onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-05-01 14:47:27 +02:00
Code Issues Releases Wiki Activity

refs #1885 using named objects and object groups when multiple objects are found in TSrc; this fixes issue with address ranges

Browse Source
This commit is contained in:
Vadim Kurland 2011-01-13 12:49:25 -08:00
parent 4ea6f24a03
commit 63257170e8
69 changed files with 327 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/ChangeLog
View File

@ -1,3 +1,9 @@
2011-01-13 vadim <vadim@netcitadel.com>
* ASA8ObjectGroup.cpp (toString): refs #1885 Compiler uses named
objects and objects groups to build configurations that use
address ranges in TSrc in NAT rules. (only ASA 8.3 and later)
2011-01-12 Vadim Kurland <vadim@netcitadel.com>
* NATCompiler_asa8_writers.cpp (printSDNAT): refs #1907 "ASA NAT -

7
src/cisco_lib/ASA8Object.cpp
View File

@ -187,4 +187,11 @@ QString ASA8Object::getCommand()
return "";
}
QString ASA8Object::getCommandWhenObjectGroupMember()
{
if (Address::constcast(obj)!=NULL) return "network-object object " + name;
if (Service::constcast(obj)!=NULL) return "service-object object " + name;
return "";
}

1
src/cisco_lib/ASA8Object.h
View File

@ -47,6 +47,7 @@ public:
ASA8Object(const libfwbuilder::FWObject *obj);
virtual QString getCommand();
virtual QString getCommandWhenObjectGroupMember();
QString getName() { return name; }
QString getCommandWord();
};

12
src/cisco_lib/ASA8ObjectGroup.cpp
View File

@ -43,7 +43,8 @@ using namespace fwcompiler;
const char *ASA8ObjectGroup::TYPENAME={"ASA8ObjectGroup"};
string ASA8ObjectGroup::toString() throw(FWException)
string ASA8ObjectGroup::toString(std::map<int, ASA8Object*> &named_objects_registry)
throw(FWException)
{
ostringstream ostr;
@ -57,6 +58,15 @@ string ASA8ObjectGroup::toString() throw(FWException)
FWObject *obj = o;
if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer();
ASA8Object *named_object = named_objects_registry[obj->getId()];
if (named_object)
{
ostr << " "
<< named_object->getCommandWhenObjectGroupMember().toStdString();
ostr << endl;
continue;
}
if (this->getObjectGroupType() == NETWORK)
{
Address *a = Address::cast(obj);

3
src/cisco_lib/ASA8ObjectGroup.h
View File

@ -40,7 +40,8 @@ public:
virtual std::string getObjectGroupClass();
virtual std::string getObjectGroupHeader();
virtual std::string toString() throw(libfwbuilder::FWException);
virtual std::string toString(std::map<int, ASA8Object*> &named_objects_registry)
throw(libfwbuilder::FWException);
};
}

3
src/cisco_lib/BaseObjectGroup.cpp
View File

@ -38,6 +38,7 @@
#include <sstream>
using namespace libfwbuilder;
using namespace fwcompiler;
using namespace std;
map<string,int> BaseObjectGroup::nc;
@ -131,7 +132,7 @@ string BaseObjectGroup::getObjectGroupClass()
return "";
}
string BaseObjectGroup::toString() throw(FWException)
string BaseObjectGroup::toString(std::map<int, ASA8Object*>&) throw(FWException)
{
return "";
}

62
src/cisco_lib/BaseObjectGroup.h
View File

@ -26,54 +26,60 @@
#ifndef __BASEOBJECTGROUP_HH
#define __BASEOBJECTGROUP_HH
#include "ASA8Object.h"
#include "fwbuilder/FWObject.h"
#include "fwbuilder/ObjectGroup.h"
#include "fwbuilder/ServiceGroup.h"
#include "fwbuilder/FWException.h"
class BaseObjectGroup : public libfwbuilder::Group {
namespace fwcompiler {
class BaseObjectGroup : public libfwbuilder::Group {
public:
typedef enum { UNKNOWN,
NETWORK,
PROTO,
ICMP_TYPE,
TCP_SERVICE,
UDP_SERVICE,
MIXED_SERVICE } object_group_type;
typedef enum { UNKNOWN,
NETWORK,
PROTO,
ICMP_TYPE,
TCP_SERVICE,
UDP_SERVICE,
MIXED_SERVICE } object_group_type;
private:
object_group_type gt;
static std::map<std::string,int> nc;
object_group_type gt;
static std::map<std::string,int> nc;
protected:
std::string registerGroupName(const std::string &prefix);
std::string registerGroupName(const std::string &prefix);
public:
BaseObjectGroup(object_group_type _gt=UNKNOWN) : libfwbuilder::Group() {
gt=_gt;
}
BaseObjectGroup(object_group_type _gt=UNKNOWN) : libfwbuilder::Group() {
gt=_gt;
}
virtual ~BaseObjectGroup() {};
DECLARE_FWOBJECT_SUBTYPE(BaseObjectGroup);
virtual ~BaseObjectGroup() {};
DECLARE_FWOBJECT_SUBTYPE(BaseObjectGroup);
virtual bool validateChild(FWObject*) { return true; }
virtual bool validateChild(FWObject*) { return true; }
void setObjectGroupType(object_group_type _gt) { gt=_gt; }
object_group_type getObjectGroupType() { return gt; }
void setObjectGroupType(object_group_type _gt) { gt=_gt; }
object_group_type getObjectGroupType() { return gt; }
void setObjectGroupTypeFromFWObject(libfwbuilder::FWObject *obj);
void setObjectGroupTypeFromFWObject(libfwbuilder::FWObject *obj);
virtual void setName(const std::string &prefix);
virtual void setName(const std::string &prefix);
bool isServiceGroup();
bool isObjectGroup();
std::string getSrvTypeName();
bool isServiceGroup();
bool isObjectGroup();
std::string getSrvTypeName();
virtual std::string getObjectGroupClass();
virtual std::string getObjectGroupHeader();
virtual std::string toString() throw(libfwbuilder::FWException);
};
virtual std::string getObjectGroupClass();
virtual std::string getObjectGroupHeader();
virtual std::string toString(std::map<int, ASA8Object*> &named_objects_registry)
throw(libfwbuilder::FWException);
};
}
#endif

4
src/cisco_lib/IOSObjectGroup.cpp
View File

@ -39,11 +39,13 @@
#include <sstream>
using namespace libfwbuilder;
using namespace fwcompiler;
using namespace std;
const char *IOSObjectGroup::TYPENAME={"IOSObjectGroup"};
string IOSObjectGroup::toString() throw(FWException)
string IOSObjectGroup::toString(std::map<int, ASA8Object*>&) throw(FWException)
{
ostringstream ostr;

21
src/cisco_lib/IOSObjectGroup.h
View File

@ -28,18 +28,21 @@
#include "BaseObjectGroup.h"
namespace fwcompiler {
class IOSObjectGroup : public BaseObjectGroup {
class IOSObjectGroup : public BaseObjectGroup {
public:
IOSObjectGroup(object_group_type _gt=UNKNOWN) : BaseObjectGroup(_gt) { }
virtual ~IOSObjectGroup() {};
DECLARE_FWOBJECT_SUBTYPE(IOSObjectGroup);
public:
IOSObjectGroup(object_group_type _gt=UNKNOWN) : BaseObjectGroup(_gt) { }
virtual ~IOSObjectGroup() {};
DECLARE_FWOBJECT_SUBTYPE(IOSObjectGroup);
virtual std::string getObjectGroupClass();
virtual std::string getObjectGroupHeader();
virtual std::string toString() throw(libfwbuilder::FWException);
virtual std::string getObjectGroupClass();
virtual std::string getObjectGroupHeader();
virtual std::string toString(std::map<int, ASA8Object*> &named_objects_registry)
throw(libfwbuilder::FWException);
};
};
}
#endif

7
src/cisco_lib/NATCompiler_asa8.cpp
View File

@ -69,13 +69,6 @@ NATCompiler_asa8::NATCompiler_asa8(FWObjectDatabase *_db,
NATCompiler_asa8::~NATCompiler_asa8()
{
std::map<int, ASA8Object*>::iterator it1;
for (it1=asa8_object_registry.begin();
it1!=asa8_object_registry.end(); ++it1)
{
delete it1->second;
}
asa8_object_registry.clear();
}
/*

2
src/cisco_lib/NATCompiler_asa8.h
View File

@ -40,8 +40,6 @@ namespace fwcompiler {
{
public:
std::map<int, ASA8Object*> asa8_object_registry;
void addASA8Object(const libfwbuilder::FWObject *obj);
ASA8Object* getASA8Object(const libfwbuilder::FWObject *obj);

13
src/cisco_lib/NATCompiler_asa8_writers.cpp
View File

@ -52,17 +52,24 @@ using namespace std;
void NATCompiler_asa8::addASA8Object(const FWObject *obj)
{
if (asa8_object_registry[obj->getId()] == NULL)
if (BaseObjectGroup::constcast(obj)!=NULL)
{
for (FWObject::const_iterator i=obj->begin(); i!=obj->end(); ++i)
{
addASA8Object(FWReference::getObject(*i));
}
}
if (CreateObjectGroups::named_objects[obj->getId()] == NULL)
{
ASA8Object *asa8obj = new ASA8Object(obj);
output << asa8obj->getCommand().toStdString();
asa8_object_registry[obj->getId()] = asa8obj;
CreateObjectGroups::named_objects[obj->getId()] = asa8obj;
}
}
ASA8Object* NATCompiler_asa8::getASA8Object(const FWObject *obj)
{
return asa8_object_registry[obj->getId()];
return CreateObjectGroups::named_objects[obj->getId()];
}
bool NATCompiler_asa8::PrintObjectsForNat::processNext()

13
src/cisco_lib/ObjectGroupFactory.h
View File

@ -32,11 +32,14 @@ namespace libfwbuilder {
class Firewall;
};
class ObjectGroupFactory {
namespace fwcompiler {
class ObjectGroupFactory {
public:
static BaseObjectGroup *createObjectGroup(
libfwbuilder::Firewall *fw,
BaseObjectGroup::object_group_type _gt=BaseObjectGroup::UNKNOWN);
};
static BaseObjectGroup *createObjectGroup(
libfwbuilder::Firewall *fw,
BaseObjectGroup::object_group_type _gt=BaseObjectGroup::UNKNOWN);
};
}
#endif

21
src/cisco_lib/ObjectGroupsSupport.cpp
View File

@ -58,13 +58,30 @@ using namespace fwcompiler;
using namespace std;
Group *CreateObjectGroups::object_groups = NULL;
Group* CreateObjectGroups::object_groups = NULL;
map<int, ASA8Object*> CreateObjectGroups::named_objects;
void CreateObjectGroups::init(FWObjectDatabase *db)
{
object_groups = new Group();
db->add( object_groups );
if (named_objects.size() > 0) clearNamedObjectsRegistry();
}
void CreateObjectGroups::clearNamedObjectsRegistry()
{
std::map<int, ASA8Object*>::iterator it1;
for (it1=named_objects.begin(); it1!=named_objects.end(); ++it1)
{
delete it1->second;
}
named_objects.clear();
}
CreateObjectGroups::~CreateObjectGroups()
{
clearNamedObjectsRegistry();
}
BaseObjectGroup* CreateObjectGroups::findObjectGroup(RuleElement *re)
@ -230,7 +247,7 @@ bool printObjectGroups::processNext()
compiler->output << endl;
try
{
compiler->output << og->toString();
compiler->output << og->toString(CreateObjectGroups::named_objects);
} catch (FWException &ex)
{
compiler->abort(ex.toString());

9
src/cisco_lib/ObjectGroupsSupport.h
View File

@ -27,6 +27,7 @@
#include "config.h"
#include "BaseObjectGroup.h"
#include "ASA8Object.h"
#include "fwbuilder/Group.h"
#include "fwbuilder/RuleElement.h"
@ -40,6 +41,8 @@ namespace fwcompiler
class CreateObjectGroups : public BasicRuleProcessor
{
static void clearNamedObjectsRegistry();
protected:
std::string re_type;
@ -53,11 +56,15 @@ protected:
public:
// storage for object groups created to be used with PIX command object-group
static libfwbuilder::Group *object_groups;
static std::map<int, ASA8Object*> named_objects;
CreateObjectGroups(const std::string &name,
const std::string &_ns,
const std::string &_type) :
BasicRuleProcessor(name) {re_type=_type; name_suffix=_ns; }
BasicRuleProcessor(name) {re_type=_type; name_suffix=_ns; }
virtual ~CreateObjectGroups();
virtual bool processNext();
static void init(libfwbuilder::FWObjectDatabase *db);

3
src/cisco_lib/PIXObjectGroup.cpp
View File

@ -38,11 +38,12 @@
#include <sstream>
using namespace libfwbuilder;
using namespace fwcompiler;
using namespace std;
const char *PIXObjectGroup::TYPENAME={"PIXObjectGroup"};
string PIXObjectGroup::toString() throw(FWException)
string PIXObjectGroup::toString(std::map<int, ASA8Object*>&) throw(FWException)
{
ostringstream ostr;

25
src/cisco_lib/PIXObjectGroup.h
View File

@ -28,18 +28,21 @@
#include "BaseObjectGroup.h"
class PIXObjectGroup : public BaseObjectGroup {
namespace fwcompiler {
public:
PIXObjectGroup(object_group_type _gt=UNKNOWN) : BaseObjectGroup(_gt) { }
virtual ~PIXObjectGroup() {};
DECLARE_FWOBJECT_SUBTYPE(PIXObjectGroup);
virtual std::string getObjectGroupClass();
virtual std::string getObjectGroupHeader();
virtual std::string toString() throw(libfwbuilder::FWException);
class PIXObjectGroup : public BaseObjectGroup {
};
public:
PIXObjectGroup(object_group_type _gt=UNKNOWN) : BaseObjectGroup(_gt) { }
virtual ~PIXObjectGroup() {};
DECLARE_FWOBJECT_SUBTYPE(PIXObjectGroup);
virtual std::string getObjectGroupClass();
virtual std::string getObjectGroupHeader();
virtual std::string toString(std::map<int, ASA8Object*> &named_objects_registry)
throw(libfwbuilder::FWException);
};
}
#endif

4
test/iosacl/auto-interface-test.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:46 2011 PST by vadim
! Generated Tue Jan 11 20:40:13 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/c3620.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:46 2011 PST by vadim
! Generated Tue Jan 11 20:40:13 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/ccie4u-r1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:46 2011 PST by vadim
! Generated Tue Jan 11 20:40:14 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/dynamips1-og.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:47 2011 PST by vadim
! Generated Tue Jan 11 20:40:14 2011 PST by vadim
!
! Compiled for iosacl 12.4
!

4
test/iosacl/firewall-ipv6-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:47 2011 PST by vadim
! Generated Tue Jan 11 20:40:14 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/firewall-ipv6-2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:47 2011 PST by vadim
! Generated Tue Jan 11 20:40:15 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/firewall-ipv6-3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:48 2011 PST by vadim
! Generated Tue Jan 11 20:40:15 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/testios1-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:48 2011 PST by vadim
! Generated Tue Jan 11 20:40:16 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/testios1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:48 2011 PST by vadim
! Generated Tue Jan 11 20:40:15 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/testios2.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:49 2011 PST by vadim
! Generated Tue Jan 11 20:40:16 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/testios20-v12.3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:49 2011 PST by vadim
! Generated Tue Jan 11 20:40:17 2011 PST by vadim
!
! Compiled for iosacl 12.3
!

4
test/iosacl/testios20.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:49 2011 PST by vadim
! Generated Tue Jan 11 20:40:16 2011 PST by vadim
!
! Compiled for iosacl 12.4
!

4
test/iosacl/testios3.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:50 2011 PST by vadim
! Generated Tue Jan 11 20:40:17 2011 PST by vadim
!
! Compiled for iosacl 12.1
!

4
test/iosacl/testios4.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:50 2011 PST by vadim
! Generated Tue Jan 11 20:40:17 2011 PST by vadim
!
! Compiled for iosacl 12.4
!

4
test/iosacl/testios5-1.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:51 2011 PST by vadim
! Generated Tue Jan 11 20:40:18 2011 PST by vadim
!
! Compiled for iosacl 12.4
!

4
test/iosacl/testios5.fw.orig
View File

@ -1,9 +1,9 @@
!
! This is automatically generated file. DO NOT MODIFY !
!
! Firewall Builder fwb_iosacl v4.2.0.3426
! Firewall Builder fwb_iosacl v4.2.0.3429
!
! Generated Mon Jan 10 16:30:50 2011 PST by vadim
! Generated Tue Jan 11 20:40:18 2011 PST by vadim
!
! Compiled for iosacl 12.4
!

2
test/pix/cluster1-1_pix1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:49 2011 PST by vadim
! Generated Thu Jan 13 12:44:26 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/cluster1-1_pix2.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:49 2011 PST by vadim
! Generated Thu Jan 13 12:44:26 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/cluster1_pix1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:49 2011 PST by vadim
! Generated Thu Jan 13 12:44:25 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/cluster1_pix2.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:49 2011 PST by vadim
! Generated Thu Jan 13 12:44:26 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/firewall.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:25 2011 PST by vadim
! Generated Thu Jan 13 12:44:01 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:25 2011 PST by vadim
! Generated Thu Jan 13 12:44:02 2011 PST by vadim
!
! Compiled for pix 6.1
! Outbound ACLs: not supported

2
test/pix/firewall10.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:26 2011 PST by vadim
! Generated Thu Jan 13 12:44:03 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall11.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:27 2011 PST by vadim
! Generated Thu Jan 13 12:44:04 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall12.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:27 2011 PST by vadim
! Generated Thu Jan 13 12:44:04 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall13.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:28 2011 PST by vadim
! Generated Thu Jan 13 12:44:05 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall14.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:29 2011 PST by vadim
! Generated Thu Jan 13 12:44:06 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall2.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:29 2011 PST by vadim
! Generated Thu Jan 13 12:44:06 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall20.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:30 2011 PST by vadim
! Generated Thu Jan 13 12:44:07 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall21-1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:31 2011 PST by vadim
! Generated Thu Jan 13 12:44:08 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

2
test/pix/firewall21.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:31 2011 PST by vadim
! Generated Thu Jan 13 12:44:08 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/firewall22.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:32 2011 PST by vadim
! Generated Thu Jan 13 12:44:09 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/firewall3.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:33 2011 PST by vadim
! Generated Thu Jan 13 12:44:10 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall33.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:34 2011 PST by vadim
! Generated Thu Jan 13 12:44:11 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

3
test/pix/firewall34.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:35 2011 PST by vadim
! Generated Thu Jan 13 12:44:12 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported
@ -76,7 +76,6 @@ object-group network outside.id4390C25825682.dst.net.0
network-object 58.53.82.190 255.255.255.255
network-object 58.231.13.78 255.255.255.255
network-object host 61.150.47.112
network-object 61.150.47.112 255.255.255.255
network-object 61.184.14.102 255.255.255.255
network-object 64.106.85.186 255.255.255.255
network-object 70.228.60.100 255.255.255.255

2
test/pix/firewall4.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:35 2011 PST by vadim
! Generated Thu Jan 13 12:44:12 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall50.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:36 2011 PST by vadim
! Generated Thu Jan 13 12:44:13 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/firewall6.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:37 2011 PST by vadim
! Generated Thu Jan 13 12:44:14 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall8.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:38 2011 PST by vadim
! Generated Thu Jan 13 12:44:15 2011 PST by vadim
!
! Compiled for pix 6.2
! Outbound ACLs: not supported

2
test/pix/firewall80.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:38 2011 PST by vadim
! Generated Thu Jan 13 12:44:15 2011 PST by vadim
!
! Compiled for pix 8.2
! Outbound ACLs: supported

2
test/pix/firewall81.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:39 2011 PST by vadim
! Generated Thu Jan 13 12:44:16 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/firewall82.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:40 2011 PST by vadim
! Generated Thu Jan 13 12:44:17 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/firewall83.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:40 2011 PST by vadim
! Generated Thu Jan 13 12:44:17 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/firewall9.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:41 2011 PST by vadim
! Generated Thu Jan 13 12:44:18 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported

107
test/pix/firewall90.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:42 2011 PST by vadim
! Generated Thu Jan 13 12:44:19 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported
@ -148,48 +148,108 @@ quit
object service squid
service tcp destination eq 3128
quit
object service smtps
service tcp destination eq 465
quit
object network spamhost2
host 61.150.47.113
quit
object network firewall90:FastEthernet1:ip-1
host 22.22.22.23
quit
object network firewall90:FastEthernet1:ip
host 22.22.22.22
quit
object network external_gw2
host 22.22.22.100
quit
object network ext_subnet
subnet 22.22.22.128 255.255.255.224
quit
object network outside_range-1
range 22.22.22.30 22.22.22.40
quit
object-group network outside.id130599X29063.tsrc.net.0
network-object host 22.22.22.21
network-object host 22.22.22.22
network-object host 22.22.22.100
network-object object outside_range
network-object object firewall90:FastEthernet1:ip
network-object object external_gw2
exit
object-group network outside.id20720X27505.tsrc.net.0
network-object host 22.22.22.21
network-object host 22.22.22.100
network-object object outside_range
network-object object external_gw2
exit
object-group network outside.id241772X29764.tsrc.net.0
network-object host 22.22.22.21
exit
object-group network outside.id643024X27990.tsrc.net.0
network-object host 22.22.22.30
network-object host 22.22.22.100
network-object object outside_range
exit
object-group network outside.id643092X27990.tsrc.net.0
network-object 22.22.22.128 255.255.255.224
network-object object ext_subnet
exit
object-group network outside.id21121X3710.tsrc.net.0
network-object host 22.22.22.30
network-object host 22.22.22.100
network-object object outside_range-1
network-object object external_gw2
exit
object-group network outside.id21177X3720.tsrc.net.0
network-object 22.22.22.128 255.255.255.224
network-object object ext_subnet
exit
object-group network outside.id77971X5929.tsrc.net.0
network-object object outside_range-1
network-object object external_gw2
exit
object-group network outside.id77971X5929.tsrc.net.1
network-object object outside_range-1
network-object object external_gw2
exit
object-group network outside.id77971X5929.tsrc.net.2
network-object object outside_range-1
network-object object external_gw2
exit
object-group network outside.id77971X5929.tsrc.net.3
network-object object outside_range-1
network-object object external_gw2
exit
object-group network outside.id77971X5929.tsrc.net.4
network-object object outside_range-1
network-object object external_gw2
exit
object-group network outside.id77971X5929.tsrc.net.5
network-object object outside_range-1
network-object object external_gw2
exit
object-group network outside.id77971X5929.tsrc.net.6
network-object object outside_range-1
network-object object external_gw2
exit
object-group network outside.id77971X5929.tsrc.net.7
network-object object outside_range-1
network-object object external_gw2
exit
!
@ -226,7 +286,7 @@ nat (inside,outside) source dynamic hostA:eth0 outside.id241772X29764.tsrc.net.0
!
! Rule 9 (NAT)
! For #1907
nat (inside,outside) source dynamic hostA:eth0 outside.id643024X27990.tsrc.net.0 interface service smtp smtp
nat (inside,outside) source static hostA:eth0 hostA:eth0 service smtp smtp
!
! Rule 10 (NAT)
! For #1907
@ -287,6 +347,17 @@ nat (inside,outside) source static internal_subnet_1 firewall90:FastEthernet1:ip
!
! Rule 21 (NAT)
nat (outside,inside) source static any any destination static interface hostA:eth0 service http squid
!
! Rule 22 (NAT)
! multiple objects in OSrc, ODst, OSrv and TSrc in various combinations
nat (inside,outside) source dynamic internal_subnet_1 outside.id77971X5929.tsrc.net.0 interface destination static spamhost1 spamhost1 service smtp smtp
nat (inside,outside) source dynamic internal_subnet_1 outside.id77971X5929.tsrc.net.1 interface destination static spamhost1 spamhost1 service smtps smtps
nat (inside,outside) source dynamic internal_subnet_1 outside.id77971X5929.tsrc.net.2 interface destination static spamhost2 spamhost2 service smtp smtp
nat (inside,outside) source dynamic internal_subnet_1 outside.id77971X5929.tsrc.net.3 interface destination static spamhost2 spamhost2 service smtps smtps
nat (inside,outside) source dynamic internal_subnet_2 outside.id77971X5929.tsrc.net.4 interface destination static spamhost1 spamhost1 service smtp smtp
nat (inside,outside) source dynamic internal_subnet_2 outside.id77971X5929.tsrc.net.5 interface destination static spamhost1 spamhost1 service smtps smtps
nat (inside,outside) source dynamic internal_subnet_2 outside.id77971X5929.tsrc.net.6 interface destination static spamhost2 spamhost2 service smtp smtp
nat (inside,outside) source dynamic internal_subnet_2 outside.id77971X5929.tsrc.net.7 interface destination static spamhost2 spamhost2 service smtps smtps

2
test/pix/firewall91.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:42 2011 PST by vadim
! Generated Thu Jan 13 12:44:19 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/firewall92.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:43 2011 PST by vadim
! Generated Thu Jan 13 12:44:20 2011 PST by vadim
!
! Compiled for pix 8.3
! Outbound ACLs: supported

2
test/pix/fwsm1.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:44 2011 PST by vadim
! Generated Thu Jan 13 12:44:21 2011 PST by vadim
!
! Compiled for fwsm 2.3
! Outbound ACLs: supported

2
test/pix/fwsm2.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:45 2011 PST by vadim
! Generated Thu Jan 13 12:44:22 2011 PST by vadim
!
! Compiled for fwsm 4.x
! Outbound ACLs: supported

39
test/pix/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1294882163" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1294948692" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -442,12 +442,13 @@
<DNSName id="id4387287A18346" dnsrec="www.google.com" dnsrectype="A" run_time="True" name="google (rt)" comment="" ro="False"/>
</ObjectGroup>
<ObjectGroup id="stdid16_1" name="Addresses" comment="" ro="False">
<IPv4 id="id4388C37D674" name="spamhost1" comment="" ro="False" address="61.150.47.112" netmask="255.255.255.255"/>
<IPv4 id="id4388C37D674" name="spamhost1" comment="" ro="False" address="61.150.47.112" netmask="0.0.0.0"/>
<IPv4 id="id16325X21455" name="internal gw" comment="" ro="False" address="10.3.14.254" netmask="0.0.0.0"/>
<IPv4 id="id23261X67574" name="external gw 1" comment="" ro="False" address="22.22.22.254" netmask="0.0.0.0"/>
<IPv4 id="id23284X67574" name="internal gw 2" comment="" ro="False" address="192.168.1.254" netmask="0.0.0.0"/>
<IPv4 id="id23297X67574" name="external gw2" comment="" ro="False" address="22.22.22.100" netmask="0.0.0.0"/>
<IPv4 id="id30235X67574" name="internal gw1" comment="" ro="False" address="192.168.1.254" netmask="0.0.0.0"/>
<IPv4 id="id78038X5929" name="spamhost2" comment="" ro="False" address="61.150.47.113" netmask="0.0.0.0"/>
</ObjectGroup>
<ObjectGroup id="stdid04_1" name="Groups" comment="" ro="False">
<ObjectGroup id="id3D420A09" name="dmz-netzone" comment="" ro="False">
@ -10546,7 +10547,7 @@ no sysopt nodnsalias outbound
<Option name="verify_interfaces">False</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id4389EDAE18346" host_OS="pix_os" inactive="False" lastCompiled="1147840988" lastInstalled="1142003872" lastModified="1263600473" platform="pix" version="6.3" name="firewall34" comment="testing AddressTable object" ro="False">
<Firewall id="id4389EDAE18346" host_OS="pix_os" inactive="False" lastCompiled="1147840988" lastInstalled="1142003872" lastModified="1294948707" platform="pix" version="6.3" name="firewall34" comment="testing AddressTable object" ro="False">
<NAT id="id4389EE4818346" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id4389EEB018346" disabled="True" position="0" action="Translate" comment="">
<OSrc neg="True">
@ -18239,7 +18240,7 @@ no sysopt nodnsalias outbound
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294943249" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
<Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294948743" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
<NAT id="id19920X26146" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id19921X26146" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
@ -18457,7 +18458,7 @@ no sysopt nodnsalias outbound
<ServiceRef ref="tcp-SMTP"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id21078X3710"/>
<ObjectRef ref="sysid0"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
@ -18778,6 +18779,32 @@ no sysopt nodnsalias outbound
<Option name="color">#7694C0</Option>
</NATRuleOptions>
</NATRule>
<NATRule id="id77971X5929" disabled="False" group="" position="22" action="Translate" comment="multiple objects in OSrc, ODst, OSrv and TSrc in various combinations&#10;">
<OSrc neg="False">
<ObjectRef ref="id178241X29963"/>
<ObjectRef ref="id178250X29963"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="id4388C37D674"/>
<ObjectRef ref="id78038X5929"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="tcp-SMTP"/>
<ServiceRef ref="id3B4FF04C"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id21078X3710"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions>
<Option name="color">#C0C0C0</Option>
</NATRuleOptions>
</NATRule>
<RuleSetOptions/>
</NAT>
<Policy id="id19857X26146" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
@ -19415,7 +19442,7 @@ no sysopt nodnsalias outbound
<Option name="xlate_ss">0</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id20320X6113" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294446808" platform="pix" version="8.3" name="firewall92" comment="testing new style ASA 8.3 nat commands&#10;no-nat rules (&quot;identity nat&quot;)&#10;&#10;" ro="False">
<Firewall id="id20320X6113" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294948707" platform="pix" version="8.3" name="firewall92" comment="testing new style ASA 8.3 nat commands&#10;no-nat rules (&quot;identity nat&quot;)&#10;&#10;" ro="False">
<NAT id="id20354X6113" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id20818X6113" disabled="False" group="" position="0" action="Translate" comment="">
<OSrc neg="False">

2
test/pix/pix515.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:46 2011 PST by vadim
! Generated Thu Jan 13 12:44:23 2011 PST by vadim
!
! Compiled for pix 7.0
! Outbound ACLs: supported

2
test/pix/real.fw.orig
View File

@ -3,7 +3,7 @@
!
! Firewall Builder fwb_pix v4.2.0.3430
!
! Generated Thu Jan 13 10:33:47 2011 PST by vadim
! Generated Thu Jan 13 12:44:24 2011 PST by vadim
!
! Compiled for pix 6.3
! Outbound ACLs: not supported