onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-05-02 07:07:32 +02:00
Code Issues Releases Wiki Activity

* fwbedit.cpp (main): added command line switch "-d" to function

Browse Source 
"import" in fwbedit. This switch activates object deduplication
on import.
This commit is contained in:
Vadim Kurland 2011-04-17 12:30:31 -07:00
parent b3dbf7ce48
commit 5e1e377c6a
10 changed files with 115 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION
View File

@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
# build number is like "nano" version number. I am incrementing build
# number during development cycle
#
BUILD_NUM="3527"
BUILD_NUM="3528"
VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"

2
VERSION.h
View File

@ -1,2 +1,2 @@
#define VERSION "4.2.0.3527"
#define VERSION "4.2.0.3528"
#define GENERATION "4.2"

6
doc/ChangeLog
View File

@ -1,3 +1,9 @@
2011-04-17 vadim <vadim@netcitadel.com>
* fwbedit.cpp (main): added command line switch "-d" to function
"import" in fwbedit. This switch activates object deduplication
on import.
2011-04-15 vadim <vadim@netcitadel.com>
* fwbedit.cpp (main): see #2328 "Add ability to run firewall import

121
doc/fwbedit.1
View File

@ -31,29 +31,29 @@ below).
Creates new object.
-f file.fwb: data file
-t objtype: create new object of this type
-p parent: create new object as a child of this object.
This parameter is mandatory. If you are adding an address
to an interface, corresponding interface onkect must be
specified as the parent. Similarly if you need to add an
interface to a host or a firewall, corresponding host or
firewall object is the parent. If you are adding an
object to one of the standard folders, the parent is the
library you want to add the object to or correct full
path to the folder in the tree.
-n name: the name of the new object
-c txt: specify comment for the new object
-a attribute1[,attribute2...] : specify attributes that
define parameters of the new object (see below)
-f file.fwb data file
-t objtype create new object of this type
-p parent create new object as a child of this object.
This parameter is mandatory. If you are adding an address
to an interface, corresponding interface onkect must be
specified as the parent. Similarly if you need to add an
interface to a host or a firewall, corresponding host or
firewall object is the parent. If you are adding an
object to one of the standard folders, the parent is the
library you want to add the object to or correct full
path to the folder in the tree.
-n name the name of the new object
-c txt specify comment for the new object
-a attribute1[,attribute2...] : specify attributes that
define parameters of the new object (see below)
.B delete -f file.fwb -o object
Deletes object specified by its full path in the tree or object ID.
-f file.fwb: data file
-o object: object to be deleted, full path or ID
-f file.fwb data file
-o object object to be deleted, full path or ID
@ -62,11 +62,11 @@ Deletes object specified by its full path in the tree or object ID.
Modifies object specified by its full path in the tree or object ID.
Object can not be renamed using this operation.
-f file.fwb: data file
-o object: object to be deleted, full path or ID
-c txt: specify comment for the new object
-a attribute1[,attribute2...] : specify attributes that
define parameters of the new object (see below)
-f file.fwb data file
-o object object to be deleted, full path or ID
-c txt specify comment for the new object
-a attribute1[,attribute2...] : specify attributes that
define parameters of the new object (see below)
@ -74,25 +74,25 @@ Object can not be renamed using this operation.
Prints name and ID of an object.
-f file.fwb: data file
-o object: object to print, full path or ID
-r print specified object and all objects under it in the tree
-c print only children objects of the given object but do not
print the object itself.
-d print full dump of all object's attributes including internal
debugging information if available, this can be very
verbose.
-Fformat_string Program recognizes macros in the format string
and replaces them with values of corresponding object's
attributes. Macro is the name of the attribute surrounded
with '%', such as '%name%' or '%address%'. Here is the
list of some attribute names: "id", "name", "path",
"comment", "type", "address", "netmask", "dnsname". TCP
and UDP service objects provide attributes
"src_range_start", "src_range_end", "dst_range_start",
"dst_range_end" for the source and destination port
ranges. ICMP and ICMP6 service objects have attributes
"icmp_type" and "icmp_code".
-f file.fwb data file
-o object object to print, full path or ID
-r print specified object and all objects under it in the tree
-c print only children objects of the given object but do not
print the object itself.
-d print full dump of all object's attributes including internal
debugging information if available, this can be very
verbose.
-Fformat_string Program recognizes macros in the format string
and replaces them with values of corresponding object's
attributes. Macro is the name of the attribute surrounded
with '%', such as '%name%' or '%address%'. Here is the
list of some attribute names: "id", "name", "path",
"comment", "type", "address", "netmask", "dnsname". TCP
and UDP service objects provide attributes
"src_range_start", "src_range_end", "dst_range_start",
"dst_range_end" for the source and destination port
ranges. ICMP and ICMP6 service objects have attributes
"icmp_type" and "icmp_code".
@ -101,10 +101,10 @@ Prints name and ID of an object.
Adds object specified by path or ID to a group, also specified by its
path or ID.
-f file.fwb: data file
-g group: group the object should be added to,
full path or ID
-o object: object to be deleted, full path or ID
-f file.fwb data file
-g group group the object should be added to,
full path or ID
-o object object to be deleted, full path or ID
@ -112,17 +112,17 @@ path or ID.
Removes object from a group.
-f file.fwb: data file
-g group: group the object should be removed from,
full path or ID
-o object: object to be deleted, full path or ID
-f file.fwb data file
-g group group the object should be removed from,
full path or ID
-o object object to be deleted, full path or ID
.B upgrade -f file.fwb
Upgrades data file to the latest data format version.
-f file.fwb: data file
-f file.fwb data file
.B checktree -f file.fwb
@ -130,7 +130,7 @@ Upgrades data file to the latest data format version.
Checks consistency and correctness of the object tree in the given
data file and repairs it if necessary.
-f file.fwb: data file
-f file.fwb data file
.B merge -f file1.fwb -i file2.fwb
@ -138,21 +138,24 @@ data file and repairs it if necessary.
Objects from the file2.fwb are merged with objects in file1 and
combined object tree saved in file1.fwb
-f file.fwb: data file #1
-i file.fwb: data file #2
-f file.fwb data file #1
-i file.fwb data file #2
.B import -f file1.fwb -i firewall_config.txt -o path_to_firewall_object
.B import -f file1.fwb -i firewall_config.txt -o path_to_firewall_object [-d]
Firewall configuration from file firewall_config.txt is parsed and
imported into data file file1.fwb. The program creates new firewall
object located in the library and with the name defined by its path
path_to_firewall_object. This has to be full path, beginning with the
library name, such as "/User/Firewalls/my_new_firewall"
path_to_firewall_object.
-f file.fwb: data file #1
-i config.txt: firewall configuration file
-o object_path
-f file.fwb data file #1
-i config.txt firewall configuration file
-o object_path full path to the firewall object that will be
created. This has to be full path, beginning
with the library name, such as
"/User/Firewalls/my_new_firewall"
-d avoid creating duplicate objects on import
currently (as of v4.2.0) fwbuilder supports import of iptables
configuration saved with iptables-save command, as well as import of

2
packaging/fwbuilder-static-qt.spec
View File

@ -3,7 +3,7 @@
%define name fwbuilder
%define version 4.2.0.3527
%define version 4.2.0.3528
%define release 1
%if "%_vendor" == "MandrakeSoft"

2
packaging/fwbuilder.control
View File

@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
Priority: extra
Section: checkinstall
Maintainer: vadim@fwbuilder.org
Version: 4.2.0.3527-1
Version: 4.2.0.3528-1
Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
Description: Firewall Builder GUI and policy compilers

2
packaging/fwbuilder.spec
View File

@ -1,6 +1,6 @@
%define name fwbuilder
%define version 4.2.0.3527
%define version 4.2.0.3528
%define release 1
%if "%_vendor" == "MandrakeSoft"

20
src/fwbedit/fwbedit.cpp
View File

@ -340,14 +340,16 @@ void usage_merge()
void usage_import()
{
cout <<
" import -f file1.fwb -i firewall_config.txt -o firewall_object_path\n"
" import -f file1.fwb -i firewall_config.txt -o firewall_object_path [-d]\n"
"\n"
" -f file1.fwb: data file #1\n"
" -i firewall_config.txt: firewall configuration file that\n"
" should be imported #2\n"
" -o firewall_object_path: a full path to the firewall object\n"
" to be created, e.g. '/User/Firewalls/my_new_firewall'\n"
" Note that path must start with the library name\n";
" Note that path must start with the library name\n"
" -d reuse address and service objects created in the process\n"
" of import\n";
cout << endl;
}
@ -452,6 +454,7 @@ int main(int argc, char * const *argv)
string list_format = "%path%";
bool full_dump = false;
string import_config;
bool deduplicate = false;
if (argc<=1)
{
@ -676,13 +679,14 @@ int main(int argc, char * const *argv)
case IMPORT:
// -f file.fwb -i config.txt -o /User/Firewalls/new_firewall
while( (opt=getopt(argc, args, "f:i:o:")) != EOF )
while( (opt=getopt(argc, args, "f:i:o:d")) != EOF )
{
switch(opt)
{
case 'f': filename = optarg; break;
case 'i': import_config = optarg; break;
case 'o': object = optarg; break;
case 'd': deduplicate = true; break;
}
}
@ -729,6 +733,7 @@ int main(int argc, char * const *argv)
}
mergeTree(objdb, filemerge, conflict_res);
}
else if (cmd == IMPORT)
{
if (import_config.empty() || object.empty())
@ -774,35 +779,42 @@ int main(int argc, char * const *argv)
<< "'"
<< endl;
importConfig(objdb, import_config, library, fw_name);
importConfig(import_config, library, fw_name, deduplicate);
}
else if (cmd == STRUCT)
{
checkAndRepairTree(objdb);
}
else if (cmd == LIST)
{
listObject(objdb, object, list_children, recursive,
list_format, full_dump);
return(0);
}
else if (cmd == UPGRADE)
{
cout << "File upgraded; current data format version: "
<< libfwbuilder::Constants::getDataFormatVersion() << endl;
}
else if (cmd == NEWOBJECT)
{
newObject(objdb, objtype, name, comment_txt, parent, ops);
}
else if (cmd == DELOBJECT)
{
delObject(objdb, object);
}
else if (cmd == MODOBJECT)
{
modObject(objdb, object, comment_txt, ops);
}
else
{

6
src/fwbedit/fwbedit.h
View File

@ -72,10 +72,10 @@ extern void checkAndRepairTree(libfwbuilder::FWObjectDatabase *objdb);
extern void mergeTree(libfwbuilder::FWObjectDatabase *objdb,
const std::string &mergefile, int conflict_res);
extern void importConfig(libfwbuilder::FWObjectDatabase *objdb,
const std::string &import_config,
extern void importConfig(const std::string &import_config,
libfwbuilder::FWObject *library,
const std::string &fw_name);
const std::string &fw_name,
bool deduplicate);
extern int splitStr(char ch,std::string s, operands * ops);
extern std::string getNextOpt(operands &ops);

29
src/fwbedit/import.cpp
View File

@ -42,10 +42,16 @@ using namespace libfwbuilder;
using namespace std;
void importConfig(FWObjectDatabase *objdb,
const string &import_config,
Logger& operator<<(Logger &logger, const QString &str)
{
logger << str.toUtf8().constData();
return logger;
}
void importConfig(const string &import_config,
FWObject *library,
const string &fw_name)
const string &fw_name,
bool deduplicate)
{
QFile f(QString::fromUtf8(import_config.c_str()));
f.open(QFile::ReadOnly);
@ -90,10 +96,21 @@ void importConfig(FWObjectDatabase *objdb,
<< endl;
exit(1);
}
imp->run();
imp->finalize();
if (deduplicate) imp->prepareForDeduplication();
try
{
imp->run();
} catch(ImporterException &e)
{
*logger << e.toString() << "\n";
} catch(ObjectMakerException &e)
{
*logger << e.toString() << "\n";
}
imp->finalize();
}