||||
#line 1053 "pf.g"
|
||||
#line 1059 "pf.g"
|
||||
is.icmp_code_int = LT(0)->getText();
|
||||
#line 4349 "PFCfgParser.cpp"
|
||||
#line 4376 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@ -4382,11 +4409,11 @@ void PFCfgParser::icmp_type_code() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 1056 "pf.g"
|
||||
#line 1062 "pf.g"
|
||||
|
||||
importer->icmp_type_code_group.push_back(is);
|
||||
|
||||
#line 4390 "PFCfgParser.cpp"
|
||||
#line 4417 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -4440,9 +4467,9 @@ void PFCfgParser::icmp_list() {
|
||||
|
||||
void PFCfgParser::port_op() {
|
||||
Tracer traceInOut(this, "port_op");
|
||||
#line 1174 "pf.g"
|
||||
#line 1207 "pf.g"
|
||||
PortSpec ps;
|
||||
#line 4446 "PFCfgParser.cpp"
|
||||
#line 4473 "PFCfgParser.cpp"
|
||||
|
||||
try { // for error handling
|
||||
{
|
||||
@ -4453,39 +4480,39 @@ void PFCfgParser::port_op() {
|
||||
case EXLAMATION:
|
||||
{
|
||||
unary_port_op();
|
||||
#line 1176 "pf.g"
|
||||
#line 1209 "pf.g"
|
||||
ps.port_op = importer->tmp_port_op;
|
||||
#line 4459 "PFCfgParser.cpp"
|
||||
#line 4486 "PFCfgParser.cpp"
|
||||
port_def();
|
||||
#line 1178 "pf.g"
|
||||
#line 1211 "pf.g"
|
||||
|
||||
ps.port1 = importer->tmp_port_def;
|
||||
ps.port2 = importer->tmp_port_def;
|
||||
|
||||
#line 4466 "PFCfgParser.cpp"
|
||||
#line 4493 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case WORD:
|
||||
case INT_CONST:
|
||||
{
|
||||
port_def();
|
||||
#line 1184 "pf.g"
|
||||
#line 1217 "pf.g"
|
||||
|
||||
ps.port1 = importer->tmp_port_def;
|
||||
ps.port2 = ps.port1;
|
||||
ps.port_op = "=";
|
||||
|
||||
#line 4479 "PFCfgParser.cpp"
|
||||
#line 4506 "PFCfgParser.cpp"
|
||||
{
|
||||
if ((LA(1) == LESS_THAN || LA(1) == GREATER_THAN || LA(1) == COLON) && (_tokenSet_37.member(LA(2)))) {
|
||||
binary_port_op();
|
||||
#line 1190 "pf.g"
|
||||
#line 1223 "pf.g"
|
||||
ps.port_op = importer->tmp_port_op;
|
||||
#line 4485 "PFCfgParser.cpp"
|
||||
#line 4512 "PFCfgParser.cpp"
|
||||
port_def();
|
||||
#line 1191 "pf.g"
|
||||
#line 1224 "pf.g"
|
||||
ps.port2 = LT(0)->getText();
|
||||
#line 4489 "PFCfgParser.cpp"
|
||||
#line 4516 "PFCfgParser.cpp"
|
||||
}
|
||||
else if ((_tokenSet_38.member(LA(1))) && (_tokenSet_39.member(LA(2)))) {
|
||||
}
|
||||
@ -4502,11 +4529,11 @@ void PFCfgParser::port_op() {
|
||||
}
|
||||
}
|
||||
}
|
||||
#line 1194 "pf.g"
|
||||
#line 1227 "pf.g"
|
||||
|
||||
importer->tmp_port_group.push_back(ps);
|
||||
|
||||
#line 4510 "PFCfgParser.cpp"
|
||||
#line 4537 "PFCfgParser.cpp"
|
||||
}
|
||||
catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
|
||||
reportError(ex);
|
||||
@ -4571,46 +4598,46 @@ void PFCfgParser::unary_port_op() {
|
||||
case EQUAL:
|
||||
{
|
||||
match(EQUAL);
|
||||
#line 1150 "pf.g"
|
||||
#line 1183 "pf.g"
|
||||
importer->tmp_port_op = "=";
|
||||
#line 4577 "PFCfgParser.cpp"
|
||||
#line 4604 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case EXLAMATION:
|
||||
{
|
||||
match(EXLAMATION);
|
||||
match(EQUAL);
|
||||
#line 1152 "pf.g"
|
||||
#line 1185 "pf.g"
|
||||
importer->tmp_port_op = "!=";
|
||||
#line 4586 "PFCfgParser.cpp"
|
||||
#line 4613 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
if ((LA(1) == LESS_THAN) && (LA(2) == WORD || LA(2) == INT_CONST)) {
|
||||
match(LESS_THAN);
|
||||
#line 1154 "pf.g"
|
||||
#line 1187 "pf.g"
|
||||
importer->tmp_port_op = "<";
|
||||
#line 4594 "PFCfgParser.cpp"
|
||||
#line 4621 "PFCfgParser.cpp"
|
||||
}
|
||||
else if ((LA(1) == LESS_THAN) && (LA(2) == EQUAL)) {
|
||||
match(LESS_THAN);
|
||||
match(EQUAL);
|
||||
#line 1156 "pf.g"
|
||||
#line 1189 "pf.g"
|
||||
importer->tmp_port_op = "<=";
|
||||
#line 4601 "PFCfgParser.cpp"
|
||||
#line 4628 "PFCfgParser.cpp"
|
||||
}
|
||||
else if ((LA(1) == GREATER_THAN) && (LA(2) == WORD || LA(2) == INT_CONST)) {
|
||||
match(GREATER_THAN);
|
||||
#line 1158 "pf.g"
|
||||
#line 1191 "pf.g"
|
||||
importer->tmp_port_op = ">";
|
||||
#line 4607 "PFCfgParser.cpp"
|
||||
#line 4634 "PFCfgParser.cpp"
|
||||
}
|
||||
else if ((LA(1) == GREATER_THAN) && (LA(2) == EQUAL)) {
|
||||
match(GREATER_THAN);
|
||||
match(EQUAL);
|
||||
#line 1160 "pf.g"
|
||||
#line 1193 "pf.g"
|
||||
importer->tmp_port_op = ">=";
|
||||
#line 4614 "PFCfgParser.cpp"
|
||||
#line 4641 "PFCfgParser.cpp"
|
||||
}
|
||||
else {
|
||||
throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
|
||||
@ -4634,26 +4661,26 @@ void PFCfgParser::binary_port_op() {
|
||||
{
|
||||
match(LESS_THAN);
|
||||
match(GREATER_THAN);
|
||||
#line 1166 "pf.g"
|
||||
#line 1199 "pf.g"
|
||||
importer->tmp_port_op = "<>";
|
||||
#line 4640 "PFCfgParser.cpp"
|
||||
#line 4667 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case GREATER_THAN:
|
||||
{
|
||||
match(GREATER_THAN);
|
||||
match(LESS_THAN);
|
||||
#line 1168 "pf.g"
|
||||
#line 1201 "pf.g"
|
||||
importer->tmp_port_op = "><";
|
||||
#line 4649 "PFCfgParser.cpp"
|
||||
#line 4676 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
case COLON:
|
||||
{
|
||||
match(COLON);
|
||||
#line 1170 "pf.g"
|
||||
#line 1203 "pf.g"
|
||||
importer->tmp_port_op = ":";
|
||||
#line 4657 "PFCfgParser.cpp"
|
||||
#line 4684 "PFCfgParser.cpp"
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@ -4715,6 +4742,7 @@ const char* PFCfgParser::tokenNames[] = {
|
||||
"OPENING_PAREN",
|
||||
"CLOSING_PAREN",
|
||||
"\"port\"",
|
||||
"IPV6",
|
||||
"STAR",
|
||||
"\"bitmask\"",
|
||||
"\"random\"",
|
||||
@ -4763,7 +4791,6 @@ const char* PFCfgParser::tokenNames[] = {
|
||||
"\"urpf-failed\"",
|
||||
"\"any\"",
|
||||
"\"no-route\"",
|
||||
"IPV6",
|
||||
"\"route-to\"",
|
||||
"\"reply-to\"",
|
||||
"\"flags\"",
|
||||
@ -4832,7 +4859,7 @@ const char* PFCfgParser::tokenNames[] = {
|
||||
const unsigned long PFCfgParser::_tokenSet_0_data_[] = { 2UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// EOF
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_0(_tokenSet_0_data_,6);
|
||||
const unsigned long PFCfgParser::_tokenSet_1_data_[] = { 16242UL, 1835086UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_1_data_[] = { 16242UL, 3670094UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub"
|
||||
// "table" "no" "nat" "pass" "rdr" "binat" "timeout" "block"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_1(_tokenSet_1_data_,6);
|
||||
@ -4842,22 +4869,22 @@ const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_2(_tokenSet_2_data
|
||||
const unsigned long PFCfgParser::_tokenSet_3_data_[] = { 3250585664UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// WORD COMMA CLOSING_BRACE EXLAMATION "self" IPV4
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_3(_tokenSet_3_data_,6);
|
||||
const unsigned long PFCfgParser::_tokenSet_4_data_[] = { 16778256UL, 1073741842UL, 2017460287UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_4_data_[] = { 16778256UL, 2147483666UL, 2021654654UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" EXLAMATION "no" MINUS "all" "to" "quick" "on" "inet"
|
||||
// "inet6" "proto" "from" "route-to" "reply-to" "flags" "icmp-type" "icmp6-type"
|
||||
// "tagged" "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_4(_tokenSet_4_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_5_data_[] = { 16778256UL, 1073741842UL, 2017460281UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_5_data_[] = { 16778256UL, 2147483666UL, 2021654642UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" EXLAMATION "no" MINUS "all" "to" "inet" "inet6" "proto"
|
||||
// "from" "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" "tagged"
|
||||
// "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_5(_tokenSet_5_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_6_data_[] = { 16778256UL, 1073741842UL, 1614807073UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_6_data_[] = { 16778256UL, 2147483666UL, 1619001410UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" EXLAMATION "no" MINUS "all" "to" "proto" "from" "flags"
|
||||
// "icmp-type" "icmp6-type" "tagged" "tag" "keep" "modulate" "synproxy"
|
||||
// "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_6(_tokenSet_6_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_7_data_[] = { 16778256UL, 1073741842UL, 1614807041UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_7_data_[] = { 16778256UL, 2147483666UL, 1619001346UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" EXLAMATION "no" MINUS "all" "to" "from" "flags" "icmp-type"
|
||||
// "icmp6-type" "tagged" "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_7(_tokenSet_7_data_,8);
|
||||
@ -4869,44 +4896,44 @@ const unsigned long PFCfgParser::_tokenSet_9_data_[] = { 20972560UL, 18UL, 16106
|
||||
// NEWLINE "queue" COMMA EXLAMATION "no" MINUS "flags" "icmp-type" "icmp6-type"
|
||||
// "tagged" "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_9(_tokenSet_9_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_10_data_[] = { 2160066640UL, 80544UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_10_data_[] = { 2160066640UL, 160416UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE WORD COMMA CLOSING_BRACE IPV4 "static-port" OPENING_PAREN "port"
|
||||
// "bitmask" "random" "source-hash" "round-robin"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_10(_tokenSet_10_data_,6);
|
||||
const unsigned long PFCfgParser::_tokenSet_11_data_[] = { 2151678016UL, 128UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// WORD COMMA IPV4 OPENING_PAREN
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_11(_tokenSet_11_data_,6);
|
||||
const unsigned long PFCfgParser::_tokenSet_12_data_[] = { 16UL, 80416UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_12_data_[] = { 16UL, 160288UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "static-port" "port" "bitmask" "random" "source-hash" "round-robin"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_12(_tokenSet_12_data_,6);
|
||||
const unsigned long PFCfgParser::_tokenSet_13_data_[] = { 16UL, 79904UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_13_data_[] = { 16UL, 159776UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "static-port" "bitmask" "random" "source-hash" "round-robin"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_13(_tokenSet_13_data_,6);
|
||||
const unsigned long PFCfgParser::_tokenSet_14_data_[] = { 16UL, 32UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "static-port"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_14(_tokenSet_14_data_,6);
|
||||
const unsigned long PFCfgParser::_tokenSet_15_data_[] = { 599835856UL, 79922UL, 1610612737UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_15_data_[] = { 599835856UL, 159794UL, 1610612738UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE WORD EQUAL "queue" LESS_THAN GREATER_THAN COMMA CLOSING_BRACE
|
||||
// EXLAMATION COLON INT_CONST "no" MINUS "static-port" "bitmask" "random"
|
||||
// "source-hash" "round-robin" "to" "flags" "icmp-type" "icmp6-type" "tagged"
|
||||
// "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_15(_tokenSet_15_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_16_data_[] = { 16778256UL, 1073741826UL, 1614807041UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_16_data_[] = { 16778256UL, 2147483650UL, 1619001346UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" EXLAMATION "no" "all" "to" "from" "flags" "icmp-type"
|
||||
// "icmp6-type" "tagged" "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_16(_tokenSet_16_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_17_data_[] = { 3782246258UL, 1835215UL, 1736441856UL, 255UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_17_data_[] = { 3782246258UL, 3671247UL, 1728053248UL, 255UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub"
|
||||
// "table" LESS_THAN STRING OPENING_BRACE COMMA EXLAMATION INT_CONST "self"
|
||||
// IPV4 SLASH "no" "nat" "pass" "rdr" OPENING_PAREN "binat" "timeout" "block"
|
||||
// "urpf-failed" "any" "no-route" IPV6 "flags" "icmp-type" "icmp6-type"
|
||||
// IPV4 SLASH "no" "nat" "pass" "rdr" OPENING_PAREN IPV6 "binat" "timeout"
|
||||
// "block" "urpf-failed" "any" "no-route" "flags" "icmp-type" "icmp6-type"
|
||||
// "tagged" "tag" "keep" "modulate" "synproxy" "state" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_17(_tokenSet_17_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_18_data_[] = { 16778256UL, 2UL, 1610612736UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" EXLAMATION "no" "flags" "icmp-type" "icmp6-type" "tagged"
|
||||
// "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_18(_tokenSet_18_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_19_data_[] = { 561004402UL, 1835215UL, 1627389952UL, 255UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_19_data_[] = { 561004402UL, 3670223UL, 1644167168UL, 255UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub"
|
||||
// "table" STRING OPENING_BRACE COMMA EXLAMATION INT_CONST SLASH "no" "nat"
|
||||
// "pass" "rdr" OPENING_PAREN "binat" "timeout" "block" "any" "flags" "icmp-type"
|
||||
@ -4915,22 +4942,22 @@ const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_19(_tokenSet_19_da
|
||||
const unsigned long PFCfgParser::_tokenSet_20_data_[] = { 16UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_20(_tokenSet_20_data_,6);
|
||||
const unsigned long PFCfgParser::_tokenSet_21_data_[] = { 16778256UL, 2013265922UL, 2017460287UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_21_data_[] = { 16778256UL, 4026531842UL, 2021654654UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" EXLAMATION "no" "in" "out" "log" "all" "to" "quick"
|
||||
// "on" "inet" "inet6" "proto" "from" "route-to" "reply-to" "flags" "icmp-type"
|
||||
// "icmp6-type" "tagged" "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_21(_tokenSet_21_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_22_data_[] = { 16778256UL, 1610612738UL, 2017460287UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_22_data_[] = { 16778256UL, 3221225474UL, 2021654654UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" EXLAMATION "no" "log" "all" "to" "quick" "on" "inet"
|
||||
// "inet6" "proto" "from" "route-to" "reply-to" "flags" "icmp-type" "icmp6-type"
|
||||
// "tagged" "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_22(_tokenSet_22_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_23_data_[] = { 16778256UL, 1073741826UL, 2017460285UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_23_data_[] = { 16778256UL, 2147483650UL, 2021654650UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" EXLAMATION "no" "all" "to" "on" "inet" "inet6" "proto"
|
||||
// "from" "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" "tagged"
|
||||
// "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_23(_tokenSet_23_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_24_data_[] = { 16778256UL, 1073741826UL, 1614807097UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_24_data_[] = { 16778256UL, 2147483650UL, 1619001458UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" EXLAMATION "no" "all" "to" "inet" "inet6" "proto" "from"
|
||||
// "flags" "icmp-type" "icmp6-type" "tagged" "tag" "keep" "modulate" "synproxy"
|
||||
// "label"
|
||||
@ -4942,27 +4969,27 @@ const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_25(_tokenSet_25_da
|
||||
const unsigned long PFCfgParser::_tokenSet_26_data_[] = { 4194304UL, 256UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// COMMA CLOSING_PAREN
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_26(_tokenSet_26_data_,6);
|
||||
const unsigned long PFCfgParser::_tokenSet_27_data_[] = { 29361232UL, 1073741842UL, 2017460281UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_27_data_[] = { 29361232UL, 2147483666UL, 2021654642UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE WORD "queue" COMMA CLOSING_BRACE EXLAMATION "no" MINUS "all"
|
||||
// "to" "inet" "inet6" "proto" "from" "route-to" "reply-to" "flags" "icmp-type"
|
||||
// "icmp6-type" "tagged" "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_27(_tokenSet_27_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_28_data_[] = { 568329232UL, 1073741842UL, 1619001281UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_28_data_[] = { 568329232UL, 2147483666UL, 1627389826UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" OPENING_BRACE COMMA CLOSING_BRACE EXLAMATION INT_CONST
|
||||
// "no" MINUS "all" "to" "ip" "icmp" "igmp" "tcp" "udp" "rdp" "rsvp" "gre"
|
||||
// "esp" "ah" "eigrp" "ospf" "ipip" "vrrp" "l2tp" "isis" "from" "flags"
|
||||
// "icmp-type" "icmp6-type" "tagged" "tag" "keep" "modulate" "synproxy"
|
||||
// "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_28(_tokenSet_28_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_29_data_[] = { 543162368UL, 0UL, 4194240UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_29_data_[] = { 543162368UL, 0UL, 8388480UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// OPENING_BRACE COMMA INT_CONST "ip" "icmp" "igmp" "tcp" "udp" "rdp" "rsvp"
|
||||
// "gre" "esp" "ah" "eigrp" "ospf" "ipip" "vrrp" "l2tp" "isis"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_29(_tokenSet_29_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_30_data_[] = { 16778256UL, 18UL, 1610612737UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_30_data_[] = { 16778256UL, 18UL, 1610612738UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" EXLAMATION "no" MINUS "to" "flags" "icmp-type" "icmp6-type"
|
||||
// "tagged" "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_30(_tokenSet_30_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_31_data_[] = { 16778256UL, 530UL, 1610612737UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_31_data_[] = { 16778256UL, 530UL, 1610612738UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" EXLAMATION "no" MINUS "port" "to" "flags" "icmp-type"
|
||||
// "icmp6-type" "tagged" "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_31(_tokenSet_31_data_,8);
|
||||
@ -4970,12 +4997,12 @@ const unsigned long PFCfgParser::_tokenSet_32_data_[] = { 16778256UL, 530UL, 161
|
||||
// NEWLINE "queue" EXLAMATION "no" MINUS "port" "flags" "icmp-type" "icmp6-type"
|
||||
// "tagged" "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_32(_tokenSet_32_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_33_data_[] = { 29361168UL, 530UL, 1610612737UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_33_data_[] = { 29361168UL, 530UL, 1610612738UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" COMMA CLOSING_BRACE EXLAMATION "no" MINUS "port" "to"
|
||||
// "flags" "icmp-type" "icmp6-type" "tagged" "tag" "keep" "modulate" "synproxy"
|
||||
// "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_33(_tokenSet_33_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_34_data_[] = { 29361168UL, 1073741954UL, 1614807097UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_34_data_[] = { 29361168UL, 2147483778UL, 1619001458UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE "queue" COMMA CLOSING_BRACE EXLAMATION "no" OPENING_PAREN "all"
|
||||
// "to" "inet" "inet6" "proto" "from" "flags" "icmp-type" "icmp6-type"
|
||||
// "tagged" "tag" "keep" "modulate" "synproxy" "label"
|
||||
@ -4992,18 +5019,18 @@ const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_36(_tokenSet_36_da
|
||||
const unsigned long PFCfgParser::_tokenSet_37_data_[] = { 536920128UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// WORD LESS_THAN GREATER_THAN INT_CONST
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_37(_tokenSet_37_data_,6);
|
||||
const unsigned long PFCfgParser::_tokenSet_38_data_[] = { 566281424UL, 18UL, 1610612737UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_38_data_[] = { 566281424UL, 18UL, 1610612738UL, 191UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// NEWLINE WORD EQUAL "queue" LESS_THAN GREATER_THAN COMMA CLOSING_BRACE
|
||||
// EXLAMATION INT_CONST "no" MINUS "to" "flags" "icmp-type" "icmp6-type"
|
||||
// "tagged" "tag" "keep" "modulate" "synproxy" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_38(_tokenSet_38_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_39_data_[] = { 3824222194UL, 1835231UL, 1728053249UL, 255UL, 0UL, 0UL, 0UL, 0UL };
|
||||
const unsigned long PFCfgParser::_tokenSet_39_data_[] = { 3824222194UL, 3671263UL, 1711276034UL, 255UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// EOF NEWLINE LINE_COMMENT WORD EQUAL "antispoof" "altq" "queue" "set"
|
||||
// "scrub" "table" LESS_THAN GREATER_THAN STRING OPENING_BRACE COMMA CLOSING_BRACE
|
||||
// EXLAMATION COLON INT_CONST "self" IPV4 SLASH "no" "nat" "pass" MINUS
|
||||
// "rdr" OPENING_PAREN "binat" "timeout" "block" "to" "any" "no-route"
|
||||
// IPV6 "flags" "icmp-type" "icmp6-type" "tagged" "tag" "keep" "modulate"
|
||||
// "synproxy" "state" "label"
|
||||
// "rdr" OPENING_PAREN IPV6 "binat" "timeout" "block" "to" "any" "no-route"
|
||||
// "flags" "icmp-type" "icmp6-type" "tagged" "tag" "keep" "modulate" "synproxy"
|
||||
// "state" "label"
|
||||
const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_39(_tokenSet_39_data_,8);
|
||||
const unsigned long PFCfgParser::_tokenSet_40_data_[] = { 557891776UL, 0UL, 0UL, 0UL, 0UL, 0UL };
|
||||
// WORD EQUAL LESS_THAN GREATER_THAN COMMA EXLAMATION INT_CONST
|
||||
|
||||
@ -50,55 +50,55 @@ struct CUSTOM_API PFCfgParserTokenTypes {
|
||||
OPENING_PAREN = 39,
|
||||
CLOSING_PAREN = 40,
|
||||
PORT = 41,
|
||||
STAR = 42,
|
||||
BITMASK = 43,
|
||||
RANDOM = 44,
|
||||
SOURCE_HASH = 45,
|
||||
HEX_KEY = 46,
|
||||
STRING_KEY = 47,
|
||||
ROUND_ROBIN = 48,
|
||||
STICKY_ADDRESS = 49,
|
||||
BINAT = 50,
|
||||
TIMEOUT = 51,
|
||||
BLOCK = 52,
|
||||
DROP = 53,
|
||||
RETURN = 54,
|
||||
RETURN_RST = 55,
|
||||
TTL = 56,
|
||||
RETURN_ICMP = 57,
|
||||
RETURN_ICMP6 = 58,
|
||||
IN = 59,
|
||||
OUT = 60,
|
||||
LOG = 61,
|
||||
ALL = 62,
|
||||
USER = 63,
|
||||
TO = 64,
|
||||
QUICK = 65,
|
||||
ON = 66,
|
||||
INET = 67,
|
||||
INET6 = 68,
|
||||
PROTO = 69,
|
||||
IP = 70,
|
||||
ICMP = 71,
|
||||
IGMP = 72,
|
||||
TCP = 73,
|
||||
UDP = 74,
|
||||
RDP = 75,
|
||||
RSVP = 76,
|
||||
GRE = 77,
|
||||
ESP = 78,
|
||||
AH = 79,
|
||||
EIGRP = 80,
|
||||
OSPF = 81,
|
||||
IPIP = 82,
|
||||
VRRP = 83,
|
||||
L2TP = 84,
|
||||
ISIS = 85,
|
||||
FROM = 86,
|
||||
URPF_FAILED = 87,
|
||||
ANY = 88,
|
||||
NO_ROUTE = 89,
|
||||
IPV6 = 90,
|
||||
IPV6 = 42,
|
||||
STAR = 43,
|
||||
BITMASK = 44,
|
||||
RANDOM = 45,
|
||||
SOURCE_HASH = 46,
|
||||
HEX_KEY = 47,
|
||||
STRING_KEY = 48,
|
||||
ROUND_ROBIN = 49,
|
||||
STICKY_ADDRESS = 50,
|
||||
BINAT = 51,
|
||||
TIMEOUT = 52,
|
||||
BLOCK = 53,
|
||||
DROP = 54,
|
||||
RETURN = 55,
|
||||
RETURN_RST = 56,
|
||||
TTL = 57,
|
||||
RETURN_ICMP = 58,
|
||||
RETURN_ICMP6 = 59,
|
||||
IN = 60,
|
||||
OUT = 61,
|
||||
LOG = 62,
|
||||
ALL = 63,
|
||||
USER = 64,
|
||||
TO = 65,
|
||||
QUICK = 66,
|
||||
ON = 67,
|
||||
INET = 68,
|
||||
INET6 = 69,
|
||||
PROTO = 70,
|
||||
IP = 71,
|
||||
ICMP = 72,
|
||||
IGMP = 73,
|
||||
TCP = 74,
|
||||
UDP = 75,
|
||||
RDP = 76,
|
||||
RSVP = 77,
|
||||
GRE = 78,
|
||||
ESP = 79,
|
||||
AH = 80,
|
||||
EIGRP = 81,
|
||||
OSPF = 82,
|
||||
IPIP = 83,
|
||||
VRRP = 84,
|
||||
L2TP = 85,
|
||||
ISIS = 86,
|
||||
FROM = 87,
|
||||
URPF_FAILED = 88,
|
||||
ANY = 89,
|
||||
NO_ROUTE = 90,
|
||||
ROUTE_TO = 91,
|
||||
REPLY_TO = 92,
|
||||
FLAGS = 93,
|
||||
|
||||
@ -38,55 +38,55 @@ RDR="rdr"=38
|
||||
OPENING_PAREN=39
|
||||
CLOSING_PAREN=40
|
||||
PORT="port"=41
|
||||
STAR=42
|
||||
BITMASK="bitmask"=43
|
||||
RANDOM="random"=44
|
||||
SOURCE_HASH="source-hash"=45
|
||||
HEX_KEY="hex-key"=46
|
||||
STRING_KEY="string-key"=47
|
||||
ROUND_ROBIN="round-robin"=48
|
||||
STICKY_ADDRESS="sticky-address"=49
|
||||
BINAT="binat"=50
|
||||
TIMEOUT="timeout"=51
|
||||
BLOCK="block"=52
|
||||
DROP="drop"=53
|
||||
RETURN="return"=54
|
||||
RETURN_RST="return-rst"=55
|
||||
TTL=56
|
||||
RETURN_ICMP="return-icmp"=57
|
||||
RETURN_ICMP6=58
|
||||
IN="in"=59
|
||||
OUT="out"=60
|
||||
LOG="log"=61
|
||||
ALL="all"=62
|
||||
USER="user"=63
|
||||
TO="to"=64
|
||||
QUICK="quick"=65
|
||||
ON="on"=66
|
||||
INET="inet"=67
|
||||
INET6="inet6"=68
|
||||
PROTO="proto"=69
|
||||
IP="ip"=70
|
||||
ICMP="icmp"=71
|
||||
IGMP="igmp"=72
|
||||
TCP="tcp"=73
|
||||
UDP="udp"=74
|
||||
RDP="rdp"=75
|
||||
RSVP="rsvp"=76
|
||||
GRE="gre"=77
|
||||
ESP="esp"=78
|
||||
AH="ah"=79
|
||||
EIGRP="eigrp"=80
|
||||
OSPF="ospf"=81
|
||||
IPIP="ipip"=82
|
||||
VRRP="vrrp"=83
|
||||
L2TP="l2tp"=84
|
||||
ISIS="isis"=85
|
||||
FROM="from"=86
|
||||
URPF_FAILED="urpf-failed"=87
|
||||
ANY="any"=88
|
||||
NO_ROUTE="no-route"=89
|
||||
IPV6=90
|
||||
IPV6=42
|
||||
STAR=43
|
||||
BITMASK="bitmask"=44
|
||||
RANDOM="random"=45
|
||||
SOURCE_HASH="source-hash"=46
|
||||
HEX_KEY="hex-key"=47
|
||||
STRING_KEY="string-key"=48
|
||||
ROUND_ROBIN="round-robin"=49
|
||||
STICKY_ADDRESS="sticky-address"=50
|
||||
BINAT="binat"=51
|
||||
TIMEOUT="timeout"=52
|
||||
BLOCK="block"=53
|
||||
DROP="drop"=54
|
||||
RETURN="return"=55
|
||||
RETURN_RST="return-rst"=56
|
||||
TTL=57
|
||||
RETURN_ICMP="return-icmp"=58
|
||||
RETURN_ICMP6=59
|
||||
IN="in"=60
|
||||
OUT="out"=61
|
||||
LOG="log"=62
|
||||
ALL="all"=63
|
||||
USER="user"=64
|
||||
TO="to"=65
|
||||
QUICK="quick"=66
|
||||
ON="on"=67
|
||||
INET="inet"=68
|
||||
INET6="inet6"=69
|
||||
PROTO="proto"=70
|
||||
IP="ip"=71
|
||||
ICMP="icmp"=72
|
||||
IGMP="igmp"=73
|
||||
TCP="tcp"=74
|
||||
UDP="udp"=75
|
||||
RDP="rdp"=76
|
||||
RSVP="rsvp"=77
|
||||
GRE="gre"=78
|
||||
ESP="esp"=79
|
||||
AH="ah"=80
|
||||
EIGRP="eigrp"=81
|
||||
OSPF="ospf"=82
|
||||
IPIP="ipip"=83
|
||||
VRRP="vrrp"=84
|
||||
L2TP="l2tp"=85
|
||||
ISIS="isis"=86
|
||||
FROM="from"=87
|
||||
URPF_FAILED="urpf-failed"=88
|
||||
ANY="any"=89
|
||||
NO_ROUTE="no-route"=90
|
||||
ROUTE_TO="route-to"=91
|
||||
REPLY_TO="reply-to"=92
|
||||
FLAGS="flags"=93
|
||||
|
||||
@ -13,10 +13,6 @@ SOURCES = IOSCfgLexer.cpp \
|
||||
PIXCfgParser.cpp \
|
||||
PFCfgLexer.cpp \
|
||||
PFCfgParser.cpp \
|
||||
IfconfigLinuxCfgLexer.cpp \
|
||||
IfconfigLinuxCfgParser.cpp \
|
||||
IfconfigBSDCfgLexer.cpp \
|
||||
IfconfigBSDCfgParser.cpp
|
||||
|
||||
HEADERS = ../../config.h \
|
||||
IOSCfgLexer.hpp \
|
||||
@ -31,12 +27,7 @@ HEADERS = ../../config.h \
|
||||
PFCfgLexer.hpp \
|
||||
PFCfgParser.hpp \
|
||||
PFCfgParserTokenTypes.hpp \
|
||||
IfconfigLinuxCfgLexer.hpp \
|
||||
IfconfigLinuxCfgParser.hpp \
|
||||
IfconfigLinuxCfgParserTokenTypes.hpp \
|
||||
IfconfigBSDCfgLexer.hpp \
|
||||
IfconfigBSDCfgParser.hpp \
|
||||
IfconfigBSDCfgParserTokenTypes.hpp
|
||||
|
||||
|
||||
CONFIG += staticlib
|
||||
|
||||
|
||||
144
src/parsers/pf.g
144
src/parsers/pf.g
@ -254,7 +254,8 @@ tableaddr_spec { AddressSpec as; } :
|
||||
(
|
||||
WORD
|
||||
{
|
||||
as.at = AddressSpec::INTERFACE_NAME;
|
||||
// interface name or domain/host name
|
||||
as.at = AddressSpec::INTERFACE_OR_HOST_NAME;
|
||||
as.address = LT(0)->getText();
|
||||
}
|
||||
(
|
||||
@ -464,7 +465,7 @@ redirhost { AddressSpec as; } :
|
||||
WORD
|
||||
{
|
||||
// interface name or domain/host name
|
||||
as.at = AddressSpec::INTERFACE_NAME;
|
||||
as.at = AddressSpec::INTERFACE_OR_HOST_NAME;
|
||||
as.address = LT(0)->getText();
|
||||
}
|
||||
CLOSING_PAREN
|
||||
@ -472,7 +473,7 @@ redirhost { AddressSpec as; } :
|
||||
WORD
|
||||
{
|
||||
// interface name or domain/host name
|
||||
as.at = AddressSpec::INTERFACE_NAME;
|
||||
as.at = AddressSpec::INTERFACE_OR_HOST_NAME;
|
||||
as.address = LT(0)->getText();
|
||||
}
|
||||
)
|
||||
@ -503,20 +504,24 @@ redirhost_list :
|
||||
//
|
||||
portspec { PortSpec ps; } :
|
||||
PORT
|
||||
port_def
|
||||
{
|
||||
ps.port1 = importer->tmp_port_def;
|
||||
ps.port2 = ps.port1;
|
||||
ps.port_op = "=";
|
||||
}
|
||||
(
|
||||
COLON { ps.port_op = ":"; }
|
||||
port_def
|
||||
{
|
||||
ps.port1 = importer->tmp_port_def;
|
||||
ps.port2 = ps.port1;
|
||||
ps.port_op = "=";
|
||||
}
|
||||
|
|
||||
// lexer matches port range (1000:1010) as IPv6, see rule
|
||||
// NUMBER_ADDRESS_OR_WORD. Combination "1000:*" comes as IPV6 STAR
|
||||
IPV6
|
||||
{
|
||||
ps.setFromPortRange(LT(0)->getText());
|
||||
}
|
||||
(
|
||||
STAR { ps.port2 = "65535"; }
|
||||
|
|
||||
port_def { ps.port2 = importer->tmp_port_def; }
|
||||
)
|
||||
)?
|
||||
)?
|
||||
)
|
||||
{
|
||||
importer->tmp_port_group.push_back(ps);
|
||||
}
|
||||
@ -847,7 +852,7 @@ host { AddressSpec as; } :
|
||||
WORD
|
||||
{
|
||||
// interface name or domain/host name
|
||||
as.at = AddressSpec::INTERFACE_NAME;
|
||||
as.at = AddressSpec::INTERFACE_OR_HOST_NAME;
|
||||
as.address = LT(0)->getText();
|
||||
}
|
||||
(
|
||||
@ -885,7 +890,8 @@ host { AddressSpec as; } :
|
||||
|
|
||||
IPV6
|
||||
{
|
||||
importer->addMessageToLog(QString("IPv6 import is not supported. "));
|
||||
importer->error_tracker->registerError(
|
||||
QString("IPv6 import is not supported. "));
|
||||
consumeUntil(NEWLINE);
|
||||
}
|
||||
|
|
||||
@ -913,7 +919,8 @@ host { AddressSpec as; } :
|
||||
|
|
||||
OPENING_PAREN in:WORD CLOSING_PAREN
|
||||
{
|
||||
as.at = AddressSpec::INTERFACE_NAME;
|
||||
// interface name or domain/host name
|
||||
as.at = AddressSpec::INTERFACE_OR_HOST_NAME;
|
||||
as.address = in->getText();
|
||||
}
|
||||
)
|
||||
@ -958,7 +965,8 @@ routehost { RouteSpec rs; } :
|
||||
{
|
||||
if (v6)
|
||||
{
|
||||
importer->addMessageToLog(QString("IPv6 import is not supported. "));
|
||||
importer->error_tracker->registerError(
|
||||
QString("IPv6 import is not supported. "));
|
||||
consumeUntil(NEWLINE);
|
||||
} else
|
||||
{
|
||||
@ -1072,7 +1080,8 @@ icmp_list :
|
||||
icmp6_type :
|
||||
ICMP6_TYPE
|
||||
{
|
||||
importer->addMessageToLog(QString("ICMP6 import is not supported. "));
|
||||
importer->error_tracker->registerError(
|
||||
QString("ICMP6 import is not supported. "));
|
||||
consumeUntil(NEWLINE);
|
||||
}
|
||||
;
|
||||
@ -1129,16 +1138,44 @@ label :
|
||||
|
||||
//****************************************************************
|
||||
|
||||
// lexer matches port range (1000:1010) as IPv6, see rule
|
||||
// NUMBER_ADDRESS_OR_WORD
|
||||
src_port_part :
|
||||
PORT ( port_op | port_op_list )
|
||||
PORT
|
||||
(
|
||||
port_op
|
||||
|
|
||||
port_op_list
|
||||
|
|
||||
IPV6
|
||||
{
|
||||
PortSpec ps;
|
||||
ps.setFromPortRange(LT(0)->getText());
|
||||
importer->tmp_port_group.push_back(ps);
|
||||
}
|
||||
)
|
||||
{
|
||||
importer->src_port_group.splice(importer->src_port_group.begin(),
|
||||
importer->tmp_port_group);
|
||||
}
|
||||
;
|
||||
|
||||
// lexer matches port range (1000:1010) as IPv6, see rule
|
||||
// NUMBER_ADDRESS_OR_WORD
|
||||
dst_port_part :
|
||||
PORT ( port_op | port_op_list )
|
||||
PORT
|
||||
(
|
||||
port_op
|
||||
|
|
||||
port_op_list
|
||||
|
|
||||
IPV6
|
||||
{
|
||||
PortSpec ps;
|
||||
ps.setFromPortRange(LT(0)->getText());
|
||||
importer->tmp_port_group.push_back(ps);
|
||||
}
|
||||
)
|
||||
{
|
||||
importer->dst_port_group.splice(importer->dst_port_group.begin(),
|
||||
importer->tmp_port_group);
|
||||
@ -1385,7 +1422,7 @@ protected
|
||||
COLON : ;
|
||||
|
||||
protected
|
||||
HEX_DIGIT : '0'..'9' 'a'..'f' ;
|
||||
HEX_DIGIT : ( '0'..'9' | 'a'..'f' | 'A'..'F') ;
|
||||
|
||||
protected
|
||||
DIGIT : '0'..'9' ;
|
||||
@ -1396,47 +1433,56 @@ NUM_3DIGIT: ('0'..'9') (('0'..'9') ('0'..'9')?)? ;
|
||||
protected
|
||||
NUM_HEX_4DIGIT: HEX_DIGIT ((HEX_DIGIT) ((HEX_DIGIT) (HEX_DIGIT)?)?)? ;
|
||||
|
||||
|
||||
// IPV6 rule below matches "1000:1010" as IPV6. This is not a valid
|
||||
// IPv6 address and it creates problems with port ranges
|
||||
//
|
||||
NUMBER_ADDRESS_OR_WORD
|
||||
options {
|
||||
testLiterals = true;
|
||||
}
|
||||
:
|
||||
( NUM_3DIGIT '.' NUM_3DIGIT '.' ) =>
|
||||
(NUM_3DIGIT '.' NUM_3DIGIT '.' NUM_3DIGIT '.' NUM_3DIGIT)
|
||||
{ $setType(IPV4); }
|
||||
|
|
||||
( (DIGIT)+ '.' (DIGIT)+ )=> ( (DIGIT)+ '.' (DIGIT)+ )
|
||||
{ $setType(NUMBER); }
|
||||
// |
|
||||
// ( (DIGIT)+ ':' (DIGIT)+ )=> ( (DIGIT)+ ':' (DIGIT)+ )
|
||||
// { $setType(PORT_RANGE); }
|
||||
|
|
||||
( DIGIT )+ { $setType(INT_CONST); }
|
||||
( ( HEX_DIGIT )+ ':' ) =>
|
||||
(
|
||||
( ( HEX_DIGIT )+ ( ':' ( HEX_DIGIT )* )+ ) { $setType(IPV6); }
|
||||
)
|
||||
|
||||
// IPv6 RULE
|
||||
| (NUM_HEX_4DIGIT ':')=>
|
||||
(
|
||||
((NUM_HEX_4DIGIT ':')+ ':')=>
|
||||
(
|
||||
(NUM_HEX_4DIGIT ':')+ ':'
|
||||
(NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)*)?
|
||||
(NUM_HEX_4DIGIT ':')+ ':' (NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)*)?
|
||||
) { $setType(IPV6); }
|
||||
|
||||
| NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)+
|
||||
{ $setType(IPV6); }
|
||||
|
||||
) { $setType(IPV6); }
|
||||
|
|
||||
( NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)+ ) { $setType(IPV6);}
|
||||
) // { $setType(IPV6); }
|
||||
|
||||
| (':' ':' NUM_HEX_4DIGIT)=>
|
||||
':' ':' NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)*
|
||||
{ $setType(IPV6); }
|
||||
':' ':' NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)* { $setType(IPV6); }
|
||||
|
||||
| ':' ':'
|
||||
{ $setType(IPV6); }
|
||||
| ':' ':' { $setType(IPV6); }
|
||||
|
||||
| ':' { $setType(COLON); }
|
||||
|
||||
// | ( ':' ) =>
|
||||
// (
|
||||
// (':' ':' ( HEX_DIGIT )+ ) =>
|
||||
// (':' ':' ( HEX_DIGIT )+ (':' ( HEX_DIGIT )+)*) { $setType(IPV6); }
|
||||
// |
|
||||
// (':' ':' ) { $setType(IPV6); }
|
||||
|
||||
// | ':' { $setType(COLON); }
|
||||
// )
|
||||
|
||||
| ( NUM_3DIGIT '.' NUM_3DIGIT '.' ) =>
|
||||
(NUM_3DIGIT '.' NUM_3DIGIT '.' NUM_3DIGIT '.' NUM_3DIGIT)
|
||||
{ $setType(IPV4); }
|
||||
|
||||
| ( (DIGIT)+ '.' (DIGIT)+ )=> ( (DIGIT)+ '.' (DIGIT)+ )
|
||||
{ $setType(NUMBER); }
|
||||
|
||||
| ( DIGIT )+ { $setType(INT_CONST); }
|
||||
|
||||
| ':'
|
||||
{ $setType(COLON); }
|
||||
|
||||
|
|
||||
|
||||
@ -1446,7 +1492,7 @@ options {
|
||||
// double quote " should be included, without it STRING does not match
|
||||
|
||||
( 'a'..'z' | 'A'..'Z' )
|
||||
( '"' | '$' | '%' | '&' | '-' | '0'..'9' | ';' |
|
||||
( '"' | '$' | '%' | '&' | '-' | '.' | '0'..'9' | ';' |
|
||||
'?' | '@' | 'A'..'Z' | '\\' | '^' | '_' | '`' | 'a'..'z' )*
|
||||
{ $setType(WORD); }
|
||||
;
|
||||
@ -1466,7 +1512,7 @@ MINUS : '-' ;
|
||||
DOT : '.' ;
|
||||
SLASH : '/' ;
|
||||
|
||||
//COLON : ':' ;
|
||||
// COLON : ':' ;
|
||||
SEMICOLON : ';' ;
|
||||
|
||||
EQUAL : '=';
|
||||
|
||||
@ -204,6 +204,27 @@ std::string PFImporterTest::openTestFile(const QString &file_name)
|
||||
return buffer;
|
||||
}
|
||||
|
||||
void PFImporterTest::hostsMatchTest()
|
||||
{
|
||||
platform = "pf";
|
||||
|
||||
std::istringstream instream(
|
||||
openTestFile("test_data/pf-hosts-matches.conf"));
|
||||
|
||||
Importer* imp = new PFImporter(lib, instream, logger, "test_fw");
|
||||
CPPUNIT_ASSERT_NO_THROW( imp->run() );
|
||||
imp->finalize();
|
||||
|
||||
db->setPredictableIds();
|
||||
db->saveFile("pf-hosts-matches.fwb");
|
||||
|
||||
compareResults(logger,
|
||||
"test_data/pf-hosts-matches.output",
|
||||
"pf-hosts-matches.output");
|
||||
compareFwbFiles("test_data/pf-hosts-matches.fwb",
|
||||
"pf-hosts-matches.fwb");
|
||||
}
|
||||
|
||||
void PFImporterTest::blockReturnTest()
|
||||
{
|
||||
platform = "pf";
|
||||
|
||||
@ -58,6 +58,7 @@ class PFImporterTest : public CppUnit::TestFixture
|
||||
public:
|
||||
void setUp();
|
||||
|
||||
void hostsMatchTest();
|
||||
void blockReturnTest();
|
||||
void icmpMatchTest();
|
||||
void interfaceMatchTest();
|
||||
@ -70,6 +71,7 @@ public:
|
||||
|
||||
CPPUNIT_TEST_SUITE(PFImporterTest);
|
||||
|
||||
CPPUNIT_TEST(hostsMatchTest);
|
||||
CPPUNIT_TEST(blockReturnTest);
|
||||
CPPUNIT_TEST(icmpMatchTest);
|
||||
CPPUNIT_TEST(interfaceMatchTest);
|
||||
|
||||
@ -0,0 +1,39 @@
|
||||
|
||||
table <dst_addresses_1> { 192.168.1.1, 192.168.1.2, 192.168.2.0/24 }
|
||||
table <dst_addresses_2> { pcn0, pcn0:network }
|
||||
table <dst_addresses_3> { pcn0:peer, pcn0:0 }
|
||||
table <dst_addresses_4> { www.fwbuilder.org, www.netcitadel.com }
|
||||
|
||||
# interface:network interface:broacast interface:peer and interface:0
|
||||
pass in quick from pcn0:network to self
|
||||
pass in quick from pcn0:broadcast to self
|
||||
pass in quick from pcn0:peer to self
|
||||
pass in quick from pcn0:0 to self
|
||||
|
||||
pass in quick from any to 192.168.1.1
|
||||
pass in quick from any to 192.168.1.0/24
|
||||
pass in quick inet proto tcp from any to pcn0 port 80
|
||||
pass in quick inet proto tcp from any to (pcn0) port 80
|
||||
pass in quick inet proto tcp from any to www.fwbuilder.org port 80
|
||||
pass in quick inet proto tcp from any to self port 22
|
||||
pass in quick from any to <dst_addresses_1>
|
||||
pass in quick from any to <dst_addresses_2>
|
||||
pass in quick from any to <dst_addresses_3>
|
||||
pass in quick from any to <dst_addresses_4>
|
||||
|
||||
pass in quick inet6 from any to 2001:470:1f0e:162::2
|
||||
pass in quick inet6 from any to ipv6.fwbuilder.org
|
||||
|
||||
pass in quick from 192.168.1.1 to any
|
||||
pass in quick from 192.168.1.0/24 to any
|
||||
pass in quick inet proto tcp from pcn0 port 80 to any
|
||||
pass in quick inet proto tcp from (pcn0) port 80 to any
|
||||
pass in quick inet proto tcp from www.fwbuilder.org port 80 to any
|
||||
pass in quick inet proto tcp from self port 22 to any
|
||||
pass in quick from <dst_addresses_1> to any
|
||||
pass in quick from <dst_addresses_2> to any
|
||||
pass in quick from <dst_addresses_3> to any
|
||||
pass in quick from <dst_addresses_4> to any
|
||||
|
||||
pass in quick inet6 from 2001:470:1f0e:162::2 to any
|
||||
pass in quick inet6 from ipv6.fwbuilder.org to any
|
||||
1086
src/unit_tests/PFImporterTest/test_data/pf-hosts-matches.fwb
Normal file
1086
src/unit_tests/PFImporterTest/test_data/pf-hosts-matches.fwb
Normal file
@ -0,0 +1,1086 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
|
||||
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="21" lastModified="1306990487" id="root">
|
||||
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
|
||||
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
|
||||
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
|
||||
<AnyInterval id="sysid2" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1" name="Any" comment="Any Interval" ro="False"/>
|
||||
<ObjectGroup id="stdid01" name="Objects" comment="" ro="False">
|
||||
<ObjectGroup id="stdid16" name="Addresses" comment="" ro="False">
|
||||
<IPv4 id="id2001X88798" name="all-hosts" comment="" ro="False" address="224.0.0.1" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id2002X88798" name="all-routers" comment="" ro="False" address="224.0.0.2" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id2003X88798" name="all DVMRP" comment="" ro="False" address="224.0.0.4" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id2117X88798" name="OSPF (all routers)" comment="RFC2328" ro="False" address="224.0.0.5" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id2128X88798" name="OSPF (designated routers)" comment="RFC2328" ro="False" address="224.0.0.6" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id2430X88798" name="RIP" comment="RFC1723" ro="False" address="224.0.0.9" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id2439X88798" name="EIGRP" comment="" ro="False" address="224.0.0.10" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id2446X88798" name="DHCP server, relay agent" comment="RFC 1884" ro="False" address="224.0.0.12" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id2455X88798" name="PIM" comment="" ro="False" address="224.0.0.13" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id2462X88798" name="RSVP" comment="" ro="False" address="224.0.0.14" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id2469X88798" name="VRRP" comment="RFC3768" ro="False" address="224.0.0.18" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id2777X88798" name="IGMP" comment="" ro="False" address="224.0.0.22" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id2784X88798" name="OSPFIGP-TE" comment="RFC4973" ro="False" address="224.0.0.24" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id3094X88798" name="HSRP" comment="" ro="False" address="224.0.0.102" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id3403X88798" name="mDNS" comment="" ro="False" address="224.0.0.251" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id3410X88798" name="LLMNR" comment="Link-Local Multicast Name Resolution, RFC4795" ro="False" address="224.0.0.252" netmask="0.0.0.0"/>
|
||||
<IPv4 id="id3411X88798" name="Teredo" comment="" ro="False" address="224.0.0.253" netmask="0.0.0.0"/>
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="stdid17" name="DNS Names" comment="" ro="False"/>
|
||||
<ObjectGroup id="stdid18" name="Address Tables" comment="" ro="False"/>
|
||||
<ObjectGroup id="stdid04" name="Groups" comment="" ro="False">
|
||||
<ObjectGroup id="id3DC75CE8" name="rfc1918-nets" comment="" ro="False">
|
||||
<ObjectRef ref="id3DC75CE5"/>
|
||||
<ObjectRef ref="id3DC75CE6"/>
|
||||
<ObjectRef ref="id3DC75CE7"/>
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="id3292X75851" name="ipv6 private" comment="These are various ipv6 networks that should not be routed on the Internet " ro="False">
|
||||
<ObjectRef ref="id2088X75851"/>
|
||||
<ObjectRef ref="id2986X75851"/>
|
||||
<ObjectRef ref="id2383X75851"/>
|
||||
</ObjectGroup>
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="stdid02" name="Hosts" comment="" ro="False">
|
||||
<Host id="id3D84EECE" name="internal server" comment="This host is used in examples and template objects" ro="False">
|
||||
<Interface id="id3D84EED2" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
|
||||
<IPv4 id="id3D84EED3" name="ip" comment="" ro="False" address="192.168.1.10" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Management address="192.168.1.10">
|
||||
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
|
||||
<FWBDManagement enabled="False" identity="" port="-1"/>
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<HostOptions>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="use_mac_addr">false</Option>
|
||||
<Option name="use_mac_addr_filter">False</Option>
|
||||
</HostOptions>
|
||||
</Host>
|
||||
<Host id="id3D84EECF" name="server on dmz" comment="This host is used in examples and template objects" ro="False">
|
||||
<Interface id="id3D84EEE3" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
|
||||
<IPv4 id="id3D84EEE4" name="ip" comment="" ro="False" address="192.168.2.10" netmask="255.255.255.0"/>
|
||||
<InterfaceOptions/>
|
||||
</Interface>
|
||||
<Management address="192.168.2.10">
|
||||
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
|
||||
<FWBDManagement enabled="False" identity="" port="-1"/>
|
||||
<PolicyInstallScript arguments="" command="" enabled="False"/>
|
||||
</Management>
|
||||
<HostOptions>
|
||||
<Option name="snmp_contact"></Option>
|
||||
<Option name="snmp_description"></Option>
|
||||
<Option name="snmp_location"></Option>
|
||||
<Option name="use_mac_addr">false</Option>
|
||||
<Option name="use_mac_addr_filter">False</Option>
|
||||
</HostOptions>
|
||||
</Host>
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="stdid03" name="Networks" comment="" ro="False">
|
||||
<Network id="id3DC75CEC" name="all multicasts" comment="224.0.0.0/4 - This block, formerly known as the Class D address space, is allocated for use in IPv4 multicast address assignments. The IANA guidelines for assignments from this space are described in [RFC3171]. " ro="False" address="224.0.0.0" netmask="240.0.0.0"/>
|
||||
<Network id="id3F4ECE3E" name="link-local" comment="169.254.0.0/16 - This is the "link local" block. It is allocated for communication between hosts on a single link. Hosts obtain these addresses by auto-configuration, such as when a DHCP server may not be found. " ro="False" address="169.254.0.0" netmask="255.255.0.0"/>
|
||||
<Network id="id3F4ECE3D" name="loopback-net" comment="127.0.0.0/8 - This block is assigned for use as the Internet host loopback address. A datagram sent by a higher level protocol to an address anywhere within this block should loop back inside the host. This is ordinarily implemented using only 127.0.0.1/32 for loopback, but no addresses within this block should ever appear on any network anywhere [RFC1700, page 5]. " ro="False" address="127.0.0.0" netmask="255.0.0.0"/>
|
||||
<Network id="id3DC75CE5" name="net-10.0.0.0" comment="10.0.0.0/8 - This block is set aside for use in private networks. Its intended use is documented in [RFC1918]. Addresses within this block should not appear on the public Internet." ro="False" address="10.0.0.0" netmask="255.0.0.0"/>
|
||||
<Network id="id3DC75CE7" name="net-172.16.0.0" comment="172.16.0.0/12 - This block is set aside for use in private networks. Its intended use is documented in [RFC1918]. Addresses within this block should not appear on the public Internet. " ro="False" address="172.16.0.0" netmask="255.240.0.0"/>
|
||||
<Network id="id3DC75CE6" name="net-192.168.0.0" comment="192.168.0.0/16 - This block is set aside for use in private networks. Its intended use is documented in [RFC1918]. Addresses within this block should not appear on the public Internet. " ro="False" address="192.168.0.0" netmask="255.255.0.0"/>
|
||||
<Network id="id3F4ECE3F" name="test-net" comment="192.0.2.0/24 - This block is assigned as "TEST-NET" for use in documentation and example code. It is often used in conjunction with domain names example.com or example.net in vendor and protocol documentation. Addresses within this block should not appear on the public Internet. " ro="False" address="192.0.2.0" netmask="255.255.255.0"/>
|
||||
<Network id="id3F4ECE40" name="this-net" comment="0.0.0.0/8 - Addresses in this block refer to source hosts on "this" network. Address 0.0.0.0/32 may be used as a source address for this host on this network; other addresses within 0.0.0.0/8 may be used to refer to specified hosts on this network [RFC1700, page 4]." ro="False" address="0.0.0.0" netmask="255.0.0.0"/>
|
||||
<Network id="id3DC75CE7-1" name="net-192.168.1.0" comment="192.168.1.0/24 - Address often used for home and small office networks. " ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
|
||||
<Network id="id3DC75CE7-2" name="net-192.168.2.0" comment="192.168.2.0/24 - Address often used for home and small office networks. " ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
|
||||
<NetworkIPv6 id="id2088X75851" name="documentation net" comment="RFC3849" ro="False" address="2001:db8::" netmask="32"/>
|
||||
<NetworkIPv6 id="id2383X75851" name="link-local ipv6" comment="RFC4291 Link-local unicast net" ro="False" address="fe80::" netmask="10"/>
|
||||
<NetworkIPv6 id="id2685X75851" name="multicast ipv6" comment="RFC4291 ipv6 multicast addresses" ro="False" address="ff00::" netmask="8"/>
|
||||
<NetworkIPv6 id="id2986X75851" name="experimental ipv6" comment="RFC2928, RFC4773 "The block of Sub-TLA IDs assigned to the IANA (i.e., 2001:0000::/29 - 2001:01F8::/29) is for assignment for testing and experimental usage to support activities such as the 6bone, and for new approaches like exchanges." [RFC2928] " ro="False" address="2001::" netmask="23"/>
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="stdid15" name="Address Ranges" comment="" ro="False">
|
||||
<AddressRange id="id3F6D115C" name="broadcast" comment="" ro="False" start_address="255.255.255.255" end_address="255.255.255.255"/>
|
||||
<AddressRange id="id3F6D115D" name="old-broadcast" comment="" ro="False" start_address="0.0.0.0" end_address="0.0.0.0"/>
|
||||
</ObjectGroup>
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="stdid05" name="Services" comment="" ro="False">
|
||||
<CustomService id="stdid14_1" name="ESTABLISHED" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="procurve_acl">established</CustomServiceCommand>
|
||||
</CustomService>
|
||||
<CustomService id="stdid14_2" name="ESTABLISHED ipv6" comment="This service matches all packets which are part of network connections established through the firewall, or connections 'related' to those established through the firewall. Term 'established' refers to the state tracking mechanism which exists inside iptables and other stateful firewalls and does not mean any particular combination of packet header options. Packet is considered to correspond to the state 'ESTABLISHED' if it belongs to the network session, for which proper initiation has been seen by the firewall, so its stateful inspection module made appropriate record in the state table. Usually stateful firewalls keep track of network connections using not only tcp protocol, but also udp and sometimes even icmp protocols. 'RELATED' describes packet belonging to a separate network connection, related to the session firewall is keeping track of. One example is FTP command and FTP data sessions." ro="False" protocol="any" address_family="ipv6">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iosacl">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw">established</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m state --state ESTABLISHED,RELATED</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="procurve_acl">established</CustomServiceCommand>
|
||||
</CustomService>
|
||||
<ServiceGroup id="stdid10" name="Groups" comment="" ro="False">
|
||||
<ServiceGroup id="sg-DHCP" name="DHCP" comment="" ro="False">
|
||||
<ServiceRef ref="udp-bootpc"/>
|
||||
<ServiceRef ref="udp-bootps"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="id3F530CC8" name="DNS" comment="" ro="False">
|
||||
<ServiceRef ref="udp-DNS"/>
|
||||
<ServiceRef ref="tcp-DNS"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="id3CB1279B" name="IPSEC" comment="" ro="False">
|
||||
<ServiceRef ref="id3CB12797"/>
|
||||
<ServiceRef ref="ip-IPSEC"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="sg-NETBIOS" name="NETBIOS" comment="" ro="False">
|
||||
<ServiceRef ref="udp-netbios-dgm"/>
|
||||
<ServiceRef ref="udp-netbios-ns"/>
|
||||
<ServiceRef ref="id3E755609"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="id3CB131CC" name="PCAnywhere" comment="" ro="False">
|
||||
<ServiceRef ref="id3CB131CA"/>
|
||||
<ServiceRef ref="id3CB131C8"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="sg-Useful_ICMP" name="Useful_ICMP" comment="" ro="False">
|
||||
<ServiceRef ref="icmp-Time_exceeded"/>
|
||||
<ServiceRef ref="icmp-Time_exceeded_in_transit"/>
|
||||
<ServiceRef ref="icmp-ping_reply"/>
|
||||
<ServiceRef ref="icmp-Unreachables"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="id1569X4889" name="Ipv6 unreachable messages" comment="" ro="False">
|
||||
<ServiceRef ref="idE0D27650"/>
|
||||
<ServiceRef ref="idCFE27650"/>
|
||||
<ServiceRef ref="idE0B27650"/>
|
||||
<ServiceRef ref="id1519Z388"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="id3B4FEDD9" name="kerberos" comment="" ro="False">
|
||||
<ServiceRef ref="id3B4FEDA5"/>
|
||||
<ServiceRef ref="id3B4FEDA9"/>
|
||||
<ServiceRef ref="id3B4FEDA7"/>
|
||||
<ServiceRef ref="id3B4FEDAB"/>
|
||||
<ServiceRef ref="id3B4FEDA3"/>
|
||||
<ServiceRef ref="id3B4FEE21"/>
|
||||
<ServiceRef ref="id3B4FEE23"/>
|
||||
<ServiceRef ref="id3E7E3EA2"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="id3B4FF35E" name="nfs" comment="" ro="False">
|
||||
<ServiceRef ref="id3B4FEE7A"/>
|
||||
<ServiceRef ref="id3B4FEE78"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="id3B4FEFFA" name="quake" comment="" ro="False">
|
||||
<ServiceRef ref="id3B4FEF7C"/>
|
||||
<ServiceRef ref="id3B4FEF7E"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="id3D703C9A" name="Real Player" comment="" ro="False">
|
||||
<ServiceRef ref="id3D703C99"/>
|
||||
<ServiceRef ref="id3D703C8B"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="id3E7E3E95" name="WinNT" comment="" ro="False">
|
||||
<ServiceRef ref="sg-NETBIOS"/>
|
||||
<ServiceRef ref="id3DC8C8BB"/>
|
||||
<ServiceRef ref="id3E7E3D58"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="id3E7E3E9A" name="Win2000" comment="" ro="False">
|
||||
<ServiceRef ref="id3E7E3E95"/>
|
||||
<ServiceRef ref="udp-DNS"/>
|
||||
<ServiceRef ref="id3DC8C8BC"/>
|
||||
<ServiceRef ref="id3E7E3EA2"/>
|
||||
<ServiceRef ref="id3AECF778"/>
|
||||
<ServiceRef ref="id3D703C90"/>
|
||||
<ServiceRef ref="id3E7E4039"/>
|
||||
<ServiceRef ref="id3E7E403A"/>
|
||||
<ServiceRef ref="id3B4FEDA5"/>
|
||||
<ServiceRef ref="tcp-DNS"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="id41291786" name="UPnP" comment="" ro="False">
|
||||
<ServiceRef ref="id41291784"/>
|
||||
<ServiceRef ref="id41291785"/>
|
||||
<ServiceRef ref="id41291783"/>
|
||||
<ServiceRef ref="id412Z18A9"/>
|
||||
</ServiceGroup>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid07" name="ICMP" comment="" ro="False">
|
||||
<ICMPService id="icmp-Unreachables" code="-1" type="3" name="all ICMP unreachables" comment="" ro="False"/>
|
||||
<ICMPService id="id3C20EEB5" code="-1" type="-1" name="any ICMP" comment="" ro="False"/>
|
||||
<ICMPService id="icmp-Host_unreach" code="1" type="3" name="host_unreach" comment="" ro="False"/>
|
||||
<ICMPService id="icmp-ping_reply" code="0" type="0" name="ping reply" comment="" ro="False"/>
|
||||
<ICMPService id="icmp-ping_request" code="0" type="8" name="ping request" comment="" ro="False"/>
|
||||
<ICMPService id="icmp-Port_unreach" code="3" type="3" name="port unreach" comment="Port unreachable" ro="False"/>
|
||||
<ICMPService id="icmp-Time_exceeded" code="0" type="11" name="time exceeded" comment="ICMP messages of this type are needed for traceroute" ro="False"/>
|
||||
<ICMPService id="icmp-Time_exceeded_in_transit" code="1" type="11" name="time exceeded in transit" comment="" ro="False"/>
|
||||
<ICMP6Service id="ipv6-icmp-ping_request" code="0" type="128" name="ipv6 ping request" comment="IPv6 ping request" ro="False"/>
|
||||
<ICMP6Service id="ipv6-icmp-ping_reply" code="0" type="129" name="ipv6 ping reply" comment="IPv6 ping reply" ro="False"/>
|
||||
<ICMP6Service id="ipv6-icmp-routersol" code="0" type="133" name="ipv6 routersol" comment="IPv6 router solicitation" ro="False"/>
|
||||
<ICMP6Service id="ipv6-icmp-routeradv" code="0" type="134" name="ipv6 routeradv" comment="IPv6 router advertisement" ro="False"/>
|
||||
<ICMP6Service id="ipv6-icmp-neighbrsol" code="0" type="135" name="ipv6 neighbrsol" comment="IPv6 neighbor solicitation" ro="False"/>
|
||||
<ICMP6Service id="ipv6-icmp-neighbradv" code="0" type="136" name="ipv6 neighbradv" comment="IPv6 neighbor advertisement" ro="False"/>
|
||||
<ICMP6Service id="ipv6-icmp-redir" code="0" type="137" name="ipv6 redir" comment="IPv6 redirect: shorter route exists" ro="False"/>
|
||||
<ICMP6Service id="id1519Z388" code="-1" type="4" name="ipv6 parameter problem" comment="IPv6 Parameter Problem: RFC4443" ro="False"/>
|
||||
<ICMP6Service id="idCFE27650" code="0" type="3" name="ipv6 time exceeded" comment="Time exceeded in transit" ro="False"/>
|
||||
<ICMP6Service id="idCFF27650" code="1" type="3" name="ipv6 time exceeded in reassembly" comment="Time exceeded in reassembly" ro="False"/>
|
||||
<ICMP6Service id="idE0B27650" code="-1" type="2" name="ipv6 packet too big" comment="" ro="False"/>
|
||||
<ICMP6Service id="idE0D27650" code="-1" type="1" name="ipv6 all dest unreachable" comment="All icmpv6 codes for type "destination unreachable" " ro="False"/>
|
||||
<ICMP6Service id="idCFE27660" code="-1" type="-1" name="ipv6 any ICMP6" comment="any ICMPv6" ro="False"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid06" name="IP" comment="" ro="False">
|
||||
<IPService id="id3CB12797" fragm="False" lsrr="False" protocol_num="51" rr="False" short_fragm="False" ssrr="False" ts="False" name="AH" comment="IPSEC Authentication Header Protocol" ro="False"/>
|
||||
<IPService id="ip-IPSEC" fragm="False" lsrr="False" protocol_num="50" rr="False" short_fragm="False" ssrr="False" ts="False" name="ESP" comment="IPSEC Encapsulating Security Payload Protocol" ro="False"/>
|
||||
<IPService id="ip-RR" fragm="False" lsrr="False" protocol_num="0" rr="True" short_fragm="False" ssrr="False" ts="False" name="RR" comment="Route recording packets" ro="False"/>
|
||||
<IPService id="ip-SRR" fragm="False" lsrr="True" protocol_num="0" rr="False" short_fragm="False" ssrr="True" ts="False" name="SRR" comment="All sorts of Source Routing Packets" ro="False"/>
|
||||
<IPService id="ip-IP_Fragments" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="True" ssrr="False" ts="False" name="ip_fragments" comment="'Short' fragments" ro="False"/>
|
||||
<IPService id="id3D703C8E" fragm="False" lsrr="False" protocol_num="57" rr="False" short_fragm="False" ssrr="False" ts="False" name="SKIP" comment="IPSEC Simple Key Management for Internet Protocols" ro="False"/>
|
||||
<IPService id="id3D703C8F" fragm="False" lsrr="False" protocol_num="47" rr="False" short_fragm="False" ssrr="False" ts="False" name="GRE" comment="Generic Routing Encapsulation " ro="False"/>
|
||||
<IPService id="id3D703C95" fragm="False" lsrr="False" protocol_num="112" rr="False" short_fragm="False" ssrr="False" ts="False" name="vrrp" comment="Virtual Router Redundancy Protocol" ro="False"/>
|
||||
<IPService id="ip-IGMP" fragm="False" lsrr="False" protocol_num="2" rr="False" rtralt="True" rtralt_value="0" short_fragm="False" ssrr="False" ts="False" name="IGMP" comment="Internet Group Management Protocol, Version 3, RFC 3376" ro="False"/>
|
||||
<IPService id="ip-PIM" fragm="False" lsrr="False" protocol_num="103" rr="False" rtralt="False" rtralt_value="0" short_fragm="False" ssrr="False" ts="False" name="PIM" comment="Protocol Independent Multicast - Dense Mode (PIM-DM), RFC 3973, or Protocol Independent Multicast-Sparse Mode (PIM-SM) RFC 2362" ro="False"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid09" name="TCP" comment="" ro="False">
|
||||
<TCPService id="tcp-ALL_TCP_Masqueraded" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ALL TCP Masqueraded" comment="ipchains used to use this range of port numbers for masquerading. " ro="False" src_range_start="61000" src_range_end="65095" dst_range_start="0" dst_range_end="0"/>
|
||||
<TCPService id="id3D703C94" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="AOL" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5190" dst_range_end="5190"/>
|
||||
<TCPService id="tcp-All_TCP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="All TCP" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
|
||||
<TCPService id="id3CB131C4" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Citrix-ICA" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1494" dst_range_end="1494"/>
|
||||
<TCPService id="id3D703C91" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Entrust-Admin" comment="Entrust CA Administration Service" ro="False" src_range_start="0" src_range_end="0" dst_range_start="709" dst_range_end="709"/>
|
||||
<TCPService id="id3D703C92" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Entrust-KeyMgmt" comment="Entrust CA Key Management Service" ro="False" src_range_start="0" src_range_end="0" dst_range_start="710" dst_range_end="710"/>
|
||||
<TCPService id="id3AEDBEAC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="H323" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1720" dst_range_end="1720"/>
|
||||
<TCPService id="id412Z18A9" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="icslap" comment="Sometimes this protocol is called icslap, but Microsoft does not call it that and just says that DSPP uses port 2869 in Windows XP SP2" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2869" dst_range_end="2869"/>
|
||||
<TCPService id="id3E7E4039" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="LDAP GC" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3268" dst_range_end="3268"/>
|
||||
<TCPService id="id3E7E403A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="LDAP GC SSL" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3269" dst_range_end="3269"/>
|
||||
<TCPService id="id3D703C83" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="OpenWindows" comment="Open Windows" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2000" dst_range_end="2000"/>
|
||||
<TCPService id="id3CB131C8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="PCAnywhere-data" comment="data channel for PCAnywhere v7.52 and later " ro="False" src_range_start="0" src_range_end="0" dst_range_start="5631" dst_range_end="5631"/>
|
||||
<TCPService id="id3D703C8B" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="Real-Audio" comment="RealNetworks PNA Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7070" dst_range_end="7070"/>
|
||||
<TCPService id="id3D703C93" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="RealSecure" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2998" dst_range_end="2998"/>
|
||||
<TCPService id="id3DC8C8BC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="SMB" comment="SMB over TCP (without NETBIOS) " ro="False" src_range_start="0" src_range_end="0" dst_range_start="445" dst_range_end="445"/>
|
||||
<TCPService id="id3D703C8D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="TACACSplus" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="49" dst_range_end="49"/>
|
||||
<TCPService id="id3D703C84" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="TCP high ports" comment="TCP high ports" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="65535"/>
|
||||
<TCPService id="id3E7E3D58" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="WINS replication" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="42" dst_range_end="42"/>
|
||||
<TCPService id="id3D703C82" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="X11" comment="X Window System" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6000" dst_range_end="6063"/>
|
||||
<TCPService id="tcp-Auth" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="auth" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="113" dst_range_end="113"/>
|
||||
<TCPService id="id3AEDBE6E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="daytime" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
|
||||
<TCPService id="tcp-DNS" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="domain" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
|
||||
<TCPService id="id3B4FEDA3" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="eklogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2105" dst_range_end="2105"/>
|
||||
<TCPService id="id3AECF774" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="finger" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="79" dst_range_end="79"/>
|
||||
<TCPService id="tcp-FTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="21" dst_range_end="21"/>
|
||||
<TCPService id="tcp-FTP_data" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp data" comment="FTP data channel. Note: FTP protocol does not really require server to use source port 20 for the data channel, but many ftp server implementations do so." ro="False" src_range_start="20" src_range_end="20" dst_range_start="1024" dst_range_end="65535"/>
|
||||
<TCPService id="id3E7553BC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ftp data passive" comment="FTP data channel for passive mode transfers " ro="False" src_range_start="0" src_range_end="0" dst_range_start="20" dst_range_end="20"/>
|
||||
<TCPService id="tcp-HTTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="http" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
|
||||
<TCPService id="id3B4FED69" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="https" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="443" dst_range_end="443"/>
|
||||
<TCPService id="id3AECF776" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="143" dst_range_end="143"/>
|
||||
<TCPService id="id3B4FED9F" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="imaps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="993" dst_range_end="993"/>
|
||||
<TCPService id="id3B4FF13C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="irc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="6667" dst_range_end="6667"/>
|
||||
<TCPService id="id3E7E3EA2" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="kerberos" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="88" dst_range_end="88"/>
|
||||
<TCPService id="id3B4FEE21" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="klogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="543" dst_range_end="543"/>
|
||||
<TCPService id="id3B4FEE23" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ksh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="544" dst_range_end="544"/>
|
||||
<TCPService id="id3AECF778" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ldap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="389" dst_range_end="389"/>
|
||||
<TCPService id="id3D703C90" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ldaps" comment="Lightweight Directory Access Protocol over TLS/SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="636" dst_range_end="636"/>
|
||||
<TCPService id="id3B4FF000" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="linuxconf" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="98" dst_range_end="98"/>
|
||||
<TCPService id="id3D703C97" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="lpr" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="515" dst_range_end="515"/>
|
||||
<TCPService id="id3DC8C8BB" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="microsoft-rpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="135" dst_range_end="135"/>
|
||||
<TCPService id="id3D703C98" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ms-sql" comment="Microsoft SQL Server" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1433" dst_range_end="1433"/>
|
||||
<TCPService id="id3B4FEEEE" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="mysql" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3306" dst_range_end="3306"/>
|
||||
<TCPService id="id3E755609" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="netbios-ssn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="139" dst_range_end="139"/>
|
||||
<TCPService id="id3B4FEE7A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2049" dst_range_end="2049"/>
|
||||
<TCPService id="tcp-NNTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="119" dst_range_end="119"/>
|
||||
<TCPService id="id3E7553BB" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nntps" comment="NNTP over SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="563" dst_range_end="563"/>
|
||||
<TCPService id="id3B4FEE1D" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="pop3" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="110" dst_range_end="110"/>
|
||||
<TCPService id="id3E7553BA" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="pop3s" comment="POP-3 over SSL" ro="False" src_range_start="0" src_range_end="0" dst_range_start="995" dst_range_end="995"/>
|
||||
<TCPService id="id3B4FF0EA" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="postgres" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5432" dst_range_end="5432"/>
|
||||
<TCPService id="id3AECF782" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="printer" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="515" dst_range_end="515"/>
|
||||
<TCPService id="id3B4FEF7C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="quake" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
|
||||
<TCPService id="id3AECF77A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rexec" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="512" dst_range_end="512"/>
|
||||
<TCPService id="id3AECF77C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rlogin" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="513" dst_range_end="513"/>
|
||||
<TCPService id="id3AECF77E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rshell" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="514" dst_range_end="514"/>
|
||||
<TCPService id="id3D703C99" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rtsp" comment="Real Time Streaming Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="554" dst_range_end="554"/>
|
||||
<TCPService id="id3B4FEF34" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rwhois" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4321" dst_range_end="4321"/>
|
||||
<TCPService id="id3D703C89" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="securidprop" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5510" dst_range_end="5510"/>
|
||||
<TCPService id="tcp-SMTP" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
|
||||
<TCPService id="id3B4FF04C" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="smtps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="465" dst_range_end="465"/>
|
||||
<TCPService id="id3B4FEE76" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="socks" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1080" dst_range_end="1080"/>
|
||||
<TCPService id="id3D703C87" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="sqlnet1" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1521" dst_range_end="1521"/>
|
||||
<TCPService id="id3B4FF09A" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="squid" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3128" dst_range_end="3128"/>
|
||||
<TCPService id="tcp-SSH" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ssh" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
|
||||
<TCPService id="id3AEDBE00" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="sunrpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
|
||||
<TCPService id="tcp-TCP-SYN" ack_flag="False" ack_flag_mask="True" fin_flag="False" fin_flag_mask="True" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True" name="tcp-syn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
|
||||
<TCPService id="tcp-Telnet" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="telnet" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="23" dst_range_end="23"/>
|
||||
<TCPService id="tcp-uucp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="uucp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="540" dst_range_end="540"/>
|
||||
<TCPService id="id3CB131C6" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="winterm" comment="Windows Terminal Services" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3389" dst_range_end="3389"/>
|
||||
<TCPService id="id3B4FF1B8" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7100" dst_range_end="7100"/>
|
||||
<TCPService id="id3C685B2B" ack_flag="True" ack_flag_mask="True" fin_flag="True" fin_flag_mask="True" psh_flag="True" psh_flag_mask="True" rst_flag="True" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="True" urg_flag_mask="True" name="xmas scan - full" comment="This service object matches TCP packet with all six flags set." ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
|
||||
<TCPService id="id4127E949" ack_flag="False" ack_flag_mask="True" fin_flag="True" fin_flag_mask="True" psh_flag="True" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="False" syn_flag_mask="True" urg_flag="True" urg_flag_mask="True" name="xmas scan" comment="This service object matches TCP packet with flags FIN, PSH and URG set and other flags cleared. This is a "christmas scan" as defined in snort rules. Nmap can generate this scan, too." ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
|
||||
<TCPService id="id4127EA72" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rsync" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="873" dst_range_end="873"/>
|
||||
<TCPService id="id4127EBAC" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="distcc" comment="distributed compiler" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3632" dst_range_end="3632"/>
|
||||
<TCPService id="id4127ECF1" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="cvspserver" comment="CVS client/server operations" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2401" dst_range_end="2401"/>
|
||||
<TCPService id="id4127ECF2" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="cvsup" comment="CVSup file transfer/John Polstra/FreeBSD" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5999" dst_range_end="5999"/>
|
||||
<TCPService id="id4127ED5E" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="afp" comment="AFP (Apple file sharing) over TCP" ro="False" src_range_start="0" src_range_end="0" dst_range_start="548" dst_range_end="548"/>
|
||||
<TCPService id="id4127EDF6" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="whois" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="43" dst_range_end="43"/>
|
||||
<TCPService id="id4127F04F" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="bgp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="179" dst_range_end="179"/>
|
||||
<TCPService id="id4127F146" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="radius" comment="Radius protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1812" dst_range_end="1812"/>
|
||||
<TCPService id="id4127F147" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="radius acct" comment="Radius Accounting" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1813" dst_range_end="1813"/>
|
||||
<TCPService id="id41291784" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="upnp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5000" dst_range_end="5000"/>
|
||||
<TCPService id="id41291785" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="upnp-5431" comment="Although UPnP specification say it should use TCP port 5000, Linksys running Sveasoft firmware listens on port 5431" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5431" dst_range_end="5431"/>
|
||||
<TCPService id="id41291787" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-java-0" comment="Java VNC viewer, display 0" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5800" dst_range_end="5800"/>
|
||||
<TCPService id="id41291788" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-0" comment="Regular VNC viewer, display 0" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5900" dst_range_end="5900"/>
|
||||
<TCPService id="id41291887" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-java-1" comment="Java VNC viewer, display 1" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5801" dst_range_end="5801"/>
|
||||
<TCPService id="id41291888" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="vnc-1" comment="Regular VNC viewer, display 1" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5901" dst_range_end="5901"/>
|
||||
<TCPService id="id463FE5FE11008" ack_flag="False" ack_flag_mask="False" established="True" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="All TCP established" comment="Some firewall platforms can match TCP packets with flags ACK or RST set; the option is usually called "established". Note that you can use this object only in the policy rules of the firewall that supports this option. If you need to match reply packets for a specific TCP service and wish to use option "established", make a copy of this object and set source port range to match the service. " ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
|
||||
<TCPService id="id1577X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="rtmp" comment="Real Time Messaging Protocol" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1935" dst_range_end="1935"/>
|
||||
<TCPService id="id1590X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-client" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920 " ro="False" src_range_start="0" src_range_end="0" dst_range_start="5222" dst_range_end="5222"/>
|
||||
<TCPService id="id1609X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-server" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920 " ro="False" src_range_start="0" src_range_end="0" dst_range_start="5269" dst_range_end="5269"/>
|
||||
<TCPService id="id1622X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-client-ssl" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920 " ro="False" src_range_start="0" src_range_end="0" dst_range_start="5223" dst_range_end="5223"/>
|
||||
<TCPService id="id1631X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="xmpp-server-ssl" comment="Extensible Messaging and Presence Protocol (XMPP) RFC3920 " ro="False" src_range_start="0" src_range_end="0" dst_range_start="5270" dst_range_end="5270"/>
|
||||
<TCPService id="id1644X28030" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="nrpe" comment="NRPE add-on for Nagios http://www.nagios.org/ " ro="False" src_range_start="0" src_range_end="0" dst_range_start="5666" dst_range_end="5666"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid08" name="UDP" comment="" ro="False">
|
||||
<UDPService id="udp-ALL_UDP_Masqueraded" name="ALL UDP Masqueraded" comment="ipchains used to use this port range for masqueraded packets" ro="False" src_range_start="61000" src_range_end="65095" dst_range_start="0" dst_range_end="0"/>
|
||||
<UDPService id="udp-All_UDP" name="All UDP" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
|
||||
<UDPService id="id3D703C96" name="ICQ" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4000" dst_range_end="4000"/>
|
||||
<UDPService id="id3CB129D2" name="IKE" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="500" dst_range_end="500"/>
|
||||
<UDPService id="id3CB131CA" name="PCAnywhere-status" comment="status channel for PCAnywhere v7.52 and later" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5632" dst_range_end="5632"/>
|
||||
<UDPService id="id3AED0D6B" name="RIP" comment="routing protocol RIP" ro="False" src_range_start="0" src_range_end="0" dst_range_start="520" dst_range_end="520"/>
|
||||
<UDPService id="id3D703C8C" name="Radius" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1645" dst_range_end="1645"/>
|
||||
<UDPService id="id3D703C85" name="UDP high ports" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="65535"/>
|
||||
<UDPService id="id3D703C86" name="Who" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="513" dst_range_end="513"/>
|
||||
<UDPService id="id3B4FEDA1" name="afs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="7000" dst_range_end="7009"/>
|
||||
<UDPService id="udp-bootpc" name="bootpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="68" dst_range_end="68"/>
|
||||
<UDPService id="udp-bootps" name="bootps" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="67" dst_range_end="67"/>
|
||||
<UDPService id="id3AEDBE70" name="daytime" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="13" dst_range_end="13"/>
|
||||
<UDPService id="udp-DNS" name="domain" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
|
||||
<UDPService id="id3D703C8A" name="interphone" comment="VocalTec Internet Phone" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22555" dst_range_end="22555"/>
|
||||
<UDPService id="id3B4FEDA5" name="kerberos" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="88" dst_range_end="88"/>
|
||||
<UDPService id="id3B4FEDA9" name="kerberos-adm" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="749" dst_range_end="750"/>
|
||||
<UDPService id="id3B4FEDA7" name="kpasswd" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="464" dst_range_end="464"/>
|
||||
<UDPService id="id3B4FEDAB" name="krb524" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="4444" dst_range_end="4444"/>
|
||||
<UDPService id="id3F865B0D" name="microsoft-rpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="135" dst_range_end="135"/>
|
||||
<UDPService id="udp-netbios-dgm" name="netbios-dgm" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="138" dst_range_end="138"/>
|
||||
<UDPService id="udp-netbios-ns" name="netbios-ns" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="137" dst_range_end="137"/>
|
||||
<UDPService id="udp-netbios-ssn" name="netbios-ssn" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="139" dst_range_end="139"/>
|
||||
<UDPService id="id3B4FEE78" name="nfs" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2049" dst_range_end="2049"/>
|
||||
<UDPService id="udp-ntp" name="ntp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="123" dst_range_end="123"/>
|
||||
<UDPService id="id3B4FEF7E" name="quake" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
|
||||
<UDPService id="id3D703C88" name="secureid-udp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1024" dst_range_end="1024"/>
|
||||
<UDPService id="udp-SNMP" name="snmp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="161" dst_range_end="161"/>
|
||||
<UDPService id="id3AED0D69" name="snmp-trap" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="162" dst_range_end="162"/>
|
||||
<UDPService id="id3AEDBE19" name="sunrpc" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="111" dst_range_end="111"/>
|
||||
<UDPService id="id3AECF780" name="syslog" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="514" dst_range_end="514"/>
|
||||
<UDPService id="id3AED0D67" name="tftp" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="69" dst_range_end="69"/>
|
||||
<UDPService id="id3AED0D8C" name="traceroute" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="33434" dst_range_end="33524"/>
|
||||
<UDPService id="id4127EA73" name="rsync" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="873" dst_range_end="873"/>
|
||||
<UDPService id="id41291783" name="SSDP" comment="Simple Service Discovery Protocol (used for UPnP)" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1900" dst_range_end="1900"/>
|
||||
<UDPService id="id41291883" name="OpenVPN" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1194" dst_range_end="1194"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid13" name="Custom" comment="" ro="False">
|
||||
<CustomService id="id3B64EEA8" name="rpc" comment="works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m record_rpc</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF4E" name="irc-conn" comment="IRC connection tracker, supports DCC. Works on iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/ " ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m irc</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF50" name="psd" comment="Port scan detector, works only on iptables and requires patch-o-matic For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m psd --psd-weight-threshold 5 --psd-delay-threshold 10000</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF52" name="string" comment="Matches a string in a whole packet, works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m string --string test_pattern</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
</CustomService>
|
||||
<CustomService id="id3B64EF54" name="talk" comment="Talk protocol support. Works in iptables and requires patch-o-matic. For more information look for patch-o-matic on http://www.netfilter.org/" ro="False" protocol="any" address_family="ipv4">
|
||||
<CustomServiceCommand platform="Undefined"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="iptables">-m talk</CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pf"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="pix"></CustomServiceCommand>
|
||||
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
|
||||
</CustomService>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="stdid19" name="TagServices" comment="" ro="False"/>
|
||||
<ServiceGroup id="stdid20" name="UserServices" comment="" ro="False"/>
|
||||
</ServiceGroup>
|
||||
<ObjectGroup id="stdid12" name="Firewalls" comment="" ro="False"/>
|
||||
<ObjectGroup id="stdid21" name="Clusters" comment="" ro="False"/>
|
||||
<IntervalGroup id="stdid11" name="Time" comment="" ro="False">
|
||||
<Interval id="int-workhours" days_of_week="1,2,3,4,5" from_day="-1" from_hour="9" from_minute="0" from_month="-1" from_weekday="1" from_year="-1" to_day="-1" to_hour="17" to_minute="0" to_month="-1" to_weekday="5" to_year="-1" name="workhours" comment="any day, 9:00am through 5:00pm" ro="False"/>
|
||||
<Interval id="int-weekends" days_of_week="6,0" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="6" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="0" to_year="-1" name="weekends" comment="weekends: Saturday 0:00 through Sunday 23:59 " ro="False"/>
|
||||
<Interval id="int-afterhours" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="18" from_minute="0" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="-1" to_year="-1" name="afterhours" comment="any day 6:00pm - 12:00am" ro="False"/>
|
||||
<Interval id="id3C63479C" days_of_week="6" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="6" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="6" to_year="-1" name="Sat" comment="" ro="False"/>
|
||||
<Interval id="id3C63479E" days_of_week="0" from_day="-1" from_hour="0" from_minute="0" from_month="-1" from_weekday="0" from_year="-1" to_day="-1" to_hour="23" to_minute="59" to_month="-1" to_weekday="0" to_year="-1" name="Sun" comment="" ro="False"/>
|
||||
</IntervalGroup>
|
||||
</Library>
|
||||
<Library id="sysid99" name="Deleted Objects" comment="" ro="False"/>
|
||||
<Library id="id0" name="User" comment="" ro="False">
|
||||
<ObjectGroup id="id1" name="Objects" comment="" ro="False">
|
||||
<ObjectGroup id="id2" name="Addresses" comment="" ro="False">
|
||||
<IPv4 id="id3" name="h-192.168.1.1" comment="Created during import of line 2" ro="False" address="192.168.1.1" netmask="255.255.255.255"/>
|
||||
<IPv4 id="id4" name="h-192.168.1.2" comment="Created during import of line 2" ro="False" address="192.168.1.2" netmask="255.255.255.255"/>
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="id5" name="DNS Names" comment="" ro="False">
|
||||
<DNSName id="id6" dnsrec="www.fwbuilder.org" dnsrectype="A" run_time="True" name="www.fwbuilder.org" comment="" ro="False"/>
|
||||
<DNSName id="id7" dnsrec="www.netcitadel.com" dnsrectype="A" run_time="True" name="www.netcitadel.com" comment="" ro="False"/>
|
||||
<DNSName id="id8" dnsrec="ipv6.fwbuilder.org" dnsrectype="A" run_time="True" name="ipv6.fwbuilder.org" comment="" ro="False"/>
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="id9" name="Address Tables" comment="" ro="False"/>
|
||||
<ObjectGroup id="id10" name="Groups" comment="" ro="False">
|
||||
<ObjectGroup id="id11" name="dst_addresses_1" comment="Created during import of line 2" ro="False">
|
||||
<ObjectRef ref="id3"/>
|
||||
<ObjectRef ref="id4"/>
|
||||
<ObjectRef ref="id26"/>
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="id15" name="dst_addresses_2" comment="Created during import of line 3" ro="False">
|
||||
<ObjectRef ref="id387"/>
|
||||
<ObjectRef ref="id388"/>
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="id18" name="dst_addresses_3" comment="Created during import of line 4" ro="False">
|
||||
<ObjectRef ref="id387"/>
|
||||
<ObjectRef ref="id387"/>
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="id21" name="dst_addresses_4" comment="Created during import of line 5" ro="False">
|
||||
<ObjectRef ref="id6"/>
|
||||
<ObjectRef ref="id7"/>
|
||||
</ObjectGroup>
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="id24" name="Hosts" comment="" ro="False"/>
|
||||
<ObjectGroup id="id25" name="Networks" comment="" ro="False">
|
||||
<Network id="id26" name="net-192.168.2.0/255.255.255.0" comment="Created during import of line 2" ro="False" address="192.168.2.0" netmask="255.255.255.0"/>
|
||||
<Network id="id27" name="net-192.168.1.0/255.255.255.0" comment="Created during import of line 14" ro="False" address="192.168.1.0" netmask="255.255.255.0"/>
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="id28" name="Address Ranges" comment="" ro="False"/>
|
||||
</ObjectGroup>
|
||||
<ServiceGroup id="id29" name="Services" comment="" ro="False">
|
||||
<ServiceGroup id="id30" name="Groups" comment="" ro="False"/>
|
||||
<ServiceGroup id="id31" name="ICMP" comment="" ro="False"/>
|
||||
<ServiceGroup id="id32" name="IP" comment="" ro="False"/>
|
||||
<ServiceGroup id="id33" name="TCP" comment="" ro="False">
|
||||
<TCPService id="id34" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 80:80" comment="Created during import of line 15" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
|
||||
<TCPService id="id35" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of line 18" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
|
||||
<TCPService id="id36" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 80:80 / 0:0" comment="Created during import of line 29" ro="False" src_range_start="80" src_range_end="80" dst_range_start="0" dst_range_end="0"/>
|
||||
<TCPService id="id37" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 22:22 / 0:0" comment="Created during import of line 32" ro="False" src_range_start="22" src_range_end="22" dst_range_start="0" dst_range_end="0"/>
|
||||
</ServiceGroup>
|
||||
<ServiceGroup id="id38" name="UDP" comment="" ro="False"/>
|
||||
<ServiceGroup id="id39" name="Users" comment="" ro="False"/>
|
||||
<ServiceGroup id="id40" name="Custom" comment="" ro="False"/>
|
||||
<ServiceGroup id="id41" name="TagServices" comment="" ro="False"/>
|
||||
</ServiceGroup>
|
||||
<ObjectGroup id="id42" name="Firewalls" comment="" ro="False">
|
||||
<Firewall id="id43" host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pf" name="test_fw" comment="Created during import of line 3" ro="False">
|
||||
<NAT id="id383" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<RuleSetOptions/>
|
||||
</NAT>
|
||||
<Policy id="id45" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<PolicyRule id="id47" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Created during import of line 8">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id389"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id43"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id59" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Created during import of line 9 import of 'interface:broadcast' is not supported.">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id43"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="color">#C86E6E</Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id71" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Created during import of line 10 import of 'interface:peer' is not supported.">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id387"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id43"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="color">#C86E6E</Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id83" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Created during import of line 11 import of 'interface:0' is not supported.">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id387"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id43"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="color">#C86E6E</Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id95" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Created during import of line 13">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id3"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id107" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Created during import of line 14">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id27"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id119" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Created during import of line 15">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id387"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="id34"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id131" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Created during import of line 16">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id387"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="id34"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id143" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Created during import of line 17">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id6"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="id34"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id155" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Created during import of line 18">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id43"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="id35"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id167" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Created during import of line 19">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id11"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id179" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Created during import of line 20">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id15"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id191" disabled="False" group="" log="False" position="12" action="Accept" direction="Inbound" comment="Created during import of line 21">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id18"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id203" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Created during import of line 22">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id21"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id215" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Created during import of line 24 IPv6 import is not supported. ">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="color">#C86E6E</Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id227" disabled="False" group="" log="False" position="15" action="Accept" direction="Inbound" comment="Created during import of line 25">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="id8"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id239" disabled="False" group="" log="False" position="16" action="Accept" direction="Inbound" comment="Created during import of line 27">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id3"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id251" disabled="False" group="" log="False" position="17" action="Accept" direction="Inbound" comment="Created during import of line 28">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id27"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id263" disabled="False" group="" log="False" position="18" action="Accept" direction="Inbound" comment="Created during import of line 29">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id387"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="id36"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id275" disabled="False" group="" log="False" position="19" action="Accept" direction="Inbound" comment="Created during import of line 30">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id387"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="id36"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id287" disabled="False" group="" log="False" position="20" action="Accept" direction="Inbound" comment="Created during import of line 31">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id6"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="id36"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id299" disabled="False" group="" log="False" position="21" action="Accept" direction="Inbound" comment="Created during import of line 32">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id43"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="id37"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id311" disabled="False" group="" log="False" position="22" action="Accept" direction="Inbound" comment="Created during import of line 33">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id11"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id323" disabled="False" group="" log="False" position="23" action="Accept" direction="Inbound" comment="Created during import of line 34">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id15"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id335" disabled="False" group="" log="False" position="24" action="Accept" direction="Inbound" comment="Created during import of line 35">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id18"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id347" disabled="False" group="" log="False" position="25" action="Accept" direction="Inbound" comment="Created during import of line 36">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id21"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id359" disabled="False" group="" log="False" position="26" action="Accept" direction="Inbound" comment="Created during import of line 38 IPv6 import is not supported. ">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="color">#C86E6E</Option>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<PolicyRule id="id371" disabled="False" group="" log="False" position="27" action="Accept" direction="Inbound" comment="Created during import of line 39">
|
||||
<Src neg="False">
|
||||
<ObjectRef ref="id8"/>
|
||||
</Src>
|
||||
<Dst neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Dst>
|
||||
<Srv neg="False">
|
||||
<ServiceRef ref="sysid1"/>
|
||||
</Srv>
|
||||
<Itf neg="False">
|
||||
<ObjectRef ref="sysid0"/>
|
||||
</Itf>
|
||||
<When neg="False">
|
||||
<IntervalRef ref="sysid2"/>
|
||||
</When>
|
||||
<PolicyRuleOptions>
|
||||
<Option name="stateless">True</Option>
|
||||
</PolicyRuleOptions>
|
||||
</PolicyRule>
|
||||
<RuleSetOptions/>
|
||||
</Policy>
|
||||
<Routing id="id385" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
|
||||
<RuleSetOptions/>
|
||||
</Routing>
|
||||
<Interface id="id387" dedicated_failover="False" dyn="True" security_level="0" unnum="False" unprotected="False" name="pcn0" comment="Created during import of line 3" ro="False">
|
||||
<InterfaceOptions/>
|
||||
<AttachedNetworks id="id388" name="pcn0-net" comment="" ro="False"/>
|
||||
</Interface>
|
||||
<FirewallOptions>
|
||||
<Option name="check_shading">true</Option>
|
||||
<Option name="configure_interfaces">true</Option>
|
||||
<Option name="firewall_dir">/etc</Option>
|
||||
<Option name="freebsd_ip_forward">1</Option>
|
||||
<Option name="in_out_code">true</Option>
|
||||
<Option name="log_prefix">RULE %N -- %A </Option>
|
||||
<Option name="loopback_interface">lo0</Option>
|
||||
<Option name="manage_virtual_addr">true</Option>
|
||||
<Option name="pass_all_out">false</Option>
|
||||
<Option name="pf_limit_frags">5000</Option>
|
||||
<Option name="pf_limit_states">10000</Option>
|
||||
<Option name="pf_scrub_maxmss">1460</Option>
|
||||
<Option name="pf_timeout_frag">30</Option>
|
||||
<Option name="pf_timeout_interval">10</Option>
|
||||
</FirewallOptions>
|
||||
</Firewall>
|
||||
</ObjectGroup>
|
||||
<ObjectGroup id="id391" name="Clusters" comment="" ro="False"/>
|
||||
<IntervalGroup id="id392" name="Time" comment="" ro="False"/>
|
||||
</Library>
|
||||
</FWObjectDatabase>
|
||||
@ -0,0 +1,34 @@
|
||||
3: New interface: pcn0
|
||||
8: filtering rule: action pass; interfaces:
|
||||
9: filtering rule: action pass; interfaces:
|
||||
9: Error: import of 'interface:broadcast' is not supported.
|
||||
10: filtering rule: action pass; interfaces:
|
||||
10: Error: import of 'interface:peer' is not supported.
|
||||
11: filtering rule: action pass; interfaces:
|
||||
11: Error: import of 'interface:0' is not supported.
|
||||
13: filtering rule: action pass; interfaces:
|
||||
14: filtering rule: action pass; interfaces:
|
||||
15: filtering rule: action pass; interfaces:
|
||||
16: filtering rule: action pass; interfaces:
|
||||
17: filtering rule: action pass; interfaces:
|
||||
18: filtering rule: action pass; interfaces:
|
||||
19: filtering rule: action pass; interfaces:
|
||||
20: filtering rule: action pass; interfaces:
|
||||
21: filtering rule: action pass; interfaces:
|
||||
22: filtering rule: action pass; interfaces:
|
||||
24: filtering rule: action pass; interfaces:
|
||||
24: Error: IPv6 import is not supported.
|
||||
25: filtering rule: action pass; interfaces:
|
||||
27: filtering rule: action pass; interfaces:
|
||||
28: filtering rule: action pass; interfaces:
|
||||
29: filtering rule: action pass; interfaces:
|
||||
30: filtering rule: action pass; interfaces:
|
||||
31: filtering rule: action pass; interfaces:
|
||||
32: filtering rule: action pass; interfaces:
|
||||
33: filtering rule: action pass; interfaces:
|
||||
34: filtering rule: action pass; interfaces:
|
||||
35: filtering rule: action pass; interfaces:
|
||||
36: filtering rule: action pass; interfaces:
|
||||
38: filtering rule: action pass; interfaces:
|
||||
38: Error: IPv6 import is not supported.
|
||||
39: filtering rule: action pass; interfaces:
|
||||
Loading…
x
Reference in New Issue
Block a user