see #1981 ASA / FWSM Policy - Generate warning message if rule will not generate config data

2026-03-24 20:27:22 +01:00 · 2011-01-24 11:53:22 -08:00 · 2011-01-24 11:53:22 -08:00 · 5961400eb4
commit 5961400eb4
parent 7599a975f2
39 changed files with 173 additions and 87 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,9 @@
+2011-01-24  Vadim Kurland  <vadim@netcitadel.com>
+
+	* PolicyCompiler_pix_v6_acls.cpp (processNext): see #1981 "ASA /
+	FWSM Policy - Generate warning message if rule will not generate
+	config data"
+
 2011-01-22  vadim  <vadim@netcitadel.com>

 	* ObjectManipulator.cpp (contextMenuRequested): context menu item
--- a/src/cisco_lib/PolicyCompiler_pix_v6_acls.cpp
+++ b/src/cisco_lib/PolicyCompiler_pix_v6_acls.cpp
@ -60,6 +60,9 @@

 #include <assert.h>

+#include <QString>
+
+
 using namespace libfwbuilder;
 using namespace fwcompiler;
 using namespace std;
@ -172,15 +175,15 @@ bool PolicyCompiler_pix::SplitDirection_v6::processNext()
 bool PolicyCompiler_pix::EmulateOutboundACL_v6::processNext()
 {
    Helper helper(compiler);
-    PolicyRule *rule=getNext(); if (rule==NULL) return false;
+    PolicyRule *rule = getNext(); if (rule==NULL) return false;
    FWObject *rule_iface = compiler->dbcopy->findInIndex(rule->getInterfaceId());

    if (rule->getDirection()==PolicyRule::Outbound && rule_iface!=NULL)
    {
        if ( compiler->fw->getOptionsObject()->getBool("pix_emulate_out_acl") )
        {
-            RuleElementSrc *src=rule->getSrc();    assert(src);
-            RuleElementDst *dst=rule->getDst();    assert(dst);
+            RuleElementSrc *src = rule->getSrc();    assert(src);
+            RuleElementDst *dst = rule->getDst();    assert(dst);

            try
            {
@ -195,6 +198,11 @@ bool PolicyCompiler_pix::EmulateOutboundACL_v6::processNext()
 */
                    if (iface1_id==rule->getInterfaceId())
                    {
+                        compiler->warning(rule, 
+                            "Rule with direction 'Outbound' was suppressed "
+                            "because generation of outbound access lists "
+                            "is turned off in firewall object settings"
+                        );
                        return true;
                    }

@ -235,10 +243,9 @@ bool PolicyCompiler_pix::EmulateOutboundACL_v6::processNext()
            }
        } else
            compiler->abort(
-                
-                    rule, 
-                    "Outbound ACLs are not supported and emulation is "
-                    "not activated");
+                rule, 
+                "Outbound ACLs are not supported and emulation is "
+                "not activated");
    } else 
        tmp_queue.push_back(rule);

--- a/test/pix/cluster1-1_pix1.fw.orig
+++ b/test/pix/cluster1-1_pix1.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:06:04 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:34 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
--- a/test/pix/cluster1-1_pix2.fw.orig
+++ b/test/pix/cluster1-1_pix2.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:06:04 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:34 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
--- a/test/pix/cluster1_pix1.fw.orig
+++ b/test/pix/cluster1_pix1.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:06:04 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:34 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
--- a/test/pix/cluster1_pix2.fw.orig
+++ b/test/pix/cluster1_pix2.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:06:04 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:34 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
--- a/test/pix/firewall.fw.orig
+++ b/test/pix/firewall.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:46 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:18 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
@ -171,6 +171,7 @@
 ! C firewall:Policy:0: error: Rule '0 (global)' shadows rule '24 (global)'  below it
 ! C firewall:Policy:0: error: Rule '0 (global)' shadows rule '24 (global)'  below it
 ! C firewall:Policy:0: error: Rule '0 (global)' shadows rule '25 (global)'  below it
+! C firewall:Policy:3: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
 ! C firewall:Policy:13: warning: MAC address matching is not supported. One or several MAC addresses removed from source in the rule

 ! N firewall:NAT:6: warning: Original destination is ignored in 'nat' NAT rules when compiling for PIX v6.2 and earlier.
--- a/test/pix/firewall1.fw.orig
+++ b/test/pix/firewall1.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:46 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:17 2011 PST by vadim
 !
 ! Compiled for pix 6.1
 ! Outbound ACLs: not supported
--- a/test/pix/firewall10.fw.orig
+++ b/test/pix/firewall10.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:47 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:17 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
@ -15,7 +15,7 @@
 !
 ! big policy. Testing compiler performance

-
+! C firewall10:Policy:3: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings

 !
 ! Prolog script:
--- a/test/pix/firewall11.fw.orig
+++ b/test/pix/firewall11.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:47 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:17 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
--- a/test/pix/firewall12.fw.orig
+++ b/test/pix/firewall12.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:48 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:19 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall13.fw.orig
+++ b/test/pix/firewall13.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:48 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:19 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall14.fw.orig
+++ b/test/pix/firewall14.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:49 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:20 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall2.fw.orig
+++ b/test/pix/firewall2.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:50 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:20 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
@ -15,7 +15,7 @@
 !
 ! lots of different combinations of objects in the NAT rules

-
+! C firewall2:Policy:1: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings

 !
 ! Prolog script:
--- a/test/pix/firewall20.fw.orig
+++ b/test/pix/firewall20.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:50 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:21 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
@ -16,7 +16,10 @@
 ! testing outbound ACLs
 ! v6.3, emulation of outbound ACLs is on

-
+! C firewall20:Policy:5: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
+! C firewall20:Policy:7: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
+! C firewall20:Policy:7: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
+! C firewall20:Policy:7: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings

 !
 ! Prolog script:
--- a/test/pix/firewall21-1.fw.orig
+++ b/test/pix/firewall21-1.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:51 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:22 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
@ -19,7 +19,12 @@

 ! v6.3, outbound ACLs are not supported

-
+! C firewall21-1:Policy:12: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
+! C firewall21-1:Policy:14: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
+! C firewall21-1:Policy:18: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
+! C firewall21-1:Policy:20: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
+! C firewall21-1:Policy:20: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
+! C firewall21-1:Policy:20: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings

 !
 ! Prolog script:
--- a/test/pix/firewall21.fw.orig
+++ b/test/pix/firewall21.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:51 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:21 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
@ -19,7 +19,12 @@

 ! option 'generate outbound acls' is OFF

-
+! C firewall21:Policy:12: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
+! C firewall21:Policy:14: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
+! C firewall21:Policy:18: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
+! C firewall21:Policy:20: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
+! C firewall21:Policy:20: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
+! C firewall21:Policy:20: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings

 !
 ! Prolog script:
--- a/test/pix/firewall22.fw.orig
+++ b/test/pix/firewall22.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:52 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:22 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
--- a/test/pix/firewall3.fw.orig
+++ b/test/pix/firewall3.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:52 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:23 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
--- a/test/pix/firewall33.fw.orig
+++ b/test/pix/firewall33.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:53 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:24 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall34.fw.orig
+++ b/test/pix/firewall34.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:53 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:24 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
@ -74,6 +74,61 @@ object-group network id16988X10208.dst.net.0
 exit

 object-group network id4390C25825682.dst.net.0
+  network-object 58.33.181.83 255.255.255.255 
+  network-object 58.53.82.190 255.255.255.255 
+  network-object 58.231.13.78 255.255.255.255 
+  network-object host 61.150.47.112 
+  network-object 61.184.14.102 255.255.255.255 
+  network-object 64.106.85.186 255.255.255.255 
+  network-object 70.228.60.100 255.255.255.255 
+  network-object 80.51.236.6 255.255.255.255 
+  network-object 80.243.72.149 255.255.255.255 
+  network-object 80.249.77.34 255.255.255.255 
+  network-object 81.2.36.254 255.255.255.255 
+  network-object 81.196.74.125 255.255.255.255 
+  network-object 82.77.37.174 255.255.255.255 
+  network-object 82.117.221.205 255.255.255.255 
+  network-object 82.143.196.17 255.255.255.255 
+  network-object 84.90.8.198 255.255.255.255 
+  network-object 151.8.224.178 255.255.255.255 
+  network-object 168.156.76.20 255.255.255.255 
+  network-object 193.207.126.36 255.255.255.255 
+  network-object 195.136.186.35 255.255.255.255 
+  network-object 196.15.136.15 255.255.255.255 
+  network-object 201.10.180.138 255.255.255.255 
+  network-object 201.17.93.16 255.255.255.255 
+  network-object 201.36.156.121 255.255.255.255 
+  network-object 202.96.112.93 255.255.255.255 
+  network-object 202.103.25.253 255.255.255.255 
+  network-object 203.162.3.209 255.255.255.255 
+  network-object 203.209.124.144 255.255.255.255 
+  network-object 210.106.193.237 255.255.255.255 
+  network-object 210.222.114.102 255.255.255.255 
+  network-object 211.144.143.143 255.255.255.255 
+  network-object 211.172.218.237 255.255.255.255 
+  network-object 211.250.16.132 255.255.255.255 
+  network-object 212.21.241.31 255.255.255.255 
+  network-object 212.100.212.100 255.255.255.255 
+  network-object 218.18.72.252 255.255.255.255 
+  network-object 218.39.114.122 255.255.255.255 
+  network-object 218.55.115.43 255.255.255.255 
+  network-object 218.104.138.146 255.255.255.255 
+  network-object 219.132.104.160 255.255.255.255 
+  network-object 220.71.17.86 255.255.255.255 
+  network-object 220.81.50.105 255.255.255.255 
+  network-object 220.91.99.46 255.255.255.255 
+  network-object 221.14.249.242 255.255.255.255 
+  network-object 221.166.177.135 255.255.255.255 
+  network-object 221.198.33.38 255.255.255.255 
+  network-object 221.202.160.233 255.255.255.255 
+  network-object 221.205.54.125 255.255.255.255 
+  network-object 221.217.44.248 255.255.255.255 
+  network-object 222.100.212.223 255.255.255.255 
+  network-object 222.121.118.144 255.255.255.255 
+  network-object 222.174.113.2 255.255.255.255 
+exit
+
+object-group network id4388CFF8674.src.net.0
  network-object 58.33.181.83 255.255.255.255 
  network-object 58.53.82.190 255.255.255.255 
  network-object 58.231.13.78 255.255.255.255 
@ -159,7 +214,7 @@ access-list outside_acl_in deny   tcp any object-group id4390C25825682.dst.net.0
 access-list inside_acl_in deny   tcp any object-group id4390C25825682.dst.net.0 eq 25 
 ! 
 ! Rule  5 (global)
-access-list outside_acl_in deny   ip object-group id4390C25825682.dst.net.0 any log 6 interval 300
+access-list outside_acl_in deny   ip object-group id4388CFF8674.src.net.0 any log 6 interval 300
 ! 
 ! Rule  6 (global)
 access-list outside_acl_in deny   ip object-group id4390C25825682.dst.net.0 any log 6 interval 300
--- a/test/pix/firewall4.fw.orig
+++ b/test/pix/firewall4.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:54 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:24 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
--- a/test/pix/firewall50.fw.orig
+++ b/test/pix/firewall50.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:54 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:25 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
@ -15,6 +15,8 @@
 !
 ! this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule. PIX 7.0

+! C firewall50:Policy:3: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
+! C firewall50:Policy:9: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
 ! C firewall50:Policy:15: warning: MAC address matching is not supported. One or several MAC addresses removed from source in the rule
 ! C firewall50:Policy:29: error: PIX does not support checking for IP options in ACLs.

--- a/test/pix/firewall6.fw.orig
+++ b/test/pix/firewall6.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:55 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:26 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
--- a/test/pix/firewall8.fw.orig
+++ b/test/pix/firewall8.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:56 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:26 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
--- a/test/pix/firewall80.fw.orig
+++ b/test/pix/firewall80.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:56 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:27 2011 PST by vadim
 !
 ! Compiled for pix 8.2
 ! Outbound ACLs: supported
--- a/test/pix/firewall81.fw.orig
+++ b/test/pix/firewall81.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:57 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:27 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
--- a/test/pix/firewall82.fw.orig
+++ b/test/pix/firewall82.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:57 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:28 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
--- a/test/pix/firewall83.fw.orig
+++ b/test/pix/firewall83.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:57 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:28 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
--- a/test/pix/firewall9.fw.orig
+++ b/test/pix/firewall9.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:58 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:29 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
--- a/test/pix/firewall90.fw.orig
+++ b/test/pix/firewall90.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:58 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:29 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
--- a/test/pix/firewall91.fw.orig
+++ b/test/pix/firewall91.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:59 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:30 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
--- a/test/pix/firewall92.fw.orig
+++ b/test/pix/firewall92.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:05:59 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:30 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
--- a/test/pix/firewall93.fw.orig
+++ b/test/pix/firewall93.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:06:00 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:30 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
--- a/test/pix/firewall94.fw.orig
+++ b/test/pix/firewall94.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:06:00 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:31 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
--- a/test/pix/fwsm1.fw.orig
+++ b/test/pix/fwsm1.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:06:01 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:32 2011 PST by vadim
 !
 ! Compiled for fwsm 2.3
 ! Outbound ACLs: supported
@ -15,6 +15,7 @@
 !

 ! C fwsm1:Policy:18: error: Rule '18 (global)' shadows rule '20 (global)'  below it
+! C fwsm1:Policy:3: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
 ! C fwsm1:Policy:13: warning: MAC address matching is not supported. One or several MAC addresses removed from source in the rule

 !
--- a/test/pix/fwsm2.fw.orig
+++ b/test/pix/fwsm2.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:06:01 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:32 2011 PST by vadim
 !
 ! Compiled for fwsm 4.x
 ! Outbound ACLs: supported
@ -15,6 +15,7 @@
 !

 ! C fwsm2:Policy:18: error: Rule '18 (global)' shadows rule '20 (global)'  below it
+! C fwsm2:Policy:3: warning: Rule with direction 'Outbound' was suppressed because generation of outbound access lists is turned off in firewall object settings
 ! C fwsm2:Policy:13: warning: MAC address matching is not supported. One or several MAC addresses removed from source in the rule

 !
--- a/test/pix/pix515.fw.orig
+++ b/test/pix/pix515.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:06:02 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:33 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
--- a/test/pix/real.fw.orig
+++ b/test/pix/real.fw.orig
@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3441
+!  Firewall Builder  fwb_pix v4.2.0.3445
 !
-!  Generated Sat Jan 22 10:06:02 2011 PST by vadim
+!  Generated Mon Jan 24 11:52:34 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported