diff --git a/doc/ChangeLog b/doc/ChangeLog index 18fafed33..5d8337f95 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,13 @@ 2011-01-10 vadim + * Helper.cpp (findInterfaceByNetzone): fixed #1906 "ASA NAT - + Address objects are not properly identified by network zone and + have the wrong real interface". The problem should have affected + both "old" (PIX 6 and 7) and "new" (ASA 8.3) configuration. When + an Address object was used in Original Source of a NAT rule, + compiler used wrong interface in the (interfac1,interface2) pair + in "nat" command. + * CompilerDriver_pix_run.cpp (run): fixed #1905 "fwbuilder crash when compiling a rule with hosts folder as destination". Compiler issues a warning when an empty group object is used in a rule, but diff --git a/src/cisco_lib/Helper.cpp b/src/cisco_lib/Helper.cpp index 2f62eb647..543e85059 100644 --- a/src/cisco_lib/Helper.cpp +++ b/src/cisco_lib/Helper.cpp @@ -198,7 +198,12 @@ int Helper::findInterfaceByAddress(const InetAddr *addr, int Helper::findInterfaceByNetzone(Address *obj) { - return findInterfaceByNetzone(obj->getAddressPtr(), obj->getNetmaskPtr()); + if (IPv4::isA(obj)) + { + InetAddr host_netmask("255.255.255.255"); + return findInterfaceByNetzone(obj->getAddressPtr(), &host_netmask); + } else + return findInterfaceByNetzone(obj->getAddressPtr(), obj->getNetmaskPtr()); } /** diff --git a/test/pix/cluster1-1_pix1.fw.orig b/test/pix/cluster1-1_pix1.fw.orig index 18c04b427..fc58d25b8 100755 --- a/test/pix/cluster1-1_pix1.fw.orig +++ b/test/pix/cluster1-1_pix1.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:37:02 2011 PST by vadim +! Generated Mon Jan 10 17:14:56 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/cluster1-1_pix2.fw.orig b/test/pix/cluster1-1_pix2.fw.orig index 1e485c6c8..2cafb5450 100755 --- a/test/pix/cluster1-1_pix2.fw.orig +++ b/test/pix/cluster1-1_pix2.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:37:02 2011 PST by vadim +! Generated Mon Jan 10 17:14:56 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/cluster1_pix1.fw.orig b/test/pix/cluster1_pix1.fw.orig index 7499ec875..33abc29dd 100755 --- a/test/pix/cluster1_pix1.fw.orig +++ b/test/pix/cluster1_pix1.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:37:01 2011 PST by vadim +! Generated Mon Jan 10 17:14:56 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/cluster1_pix2.fw.orig b/test/pix/cluster1_pix2.fw.orig index 06603cbf6..ac32ea9d8 100755 --- a/test/pix/cluster1_pix2.fw.orig +++ b/test/pix/cluster1_pix2.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:37:02 2011 PST by vadim +! Generated Mon Jan 10 17:14:56 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/firewall.fw.orig b/test/pix/firewall.fw.orig index 331b63708..28b09ad3f 100755 --- a/test/pix/firewall.fw.orig +++ b/test/pix/firewall.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:38 2011 PST by vadim +! Generated Mon Jan 10 17:14:33 2011 PST by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall1.fw.orig b/test/pix/firewall1.fw.orig index 36f84758f..e50f20aed 100755 --- a/test/pix/firewall1.fw.orig +++ b/test/pix/firewall1.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:39 2011 PST by vadim +! Generated Mon Jan 10 17:14:33 2011 PST by vadim ! ! Compiled for pix 6.1 ! Outbound ACLs: not supported diff --git a/test/pix/firewall10.fw.orig b/test/pix/firewall10.fw.orig index 0e8fb3a09..3eb3c0e9a 100755 --- a/test/pix/firewall10.fw.orig +++ b/test/pix/firewall10.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:40 2011 PST by vadim +! Generated Mon Jan 10 17:14:34 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall11.fw.orig b/test/pix/firewall11.fw.orig index ea962029d..61ebee071 100755 --- a/test/pix/firewall11.fw.orig +++ b/test/pix/firewall11.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:40 2011 PST by vadim +! Generated Mon Jan 10 17:14:35 2011 PST by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall12.fw.orig b/test/pix/firewall12.fw.orig index 7b7641df2..02852ea01 100755 --- a/test/pix/firewall12.fw.orig +++ b/test/pix/firewall12.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:41 2011 PST by vadim +! Generated Mon Jan 10 17:14:35 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall13.fw.orig b/test/pix/firewall13.fw.orig index 93b0eb248..fece0039f 100755 --- a/test/pix/firewall13.fw.orig +++ b/test/pix/firewall13.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:42 2011 PST by vadim +! Generated Mon Jan 10 17:14:36 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall14.fw.orig b/test/pix/firewall14.fw.orig index 08ca9d786..b0c4bc9d7 100755 --- a/test/pix/firewall14.fw.orig +++ b/test/pix/firewall14.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:42 2011 PST by vadim +! Generated Mon Jan 10 17:14:37 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall2.fw.orig b/test/pix/firewall2.fw.orig index b5cd8ddb4..e18c8d297 100755 --- a/test/pix/firewall2.fw.orig +++ b/test/pix/firewall2.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:43 2011 PST by vadim +! Generated Mon Jan 10 17:14:37 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall20.fw.orig b/test/pix/firewall20.fw.orig index fc4d78c99..0b6fdefc6 100755 --- a/test/pix/firewall20.fw.orig +++ b/test/pix/firewall20.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:44 2011 PST by vadim +! Generated Mon Jan 10 17:14:38 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall21-1.fw.orig b/test/pix/firewall21-1.fw.orig index e6cea62d7..fcf1af388 100755 --- a/test/pix/firewall21-1.fw.orig +++ b/test/pix/firewall21-1.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:45 2011 PST by vadim +! Generated Mon Jan 10 17:14:39 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall21.fw.orig b/test/pix/firewall21.fw.orig index fccea11bf..4b8e60e1f 100755 --- a/test/pix/firewall21.fw.orig +++ b/test/pix/firewall21.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:44 2011 PST by vadim +! Generated Mon Jan 10 17:14:39 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/firewall22.fw.orig b/test/pix/firewall22.fw.orig index 31193b928..414d45eb5 100755 --- a/test/pix/firewall22.fw.orig +++ b/test/pix/firewall22.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:46 2011 PST by vadim +! Generated Mon Jan 10 17:14:40 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/firewall3.fw.orig b/test/pix/firewall3.fw.orig index 3679bb718..f8e4242c5 100755 --- a/test/pix/firewall3.fw.orig +++ b/test/pix/firewall3.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:46 2011 PST by vadim +! Generated Mon Jan 10 17:14:41 2011 PST by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall33.fw.orig b/test/pix/firewall33.fw.orig index 4586506ec..16d0611fe 100755 --- a/test/pix/firewall33.fw.orig +++ b/test/pix/firewall33.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:47 2011 PST by vadim +! Generated Mon Jan 10 17:14:41 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall34.fw.orig b/test/pix/firewall34.fw.orig index 16cf42ebd..baf9810ac 100755 --- a/test/pix/firewall34.fw.orig +++ b/test/pix/firewall34.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:48 2011 PST by vadim +! Generated Mon Jan 10 17:14:42 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall4.fw.orig b/test/pix/firewall4.fw.orig index a3b025d4c..f510d1b55 100755 --- a/test/pix/firewall4.fw.orig +++ b/test/pix/firewall4.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:49 2011 PST by vadim +! Generated Mon Jan 10 17:14:43 2011 PST by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall50.fw.orig b/test/pix/firewall50.fw.orig index fb0f6f475..763ea5407 100755 --- a/test/pix/firewall50.fw.orig +++ b/test/pix/firewall50.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:49 2011 PST by vadim +! Generated Mon Jan 10 17:14:44 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/firewall6.fw.orig b/test/pix/firewall6.fw.orig index a464c82b1..02a0caafb 100755 --- a/test/pix/firewall6.fw.orig +++ b/test/pix/firewall6.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:50 2011 PST by vadim +! Generated Mon Jan 10 17:14:44 2011 PST by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall8.fw.orig b/test/pix/firewall8.fw.orig index 77ef728b4..023e16b95 100755 --- a/test/pix/firewall8.fw.orig +++ b/test/pix/firewall8.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:51 2011 PST by vadim +! Generated Mon Jan 10 17:14:46 2011 PST by vadim ! ! Compiled for pix 6.2 ! Outbound ACLs: not supported diff --git a/test/pix/firewall80.fw.orig b/test/pix/firewall80.fw.orig index 7337b322b..688e7222f 100755 --- a/test/pix/firewall80.fw.orig +++ b/test/pix/firewall80.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:52 2011 PST by vadim +! Generated Mon Jan 10 17:14:46 2011 PST by vadim ! ! Compiled for pix 8.2 ! Outbound ACLs: supported diff --git a/test/pix/firewall81.fw.orig b/test/pix/firewall81.fw.orig index cec6ab402..31d75d00e 100755 --- a/test/pix/firewall81.fw.orig +++ b/test/pix/firewall81.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:52 2011 PST by vadim +! Generated Mon Jan 10 17:14:47 2011 PST by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall82.fw.orig b/test/pix/firewall82.fw.orig index 50976e88d..7d9e49366 100755 --- a/test/pix/firewall82.fw.orig +++ b/test/pix/firewall82.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:53 2011 PST by vadim +! Generated Mon Jan 10 17:14:47 2011 PST by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall83.fw.orig b/test/pix/firewall83.fw.orig index 57579c3b2..355b6b552 100755 --- a/test/pix/firewall83.fw.orig +++ b/test/pix/firewall83.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:54 2011 PST by vadim +! Generated Mon Jan 10 17:14:48 2011 PST by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall9.fw.orig b/test/pix/firewall9.fw.orig index 4140e2f63..aeecd7881 100755 --- a/test/pix/firewall9.fw.orig +++ b/test/pix/firewall9.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:54 2011 PST by vadim +! Generated Mon Jan 10 17:14:49 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported diff --git a/test/pix/firewall90.fw.orig b/test/pix/firewall90.fw.orig index 4057f35b0..17c7b88ac 100755 --- a/test/pix/firewall90.fw.orig +++ b/test/pix/firewall90.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:55 2011 PST by vadim +! Generated Mon Jan 10 17:14:49 2011 PST by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall91.fw.orig b/test/pix/firewall91.fw.orig index 0622fb807..dbb3d0980 100755 --- a/test/pix/firewall91.fw.orig +++ b/test/pix/firewall91.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:56 2011 PST by vadim +! Generated Mon Jan 10 17:14:50 2011 PST by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/firewall92.fw.orig b/test/pix/firewall92.fw.orig index 21a596479..a5475c326 100755 --- a/test/pix/firewall92.fw.orig +++ b/test/pix/firewall92.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:56 2011 PST by vadim +! Generated Mon Jan 10 17:14:51 2011 PST by vadim ! ! Compiled for pix 8.3 ! Outbound ACLs: supported diff --git a/test/pix/fwsm1.fw.orig b/test/pix/fwsm1.fw.orig index 56a3b31d7..24f7bd2c7 100755 --- a/test/pix/fwsm1.fw.orig +++ b/test/pix/fwsm1.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:57 2011 PST by vadim +! Generated Mon Jan 10 17:14:52 2011 PST by vadim ! ! Compiled for fwsm 2.3 ! Outbound ACLs: supported diff --git a/test/pix/fwsm2.fw.orig b/test/pix/fwsm2.fw.orig index 9c6fe9e6f..303c48cec 100755 --- a/test/pix/fwsm2.fw.orig +++ b/test/pix/fwsm2.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:58 2011 PST by vadim +! Generated Mon Jan 10 17:14:52 2011 PST by vadim ! ! Compiled for fwsm 4.x ! Outbound ACLs: supported diff --git a/test/pix/pix515.fw.orig b/test/pix/pix515.fw.orig index cfcfb508f..e5251a56f 100755 --- a/test/pix/pix515.fw.orig +++ b/test/pix/pix515.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:36:59 2011 PST by vadim +! Generated Mon Jan 10 17:14:53 2011 PST by vadim ! ! Compiled for pix 7.0 ! Outbound ACLs: supported diff --git a/test/pix/real.fw.orig b/test/pix/real.fw.orig index ce89ce1af..ee2f5b5ac 100755 --- a/test/pix/real.fw.orig +++ b/test/pix/real.fw.orig @@ -3,7 +3,7 @@ ! ! Firewall Builder fwb_pix v4.2.0.3426 ! -! Generated Mon Jan 10 16:37:00 2011 PST by vadim +! Generated Mon Jan 10 17:14:54 2011 PST by vadim ! ! Compiled for pix 6.3 ! Outbound ACLs: not supported